diff --git a/.gitignore b/.gitignore
index dd173a242..c6c1f9c33 100644
--- a/.gitignore
+++ b/.gitignore
@@ -76,4 +76,10 @@ alloy.river
 
 # Worktrees
 .worktrees/
+<<<<<<< feat/shared-extension-site-jobs
+
+# Local Webflow extension dev overrides
+webflow-designer-extension-cli/public/dev-runtime-config.js
+=======
 .claude/worktrees/
+>>>>>>> main
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 72ea098e8..15c26fdbe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,7 +28,49 @@ On merge, CI will:
 
 ## [Unreleased]
 
-_Add unreleased changes here._
+### Added
+
+- shared frontend modules for extension and dashboard reuse:
+  `web/static/app/lib/site-jobs.js`, `web/static/app/lib/webflow-sites.js`,
+  `web/static/app/lib/organisation-api.js`,
+  `web/static/app/lib/scheduler-api.js`, `web/static/app/lib/site-view.js`,
+  `web/static/app/lib/job-export.js`, and `web/static/app/lib/shell-nav.js`
+- shared shell styling in `web/static/app/styles/shell.css`, now loaded by both
+  `/dashboard` and the Webflow Designer extension
+- a native module-based `/extension-auth` flow in
+  `web/static/app/pages/webflow-login.js`, replacing the old extension popup
+  dependency on the legacy auth bundle
+- the first native in-extension settings section, `Account`, using shared
+  account settings logic inside the extension shell rather than loading the app
+  page
+
+### Changed
+
+- centralised Webflow extension job fetching, site scoping, and realtime
+  fallback logic into `web/static/app/lib/site-jobs.js`, reducing duplication
+  between the app layer and extension bridge runtime
+- rewired the Webflow Designer extension to consume shared jobs, Webflow site,
+  organisation, scheduler, export, shell, and site-view helpers through the
+  bridge and sync pipeline
+- moved `/dashboard` onto the extension-style shell and shared site-focused
+  module runtime, replacing the older dashboard-specific shell/layout
+- aligned extension reuse docs with the current migration state, including the
+  shared shell layer, module-native popup auth, and remaining native-extension
+  settings/detail work
+
+### Fixed
+
+- extension popup auth return-to-extension handling, including stable popup
+  callback state restoration and module-native sign-in handoff
+- cross-surface organisation sync so dashboard org changes refresh extension
+  organisation context instead of leaving stale labels behind
+- extension account settings loading and profile save support, including CORS
+  `PATCH` allowance for `/v1/auth/profile`
+- avatar rendering regressions across dashboard and extension, including Google
+  avatar CSP allowance, shared avatar DOM rendering, and extension avatar source
+  alignment with dashboard identity data
+- required shared module/style sync failures now stop the extension build
+  instead of silently shipping missing bridge dependencies
 
 ## Full changelog history
 
diff --git a/dashboard.html b/dashboard.html
index e18d24d2b..df7e3e063 100644
--- a/dashboard.html
+++ b/dashboard.html
@@ -9,10 +9,13 @@
       href="/assets/Good-Native_Hover_App_Logo_Webflow.png"
     />
     <title>Dashboard - Hover</title>
+
     <link rel="stylesheet" href="/styles/app.css" />
     <link rel="stylesheet" href="/app/styles/tokens.css" />
     <link rel="stylesheet" href="/app/styles/base.css" />
     <link rel="stylesheet" href="/app/styles/components.css" />
+    <link rel="stylesheet" href="/app/styles/shell.css" />
+    <link rel="stylesheet" href="/app/styles/dashboard-extension.css" />
 
     <!-- Sentry Error Monitoring & Performance -->
     <script
@@ -20,31 +23,31 @@
       crossorigin="anonymous"
     ></script>
     <script>
+      (function () {
+        const params = new URLSearchParams(window.location.search);
+        if (params.get("surface") === "webflow-extension") {
+          document.documentElement.setAttribute(
+            "data-surface-context",
+            "webflow-extension"
+          );
+        }
+      })();
+
       Sentry.init({
         dsn: "https://04f57d1dedc67f307cef525b1b1551a6@o4509113950928896.ingest.us.sentry.io/4509113952370688",
         environment:
           window.location.hostname === "hover.app.goodnative.co"
             ? "production"
             : "development",
-
-        // Performance Monitoring
-        tracesSampleRate: 0.1, // 10% of transactions
-
-        // Session Replay - records user sessions when errors occur
-        replaysSessionSampleRate: 0, // Don't record all sessions
-        replaysOnErrorSampleRate: 1.0, // Record 100% of sessions with errors
-
-        // User context
+        tracesSampleRate: 0.1,
+        replaysSessionSampleRate: 0,
+        replaysOnErrorSampleRate: 1.0,
         beforeSend(event) {
           return event;
         },
-
-        // Ignore certain errors
         ignoreErrors: [
-          // Browser extensions
           "ResizeObserver loop limit exceeded",
           "Non-Error promise rejection captured",
-          // Network errors that are expected
           /Failed to fetch/,
           /NetworkError/,
           /Load failed/,
@@ -52,8 +55,13 @@
       });
     </script>
 
-    <script src="/js/core.js" defer></script>
-    <script type="module" src="/app/lib/global-nav.js"></script>
+    <script src="/config.js"></script>
+    <script
+      src="https://unpkg.com/@supabase/supabase-js@2.95.3/dist/umd/supabase.js"
+      integrity="sha384-g8TQpKstPpyDTjwOLNQvGR++9KAGGvtxWv+P5XmDd3QZQx1jie8r1hx0gVpD+cdb"
+      crossorigin="anonymous"
+      defer
+    ></script>
 
     <!-- Google tag (gtag.js) -->
     <script
@@ -66,577 +74,365 @@
         dataLayer.push(arguments);
       }
       gtag("js", new Date());
-
       gtag("config", "G-D990P29YMF");
     </script>
   </head>
 
-  <body class="page-dashboard gnh-auth-route-gated">
-    <div id="globalNav"></div>
-    <!-- Main Content -->
-    <main class="main-content">
-      <!-- Job Creation Form -->
-      <div
-        style="
-          background: white;
-          border-radius: 12px;
-          box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1);
-          margin-bottom: 24px;
-          padding: 24px;
-        "
-      >
-        <h2
-          style="
-            margin: 0 0 16px 0;
-            font-size: 1.25rem;
-            font-weight: 600;
-            color: #374151;
-          "
+  <body class="page-dashboard">
+    <div id="surfaceContextBar" class="surface-context-bar" hidden>
+      <div class="surface-context-meta">
+        <a
+          id="surfaceContextBack"
+          class="surface-context-back"
+          href="/dashboard"
         >
-          Start Cache Warming
-        </h2>
-
-        <form
-          id="dashboardJobForm"
-          style="
-            display: grid;
-            grid-template-columns: 1fr 120px 140px 140px auto;
-            gap: 16px;
-            align-items: end;
-          "
-        >
-          <div>
-            <label
-              style="
-                display: block;
-                margin-bottom: 6px;
-                font-weight: 500;
-                color: #374151;
-                font-size: 14px;
-              "
-              >Domain</label
-            >
-            <input
-              type="text"
-              id="dashboardDomain"
-              name="domain"
-              required
-              placeholder="example.com"
-              aria-label="Domain to crawl"
-              style="
-                width: 100%;
-                padding: 12px 16px;
-                border: 1px solid #d1d5db;
-                border-radius: 6px;
-                font-size: 14px;
-                background: white;
-                color: #374151;
-                box-sizing: border-box;
-              "
-            />
-          </div>
-
-          <div>
-            <label
-              style="
-                display: block;
-                margin-bottom: 6px;
-                font-weight: 500;
-                color: #374151;
-                font-size: 14px;
-              "
-              >Max Pages</label
-            >
-            <input
-              type="number"
-              id="dashboardMaxPages"
-              name="max_pages"
-              min="0"
-              max="10000"
-              value="0"
-              aria-label="Maximum number of pages to crawl"
-              style="
-                width: 100%;
-                padding: 12px 16px;
-                border: 1px solid #d1d5db;
-                border-radius: 6px;
-                font-size: 14px;
-                background: white;
-                color: #374151;
-                box-sizing: border-box;
-              "
-            />
-          </div>
-
-          <div>
-            <label
-              style="
-                display: block;
-                margin-bottom: 6px;
-                font-weight: 500;
-                color: #374151;
-                font-size: 14px;
-              "
-              >Concurrency</label
-            >
-            <select
-              class="filter-select"
-              id="dashboardConcurrency"
-              name="concurrency"
-              aria-label="Concurrency level for crawling"
-              style="
-                width: 100%;
-                padding: 12px;
-                border: 1px solid #d1d5db;
-                border-radius: 6px;
-                font-size: 14px;
-                background: white;
-              "
-            >
-              <option value="default" selected>Default</option>
-              <option value="1">1</option>
-              <option value="2">2</option>
-              <option value="3">3</option>
-              <option value="4">4</option>
-              <option value="5">5</option>
-              <option value="10">10</option>
-              <option value="15">15</option>
-              <option value="20">20</option>
-              <option value="25">25</option>
-              <option value="30">30</option>
-              <option value="40">40</option>
-              <option value="50">50</option>
-              <option value="75">75</option>
-              <option value="100">100</option>
-            </select>
-          </div>
-
-          <div>
-            <label
-              style="
-                display: block;
-                margin-bottom: 6px;
-                font-weight: 500;
-                color: #374151;
-                font-size: 14px;
-              "
-              >Schedule</label
-            >
-            <select
-              class="filter-select"
-              id="dashboardScheduleInterval"
-              name="schedule_interval_hours"
-              aria-label="Schedule frequency for recurring jobs"
-              style="
-                width: 100%;
-                padding: 12px;
-                border: 1px solid #d1d5db;
-                border-radius: 6px;
-                font-size: 14px;
-                background: white;
-              "
-            >
-              <option value="">Run once</option>
-              <option value="6">Every 6 hours</option>
-              <option value="12">Every 12 hours</option>
-              <option value="24">Every 24 hours</option>
-              <option value="48">Every 48 hours</option>
-            </select>
-          </div>
-
-          <button
-            type="submit"
-            class="gnh-button gnh-button-primary"
-            style="padding: 12px 24px; white-space: nowrap"
-            aria-label="Start cache warming crawl"
-          >
-            Start Crawl
-          </button>
-        </form>
-      </div>
-
-      <!-- Dashboard Controls -->
-      <div class="dashboard-actions">
-        <div class="dashboard-filters">
-          <div class="filter-group">
-            <label class="filter-label">Date Range</label>
-            <select
-              class="filter-select"
-              id="dateRange"
-              aria-label="Filter jobs by date range"
-            >
-              <option value="last_hour">Last Hour</option>
-              <option value="today" selected>Today</option>
-              <option value="last_24_hours">Last 24 Hours</option>
-              <option value="yesterday">Yesterday</option>
-              <option value="last7">Last 7 Days</option>
-              <option value="last30">Last 30 Days</option>
-              <option value="last90">Last 90 Days</option>
-              <option value="all">All Time</option>
-            </select>
-          </div>
-        </div>
-
-        <div class="page-actions">
-          <button
-            class="gnh-btn gnh-btn-secondary"
-            gnh-action="refresh-dashboard"
-            aria-label="Refresh dashboard data"
-          >
-            <span>↻</span> Refresh
-          </button>
+          Back to extension
+        </a>
+        <div>
+          <p id="surfaceContextTitle" class="surface-context-title">
+            Dashboard
+          </p>
+          <p id="surfaceContextSubtitle" class="surface-context-subtitle"></p>
         </div>
       </div>
-
-      <!-- Login Interface for Unauthenticated Users -->
-      <div id="loginContent" gnh-auth="guest">
-        <div
-          style="
-            max-width: 400px;
-            margin: 80px auto;
-            padding: 40px;
-            background: white;
-            border-radius: 12px;
-            box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1);
-          "
-        >
-          <div style="text-align: center; margin-bottom: 32px">
-            <div style="font-size: 48px; margin-bottom: 16px">🐝</div>
-            <h1
-              style="
-                font-size: 1.875rem;
-                font-weight: 700;
-                margin-bottom: 8px;
-                color: #1a1a1a;
-              "
-            >
-              Hover
-            </h1>
-            <p style="color: #6b7280; font-size: 14px">
-              Cache warming service dashboard
+    </div>
+    <main class="app-shell dashboard-shell">
+      <section class="panel" id="guestState">
+        <div class="section auth-wrapper dashboard-auth-wrapper">
+          <header class="header auth-header">
+            <div class="top-brand">
+              <img
+                class="brand-logo"
+                src="/assets/Good-Native_Hover_App_Logo_Webflow.png"
+                alt="Hover"
+              />
+            </div>
+            <p class="section-title">
+              Run site checks, review the latest report, and manage schedules
+              from the same shell used in the Webflow extension.
             </p>
-          </div>
-
-          <div style="display: flex; gap: 12px; margin-bottom: 24px">
+          </header>
+
+          <ul class="icon-list">
+            <li>
+              <span
+                class="icon icon--medium icon--broken"
+                aria-hidden="true"
+              ></span>
+              <span>Broken links and slow pages in one site-focused view</span>
+            </li>
+            <li>
+              <span
+                class="icon icon--medium icon--download"
+                aria-hidden="true"
+              ></span>
+              <span>Recent reports and exports without switching screens</span>
+            </li>
+            <li>
+              <span
+                class="icon icon--medium icon--person"
+                aria-hidden="true"
+              ></span>
+              <span>Shared organisations, quotas, and schedules</span>
+            </li>
+          </ul>
+
+          <div class="actions auth-actions">
             <button
-              id="showLoginBtn"
-              class="gnh-button gnh-button-primary"
-              style="flex: 1"
-              aria-label="Show sign in form"
+              id="dashboardSignupButton"
+              type="button"
+              class="btn btn--primary btn--lg corners--right"
             >
-              Sign In
+              <span>Create account</span>
+              <span
+                class="icon icon--large icon--arrow icon--arrow--right"
+                aria-hidden="true"
+              ></span>
             </button>
+            <div class="auth-login-prompt">
+              <div class="auth-login-divider"></div>
+              <p class="auth-login-copy">Already have an account?</p>
+            </div>
             <button
-              id="showSignupBtn"
-              class="gnh-button gnh-button-outline"
-              style="flex: 1"
-              aria-label="Show create account form"
+              id="dashboardLoginButton"
+              type="button"
+              class="btn btn--secondary btn--lg corners--right"
             >
-              Create Account
+              <span>Login</span>
+              <span
+                class="icon icon--large icon--arrow icon--arrow--right"
+                aria-hidden="true"
+              ></span>
             </button>
           </div>
-
-          <div style="text-align: center; color: #6b7280; font-size: 14px">
-            Sign in to access your dashboard
-          </div>
-        </div>
-      </div>
-
-      <!-- Dashboard Content for Authenticated Users -->
-      <div id="dashboardContent" gnh-auth="required" style="display: none">
-        <!-- Stats Overview Cards -->
-        <div class="gnh-stats-grid">
-          <div class="gnh-stat-card">
-            <div class="gnh-stat-value" gnh-text="stats.total_jobs">-</div>
-            <div class="gnh-stat-label">Total Jobs</div>
-          </div>
-          <div class="gnh-stat-card">
-            <div class="gnh-stat-value" gnh-text="stats.running_jobs">-</div>
-            <div class="gnh-stat-label">Running</div>
-          </div>
-          <div class="gnh-stat-card">
-            <div class="gnh-stat-value" gnh-text="stats.completed_jobs">-</div>
-            <div class="gnh-stat-label">Completed</div>
-          </div>
-          <div class="gnh-stat-card">
-            <div class="gnh-stat-value" gnh-text="stats.failed_jobs">-</div>
-            <div class="gnh-stat-label">Failed</div>
-          </div>
         </div>
+      </section>
 
-        <!-- Recent Jobs Section with Data Binding Templates -->
-        <div class="gnh-jobs-section">
-          <div class="gnh-section-header">
-            <h3>Recent Jobs</h3>
-            <div class="gnh-section-actions">
+      <section class="panel hidden" id="authState">
+        <header class="topbar section">
+          <button
+            id="homeButton"
+            type="button"
+            class="topbar-brand-link"
+            aria-label="Open dashboard home"
+          >
+            <img
+              class="brand-logo brand-logo--topbar"
+              src="/assets/Good-Native_Hover_App_Logo_Webflow.png"
+              alt="Hover"
+            />
+          </button>
+          <div class="topbar-actions">
+            <div class="shell-notifications" id="notificationsContainer">
               <button
-                class="gnh-btn gnh-btn-secondary"
-                gnh-action="refresh-dashboard"
-                aria-label="Refresh jobs list"
+                id="notificationsBtn"
+                type="button"
+                class="btn btn--tertiary btn--sm btn--border-thin btn--icon-square shell-notifications-button"
+                aria-label="View notifications"
+                aria-haspopup="true"
+                aria-expanded="false"
               >
-                <span>↻</span> Refresh
+                <svg
+                  class="shell-notifications-icon"
+                  viewBox="0 0 24 24"
+                  aria-hidden="true"
+                >
+                  <path
+                    d="M15 17h5l-1.4-1.4A2 2 0 0118 14.2V10a6 6 0 10-12 0v4.2a2 2 0 01-.6 1.4L4 17h5"
+                  />
+                  <path d="M9.5 17a2.5 2.5 0 005 0" />
+                </svg>
+                <span
+                  id="notificationsBadge"
+                  class="shell-notifications-badge"
+                  hidden
+                  >0</span
+                >
               </button>
-              <button
-                class="gnh-btn gnh-btn-primary"
-                gnh-action="create-job"
-                aria-label="Create a new job"
+              <div
+                id="notificationsDropdown"
+                class="shell-dropdown shell-notifications-dropdown"
               >
-                <span>+</span> New Job
-              </button>
-            </div>
-          </div>
-
-          <div class="gnh-jobs-list">
-            <!-- Job Template — hidden by dashboard.js module; kept for legacy binder compatibility -->
-            <div class="gnh-job-card" gnh-template="job" style="display: none">
-              <div class="gnh-job-header">
-                <div class="gnh-job-domain" gnh-text="domain">example.com</div>
-                <div
-                  gnh-class="gnh-job-status gnh-status-{status}"
-                  gnh-text="status"
-                >
-                  pending
-                </div>
-              </div>
-              <div class="gnh-job-progress">
-                <div class="gnh-progress-bar">
-                  <div
-                    class="gnh-progress-fill"
-                    gnh-style:width="{progress}%"
-                  ></div>
+                <div class="shell-dropdown-header">
+                  <span class="shell-dropdown-title">Notifications</span>
+                  <button
+                    id="markAllReadBtn"
+                    type="button"
+                    class="shell-dropdown-action"
+                  >
+                    Mark all read
+                  </button>
                 </div>
-                <div class="gnh-job-details">
-                  <span gnh-text="completed_tasks">0</span> /
-                  <span gnh-text="total_tasks">0</span> tasks (<span
-                    gnh-text="progress"
-                    >0</span
-                  >%)
+                <div
+                  id="notificationsList"
+                  class="shell-notifications-list"
+                ></div>
+                <div class="shell-dropdown-footer">
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/notifications"
+                  >
+                    Notification settings
+                  </button>
                 </div>
               </div>
-              <div class="gnh-job-footer">
-                <div class="gnh-job-started">
-                  <span style="font-weight: 500">Started:</span>
-                  <span gnh-text="started_at_formatted">-</span>
+            </div>
+
+            <select
+              id="orgSelect"
+              class="btn btn--tertiary btn--sm btn--border-thin btn--square btn--select topbar-org-select"
+            ></select>
+
+            <div class="shell-profile-menu">
+              <button
+                id="profileMenuButton"
+                type="button"
+                class="btn btn--primary btn--icon-square corners--top-left topbar-profile"
+                aria-label="Open account menu"
+                aria-haspopup="true"
+                aria-expanded="false"
+              >
+                <span class="topbar-profile-avatar" id="profileAvatar"></span>
+              </button>
+              <div
+                id="profileMenuDropdown"
+                class="shell-dropdown shell-profile-dropdown"
+              >
+                <div class="shell-profile-summary">
+                  <p id="profileEmail" class="shell-profile-email">Signed in</p>
+                  <p id="profileOrgName" class="shell-profile-org">
+                    Organisation
+                  </p>
+                  <p id="profilePlanText" class="shell-profile-plan">Plan</p>
+                  <p id="profileUsageText" class="shell-profile-usage">
+                    Usage unavailable
+                  </p>
                 </div>
-                <div class="gnh-job-actions">
-                  <a
-                    class="gnh-job-link"
-                    href="/jobs/{id}"
-                    gnh-href="/jobs/{id}"
-                    >Open Job</a
+                <div class="shell-dropdown-links">
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/account"
+                  >
+                    Account
+                  </button>
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/team"
                   >
+                    Team
+                  </button>
                   <button
-                    class="gnh-job-link"
-                    gnh-action="restart-job"
-                    gnh-id="{id}"
-                    gnh-show="status=completed,failed,cancelled"
-                    aria-label="Restart this job"
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/billing"
                   >
-                    Restart
+                    Billing
                   </button>
                   <button
-                    class="gnh-job-link"
-                    gnh-action="cancel-job"
-                    gnh-id="{id}"
-                    gnh-show="status=running,pending"
-                    aria-label="Cancel this job"
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/plans"
                   >
-                    Cancel
+                    Plans
+                  </button>
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/notifications"
+                  >
+                    Notifications
+                  </button>
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/analytics"
+                  >
+                    Analytics
+                  </button>
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/automated-jobs"
+                  >
+                    Automated jobs
                   </button>
                 </div>
               </div>
             </div>
           </div>
-        </div>
-      </div>
-    </main>
-
-    <!-- Load shared authentication modal -->
-    <div id="authModalContainer"></div>
-
-    <!-- Job Creation Modal -->
-    <div id="createJobModal" class="gnh-modal">
-      <div class="gnh-modal-content" style="max-width: 600px">
-        <div class="gnh-modal-header">
-          <h2 class="gnh-modal-title">Create New Job</h2>
+        </header>
+
+        <div class="action-bar section">
+          <div class="action-bar-controls">
+            <div class="control-group control-group--domain">
+              <label class="control-label" for="domainInput">Site:</label>
+              <div class="dashboard-domain-search">
+                <input
+                  id="domainInput"
+                  type="text"
+                  class="btn btn--tertiary btn--sm btn--border-thin btn--square dashboard-domain-input"
+                  placeholder="example.com"
+                  autocomplete="off"
+                  spellcheck="false"
+                />
+              </div>
+            </div>
+            <div class="control-group control-group--schedule">
+              <label class="control-label" for="scheduleSelect"
+                >Run every:</label
+              >
+              <select
+                id="scheduleSelect"
+                class="btn btn--tertiary btn--sm btn--border-thin btn--square btn--select action-bar-select"
+              >
+                <option value="off">Off</option>
+                <option value="6">6 hrs</option>
+                <option value="12">12 hrs</option>
+                <option value="24">24 hrs</option>
+                <option value="48">48 hrs</option>
+              </select>
+            </div>
+          </div>
           <button
-            class="gnh-modal-close"
-            gnh-action="close-create-job-modal"
-            aria-label="Close create job modal"
+            id="runNowButton"
+            type="button"
+            class="btn btn--primary btn--sm corners--right"
           >
-            &times;
+            <span class="icon icon--small icon--bee" aria-hidden="true"></span>
+            <span>Run now</span>
           </button>
         </div>
 
-        <form id="createJobForm" class="gnh-auth-form">
-          <div class="gnh-form-group">
-            <label for="jobDomain">Domain</label>
-            <div class="gnh-domain-search" style="position: relative">
-              <input
-                type="text"
-                id="jobDomain"
-                name="domain"
-                gnh-domain-create="auto"
-                required
-                placeholder="example.com"
-                class="gnh-form-input"
-                aria-label="Domain to crawl"
-              />
-            </div>
-            <div
-              class="gnh-field-error"
-              id="domainError"
-              style="display: none"
-            ></div>
-          </div>
-
-          <div class="gnh-form-group">
-            <label for="maxPages">Maximum Pages</label>
-            <input
-              type="number"
-              id="maxPages"
-              name="max_pages"
-              min="0"
-              max="10000"
-              value="0"
-              class="gnh-form-input"
-              aria-label="Maximum number of pages to crawl"
-            />
-            <div style="font-size: 12px; color: #6b7280; margin-top: 4px">
-              Maximum number of pages to crawl (set to 0 for unlimited)
-            </div>
-          </div>
-
-          <div class="gnh-form-group">
-            <label for="scheduleInterval">Schedule</label>
-            <select
-              id="scheduleInterval"
-              name="schedule_interval_hours"
-              class="gnh-form-input"
-              aria-label="Schedule frequency for recurring jobs"
-            >
-              <option value="">Run once</option>
-              <option value="6">Every 6 hours</option>
-              <option value="12">Every 12 hours</option>
-              <option value="24">Every 24 hours</option>
-              <option value="48">Every 48 hours</option>
-            </select>
-            <div style="font-size: 12px; color: #6b7280; margin-top: 4px">
-              Select a frequency to create a recurring schedule for this domain
-            </div>
+        <div class="status-block section" id="statusBlock">
+          <div class="status-block-content">
+            <p id="statusText" class="status"></p>
+            <p id="detailText" class="detail"></p>
           </div>
+        </div>
 
-          <!-- Hidden fields with sensible defaults -->
-          <input type="hidden" id="useSitemap" name="use_sitemap" value="on" />
-          <input type="hidden" id="findLinks" name="find_links" value="on" />
-          <!-- concurrency omitted - server defaults to 20 -->
+        <div class="content-scroll section">
+          <section class="job-band">
+            <p id="jobSectionHeading" class="section-heading">In progress</p>
+            <div id="jobSection" class="hidden"></div>
+          </section>
 
-          <div
-            style="
-              display: flex;
-              gap: 12px;
-              justify-content: flex-end;
-              margin-top: 32px;
-            "
-          >
+          <div id="noJobState" class="no-job-state hidden">
+            <p id="noJobText" class="detail">
+              Select a site to review its latest report.
+            </p>
             <button
+              id="runFirstCheckButton"
               type="button"
-              class="gnh-button gnh-button-outline"
-              gnh-action="close-create-job-modal"
-              aria-label="Cancel job creation"
+              class="btn btn--secondary btn--sm corners--right"
             >
-              Cancel
-            </button>
-            <button
-              type="submit"
-              class="gnh-button gnh-button-primary"
-              id="createJobSubmitBtn"
-              aria-label="Create the job"
-            >
-              Create Job
+              <span>Run first check</span>
             </button>
           </div>
-        </form>
 
-        <!-- Loading State -->
-        <div
-          id="createJobLoading"
-          class="gnh-auth-loading"
-          style="display: none"
-        >
-          <div class="gnh-spinner"></div>
-          <p>Creating job...</p>
-        </div>
+          <div class="results-section">
+            <p class="section-heading">Latest report</p>
+            <div id="latestResultsList" class="results-list"></div>
 
-        <!-- Error Message -->
-        <div
-          id="createJobError"
-          class="gnh-auth-error"
-          style="display: none"
-        ></div>
-      </div>
-    </div>
+            <p class="section-heading">Past results</p>
+
+            <div class="chart-section" id="chartSection">
+              <div class="chart-layout">
+                <div class="chart-y-scale" aria-hidden="true">
+                  <span>100</span>
+                  <span>50</span>
+                  <span>25</span>
+                  <span>0</span>
+                </div>
+                <div class="mini-chart" id="miniChart"></div>
+              </div>
+            </div>
 
-    <!-- Create Organisation Modal -->
-    <div id="createOrgModal" class="gnh-modal">
-      <div class="gnh-modal-content" style="max-width: 440px">
-        <div class="gnh-modal-header">
-          <h2 class="gnh-modal-title">Create Organisation</h2>
+            <div id="recentResultsList" class="results-list"></div>
+          </div>
+        </div>
+
+        <footer class="panel-footer section">
           <button
-            class="gnh-modal-close"
-            id="closeCreateOrgModal"
-            aria-label="Close create organisation modal"
+            id="feedbackButton"
+            type="button"
+            class="btn btn--ghost btn--footer-link"
           >
-            ×
+            Feedback
           </button>
-        </div>
-        <form id="createOrgForm" gnh-form="create-organisation">
-          <div class="gnh-form-group">
-            <label for="newOrgName">Organisation Name</label>
-            <input
-              type="text"
-              id="newOrgName"
-              name="name"
-              required
-              maxlength="100"
-              placeholder="Enter organisation name"
-              class="gnh-form-input"
-              aria-describedby="createOrgError"
-            />
-          </div>
-          <div
-            style="
-              display: flex;
-              gap: 12px;
-              justify-content: flex-end;
-              margin-top: 24px;
-            "
+          <button
+            id="helpButton"
+            type="button"
+            class="btn btn--ghost btn--footer-link"
           >
-            <button
-              type="button"
-              class="gnh-button gnh-button-outline"
-              id="cancelCreateOrg"
-            >
-              Cancel
-            </button>
-            <button
-              type="submit"
-              class="gnh-button gnh-button-primary"
-              id="submitCreateOrg"
-            >
-              Create
-            </button>
-          </div>
-        </form>
-        <div
-          id="createOrgError"
-          class="gnh-auth-error"
-          style="display: none"
-        ></div>
-      </div>
-    </div>
+            Help
+          </button>
+        </footer>
+      </section>
+    </main>
 
-    <!-- ES module entrypoint -->
     <script type="module" src="/app/pages/dashboard.js"></script>
   </body>
 </html>
diff --git a/docs/architecture/webflow-designer-extension.md b/docs/architecture/webflow-designer-extension.md
index 8e23105be..dfcd7d57b 100644
--- a/docs/architecture/webflow-designer-extension.md
+++ b/docs/architecture/webflow-designer-extension.md
@@ -16,13 +16,27 @@ Designer. It does not contain backend business logic.
 ## Auth model
 
 - Extension initiates auth via popup to GNH-hosted `/extension-auth.html`.
-- Popup reuses existing shared auth system in `web/static/js/auth.js`.
+- Popup currently uses a hybrid flow:
+  - server page shell in `web/templates/extension-auth.html`
+  - module entrypoint in `web/static/app/pages/webflow-login.js`
+  - legacy shared auth modal and redirect helpers in `web/static/js/auth.js`
 - First-time users are created via existing `POST /v1/auth/register` path.
 - Token handoff returns to extension using `postMessage` with origin/state
   validation.
 - Extension keeps auth token in session scope (`sessionStorage`) rather than
   persistent local storage.
 
+## Shared frontend reuse
+
+- Shared primitives live under `web/static/app/`.
+- The extension already reuses shared API helpers and Web Components via
+  `webflow-designer-extension-cli/scripts/sync-shared.js` and
+  `webflow-designer-extension-cli/public/lib/bridge.js`.
+- Most extension page orchestration still lives in
+  `webflow-designer-extension-cli/src/index.ts`.
+- The extension does not yet share the full jobs page orchestration or shell
+  styling with the main app.
+
 ## Repository boundaries
 
 - Extension code: `/webflow-designer-extension-cli`
diff --git a/docs/plans/webflow-extension-reuse-follow-up.md b/docs/plans/webflow-extension-reuse-follow-up.md
index 88738de5f..87b824294 100644
--- a/docs/plans/webflow-extension-reuse-follow-up.md
+++ b/docs/plans/webflow-extension-reuse-follow-up.md
@@ -1,6 +1,6 @@
 # Webflow Extension Reuse Follow-up
 
-Date: 2026-04-05 Status: Proposed Scope: Webflow Designer extension
+Date: 2026-04-10 Status: In progress Scope: Webflow Designer extension
 consolidation and shared frontend reuse
 
 ## Current state
@@ -22,10 +22,13 @@ The Webflow Designer extension has already adopted part of that shared layer:
 - shared module sync into the extension build
 - a bridge/import-map pattern so extension code can consume shared modules in a
   cross-origin runtime
+- shared shell styling via `web/static/app/styles/shell.css`
 
-That means the transition is partly complete. Shared primitives exist and are in
-use, but the extension has not yet reached the same level of modular
-consolidation as the main app.
+That means the transition is no longer only a primitives-level migration. Shared
+frontend logic now covers jobs, Webflow site configuration, organisation
+context, scheduling, shell navigation, job export, and top-level site view
+rendering. `/dashboard` has also moved onto the extension-style shell/layout
+instead of the older dashboard-specific shell.
 
 ## What is already complete
 
@@ -36,7 +39,20 @@ consolidation as the main app.
   - `pages/` for page orchestration
 - the extension reuses shared primitives and API helpers through the bridge/sync
   approach
+- shared extension/dashboard logic now includes:
+  - `web/static/app/lib/site-jobs.js`
+  - `web/static/app/lib/webflow-sites.js`
+  - `web/static/app/lib/organisation-api.js`
+  - `web/static/app/lib/scheduler-api.js`
+  - `web/static/app/lib/site-view.js`
+  - `web/static/app/lib/job-export.js`
+  - `web/static/app/lib/shell-nav.js`
 - design tokens exist in the app layer and mirror the extension theme
+- shared shell styling now lives in `web/static/app/styles/shell.css`
+- the extension auth popup is now module-native through
+  `web/static/app/pages/webflow-login.js`, not the old `/js/auth.js` popup path
+- the extension has its first native in-panel settings section (`Account`)
+  driven by shared settings logic rather than a framed app page
 - the completed migration is already documented in `CHANGELOG.md`
 
 ## Remaining gaps
@@ -44,32 +60,38 @@ consolidation as the main app.
 - The extension still keeps most page orchestration in
   `webflow-designer-extension-cli/src/index.ts` rather than in shared `/app`
   modules.
-- The current job-list sharing story is incomplete. The repository contains
-  `web/static/app/pages/webflow-jobs.js`, but the live extension still owns much
-  of its own job rendering and refresh flow.
-- The extension auth popup still depends on legacy `/js/auth.js`.
-- Extension shell styling remains separate from app styling. The app tokens
-  mirror the extension theme, but the extension shell has not been migrated to
-  the app style layer.
-- Some documentation still overstates how far the extension has been
-  consolidated into the shared module system.
+- Native extension settings coverage is incomplete. `Account` is native in the
+  extension shell, but the rest of the settings sections still need the same
+  treatment.
+- Job details still need a native in-extension implementation rather than
+  relying on app-page stop-gaps.
+- Extension CSS convergence is only partly complete. Shared shell styling now
+  exists, but the extension still carries a large local stylesheet in
+  `webflow-designer-extension-cli/public/styles.css`.
+- Identity/avatar selection logic is aligned between dashboard and extension,
+  but still duplicated rather than centralised into one helper.
+- Preview Webflow OAuth and run-on-publish flows still depend on callback URL
+  registration outside this frontend workstream.
+- Some documentation and PR metadata still understate how far this branch has
+  moved beyond the original jobs-only extraction.
 
 ## Recommended next phase
 
-This follow-up should be treated as a JavaScript-first reuse pass, not a full UI
-unification project.
+This follow-up should now be treated as a native extension-surface completion
+pass. The branch has already moved beyond a jobs-only or JS-only reuse phase.
 
 - Extract surface-agnostic extension logic from
   `webflow-designer-extension-cli/src/index.ts` into shared `/app` modules.
-- Make the job-list sharing story truthful and consistent:
-  - either move extension job-list behaviour onto shared `pages/` modules
-  - or narrow the shared module claims so the code and docs say exactly what is
-    shared
+- Continue the native extension settings rollout:
+  - `Team` next
+  - then the remaining org-scoped settings sections
+- Implement native in-extension job details using shared modules and shared
+  layout primitives instead of framed app-page fallbacks.
 - Keep the bridge/import-map approach for cross-origin extension use.
-- Continue sharing reusable logic and UI primitives first, before attempting to
-  merge the full extension shell layout into the main app.
-- Replace the remaining legacy auth dependency in `/extension-auth` so the popup
-  flow no longer relies on `/js/auth.js`.
+- Continue moving extension shell/component CSS into shared app styles so the
+  dashboard and extension stop carrying parallel styling for the same UI.
+- Centralise shared identity/avatar selection logic so dashboard and extension
+  stop duplicating provider-avatar fallback rules.
 - Update architecture and planning docs so they reflect the current state
   accurately.
 
@@ -77,9 +99,8 @@ unification project.
 
 - Recreating the deleted March 2026 ES modules plan
 - Re-running the full `/dashboard` modernisation effort
-- Forcing full shell or layout convergence between the extension and the main
-  app in this phase
 - Replacing working backend Webflow APIs as part of this documentation update
+- Solving preview-domain Webflow OAuth registration inside frontend code
 
 ## Acceptance criteria
 
@@ -87,10 +108,12 @@ unification project.
   archived in the changelog.
 - The new plan clearly states that both ES modules branch checkpoints are
   already contained in `main`.
-- The new plan distinguishes between shared primitives that already exist and
-  extension page orchestration that is still local.
-- The new plan sets a JS-first extension consolidation direction without
-  implying that the extension already shares all page-level logic with
-  `/dashboard`.
+- The new plan distinguishes between what is already genuinely shared today and
+  what still remains extension-local.
+- The new plan reflects that `/dashboard` has already moved onto the
+  extension-style shell/layout and that the popup auth flow is already
+  module-native.
+- The new plan makes the remaining work explicit: native settings coverage,
+  native job details, `index.ts` thinning, and further CSS convergence.
 - The new plan supersedes the old branch-era planning context without recreating
   archived migration history.
diff --git a/internal/api/middleware.go b/internal/api/middleware.go
index 59417a4f8..01e52e3f6 100644
--- a/internal/api/middleware.go
+++ b/internal/api/middleware.go
@@ -164,7 +164,7 @@ func CORSMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Set CORS headers
 		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
+		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
 		w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Request-ID")
 		w.Header().Set("Access-Control-Expose-Headers", "X-Request-ID")
 
@@ -251,13 +251,42 @@ func buildConnectSrcValues() string {
 	return strings.Join(values, " ")
 }
 
+func isWebflowExtensionSurfacePage(r *http.Request) bool {
+	if r.Method != http.MethodGet {
+		return false
+	}
+	if r.URL.Query().Get("surface") != "webflow-extension" {
+		return false
+	}
+
+	path := strings.TrimRight(r.URL.Path, "/")
+	switch {
+	case path == "/dashboard":
+		return true
+	case path == "/settings":
+		return true
+	case strings.HasPrefix(path, "/settings/"):
+		return true
+	case strings.HasPrefix(path, "/jobs/"):
+		return true
+	default:
+		return false
+	}
+}
+
 // SecurityHeadersMiddleware adds security-related headers
 func SecurityHeadersMiddleware(next http.Handler) http.Handler {
 	connectSrcValues := buildConnectSrcValues()
 
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("X-Content-Type-Options", "nosniff")
-		w.Header().Set("X-Frame-Options", "DENY")
+
+		frameAncestors := "'none'"
+		if isWebflowExtensionSurfacePage(r) {
+			frameAncestors = "'self' https://webflow.com https://*.webflow.com http://localhost:1337 http://127.0.0.1:1337"
+		} else {
+			w.Header().Set("X-Frame-Options", "DENY")
+		}
 
 		// Content Security Policy
 		csp := fmt.Sprintf(`
@@ -266,12 +295,13 @@ func SecurityHeadersMiddleware(next http.Handler) http.Handler {
 			style-src 'self' 'unsafe-inline';
 			connect-src %s;
 			frame-src https://challenges.cloudflare.com;
-			img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gravatar.com;
+			frame-ancestors %s;
+			img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gravatar.com https://lh3.googleusercontent.com https://*.googleusercontent.com;
 			font-src 'self' data:;
 			object-src 'none';
 			base-uri 'self';
 			form-action 'self';
-		`, connectSrcValues)
+		`, connectSrcValues, frameAncestors)
 		w.Header().Set("Content-Security-Policy", strings.ReplaceAll(csp, "\n", " "))
 
 		w.Header().Set("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
diff --git a/internal/api/middleware_test.go b/internal/api/middleware_test.go
index 857ff722e..49bed4193 100644
--- a/internal/api/middleware_test.go
+++ b/internal/api/middleware_test.go
@@ -297,7 +297,7 @@ func TestCORSMiddleware(t *testing.T) {
 
 			// Check CORS headers are set
 			assert.Equal(t, "*", rec.Header().Get("Access-Control-Allow-Origin"))
-			assert.Equal(t, "GET, POST, PUT, DELETE, OPTIONS", rec.Header().Get("Access-Control-Allow-Methods"))
+			assert.Equal(t, "GET, POST, PUT, PATCH, DELETE, OPTIONS", rec.Header().Get("Access-Control-Allow-Methods"))
 			assert.Equal(t, "Content-Type, Authorization, X-Request-ID", rec.Header().Get("Access-Control-Allow-Headers"))
 			assert.Equal(t, "X-Request-ID", rec.Header().Get("Access-Control-Expose-Headers"))
 
@@ -382,11 +382,38 @@ func TestSecurityHeadersMiddleware(t *testing.T) {
 	assert.Equal(t, "DENY", rec.Header().Get("X-Frame-Options"))
 	assert.Contains(t, rec.Header().Get("Content-Security-Policy"), "default-src 'self'")
 	assert.Contains(t, rec.Header().Get("Content-Security-Policy"), "connect-src")
+	assert.Contains(t, rec.Header().Get("Content-Security-Policy"), "frame-ancestors 'none'")
 	assert.Contains(t, rec.Header().Get("Content-Security-Policy"), "http://127.0.0.1:8765")
 	assert.Contains(t, rec.Header().Get("Content-Security-Policy"), "http://localhost:8765")
+	assert.Contains(t, rec.Header().Get("Content-Security-Policy"), "https://lh3.googleusercontent.com")
 	assert.Equal(t, "max-age=63072000; includeSubDomains", rec.Header().Get("Strict-Transport-Security"))
 }
 
+func TestSecurityHeadersMiddlewareAllowsWebflowExtensionSurfacePages(t *testing.T) {
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	})
+
+	middlewareHandler := SecurityHeadersMiddleware(handler)
+
+	req := httptest.NewRequest(
+		http.MethodGet,
+		"/settings/account?surface=webflow-extension",
+		nil,
+	)
+	rec := httptest.NewRecorder()
+
+	middlewareHandler.ServeHTTP(rec, req)
+
+	assert.Equal(t, http.StatusOK, rec.Code)
+	assert.Equal(t, "", rec.Header().Get("X-Frame-Options"))
+	assert.Contains(
+		t,
+		rec.Header().Get("Content-Security-Policy"),
+		"frame-ancestors 'self' https://webflow.com https://*.webflow.com http://localhost:1337 http://127.0.0.1:1337",
+	)
+}
+
 func TestMiddlewareChaining(t *testing.T) {
 	// Test that multiple middlewares work together correctly
 	finalHandlerCalled := false
diff --git a/settings.html b/settings.html
index ff67edaee..7f5789396 100644
--- a/settings.html
+++ b/settings.html
@@ -50,6 +50,7 @@
     <script>
       (function () {
         const path = window.location.pathname.replace(/\/$/, "");
+        const params = new URLSearchParams(window.location.search);
         const sectionMap = {
           "/settings": "account",
           "/settings/account": "account",
@@ -64,11 +65,38 @@
         };
         const target = sectionMap[path] || "account";
         document.documentElement.setAttribute("data-settings-section", target);
+        if (params.get("surface") === "webflow-extension") {
+          document.documentElement.setAttribute(
+            "data-surface-context",
+            "webflow-extension"
+          );
+        }
       })();
     </script>
   </head>
   <body class="page-settings gnh-auth-route-gated">
-    <script type="module" src="/app/lib/global-nav.js"></script>
+    <script type="module">
+      import { isWebflowExtensionSurface } from "/app/lib/surface-context.js";
+
+      if (!isWebflowExtensionSurface()) {
+        import("/app/lib/global-nav.js");
+      }
+    </script>
+    <div id="surfaceContextBar" class="surface-context-bar" hidden>
+      <div class="surface-context-meta">
+        <a
+          id="surfaceContextBack"
+          class="surface-context-back"
+          href="/dashboard"
+        >
+          Back to extension
+        </a>
+        <div>
+          <p id="surfaceContextTitle" class="surface-context-title">Settings</p>
+          <p id="surfaceContextSubtitle" class="surface-context-subtitle"></p>
+        </div>
+      </div>
+    </div>
     <main class="settings-main">
       <div class="settings-container">
         <aside class="settings-nav">
diff --git a/web/static/app/lib/auth-session.js b/web/static/app/lib/auth-session.js
index a595c93ef..b39573bfd 100644
--- a/web/static/app/lib/auth-session.js
+++ b/web/static/app/lib/auth-session.js
@@ -37,13 +37,15 @@
  * @returns {import("@supabase/supabase-js").SupabaseAuthClient}
  */
 function authClient() {
-  if (!window.supabase?.auth) {
+  const auth =
+    window.HOVER_EXTENSION_SUPABASE_CLIENT?.auth || window.supabase?.auth;
+  if (!auth) {
     throw new Error(
       "auth-session: window.supabase is not initialised. " +
         "Ensure the Supabase SDK script and /config.js load before this module runs."
     );
   }
-  return window.supabase.auth;
+  return auth;
 }
 
 /**
diff --git a/web/static/app/lib/job-export.js b/web/static/app/lib/job-export.js
new file mode 100644
index 000000000..0af6dc6d8
--- /dev/null
+++ b/web/static/app/lib/job-export.js
@@ -0,0 +1,68 @@
+/**
+ * lib/job-export.js — shared job export helpers
+ *
+ * Shared between the dashboard and Webflow Designer extension.
+ */
+
+import * as apiClient from "/app/lib/api-client.js";
+import {
+  escapeCSVValue,
+  sanitiseForFilename,
+  triggerFileDownload,
+} from "/app/lib/formatters.js";
+
+function resolveApi(api) {
+  return api || apiClient;
+}
+
+function prepareExportColumns(columns, tasks) {
+  if (Array.isArray(columns) && columns.length > 0) {
+    return {
+      keys: columns.map((column) => column.key),
+      headers: columns.map((column) => column.label || column.key),
+    };
+  }
+
+  const keySet = new Set();
+  for (const task of tasks) {
+    Object.keys(task || {}).forEach((key) => keySet.add(key));
+  }
+
+  const keys = [...keySet];
+  return { keys, headers: keys };
+}
+
+export async function downloadJobExport(jobId, options = {}) {
+  const api = resolveApi(options.api);
+  const payload = await api.get(`/v1/jobs/${encodeURIComponent(jobId)}/export`);
+  const tasks = Array.isArray(payload?.tasks) ? payload.tasks : [];
+
+  if (tasks.length === 0) {
+    return {
+      empty: true,
+      filename: "",
+      taskCount: 0,
+    };
+  }
+
+  const { keys, headers } = prepareExportColumns(payload.columns, tasks);
+  const csvRows = [headers.join(",")];
+  for (const task of tasks) {
+    const values = keys.map((key) => escapeCSVValue(task[key]));
+    csvRows.push(values.join(","));
+  }
+
+  const filenameBase = sanitiseForFilename(payload.domain || `job-${jobId}`);
+  const filename = `${filenameBase}-hover-export.csv`;
+  triggerFileDownload(csvRows.join("\n"), "text/csv", filename);
+
+  return {
+    empty: false,
+    filename,
+    taskCount: tasks.length,
+  };
+}
+
+export default {
+  downloadJobExport,
+};
diff --git a/web/static/app/lib/organisation-api.js b/web/static/app/lib/organisation-api.js
new file mode 100644
index 000000000..478be7dac
--- /dev/null
+++ b/web/static/app/lib/organisation-api.js
@@ -0,0 +1,62 @@
+/**
+ * lib/organisation-api.js — shared organisation and usage helpers
+ *
+ * Shared between app pages and the Webflow Designer extension.
+ * UI state and event dispatch stay surface-specific.
+ */
+
+import * as apiClient from "/app/lib/api-client.js";
+
+function resolveApi(api) {
+  return api || apiClient;
+}
+
+/**
+ * @param {{ api?: typeof apiClient, includeUsage?: boolean }} [options]
+ * @returns {Promise<{
+ *   organisations: Record<string, unknown>[],
+ *   activeOrganisationId: string,
+ *   usage: Record<string, unknown> | null
+ * }>}
+ */
+export async function loadOrganisationContext(options = {}) {
+  const api = resolveApi(options.api);
+  const includeUsage = options.includeUsage !== false;
+
+  const [organisationsPayload, usagePayload] = await Promise.all([
+    api.get("/v1/organisations"),
+    includeUsage ? api.get("/v1/usage") : Promise.resolve(null),
+  ]);
+
+  return {
+    organisations: Array.isArray(organisationsPayload?.organisations)
+      ? organisationsPayload.organisations
+      : [],
+    activeOrganisationId: organisationsPayload?.active_organisation_id || "",
+    usage: usagePayload?.usage || null,
+  };
+}
+
+/**
+ * @param {string} name
+ * @param {{ api?: typeof apiClient }} [options]
+ * @returns {Promise<Record<string, unknown> | null>}
+ */
+export async function createOrganisation(name, options = {}) {
+  const api = resolveApi(options.api);
+  const response = await api.post("/v1/organisations", { name });
+  return response?.organisation || null;
+}
+
+/**
+ * @param {string} organisationId
+ * @param {{ api?: typeof apiClient }} [options]
+ * @returns {Promise<Record<string, unknown> | null>}
+ */
+export async function switchOrganisation(organisationId, options = {}) {
+  const api = resolveApi(options.api);
+  const response = await api.post("/v1/organisations/switch", {
+    organisation_id: organisationId,
+  });
+  return response?.organisation || null;
+}
diff --git a/web/static/app/lib/scheduler-api.js b/web/static/app/lib/scheduler-api.js
new file mode 100644
index 000000000..94ea495b7
--- /dev/null
+++ b/web/static/app/lib/scheduler-api.js
@@ -0,0 +1,122 @@
+/**
+ * lib/scheduler-api.js — shared scheduler helpers
+ *
+ * Shared between app pages and the Webflow Designer extension.
+ */
+
+import * as apiClient from "/app/lib/api-client.js";
+import { normaliseDomain } from "/app/lib/site-jobs.js";
+
+function resolveApi(api) {
+  return api || apiClient;
+}
+
+/**
+ * @param {{ api?: typeof apiClient }} [options]
+ * @returns {Promise<Record<string, unknown>[]>}
+ */
+export async function listSchedulers(options = {}) {
+  const api = resolveApi(options.api);
+  const response = await api.get("/v1/schedulers");
+  return Array.isArray(response) ? response : [];
+}
+
+/**
+ * @param {string} schedulerId
+ * @param {{ api?: typeof apiClient }} [options]
+ * @returns {Promise<Record<string, unknown> | null>}
+ */
+export async function getScheduler(schedulerId, options = {}) {
+  const api = resolveApi(options.api);
+  const response = await api.get(
+    `/v1/schedulers/${encodeURIComponent(schedulerId)}`
+  );
+  return response && typeof response === "object" ? response : null;
+}
+
+/**
+ * @param {string} domain
+ * @param {{ api?: typeof apiClient, schedulers?: Record<string, unknown>[] }} [options]
+ * @returns {Promise<Record<string, unknown> | null>}
+ */
+export async function findSchedulerByDomain(domain, options = {}) {
+  const targetDomain = normaliseDomain(domain);
+  if (!targetDomain) {
+    return null;
+  }
+
+  const schedulers =
+    options.schedulers || (await listSchedulers({ api: options.api }));
+
+  return (
+    schedulers.find(
+      (scheduler) => normaliseDomain(scheduler?.domain || "") === targetDomain
+    ) || null
+  );
+}
+
+/**
+ * @param {string} domain
+ * @param {number} scheduleIntervalHours
+ * @param {{ api?: typeof apiClient, currentScheduler?: Record<string, unknown> | null, extra?: Record<string, unknown> }} [options]
+ * @returns {Promise<Record<string, unknown>>}
+ */
+export async function saveSchedulerForDomain(
+  domain,
+  scheduleIntervalHours,
+  options = {}
+) {
+  const api = resolveApi(options.api);
+  const currentScheduler = options.currentScheduler || null;
+  const payload = {
+    ...(options.extra || {}),
+    schedule_interval_hours: scheduleIntervalHours,
+  };
+
+  if (!currentScheduler?.id) {
+    return api.post("/v1/schedulers", {
+      ...payload,
+      domain,
+    });
+  }
+
+  return api.put(`/v1/schedulers/${currentScheduler.id}`, {
+    ...payload,
+    is_enabled: true,
+  });
+}
+
+/**
+ * @param {string} schedulerId
+ * @param {{ api?: typeof apiClient, expectedIsEnabled?: boolean }} [options]
+ * @returns {Promise<Record<string, unknown>>}
+ */
+export async function disableScheduler(schedulerId, options = {}) {
+  const api = resolveApi(options.api);
+  const payload = { is_enabled: false };
+  if (typeof options.expectedIsEnabled === "boolean") {
+    payload.expected_is_enabled = options.expectedIsEnabled;
+  }
+  return api.put(`/v1/schedulers/${schedulerId}`, payload);
+}
+
+/**
+ * @param {string} schedulerId
+ * @param {Record<string, unknown>} updates
+ * @param {{ api?: typeof apiClient }} [options]
+ * @returns {Promise<Record<string, unknown>>}
+ */
+export async function updateScheduler(schedulerId, updates, options = {}) {
+  const api = resolveApi(options.api);
+  return api.put(`/v1/schedulers/${schedulerId}`, updates);
+}
+
+/**
+ * @param {string} schedulerId
+ * @param {{ api?: typeof apiClient }} [options]
+ * @returns {Promise<void>}
+ */
+export async function deleteScheduler(schedulerId, options = {}) {
+  const api = resolveApi(options.api);
+  await api.del(`/v1/schedulers/${encodeURIComponent(schedulerId)}`);
+}
diff --git a/web/static/app/lib/settings/account.js b/web/static/app/lib/settings/account.js
index fffc15d41..1ba961162 100644
--- a/web/static/app/lib/settings/account.js
+++ b/web/static/app/lib/settings/account.js
@@ -98,11 +98,21 @@ function formatAuthMethod(method) {
   return getAuthMethodDef(value).label;
 }
 
+function resolveAssetUrl(path) {
+  if (!path) {
+    return "";
+  }
+  if (/^(?:[a-z]+:)?\/\//i.test(path) || path.startsWith("data:")) {
+    return path;
+  }
+  return new URL(path, `${getAppOrigin()}/`).toString();
+}
+
 function providerIconHtml(provider) {
   const def = getAuthMethodDef(provider);
   if (def.icon_url) {
     const img = document.createElement("img");
-    img.src = def.icon_url;
+    img.src = resolveAssetUrl(def.icon_url);
     img.alt = "";
     img.loading = "lazy";
     img.decoding = "async";
@@ -150,6 +160,29 @@ function getOAuthQueryParams(provider) {
   }
 }
 
+function getAppOrigin() {
+  const fromExtension =
+    window.HOVER_EXTENSION_CONFIG?.appOrigin ||
+    window.GNH_APP?.apiBaseUrl ||
+    "";
+  if (fromExtension) {
+    try {
+      return new URL(fromExtension).origin;
+    } catch {
+      // fall through to current origin
+    }
+  }
+  return window.location.origin;
+}
+
+function getSupabaseClient() {
+  return window.HOVER_EXTENSION_SUPABASE_CLIENT?.auth
+    ? window.HOVER_EXTENSION_SUPABASE_CLIENT
+    : window.supabase?.auth
+      ? window.supabase
+      : null;
+}
+
 // ── Auth method actions ────────────────────────────────────────────────────────
 
 /**
@@ -157,7 +190,8 @@ function getOAuthQueryParams(provider) {
  * stores return path in sessionStorage, redirects via Supabase linkIdentity.
  */
 export async function connectAuthMethod(provider) {
-  if (!window.supabase?.auth) return;
+  const client = getSupabaseClient();
+  if (!client?.auth) return;
 
   try {
     if (provider === "email") {
@@ -181,15 +215,15 @@ export async function connectAuthMethod(provider) {
       }
     }
 
-    const callbackTarget = new URL(`${window.location.origin}/auth/callback`);
+    const callbackTarget = new URL(`${getAppOrigin()}/auth/callback`);
     if (currentPath && currentPath !== "/") {
       callbackTarget.searchParams.set("return_to", currentPath);
     }
     const callbackUrl = callbackTarget.toString();
     const queryParams = getOAuthQueryParams(provider);
 
-    if (typeof window.supabase.auth.linkIdentity === "function") {
-      const { data, error } = await window.supabase.auth.linkIdentity({
+    if (typeof client.auth.linkIdentity === "function") {
+      const { data, error } = await client.auth.linkIdentity({
         provider,
         options: { redirectTo: callbackUrl, queryParams },
       });
@@ -199,7 +233,7 @@ export async function connectAuthMethod(provider) {
         return;
       }
     } else {
-      const { data, error } = await window.supabase.auth.signInWithOAuth({
+      const { data, error } = await client.auth.signInWithOAuth({
         provider,
         options: { redirectTo: callbackUrl, queryParams },
       });
@@ -250,6 +284,7 @@ async function unlinkIdentityViaApi(identityId) {
 }
 
 export async function removeAuthMethod(method, connectedCount) {
+  const client = getSupabaseClient();
   if (connectedCount <= 1) {
     toast("error", "You must keep at least one sign-in method.");
     return;
@@ -267,17 +302,15 @@ export async function removeAuthMethod(method, connectedCount) {
   }
 
   try {
-    if (typeof window.supabase.auth.unlinkIdentity === "function") {
-      const { error } = await window.supabase.auth.unlinkIdentity(
-        method.identity
-      );
+    if (typeof client?.auth?.unlinkIdentity === "function") {
+      const { error } = await client.auth.unlinkIdentity(method.identity);
       if (error) throw error;
     } else {
       await unlinkIdentityViaApi(method.identity.identity_id);
     }
 
     try {
-      await window.supabase.auth.refreshSession();
+      await client?.auth?.refreshSession?.();
     } catch (err) {
       console.warn("Failed to refresh session after unlink:", err);
     }
@@ -378,23 +411,24 @@ export function renderAuthMethods(container, methods, options = {}) {
  * @returns {Promise<void>}
  */
 export async function loadAccountDetails(container) {
-  const session = await getSession();
-  if (!session?.user) return;
+  const client = getSupabaseClient();
+  const session = await getSession().catch(() => null);
+  const sessionUser = session?.user || null;
 
-  const fallbackEmail = session.user.email || "";
+  const fallbackEmail = sessionUser?.email || "";
   const fallbackFirstName =
-    session.user.user_metadata?.given_name ||
-    session.user.user_metadata?.first_name ||
+    sessionUser?.user_metadata?.given_name ||
+    sessionUser?.user_metadata?.first_name ||
     "";
   const fallbackLastName =
-    session.user.user_metadata?.family_name ||
-    session.user.user_metadata?.last_name ||
+    sessionUser?.user_metadata?.family_name ||
+    sessionUser?.user_metadata?.last_name ||
     "";
   const fallbackFullName =
-    session.user.user_metadata?.full_name ||
-    session.user.user_metadata?.name ||
+    sessionUser?.user_metadata?.full_name ||
+    sessionUser?.user_metadata?.name ||
     "";
-  const fallbackMethods = session.user.app_metadata?.providers || [];
+  const fallbackMethods = sessionUser?.app_metadata?.providers || [];
 
   let email = fallbackEmail;
   let firstName = fallbackFirstName;
@@ -402,13 +436,13 @@ export async function loadAccountDetails(container) {
   let fullName = fallbackFullName;
   let methods = fallbackMethods;
   let identities = [];
-  let authUser = session.user;
+  let authUser = sessionUser;
 
   try {
     // Use supabase.auth.getUser() directly for fresh identity data
     // (auth-session.getUser() returns session.user which may be stale).
-    const userResult = await window.supabase.auth.getUser();
-    authUser = userResult?.data?.user || session.user;
+    const userResult = await client?.auth?.getUser();
+    authUser = userResult?.data?.user || sessionUser;
     identities = Array.isArray(authUser?.identities) ? authUser.identities : [];
   } catch (err) {
     console.warn("Failed to load auth identities:", err);
@@ -509,6 +543,7 @@ export async function loadAccountDetails(container) {
  */
 export async function saveProfileName(container, options = {}) {
   const root = container || document;
+  const client = getSupabaseClient();
   const firstNameEl = root.querySelector("#settingsUserFirstNameInput");
   const lastNameEl = root.querySelector("#settingsUserLastNameInput");
   const saveBtn = root.querySelector("#settingsSaveName");
@@ -534,7 +569,7 @@ export async function saveProfileName(container, options = {}) {
   try {
     let metadataUpdateSucceeded = true;
     try {
-      await window.supabase.auth.updateUser({
+      await client?.auth?.updateUser({
         data: {
           first_name: firstName || "",
           last_name: lastName || "",
@@ -579,16 +614,25 @@ export async function saveProfileName(container, options = {}) {
  * Send password reset email for the current user.
  */
 export async function sendPasswordReset() {
-  const session = await getSession();
-  const email = session?.user?.email;
+  const client = getSupabaseClient();
+  const session = await getSession().catch(() => null);
+  let email = session?.user?.email || "";
+  if (!email) {
+    try {
+      const response = await get("/v1/auth/profile");
+      email = response?.user?.email || "";
+    } catch {
+      // Fall back to the session email only.
+    }
+  }
   if (!email) {
     toast("error", "Email address not available");
     return;
   }
 
   try {
-    const { error } = await window.supabase.auth.resetPasswordForEmail(email, {
-      redirectTo: window.location.origin + "/settings/account#security",
+    const { error } = await client?.auth?.resetPasswordForEmail(email, {
+      redirectTo: `${getAppOrigin()}/settings/account#security`,
     });
     if (error) throw error;
     toast("success", "Password reset email sent");
diff --git a/web/static/app/lib/settings/integrations/webflow.js b/web/static/app/lib/settings/integrations/webflow.js
index bdc8be9ea..956c3af25 100644
--- a/web/static/app/lib/settings/integrations/webflow.js
+++ b/web/static/app/lib/settings/integrations/webflow.js
@@ -5,12 +5,14 @@
  * Flow: Connect -> OAuth -> Return to settings -> Configure sites
  */
 
-import { post } from "/app/lib/api-client.js";
-import { getAccessToken } from "/app/lib/auth-session.js";
 import {
-  fetchWithTimeout,
-  normaliseIntegrationError,
-} from "/app/lib/integration-http.js";
+  disconnectWebflowConnection,
+  listWebflowConnections,
+  listWebflowSites,
+  setWebflowSiteAutoPublish,
+  setWebflowSiteSchedule,
+  startWebflowConnection,
+} from "/app/lib/webflow-sites.js";
 import { showToast as _showToast } from "/app/components/hover-toast.js";
 import { formatRelativeDate } from "/app/lib/settings/integrations/shared.js";
 
@@ -90,23 +92,7 @@ function handleWebflowAction(action, element) {
 
 export async function loadWebflowConnections() {
   try {
-    const token = await getAccessToken();
-    if (!token) return;
-
-    const response = await fetchWithTimeout(
-      "/v1/integrations/webflow",
-      { headers: { Authorization: `Bearer ${token}` } },
-      { module: "webflow", action: "list" }
-    );
-    if (!response.ok) {
-      const text = await response.text();
-      throw normaliseIntegrationError(response, text, {
-        module: "webflow",
-        action: "list",
-      });
-    }
-    const json = await response.json();
-    const connections = json?.data || json || [];
+    const connections = await listWebflowConnections();
 
     const connectionsList = document.getElementById("webflowConnectionsList");
     const emptyState = document.getElementById("webflowEmptyState");
@@ -171,7 +157,7 @@ export async function loadWebflowConnections() {
 
 async function connectWebflow() {
   try {
-    const response = await post("/v1/integrations/webflow");
+    const response = await startWebflowConnection();
     if (response?.auth_url) {
       window.location.href = response.auth_url;
     } else {
@@ -192,27 +178,7 @@ async function disconnectWebflow(connectionId) {
     return;
 
   try {
-    const token = await getAccessToken();
-    if (!token) {
-      toast("error", "Not authenticated. Please sign in.");
-      return;
-    }
-
-    const response = await fetchWithTimeout(
-      `/v1/integrations/webflow/${encodeURIComponent(connectionId)}`,
-      { method: "DELETE", headers: { Authorization: `Bearer ${token}` } },
-      { module: "webflow", action: "disconnect", connectionId }
-    );
-
-    if (!response.ok) {
-      const text = await response.text();
-      throw normaliseIntegrationError(response, text, {
-        module: "webflow",
-        action: "disconnect",
-        connectionId,
-      });
-    }
-
+    await disconnectWebflowConnection(connectionId);
     toast("success", "Webflow disconnected");
     loadWebflowConnections();
   } catch (error) {
@@ -233,31 +199,7 @@ export async function loadWebflowSites(connectionId, page = 1) {
   if (emptyEl) emptyEl.style.display = "none";
 
   try {
-    const token = await getAccessToken();
-    if (!token) {
-      toast("error", "Not authenticated. Please sign in.");
-      sitesState.loading = false;
-      if (loadingEl) loadingEl.style.display = "none";
-      return;
-    }
-
-    const response = await fetchWithTimeout(
-      `/v1/integrations/webflow/${encodeURIComponent(connectionId)}/sites`,
-      { headers: { Authorization: `Bearer ${token}` } },
-      { module: "webflow", action: "list-sites", connectionId }
-    );
-
-    if (!response.ok) {
-      const text = await response.text();
-      throw normaliseIntegrationError(response, text, {
-        module: "webflow",
-        action: "list-sites",
-        connectionId,
-      });
-    }
-
-    const json = await response.json();
-    const data = json?.data ?? { sites: [] };
+    const data = await listWebflowSites(connectionId, { page });
     const sites = Array.isArray(data.sites) ? data.sites : [];
 
     sitesState.connectionId = connectionId;
@@ -361,38 +303,10 @@ async function handleScheduleChange(event) {
   select.disabled = true;
 
   try {
-    const token = await getAccessToken();
-    if (!token) {
-      toast("error", "Not authenticated. Please sign in.");
-      select.disabled = false;
-      return;
-    }
-
-    const response = await fetchWithTimeout(
-      `/v1/integrations/webflow/sites/${encodeURIComponent(siteId)}/schedule`,
-      {
-        method: "PUT",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${token}`,
-        },
-        body: JSON.stringify({
-          connection_id: connectionId,
-          schedule_interval_hours: interval,
-        }),
-      },
-      { module: "webflow", action: "update-schedule", siteId, connectionId }
-    );
-
-    if (!response.ok) {
-      const text = await response.text();
-      throw normaliseIntegrationError(response, text, {
-        module: "webflow",
-        action: "update-schedule",
-        siteId,
-        connectionId,
-      });
-    }
+    await setWebflowSiteSchedule(siteId, {
+      connectionId,
+      scheduleIntervalHours: interval,
+    });
 
     const site = sitesState.sites.find((s) => s.webflow_site_id === siteId);
     if (site) site.schedule_interval_hours = interval;
@@ -400,7 +314,10 @@ async function handleScheduleChange(event) {
     if (interval) {
       let autoPublishEnabled = false;
       try {
-        await setAutoPublish(siteId, connectionId, true);
+        await setWebflowSiteAutoPublish(siteId, {
+          connectionId,
+          enabled: true,
+        });
         autoPublishEnabled = true;
       } catch (err) {
         console.error("Failed to auto-enable run-on-publish:", err);
@@ -429,34 +346,6 @@ async function handleScheduleChange(event) {
   }
 }
 
-async function setAutoPublish(siteId, connectionId, enabled) {
-  const token = await getAccessToken();
-  if (!token) throw new Error("Not authenticated. Please sign in.");
-
-  const response = await fetchWithTimeout(
-    `/v1/integrations/webflow/sites/${encodeURIComponent(siteId)}/auto-publish`,
-    {
-      method: "PUT",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`,
-      },
-      body: JSON.stringify({ connection_id: connectionId, enabled }),
-    },
-    { module: "webflow", action: "set-auto-publish", siteId, connectionId }
-  );
-
-  if (!response.ok) {
-    const text = await response.text();
-    throw normaliseIntegrationError(response, text, {
-      module: "webflow",
-      action: "set-auto-publish",
-      siteId,
-      connectionId,
-    });
-  }
-}
-
 async function handleAutoPublishToggle(event) {
   const toggle = event.target;
   const siteId = toggle.dataset.siteId;
@@ -475,7 +364,10 @@ async function handleAutoPublishToggle(event) {
   }
 
   try {
-    await setAutoPublish(siteId, connectionId, enabled);
+    await setWebflowSiteAutoPublish(siteId, {
+      connectionId,
+      enabled,
+    });
 
     const site = sitesState.sites.find((s) => s.webflow_site_id === siteId);
     if (site) site.auto_publish_enabled = enabled;
diff --git a/web/static/app/lib/settings/organisations.js b/web/static/app/lib/settings/organisations.js
index ba12b6660..e5265365a 100644
--- a/web/static/app/lib/settings/organisations.js
+++ b/web/static/app/lib/settings/organisations.js
@@ -5,7 +5,7 @@
  * Uses api-client for the POST request.
  */
 
-import { post } from "/app/lib/api-client.js";
+import { createOrganisation } from "/app/lib/organisation-api.js";
 import { showToast as _showToast } from "/app/components/hover-toast.js";
 
 function toast(variant, message) {
@@ -72,12 +72,9 @@ export function initCreateOrgModal(options = {}) {
     errorDiv.style.display = "none";
 
     try {
-      // api-client unwraps the { status, data } envelope — returns data directly.
-      const data = await post("/v1/organisations", { name });
+      const newOrg = await createOrganisation(name);
       closeModal();
 
-      const newOrg = data?.organisation;
-
       // Update shared org data (bridge to legacy globals).
       window.GNH_ACTIVE_ORG = newOrg;
       if (Array.isArray(window.GNH_ORGANISATIONS)) {
diff --git a/web/static/app/lib/settings/schedules.js b/web/static/app/lib/settings/schedules.js
index e7ffbfe0c..f88312de5 100644
--- a/web/static/app/lib/settings/schedules.js
+++ b/web/static/app/lib/settings/schedules.js
@@ -5,7 +5,13 @@
  * navigation to schedule job history. Surface-agnostic.
  */
 
-import { get, put, del } from "/app/lib/api-client.js";
+import {
+  deleteScheduler,
+  disableScheduler,
+  getScheduler,
+  listSchedulers,
+  updateScheduler,
+} from "/app/lib/scheduler-api.js";
 import { showToast as _showToast } from "/app/components/hover-toast.js";
 
 function toast(variant, message) {
@@ -50,7 +56,7 @@ export async function loadSchedules(container) {
   if (!template) return;
 
   try {
-    const schedules = await get("/v1/schedulers");
+    const schedules = await listSchedulers();
 
     // Remove existing rendered cards (keep the template)
     const existing = schedulesList.querySelectorAll(
@@ -119,16 +125,19 @@ export async function loadSchedules(container) {
 
 async function toggleSchedule(schedulerId, container) {
   try {
-    const scheduler = await get(
-      `/v1/schedulers/${encodeURIComponent(schedulerId)}`
-    );
-    const updated = await put(
-      `/v1/schedulers/${encodeURIComponent(schedulerId)}`,
-      {
-        is_enabled: !scheduler.is_enabled,
-        expected_is_enabled: scheduler.is_enabled,
-      }
-    );
+    const scheduler = await getScheduler(schedulerId);
+    if (!scheduler) {
+      throw new Error("Schedule not found");
+    }
+
+    const updated = scheduler.is_enabled
+      ? await disableScheduler(schedulerId, {
+          expectedIsEnabled: scheduler.is_enabled,
+        })
+      : await updateScheduler(schedulerId, {
+          is_enabled: true,
+          expected_is_enabled: scheduler.is_enabled,
+        });
     toast("success", `Schedule ${updated.is_enabled ? "enabled" : "disabled"}`);
     await loadSchedules(container);
   } catch (err) {
@@ -141,7 +150,7 @@ async function deleteSchedule(schedulerId, container) {
   if (!confirm("Are you sure you want to delete this schedule?")) return;
 
   try {
-    await del(`/v1/schedulers/${encodeURIComponent(schedulerId)}`);
+    await deleteScheduler(schedulerId);
     toast("success", "Schedule deleted");
     await loadSchedules(container);
   } catch (err) {
diff --git a/web/static/app/lib/shell-nav.js b/web/static/app/lib/shell-nav.js
new file mode 100644
index 000000000..c5cf0888e
--- /dev/null
+++ b/web/static/app/lib/shell-nav.js
@@ -0,0 +1,389 @@
+/**
+ * lib/shell-nav.js — shared shell dropdown and notifications wiring
+ *
+ * Shared between the dashboard and Webflow Designer extension.
+ * Owns profile-menu toggling, notifications badge/dropdown behaviour,
+ * and context-aware in-surface navigation.
+ */
+
+function closeSurfaceOverlays(refs, except = "") {
+  if (except !== "profile") {
+    refs.profileDropdown?.classList.remove("show");
+    refs.profileButton?.setAttribute("aria-expanded", "false");
+  }
+  if (except !== "notifications") {
+    refs.notificationsContainer?.classList.remove("open");
+    refs.notificationsButton?.setAttribute("aria-expanded", "false");
+  }
+}
+
+function normaliseNotificationsResponse(data) {
+  return {
+    unreadCount: Number(data?.unread_count ?? data?.data?.unread_count ?? 0),
+    notifications: Array.isArray(data?.notifications)
+      ? data.notifications
+      : Array.isArray(data?.data?.notifications)
+        ? data.data.notifications
+        : [],
+  };
+}
+
+function clearNode(node) {
+  if (!node) {
+    return;
+  }
+  while (node.firstChild) {
+    node.removeChild(node.firstChild);
+  }
+}
+
+function createNotificationEmptyState() {
+  const empty = document.createElement("div");
+  empty.className = "shell-notifications-empty";
+  empty.textContent = "No notifications yet";
+  return empty;
+}
+
+function createNotificationItem(notification) {
+  const item = document.createElement("button");
+  item.type = "button";
+  item.className = `shell-notification-item${notification?.read_at ? "" : " unread"}`;
+  item.dataset.id = String(notification?.id || "");
+  item.dataset.link = String(notification?.link || "");
+
+  const content = document.createElement("div");
+  content.className = "shell-notification-item-content";
+
+  const subject = document.createElement("div");
+  subject.className = "shell-notification-item-subject";
+  subject.textContent = String(notification?.subject || "Notification");
+
+  const preview = document.createElement("div");
+  preview.className = "shell-notification-item-preview";
+  preview.textContent = String(notification?.preview || "");
+
+  content.append(subject, preview);
+  item.appendChild(content);
+  return item;
+}
+
+function updateUnreadBadge(element, unreadCount) {
+  if (!element) {
+    return;
+  }
+  const nextCount = Number(unreadCount) || 0;
+  element.textContent =
+    nextCount > 9 ? "9+" : nextCount > 0 ? String(nextCount) : "";
+  element.hidden = nextCount <= 0;
+}
+
+export function renderProfileMenuSummary(options = {}) {
+  const {
+    emailNode,
+    organisationNode,
+    planNode,
+    usageNode,
+    email = "",
+    organisationName = "",
+    usage = null,
+  } = options;
+
+  if (emailNode) {
+    emailNode.textContent = email || "Signed in";
+  }
+
+  if (organisationNode) {
+    organisationNode.textContent = organisationName || "Organisation";
+  }
+
+  const plan = usage?.plan_display_name || usage?.plan_name || "Plan";
+  const limit = Number(usage?.daily_limit || 0).toLocaleString();
+  const remaining = Number(usage?.daily_remaining || 0).toLocaleString();
+
+  if (planNode) {
+    planNode.textContent = usage ? `${plan} (${limit} / day)` : "Plan";
+  }
+
+  if (usageNode) {
+    usageNode.textContent = usage
+      ? `${remaining} remaining today`
+      : "Usage unavailable";
+  }
+}
+
+export function initSurfaceShell(options = {}) {
+  const refs = {
+    profileButton: options.profileButton || null,
+    profileDropdown: options.profileDropdown || null,
+    notificationsContainer: options.notificationsContainer || null,
+    notificationsButton: options.notificationsButton || null,
+    notificationsDropdown: options.notificationsDropdown || null,
+    notificationsList: options.notificationsList || null,
+    notificationsBadge: options.notificationsBadge || null,
+    markAllReadButton: options.markAllReadButton || null,
+  };
+
+  const onNavigate =
+    typeof options.onNavigate === "function"
+      ? options.onNavigate
+      : (path) => {
+          window.location.assign(path);
+        };
+  const onSignOut =
+    typeof options.onSignOut === "function" ? options.onSignOut : null;
+  const fetchNotifications =
+    typeof options.fetchNotifications === "function"
+      ? options.fetchNotifications
+      : async () => ({ unread_count: 0, notifications: [] });
+  const markNotificationRead =
+    typeof options.markNotificationRead === "function"
+      ? options.markNotificationRead
+      : async () => {};
+  const markAllNotificationsRead =
+    typeof options.markAllNotificationsRead === "function"
+      ? options.markAllNotificationsRead
+      : async () => {};
+  const subscribeToNotifications =
+    typeof options.subscribeToNotifications === "function"
+      ? options.subscribeToNotifications
+      : async () => () => {};
+
+  let notificationsCleanup = null;
+  let activeOrganisationId = "";
+  let destroyed = false;
+
+  async function refreshNotifications(limit = 1) {
+    if (destroyed) {
+      return { unreadCount: 0, notifications: [] };
+    }
+
+    const data = normaliseNotificationsResponse(
+      await fetchNotifications(limit)
+    );
+    updateUnreadBadge(refs.notificationsBadge, data.unreadCount);
+    return data;
+  }
+
+  async function renderNotificationsList(limit = 10) {
+    if (!refs.notificationsList) {
+      return;
+    }
+
+    const data = await refreshNotifications(limit);
+    clearNode(refs.notificationsList);
+
+    if (!data.notifications.length) {
+      refs.notificationsList.appendChild(createNotificationEmptyState());
+      return;
+    }
+
+    data.notifications.forEach((notification) => {
+      refs.notificationsList.appendChild(createNotificationItem(notification));
+    });
+  }
+
+  async function updateNotificationSubscription(nextOrganisationId) {
+    activeOrganisationId = String(nextOrganisationId || "");
+
+    if (notificationsCleanup) {
+      notificationsCleanup();
+      notificationsCleanup = null;
+    }
+
+    if (!activeOrganisationId) {
+      updateUnreadBadge(refs.notificationsBadge, 0);
+      if (refs.notificationsList) {
+        clearNode(refs.notificationsList);
+        refs.notificationsList.appendChild(createNotificationEmptyState());
+      }
+      return;
+    }
+
+    await refreshNotifications(1);
+
+    notificationsCleanup = await Promise.resolve(
+      subscribeToNotifications(activeOrganisationId, () => {
+        window.setTimeout(() => {
+          void refreshNotifications(1);
+          if (refs.notificationsContainer?.classList.contains("open")) {
+            void renderNotificationsList(10);
+          }
+        }, 200);
+      })
+    );
+  }
+
+  refs.profileButton?.addEventListener("click", (event) => {
+    event.stopPropagation();
+    const willOpen = !refs.profileDropdown?.classList.contains("show");
+    closeSurfaceOverlays(refs, willOpen ? "profile" : "");
+    refs.profileDropdown?.classList.toggle("show", willOpen);
+    refs.profileButton?.setAttribute(
+      "aria-expanded",
+      willOpen ? "true" : "false"
+    );
+  });
+
+  refs.profileDropdown?.addEventListener("click", (event) => {
+    event.stopPropagation();
+    const target =
+      event.target instanceof Element
+        ? event.target.closest("[data-path]")
+        : null;
+    if (target) {
+      const path = target.getAttribute("data-path") || "";
+      if (path) {
+        closeSurfaceOverlays(refs);
+        onNavigate(path);
+      }
+      return;
+    }
+
+    const signOutButton =
+      event.target instanceof Element
+        ? event.target.closest("[data-action='sign-out']")
+        : null;
+    if (signOutButton && onSignOut) {
+      closeSurfaceOverlays(refs);
+      void onSignOut();
+    }
+  });
+
+  refs.notificationsButton?.addEventListener("click", (event) => {
+    event.stopPropagation();
+    const willOpen = !refs.notificationsContainer?.classList.contains("open");
+    closeSurfaceOverlays(refs, willOpen ? "notifications" : "");
+    refs.notificationsContainer?.classList.toggle("open", willOpen);
+    refs.notificationsButton?.setAttribute(
+      "aria-expanded",
+      willOpen ? "true" : "false"
+    );
+    if (willOpen) {
+      void renderNotificationsList(10);
+    }
+  });
+
+  refs.notificationsDropdown?.addEventListener("click", (event) => {
+    event.stopPropagation();
+    const target =
+      event.target instanceof Element
+        ? event.target.closest("[data-path]")
+        : null;
+    if (target) {
+      const path = target.getAttribute("data-path") || "";
+      if (path) {
+        closeSurfaceOverlays(refs);
+        onNavigate(path);
+      }
+    }
+  });
+
+  refs.notificationsList?.addEventListener("click", (event) => {
+    const item =
+      event.target instanceof Element
+        ? event.target.closest(".shell-notification-item")
+        : null;
+    if (!item) {
+      return;
+    }
+
+    const notificationId = item.getAttribute("data-id") || "";
+    const link = item.getAttribute("data-link") || "";
+
+    void (async () => {
+      if (notificationId) {
+        try {
+          await markNotificationRead(notificationId);
+        } catch (error) {
+          console.warn("shell-nav: failed to mark notification as read", error);
+        }
+      }
+
+      item.classList.remove("unread");
+      await refreshNotifications(1);
+      closeSurfaceOverlays(refs);
+
+      if (!link) {
+        return;
+      }
+
+      if (link.startsWith("/")) {
+        onNavigate(link);
+        return;
+      }
+
+      try {
+        const target = new URL(link, window.location.origin);
+        if (target.protocol === "http:" || target.protocol === "https:") {
+          window.open(target.toString(), "_blank", "noopener,noreferrer");
+        }
+      } catch (error) {
+        console.warn("shell-nav: invalid notification link", error);
+      }
+    })();
+  });
+
+  refs.markAllReadButton?.addEventListener("click", () => {
+    void (async () => {
+      try {
+        await markAllNotificationsRead();
+        updateUnreadBadge(refs.notificationsBadge, 0);
+        refs.notificationsList
+          ?.querySelectorAll(".shell-notification-item.unread")
+          .forEach((item) => item.classList.remove("unread"));
+      } catch (error) {
+        console.warn("shell-nav: failed to mark notifications as read", error);
+      }
+    })();
+  });
+
+  document.addEventListener("click", (event) => {
+    if (!(event.target instanceof Node)) {
+      closeSurfaceOverlays(refs);
+      return;
+    }
+    if (
+      refs.profileDropdown &&
+      refs.profileButton &&
+      !refs.profileDropdown.contains(event.target) &&
+      !refs.profileButton.contains(event.target)
+    ) {
+      refs.profileDropdown.classList.remove("show");
+      refs.profileButton.setAttribute("aria-expanded", "false");
+    }
+    if (
+      refs.notificationsContainer &&
+      !refs.notificationsContainer.contains(event.target)
+    ) {
+      refs.notificationsContainer.classList.remove("open");
+      refs.notificationsButton?.setAttribute("aria-expanded", "false");
+    }
+  });
+
+  document.addEventListener("keydown", (event) => {
+    if (event.key === "Escape") {
+      closeSurfaceOverlays(refs);
+    }
+  });
+
+  return {
+    refreshNotifications,
+    renderNotificationsList,
+    setActiveOrganisation(nextOrganisationId) {
+      void updateNotificationSubscription(nextOrganisationId);
+    },
+    destroy() {
+      destroyed = true;
+      closeSurfaceOverlays(refs);
+      if (notificationsCleanup) {
+        notificationsCleanup();
+        notificationsCleanup = null;
+      }
+    },
+  };
+}
+
+export default {
+  initSurfaceShell,
+  renderProfileMenuSummary,
+};
diff --git a/web/static/app/lib/site-jobs.js b/web/static/app/lib/site-jobs.js
new file mode 100644
index 000000000..2bde0a22b
--- /dev/null
+++ b/web/static/app/lib/site-jobs.js
@@ -0,0 +1,329 @@
+/**
+ * lib/site-jobs.js — shared job fetching, site scoping, and realtime helpers
+ *
+ * Shared between app pages and the Webflow Designer extension.
+ * Rendering stays surface-specific; this module only owns data and state helpers.
+ */
+
+import { get } from "/app/lib/api-client.js";
+
+const REALTIME_DEBOUNCE_MS = 250;
+const SUBSCRIBE_RETRY_INTERVAL_MS = 1000;
+const MAX_SUBSCRIBE_RETRIES = 15;
+const DEFAULT_FALLBACK_POLLING_INTERVAL_MS = 1000;
+
+/**
+ * Fetch the job list from the API.
+ *
+ * @param {{ limit?: number, range?: string, include?: string }} [options]
+ * @returns {Promise<Record<string, unknown>[]>}
+ */
+export async function fetchJobs(options = {}) {
+  const params = new URLSearchParams();
+  if (options.limit) params.set("limit", String(options.limit));
+  if (options.range) params.set("range", options.range);
+  if (options.include) params.set("include", options.include);
+  const qs = params.toString();
+  const res = await get(`/v1/jobs${qs ? `?${qs}` : ""}`);
+  return res?.jobs ?? [];
+}
+
+/**
+ * Normalise a domain or URL into a bare hostname.
+ * @param {string} input
+ * @returns {string}
+ */
+export function normaliseDomain(input) {
+  const trimmed = String(input || "")
+    .trim()
+    .toLowerCase()
+    .replace(/^https?:\/\//, "")
+    .replace(/^www\./, "");
+
+  if (!trimmed) {
+    return "";
+  }
+
+  return trimmed.split("/")[0] || trimmed;
+}
+
+/**
+ * @param {{ siteDomain?: string|null, siteDomainCandidates?: string[] }} [options]
+ * @returns {string[]}
+ */
+export function getSiteDomainCandidates(options = {}) {
+  const normalised = new Set(
+    (options.siteDomainCandidates || [])
+      .map((candidate) => normaliseDomain(candidate))
+      .filter(Boolean)
+  );
+
+  if (options.siteDomain) {
+    normalised.add(normaliseDomain(options.siteDomain));
+  }
+
+  return [...normalised];
+}
+
+/**
+ * Filter jobs to the current site scope.
+ *
+ * @param {Record<string, unknown>[]} jobs
+ * @param {{ siteDomain?: string|null, siteDomainCandidates?: string[] }} [options]
+ * @returns {Record<string, unknown>[]}
+ */
+export function filterJobsByDomains(jobs = [], options = {}) {
+  const candidates = getSiteDomainCandidates(options);
+  return jobs.filter((job) => {
+    const jobDomain = normaliseDomain(job?.domains?.name || job?.domain || "");
+    return !candidates.length || candidates.includes(jobDomain);
+  });
+}
+
+/**
+ * @param {Record<string, unknown>[]} jobs
+ * @param {{ siteDomain?: string|null, siteDomainCandidates?: string[] }} [options]
+ * @returns {Record<string, unknown>|null}
+ */
+export function pickLatestJobByDomains(jobs = [], options = {}) {
+  return filterJobsByDomains(jobs, options)[0] || null;
+}
+
+/**
+ * @param {Record<string, unknown>[]} jobs
+ * @param {{ siteDomain?: string|null, siteDomainCandidates?: string[] }} [options]
+ * @param {(status: string) => boolean} [isActiveJobStatus]
+ * @returns {string}
+ */
+export function buildCompletedJobsSignature(
+  jobs = [],
+  options = {},
+  isActiveJobStatus = defaultIsActiveJobStatus
+) {
+  const completed = filterJobsByDomains(jobs, options)
+    .filter((job) => !isActiveJobStatus(String(job.status || "")))
+    .slice(0, 6);
+
+  return completed
+    .map(
+      (job) =>
+        `${job.id || ""}:${job.status || ""}:${job.total_tasks || 0}:${job.completed_tasks || 0}:${job.failed_tasks || 0}:${job.skipped_tasks || 0}:${job.completed_at || ""}`
+    )
+    .join("|");
+}
+
+/**
+ * @param {Record<string, unknown>[]} jobs
+ * @param {{ siteDomain?: string|null, siteDomainCandidates?: string[] }} [options]
+ * @returns {string}
+ */
+export function buildChartJobsSignature(jobs = [], options = {}) {
+  const chartJobs = filterJobsByDomains(jobs, options)
+    .filter(
+      (job) =>
+        String(job.status || "")
+          .trim()
+          .toLowerCase() === "completed"
+    )
+    .slice(0, 12);
+
+  return chartJobs
+    .map(
+      (job) =>
+        `${job.id || ""}:${job.status || ""}:${job.failed_tasks || 0}:${job.skipped_tasks || 0}:${job.completed_at || ""}:${job.total_tasks || 0}:${job.stats?.total_broken_links || 0}:${job.stats?.slow_page_buckets?.over_10s || 0}:${job.stats?.slow_page_buckets?.["5_to_10s"] || 0}:${job.stats?.slow_page_buckets?.["3_to_5s"] || 0}`
+    )
+    .join("|");
+}
+
+/**
+ * Subscribe to job updates via Supabase Realtime with a polling fallback.
+ *
+ * @param {{
+ *   orgId: string,
+ *   onUpdate: () => void,
+ *   supabaseClient?: { channel?: (name: string) => any, removeChannel?: (channel: any) => Promise<unknown> },
+ *   channelName?: string,
+ *   getFallbackInterval?: () => number,
+ *   onSubscriptionIssue?: (status?: string, err?: Error) => void
+ * }} options
+ * @returns {() => void}
+ */
+export function subscribeToJobUpdates(options) {
+  const {
+    orgId,
+    onUpdate,
+    supabaseClient = window.supabase,
+    channelName = `hover-jobs:${orgId}`,
+    getFallbackInterval = () => DEFAULT_FALLBACK_POLLING_INTERVAL_MS,
+    onSubscriptionIssue,
+  } = options;
+
+  let channel = null;
+  let retryCount = 0;
+  let retryTimer = null;
+  let fallbackTimer = null;
+  let lastUpdate = 0;
+  let debounceTimer = null;
+  let fallbackIntervalMs = null;
+  let unsubscribed = false;
+
+  function resolveFallbackInterval() {
+    const next = Number(getFallbackInterval());
+    return Number.isFinite(next) && next > 0
+      ? next
+      : DEFAULT_FALLBACK_POLLING_INTERVAL_MS;
+  }
+
+  function startFallback() {
+    const nextMs = resolveFallbackInterval();
+    if (fallbackTimer && fallbackIntervalMs === nextMs) return;
+    if (fallbackTimer) {
+      clearInterval(fallbackTimer);
+    }
+    fallbackIntervalMs = nextMs;
+    fallbackTimer = setInterval(() => {
+      if (!unsubscribed) {
+        onUpdate();
+      }
+    }, fallbackIntervalMs);
+  }
+
+  function clearFallback() {
+    if (fallbackTimer) {
+      clearInterval(fallbackTimer);
+      fallbackTimer = null;
+      fallbackIntervalMs = null;
+    }
+  }
+
+  function cleanup() {
+    unsubscribed = true;
+    if (retryTimer) {
+      clearTimeout(retryTimer);
+      retryTimer = null;
+    }
+    if (debounceTimer) {
+      clearTimeout(debounceTimer);
+      debounceTimer = null;
+    }
+    clearFallback();
+    if (channel && supabaseClient?.removeChannel) {
+      supabaseClient.removeChannel(channel).catch(() => {});
+      channel = null;
+    }
+  }
+
+  function throttledUpdate() {
+    const now = Date.now();
+    if (now - lastUpdate >= REALTIME_DEBOUNCE_MS) {
+      lastUpdate = now;
+      clearFallback();
+      onUpdate();
+      return;
+    }
+
+    if (!debounceTimer) {
+      debounceTimer = setTimeout(() => {
+        debounceTimer = null;
+        if (unsubscribed) return;
+        lastUpdate = Date.now();
+        clearFallback();
+        onUpdate();
+      }, REALTIME_DEBOUNCE_MS);
+    }
+  }
+
+  function subscribe() {
+    if (unsubscribed) return;
+
+    if (!orgId || !supabaseClient?.channel || !supabaseClient?.removeChannel) {
+      if (retryCount < MAX_SUBSCRIBE_RETRIES) {
+        retryCount++;
+        retryTimer = setTimeout(subscribe, SUBSCRIBE_RETRY_INTERVAL_MS);
+      } else {
+        onSubscriptionIssue?.("MAX_RETRIES");
+        startFallback();
+      }
+      return;
+    }
+
+    retryCount = 0;
+    retryTimer = null;
+
+    try {
+      channel = supabaseClient
+        .channel(channelName)
+        .on(
+          "postgres_changes",
+          {
+            event: "INSERT",
+            schema: "public",
+            table: "jobs",
+            filter: `organisation_id=eq.${orgId}`,
+          },
+          throttledUpdate
+        )
+        .on(
+          "postgres_changes",
+          {
+            event: "UPDATE",
+            schema: "public",
+            table: "jobs",
+            filter: `organisation_id=eq.${orgId}`,
+          },
+          throttledUpdate
+        )
+        .on(
+          "postgres_changes",
+          {
+            event: "DELETE",
+            schema: "public",
+            table: "jobs",
+            filter: `organisation_id=eq.${orgId}`,
+          },
+          throttledUpdate
+        )
+        .subscribe((status, err) => {
+          if (
+            (status === "CHANNEL_ERROR" || status === "TIMED_OUT" || err) &&
+            !unsubscribed
+          ) {
+            onSubscriptionIssue?.(status, err);
+            startFallback();
+          }
+        });
+    } catch (err) {
+      onSubscriptionIssue?.("SUBSCRIBE_FAILED", err);
+      startFallback();
+    }
+  }
+
+  subscribe();
+  return cleanup;
+}
+
+function defaultIsActiveJobStatus(status) {
+  const normalised = String(status || "")
+    .trim()
+    .toLowerCase();
+  return [
+    "pending",
+    "queued",
+    "initializing",
+    "running",
+    "in_progress",
+    "processing",
+    "cancelling",
+  ].includes(normalised);
+}
+
+export default {
+  fetchJobs,
+  normaliseDomain,
+  getSiteDomainCandidates,
+  filterJobsByDomains,
+  pickLatestJobByDomains,
+  buildCompletedJobsSignature,
+  buildChartJobsSignature,
+  subscribeToJobUpdates,
+};
diff --git a/web/static/app/lib/site-view.js b/web/static/app/lib/site-view.js
new file mode 100644
index 000000000..fbb674dd8
--- /dev/null
+++ b/web/static/app/lib/site-view.js
@@ -0,0 +1,527 @@
+/**
+ * lib/site-view.js — shared site-surface rendering helpers
+ *
+ * Shared between the dashboard and Webflow Designer extension.
+ * Owns common topbar/render logic for usage, orgs, avatar, job cards,
+ * recent results, and the mini chart. Surface-specific bootstrapping and
+ * action handlers remain local to each entrypoint.
+ */
+
+import { createJobCard } from "/app/components/hover-job-card.js";
+import { formatDateTime, getInitials } from "/app/lib/formatters.js";
+import { filterJobsByDomains } from "/app/lib/site-jobs.js";
+
+function clearNode(node) {
+  if (!node) return;
+  while (node.firstChild) {
+    node.removeChild(node.firstChild);
+  }
+}
+
+function asCount(value) {
+  if (typeof value !== "number" || !Number.isFinite(value)) {
+    return 0;
+  }
+  return Math.max(0, Math.floor(value));
+}
+
+function getNoJobTextTarget(noJobState, noJobText) {
+  if (noJobText) {
+    return noJobText;
+  }
+  return noJobState?.querySelector?.(".detail") || null;
+}
+
+function show(node) {
+  node?.classList?.remove("hidden");
+}
+
+function hide(node) {
+  node?.classList?.add("hidden");
+}
+
+function setText(node, value) {
+  if (node) {
+    node.textContent = value;
+  }
+}
+
+function getAppOrigin() {
+  const fromExtension =
+    window.HOVER_EXTENSION_CONFIG?.appOrigin ||
+    window.GNH_APP?.apiBaseUrl ||
+    "";
+  if (fromExtension) {
+    try {
+      return new URL(fromExtension).origin;
+    } catch {
+      // Fall through to current origin.
+    }
+  }
+  return window.location.origin;
+}
+
+function resolveAssetUrl(path) {
+  if (!path) {
+    return "";
+  }
+  if (/^(?:[a-z]+:)?\/\//i.test(path) || path.startsWith("data:")) {
+    return path;
+  }
+  return new URL(path, `${getAppOrigin()}/`).toString();
+}
+
+function getIssueCounts(job) {
+  const buckets = job.stats?.slow_page_buckets;
+  const statsBrokenLinks = asCount(job.stats?.total_broken_links);
+  const fallbackBrokenLinks = asCount(job.failed_tasks);
+
+  if (job.stats && buckets) {
+    const verySlow = asCount(buckets.over_10s) + asCount(buckets["5_to_10s"]);
+    const slow = asCount(buckets["3_to_5s"]);
+    return {
+      brokenLinks: Math.max(statsBrokenLinks, fallbackBrokenLinks),
+      verySlow,
+      slow,
+    };
+  }
+
+  return {
+    brokenLinks: fallbackBrokenLinks,
+    verySlow: 0,
+    slow: 0,
+  };
+}
+
+async function getGravatarUrl(email, size = 80) {
+  const normalised = (email || "").trim().toLowerCase();
+  if (!normalised || !globalThis.crypto?.subtle) return "";
+
+  try {
+    const data = new TextEncoder().encode(normalised);
+    const digest = await globalThis.crypto.subtle.digest("SHA-256", data);
+    const hash = [...new Uint8Array(digest)]
+      .map((byte) => byte.toString(16).padStart(2, "0"))
+      .join("");
+    const params = new URLSearchParams({ s: String(size), d: "404" });
+    return `https://www.gravatar.com/avatar/${hash}?${params.toString()}`;
+  } catch {
+    return "";
+  }
+}
+
+function makeResultCard(job, options = {}) {
+  const card = createJobCard(job, {
+    context: options.context || "extension",
+    compact: Boolean(options.compact),
+  });
+
+  if (typeof options.onViewJob === "function") {
+    card.addEventListener("hover-job-card:view", (event) => {
+      options.onViewJob(event.detail.path, job);
+    });
+  }
+
+  if (typeof options.onExportJob === "function") {
+    card.addEventListener("hover-job-card:export", (event) => {
+      options.onExportJob(event.detail.jobId, job);
+    });
+  }
+
+  return card;
+}
+
+export async function renderUserAvatar(options = {}) {
+  const { element, displayName = "", email = "", avatarUrl = "" } = options;
+  if (!element) {
+    return;
+  }
+
+  const initials = getInitials(displayName || email || "?");
+  const existingImg = element.querySelector("img");
+  if (existingImg) {
+    existingImg.remove();
+  }
+
+  element.textContent = initials;
+
+  const resolvedAvatarUrl = resolveAssetUrl(
+    avatarUrl || (await getGravatarUrl(email, 80))
+  );
+  if (!resolvedAvatarUrl) {
+    return;
+  }
+
+  const img = document.createElement("img");
+  img.alt = displayName || email || "User avatar";
+  img.loading = "eager";
+  img.decoding = "async";
+  const showImage = () => {
+    img.style.display = "block";
+    element.replaceChildren(img);
+  };
+  const showInitials = () => {
+    element.replaceChildren();
+    element.textContent = initials;
+  };
+  img.addEventListener("load", showImage, { once: true });
+  img.addEventListener("error", showInitials, { once: true });
+  img.style.display = "none";
+  element.appendChild(img);
+  img.src = resolvedAvatarUrl;
+  if (img.complete) {
+    if (img.naturalWidth > 0) {
+      showImage();
+    } else {
+      showInitials();
+    }
+  }
+}
+
+export function renderUsage(options = {}) {
+  const {
+    usage,
+    planNameText,
+    planRemainingValue,
+    profilePlanText,
+    profileUsageText,
+  } = options;
+  if (!usage) {
+    if (planNameText) {
+      planNameText.innerHTML = "<strong>Plan:</strong> \u2014";
+    }
+    setText(planRemainingValue, "\u2014");
+    setText(profilePlanText, "Plan");
+    setText(profileUsageText, "Usage unavailable");
+    return;
+  }
+
+  const plan = usage.plan_display_name || usage.plan_name || "Plan";
+  const limit = Number(usage.daily_limit || 0).toLocaleString();
+  const remaining = Number(usage.daily_remaining || 0).toLocaleString();
+
+  if (planNameText) {
+    planNameText.innerHTML = `<strong>Plan:</strong> <strong>${plan}</strong> (${limit} / day)`;
+  }
+  setText(planRemainingValue, `${remaining} remaining`);
+  setText(profilePlanText, `${plan} (${limit} / day)`);
+  setText(profileUsageText, `${remaining} remaining today`);
+}
+
+export function renderOrganisations(options = {}) {
+  const {
+    select,
+    organisations = [],
+    activeOrganisationId = "",
+    emptyLabel = "No organisations",
+  } = options;
+  if (!(select instanceof HTMLSelectElement)) {
+    return;
+  }
+
+  clearNode(select);
+
+  if (!organisations.length) {
+    const option = document.createElement("option");
+    option.value = "";
+    option.textContent = emptyLabel;
+    select.appendChild(option);
+    select.disabled = true;
+    return;
+  }
+
+  select.disabled = false;
+  organisations.forEach((organisation) => {
+    const option = document.createElement("option");
+    option.value = organisation.id;
+    option.textContent = organisation.name;
+    option.selected = organisation.id === activeOrganisationId;
+    select.appendChild(option);
+  });
+}
+
+export function renderScheduleState(options = {}) {
+  const {
+    select,
+    currentScheduler,
+    placeholder = "off",
+    allowedValues = ["off", "6", "12", "24", "48"],
+  } = options;
+  if (!(select instanceof HTMLSelectElement)) {
+    return;
+  }
+
+  if (!currentScheduler || !currentScheduler.is_enabled) {
+    select.value = placeholder;
+    return;
+  }
+
+  const allowed = new Set(allowedValues);
+  const hours = String(currentScheduler.schedule_interval_hours);
+  select.value = allowed.has(hours) ? hours : placeholder;
+}
+
+export function renderJobState(options = {}) {
+  const {
+    jobSection,
+    job,
+    isActiveJobStatus,
+    context = "extension",
+    onViewJob,
+    onExportJob,
+  } = options;
+  if (!jobSection) {
+    return;
+  }
+
+  clearNode(jobSection);
+
+  if (!job || !isActiveJobStatus?.(job.status)) {
+    hide(jobSection);
+    return;
+  }
+
+  const card = makeResultCard(job, {
+    context,
+    onViewJob,
+    onExportJob,
+  });
+  jobSection.appendChild(card);
+  show(jobSection);
+}
+
+export function renderRecentResults(options = {}) {
+  const {
+    latestResultsList,
+    recentResultsList,
+    noJobState,
+    noJobText,
+    noJobActionButton,
+    jobs = [],
+    siteDomain = "",
+    siteDomainCandidates = [],
+    isActiveJobStatus,
+    context = "extension",
+    onViewJob,
+    onExportJob,
+    emptySelectionMessage = "Select a site to review its latest report.",
+    emptySiteMessage = "No runs yet for this site.",
+    emptyCompletedMessage = "No completed runs yet.",
+    emptyAllSitesMessage = "No recent runs yet.",
+    showEmptyAction = false,
+    showAllWhenUnselected = false,
+  } = options;
+
+  if (!latestResultsList || !recentResultsList) {
+    return;
+  }
+
+  clearNode(latestResultsList);
+  clearNode(recentResultsList);
+
+  const hasSiteSelection =
+    Boolean(siteDomain) || siteDomainCandidates.length > 0;
+  const siteJobs =
+    !hasSiteSelection && showAllWhenUnselected
+      ? jobs
+      : filterJobsByDomains(jobs, {
+          siteDomain,
+          siteDomainCandidates,
+        });
+  const noJobTextTarget = getNoJobTextTarget(noJobState, noJobText);
+
+  if (!hasSiteSelection && !showAllWhenUnselected) {
+    setText(noJobTextTarget, emptySelectionMessage);
+    if (noJobActionButton) {
+      noJobActionButton.hidden = true;
+    }
+    show(noJobState);
+    return;
+  }
+
+  if (siteJobs.length === 0) {
+    setText(
+      noJobTextTarget,
+      !hasSiteSelection && showAllWhenUnselected
+        ? emptyAllSitesMessage
+        : emptySiteMessage
+    );
+    if (noJobActionButton) {
+      noJobActionButton.hidden =
+        !showEmptyAction || (!hasSiteSelection && showAllWhenUnselected);
+    }
+    show(noJobState);
+    return;
+  }
+
+  if (noJobActionButton) {
+    noJobActionButton.hidden = false;
+  }
+  hide(noJobState);
+
+  const completedJobs = siteJobs.filter(
+    (job) => !isActiveJobStatus?.(job.status)
+  );
+
+  if (completedJobs.length === 0) {
+    const empty = document.createElement("p");
+    empty.className = "detail";
+    empty.textContent = emptyCompletedMessage;
+    latestResultsList.appendChild(empty);
+    return;
+  }
+
+  const groupedJobs = completedJobs.slice(0, 6);
+  const latestJob = groupedJobs[0] || null;
+  const recentJobs = groupedJobs.slice(1, 6);
+
+  if (latestJob) {
+    latestResultsList.appendChild(
+      makeResultCard(latestJob, {
+        context,
+        onViewJob,
+        onExportJob,
+      })
+    );
+  }
+
+  recentJobs.forEach((job) => {
+    recentResultsList.appendChild(
+      makeResultCard(job, {
+        context,
+        compact: true,
+        onViewJob,
+        onExportJob,
+      })
+    );
+  });
+}
+
+export function renderMiniChart(options = {}) {
+  const {
+    miniChart,
+    chartScaleLabels = [],
+    jobs = [],
+    siteDomain = "",
+    siteDomainCandidates = [],
+    onViewJob,
+  } = options;
+  if (!miniChart) {
+    return;
+  }
+
+  clearNode(miniChart);
+
+  const completedJobs = filterJobsByDomains(jobs, {
+    siteDomain,
+    siteDomainCandidates,
+  })
+    .filter(
+      (job) =>
+        String(job.status || "")
+          .trim()
+          .toLowerCase() === "completed"
+    )
+    .slice(0, 12);
+
+  if (completedJobs.length === 0) {
+    chartScaleLabels.forEach((label) => {
+      label.textContent = "0";
+    });
+    return;
+  }
+
+  const chartRows = completedJobs
+    .filter((job) => Boolean(job.stats))
+    .map((job) => {
+      const { brokenLinks, verySlow, slow } = getIssueCounts(job);
+      const errorCount = brokenLinks;
+      const okCount = verySlow + slow;
+      const totalPages = Math.max(0, Number(job.total_tasks || 0));
+      return {
+        job,
+        errorCount,
+        okCount,
+        issueTotal: errorCount + okCount,
+        totalPages,
+      };
+    })
+    .filter((row) => row.issueTotal > 0 && row.totalPages > 0)
+    .reverse();
+
+  if (chartRows.length === 0) {
+    chartScaleLabels.forEach((label) => {
+      label.textContent = "0";
+    });
+    return;
+  }
+
+  const maxIssues = Math.max(...chartRows.map((row) => row.issueTotal), 1);
+  const ticks = [
+    maxIssues,
+    Math.round(maxIssues * 0.5),
+    Math.round(maxIssues * 0.25),
+    0,
+  ];
+
+  chartScaleLabels.forEach((label, index) => {
+    label.textContent = String(ticks[index] ?? 0);
+  });
+
+  for (const row of chartRows) {
+    const bar = document.createElement("div");
+    bar.className = "chart-bar";
+    bar.role = "button";
+    bar.tabIndex = 0;
+    bar.title = `${formatDateTime(row.job.completed_at || row.job.created_at)}\nStatus: Completed\nOK: ${row.okCount}\nError: ${row.errorCount}\nTotal pages: ${Number(row.job.total_tasks || 0).toLocaleString()}`;
+
+    const detailPath = `/jobs/${encodeURIComponent(row.job.id)}`;
+    const openDetail = () => {
+      if (typeof onViewJob === "function") {
+        onViewJob(detailPath, row.job);
+      }
+    };
+
+    bar.addEventListener("click", openDetail);
+    bar.addEventListener("keydown", (event) => {
+      if (event.key === "Enter" || event.key === " ") {
+        event.preventDefault();
+        openDetail();
+      }
+    });
+
+    if (row.okCount > 0) {
+      const okSegment = document.createElement("div");
+      okSegment.className = "chart-bar--warning";
+      okSegment.style.height = `${Math.max(
+        2,
+        Math.min((row.okCount / maxIssues) * 100, 100)
+      )}%`;
+      bar.appendChild(okSegment);
+    }
+
+    if (row.errorCount > 0) {
+      const errorSegment = document.createElement("div");
+      errorSegment.className = "chart-bar--danger";
+      errorSegment.style.height = `${Math.max(
+        2,
+        Math.min((row.errorCount / maxIssues) * 100, 100)
+      )}%`;
+      bar.appendChild(errorSegment);
+    }
+
+    if (bar.children.length > 0) {
+      miniChart.appendChild(bar);
+    }
+  }
+}
+
+export default {
+  renderJobState,
+  renderMiniChart,
+  renderOrganisations,
+  renderRecentResults,
+  renderScheduleState,
+  renderUsage,
+  renderUserAvatar,
+};
diff --git a/web/static/app/lib/supabase-client.js b/web/static/app/lib/supabase-client.js
new file mode 100644
index 000000000..5cd8e7710
--- /dev/null
+++ b/web/static/app/lib/supabase-client.js
@@ -0,0 +1,51 @@
+/**
+ * lib/supabase-client.js — module-side Supabase bootstrap
+ *
+ * New ES module code can call ensureSupabaseClient() to convert the loaded
+ * UMD SDK namespace into the shared window.supabase auth client expected by
+ * the existing app helpers.
+ */
+
+import { isConfigured, supabaseAnonKey, supabaseUrl } from "/app/lib/config.js";
+
+/**
+ * Returns the active browser auth client when already initialised.
+ * @returns {import("@supabase/supabase-js").SupabaseClient|null}
+ */
+export function getSupabaseClient() {
+  return window.supabase?.auth ? window.supabase : null;
+}
+
+/**
+ * Initialises the browser auth client from the loaded UMD SDK when needed.
+ * The returned client is stored on window.supabase for compatibility with the
+ * existing module helpers that read window.supabase.auth.
+ *
+ * @returns {import("@supabase/supabase-js").SupabaseClient}
+ */
+export function ensureSupabaseClient() {
+  const existingClient = getSupabaseClient();
+  if (existingClient) {
+    return existingClient;
+  }
+
+  if (!isConfigured()) {
+    throw new Error(
+      "Supabase configuration unavailable. Please reload and try again."
+    );
+  }
+
+  const supabaseNamespace = window.supabase;
+  if (typeof supabaseNamespace?.createClient !== "function") {
+    throw new Error("Supabase SDK is not available yet. Please refresh.");
+  }
+
+  const client = supabaseNamespace.createClient(supabaseUrl, supabaseAnonKey);
+  window.supabase = client;
+  return client;
+}
+
+export default {
+  getSupabaseClient,
+  ensureSupabaseClient,
+};
diff --git a/web/static/app/lib/surface-context.js b/web/static/app/lib/surface-context.js
new file mode 100644
index 000000000..4253e0cff
--- /dev/null
+++ b/web/static/app/lib/surface-context.js
@@ -0,0 +1,131 @@
+/**
+ * lib/surface-context.js — shared surface-mode helpers
+ *
+ * Supports app pages opened from the Webflow extension panel by preserving
+ * context in query params and exposing a small in-page back control.
+ */
+
+const SEARCH_PARAMS = new URLSearchParams(window.location.search);
+const SURFACE = SEARCH_PARAMS.get("surface") || "";
+const RETURN_TO_PARAM = SEARCH_PARAMS.get("return_to") || "";
+
+function isAllowedProtocol(url) {
+  return url.protocol === "http:" || url.protocol === "https:";
+}
+
+function isAllowedReturnHost(url) {
+  return (
+    url.hostname === "localhost" ||
+    url.hostname === "127.0.0.1" ||
+    url.hostname === "hover.app.goodnative.co" ||
+    /^hover-pr-\d+\.fly\.dev$/i.test(url.hostname)
+  );
+}
+
+export function isWebflowExtensionSurface() {
+  return SURFACE === "webflow-extension";
+}
+
+export function getSafeReturnToUrl() {
+  if (!RETURN_TO_PARAM) {
+    return "";
+  }
+
+  try {
+    const parsed = new URL(RETURN_TO_PARAM, window.location.origin);
+    if (!isAllowedProtocol(parsed) || !isAllowedReturnHost(parsed)) {
+      return "";
+    }
+    return parsed.toString();
+  } catch {
+    return "";
+  }
+}
+
+export function buildSurfaceAwareUrl(pathOrUrl) {
+  const target = new URL(pathOrUrl, window.location.origin);
+  if (!isWebflowExtensionSurface()) {
+    return target.toString();
+  }
+
+  target.searchParams.set("surface", SURFACE);
+  const returnTo = getSafeReturnToUrl();
+  if (returnTo) {
+    target.searchParams.set("return_to", returnTo);
+  }
+  return target.toString();
+}
+
+export function rewriteSurfaceLinks(elements) {
+  if (!isWebflowExtensionSurface()) {
+    return;
+  }
+
+  elements.forEach((element) => {
+    if (!(element instanceof HTMLAnchorElement)) {
+      return;
+    }
+
+    const href = element.getAttribute("href") || "";
+    if (!href || href.startsWith("#") || href.startsWith("mailto:")) {
+      return;
+    }
+
+    try {
+      const next = new URL(href, window.location.origin);
+      if (next.origin !== window.location.origin) {
+        return;
+      }
+      element.href = buildSurfaceAwareUrl(next.toString());
+    } catch {
+      // ignore malformed links
+    }
+  });
+}
+
+export function initSurfacePage(options = {}) {
+  if (!isWebflowExtensionSurface()) {
+    return null;
+  }
+
+  const title = options.title || "Hover";
+  const defaultReturnPath = options.defaultReturnPath || "/dashboard";
+  const safeReturnTo = getSafeReturnToUrl() || defaultReturnPath;
+
+  document.documentElement.setAttribute("data-surface-context", SURFACE);
+
+  const bar = document.getElementById("surfaceContextBar");
+  const titleNode = document.getElementById("surfaceContextTitle");
+  const subtitleNode = document.getElementById("surfaceContextSubtitle");
+  const backButton = document.getElementById("surfaceContextBack");
+
+  if (bar) {
+    bar.hidden = false;
+  }
+  if (titleNode) {
+    titleNode.textContent = title;
+  }
+  if (subtitleNode) {
+    subtitleNode.textContent = "Opened from the Webflow extension";
+  }
+  if (backButton instanceof HTMLAnchorElement) {
+    backButton.href = safeReturnTo;
+  } else if (backButton instanceof HTMLButtonElement) {
+    backButton.addEventListener("click", () => {
+      window.location.assign(safeReturnTo);
+    });
+  }
+
+  return {
+    surface: SURFACE,
+    returnTo: safeReturnTo,
+  };
+}
+
+export default {
+  buildSurfaceAwareUrl,
+  getSafeReturnToUrl,
+  initSurfacePage,
+  isWebflowExtensionSurface,
+  rewriteSurfaceLinks,
+};
diff --git a/web/static/app/lib/webflow-sites.js b/web/static/app/lib/webflow-sites.js
new file mode 100644
index 000000000..5eaf783a0
--- /dev/null
+++ b/web/static/app/lib/webflow-sites.js
@@ -0,0 +1,173 @@
+/**
+ * lib/webflow-sites.js — shared Webflow connection and site helpers
+ *
+ * Shared between app pages and the Webflow Designer extension.
+ * Rendering and popup handling stay surface-specific; this module only owns
+ * Webflow API reads/writes and current-site matching.
+ */
+
+import * as apiClient from "/app/lib/api-client.js";
+import {
+  getSiteDomainCandidates,
+  normaliseDomain,
+} from "/app/lib/site-jobs.js";
+
+function resolveApi(api) {
+  return api || apiClient;
+}
+
+/**
+ * Start the Webflow OAuth flow.
+ * @param {{ api?: typeof apiClient }} [options]
+ * @returns {Promise<{ auth_url?: string }>}
+ */
+export async function startWebflowConnection(options = {}) {
+  const api = resolveApi(options.api);
+  const response = await api.post("/v1/integrations/webflow");
+  return response && typeof response === "object" ? response : {};
+}
+
+/**
+ * @param {{ api?: typeof apiClient }} [options]
+ * @returns {Promise<Record<string, unknown>[]>}
+ */
+export async function listWebflowConnections(options = {}) {
+  const api = resolveApi(options.api);
+  const response = await api.get("/v1/integrations/webflow");
+  return Array.isArray(response) ? response : [];
+}
+
+/**
+ * @param {string} connectionId
+ * @param {{ api?: typeof apiClient, page?: number, limit?: number }} [options]
+ * @returns {Promise<{ sites: Record<string, unknown>[], pagination: { has_next?: boolean } | null }>}
+ */
+export async function listWebflowSites(connectionId, options = {}) {
+  const api = resolveApi(options.api);
+  const page = Number.isFinite(options.page) ? options.page : 1;
+  const limit = Number.isFinite(options.limit) ? options.limit : 50;
+  const response = await api.get(
+    `/v1/integrations/webflow/${encodeURIComponent(connectionId)}/sites?page=${page}&limit=${limit}`
+  );
+
+  return {
+    sites: Array.isArray(response?.sites) ? response.sites : [],
+    pagination:
+      response?.pagination && typeof response.pagination === "object"
+        ? response.pagination
+        : null,
+  };
+}
+
+/**
+ * @param {string} connectionId
+ * @param {{ api?: typeof apiClient }} [options]
+ * @returns {Promise<void>}
+ */
+export async function disconnectWebflowConnection(connectionId, options = {}) {
+  const api = resolveApi(options.api);
+  await api.del(`/v1/integrations/webflow/${encodeURIComponent(connectionId)}`);
+}
+
+/**
+ * @param {string} siteId
+ * @param {{
+ *   connectionId: string,
+ *   enabled: boolean,
+ *   api?: typeof apiClient
+ * }} options
+ * @returns {Promise<void>}
+ */
+export async function setWebflowSiteAutoPublish(siteId, options) {
+  const api = resolveApi(options?.api);
+  await api.put(
+    `/v1/integrations/webflow/sites/${encodeURIComponent(siteId)}/auto-publish`,
+    {
+      connection_id: options.connectionId,
+      enabled: options.enabled,
+    }
+  );
+}
+
+/**
+ * @param {string} siteId
+ * @param {{
+ *   connectionId: string,
+ *   scheduleIntervalHours: number | null,
+ *   api?: typeof apiClient
+ * }} options
+ * @returns {Promise<void>}
+ */
+export async function setWebflowSiteSchedule(siteId, options) {
+  const api = resolveApi(options?.api);
+  await api.put(
+    `/v1/integrations/webflow/sites/${encodeURIComponent(siteId)}/schedule`,
+    {
+      connection_id: options.connectionId,
+      schedule_interval_hours: options.scheduleIntervalHours,
+    }
+  );
+}
+
+/**
+ * Find the Webflow site config that matches the current site domain(s).
+ *
+ * @param {{
+ *   siteDomain?: string | null,
+ *   siteDomainCandidates?: string[],
+ *   api?: typeof apiClient,
+ *   connections?: Record<string, unknown>[],
+ *   limit?: number
+ * }} [options]
+ * @returns {Promise<Record<string, unknown> | null>}
+ */
+export async function findMatchingWebflowSite(options = {}) {
+  const candidates = getSiteDomainCandidates(options);
+  if (!candidates.length) {
+    return null;
+  }
+
+  const connections =
+    options.connections || (await listWebflowConnections({ api: options.api }));
+  if (!Array.isArray(connections) || connections.length === 0) {
+    return null;
+  }
+
+  const limit = Number.isFinite(options.limit) ? options.limit : 50;
+
+  for (const connection of connections) {
+    if (!connection?.id) {
+      continue;
+    }
+
+    let page = 1;
+
+    while (true) {
+      const payload = await listWebflowSites(connection.id, {
+        api: options.api,
+        page,
+        limit,
+      });
+
+      const matchedSite = payload.sites.find((site) => {
+        const domain = normaliseDomain(site?.primary_domain || "");
+        return candidates.includes(domain);
+      });
+
+      if (matchedSite) {
+        return {
+          ...matchedSite,
+          connection_id: connection.id,
+        };
+      }
+
+      if (!payload.pagination?.has_next) {
+        break;
+      }
+
+      page += 1;
+    }
+  }
+
+  return null;
+}
diff --git a/web/static/app/pages/dashboard.js b/web/static/app/pages/dashboard.js
index 7760a68cd..469b5f530 100644
--- a/web/static/app/pages/dashboard.js
+++ b/web/static/app/pages/dashboard.js
@@ -1,551 +1,865 @@
 /**
- * pages/dashboard.js — dashboard page orchestrator
+ * pages/dashboard.js — module-native dashboard shell
  *
- * Owns all dashboard rendering and interaction: stats cards, job list
- * (hover-job-card), job creation form, org creation modal, admin
- * actions, and realtime subscriptions.
- *
- * No remaining legacy script dependencies.
+ * Uses the same site-focused shell model as the Webflow extension:
+ * org switcher, quota badge, per-site scheduler, run-now action, and
+ * latest/past report surfaces.
  */
 
-import { get, post, put, del } from "/app/lib/api-client.js";
-import { fetchJobs, subscribeToJobUpdates } from "/app/pages/webflow-jobs.js";
-import { createJobCard } from "/app/components/hover-job-card.js";
+import { get, post } from "/app/lib/api-client.js";
+import {
+  onAuthStateChange,
+  getSession,
+  signOut,
+} from "/app/lib/auth-session.js";
 import { showToast } from "/app/components/hover-toast.js";
-import { formatCount } from "/app/lib/formatters.js";
-import { initCreateOrgModal } from "/app/lib/settings/organisations.js";
-import { initAdminResetButton } from "/app/lib/admin.js";
+import {
+  initSurfaceShell,
+  renderProfileMenuSummary,
+} from "/app/lib/shell-nav.js";
+import { initSurfacePage } from "/app/lib/surface-context.js";
+import {
+  loadOrganisationContext,
+  switchOrganisation as switchOrganisationApi,
+} from "/app/lib/organisation-api.js";
+import { downloadJobExport } from "/app/lib/job-export.js";
+import {
+  renderJobState as renderSharedJobState,
+  renderMiniChart as renderSharedMiniChart,
+  renderOrganisations as renderSharedOrganisations,
+  renderRecentResults as renderSharedRecentResults,
+  renderScheduleState as renderSharedScheduleState,
+  renderUsage as renderSharedUsage,
+  renderUserAvatar,
+} from "/app/lib/site-view.js";
+import {
+  findSchedulerByDomain,
+  saveSchedulerForDomain,
+  disableScheduler,
+} from "/app/lib/scheduler-api.js";
+import { ensureSupabaseClient } from "/app/lib/supabase-client.js";
+import {
+  buildChartJobsSignature,
+  buildCompletedJobsSignature,
+  fetchJobs,
+  normaliseDomain,
+  pickLatestJobByDomains,
+  subscribeToJobUpdates,
+} from "/app/lib/site-jobs.js";
 import {
   ensureDomainByName,
+  getDomains,
+  loadOrganisationDomains,
   setupDomainSearchInput,
 } from "/app/lib/domain-search.js";
 
-// ── State ──────────────────────────────────────────────────────────────────────
+const ACTIVE_ORG_STORAGE_KEY = "gnh_active_org_id";
+const SELECTED_DOMAIN_STORAGE_KEY = "gnh_dashboard_selected_domain";
+const ACTIVE_JOB_STATUSES = new Set([
+  "pending",
+  "queued",
+  "initializing",
+  "running",
+  "in_progress",
+  "processing",
+]);
+const SCHEDULE_PLACEHOLDER = "off";
+const SCHEDULE_OPTIONS = new Set(["off", "6", "12", "24", "48"]);
+const APP_ROUTES = {
+  auth: "/extension-auth.html",
+  settings: "/settings/account",
+  viewJob: "/jobs",
+  home: "/dashboard",
+  help: "/dashboard",
+  feedback: "/dashboard",
+};
+
+let authSubscriptionCleanup = null;
+let jobsSubscriptionCleanup = null;
+let statusToastTimer = null;
+let initialised = false;
+let shellChrome = null;
+
+const state = {
+  session: null,
+  activeOrganisationId: "",
+  organisations: [],
+  usage: null,
+  selectedDomain: normaliseDomain(
+    window.localStorage.getItem(SELECTED_DOMAIN_STORAGE_KEY) || ""
+  ),
+  siteDomainCandidates: [],
+  currentScheduler: null,
+  currentJob: null,
+  userAvatarUrl: "",
+  userEmail: "",
+  userDisplayName: "",
+  lastCompletedJobsSignature: "",
+  lastChartJobsSignature: "",
+  refreshing: false,
+};
+
+const ui = {
+  guestState: document.getElementById("guestState"),
+  authState: document.getElementById("authState"),
+  loginButton: document.getElementById("dashboardLoginButton"),
+  signupButton: document.getElementById("dashboardSignupButton"),
+  homeButton: document.getElementById("homeButton"),
+  profileMenuButton: document.getElementById("profileMenuButton"),
+  profileMenuDropdown: document.getElementById("profileMenuDropdown"),
+  profileAvatar: document.getElementById("profileAvatar"),
+  profileEmail: document.getElementById("profileEmail"),
+  profileOrgName: document.getElementById("profileOrgName"),
+  profilePlanText: document.getElementById("profilePlanText"),
+  profileUsageText: document.getElementById("profileUsageText"),
+  notificationsContainer: document.getElementById("notificationsContainer"),
+  notificationsButton: document.getElementById("notificationsBtn"),
+  notificationsDropdown: document.getElementById("notificationsDropdown"),
+  notificationsList: document.getElementById("notificationsList"),
+  notificationsBadge: document.getElementById("notificationsBadge"),
+  markAllReadButton: document.getElementById("markAllReadBtn"),
+  orgSelect: document.getElementById("orgSelect"),
+  domainInput: document.getElementById("domainInput"),
+  scheduleSelect: document.getElementById("scheduleSelect"),
+  runNowButton: document.getElementById("runNowButton"),
+  runFirstCheckButton: document.getElementById("runFirstCheckButton"),
+  statusBlock: document.getElementById("statusBlock"),
+  statusText: document.getElementById("statusText"),
+  detailText: document.getElementById("detailText"),
+  noJobState: document.getElementById("noJobState"),
+  noJobText: document.getElementById("noJobText"),
+  jobSection: document.getElementById("jobSection"),
+  latestResultsList: document.getElementById("latestResultsList"),
+  recentResultsList: document.getElementById("recentResultsList"),
+  miniChart: document.getElementById("miniChart"),
+  chartScaleLabels: Array.from(
+    document.querySelectorAll(".chart-y-scale span")
+  ),
+  feedbackButton: document.getElementById("feedbackButton"),
+  helpButton: document.getElementById("helpButton"),
+};
+
+function getActiveOrganisationName() {
+  return (
+    state.organisations.find(
+      (organisation) => organisation.id === state.activeOrganisationId
+    )?.name || "Organisation"
+  );
+}
 
-let currentRange = "today";
+function getUserMetadataAvatarUrl(user) {
+  return (
+    user?.user_metadata?.avatar_url ||
+    user?.user_metadata?.picture ||
+    user?.user_metadata?.avatar ||
+    user?.identities?.find?.((identity) => identity?.identity_data?.avatar_url)
+      ?.identity_data?.avatar_url ||
+    ""
+  );
+}
 
-// ── Bootstrap ──────────────────────────────────────────────────────────────────
+function getUserDisplayName(user) {
+  return (
+    user?.user_metadata?.full_name ||
+    user?.user_metadata?.name ||
+    user?.email ||
+    ""
+  );
+}
 
-/**
- * Initialise the dashboard module layer.
- * Called once auth and org state are confirmed ready.
- */
-let _initialised = false;
-async function init() {
-  if (_initialised) return;
-  _initialised = true;
-  // Wire date range selector
-  const dateRange = document.getElementById("dateRange");
-  if (dateRange) {
-    dateRange.addEventListener("change", (e) => {
-      currentRange = e.target.value;
-      refresh();
-    });
+function show(node) {
+  node?.classList.remove("hidden");
+}
+
+function hide(node) {
+  node?.classList.add("hidden");
+}
+
+function setText(node, value) {
+  if (node) {
+    node.textContent = value;
   }
+}
 
-  // Wire action buttons — refresh, create-job modal, close-create-job-modal
-  document.addEventListener("click", (e) => {
-    const el = e.target.closest("[gnh-action]");
-    if (!el) return;
-    const action = el.getAttribute("gnh-action");
-    if (action === "refresh-dashboard") {
-      e.preventDefault();
-      refresh();
-    } else if (action === "create-job") {
-      e.preventDefault();
-      openCreateJobModal();
-    } else if (action === "close-create-job-modal") {
-      e.preventDefault();
-      closeCreateJobModal();
-    }
-  });
+function normaliseJobStatus(status) {
+  return String(status || "")
+    .trim()
+    .toLowerCase();
+}
 
-  // Job creation forms (inline "Start Crawl" + modal "Create Job")
-  for (const formId of ["dashboardJobForm", "createJobForm"]) {
-    const form = document.getElementById(formId);
-    if (form) form.addEventListener("submit", handleJobCreation);
-  }
-
-  // Domain search autocomplete
-  const domainInput = document.getElementById("jobDomain");
-  if (domainInput) {
-    const container = domainInput.closest(".gnh-domain-search");
-    setupDomainSearchInput({
-      input: domainInput,
-      container: container || domainInput.parentElement,
-      clearOnSelect: false,
-      onSelectDomain: (domain) => {
-        domainInput.value = domain.name;
-      },
-      onCreateDomain: (domain) => {
-        domainInput.value = domain.name;
-      },
-      onError: (message) => {
-        showToast(message || "Failed to create domain.", { variant: "error" });
-      },
-    });
+function isActiveJobStatus(status) {
+  return ACTIVE_JOB_STATUSES.has(normaliseJobStatus(status));
+}
+
+function buildAuthUrl(mode = "login") {
+  const authUrl = new URL(APP_ROUTES.auth, window.location.origin);
+  authUrl.searchParams.set("return_to", window.location.href);
+  authUrl.searchParams.set("mode", mode);
+  return authUrl.toString();
+}
+
+function openAuth(mode = "login") {
+  window.location.assign(buildAuthUrl(mode));
+}
+
+function setStatus(message, detail = "") {
+  if (statusToastTimer !== null) {
+    clearTimeout(statusToastTimer);
+    statusToastTimer = null;
+  }
+
+  ui.statusBlock?.classList.remove("status-block--fading");
+  setText(ui.statusText, message);
+  setText(ui.detailText, detail);
+
+  if (!message && !detail) {
+    return;
   }
 
-  // Org creation modal
-  initCreateOrgModal({ onCreated: () => refresh() });
+  statusToastTimer = window.setTimeout(() => {
+    ui.statusBlock?.classList.add("status-block--fading");
+    statusToastTimer = window.setTimeout(() => {
+      ui.statusBlock?.classList.remove("status-block--fading");
+      setText(ui.statusText, "");
+      setText(ui.detailText, "");
+      statusToastTimer = null;
+    }, 500);
+  }, 3000);
+}
 
-  // Network monitoring
-  setupNetworkMonitoring();
+function renderAuthState(isAuthed) {
+  if (isAuthed) {
+    hide(ui.guestState);
+    show(ui.authState);
+    return;
+  }
 
-  // Initial render (waitForSession inside refresh handles Supabase timing)
-  await refresh();
+  show(ui.guestState);
+  hide(ui.authState);
+}
 
-  // Admin section (must run after refresh so Supabase session is available)
-  await initAdminResetButton("resetDbBtn", {
-    containerSelector: "#adminGroup",
+async function updateAvatarFromState() {
+  await renderUserAvatar({
+    element: ui.profileAvatar,
+    displayName: state.userDisplayName || state.userEmail,
+    email: state.userEmail,
+    avatarUrl: state.userAvatarUrl,
   });
+}
 
-  // Subscribe to realtime job updates (falls back to 10 s polling when
-  // Supabase realtime is unavailable, e.g. on preview branches).
-  let unsubscribe = null;
-  function startSubscription() {
-    if (unsubscribe) unsubscribe();
-    const orgId = window.GNH_ACTIVE_ORG?.id;
-    unsubscribe = subscribeToJobUpdates(orgId, () => refresh());
-  }
-  startSubscription();
+function renderUsage() {
+  renderSharedUsage({
+    usage: state.usage,
+    profilePlanText: ui.profilePlanText,
+    profileUsageText: ui.profileUsageText,
+  });
+}
 
-  // Re-subscribe and refresh when the active org changes.
-  document.addEventListener("gnh:org-switched", () => {
-    refresh();
-    startSubscription();
+function renderOrganisations() {
+  renderSharedOrganisations({
+    select: ui.orgSelect,
+    organisations: state.organisations,
+    activeOrganisationId: state.activeOrganisationId,
   });
 }
 
-// ── Refresh ────────────────────────────────────────────────────────────────────
+function renderScheduleState() {
+  renderSharedScheduleState({
+    select: ui.scheduleSelect,
+    currentScheduler: state.currentScheduler,
+    placeholder: SCHEDULE_PLACEHOLDER,
+    allowedValues: [...SCHEDULE_OPTIONS],
+  });
+}
 
-async function refresh() {
-  await Promise.all([refreshStats(), refreshJobs()]);
+function renderJobState(job) {
+  renderSharedJobState({
+    jobSection: ui.jobSection,
+    job,
+    isActiveJobStatus,
+    context: "extension",
+    onViewJob: (path) => {
+      window.location.href = path;
+    },
+    onExportJob: (jobId) => {
+      void exportJob(jobId);
+    },
+  });
 }
 
-// ── Stats ──────────────────────────────────────────────────────────────────────
+function renderRecentResults(jobs) {
+  renderSharedRecentResults({
+    latestResultsList: ui.latestResultsList,
+    recentResultsList: ui.recentResultsList,
+    noJobState: ui.noJobState,
+    noJobText: ui.noJobText,
+    noJobActionButton: ui.runFirstCheckButton,
+    jobs,
+    siteDomain: state.selectedDomain,
+    siteDomainCandidates: state.siteDomainCandidates,
+    isActiveJobStatus,
+    context: "extension",
+    onViewJob: (path) => {
+      window.location.href = path;
+    },
+    onExportJob: (jobId) => {
+      void exportJob(jobId);
+    },
+    emptySelectionMessage: "Select a site to review its latest report.",
+    emptySiteMessage: `No runs yet for ${state.selectedDomain}.`,
+    emptyAllSitesMessage: "No recent runs yet.",
+    showEmptyAction: Boolean(state.selectedDomain),
+    showAllWhenUnselected: true,
+  });
+}
 
-async function refreshStats() {
-  // Gate behind session — avoids a 401 when the module runs before core.js
-  // has signed in.
-  const token = await waitForSession();
-  if (!token) return;
-  try {
-    const tzOffset = new Date().getTimezoneOffset();
-    // api-client auto-unwraps the { status, data } envelope
-    const data = await get(
-      `/v1/dashboard/stats?range=${currentRange}&tzOffset=${tzOffset}`
-    );
-    const stats = data?.stats;
-    if (!stats) return;
+function renderMiniChart(jobs) {
+  renderSharedMiniChart({
+    miniChart: ui.miniChart,
+    chartScaleLabels: ui.chartScaleLabels,
+    jobs,
+    siteDomain: state.selectedDomain,
+    siteDomainCandidates: state.siteDomainCandidates,
+    onViewJob: (path) => {
+      window.location.href = path;
+    },
+  });
+}
+
+function setDisabledAll(disabled) {
+  [
+    ui.orgSelect,
+    ui.domainInput,
+    ui.scheduleSelect,
+    ui.runNowButton,
+    ui.runFirstCheckButton,
+  ].forEach((control) => {
+    if (
+      control instanceof HTMLButtonElement ||
+      control instanceof HTMLInputElement ||
+      control instanceof HTMLSelectElement
+    ) {
+      control.disabled = disabled;
+    }
+  });
+}
 
-    setStatCard("stats.total_jobs", formatCount(stats.total_jobs));
-    setStatCard("stats.running_jobs", formatCount(stats.running_jobs));
-    setStatCard("stats.completed_jobs", formatCount(stats.completed_jobs));
-    setStatCard("stats.failed_jobs", formatCount(stats.failed_jobs));
-  } catch {
-    // Non-fatal — stats cards stay at previous values
+function updateDomainInput() {
+  if (ui.domainInput instanceof HTMLInputElement) {
+    ui.domainInput.value = state.selectedDomain || "";
   }
 }
 
-/**
- * Update a stat card value by its gnh-text attribute selector.
- * Falls back gracefully when the element doesn't exist.
- */
-function setStatCard(key, value) {
-  const el = document.querySelector(`[gnh-text="${key}"]`);
-  if (el) el.textContent = value;
+function persistSelectedDomain() {
+  if (state.selectedDomain) {
+    window.localStorage.setItem(
+      SELECTED_DOMAIN_STORAGE_KEY,
+      state.selectedDomain
+    );
+    return;
+  }
+  window.localStorage.removeItem(SELECTED_DOMAIN_STORAGE_KEY);
+}
+
+function applySelectedDomain(domain) {
+  const nextDomain = normaliseDomain(domain);
+  if (nextDomain !== state.selectedDomain) {
+    state.lastCompletedJobsSignature = "";
+    state.lastChartJobsSignature = "";
+  }
+
+  state.selectedDomain = nextDomain;
+  state.siteDomainCandidates = state.selectedDomain
+    ? [state.selectedDomain]
+    : [];
+  persistSelectedDomain();
+  updateDomainInput();
 }
 
-// ── Jobs list ──────────────────────────────────────────────────────────────────
+async function waitForSupabaseClient(timeoutMs = 5000) {
+  const start = Date.now();
 
-/** @type {Map<string, HoverJobCard>} jobId → card element, for in-place updates */
-const _jobCards = new Map();
+  while (Date.now() - start < timeoutMs) {
+    try {
+      return ensureSupabaseClient();
+    } catch (_error) {
+      await new Promise((resolve) => {
+        window.setTimeout(resolve, 50);
+      });
+    }
+  }
 
-async function refreshJobs() {
-  const container = document.querySelector(".gnh-jobs-list");
-  if (!container) return;
+  throw new Error("Supabase client did not initialise in time.");
+}
 
-  const token = await waitForSession();
-  if (!token) return;
+async function ensureSelectedDomain() {
+  if (state.selectedDomain) {
+    return;
+  }
 
-  try {
-    const jobs = await fetchJobs({
-      limit: 10,
-      range: currentRange,
-      include: "stats",
-    });
-    renderJobCards(container, jobs);
-  } catch {
-    // Non-fatal — existing cards stay visible
+  const stored = normaliseDomain(
+    window.localStorage.getItem(SELECTED_DOMAIN_STORAGE_KEY) || ""
+  );
+  if (stored) {
+    applySelectedDomain(stored);
   }
 }
 
-function renderJobCards(container, jobs) {
-  // Empty state
-  if (jobs.length === 0) {
-    _jobCards.forEach((card) => card.remove());
-    _jobCards.clear();
+async function loadOrganisationState() {
+  const context = await loadOrganisationContext();
+  state.organisations = Array.isArray(context.organisations)
+    ? context.organisations
+    : [];
+  state.activeOrganisationId = context.activeOrganisationId || "";
+  state.usage = context.usage || null;
+  if (state.activeOrganisationId) {
+    window.localStorage.setItem(
+      ACTIVE_ORG_STORAGE_KEY,
+      state.activeOrganisationId
+    );
+  }
+}
 
-    let empty = container.querySelector(".jobs-empty-state");
-    if (!empty) {
-      empty = document.createElement("p");
-      empty.className = "jobs-empty-state detail";
-      empty.textContent = "No jobs yet.";
-      container.appendChild(empty);
-    }
+async function loadCurrentSchedule() {
+  if (!state.selectedDomain) {
+    state.currentScheduler = null;
+    renderScheduleState();
     return;
   }
 
-  // Remove empty state if present
-  container.querySelector(".jobs-empty-state")?.remove();
+  state.currentScheduler = await findSchedulerByDomain(state.selectedDomain);
+  renderScheduleState();
+}
 
-  // Track which job IDs are in the new response
-  const incoming = new Set(jobs.map((j) => j.id));
+async function refreshSiteResults() {
+  const jobs = await fetchJobs({ limit: 50, include: "stats" });
 
-  // Remove cards no longer in the list
-  _jobCards.forEach((card, id) => {
-    if (!incoming.has(id)) {
-      card.remove();
-      _jobCards.delete(id);
+  if (!state.selectedDomain) {
+    const firstJobDomain = normaliseDomain(
+      jobs[0]?.domains?.name || jobs[0]?.domain || ""
+    );
+    if (firstJobDomain) {
+      applySelectedDomain(firstJobDomain);
     }
+  }
+
+  state.currentJob = pickLatestJobByDomains(jobs, {
+    siteDomain: state.selectedDomain,
+    siteDomainCandidates: state.siteDomainCandidates,
   });
 
-  // Update existing cards in-place, append new ones in order
-  jobs.forEach((job, index) => {
-    const existing = _jobCards.get(job.id);
-    if (existing) {
-      // In-place update — no DOM removal, no flicker
-      existing.job = job;
-      // Ensure correct order
-      const cards = Array.from(container.querySelectorAll("hover-job-card"));
-      if (cards[index] !== existing)
-        container.insertBefore(existing, cards[index] ?? null);
-    } else {
-      const card = createJobCard(job, { context: "dashboard" });
-      card.dataset.jobId = job.id;
-
-      // Navigation — "All" button and "View all X" in issue tables
-      card.addEventListener("hover-job-card:view", (e) => {
-        window.location.href = e.detail.path;
-      });
+  renderJobState(state.currentJob);
 
-      // Export
-      card.addEventListener("hover-job-card:export", (e) => {
-        exportJob(e.detail.jobId).catch((err) =>
-          showToast(`Export failed: ${err.message}`, { variant: "error" })
-        );
-      });
+  const completedSignature = buildCompletedJobsSignature(
+    jobs,
+    {
+      siteDomain: state.selectedDomain,
+      siteDomainCandidates: state.siteDomainCandidates,
+    },
+    isActiveJobStatus
+  );
 
-      // Restart
-      card.addEventListener("hover-job-card:restart", (e) => {
-        restartJob(e.detail.job).catch((err) =>
-          showToast(`Restart failed: ${err.message}`, { variant: "error" })
-        );
-      });
+  if (completedSignature !== state.lastCompletedJobsSignature) {
+    renderRecentResults(jobs);
+    state.lastCompletedJobsSignature = completedSignature;
+  }
 
-      // Cancel
-      card.addEventListener("hover-job-card:cancel", (e) => {
-        cancelJob(e.detail.jobId).catch((err) =>
-          showToast(`Cancel failed: ${err.message}`, { variant: "error" })
-        );
-      });
+  const chartSignature = buildChartJobsSignature(jobs, {
+    siteDomain: state.selectedDomain,
+    siteDomainCandidates: state.siteDomainCandidates,
+  });
 
-      // Insert at correct position
-      const cards = Array.from(container.querySelectorAll("hover-job-card"));
-      container.insertBefore(card, cards[index] ?? null);
-      _jobCards.set(job.id, card);
-    }
+  if (chartSignature !== state.lastChartJobsSignature) {
+    renderMiniChart(jobs);
+    state.lastChartJobsSignature = chartSignature;
+  }
+}
+
+function cleanupJobSubscription() {
+  if (jobsSubscriptionCleanup) {
+    jobsSubscriptionCleanup();
+    jobsSubscriptionCleanup = null;
+  }
+}
+
+function cleanupNotificationsSubscription() {
+  shellChrome?.setActiveOrganisation("");
+}
+
+function startJobSubscription() {
+  cleanupJobSubscription();
+  if (!state.activeOrganisationId) {
+    return;
+  }
+
+  jobsSubscriptionCleanup = subscribeToJobUpdates({
+    orgId: state.activeOrganisationId,
+    onUpdate: () => {
+      void refreshDashboard({ silent: true });
+    },
   });
 }
 
-async function exportJob(jobId) {
+async function refreshDashboard(options = {}) {
+  if (state.refreshing) {
+    return;
+  }
+
+  state.refreshing = true;
+  if (!options.silent) {
+    setDisabledAll(true);
+  }
+
   try {
-    const data = await get(`/v1/jobs/${encodeURIComponent(jobId)}/export`, {
-      headers: { Accept: "application/json" },
+    await loadOrganisationState();
+    await loadOrganisationDomains();
+    await ensureSelectedDomain();
+    await Promise.all([loadCurrentSchedule(), refreshSiteResults()]);
+    renderUsage();
+    renderOrganisations();
+    renderProfileMenuSummary({
+      emailNode: ui.profileEmail,
+      organisationNode: ui.profileOrgName,
+      planNode: ui.profilePlanText,
+      usageNode: ui.profileUsageText,
+      email: state.userEmail,
+      organisationName: getActiveOrganisationName(),
+      usage: state.usage,
     });
-    const tasks = Array.isArray(data?.tasks) ? data.tasks : [];
-    if (!tasks.length) {
-      showToast("No tasks to export.", { variant: "warning" });
-      return;
+    void updateAvatarFromState();
+    renderAuthState(true);
+    startJobSubscription();
+    shellChrome?.setActiveOrganisation(state.activeOrganisationId);
+  } catch (error) {
+    console.error("dashboard: failed to refresh", error);
+    showToast(error.message || "Failed to refresh the dashboard.", {
+      variant: "error",
+    });
+  } finally {
+    if (!options.silent) {
+      setDisabledAll(false);
     }
-
-    const keys = Object.keys(tasks[0]);
-    const csv = [
-      keys.join(","),
-      ...tasks.map((t) => keys.map((k) => csvEscape(t[k])).join(",")),
-    ].join("\n");
-    const blob = new Blob([csv], { type: "text/csv" });
-    const url = URL.createObjectURL(blob);
-    const a = document.createElement("a");
-    a.href = url;
-    a.download = `job-${jobId}.csv`;
-    a.click();
-    URL.revokeObjectURL(url);
-    showToast("Export downloaded.", { variant: "success" });
-  } catch (err) {
-    throw err;
+    state.refreshing = false;
   }
 }
 
-function csvEscape(val) {
-  if (val == null) return "";
-  const str = String(val);
-  return str.includes(",") || str.includes('"') || str.includes("\n")
-    ? `"${str.replace(/"/g, '""')}"`
-    : str;
-}
+async function resolveSelectedDomain({ allowCreate = false } = {}) {
+  const rawValue =
+    ui.domainInput instanceof HTMLInputElement ? ui.domainInput.value : "";
+  const nextValue = normaliseDomain(rawValue || state.selectedDomain || "");
+  if (!nextValue) {
+    applySelectedDomain("");
+    await loadCurrentSchedule();
+    renderJobState(null);
+    renderRecentResults([]);
+    renderMiniChart([]);
+    return "";
+  }
 
-// ── Create job modal ───────────────────────────────────────────────────────────
+  if (allowCreate) {
+    const ensured = await ensureDomainByName(nextValue, { allowCreate: true });
+    applySelectedDomain(ensured?.name || nextValue);
+  } else {
+    applySelectedDomain(nextValue);
+  }
 
-function openCreateJobModal() {
-  const modal = document.getElementById("createJobModal");
-  if (modal) modal.style.display = "flex";
+  return state.selectedDomain;
 }
 
-function closeCreateJobModal() {
-  const modal = document.getElementById("createJobModal");
-  if (modal) modal.style.display = "none";
-  const form = document.getElementById("createJobForm");
-  if (form) {
-    form.reset();
-    const maxPages = document.getElementById("maxPages");
-    if (maxPages) maxPages.value = "0";
-  }
+async function handleDomainCommit({ allowCreate = false } = {}) {
+  await resolveSelectedDomain({ allowCreate });
+  await Promise.all([loadCurrentSchedule(), refreshSiteResults()]);
 }
 
-// ── Job creation ────────────────────────────────────────────────────────────────
-
-async function handleJobCreation(event) {
-  event.preventDefault();
-  const formData = new FormData(event.target);
+async function switchOrganisation() {
+  if (!(ui.orgSelect instanceof HTMLSelectElement) || !ui.orgSelect.value) {
+    return;
+  }
 
-  let domain = formData.get("domain");
-  const maxPages = parseInt(formData.get("max_pages"));
-  const concurrencyValue = formData.get("concurrency");
-  const scheduleInterval = formData.get("schedule_interval_hours");
+  setDisabledAll(true);
+  try {
+    await switchOrganisationApi(ui.orgSelect.value);
+    state.activeOrganisationId = ui.orgSelect.value;
+    window.localStorage.setItem(ACTIVE_ORG_STORAGE_KEY, ui.orgSelect.value);
+    applySelectedDomain("");
+    await refreshDashboard();
+  } finally {
+    setDisabledAll(false);
+  }
+}
 
+async function runNow() {
+  const domain = await resolveSelectedDomain({ allowCreate: true });
   if (!domain) {
-    showToast("Domain is required", { variant: "error" });
+    showToast("Enter a site domain first.", { variant: "error" });
     return;
   }
 
-  // Ensure domain exists (creates if needed)
+  setDisabledAll(true);
   try {
-    const ensuredDomain = await ensureDomainByName(domain, {
-      allowCreate: true,
+    await post("/v1/jobs", {
+      domain,
+      max_pages: 0,
+      use_sitemap: true,
+      find_links: true,
     });
-    if (ensuredDomain?.name) domain = ensuredDomain.name;
+    setStatus("Run started.", `Checking ${domain}.`);
+    showToast(`Run started for ${domain}`, { variant: "success" });
+    await refreshDashboard({ silent: true });
   } catch (error) {
-    showToast(error.message || "Failed to create domain.", {
+    console.error("dashboard: failed to run job", error);
+    showToast(error.message || "Failed to start the run.", {
       variant: "error",
     });
-    return;
+  } finally {
+    setDisabledAll(false);
   }
+}
 
-  const domainField = document.getElementById("jobDomain");
-  if (domainField) domainField.value = domain;
+async function exportJob(jobId) {
+  try {
+    const result = await downloadJobExport(jobId);
+    if (result.empty) {
+      showToast("No tasks to export.", { variant: "warning" });
+      return;
+    }
+    showToast("Export downloaded.", { variant: "success" });
+  } catch (error) {
+    showToast(`Export failed: ${error.message}`, { variant: "error" });
+  }
+}
 
-  if (maxPages < 0 || maxPages > 10000) {
-    showToast("Maximum pages must be between 0 and 10,000", {
-      variant: "error",
-    });
+async function setJobSchedule() {
+  if (!(ui.scheduleSelect instanceof HTMLSelectElement)) {
     return;
   }
 
-  const requestBody = {
-    domain,
-    max_pages: maxPages,
-    use_sitemap: true,
-    find_links: true,
-  };
-  if (
-    concurrencyValue &&
-    concurrencyValue !== "" &&
-    concurrencyValue !== "default"
-  ) {
-    requestBody.concurrency = parseInt(concurrencyValue);
+  const requested = ui.scheduleSelect.value;
+  if (!SCHEDULE_OPTIONS.has(requested)) {
+    ui.scheduleSelect.value = SCHEDULE_PLACEHOLDER;
+    return;
   }
 
-  try {
-    if (scheduleInterval && scheduleInterval !== "") {
-      const hours = parseInt(scheduleInterval);
-      if (isNaN(hours) || ![6, 12, 24, 48].includes(hours)) {
-        showToast(
-          "Invalid schedule interval. Must be 6, 12, 24, or 48 hours.",
-          {
-            variant: "error",
-          }
-        );
-        return;
-      }
+  const domain = await resolveSelectedDomain({
+    allowCreate: requested !== SCHEDULE_PLACEHOLDER,
+  });
 
-      const scheduler = await post("/v1/schedulers", {
-        domain,
-        schedule_interval_hours: hours,
-        max_pages: maxPages,
-        find_links: true,
-        concurrency: requestBody.concurrency || 20,
-      });
+  if (!domain) {
+    showToast("Enter a site domain before changing the schedule.", {
+      variant: "error",
+    });
+    renderScheduleState();
+    return;
+  }
 
-      try {
-        await post("/v1/jobs", { ...requestBody, scheduler_id: scheduler.id });
-      } catch (jobError) {
-        console.error(
-          "Failed to create initial job, cleaning up scheduler:",
-          jobError
-        );
-        try {
-          await del(`/v1/schedulers/${encodeURIComponent(scheduler.id)}`);
-        } catch (cleanupError) {
-          console.error("Failed to clean up scheduler:", cleanupError);
-        }
-        throw jobError;
+  setDisabledAll(true);
+  try {
+    if (requested === SCHEDULE_PLACEHOLDER) {
+      if (state.currentScheduler?.id) {
+        await disableScheduler(state.currentScheduler.id, {
+          expectedIsEnabled: state.currentScheduler.is_enabled,
+        });
       }
-
-      closeCreateJobModal();
-      showToast(`Scheduled job created for ${domain} (every ${hours} hours)`, {
-        variant: "success",
-      });
-    } else {
-      await post("/v1/jobs", requestBody);
-
-      const df = document.getElementById("jobDomain");
-      const mp = document.getElementById("maxPages");
-      const si = document.getElementById("scheduleInterval");
-      if (df) df.value = "";
-      if (mp) mp.value = "0";
-      if (si) si.value = "";
-
-      closeCreateJobModal();
-      showToast(`Job created for ${domain}`, { variant: "success" });
+      state.currentScheduler = null;
+      renderScheduleState();
+      setStatus("Scheduler disabled.", `No recurring run for ${domain}.`);
+      return;
     }
 
-    await refresh();
+    const scheduler = await saveSchedulerForDomain(domain, Number(requested), {
+      currentScheduler: state.currentScheduler,
+      extra: {
+        max_pages: 0,
+        find_links: true,
+        concurrency: 20,
+      },
+    });
+    state.currentScheduler = scheduler;
+    renderScheduleState();
+    setStatus("Scheduler updated.", `Running every ${requested} hours.`);
   } catch (error) {
-    console.error("Failed to create job:", error);
-    showToast(error.message || "Failed to create job. Please try again.", {
+    console.error("dashboard: failed to save schedule", error);
+    renderScheduleState();
+    showToast(error.message || "Failed to save the schedule.", {
       variant: "error",
     });
+  } finally {
+    setDisabledAll(false);
   }
 }
 
-// ── Job actions ────────────────────────────────────────────────────────────────
-
-async function restartJob(job) {
-  try {
-    await post("/v1/jobs", {
-      domain: job.domains?.name || job.domain,
-      max_pages: job.max_pages ?? 0,
-      use_sitemap: true,
-      find_links: job.find_links ?? true,
-      concurrency: job.concurrency,
-    });
-    showToast("Job restarted.", { variant: "success" });
-    await refresh();
-  } catch (err) {
-    showToast(`Failed to restart job: ${err.message}`, { variant: "error" });
+function bindDomainSearch() {
+  if (!(ui.domainInput instanceof HTMLInputElement)) {
+    return;
   }
+
+  setupDomainSearchInput({
+    input: ui.domainInput,
+    container: ui.domainInput.parentElement,
+    clearOnSelect: false,
+    onSelectDomain: async (domain) => {
+      applySelectedDomain(domain.name);
+      await Promise.all([loadCurrentSchedule(), refreshSiteResults()]);
+    },
+    onCreateDomain: async (domain) => {
+      applySelectedDomain(domain.name);
+      await Promise.all([loadCurrentSchedule(), refreshSiteResults()]);
+    },
+    onError: (message) => {
+      showToast(message || "Failed to create domain.", { variant: "error" });
+    },
+  });
+
+  ui.domainInput.addEventListener("change", () => {
+    void handleDomainCommit();
+  });
+  ui.domainInput.addEventListener("keydown", (event) => {
+    if (event.key === "Enter") {
+      event.preventDefault();
+      void handleDomainCommit();
+    }
+  });
 }
 
-async function cancelJob(jobId) {
-  try {
-    await put(`/v1/jobs/${encodeURIComponent(jobId)}`, { action: "cancel" });
-    showToast("Job cancelled.", { variant: "warning" });
-    await refresh();
-  } catch (err) {
-    showToast(`Failed to cancel job: ${err.message}`, { variant: "error" });
-  }
-}
-
-// ── Network monitoring ──────────────────────────────────────────────────────────
-
-function updateNetworkStatus() {
-  const indicator = document.querySelector(".status-indicator");
-  if (!indicator) return;
-  if (navigator.onLine) {
-    indicator.textContent = "";
-    const dot = document.createElement("span");
-    dot.className = "status-dot";
-    const label = document.createElement("span");
-    label.textContent = "Live";
-    indicator.appendChild(dot);
-    indicator.appendChild(label);
-  } else {
-    indicator.textContent = "";
-    const dot = document.createElement("span");
-    dot.className = "status-dot";
-    dot.style.background = "#ef4444";
-    const label = document.createElement("span");
-    label.textContent = "Offline";
-    indicator.appendChild(dot);
-    indicator.appendChild(label);
+function bindEvents() {
+  ui.loginButton?.addEventListener("click", () => openAuth("login"));
+  ui.signupButton?.addEventListener("click", () => openAuth("signup"));
+  ui.homeButton?.addEventListener("click", () => {
+    applySelectedDomain("");
+    void refreshDashboard({ silent: true });
+  });
+  ui.orgSelect?.addEventListener("change", () => {
+    void switchOrganisation();
+  });
+  ui.scheduleSelect?.addEventListener("change", () => {
+    void setJobSchedule();
+  });
+  ui.runNowButton?.addEventListener("click", () => {
+    void runNow();
+  });
+  ui.runFirstCheckButton?.addEventListener("click", () => {
+    void runNow();
+  });
+  ui.feedbackButton?.addEventListener("click", () => {
+    window.location.assign(APP_ROUTES.feedback);
+  });
+  ui.helpButton?.addEventListener("click", () => {
+    window.location.assign(APP_ROUTES.help);
+  });
+
+  window.addEventListener("storage", (event) => {
+    if (
+      event.key === ACTIVE_ORG_STORAGE_KEY &&
+      event.newValue &&
+      event.newValue !== state.activeOrganisationId
+    ) {
+      state.activeOrganisationId = event.newValue;
+      applySelectedDomain("");
+      void refreshDashboard({ silent: true });
+    }
+  });
+}
+
+async function syncAuthState(session) {
+  state.session = session;
+  state.userEmail = session?.user?.email || "";
+  state.userDisplayName = getUserDisplayName(session?.user);
+  state.userAvatarUrl = getUserMetadataAvatarUrl(session?.user);
+  void updateAvatarFromState();
+
+  if (!session) {
+    cleanupJobSubscription();
+    cleanupNotificationsSubscription();
+    renderAuthState(false);
+    return;
   }
+
+  renderAuthState(true);
+  await refreshDashboard();
 }
 
-function setupNetworkMonitoring() {
-  updateNetworkStatus();
+async function init() {
+  if (initialised) {
+    return;
+  }
+  initialised = true;
 
-  window.addEventListener("online", () => {
-    updateNetworkStatus();
-    showToast("Connection restored. Refreshing data...", {
-      variant: "success",
-    });
-    setTimeout(() => refresh(), 500);
+  initSurfacePage({
+    title: "Dashboard",
+    defaultReturnPath: "/dashboard",
   });
+  bindEvents();
+  bindDomainSearch();
+  await waitForSupabaseClient();
+  shellChrome = initSurfaceShell({
+    profileButton: ui.profileMenuButton,
+    profileDropdown: ui.profileMenuDropdown,
+    notificationsContainer: ui.notificationsContainer,
+    notificationsButton: ui.notificationsButton,
+    notificationsDropdown: ui.notificationsDropdown,
+    notificationsList: ui.notificationsList,
+    notificationsBadge: ui.notificationsBadge,
+    markAllReadButton: ui.markAllReadButton,
+    onNavigate: (path) => {
+      window.location.assign(path);
+    },
+    onSignOut: async () => {
+      await signOut();
+      showToast("Signed out.", { variant: "success" });
+      window.location.assign(APP_ROUTES.home);
+    },
+    fetchNotifications: (limit) => get(`/v1/notifications?limit=${limit}`),
+    markNotificationRead: (id) => post(`/v1/notifications/${id}/read`),
+    markAllNotificationsRead: () => post("/v1/notifications/read-all"),
+    subscribeToNotifications: async (orgId, onEvent) => {
+      const client = ensureSupabaseClient();
+      const channel = client
+        .channel(`dashboard-notifications:${orgId}`)
+        .on(
+          "postgres_changes",
+          {
+            event: "INSERT",
+            schema: "public",
+            table: "notifications",
+            filter: `organisation_id=eq.${orgId}`,
+          },
+          () => {
+            onEvent();
+          }
+        )
+        .subscribe();
 
-  window.addEventListener("offline", () => {
-    updateNetworkStatus();
-    showToast("Connection lost. Some features may not work.", {
-      variant: "error",
-    });
+      return () => {
+        client.removeChannel(channel).catch(() => {});
+      };
+    },
   });
-}
 
-// ── Helpers ────────────────────────────────────────────────────────────────────
+  const initialSession = await getSession().catch(() => null);
+  await syncAuthState(initialSession);
 
-/**
- * Wait for window.supabase to be initialised and have an active session.
- * Returns the access token, or null if no session within the timeout.
- * @param {number} [timeoutMs=8000]
- * @returns {Promise<string|null>}
- */
-function waitForSession(timeoutMs = 8000) {
-  return new Promise((resolve) => {
-    const start = Date.now();
-    const check = async () => {
-      try {
-        const { data } = await window.supabase?.auth?.getSession();
-        const token = data?.session?.access_token;
-        if (token) {
-          resolve(token);
-          return;
-        }
-      } catch {
-        /* not ready yet */
-      }
-      if (Date.now() - start > timeoutMs) {
-        resolve(null);
-        return;
-      }
-      setTimeout(check, 200);
-    };
-    check();
+  authSubscriptionCleanup = onAuthStateChange((event, nextSession) => {
+    if (event === "SIGNED_OUT") {
+      state.selectedDomain = "";
+      persistSelectedDomain();
+    }
+    void syncAuthState(nextSession);
   });
 }
 
-// ── Entry point ────────────────────────────────────────────────────────────────
-
-// Initialise after DOM is ready. waitForSession() inside refresh() handles
-// the Supabase timing — no dependency on gnh-bootstrap.js or GNH_APP.whenReady.
 if (document.readyState === "loading") {
-  document.addEventListener("DOMContentLoaded", () =>
-    init().catch(console.error)
-  );
+  document.addEventListener("DOMContentLoaded", () => {
+    void init();
+  });
 } else {
-  init().catch(console.error);
+  void init();
 }
 
-// ── Legacy bridges ─────────────────────────────────────────────────────────────
-// Expose refresh for external callers (e.g. global-nav org-switch).
-window.HoverDashboard = { refresh };
+window.HoverDashboard = {
+  refresh: () => refreshDashboard(),
+  destroy: () => {
+    authSubscriptionCleanup?.();
+    cleanupJobSubscription();
+    shellChrome?.destroy?.();
+  },
+};
diff --git a/web/static/app/pages/job-details.js b/web/static/app/pages/job-details.js
index b5f7e4f1c..8d9e63c8e 100644
--- a/web/static/app/pages/job-details.js
+++ b/web/static/app/pages/job-details.js
@@ -35,6 +35,7 @@ import { createDataTable } from "/app/components/hover-data-table.js";
 import { createTabs } from "/app/components/hover-tabs.js";
 import { showToast } from "/app/components/hover-toast.js";
 import { formatRelativeTime, formatDuration } from "/app/lib/formatters.js";
+import { initSurfacePage } from "/app/lib/surface-context.js";
 
 // ── Constants ──────────────────────────────────────────────────────────────────
 
@@ -99,6 +100,11 @@ async function init() {
   jobId = resolveJobId();
   if (!jobId) return;
 
+  initSurfacePage({
+    title: "Job details",
+    defaultReturnPath: "/dashboard",
+  });
+
   // Wait for a valid session before touching the API
   const token = await waitForSession();
   if (!token) return;
diff --git a/web/static/app/pages/settings.js b/web/static/app/pages/settings.js
index 12617ec24..d4b3100da 100644
--- a/web/static/app/pages/settings.js
+++ b/web/static/app/pages/settings.js
@@ -46,6 +46,10 @@ import {
 import { initCreateOrgModal } from "/app/lib/settings/organisations.js";
 import { initAdminResetButton } from "/app/lib/admin.js";
 import { handleInviteTokenFlow } from "/app/lib/invite-flow.js";
+import {
+  initSurfacePage,
+  rewriteSurfaceLinks,
+} from "/app/lib/surface-context.js";
 import { showToast as _showToast } from "/app/components/hover-toast.js";
 
 function toast(variant, message) {
@@ -283,6 +287,11 @@ async function init() {
   if (!session?.data?.session?.user) return;
 
   // Navigation (sidebar, tabs, deep-linking).
+  initSurfacePage({
+    title: "Settings",
+    defaultReturnPath: "/dashboard",
+  });
+  rewriteSurfaceLinks(document.querySelectorAll(".settings-link"));
   setupSettingsNavigation();
   setupPlanTabs();
   setupAutomationTabs();
diff --git a/web/static/app/pages/webflow-jobs.js b/web/static/app/pages/webflow-jobs.js
index b58166015..300665f8c 100644
--- a/web/static/app/pages/webflow-jobs.js
+++ b/web/static/app/pages/webflow-jobs.js
@@ -1,42 +1,25 @@
 /**
- * pages/webflow-jobs.js — shared job-list logic for Webflow extension and dashboard
+ * pages/webflow-jobs.js — dashboard job helpers and table renderer
  *
- * This module provides the data-fetching, state management, and rendering
- * helpers for the job list surface. It is imported by both the Webflow
- * Designer extension panel and the main app dashboard.
- *
- * It does NOT own a page lifecycle — pages that use it (extension index.ts,
- * future dashboard.js) call init() and supply their own DOM containers.
- *
- * Prerequisites:
- *   - window.supabase initialised before calling subscribeToJobUpdates()
- *   - api-client.js / auth-session.js available via ES module imports
- *
- * Usage:
- *   import { fetchJobs, renderJobList, subscribeToJobUpdates } from "/app/pages/webflow-jobs.js";
- *
- *   const jobs = await fetchJobs({ limit: 10 });
- *   renderJobList(container, jobs);
- *   const unsubscribe = subscribeToJobUpdates(orgId, () => refresh());
+ * Shared fetching and realtime state lives in /app/lib/site-jobs.js.
+ * This page module keeps the dashboard-facing table renderer and a thin
+ * wrapper for the dashboard's adaptive polling cadence.
  */
 
-import { get } from "/app/lib/api-client.js";
+import {
+  fetchJobs as fetchSharedJobs,
+  subscribeToJobUpdates as subscribeToSharedJobUpdates,
+} from "/app/lib/site-jobs.js";
 import {
   formatRelativeTime,
   formatDuration,
   formatCount,
-  formatStatus,
-  statusCategory,
 } from "/app/lib/formatters.js";
 import { createStatusPill } from "/app/components/hover-status-pill.js";
 import { createDataTable } from "/app/components/hover-data-table.js";
 
 // ── Constants ──────────────────────────────────────────────────────────────────
 
-const REALTIME_DEBOUNCE_MS = 250;
-const SUBSCRIBE_RETRY_INTERVAL_MS = 1000;
-const MAX_SUBSCRIBE_RETRIES = 15;
-// Match legacy gnh-auth-extension.js: 500 ms when jobs are active, 1 s when idle.
 const FALLBACK_POLLING_INTERVAL_ACTIVE_MS = 500;
 const FALLBACK_POLLING_INTERVAL_IDLE_MS = 1000;
 
@@ -49,13 +32,7 @@ const FALLBACK_POLLING_INTERVAL_IDLE_MS = 1000;
  * @returns {Promise<import("/app/lib/api-client.js").unknown[]>}
  */
 export async function fetchJobs(options = {}) {
-  const params = new URLSearchParams();
-  if (options.limit) params.set("limit", String(options.limit));
-  if (options.range) params.set("range", options.range);
-  if (options.include) params.set("include", options.include);
-  const qs = params.toString();
-  const res = await get(`/v1/jobs${qs ? `?${qs}` : ""}`);
-  return res?.jobs ?? [];
+  return fetchSharedJobs(options);
 }
 
 // ── Rendering ──────────────────────────────────────────────────────────────────
@@ -165,141 +142,12 @@ export function renderErrorState(container, message = "Failed to load jobs.") {
  * @returns {() => void} unsubscribe / cleanup function
  */
 export function subscribeToJobUpdates(orgId, onUpdate) {
-  let channel = null;
-  let retryCount = 0;
-  let retryTimer = null;
-  let fallbackTimer = null;
-  let lastUpdate = 0;
-  let debounceTimer = null;
-  let unsubscribed = false;
-
-  function throttledUpdate() {
-    const now = Date.now();
-    if (now - lastUpdate >= REALTIME_DEBOUNCE_MS) {
-      lastUpdate = now;
-      clearFallback();
-      onUpdate();
-      return;
-    }
-    if (!debounceTimer) {
-      debounceTimer = setTimeout(() => {
-        debounceTimer = null;
-        if (unsubscribed) return;
-        lastUpdate = Date.now();
-        clearFallback();
-        onUpdate();
-      }, REALTIME_DEBOUNCE_MS);
-    }
-  }
-
-  // Adaptive interval: 500 ms while jobs are active, 1 s when idle.
-  // Matches the legacy gnh-auth-extension.js dual-interval behaviour.
-  function getFallbackInterval() {
-    return window.dataBinder?.hasRealtimeActiveJobs
-      ? FALLBACK_POLLING_INTERVAL_ACTIVE_MS
-      : FALLBACK_POLLING_INTERVAL_IDLE_MS;
-  }
-
-  let fallbackIntervalMs = null;
-
-  function startFallback() {
-    const nextMs = getFallbackInterval();
-    if (fallbackTimer && fallbackIntervalMs === nextMs) return;
-    if (fallbackTimer) {
-      clearInterval(fallbackTimer);
-    }
-    fallbackIntervalMs = nextMs;
-    fallbackTimer = setInterval(onUpdate, fallbackIntervalMs);
-  }
-
-  function clearFallback() {
-    if (fallbackTimer) {
-      clearInterval(fallbackTimer);
-      fallbackTimer = null;
-      fallbackIntervalMs = null;
-    }
-  }
-
-  function cleanup() {
-    unsubscribed = true;
-    if (retryTimer) {
-      clearTimeout(retryTimer);
-      retryTimer = null;
-    }
-    if (debounceTimer) {
-      clearTimeout(debounceTimer);
-      debounceTimer = null;
-    }
-    clearFallback();
-    if (channel && window.supabase) {
-      window.supabase.removeChannel(channel).catch(() => {});
-      channel = null;
-    }
-  }
-
-  function subscribe() {
-    if (unsubscribed) return;
-    if (!orgId || !window.supabase?.channel) {
-      if (retryCount < MAX_SUBSCRIBE_RETRIES) {
-        retryCount++;
-        retryTimer = setTimeout(subscribe, SUBSCRIBE_RETRY_INTERVAL_MS);
-      } else {
-        startFallback();
-      }
-      return;
-    }
-
-    retryCount = 0;
-
-    try {
-      channel = window.supabase
-        .channel(`hover-jobs:${orgId}`)
-        .on(
-          "postgres_changes",
-          {
-            event: "INSERT",
-            schema: "public",
-            table: "jobs",
-            filter: `organisation_id=eq.${orgId}`,
-          },
-          throttledUpdate
-        )
-        .on(
-          "postgres_changes",
-          {
-            event: "UPDATE",
-            schema: "public",
-            table: "jobs",
-            filter: `organisation_id=eq.${orgId}`,
-          },
-          throttledUpdate
-        )
-        .on(
-          "postgres_changes",
-          {
-            event: "DELETE",
-            schema: "public",
-            table: "jobs",
-            filter: `organisation_id=eq.${orgId}`,
-          },
-          throttledUpdate
-        )
-        .subscribe((status, err) => {
-          if (
-            (status === "CHANNEL_ERROR" || status === "TIMED_OUT" || err) &&
-            !unsubscribed
-          ) {
-            startFallback();
-          }
-        });
-
-      // Start fallback immediately; clearFallback() stops it on first real event
-      startFallback();
-    } catch {
-      startFallback();
-    }
-  }
-
-  subscribe();
-  return cleanup;
+  return subscribeToSharedJobUpdates({
+    orgId,
+    onUpdate,
+    getFallbackInterval: () =>
+      window.dataBinder?.hasRealtimeActiveJobs
+        ? FALLBACK_POLLING_INTERVAL_ACTIVE_MS
+        : FALLBACK_POLLING_INTERVAL_IDLE_MS,
+  });
 }
diff --git a/web/static/app/pages/webflow-login.js b/web/static/app/pages/webflow-login.js
index 1d7576cec..95e79ef8b 100644
--- a/web/static/app/pages/webflow-login.js
+++ b/web/static/app/pages/webflow-login.js
@@ -1,48 +1,78 @@
 /**
  * pages/webflow-login.js — Webflow Designer extension auth screen
  *
- * Entrypoint for the extension-auth page served by the Go backend at
- * /extension-auth. Replaces the legacy core.js + gnh-auth-extension.js
- * global-script model for this surface.
- *
- * Loading contract (extension-auth.html):
- *   1. <script src="/config.js">          — sets window.GNH_CONFIG
- *   2. <script src="supabase.js">         — sets window.supabase (CDN UMD)
- *   3. <script type="module" src="/app/pages/webflow-login.js">
- *
- * No gnh-bootstrap.js. No GNH_APP.whenReady(). No GNHAuth globals required.
- *
- * Auth redirect contract (from AGENTS.md):
- *   - Deep-link URLs must return to the exact originating URL.
- *   - Extension auth uses window.GNH_APP.extensionAuth = true to signal
- *     that the OAuth redirect should return to this page, not /dashboard.
- *   - handleSocialLogin in auth.js reads window.GNH_APP.extensionAuth and
- *     sets redirectTo = window.location.href for extension flows.
- *   - This module sets that flag before any auth action.
+ * Module-native auth flow for /extension-auth. This page no longer depends on
+ * the legacy auth bundle; it owns its popup UI, OAuth redirect handling, and
+ * postMessage contract directly through the app/ ES module layer.
  */
 
-import { isConfigured, supabaseUrl, supabaseAnonKey } from "/app/lib/config.js";
-import {
-  getSession,
-  onAuthStateChange,
-  signOut,
-} from "/app/lib/auth-session.js";
+import { enableTurnstile, isConfigured } from "/app/lib/config.js";
+import { ensureSupabaseClient } from "/app/lib/supabase-client.js";
 import { showToast } from "/app/components/hover-toast.js";
 
 // ── Constants ──────────────────────────────────────────────────────────────────
 
-/** postMessage target origin for the Webflow Designer extension. */
-const EXTENSION_ORIGIN = "https://webflow.com";
-
 /**
  * The state token passed by the extension when opening this popup.
  * Included in the postMessage payload so index.ts can verify it.
  * Passed as both ?state= and ?extension_state= in the URL.
  */
-const EXTENSION_STATE =
-  new URLSearchParams(window.location.search).get("extension_state") ||
-  new URLSearchParams(window.location.search).get("state") ||
-  "";
+const SEARCH_PARAMS = new URLSearchParams(window.location.search);
+const AUTH_MODAL_PATH = "/auth-modal.html";
+const OAUTH_CALLBACK_QUERY_KEYS = [
+  "error",
+  "error_code",
+  "error_description",
+  "sb",
+  "code",
+  "state",
+  "return_to",
+];
+const TURNSTILE_SCRIPT_SRC =
+  "https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit";
+const MAX_TURNSTILE_RETRIES = 2;
+const POPUP_AUTH_TARGET_ORIGIN_STORAGE_KEY = "gnh_extension_auth_target_origin";
+const POPUP_AUTH_STATE_STORAGE_KEY = "gnh_extension_auth_state";
+const AUTH_RETURN_TO_STORAGE_KEY = "gnh_auth_return_to";
+const REQUESTED_MODE_STORAGE_KEY = "gnh_auth_requested_mode";
+
+/** @type {import("@supabase/supabase-js").SupabaseClient|null} */
+let supabaseClient = null;
+let currentForm = "login";
+let captchaToken = null;
+let captchaIssuedAt = null;
+let turnstileWidgetId = null;
+let turnstileLoadPromise = null;
+let turnstileRetryCount = 0;
+let awaitingCaptchaRefresh = false;
+let pendingSignupSubmission = null;
+let targetOrigin = getPopupContextValue(
+  POPUP_AUTH_TARGET_ORIGIN_STORAGE_KEY,
+  SEARCH_PARAMS.get("origin") || ""
+);
+let extensionState = getPopupContextValue(
+  POPUP_AUTH_STATE_STORAGE_KEY,
+  SEARCH_PARAMS.get("extension_state") || SEARCH_PARAMS.get("state") || ""
+);
+let returnTo = getPopupContextValue(
+  AUTH_RETURN_TO_STORAGE_KEY,
+  SEARCH_PARAMS.get("return_to") || ""
+);
+let requestedMode = getPopupContextValue(
+  REQUESTED_MODE_STORAGE_KEY,
+  SEARCH_PARAMS.get("mode") || "login"
+);
+
+function getUserMetadataAvatarUrl(user) {
+  return (
+    user?.user_metadata?.avatar_url ||
+    user?.user_metadata?.picture ||
+    user?.user_metadata?.avatar ||
+    user?.identities?.find?.((identity) => identity?.identity_data?.avatar_url)
+      ?.identity_data?.avatar_url ||
+    ""
+  );
+}
 
 // ── Element references ─────────────────────────────────────────────────────────
 
@@ -52,8 +82,6 @@ const el = (id) => document.getElementById(id);
 // ── Init ───────────────────────────────────────────────────────────────────────
 
 async function init() {
-  // Signal to auth.js (legacy, still loaded via the modal) that this is an
-  // extension auth flow so OAuth redirects return here, not to /dashboard.
   window.GNH_APP = Object.assign({}, window.GNH_APP || {}, {
     extensionAuth: true,
   });
@@ -63,46 +91,35 @@ async function init() {
     return;
   }
 
-  // Initialise the Supabase client if auth.js hasn't done it yet.
-  // auth.js.initialiseSupabase() is still the canonical initialiser;
-  // we call it here as a safety net in case core.js is not present.
-  if (window.supabase?.createClient && !window.supabase?.auth) {
-    window.supabase = window.supabase.createClient(
-      supabaseUrl,
-      supabaseAnonKey
-    );
+  if (window.opener && !validatePopupContract()) {
+    return;
   }
 
+  persistAuthContext();
   setStatus("Preparing sign-in…");
 
-  // Load the shared auth modal (legacy component — reused as-is for Phase 1).
-  // Phase 2+ will replace this with a native module component.
-  await loadAuthModal();
+  try {
+    supabaseClient = ensureSupabaseClient();
+    await loadAuthInterface();
+  } catch (error) {
+    console.error("webflow-login: failed to initialise auth", error);
+    setStatus("Sign-in could not be prepared — please refresh.", "error");
+    return;
+  }
 
-  // Handle any OAuth callback tokens already in the URL/hash.
   await handleCallbackIfPresent();
 
-  // Check existing session.
-  const session = await getSession().catch(() => null);
+  const session = await getCurrentSession().catch(() => null);
   if (session) {
     await handleAuthenticated(session);
     return;
   }
 
-  // No session — show the login modal.
-  showLogin();
+  showInitialAuthForm();
 
-  // Listen for auth state changes (sign-in after modal interaction).
-  const unsubscribe = onAuthStateChange(async (event, newSession) => {
-    if ((event === "SIGNED_IN" || event === "TOKEN_REFRESHED") && newSession) {
-      unsubscribe();
-      await handleAuthenticated(newSession);
-    }
-  });
-
-  // Wire up the reopen button.
   const reopenBtn = el("reopenModalBtn");
   if (reopenBtn) {
+    reopenBtn.hidden = false;
     reopenBtn.addEventListener("click", showLogin);
   }
 }
@@ -119,9 +136,8 @@ async function init() {
 async function handleAuthenticated(session) {
   setStatus("Signing you in…");
 
-  // Register with backend (idempotent — 409 is success).
   if (session.user) {
-    await registerUser(session.user).catch((err) => {
+    await registerUserWithBackend(session.user).catch((err) => {
       console.warn(
         "webflow-login: backend registration failed (non-fatal)",
         err
@@ -129,12 +145,14 @@ async function handleAuthenticated(session) {
     });
   }
 
-  // Send the session back to the extension.
-  // Contract must match what index.ts connectAccount() expects:
-  //   { source: "gnh-extension-auth", state, extensionState, type: "success",
-  //     accessToken, user: { id, email, avatarUrl } }
   if (!window.opener) {
-    // Opened directly (not by the extension popup flow) — nothing to notify.
+    clearAuthContext();
+    const destination = resolveReturnDestination();
+    if (destination) {
+      window.location.replace(destination);
+      return;
+    }
+
     setStatus("Signed in — you can close this window.", "success");
     showToast("Signed in successfully.", { variant: "success", duration: 0 });
     return;
@@ -143,20 +161,21 @@ async function handleAuthenticated(session) {
     window.opener.postMessage(
       {
         source: "gnh-extension-auth",
-        state: EXTENSION_STATE,
-        extensionState: EXTENSION_STATE,
+        state: extensionState,
+        extensionState,
         type: "success",
         accessToken: session.access_token,
         user: {
           id: session.user?.id ?? "",
           email: session.user?.email ?? "",
-          avatarUrl: session.user?.user_metadata?.avatar_url ?? "",
+          avatarUrl: getUserMetadataAvatarUrl(session.user),
         },
       },
-      EXTENSION_ORIGIN
+      targetOrigin
     );
 
     setStatus("Signed in — you can close this window.", "success");
+    clearAuthContext();
     showToast("Signed in successfully.", { variant: "success", duration: 0 });
   } catch (err) {
     console.error("webflow-login: postMessage failed", err);
@@ -172,13 +191,20 @@ async function handleAuthenticated(session) {
 }
 
 /**
- * Handle OAuth callback tokens that may be present in the current URL.
- * Delegates to auth.js.handleAuthCallback if available, otherwise
- * handles the access_token hash directly.
+ * Handles OAuth callback tokens already present in the popup URL.
+ * Preserves the extension query parameters while cleaning provider callback
+ * parameters out of the location bar after the session is restored.
  */
 async function handleCallbackIfPresent() {
-  if (typeof window.GNHAuth?.handleAuthCallback === "function") {
-    await window.GNHAuth.handleAuthCallback().catch(() => {});
+  const urlParams = new URLSearchParams(window.location.search);
+  const error = urlParams.get("error");
+  const errorDescription = urlParams.get("error_description");
+
+  if (error) {
+    console.error("webflow-login: OAuth error", error, errorDescription);
+    cleanOAuthCallbackUrl();
+    showAuthError("Authentication failed. Please try again.");
+    setStatus("Authentication failed. Please try again.", "error");
     return;
   }
 
@@ -186,15 +212,34 @@ async function handleCallbackIfPresent() {
   const accessToken = hash.get("access_token");
   const refreshToken = hash.get("refresh_token");
 
-  if (accessToken && window.supabase?.auth) {
+  if (accessToken && supabaseClient?.auth) {
     try {
-      await window.supabase.auth.setSession({
+      await supabaseClient.auth.setSession({
         access_token: accessToken,
         refresh_token: refreshToken || "",
       });
-      history.replaceState(null, "", window.location.pathname);
+      cleanOAuthCallbackUrl();
     } catch (err) {
       console.warn("webflow-login: failed to restore session from hash", err);
+      showAuthError("Could not restore your sign-in session. Please retry.");
+      setStatus("Could not restore your sign-in session.", "error");
+    }
+    return;
+  }
+
+  if (hasOAuthCallbackQuery(urlParams)) {
+    try {
+      const session = await getCurrentSession();
+      if (session) {
+        cleanOAuthCallbackUrl();
+      }
+    } catch (error) {
+      console.warn(
+        "webflow-login: failed to restore session from query",
+        error
+      );
+      showAuthError("Could not complete sign-in. Please retry.");
+      setStatus("Could not complete sign-in. Please retry.", "error");
     }
   }
 }
@@ -204,9 +249,15 @@ async function handleCallbackIfPresent() {
 /**
  * @param {import("@supabase/supabase-js").User} user
  */
-async function registerUser(user) {
-  const session = await getSession();
-  if (!session?.access_token) return;
+async function registerUserWithBackend(user) {
+  if (!user?.id || !user.email) {
+    throw new Error("Invalid user data for registration");
+  }
+
+  const session = await getCurrentSession();
+  if (!session?.access_token) {
+    throw new Error("No session available for registration");
+  }
 
   const metadata = user.user_metadata || {};
   const firstName =
@@ -217,11 +268,11 @@ async function registerUser(user) {
     (
       metadata.full_name ||
       metadata.name ||
-      [firstName, lastName].filter(Boolean).join(" ") ||
+      composeDisplayName(firstName, lastName) ||
       ""
     ).trim() || null;
 
-  const res = await fetch("/v1/auth/register", {
+  const response = await fetch("/v1/auth/register", {
     method: "POST",
     headers: {
       "Content-Type": "application/json",
@@ -236,8 +287,13 @@ async function registerUser(user) {
     }),
   });
 
-  if (!res.ok && res.status !== 409) {
-    throw new Error(`Backend registration failed: ${res.status}`);
+  if (!response.ok) {
+    if (response.status === 409) {
+      return;
+    }
+    throw new Error(
+      `Backend registration failed: ${response.status} ${response.statusText}`
+    );
   }
 }
 
@@ -255,39 +311,719 @@ function setStatus(message, variant = "info") {
   statusEl.dataset.variant = variant;
 }
 
-/** Load and inject the shared auth modal HTML, then show the login form. */
-async function loadAuthModal() {
+async function loadAuthInterface() {
+  const container = el("authModalContainer");
+  if (!container) {
+    throw new Error("Auth modal container missing");
+  }
+
+  const response = await fetch(AUTH_MODAL_PATH, { cache: "no-store" });
+  if (!response.ok) {
+    throw new Error(
+      `Failed to load auth interface: ${response.status} ${response.statusText}`
+    );
+  }
+
+  container.innerHTML = await response.text();
+  container.querySelectorAll("[onclick]").forEach((node) => {
+    node.removeAttribute("onclick");
+  });
+
+  bindAuthInterface();
+  showForm("login");
+}
+
+function bindAuthInterface() {
   const container = el("authModalContainer");
   if (!container) return;
 
-  try {
-    const res = await fetch("/auth-modal.html", { cache: "no-store" });
-    if (!res.ok) throw new Error(`${res.status} ${res.statusText}`);
-    // Verify content-type before injecting — guards against unexpected proxy responses.
-    const ct = res.headers.get("content-type") || "";
-    if (!ct.includes("text/html")) {
-      throw new Error(`Unexpected content-type: ${ct}`);
+  const closeButton = container.querySelector(".gnh-modal-close");
+  if (closeButton) {
+    closeButton.addEventListener("click", () => {
+      hideAuthModal();
+      setStatus("Sign-in paused. Reopen the form to continue.");
+    });
+  }
+
+  const loginLinks = container.querySelectorAll("#loginForm .gnh-auth-links a");
+  if (loginLinks[0]) {
+    loginLinks[0].dataset.authAction = "show-signup";
+  }
+  if (loginLinks[1]) {
+    loginLinks[1].dataset.authAction = "show-reset";
+  }
+
+  const signupLink = container.querySelector("#signupForm .gnh-auth-links a");
+  if (signupLink) {
+    signupLink.dataset.authAction = "show-login";
+  }
+
+  const resetLink = container.querySelector("#resetForm .gnh-auth-links a");
+  if (resetLink) {
+    resetLink.dataset.authAction = "show-login";
+  }
+
+  container.addEventListener("submit", async (event) => {
+    if (!(event.target instanceof HTMLFormElement)) {
+      return;
     }
-    const html = await res.text();
-    // Parse via DOMParser and only insert non-script nodes to prevent XSS
-    // in the unlikely event the response is tampered.
-    const doc = new DOMParser().parseFromString(html, "text/html");
-    doc.querySelectorAll("script").forEach((s) => s.remove());
-    container.append(...doc.body.childNodes);
-  } catch (err) {
-    console.error("webflow-login: failed to load auth modal", err);
-    setStatus("Sign-in modal failed to load — please refresh.", "error");
+
+    if (event.target.id === "emailLoginForm") {
+      await handleEmailLogin(event);
+      return;
+    }
+
+    if (event.target.id === "emailSignupForm") {
+      await handleEmailSignup(event);
+      return;
+    }
+
+    if (event.target.id === "passwordResetForm") {
+      await handlePasswordReset(event);
+    }
+  });
+
+  container.addEventListener("click", async (event) => {
+    const target = event.target instanceof Element ? event.target : null;
+    if (!target) return;
+
+    const socialButton = target.closest(".gnh-social-btn[data-provider]");
+    if (socialButton instanceof HTMLElement) {
+      event.preventDefault();
+      const provider = socialButton.dataset.provider || "";
+      await handleSocialLogin(provider);
+      return;
+    }
+
+    const actionLink = target.closest("[data-auth-action]");
+    if (actionLink instanceof HTMLElement) {
+      event.preventDefault();
+      const action = actionLink.dataset.authAction;
+      if (action === "show-signup") {
+        showForm("signup");
+      } else if (action === "show-reset") {
+        showForm("reset");
+      } else if (action === "show-login") {
+        showForm("login");
+      }
+      return;
+    }
+
+    const modal = target.closest("#authModal");
+    if (target.id === "authModal" && modal) {
+      hideAuthModal();
+      setStatus("Sign-in paused. Reopen the form to continue.");
+    }
+  });
+
+  if (!enableTurnstile) {
+    setSignupButtonEnabled(true);
+  }
+}
+
+function showAuthModal() {
+  const modal = el("authModal");
+  if (!modal) return;
+  modal.classList.add("show");
+}
+
+function hideAuthModal() {
+  const modal = el("authModal");
+  if (!modal) return;
+  modal.classList.remove("show");
+}
+
+function showForm(formType) {
+  currentForm = formType;
+
+  const titles = {
+    login: "Sign In",
+    signup: "Create Account",
+    reset: "Reset Password",
+  };
+
+  ["login", "signup", "reset"].forEach((name) => {
+    const panel = el(`${name}Form`);
+    if (panel) {
+      panel.style.display = name === formType ? "block" : "none";
+    }
+  });
+
+  const titleEl = el("authModalTitle");
+  if (titleEl) {
+    titleEl.textContent = titles[formType] || "Authentication";
+  }
+
+  clearAuthError();
+  hideAuthLoading();
+  showAuthModal();
+
+  if (formType === "signup") {
+    captchaToken = null;
+    if (enableTurnstile) {
+      setSignupButtonEnabled(false);
+      void ensureTurnstileWidget().catch((error) => {
+        console.warn("webflow-login: failed to initialise turnstile", error);
+        showAuthError(
+          "Security verification could not be loaded. Please try another sign-in method."
+        );
+      });
+    } else {
+      setSignupButtonEnabled(true);
+    }
+  }
+}
+
+function showAuthLoading() {
+  const loadingEl = el("authLoading");
+  if (loadingEl) {
+    loadingEl.style.display = "block";
+  }
+  const activeForm = el(`${currentForm}Form`);
+  if (activeForm) {
+    activeForm.style.display = "none";
+  }
+}
+
+function hideAuthLoading() {
+  const loadingEl = el("authLoading");
+  if (loadingEl) {
+    loadingEl.style.display = "none";
+  }
+  const activeForm = el(`${currentForm}Form`);
+  if (activeForm) {
+    activeForm.style.display = "block";
+  }
+}
+
+function showAuthError(message, type = "error") {
+  const errorEl = el("authError");
+  if (!errorEl) return;
+
+  errorEl.textContent = message;
+  errorEl.style.display = "block";
+
+  if (type === "success") {
+    errorEl.style.background = "#dcfce7";
+    errorEl.style.color = "#16a34a";
+    errorEl.style.borderColor = "#bbf7d0";
+    return;
+  }
+
+  errorEl.style.background = "#fee2e2";
+  errorEl.style.color = "#dc2626";
+  errorEl.style.borderColor = "#fecaca";
+}
+
+function clearAuthError() {
+  const errorEl = el("authError");
+  if (!errorEl) return;
+  errorEl.style.display = "none";
+}
+
+function setSignupButtonEnabled(enabled) {
+  const signupBtn = /** @type {HTMLButtonElement|null} */ (
+    el("signupSubmitBtn")
+  );
+  if (signupBtn) {
+    signupBtn.disabled = !enabled;
   }
 }
 
 /** Show the auth modal in login mode. */
 function showLogin() {
   setStatus("Please sign in to continue.");
-  if (typeof window.showAuthModal === "function") {
-    window.showAuthModal();
+  showForm("login");
+}
+
+function validatePopupContract() {
+  if (!targetOrigin || !extensionState) {
+    setStatus("Missing extension context. Please reopen sign-in.", "error");
+    return false;
   }
-  if (typeof window.showLoginForm === "function") {
-    window.showLoginForm();
+
+  if (!window.opener || window.opener.closed) {
+    setStatus(
+      "This login window must be opened from the Webflow extension.",
+      "error"
+    );
+    return false;
+  }
+
+  if (targetOrigin && !isValidExtensionTargetOrigin(targetOrigin)) {
+    setStatus("Invalid extension origin. Please reopen sign-in.", "error");
+    return false;
+  }
+
+  try {
+    const referrerOrigin = document.referrer
+      ? new URL(document.referrer).origin
+      : "";
+    if (referrerOrigin && targetOrigin && referrerOrigin !== targetOrigin) {
+      setStatus(
+        "Origin mismatch. Please relaunch from the extension.",
+        "error"
+      );
+      return false;
+    }
+  } catch (_error) {
+    setStatus("Unable to validate opener origin. Please relaunch.", "error");
+    return false;
+  }
+
+  return true;
+}
+
+function isValidExtensionTargetOrigin(rawOrigin) {
+  if (!rawOrigin) return false;
+
+  try {
+    const parsed = new URL(rawOrigin);
+    if (parsed.protocol !== "https:" && parsed.protocol !== "http:") {
+      return false;
+    }
+
+    const host = parsed.hostname.toLowerCase();
+    if (
+      host === "localhost" ||
+      host === "127.0.0.1" ||
+      host.endsWith(".webflow-ext.com")
+    ) {
+      return true;
+    }
+
+    return host.endsWith(".fly.dev");
+  } catch (_error) {
+    return false;
+  }
+}
+
+function getPopupContextValue(storageKey, fallbackValue) {
+  if (fallbackValue) {
+    return fallbackValue;
+  }
+
+  try {
+    return window.sessionStorage.getItem(storageKey) || "";
+  } catch (_error) {
+    return "";
+  }
+}
+
+function persistAuthContext() {
+  try {
+    if (targetOrigin) {
+      window.sessionStorage.setItem(
+        POPUP_AUTH_TARGET_ORIGIN_STORAGE_KEY,
+        targetOrigin
+      );
+    }
+    if (extensionState) {
+      window.sessionStorage.setItem(
+        POPUP_AUTH_STATE_STORAGE_KEY,
+        extensionState
+      );
+    }
+    if (returnTo) {
+      window.sessionStorage.setItem(AUTH_RETURN_TO_STORAGE_KEY, returnTo);
+    }
+    if (requestedMode) {
+      window.sessionStorage.setItem(REQUESTED_MODE_STORAGE_KEY, requestedMode);
+    }
+  } catch (_error) {
+    // Ignore storage failures.
+  }
+}
+
+function clearAuthContext() {
+  try {
+    window.sessionStorage.removeItem(POPUP_AUTH_TARGET_ORIGIN_STORAGE_KEY);
+    window.sessionStorage.removeItem(POPUP_AUTH_STATE_STORAGE_KEY);
+    window.sessionStorage.removeItem(AUTH_RETURN_TO_STORAGE_KEY);
+    window.sessionStorage.removeItem(REQUESTED_MODE_STORAGE_KEY);
+  } catch (_error) {
+    // Ignore storage failures.
+  }
+}
+
+function resolveRequestedMode() {
+  const mode = String(requestedMode || "login")
+    .trim()
+    .toLowerCase();
+  if (mode === "signup" || mode === "reset") {
+    return mode;
+  }
+  return "login";
+}
+
+function showInitialAuthForm() {
+  const mode = resolveRequestedMode();
+  if (mode === "signup") {
+    setStatus("Create your account to continue.");
+    showForm("signup");
+    return;
+  }
+
+  if (mode === "reset") {
+    setStatus("Reset your password to continue.");
+    showForm("reset");
+    return;
+  }
+
+  showLogin();
+}
+
+function resolveReturnDestination() {
+  if (!returnTo) {
+    return "";
+  }
+
+  try {
+    const destination = new URL(returnTo, window.location.origin);
+    if (destination.origin !== window.location.origin) {
+      console.warn("webflow-login: ignoring cross-origin return_to", returnTo);
+      return "";
+    }
+    return destination.toString();
+  } catch (error) {
+    console.warn("webflow-login: invalid return_to", error);
+    return "";
+  }
+}
+
+function hasOAuthCallbackQuery(urlParams) {
+  return (
+    urlParams.has("code") ||
+    urlParams.has("state") ||
+    urlParams.has("error") ||
+    urlParams.has("error_code")
+  );
+}
+
+function cleanOAuthCallbackUrl() {
+  const url = new URL(window.location.href);
+  url.hash = "";
+  OAUTH_CALLBACK_QUERY_KEYS.forEach((key) => {
+    url.searchParams.delete(key);
+  });
+  window.history.replaceState(null, "", `${url.pathname}${url.search}`);
+}
+
+async function getCurrentSession() {
+  if (!supabaseClient?.auth) {
+    throw new Error("Supabase client is not initialised");
+  }
+
+  const {
+    data: { session },
+    error,
+  } = await supabaseClient.auth.getSession();
+
+  if (error) {
+    throw error;
+  }
+
+  return session;
+}
+
+function composeDisplayName(firstName, lastName) {
+  return [firstName, lastName]
+    .map((value) => (typeof value === "string" ? value.trim() : ""))
+    .filter(Boolean)
+    .join(" ");
+}
+
+async function handleEmailLogin(event) {
+  event.preventDefault();
+  const formData = new FormData(event.target);
+
+  showAuthLoading();
+  clearAuthError();
+
+  try {
+    const { data, error } = await supabaseClient.auth.signInWithPassword({
+      email: String(formData.get("email") || ""),
+      password: String(formData.get("password") || ""),
+    });
+
+    if (error) throw error;
+
+    const session = data.session || (await getCurrentSession());
+    if (!session) {
+      throw new Error("Sign-in succeeded, but no session was returned.");
+    }
+
+    await handleAuthenticated(session);
+  } catch (error) {
+    console.error("webflow-login: email login failed", error);
+    showAuthError(
+      error?.message || "Login failed. Please check your credentials."
+    );
+    setStatus("Could not sign you in. Please retry.", "error");
+  } finally {
+    hideAuthLoading();
+  }
+}
+
+async function handleEmailSignup(event) {
+  event.preventDefault();
+  const formData = new FormData(event.target);
+
+  pendingSignupSubmission = {
+    email: String(formData.get("email") || ""),
+    firstName: String(formData.get("firstName") || "").trim(),
+    lastName: String(formData.get("lastName") || "").trim(),
+    password: String(formData.get("password") || ""),
+    passwordConfirm: String(formData.get("passwordConfirm") || ""),
+  };
+  turnstileRetryCount = 0;
+  awaitingCaptchaRefresh = false;
+
+  await executeEmailSignup();
+}
+
+async function executeEmailSignup() {
+  if (!pendingSignupSubmission) return;
+
+  const { email, firstName, lastName, password, passwordConfirm } =
+    pendingSignupSubmission;
+
+  if (password !== passwordConfirm) {
+    showAuthError("Passwords do not match.");
+    return;
+  }
+
+  if (password.length < 8) {
+    showAuthError("Password must be at least 8 characters long.");
+    return;
+  }
+
+  if (enableTurnstile && !captchaToken) {
+    showAuthError("Please complete the security verification.");
+    return;
+  }
+
+  showAuthLoading();
+  clearAuthError();
+
+  try {
+    const signupOptions = {
+      emailRedirectTo: window.location.href.split("#")[0],
+      data: {
+        first_name: firstName,
+        last_name: lastName,
+        given_name: firstName,
+        family_name: lastName,
+        full_name: composeDisplayName(firstName, lastName),
+        name: composeDisplayName(firstName, lastName),
+      },
+    };
+
+    if (enableTurnstile && captchaToken) {
+      signupOptions.captchaToken = captchaToken;
+    }
+
+    const { data, error } = await supabaseClient.auth.signUp({
+      email,
+      password,
+      options: signupOptions,
+    });
+
+    if (error) throw error;
+
+    pendingSignupSubmission = null;
+    awaitingCaptchaRefresh = false;
+    turnstileRetryCount = 0;
+    resetTurnstileWidget();
+
+    if (data.user && !data.user.email_confirmed_at) {
+      showAuthError(
+        "Please check your email and click the confirmation link before signing in.",
+        "success"
+      );
+      setStatus("Check your email to confirm your account.", "success");
+      showForm("login");
+      return;
+    }
+
+    const session = data.session || (await getCurrentSession());
+    if (!session) {
+      throw new Error("Account created, but no session was returned.");
+    }
+
+    await handleAuthenticated(session);
+  } catch (error) {
+    console.error("webflow-login: signup failed", error);
+
+    const canRetryCaptcha = Boolean(
+      enableTurnstile && turnstileWidgetId !== null
+    );
+    const shouldRetryCaptcha =
+      canRetryCaptcha &&
+      turnstileRetryCount < MAX_TURNSTILE_RETRIES &&
+      /captcha|turnstile|106010/i.test(
+        `${error?.message || ""} ${error?.error_description || ""}`
+      );
+
+    if (shouldRetryCaptcha) {
+      turnstileRetryCount += 1;
+      awaitingCaptchaRefresh = true;
+      showAuthError(
+        "Security check expired. Please complete the verification again."
+      );
+      hideAuthLoading();
+      resetTurnstileWidget();
+      return;
+    }
+
+    pendingSignupSubmission = null;
+    awaitingCaptchaRefresh = false;
+    showAuthError(error?.message || "Signup failed. Please try again.");
+    setStatus("Could not create your account. Please retry.", "error");
+  } finally {
+    if (!awaitingCaptchaRefresh) {
+      hideAuthLoading();
+    }
+  }
+}
+
+async function handlePasswordReset(event) {
+  event.preventDefault();
+  const formData = new FormData(event.target);
+
+  showAuthLoading();
+  clearAuthError();
+
+  try {
+    const { error } = await supabaseClient.auth.resetPasswordForEmail(
+      String(formData.get("email") || ""),
+      {
+        redirectTo: `${window.location.origin}/dashboard`,
+      }
+    );
+
+    if (error) throw error;
+
+    showAuthError("Password reset email sent. Check your inbox.", "success");
+    setStatus("Password reset email sent.", "success");
+    window.setTimeout(() => {
+      showForm("login");
+    }, 1500);
+  } catch (error) {
+    console.error("webflow-login: password reset failed", error);
+    showAuthError(error?.message || "Failed to send reset email.");
+    setStatus("Password reset failed. Please retry.", "error");
+  } finally {
+    hideAuthLoading();
+  }
+}
+
+async function handleSocialLogin(provider) {
+  if (!provider) return;
+
+  showAuthLoading();
+  clearAuthError();
+
+  try {
+    persistAuthContext();
+
+    const { data, error } = await supabaseClient.auth.signInWithOAuth({
+      provider,
+      options: {
+        redirectTo: `${window.location.origin}/extension-auth.html`,
+      },
+    });
+
+    if (error) throw error;
+    if (data?.url) {
+      window.location.assign(data.url);
+    }
+  } catch (error) {
+    console.error("webflow-login: social login failed", error);
+    showAuthError(error?.message || `${provider} login failed.`);
+    setStatus("Could not start social sign-in. Please retry.", "error");
+    hideAuthLoading();
+  }
+}
+
+async function ensureTurnstileWidget() {
+  const widget = document.querySelector(".cf-turnstile");
+  if (!widget) {
+    return;
+  }
+
+  if (!enableTurnstile) {
+    setSignupButtonEnabled(true);
+    return;
+  }
+
+  await ensureTurnstileLoaded();
+
+  if (turnstileWidgetId !== null || !window.turnstile) {
+    return;
+  }
+
+  turnstileWidgetId = window.turnstile.render(widget, {
+    sitekey: widget.dataset.sitekey,
+    callback: handleTurnstileSuccess,
+  });
+}
+
+function ensureTurnstileLoaded() {
+  if (!enableTurnstile) {
+    return Promise.resolve();
+  }
+
+  if (window.turnstile) {
+    return Promise.resolve();
+  }
+
+  if (turnstileLoadPromise) {
+    return turnstileLoadPromise;
+  }
+
+  turnstileLoadPromise = new Promise((resolve, reject) => {
+    const script = document.createElement("script");
+    script.src = TURNSTILE_SCRIPT_SRC;
+    script.async = true;
+    script.defer = true;
+    script.crossOrigin = "anonymous";
+    script.onload = () => resolve();
+    script.onerror = () =>
+      reject(new Error("Turnstile script failed to load."));
+    document.head.appendChild(script);
+  });
+
+  return turnstileLoadPromise;
+}
+
+function handleTurnstileSuccess(token) {
+  captchaToken = token;
+  captchaIssuedAt = Date.now();
+  setSignupButtonEnabled(true);
+
+  if (awaitingCaptchaRefresh && pendingSignupSubmission) {
+    awaitingCaptchaRefresh = false;
+    void executeEmailSignup();
+  }
+}
+
+function resetTurnstileWidget() {
+  captchaToken = null;
+  captchaIssuedAt = null;
+  setSignupButtonEnabled(!enableTurnstile);
+
+  if (!enableTurnstile || !window.turnstile || turnstileWidgetId === null) {
+    return;
+  }
+
+  try {
+    window.turnstile.reset(turnstileWidgetId);
+  } catch (error) {
+    console.debug("webflow-login: turnstile reset skipped", {
+      error: error?.message,
+      ageMs: captchaIssuedAt ? Date.now() - captchaIssuedAt : null,
+    });
   }
 }
 
diff --git a/web/static/app/styles/dashboard-extension.css b/web/static/app/styles/dashboard-extension.css
new file mode 100644
index 000000000..d5fef2947
--- /dev/null
+++ b/web/static/app/styles/dashboard-extension.css
@@ -0,0 +1,743 @@
+/* Dashboard shell aligned to the Webflow extension surface. */
+
+body.page-dashboard {
+  margin: 0;
+  min-height: 100vh;
+  font-family: var(--font-family--primary);
+  color: var(--text-colour--primary);
+  background:
+    radial-gradient(
+      circle at top left,
+      rgba(142, 218, 239, 0.12),
+      transparent 28%
+    ),
+    linear-gradient(
+      180deg,
+      rgba(16, 26, 69, 0.98) 0%,
+      rgba(3, 4, 35, 1) 48%,
+      rgba(3, 4, 35, 1) 100%
+    );
+}
+
+body.page-dashboard .dashboard-shell {
+  min-height: 100vh;
+}
+
+body.page-dashboard .app-shell {
+  padding: 0;
+  display: flex;
+  flex-direction: column;
+}
+
+body.page-dashboard .panel {
+  width: min(1120px, calc(100vw - 48px));
+  margin: 24px auto;
+  display: flex;
+  flex-direction: column;
+  min-height: calc(100vh - 48px);
+  overflow: hidden;
+  border: 1px solid var(--border-colour--default);
+  box-shadow: var(--shadow--overlay);
+  background: rgba(3, 4, 35, 0.96);
+}
+
+body.page-dashboard .section {
+  padding: 12px 18px;
+  border-bottom: 1px solid rgba(142, 218, 239, 0.32);
+}
+
+body.page-dashboard .hidden {
+  display: none !important;
+}
+
+body.page-dashboard .header {
+  padding: 16px 18px 14px;
+  border-bottom: none;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  gap: var(--spacing--xl);
+  flex-shrink: 0;
+}
+
+body.page-dashboard .top-brand {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  width: 100%;
+}
+
+body.page-dashboard .brand-logo {
+  display: block;
+  width: 112px;
+  max-width: 100%;
+  height: auto;
+}
+
+body.page-dashboard .section-title {
+  margin: 0;
+  font-size: 14px;
+  line-height: 1.35;
+  font-weight: 700;
+  color: var(--colour--brand-primary);
+}
+
+body.page-dashboard .auth-wrapper {
+  display: flex;
+  flex: 1;
+  flex-direction: column;
+  justify-content: space-between;
+  padding: 18px 14px 16px;
+}
+
+body.page-dashboard .dashboard-auth-wrapper {
+  min-height: 560px;
+}
+
+body.page-dashboard .auth-header {
+  padding: 0;
+  flex-direction: column;
+  align-items: stretch;
+  gap: 18px;
+}
+
+body.page-dashboard .icon-list {
+  margin: 18px 0;
+  padding-left: 0;
+  list-style: none;
+}
+
+body.page-dashboard .icon-list li {
+  display: flex;
+  align-items: flex-start;
+  gap: 8px;
+  margin: 0 0 12px;
+  font-size: 13.82px;
+  line-height: 16px;
+  color: var(--text-colour--secondary);
+}
+
+body.page-dashboard .icon {
+  display: inline-block;
+  width: 1em;
+  height: 1em;
+  flex-shrink: 0;
+  background-color: currentcolor;
+  -webkit-mask-position: center;
+  -webkit-mask-repeat: no-repeat;
+  -webkit-mask-size: contain;
+  mask-position: center;
+  mask-repeat: no-repeat;
+  mask-size: contain;
+}
+
+body.page-dashboard .icon--medium {
+  width: 1em;
+  height: 1em;
+}
+
+body.page-dashboard .icon--large {
+  width: 1.15em;
+  height: 1.15em;
+}
+
+body.page-dashboard .icon--small {
+  width: 16px;
+  height: 11px;
+}
+
+body.page-dashboard .icon--broken {
+  -webkit-mask-image: url("/app/icons/Icon_BrokenLink.svg");
+  mask-image: url("/app/icons/Icon_BrokenLink.svg");
+}
+
+body.page-dashboard .icon--download {
+  -webkit-mask-image: url("/app/icons/Icon_Download.svg");
+  mask-image: url("/app/icons/Icon_Download.svg");
+}
+
+body.page-dashboard .icon--person {
+  -webkit-mask-image: url("/app/icons/Icon_Person.svg");
+  mask-image: url("/app/icons/Icon_Person.svg");
+}
+
+body.page-dashboard .icon--bee {
+  -webkit-mask-image: url("/app/icons/Icon_Bee.svg");
+  mask-image: url("/app/icons/Icon_Bee.svg");
+}
+
+body.page-dashboard .icon--arrow {
+  -webkit-mask-image: url("/app/icons/Icon_Arrow.svg");
+  mask-image: url("/app/icons/Icon_Arrow.svg");
+}
+
+body.page-dashboard .icon--arrow--right {
+  transform: rotate(0deg);
+}
+
+body.page-dashboard .actions {
+  display: flex;
+  flex-wrap: wrap;
+  gap: var(--spacing--lg);
+  margin-top: var(--spacing--xl);
+}
+
+body.page-dashboard .auth-actions {
+  flex-direction: column;
+  gap: 14px;
+  margin-top: 0;
+}
+
+body.page-dashboard .auth-login-prompt {
+  display: flex;
+  flex-direction: column;
+  gap: 18px;
+  padding: 6px 0 0;
+}
+
+body.page-dashboard .auth-login-divider {
+  width: 100%;
+  border-top: 0.5px solid var(--background-colour--brand);
+}
+
+body.page-dashboard .auth-login-copy {
+  margin: 0;
+  font-size: 13px;
+  line-height: 1.4;
+  text-align: center;
+  color: var(--text-colour--secondary);
+}
+
+body.page-dashboard .btn {
+  appearance: none;
+  -webkit-appearance: none;
+  border: 2px solid transparent;
+  border-radius: var(--radius--control);
+  font-family: var(--font-family--primary);
+  letter-spacing: var(--letter-spacing--default);
+  cursor: pointer;
+  white-space: nowrap;
+  transition:
+    background var(--motion-duration--fast) var(--motion-easing--standard),
+    border-color var(--motion-duration--fast) var(--motion-easing--standard),
+    color var(--motion-duration--fast) var(--motion-easing--standard);
+}
+
+body.page-dashboard .btn:not(select):not(input) {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  gap: var(--spacing--sm);
+}
+
+body.page-dashboard .btn:disabled {
+  opacity: var(--opacity--disabled);
+  cursor: not-allowed;
+}
+
+body.page-dashboard .btn--primary {
+  background: var(--background-colour--brand);
+  color: var(--text-colour--on-brand);
+  border-color: var(--background-colour--brand);
+}
+
+body.page-dashboard .btn--primary:not(:disabled):hover {
+  background: var(--background-colour--brand-hover);
+  border-color: var(--background-colour--brand-hover);
+}
+
+body.page-dashboard .btn--secondary {
+  background: rgba(97, 208, 239, 0.35);
+  color: var(--colour--brand-primary);
+  border-color: var(--background-colour--brand);
+}
+
+body.page-dashboard .btn--secondary:not(:disabled):hover {
+  background: var(--background-colour--hover-subtle);
+  border-color: var(--border-colour--strong);
+}
+
+body.page-dashboard .btn--tertiary {
+  background-color: var(--background-colour--canvas);
+  color: var(--colour--brand-primary);
+  border-color: var(--background-colour--brand);
+}
+
+body.page-dashboard .btn--tertiary:not(:disabled):hover {
+  background-color: var(--background-colour--canvas);
+  color: var(--colour--brand-primary);
+}
+
+body.page-dashboard .btn--ghost {
+  background: transparent;
+  color: var(--text-colour--primary);
+  border-color: transparent;
+}
+
+body.page-dashboard .btn--ghost:not(:disabled):hover {
+  color: var(--text-colour--secondary);
+}
+
+body.page-dashboard .btn--lg {
+  min-height: 30px;
+  padding: 4px 10px;
+  font-size: 13.82px;
+  line-height: 1;
+  font-weight: 700;
+  letter-spacing: 0.02em;
+  min-width: 100%;
+  justify-content: center;
+  gap: 4px;
+}
+
+body.page-dashboard .btn--square {
+  border-radius: 0;
+}
+
+body.page-dashboard .btn--footer-link {
+  padding: 0;
+  font-size: var(--font-size--title);
+  font-weight: 400;
+  gap: var(--spacing--3xl);
+}
+
+body.page-dashboard .btn--select {
+  cursor: pointer;
+  appearance: none;
+  -webkit-appearance: none;
+  outline: none;
+  padding-right: var(--spacing--7xl) !important;
+  padding-left: var(--spacing--lg) !important;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  overflow: hidden;
+  background-image: var(--control-icon--chevron);
+  background-repeat: no-repeat;
+  background-position: right var(--spacing--lg) center;
+  background-size: 8px 5px;
+}
+
+body.page-dashboard .corners--right {
+  border-top-left-radius: 0;
+  border-top-right-radius: var(--radius--notch);
+  border-bottom-right-radius: var(--radius--notch);
+  border-bottom-left-radius: 0;
+  corner-shape: square notch notch square;
+}
+
+body.page-dashboard .topbar {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: var(--spacing--xl);
+  flex-shrink: 0;
+  background: var(--background-colour--panel);
+}
+
+body.page-dashboard .topbar-org-select {
+  width: 220px;
+  min-width: 0;
+}
+
+body.page-dashboard .shell-dropdown {
+  position: absolute;
+  top: calc(100% + 10px);
+  right: 0;
+  z-index: 30;
+  display: none;
+  min-width: 260px;
+  padding: 12px;
+  border: 1px solid rgba(142, 218, 239, 0.35);
+  background: rgba(10, 16, 54, 0.98);
+  box-shadow: var(--shadow--overlay);
+}
+
+body.page-dashboard .shell-dropdown.show,
+body.page-dashboard .shell-notifications.open .shell-notifications-dropdown {
+  display: block;
+}
+
+body.page-dashboard .shell-dropdown-header,
+body.page-dashboard .shell-dropdown-footer {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: var(--spacing--md);
+}
+
+body.page-dashboard .shell-dropdown-header {
+  padding-bottom: 10px;
+  border-bottom: 1px solid rgba(142, 218, 239, 0.18);
+}
+
+body.page-dashboard .shell-dropdown-footer {
+  padding-top: 10px;
+  border-top: 1px solid rgba(142, 218, 239, 0.18);
+}
+
+body.page-dashboard .shell-dropdown-title {
+  font-size: 12px;
+  font-weight: 700;
+  letter-spacing: 0.03em;
+  text-transform: uppercase;
+  color: var(--text-colour--secondary);
+}
+
+body.page-dashboard .shell-dropdown-action,
+body.page-dashboard .shell-dropdown-link {
+  appearance: none;
+  padding: 0;
+  border: 0;
+  background: transparent;
+  color: var(--colour--brand-primary);
+  font: inherit;
+  text-align: left;
+  cursor: pointer;
+}
+
+body.page-dashboard .shell-dropdown-links {
+  display: grid;
+  gap: 8px;
+}
+
+body.page-dashboard .shell-profile-summary {
+  display: grid;
+  gap: 4px;
+  margin-bottom: 12px;
+  padding-bottom: 12px;
+  border-bottom: 1px solid rgba(142, 218, 239, 0.18);
+}
+
+body.page-dashboard .shell-profile-email,
+body.page-dashboard .shell-profile-org,
+body.page-dashboard .shell-profile-plan,
+body.page-dashboard .shell-profile-usage {
+  margin: 0;
+  min-width: 0;
+}
+
+body.page-dashboard .shell-profile-email {
+  font-size: 13px;
+  font-weight: 700;
+  color: var(--text-colour--primary);
+  word-break: break-word;
+}
+
+body.page-dashboard .shell-profile-org,
+body.page-dashboard .shell-profile-plan,
+body.page-dashboard .shell-profile-usage {
+  font-size: 12px;
+  color: var(--text-colour--secondary);
+}
+
+body.page-dashboard .shell-notifications-dropdown {
+  width: min(360px, calc(100vw - 64px));
+}
+
+body.page-dashboard .shell-notifications-list {
+  display: grid;
+  gap: 8px;
+  max-height: 320px;
+  margin: 12px 0;
+  overflow-y: auto;
+}
+
+body.page-dashboard .shell-notification-item {
+  appearance: none;
+  width: 100%;
+  padding: 10px 12px;
+  border: 1px solid rgba(142, 218, 239, 0.2);
+  background: rgba(142, 218, 239, 0.06);
+  color: inherit;
+  text-align: left;
+  cursor: pointer;
+}
+
+body.page-dashboard .shell-notification-item.unread {
+  border-color: rgba(142, 218, 239, 0.45);
+  background: rgba(142, 218, 239, 0.12);
+}
+
+body.page-dashboard .shell-notification-item-subject {
+  font-size: 12px;
+  font-weight: 700;
+  color: var(--text-colour--primary);
+}
+
+body.page-dashboard .shell-notification-item-preview,
+body.page-dashboard .shell-notifications-empty {
+  font-size: 12px;
+  color: var(--text-colour--secondary);
+}
+
+body.page-dashboard .action-bar {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: var(--spacing--3xl);
+  flex-shrink: 0;
+  background: var(--background-colour--panel);
+}
+
+body.page-dashboard .action-bar-controls {
+  display: flex;
+  align-items: center;
+  gap: var(--spacing--3xl);
+  min-width: 0;
+  flex: 1;
+}
+
+body.page-dashboard .control-group {
+  display: flex;
+  align-items: center;
+  gap: var(--spacing--lg);
+  min-width: 0;
+}
+
+body.page-dashboard .control-group--domain {
+  flex: 1;
+}
+
+body.page-dashboard .control-label {
+  font-size: var(--font-size--label);
+  color: var(--colour--brand-primary);
+  white-space: nowrap;
+}
+
+body.page-dashboard .dashboard-domain-search {
+  position: relative;
+  min-width: 0;
+  flex: 1;
+}
+
+body.page-dashboard .dashboard-domain-input {
+  width: 100%;
+  box-sizing: border-box;
+  text-align: left;
+}
+
+body.page-dashboard .action-bar-select {
+  width: 90px;
+  min-width: 90px;
+}
+
+body.page-dashboard .status-block {
+  flex-shrink: 0;
+  opacity: 1;
+  transition: opacity 0.5s var(--motion-easing--standard);
+  background: var(--background-colour--hover-subtle);
+}
+
+body.page-dashboard .status-block:not(:has(p:not(:empty))) {
+  display: none;
+}
+
+body.page-dashboard .status-block--fading {
+  opacity: 0;
+}
+
+body.page-dashboard .status-block-content {
+  display: flex;
+  flex-direction: column;
+  gap: var(--spacing--2xs);
+  padding: var(--spacing--md) var(--spacing--xl);
+}
+
+body.page-dashboard .status {
+  margin: 0;
+  font-size: var(--font-size--label);
+  font-weight: 700;
+  color: var(--colour--brand-primary);
+}
+
+body.page-dashboard .detail {
+  margin: 0;
+  font-size: var(--font-size--body);
+  color: var(--text-colour--secondary);
+}
+
+body.page-dashboard .content-scroll {
+  flex: 1;
+  background-color: var(--colour--neutral-800);
+  overflow-y: auto;
+  display: flex;
+  flex-direction: column;
+  gap: var(--spacing--3xl);
+  padding-right: 0;
+}
+
+body.page-dashboard .dot {
+  display: inline-block;
+  width: var(--size--dot-default);
+  height: var(--size--dot-default);
+  border-radius: var(--radius--round);
+  flex-shrink: 0;
+}
+
+body.page-dashboard .dot--success {
+  background: var(--status-colour--success);
+}
+
+body.page-dashboard .job-band {
+  display: flex;
+  flex-direction: column;
+  gap: var(--spacing--lg);
+  width: calc(100% + 36px);
+  margin: -12px -18px 0;
+  padding: 12px 18px;
+  background: var(--background-colour--hover-subtle);
+}
+
+body.page-dashboard .job-band:not(:has(#jobSection:not(.hidden))) {
+  display: none;
+}
+
+body.page-dashboard .no-job-state {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: var(--spacing--xl);
+  padding: var(--spacing--7xl) 0;
+}
+
+body.page-dashboard .results-section {
+  display: flex;
+  flex-direction: column;
+  gap: var(--spacing--3xl);
+}
+
+body.page-dashboard .section-heading {
+  margin: 0;
+  font-size: var(--font-size--title);
+  font-weight: 400;
+  color: var(--text-colour--heading);
+}
+
+body.page-dashboard .results-list {
+  display: flex;
+  flex-direction: column;
+  gap: var(--spacing--3xl);
+}
+
+body.page-dashboard .chart-section {
+  padding: var(--spacing--xl) 0;
+}
+
+body.page-dashboard .chart-layout {
+  display: grid;
+  grid-template-columns: 32px 1fr;
+  align-items: end;
+  gap: var(--spacing--sm);
+}
+
+body.page-dashboard .chart-y-scale {
+  height: var(--size--chart-height);
+  display: flex;
+  flex-direction: column;
+  justify-content: space-between;
+  align-items: flex-end;
+  font-size: var(--font-size--label);
+  color: var(--text-colour--secondary);
+  line-height: 1;
+}
+
+body.page-dashboard .mini-chart {
+  position: relative;
+  height: var(--size--chart-height);
+  display: flex;
+  align-items: flex-end;
+  justify-content: center;
+  gap: var(--spacing--8xl);
+  padding-left: var(--spacing--sm);
+}
+
+body.page-dashboard .mini-chart::before {
+  content: "";
+  position: absolute;
+  left: 0;
+  bottom: 0;
+  top: 0;
+  width: var(--border-size--default);
+  background: var(--text-colour--secondary);
+}
+
+body.page-dashboard .mini-chart::after {
+  content: "";
+  position: absolute;
+  left: 0;
+  bottom: 0;
+  right: 0;
+  height: var(--border-size--default);
+  background: var(--text-colour--secondary);
+}
+
+body.page-dashboard .chart-bar {
+  display: flex;
+  flex-direction: column;
+  justify-content: flex-end;
+  align-items: stretch;
+  width: var(--size--chart-bar-width);
+  height: 100%;
+  cursor: pointer;
+}
+
+body.page-dashboard .chart-bar:focus-visible {
+  outline: var(--border-size--default) solid var(--border-colour--strong);
+  outline-offset: var(--spacing--2xs);
+}
+
+body.page-dashboard .chart-bar--danger {
+  background: transparent;
+  border: var(--border-size--default) solid var(--status-colour--danger);
+}
+
+body.page-dashboard .chart-bar--warning {
+  background: transparent;
+  border: var(--border-size--default) solid var(--status-colour--warning);
+}
+
+body.page-dashboard .panel-footer {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  flex-shrink: 0;
+}
+
+body.page-dashboard hover-job-card {
+  display: block;
+}
+
+@media (max-width: 860px) {
+  body.page-dashboard .panel {
+    width: calc(100vw - 24px);
+    margin: 12px auto;
+    min-height: calc(100vh - 24px);
+  }
+
+  body.page-dashboard .topbar,
+  body.page-dashboard .action-bar,
+  body.page-dashboard .action-bar-controls,
+  body.page-dashboard .topbar-actions {
+    flex-direction: column;
+    align-items: stretch;
+  }
+
+  body.page-dashboard .topbar-org-select,
+  body.page-dashboard .dashboard-domain-search,
+  body.page-dashboard .dashboard-domain-input,
+  body.page-dashboard .action-bar-select {
+    width: 100%;
+    max-width: 100%;
+  }
+
+  body.page-dashboard .shell-dropdown,
+  body.page-dashboard .shell-notifications-dropdown {
+    width: 100%;
+    min-width: 0;
+  }
+
+  body.page-dashboard .panel-footer {
+    gap: var(--spacing--lg);
+    flex-wrap: wrap;
+  }
+}
diff --git a/web/static/app/styles/shell.css b/web/static/app/styles/shell.css
new file mode 100644
index 000000000..0c7a02068
--- /dev/null
+++ b/web/static/app/styles/shell.css
@@ -0,0 +1,128 @@
+.topbar-brand-link {
+  display: inline-flex;
+  align-items: center;
+  justify-content: flex-start;
+  padding: 0;
+  background: transparent;
+  border: 0;
+  cursor: pointer;
+}
+
+.brand-logo--topbar {
+  width: 88px;
+}
+
+.topbar-actions {
+  display: flex;
+  align-items: center;
+  justify-content: flex-end;
+  gap: var(--spacing--lg);
+  margin-left: auto;
+  min-width: 0;
+}
+
+.topbar-profile {
+  justify-content: center;
+  background: transparent;
+  border-color: var(--border-colour--default);
+  box-shadow: none;
+  padding: 0;
+  overflow: hidden;
+}
+
+.topbar-profile:not(:disabled):hover {
+  background: transparent;
+  border-color: var(--border-colour--default);
+  opacity: 0.85;
+}
+
+.topbar-profile-avatar {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  width: 100%;
+  height: 100%;
+  background: var(--colour--brand-primary);
+  font-size: 0.6rem;
+  font-weight: 700;
+  letter-spacing: 0.03em;
+  color: #fff;
+  overflow: hidden;
+  border-radius: inherit;
+  user-select: none;
+}
+
+.topbar-profile-avatar img {
+  display: block;
+  width: 100%;
+  height: 100%;
+  object-fit: cover;
+  border-radius: inherit;
+}
+
+.shell-profile-menu,
+.shell-notifications {
+  position: relative;
+  flex-shrink: 0;
+}
+
+.shell-notifications-button {
+  position: relative;
+}
+
+.shell-notifications-icon {
+  width: 18px;
+  height: 18px;
+  fill: none;
+  stroke: currentcolor;
+  stroke-width: 1.9;
+  stroke-linecap: round;
+  stroke-linejoin: round;
+}
+
+.shell-notifications-badge {
+  position: absolute;
+  top: -6px;
+  right: -6px;
+  min-width: 18px;
+  height: 18px;
+  padding: 0 5px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  border-radius: 999px;
+  background: var(--status-colour--danger);
+  color: #fff;
+  font-size: 11px;
+  font-weight: 700;
+  line-height: 1;
+}
+
+.corners--top-left {
+  border-radius: var(--radius--notch) 0 0 0;
+  corner-shape: notch square square square;
+}
+
+.btn--sm {
+  min-width: 0;
+  height: 21px;
+  padding: 0 8px;
+  font-size: var(--font-size--button-primary);
+  font-weight: 700;
+  line-height: 1;
+  gap: 3px;
+  box-shadow: var(--shadow--surface);
+}
+
+.btn--icon-square {
+  width: 29px;
+  height: 29px;
+  padding: 0;
+  flex-shrink: 0;
+  font-size: 12px;
+  line-height: 1;
+}
+
+.btn--border-thin {
+  border-width: var(--border-size--default);
+}
diff --git a/web/static/js/auth.js b/web/static/js/auth.js
index 60d5c3a93..d9cb157e3 100644
--- a/web/static/js/auth.js
+++ b/web/static/js/auth.js
@@ -39,7 +39,7 @@ if (!hasSupabaseRuntimeConfig()) {
 }
 
 // Global state
-let supabase;
+let supabaseClient = null;
 let captchaToken = null;
 const MAX_TURNSTILE_RETRIES = 2;
 let pendingSignupSubmission = null;
@@ -278,6 +278,7 @@ function getOAuthCallbackURL(params = {}) {
 function initialiseSupabase() {
   // If already initialised (client has auth property), return success
   if (window.supabase && window.supabase.auth) {
+    supabaseClient = window.supabase;
     return true;
   }
 
@@ -290,8 +291,11 @@ function initialiseSupabase() {
 
   // Otherwise, create the client from the SDK
   if (window.supabase && window.supabase.createClient) {
-    supabase = window.supabase.createClient(SUPABASE_URL, SUPABASE_ANON_KEY);
-    window.supabase = supabase; // Ensure it's globally available
+    supabaseClient = window.supabase.createClient(
+      SUPABASE_URL,
+      SUPABASE_ANON_KEY
+    );
+    window.supabase = supabaseClient; // Ensure it's globally available
     return true;
   }
   return false;
@@ -431,7 +435,7 @@ async function handleAuthCallback() {
       const {
         data: { session },
         error,
-      } = await supabase.auth.setSession({
+      } = await supabaseClient.auth.setSession({
         access_token: accessToken,
         refresh_token: refreshToken,
       });
@@ -476,7 +480,7 @@ async function handleAuthCallback() {
       // Check if already authenticated
       const {
         data: { session },
-      } = await supabase.auth.getSession();
+      } = await supabaseClient.auth.getSession();
       if (session) {
         const pendingInviteToken = getPendingInviteToken();
         if (
@@ -534,7 +538,7 @@ async function registerUserWithBackend(user) {
   }
 
   try {
-    const session = await supabase.auth.getSession();
+    const session = await supabaseClient.auth.getSession();
     if (!session.data.session) {
       console.error("No session available for registration");
       return false;
@@ -682,7 +686,7 @@ function updateAuthState(isAuthenticated) {
       ) {
         logoutBtn.addEventListener("click", async () => {
           try {
-            const { error } = await supabase.auth.signOut();
+            const { error } = await supabaseClient.auth.signOut();
             if (error) {
               console.error("Logout error:", error);
               alert("Logout failed. Please try again.");
@@ -716,7 +720,7 @@ async function updateUserInfo() {
     // Get current user from Supabase directly
     const {
       data: { session },
-    } = await supabase.auth.getSession();
+    } = await supabaseClient.auth.getSession();
 
     if (session && session.user && session.user.email) {
       const email = session.user.email;
@@ -1072,7 +1076,7 @@ async function handleEmailLogin(event) {
   clearAuthError();
 
   try {
-    const { data, error } = await supabase.auth.signInWithPassword({
+    const { data, error } = await supabaseClient.auth.signInWithPassword({
       email,
       password,
     });
@@ -1165,7 +1169,7 @@ async function executeEmailSignup() {
       name: fullName || "",
     };
 
-    const { data, error } = await supabase.auth.signUp({
+    const { data, error } = await supabaseClient.auth.signUp({
       email,
       password,
       options: signupOptions,
@@ -1274,13 +1278,13 @@ async function trySendCliCallback(callbackUrlOverride) {
   }
 
   try {
-    if (!supabase) {
+    if (!supabaseClient) {
       return false;
     }
     const {
       data: { session },
       error,
-    } = await supabase.auth.getSession();
+    } = await supabaseClient.auth.getSession();
     if (error || !session) {
       return false;
     }
@@ -1374,7 +1378,7 @@ async function handlePasswordReset(event) {
   clearAuthError();
 
   try {
-    const { error } = await supabase.auth.resetPasswordForEmail(email, {
+    const { error } = await supabaseClient.auth.resetPasswordForEmail(email, {
       redirectTo: `${window.location.origin}/dashboard`,
     });
 
@@ -1419,7 +1423,7 @@ async function handleSocialLogin(provider, options = {}) {
       window.GNH_APP?.oauthRedirectOverride ||
       (window.GNH_APP?.extensionAuth ? window.location.href : "");
 
-    const { data, error } = await supabase.auth.signInWithOAuth({
+    const { data, error } = await supabaseClient.auth.signInWithOAuth({
       provider,
       options: {
         redirectTo: redirectOverride || getOAuthRedirectTarget(),
@@ -1486,7 +1490,7 @@ async function initAuthCallbackPage() {
 
   const {
     data: { session },
-  } = await supabase.auth.getSession();
+  } = await supabaseClient.auth.getSession();
   if (session) {
     authCallbackRedirectIssued = true;
     window.location.replace("/dashboard");
@@ -1815,12 +1819,12 @@ function setupAuthHandlers() {
 
       // Ensure Supabase client is initialized before calling getSession.
       await waitForAuthScript();
-      if (!supabase || !supabase.auth) {
+      if (!supabaseClient || !supabaseClient.auth) {
         console.error("CLI auth: Supabase client not initialized");
         return;
       }
 
-      const { data } = await supabase.auth.getSession();
+      const { data } = await supabaseClient.auth.getSession();
       if (!data?.session) {
         await loadAuthModal();
         showAuthModal();
@@ -1835,12 +1839,12 @@ function initialiseAuthStateSync() {
   if (authStateSyncInitialised) {
     return true;
   }
-  if (!supabase?.auth && !initialiseSupabase()) {
+  if (!supabaseClient?.auth && !initialiseSupabase()) {
     return false;
   }
   authStateSyncInitialised = true;
 
-  supabase.auth
+  supabaseClient.auth
     .getSession()
     .then(({ data }) => {
       const session = data?.session;
@@ -1856,7 +1860,7 @@ function initialiseAuthStateSync() {
       updateAuthState(false);
     });
 
-  supabase.auth.onAuthStateChange((_event, session) => {
+  supabaseClient.auth.onAuthStateChange((_event, session) => {
     const isAuthenticated = Boolean(session);
     updateAuthState(isAuthenticated);
     if (isAuthenticated) {
@@ -1889,7 +1893,7 @@ function scheduleAuthStateSyncRetry() {
  */
 async function handleLogout() {
   try {
-    const { error } = await supabase.auth.signOut();
+    const { error } = await supabaseClient.auth.signOut();
     if (error) {
       console.error("Logout error:", error);
       alert("Logout failed. Please try again.");
@@ -2059,7 +2063,7 @@ function initExtensionAuthPage() {
     const {
       data: { session },
       error,
-    } = await supabase.auth.getSession();
+    } = await supabaseClient.auth.getSession();
 
     if (error || !session?.access_token || !session.user) {
       throw new Error(error?.message || "No active session found", {
@@ -2122,7 +2126,7 @@ function initExtensionAuthPage() {
 
       const {
         data: { session },
-      } = await supabase.auth.getSession();
+      } = await supabaseClient.auth.getSession();
       if (session?.access_token) {
         setStatus("Existing session found. Connecting extension…");
         await sendSessionToExtension();
@@ -2199,6 +2203,7 @@ if (typeof module !== "undefined" && module.exports) {
     setupAuthModalHandlers,
     setupLoginPageHandlers,
     handleLogout,
+    isValidExtensionTargetOrigin,
     defaultHandleAuthSuccess,
     initAuthCallbackPage,
     initExtensionAuthPage,
@@ -2239,6 +2244,7 @@ if (typeof module !== "undefined" && module.exports) {
     setupAuthModalHandlers,
     setupLoginPageHandlers,
     handleLogout,
+    isValidExtensionTargetOrigin,
     initAuthCallbackPage,
     initExtensionAuthPage,
     clearPendingInviteToken,
@@ -2274,6 +2280,7 @@ if (typeof module !== "undefined" && module.exports) {
   window.setupAuthModalHandlers = setupAuthModalHandlers;
   window.setupLoginPageHandlers = setupLoginPageHandlers;
   window.handleLogout = handleLogout;
+  window.isValidExtensionTargetOrigin = isValidExtensionTargetOrigin;
   window.handleAuthSuccess = defaultHandleAuthSuccess;
   window.initExtensionAuthPage = initExtensionAuthPage;
   window.initAuthCallbackPage = initAuthCallbackPage;
diff --git a/web/static/styles/app.css b/web/static/styles/app.css
index daff16297..1fcf90437 100644
--- a/web/static/styles/app.css
+++ b/web/static/styles/app.css
@@ -3242,6 +3242,65 @@ body.page-job-details {
   min-height: 100vh;
 }
 
+.surface-context-bar {
+  display: none;
+  align-items: center;
+  justify-content: space-between;
+  gap: 16px;
+  padding: 14px 24px;
+  border-bottom: 1px solid #e5e7eb;
+  background: #ffffff;
+}
+
+html[data-surface-context="webflow-extension"] .surface-context-bar {
+  display: flex;
+}
+
+.surface-context-meta {
+  display: flex;
+  align-items: center;
+  gap: 16px;
+  min-width: 0;
+}
+
+.surface-context-back {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  min-height: 36px;
+  padding: 0 14px;
+  border: 1px solid #cbd5e1;
+  background: #f8fafc;
+  color: #0f172a;
+  text-decoration: none;
+  font-size: 14px;
+  font-weight: 600;
+}
+
+.surface-context-back:hover {
+  background: #eff6ff;
+}
+
+.surface-context-title,
+.surface-context-subtitle {
+  margin: 0;
+}
+
+.surface-context-title {
+  font-size: 14px;
+  font-weight: 700;
+  color: #0f172a;
+}
+
+.surface-context-subtitle {
+  font-size: 12px;
+  color: #64748b;
+}
+
+html[data-surface-context="webflow-extension"] .global-nav {
+  display: none !important;
+}
+
 /* Job Details */
 body.page-job-details {
   color-scheme: light;
@@ -3319,6 +3378,13 @@ body.page-job-details main {
   gap: 24px;
 }
 
+html[data-surface-context="webflow-extension"]
+  body.page-settings
+  .settings-main,
+html[data-surface-context="webflow-extension"] body.page-job-details main {
+  margin-top: 24px;
+}
+
 body.page-job-details section {
   background: white;
   border-radius: 12px;
diff --git a/web/templates/extension-auth.html b/web/templates/extension-auth.html
index 063a3384e..9bd77abdd 100644
--- a/web/templates/extension-auth.html
+++ b/web/templates/extension-auth.html
@@ -7,19 +7,15 @@
     <title>Hover — Connect to Webflow</title>
 
     <!--
-      Phase 1 loading pattern:
+      Extension auth loading pattern:
       1. /config.js       — sets window.GNH_CONFIG (server-rendered)
-      2. /js/auth.js      — GNHAuth helpers; still loaded as legacy script
-                            while the auth modal component is pre-module
-      3. Supabase SDK     — CDN UMD, sets window.supabase
-      4. module entry     — /app/pages/webflow-login.js (ES module)
-
-      No gnh-bootstrap.js. No core.js. No GNH_APP.whenReady().
-      The extensionAuth flag is set inside webflow-login.js before any
-      auth action, preserving the auth redirect contract from AGENTS.md.
+      2. Supabase SDK     — CDN UMD namespace, used by the module bootstrap
+      3. module entry     — /app/pages/webflow-login.js (ES module)
+
+      No legacy auth bundle on this page. The popup owns its auth UI and
+      OAuth return flow through the app/ module layer.
     -->
     <script src="/config.js"></script>
-    <script src="/js/auth.js" defer></script>
     <script
       src="https://unpkg.com/@supabase/supabase-js@2.95.3/dist/umd/supabase.js"
       integrity="sha384-g8TQpKstPpyDTjwOLNQvGR++9KAGGvtxWv+P5XmDd3QZQx1jie8r1hx0gVpD+cdb"
@@ -112,6 +108,10 @@
         border-color: var(--border-colour--active);
         color: var(--text-colour--primary);
       }
+
+      .extension-auth-reopen[hidden] {
+        display: none;
+      }
     </style>
   </head>
 
diff --git a/web/templates/job-details.html b/web/templates/job-details.html
index df2f69415..9c92b203f 100644
--- a/web/templates/job-details.html
+++ b/web/templates/job-details.html
@@ -11,11 +11,41 @@
     <link rel="stylesheet" href="/app/styles/base.css" />
     <link rel="stylesheet" href="/app/styles/components.css" />
     <script src="/js/core.js" defer></script>
+    <script>
+      (function () {
+        const params = new URLSearchParams(window.location.search);
+        if (params.get("surface") === "webflow-extension") {
+          document.documentElement.setAttribute(
+            "data-surface-context",
+            "webflow-extension"
+          );
+        }
+      })();
+    </script>
 
     </head>
 
   <body class="page-job-details gnh-auth-route-gated">
-    <script type="module" src="/app/lib/global-nav.js"></script>
+    <script type="module">
+      import { isWebflowExtensionSurface } from "/app/lib/surface-context.js";
+
+      if (!isWebflowExtensionSurface()) {
+        import("/app/lib/global-nav.js");
+      }
+    </script>
+    <div id="surfaceContextBar" class="surface-context-bar" hidden>
+      <div class="surface-context-meta">
+        <a id="surfaceContextBack" class="surface-context-back" href="/dashboard">
+          Back to extension
+        </a>
+        <div>
+          <p id="surfaceContextTitle" class="surface-context-title">
+            Job details
+          </p>
+          <p id="surfaceContextSubtitle" class="surface-context-subtitle"></p>
+        </div>
+      </div>
+    </div>
 
     <main>
       <h1 class="page-header-title sr-only">Job Details</h1>
diff --git a/webflow-designer-extension-cli/README.md b/webflow-designer-extension-cli/README.md
index b249cc6c0..6238cf40b 100644
--- a/webflow-designer-extension-cli/README.md
+++ b/webflow-designer-extension-cli/README.md
@@ -51,7 +51,9 @@ Expected behaviour:
 ## Popup auth bridge
 
 - Extension opens `GET /extension-auth.html` on GNH app domain.
-- Popup reuses shared auth modal (`/js/auth.js`) for sign in/sign up.
-- On success, popup posts `{ source: "gnh-extension-auth", accessToken }` back
-  to extension with origin and state checks.
-- Popup only accepts trusted target origins (`*.webflow-ext.com` or localhost).
+- Popup page is bootstrapped by `web/static/app/pages/webflow-login.js`, which
+  still reuses the shared auth modal and OAuth helpers from `/js/auth.js`.
+- On success, popup posts
+  `{ source: "gnh-extension-auth", state, extensionState, accessToken }` back to
+  the extension.
+- The extension validates popup origin and state before accepting the token.
diff --git a/webflow-designer-extension-cli/package.json b/webflow-designer-extension-cli/package.json
index 57adf2361..1160e9fea 100644
--- a/webflow-designer-extension-cli/package.json
+++ b/webflow-designer-extension-cli/package.json
@@ -9,7 +9,7 @@
     "sync-shared": "node scripts/sync-shared.js",
     "sync-components": "npm run sync-shared",
     "build": "npm run sync-shared && npm run compile && npm exec -- webflow extension bundle --skip-update-check",
-    "dev": "npm run sync-shared && concurrently -r \"npm exec -- webflow extension serve --skip-update-check\" \"npm run compile -- --watch --preserveWatchOutput\"",
+    "dev": "node scripts/dev.js",
     "lint": "eslint --no-config-lookup -c eslint.config.mjs \"src/**/*.ts\"",
     "format:check": "prettier --check \"./**/*.{ts,json,md,html,css,yml,yaml}\"",
     "format:write": "prettier --write \"./**/*.{ts,json,md,html,css,yml,yaml}\""
diff --git a/webflow-designer-extension-cli/public/index.html b/webflow-designer-extension-cli/public/index.html
index 83aa1f3b5..669c1d090 100644
--- a/webflow-designer-extension-cli/public/index.html
+++ b/webflow-designer-extension-cli/public/index.html
@@ -3,6 +3,7 @@
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <link href="./styles/shell.css" rel="stylesheet" />
     <link href="./styles.css" rel="stylesheet" />
     <title>Hover for Webflow</title>
     <!-- Import map: remap /app/ paths used by shared modules to local copies -->
@@ -104,31 +105,162 @@
 
       <!-- ═══ AUTH STATE ═══ -->
       <section class="panel hidden" id="authState">
-        <!-- ─── Top bar: org + plan + settings ─── -->
         <header class="topbar section">
           <button
-            id="settingsButton"
+            id="homeButton"
             type="button"
-            class="btn btn--primary btn--icon-square corners--top-left topbar-profile"
-            title="Settings"
-            aria-label="Settings"
+            class="topbar-brand-link"
+            aria-label="Open Hover dashboard"
           >
-            <span class="topbar-profile-avatar" aria-hidden="true"></span>
+            <img
+              class="brand-logo brand-logo--topbar"
+              src="./Hover Logo Bright Transparent.png"
+              alt="Hover"
+            />
           </button>
-          <div class="topbar-content">
+
+          <div class="topbar-actions">
+            <div class="shell-notifications" id="notificationsContainer">
+              <button
+                id="notificationsBtn"
+                type="button"
+                class="btn btn--tertiary btn--sm btn--border-thin btn--icon-square shell-notifications-button"
+                aria-label="View notifications"
+                aria-haspopup="true"
+                aria-expanded="false"
+              >
+                <svg
+                  class="shell-notifications-icon"
+                  viewBox="0 0 24 24"
+                  aria-hidden="true"
+                >
+                  <path
+                    d="M15 17h5l-1.4-1.4A2 2 0 0118 14.2V10a6 6 0 10-12 0v4.2a2 2 0 01-.6 1.4L4 17h5"
+                  />
+                  <path d="M9.5 17a2.5 2.5 0 005 0" />
+                </svg>
+                <span
+                  id="notificationsBadge"
+                  class="shell-notifications-badge"
+                  hidden
+                  >0</span
+                >
+              </button>
+              <div
+                id="notificationsDropdown"
+                class="shell-dropdown shell-notifications-dropdown"
+              >
+                <div class="shell-dropdown-header">
+                  <span class="shell-dropdown-title">Notifications</span>
+                  <button
+                    id="markAllReadBtn"
+                    type="button"
+                    class="shell-dropdown-action"
+                  >
+                    Mark all read
+                  </button>
+                </div>
+                <div
+                  id="notificationsList"
+                  class="shell-notifications-list"
+                ></div>
+                <div class="shell-dropdown-footer">
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/notifications"
+                  >
+                    Notification settings
+                  </button>
+                </div>
+              </div>
+            </div>
+
             <select
               id="orgSelect"
               class="btn btn--tertiary btn--sm btn--border-thin btn--square btn--select topbar-org-select"
             ></select>
-            <div class="topbar-plan">
-              <div class="plan-badge">
-                <p class="plan-badge-title" id="planNameText">
-                  <strong>Plan:</strong> —
-                </p>
-                <p class="plan-badge-remaining" id="planRemainingText">
-                  <span class="dot dot--success"></span>
-                  <span id="planRemainingValue">—</span>
-                </p>
+
+            <div class="shell-profile-menu">
+              <button
+                id="profileMenuButton"
+                type="button"
+                class="btn btn--primary btn--icon-square corners--top-left topbar-profile"
+                aria-label="Open account menu"
+                aria-haspopup="true"
+                aria-expanded="false"
+              >
+                <span
+                  class="topbar-profile-avatar"
+                  id="profileAvatar"
+                  aria-hidden="true"
+                ></span>
+              </button>
+              <div
+                id="profileMenuDropdown"
+                class="shell-dropdown shell-profile-dropdown"
+              >
+                <div class="shell-profile-summary">
+                  <p id="profileEmail" class="shell-profile-email">Signed in</p>
+                  <p id="profileOrgName" class="shell-profile-org">
+                    Organisation
+                  </p>
+                  <p id="profilePlanText" class="shell-profile-plan">Plan</p>
+                  <p id="profileUsageText" class="shell-profile-usage">
+                    Usage unavailable
+                  </p>
+                </div>
+                <div class="shell-dropdown-links">
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/account"
+                  >
+                    Account
+                  </button>
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/team"
+                  >
+                    Team
+                  </button>
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/billing"
+                  >
+                    Billing
+                  </button>
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/plans"
+                  >
+                    Plans
+                  </button>
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/notifications"
+                  >
+                    Notifications
+                  </button>
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/analytics"
+                  >
+                    Analytics
+                  </button>
+                  <button
+                    type="button"
+                    class="shell-dropdown-link"
+                    data-path="/settings/automated-jobs"
+                  >
+                    Automated jobs
+                  </button>
+                </div>
               </div>
             </div>
           </div>
@@ -267,6 +399,193 @@
             Help
           </button>
         </footer>
+
+        <section
+          id="settingsAccountView"
+          class="section extension-settings-shell hidden"
+        >
+          <div class="extension-settings-layout">
+            <aside class="extension-settings-sidebar">
+              <div class="extension-settings-sidebar-topline">
+                <button
+                  id="settingsBackButton"
+                  type="button"
+                  class="btn btn--ghost btn--text extension-settings-back"
+                >
+                  ← Back
+                </button>
+                <span class="extension-settings-topline-label">Settings</span>
+              </div>
+
+              <div class="extension-settings-nav-group">
+                <p
+                  id="settingsProfileGroupTitle"
+                  class="extension-settings-group-title"
+                >
+                  Profile
+                </p>
+                <nav
+                  class="extension-settings-nav"
+                  aria-label="Profile settings"
+                >
+                  <button
+                    type="button"
+                    class="extension-settings-nav-link active"
+                    data-settings-path="/settings/account"
+                  >
+                    Account
+                  </button>
+                </nav>
+              </div>
+
+              <div class="extension-settings-nav-divider"></div>
+
+              <div class="extension-settings-nav-group">
+                <p
+                  id="settingsOrgGroupTitle"
+                  class="extension-settings-group-title"
+                >
+                  Manage organisation
+                </p>
+                <nav
+                  class="extension-settings-nav"
+                  aria-label="Organisation settings"
+                >
+                  <button
+                    type="button"
+                    class="extension-settings-nav-link"
+                    data-settings-path="/settings/team"
+                  >
+                    Team
+                  </button>
+                  <button
+                    type="button"
+                    class="extension-settings-nav-link"
+                    data-settings-path="/settings/plans"
+                  >
+                    Plans
+                  </button>
+                  <button
+                    type="button"
+                    class="extension-settings-nav-link"
+                    data-settings-path="/settings/billing"
+                  >
+                    Billing
+                  </button>
+                  <button
+                    type="button"
+                    class="extension-settings-nav-link"
+                    data-settings-path="/settings/notifications"
+                  >
+                    Notifications
+                  </button>
+                  <button
+                    type="button"
+                    class="extension-settings-nav-link"
+                    data-settings-path="/settings/analytics"
+                  >
+                    Analytics
+                  </button>
+                  <button
+                    type="button"
+                    class="extension-settings-nav-link"
+                    data-settings-path="/settings/automated-jobs"
+                  >
+                    Automated jobs
+                  </button>
+                </nav>
+              </div>
+            </aside>
+
+            <section class="extension-settings-main">
+              <div class="extension-settings-header">
+                <div>
+                  <h2 class="extension-settings-title">Account</h2>
+                  <div class="extension-settings-header-divider"></div>
+                </div>
+              </div>
+
+              <section
+                id="extensionAccountSection"
+                class="extension-settings-section"
+              >
+                <div class="settings-card" id="profile">
+                  <div class="settings-row">
+                    <div>
+                      <label for="settingsUserFirstNameInput"
+                        ><strong>Name</strong></label
+                      >
+                      <div class="settings-profile-edit">
+                        <input
+                          class="settings-input"
+                          id="settingsUserFirstNameInput"
+                          type="text"
+                          maxlength="80"
+                          placeholder="First name"
+                        />
+                        <input
+                          class="settings-input"
+                          id="settingsUserLastNameInput"
+                          type="text"
+                          maxlength="80"
+                          placeholder="Last name"
+                          aria-label="Last name"
+                        />
+                        <button
+                          class="btn btn--secondary btn--sm extension-settings-save"
+                          id="settingsSaveName"
+                          type="button"
+                        >
+                          Save name
+                        </button>
+                      </div>
+                    </div>
+                  </div>
+                  <div class="settings-row">
+                    <div>
+                      <strong>Email</strong>
+                      <div class="settings-muted" id="settingsUserEmail">
+                        Loading...
+                      </div>
+                    </div>
+                  </div>
+                </div>
+
+                <div class="settings-card" id="security">
+                  <div class="settings-row">
+                    <div>
+                      <strong>Password</strong>
+                      <div
+                        class="settings-muted"
+                        id="settingsPasswordMethodStatus"
+                      >
+                        Email/password sign-in status: loading...
+                      </div>
+                    </div>
+                    <button
+                      class="btn btn--secondary btn--sm"
+                      id="settingsResetPassword"
+                      type="button"
+                    >
+                      Send reset email
+                    </button>
+                  </div>
+                  <div class="settings-row">
+                    <div>
+                      <strong>Authentication methods</strong>
+                      <div
+                        class="settings-auth-methods"
+                        id="settingsAuthMethods"
+                      >
+                        <span class="settings-muted">Loading...</span>
+                      </div>
+                    </div>
+                  </div>
+                </div>
+              </section>
+            </section>
+          </div>
+        </section>
       </section>
     </main>
 
@@ -286,6 +605,10 @@
     <script type="module" src="./hover-data-table.js"></script>
     <script type="module" src="./hover-job-card.js"></script>
     <script type="module" src="./lib/bridge.js"></script>
+    <script>
+      window.HOVER_EXTENSION_CONFIG = window.HOVER_EXTENSION_CONFIG || {};
+    </script>
+    <script src="./dev-runtime-config.js" defer></script>
     <script src="index.js" defer></script>
   </body>
 </html>
diff --git a/webflow-designer-extension-cli/public/lib/bridge.js b/webflow-designer-extension-cli/public/lib/bridge.js
index e6be51208..8aa290d25 100644
--- a/webflow-designer-extension-cli/public/lib/bridge.js
+++ b/webflow-designer-extension-cli/public/lib/bridge.js
@@ -11,12 +11,30 @@
 import * as apiClient from "/app/lib/api-client.js";
 import * as formatters from "/app/lib/formatters.js";
 import * as integrationHttp from "/app/lib/integration-http.js";
+import * as jobExport from "/app/lib/job-export.js";
+import * as organisationApi from "/app/lib/organisation-api.js";
+import * as schedulerApi from "/app/lib/scheduler-api.js";
+import * as shellNav from "/app/lib/shell-nav.js";
+import * as settingsAccount from "/app/lib/settings/account.js";
+import * as siteJobs from "/app/lib/site-jobs.js";
+import * as siteView from "/app/lib/site-view.js";
+import * as webflowSites from "/app/lib/webflow-sites.js";
 
 // Expose shared modules for index.js consumption
 window.HoverLib = {
   api: apiClient,
+  exports: jobExport,
   fmt: formatters,
   http: integrationHttp,
+  organisations: organisationApi,
+  schedulers: schedulerApi,
+  shell: shellNav,
+  settings: {
+    account: settingsAccount,
+  },
+  jobs: siteJobs,
+  view: siteView,
+  webflow: webflowSites,
 };
 
 // Signal that shared libs are ready
diff --git a/webflow-designer-extension-cli/public/lib/settings/account.js b/webflow-designer-extension-cli/public/lib/settings/account.js
new file mode 100644
index 000000000..1ba961162
--- /dev/null
+++ b/webflow-designer-extension-cli/public/lib/settings/account.js
@@ -0,0 +1,665 @@
+/**
+ * lib/settings/account.js — account section logic
+ *
+ * Handles user profile (name, email), auth method management (connect/remove
+ * OAuth providers), and password reset. Surface-agnostic: render functions
+ * accept a container element so they work in settings.html or any future
+ * surface (e.g. extension panel).
+ *
+ * Usage:
+ *   import { loadAccountDetails, setupAccountActions } from "/app/lib/settings/account.js";
+ *
+ *   await loadAccountDetails(document.getElementById("account"));
+ */
+
+import { get, patch } from "/app/lib/api-client.js";
+import { getSession } from "/app/lib/auth-session.js";
+import { showToast as _showToast } from "/app/components/hover-toast.js";
+
+const MAX_NAME_LENGTH = 80;
+
+/** Adapter: gnh-settings uses (variant, message); hover-toast uses (message, {variant}). */
+function toast(variant, message) {
+  _showToast(message, { variant });
+}
+
+// ── Auth method definitions ────────────────────────────────────────────────────
+
+const AUTH_METHOD_DEFS = [
+  {
+    key: "google",
+    label: "Google",
+    icon_url: "/assets/auth-providers/google.svg",
+    supported: true,
+  },
+  {
+    key: "github",
+    label: "GitHub",
+    icon_url: "/assets/auth-providers/github.svg",
+    supported: true,
+  },
+  {
+    key: "email",
+    label: "Email/Password",
+    icon_url: "",
+    supported: true,
+  },
+  {
+    key: "azure",
+    label: "Microsoft",
+    icon_url: "/assets/auth-providers/microsoft.svg",
+    supported: true,
+  },
+  {
+    key: "facebook",
+    label: "Facebook",
+    icon_url: "/assets/auth-providers/facebook.png",
+    supported: true,
+  },
+  {
+    key: "slack_oidc",
+    label: "Slack",
+    icon_url: "/assets/auth-providers/slack.svg",
+    supported: true,
+  },
+];
+
+// ── Helpers ────────────────────────────────────────────────────────────────────
+
+function normaliseAuthProvider(provider) {
+  const value = (provider || "").trim().toLowerCase();
+  if (value === "slack") return "slack_oidc";
+  if (
+    value === "google" ||
+    value === "github" ||
+    value === "email" ||
+    value === "azure" ||
+    value === "facebook" ||
+    value === "slack_oidc"
+  ) {
+    return value;
+  }
+  return "";
+}
+
+function getAuthMethodDef(provider) {
+  return (
+    AUTH_METHOD_DEFS.find((m) => m.key === provider) || {
+      key: provider,
+      label: provider || "Unknown",
+      icon_url: "",
+      supported: true,
+    }
+  );
+}
+
+function formatAuthMethod(method) {
+  const value = normaliseAuthProvider(method) || method;
+  return getAuthMethodDef(value).label;
+}
+
+function resolveAssetUrl(path) {
+  if (!path) {
+    return "";
+  }
+  if (/^(?:[a-z]+:)?\/\//i.test(path) || path.startsWith("data:")) {
+    return path;
+  }
+  return new URL(path, `${getAppOrigin()}/`).toString();
+}
+
+function providerIconHtml(provider) {
+  const def = getAuthMethodDef(provider);
+  if (def.icon_url) {
+    const img = document.createElement("img");
+    img.src = resolveAssetUrl(def.icon_url);
+    img.alt = "";
+    img.loading = "lazy";
+    img.decoding = "async";
+    img.referrerPolicy = "no-referrer";
+    return img;
+  }
+  const span = document.createElement("span");
+  span.className = "settings-auth-fallback-icon";
+  span.setAttribute("aria-hidden", "true");
+  span.textContent = "\u2022";
+  return span;
+}
+
+function providerSubtitle(method) {
+  if (method.connected) {
+    return method.email || "Connected";
+  }
+  if (method.provider === "email") {
+    return "Set a password to enable email sign-in";
+  }
+  return "Not connected";
+}
+
+function splitName(fullName) {
+  const value = (fullName || "").trim();
+  if (!value) return { firstName: "", lastName: "" };
+  const parts = value.split(/\s+/).filter(Boolean);
+  if (parts.length === 0) return { firstName: "", lastName: "" };
+  if (parts.length === 1) return { firstName: parts[0], lastName: "" };
+  return { firstName: parts[0], lastName: parts.slice(1).join(" ") };
+}
+
+function getOAuthQueryParams(provider) {
+  switch (provider) {
+    case "google":
+      return { prompt: "select_account consent" };
+    case "azure":
+      return { prompt: "select_account" };
+    case "facebook":
+      return { auth_type: "reauthenticate" };
+    case "slack_oidc":
+      return { prompt: "consent" };
+    default:
+      return {};
+  }
+}
+
+function getAppOrigin() {
+  const fromExtension =
+    window.HOVER_EXTENSION_CONFIG?.appOrigin ||
+    window.GNH_APP?.apiBaseUrl ||
+    "";
+  if (fromExtension) {
+    try {
+      return new URL(fromExtension).origin;
+    } catch {
+      // fall through to current origin
+    }
+  }
+  return window.location.origin;
+}
+
+function getSupabaseClient() {
+  return window.HOVER_EXTENSION_SUPABASE_CLIENT?.auth
+    ? window.HOVER_EXTENSION_SUPABASE_CLIENT
+    : window.supabase?.auth
+      ? window.supabase
+      : null;
+}
+
+// ── Auth method actions ────────────────────────────────────────────────────────
+
+/**
+ * Connect an OAuth provider. Preserves the redirect contract:
+ * stores return path in sessionStorage, redirects via Supabase linkIdentity.
+ */
+export async function connectAuthMethod(provider) {
+  const client = getSupabaseClient();
+  if (!client?.auth) return;
+
+  try {
+    if (provider === "email") {
+      await sendPasswordReset();
+      toast(
+        "success",
+        "Password setup email sent. This enables email sign-in."
+      );
+      return;
+    }
+
+    const currentPath = `${window.location.pathname}${window.location.search}${window.location.hash}`;
+    if (currentPath && currentPath !== "/") {
+      try {
+        window.sessionStorage.setItem(
+          "gnh_post_auth_return_target",
+          currentPath
+        );
+      } catch {
+        // Ignore storage failures and continue OAuth flow.
+      }
+    }
+
+    const callbackTarget = new URL(`${getAppOrigin()}/auth/callback`);
+    if (currentPath && currentPath !== "/") {
+      callbackTarget.searchParams.set("return_to", currentPath);
+    }
+    const callbackUrl = callbackTarget.toString();
+    const queryParams = getOAuthQueryParams(provider);
+
+    if (typeof client.auth.linkIdentity === "function") {
+      const { data, error } = await client.auth.linkIdentity({
+        provider,
+        options: { redirectTo: callbackUrl, queryParams },
+      });
+      if (error) throw error;
+      if (data?.url) {
+        window.location.assign(data.url);
+        return;
+      }
+    } else {
+      const { data, error } = await client.auth.signInWithOAuth({
+        provider,
+        options: { redirectTo: callbackUrl, queryParams },
+      });
+      if (error) throw error;
+      if (data?.url) {
+        window.location.assign(data.url);
+        return;
+      }
+    }
+
+    toast("success", `${formatAuthMethod(provider)} connected`);
+  } catch (err) {
+    console.error(`Failed to connect ${provider}:`, err);
+    toast(
+      "error",
+      err?.message || `Failed to connect ${formatAuthMethod(provider)}`
+    );
+  }
+}
+
+async function unlinkIdentityViaApi(identityId) {
+  const session = await getSession();
+  const accessToken = session?.access_token;
+  const authUrl = window.GNH_CONFIG?.supabaseUrl;
+  const anonKey = window.GNH_CONFIG?.supabaseAnonKey;
+  if (!accessToken || !authUrl || !anonKey) {
+    throw new Error("Missing auth session details");
+  }
+
+  const response = await fetch(
+    `${authUrl}/auth/v1/user/identities/${encodeURIComponent(identityId)}`,
+    {
+      method: "DELETE",
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        apikey: anonKey,
+        "Content-Type": "application/json",
+      },
+    }
+  );
+
+  if (!response.ok) {
+    const responseJson = await response.json().catch(() => ({}));
+    throw new Error(
+      responseJson?.msg || responseJson?.error || "Unlink failed"
+    );
+  }
+}
+
+export async function removeAuthMethod(method, connectedCount) {
+  const client = getSupabaseClient();
+  if (connectedCount <= 1) {
+    toast("error", "You must keep at least one sign-in method.");
+    return;
+  }
+  if (method.provider === "email") {
+    toast("warning", "Email/password removal isn't supported in settings yet.");
+    return;
+  }
+  if (!method.identity?.identity_id) {
+    toast("error", "Unable to remove this method.");
+    return;
+  }
+  if (!confirm(`Remove ${formatAuthMethod(method.provider)} sign-in?`)) {
+    return;
+  }
+
+  try {
+    if (typeof client?.auth?.unlinkIdentity === "function") {
+      const { error } = await client.auth.unlinkIdentity(method.identity);
+      if (error) throw error;
+    } else {
+      await unlinkIdentityViaApi(method.identity.identity_id);
+    }
+
+    try {
+      await client?.auth?.refreshSession?.();
+    } catch (err) {
+      console.warn("Failed to refresh session after unlink:", err);
+    }
+
+    toast("success", `${formatAuthMethod(method.provider)} removed`);
+  } catch (err) {
+    console.error(`Failed to remove ${method.provider}:`, err);
+    toast(
+      "error",
+      err?.message || `Failed to remove ${formatAuthMethod(method.provider)}`
+    );
+  }
+}
+
+// ── Rendering ──────────────────────────────────────────────────────────────────
+
+/**
+ * Render auth method cards into a container element.
+ * @param {HTMLElement} container — element to render cards into (cleared first)
+ * @param {object[]} methods — auth method models
+ * @param {object} [options]
+ * @param {function} [options.onRefresh] — called after a connect/remove action
+ */
+export function renderAuthMethods(container, methods, options = {}) {
+  if (!container || !Array.isArray(methods)) return;
+
+  container.replaceChildren();
+  const connectedCount = methods.filter((m) => m.connected).length;
+  const visibleMethods = methods.filter((m) => m.provider !== "email");
+
+  visibleMethods.forEach((method) => {
+    const card = document.createElement("div");
+    card.className = "settings-auth-method-card";
+
+    const details = document.createElement("div");
+    details.className = "settings-auth-method-details";
+
+    const icon = document.createElement("span");
+    icon.className = `settings-auth-provider-icon settings-auth-provider-${method.provider}`;
+    icon.appendChild(providerIconHtml(method.provider));
+
+    const text = document.createElement("div");
+    text.className = "settings-auth-method-text";
+
+    const name = document.createElement("strong");
+    name.textContent = formatAuthMethod(method.provider);
+
+    const subtitle = document.createElement("span");
+    subtitle.className = "settings-muted";
+    subtitle.textContent = providerSubtitle(method);
+
+    text.appendChild(name);
+    text.appendChild(subtitle);
+    details.appendChild(icon);
+    details.appendChild(text);
+
+    const actionBtn = document.createElement("button");
+    actionBtn.className = "gnh-button gnh-button-outline settings-btn-sm";
+    actionBtn.type = "button";
+    actionBtn.textContent = method.connected ? "Remove" : "Connect";
+
+    const permanentlyDisabled =
+      method.connected && (connectedCount <= 1 || method.provider === "email");
+
+    if (permanentlyDisabled) {
+      actionBtn.disabled = true;
+      actionBtn.title = "At least one sign-in method must remain";
+    }
+
+    actionBtn.addEventListener("click", async () => {
+      if (permanentlyDisabled) return;
+      actionBtn.disabled = true;
+      const originalText = actionBtn.textContent;
+      actionBtn.textContent = method.connected
+        ? "Removing..."
+        : "Connecting...";
+      if (method.connected) {
+        await removeAuthMethod(method, connectedCount);
+      } else {
+        await connectAuthMethod(method.provider);
+      }
+      actionBtn.textContent = originalText;
+      actionBtn.disabled = permanentlyDisabled;
+      if (options.onRefresh) options.onRefresh();
+    });
+
+    card.appendChild(details);
+    card.appendChild(actionBtn);
+    container.appendChild(card);
+  });
+}
+
+// ── Data loading ───────────────────────────────────────────────────────────────
+
+/**
+ * Load and render account details into a container.
+ * @param {HTMLElement} container — the account section element
+ * @returns {Promise<void>}
+ */
+export async function loadAccountDetails(container) {
+  const client = getSupabaseClient();
+  const session = await getSession().catch(() => null);
+  const sessionUser = session?.user || null;
+
+  const fallbackEmail = sessionUser?.email || "";
+  const fallbackFirstName =
+    sessionUser?.user_metadata?.given_name ||
+    sessionUser?.user_metadata?.first_name ||
+    "";
+  const fallbackLastName =
+    sessionUser?.user_metadata?.family_name ||
+    sessionUser?.user_metadata?.last_name ||
+    "";
+  const fallbackFullName =
+    sessionUser?.user_metadata?.full_name ||
+    sessionUser?.user_metadata?.name ||
+    "";
+  const fallbackMethods = sessionUser?.app_metadata?.providers || [];
+
+  let email = fallbackEmail;
+  let firstName = fallbackFirstName;
+  let lastName = fallbackLastName;
+  let fullName = fallbackFullName;
+  let methods = fallbackMethods;
+  let identities = [];
+  let authUser = sessionUser;
+
+  try {
+    // Use supabase.auth.getUser() directly for fresh identity data
+    // (auth-session.getUser() returns session.user which may be stale).
+    const userResult = await client?.auth?.getUser();
+    authUser = userResult?.data?.user || sessionUser;
+    identities = Array.isArray(authUser?.identities) ? authUser.identities : [];
+  } catch (err) {
+    console.warn("Failed to load auth identities:", err);
+  }
+
+  try {
+    const response = await get("/v1/auth/profile");
+    const profileUser = response?.user || {};
+    if (profileUser.email) email = profileUser.email;
+    if (Object.hasOwn(profileUser, "full_name")) {
+      fullName = (profileUser.full_name || "").trim();
+    }
+    if (Object.hasOwn(profileUser, "first_name")) {
+      firstName = (profileUser.first_name || "").trim();
+    }
+    if (Object.hasOwn(profileUser, "last_name")) {
+      lastName = (profileUser.last_name || "").trim();
+    }
+    if (Array.isArray(response?.auth_methods)) {
+      methods = response.auth_methods;
+    }
+  } catch {
+    console.warn("Failed to load profile from API.");
+  }
+
+  if (!firstName && !lastName && fullName) {
+    const split = splitName(fullName);
+    firstName = split.firstName;
+    lastName = split.lastName;
+  }
+
+  // Update module state
+  const connectedProviders = new Set();
+  const hasIdentityData = Array.isArray(identities) && identities.length > 0;
+  if (hasIdentityData) {
+    identities.forEach((identity) => {
+      const normalised = normaliseAuthProvider(identity.provider);
+      if (normalised) connectedProviders.add(normalised);
+    });
+  } else {
+    (Array.isArray(methods) ? methods : []).forEach((provider) => {
+      const normalised = normaliseAuthProvider(provider);
+      if (normalised) connectedProviders.add(normalised);
+    });
+  }
+
+  // Build method models for rendering
+  const methodModels = AUTH_METHOD_DEFS.map((def) => {
+    const identity = identities.find(
+      (c) => normaliseAuthProvider(c.provider) === def.key
+    );
+    return {
+      provider: def.key,
+      supported: true,
+      connected: connectedProviders.has(def.key),
+      email:
+        identity?.identity_data?.email ||
+        identity?.email ||
+        authUser?.email ||
+        email,
+      identity: identity || null,
+    };
+  });
+
+  // Render into container (or fall back to document for legacy compat)
+  const root = container || document;
+  const emailEl = root.querySelector("#settingsUserEmail");
+  const firstNameEl = root.querySelector("#settingsUserFirstNameInput");
+  const lastNameEl = root.querySelector("#settingsUserLastNameInput");
+  const passwordStatusEl = root.querySelector("#settingsPasswordMethodStatus");
+  const authMethodsEl = root.querySelector("#settingsAuthMethods");
+
+  if (emailEl) emailEl.textContent = email || "Not set";
+  if (firstNameEl) firstNameEl.value = firstName || "";
+  if (lastNameEl) lastNameEl.value = lastName || "";
+
+  if (passwordStatusEl) {
+    const emailMethod = methodModels.find((m) => m.provider === "email");
+    passwordStatusEl.textContent = emailMethod?.connected
+      ? "Email/password sign-in enabled. Use reset email to change your password."
+      : "Email/password sign-in not connected yet. Send reset email to set it up.";
+  }
+
+  if (authMethodsEl) {
+    renderAuthMethods(authMethodsEl, methodModels, {
+      onRefresh: () => loadAccountDetails(container),
+    });
+  }
+}
+
+// ── Profile actions ────────────────────────────────────────────────────────────
+
+/**
+ * Save profile name from form inputs within a container.
+ * @param {HTMLElement} container — the account section element
+ * @param {object} [options]
+ * @param {function} [options.onSaved] — called after successful save
+ */
+export async function saveProfileName(container, options = {}) {
+  const root = container || document;
+  const client = getSupabaseClient();
+  const firstNameEl = root.querySelector("#settingsUserFirstNameInput");
+  const lastNameEl = root.querySelector("#settingsUserLastNameInput");
+  const saveBtn = root.querySelector("#settingsSaveName");
+  if (!firstNameEl || !lastNameEl || !saveBtn) return;
+
+  const firstName = firstNameEl.value.trim();
+  const lastName = lastNameEl.value.trim();
+  const fullName = `${firstName} ${lastName}`.trim();
+
+  if (firstName.length > MAX_NAME_LENGTH) {
+    toast("error", `First name must be ${MAX_NAME_LENGTH} characters or fewer`);
+    return;
+  }
+  if (lastName.length > MAX_NAME_LENGTH) {
+    toast("error", `Last name must be ${MAX_NAME_LENGTH} characters or fewer`);
+    return;
+  }
+
+  saveBtn.disabled = true;
+  const originalText = saveBtn.textContent;
+  saveBtn.textContent = "Saving...";
+
+  try {
+    let metadataUpdateSucceeded = true;
+    try {
+      await client?.auth?.updateUser({
+        data: {
+          first_name: firstName || "",
+          last_name: lastName || "",
+          given_name: firstName || "",
+          family_name: lastName || "",
+          full_name: fullName || "",
+          name: fullName || "",
+        },
+      });
+    } catch {
+      console.warn("Failed to update auth metadata name.");
+      metadataUpdateSucceeded = false;
+    }
+
+    await patch("/v1/auth/profile", {
+      first_name: firstName,
+      last_name: lastName,
+      full_name: fullName,
+    });
+
+    if (metadataUpdateSucceeded) {
+      toast("success", "Name updated");
+    } else {
+      toast(
+        "warning",
+        "Name saved, but auth metadata sync failed. Please re-login if needed."
+      );
+    }
+
+    await loadAccountDetails(container);
+    if (options.onSaved) options.onSaved();
+  } catch {
+    console.error("Failed to save profile name.");
+    toast("error", "Failed to update name");
+  } finally {
+    saveBtn.disabled = false;
+    saveBtn.textContent = originalText || "Save name";
+  }
+}
+
+/**
+ * Send password reset email for the current user.
+ */
+export async function sendPasswordReset() {
+  const client = getSupabaseClient();
+  const session = await getSession().catch(() => null);
+  let email = session?.user?.email || "";
+  if (!email) {
+    try {
+      const response = await get("/v1/auth/profile");
+      email = response?.user?.email || "";
+    } catch {
+      // Fall back to the session email only.
+    }
+  }
+  if (!email) {
+    toast("error", "Email address not available");
+    return;
+  }
+
+  try {
+    const { error } = await client?.auth?.resetPasswordForEmail(email, {
+      redirectTo: `${getAppOrigin()}/settings/account#security`,
+    });
+    if (error) throw error;
+    toast("success", "Password reset email sent");
+  } catch (err) {
+    console.error("Failed to send password reset:", err);
+    toast("error", "Failed to send password reset email");
+  }
+}
+
+/**
+ * Wire up account section event listeners within a container.
+ * @param {HTMLElement} container — the account section element
+ * @param {object} [options]
+ * @param {function} [options.onNameSaved] — called after name save (e.g. refresh members)
+ */
+export function setupAccountActions(container, options = {}) {
+  const root = container || document;
+
+  const saveNameBtn = root.querySelector("#settingsSaveName");
+  if (saveNameBtn) {
+    saveNameBtn.addEventListener("click", () =>
+      saveProfileName(container, { onSaved: options.onNameSaved })
+    );
+  }
+
+  const resetBtn = root.querySelector("#settingsResetPassword");
+  if (resetBtn) {
+    resetBtn.addEventListener("click", sendPasswordReset);
+  }
+}
diff --git a/webflow-designer-extension-cli/public/styles.css b/webflow-designer-extension-cli/public/styles.css
index c4ab5466d..a1e99488b 100644
--- a/webflow-designer-extension-cli/public/styles.css
+++ b/webflow-designer-extension-cli/public/styles.css
@@ -391,103 +391,146 @@ body {
 .topbar {
   display: flex;
   align-items: center;
-  gap: var(--spacing--2xl);
+  justify-content: space-between;
+  gap: var(--spacing--xl);
   flex-shrink: 0;
   background: var(--background-colour--panel);
 }
 
-.topbar-content {
-  display: flex;
-  align-items: center;
-  justify-content: space-between;
-  gap: var(--spacing--2xl);
-  flex: 1;
+.topbar-org-select {
+  width: 150px;
   min-width: 0;
 }
 
-.topbar-plan {
+.shell-dropdown {
+  position: absolute;
+  top: calc(100% + 10px);
+  right: 0;
+  z-index: 30;
+  display: none;
+  min-width: 240px;
+  padding: 12px;
+  border: 1px solid rgba(142, 218, 239, 0.35);
+  background: rgba(10, 16, 54, 0.98);
+  box-shadow: var(--shadow--overlay);
+}
+
+.shell-dropdown.show,
+.shell-notifications.open .shell-notifications-dropdown {
+  display: block;
+}
+
+.shell-dropdown-header,
+.shell-dropdown-footer {
   display: flex;
-  flex-direction: column;
-  align-items: flex-end;
+  align-items: center;
+  justify-content: space-between;
   gap: var(--spacing--md);
-  flex-shrink: 0;
-  min-width: 0;
 }
 
-.topbar-profile {
-  justify-content: center;
-  background: transparent;
-  border-color: var(--border-colour--default);
-  box-shadow: none;
-  padding: 0;
-  overflow: hidden;
+.shell-dropdown-header {
+  padding-bottom: 10px;
+  border-bottom: 1px solid rgba(142, 218, 239, 0.18);
 }
 
-.topbar-profile:not(:disabled):hover {
-  background: transparent;
-  border-color: var(--border-colour--default);
-  opacity: 0.85;
+.shell-dropdown-footer {
+  padding-top: 10px;
+  border-top: 1px solid rgba(142, 218, 239, 0.18);
 }
 
-.topbar-profile-avatar {
-  display: flex;
-  align-items: center;
-  justify-content: center;
-  width: 100%;
-  height: 100%;
-  background: var(--colour--brand-primary);
-  font-size: 0.6rem;
+.shell-dropdown-title {
+  font-size: 12px;
   font-weight: 700;
   letter-spacing: 0.03em;
-  color: #fff;
-  overflow: hidden;
-  border-radius: inherit;
-  user-select: none;
+  text-transform: uppercase;
+  color: var(--text-colour--secondary);
 }
 
-.topbar-profile-avatar img {
-  display: block;
-  width: 100%;
-  height: 100%;
-  object-fit: cover;
-  border-radius: inherit;
+.shell-dropdown-action,
+.shell-dropdown-link {
+  appearance: none;
+  padding: 0;
+  border: 0;
+  background: transparent;
+  color: var(--colour--brand-primary);
+  font: inherit;
+  text-align: left;
+  cursor: pointer;
 }
 
-.topbar-org-select {
-  width: 110px;
-  min-width: 0;
+.shell-dropdown-links {
+  display: grid;
+  gap: 8px;
 }
 
-.plan-badge {
-  display: flex;
-  flex-direction: column;
-  gap: 0;
-  min-width: 0;
-  align-items: flex-end;
+.shell-profile-summary {
+  display: grid;
+  gap: 4px;
+  margin-bottom: 12px;
+  padding-bottom: 12px;
+  border-bottom: 1px solid rgba(142, 218, 239, 0.18);
 }
 
-.plan-badge-title {
+.shell-profile-email,
+.shell-profile-org,
+.shell-profile-plan,
+.shell-profile-usage {
   margin: 0;
-  font-size: var(--font-size--caption);
-  color: var(--text-colour--primary);
-  white-space: nowrap;
-  overflow: hidden;
-  text-overflow: ellipsis;
-  text-align: right;
+  min-width: 0;
 }
 
-.plan-badge-title strong {
+.shell-profile-email {
+  font-size: 13px;
   font-weight: 700;
+  color: var(--text-colour--primary);
+  word-break: break-word;
 }
 
-.plan-badge-remaining {
-  margin: 0;
-  font-size: var(--font-size--caption);
+.shell-profile-org,
+.shell-profile-plan,
+.shell-profile-usage {
+  font-size: 12px;
+  color: var(--text-colour--secondary);
+}
+
+.shell-notifications-dropdown {
+  width: min(320px, calc(100vw - 40px));
+}
+
+.shell-notifications-list {
+  display: grid;
+  gap: 8px;
+  max-height: 280px;
+  margin: 12px 0;
+  overflow-y: auto;
+}
+
+.shell-notification-item {
+  appearance: none;
+  width: 100%;
+  padding: 10px 12px;
+  border: 1px solid rgba(142, 218, 239, 0.2);
+  background: rgba(142, 218, 239, 0.06);
+  color: inherit;
+  text-align: left;
+  cursor: pointer;
+}
+
+.shell-notification-item.unread {
+  border-color: rgba(142, 218, 239, 0.45);
+  background: rgba(142, 218, 239, 0.12);
+}
+
+.shell-notification-item-subject {
+  font-size: 12px;
+  font-weight: 700;
   color: var(--text-colour--primary);
-  display: flex;
-  align-items: center;
-  gap: var(--spacing--md);
-  justify-content: flex-end;
+}
+
+.shell-notification-item-preview,
+.shell-notifications-empty {
+  font-size: 12px;
+  color: var(--text-colour--secondary);
 }
 
 /* ─── Objects: Buttons ───────────────────────────────────────────────────── */
@@ -635,35 +678,6 @@ body {
   corner-shape: square notch notch square;
 }
 
-.corners--top-left {
-  border-radius: var(--radius--notch) 0 0 0;
-  corner-shape: notch square square square;
-}
-
-.btn--sm {
-  min-width: 0;
-  height: 21px;
-  padding: 0 8px;
-  font-size: var(--font-size--button-primary);
-  font-weight: 700;
-  line-height: 1;
-  gap: 3px;
-  box-shadow: var(--shadow--surface);
-}
-
-.btn--icon-square {
-  width: 29px;
-  height: 29px;
-  padding: 0;
-  flex-shrink: 0;
-  font-size: 12px;
-  line-height: 1;
-}
-
-.btn--border-thin {
-  border-width: var(--border-size--default);
-}
-
 .btn--square {
   border-radius: 0;
   corner-shape: initial;
@@ -920,6 +934,274 @@ body {
   padding-right: calc(var(--size--scrollbar));
 }
 
+.extension-settings-shell {
+  flex: 1;
+  overflow-y: auto;
+  padding-right: calc(var(--size--scrollbar));
+}
+
+.extension-settings-layout {
+  display: grid;
+  grid-template-columns: 168px minmax(0, 1fr);
+  gap: 18px;
+  min-height: 100%;
+}
+
+.extension-settings-sidebar {
+  display: flex;
+  flex-direction: column;
+  gap: 14px;
+  padding-right: 6px;
+}
+
+.extension-settings-sidebar-topline {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+}
+
+.extension-settings-topline-label {
+  font-size: 13px;
+  font-weight: 700;
+  letter-spacing: 0.04em;
+  text-transform: uppercase;
+  color: var(--text-colour--secondary);
+}
+
+.extension-settings-nav-group {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+}
+
+.extension-settings-back {
+  align-self: flex-start;
+  color: var(--colour--brand-primary);
+}
+
+.extension-settings-group-title {
+  margin: 0;
+  font-size: 15px;
+  font-weight: 700;
+  letter-spacing: 0.02em;
+  line-height: 1.2;
+  color: var(--text-colour--primary);
+}
+
+.extension-settings-nav-divider {
+  height: 1px;
+  background: rgba(142, 218, 239, 0.18);
+  margin: 2px 0 0;
+}
+
+.extension-settings-nav {
+  display: flex;
+  flex-direction: column;
+  gap: 5px;
+  padding-top: 4px;
+}
+
+.extension-settings-nav-link {
+  appearance: none;
+  width: 100%;
+  padding: 10px 12px;
+  border: 1px solid transparent;
+  border-radius: 4px;
+  background: transparent;
+  color: var(--text-colour--secondary);
+  font: inherit;
+  font-size: 13px;
+  text-align: left;
+  cursor: pointer;
+  transition:
+    color var(--motion-duration--fast) var(--motion-easing--standard),
+    background var(--motion-duration--fast) var(--motion-easing--standard),
+    border-color var(--motion-duration--fast) var(--motion-easing--standard);
+}
+
+.settings-auth-methods {
+  display: flex;
+  flex-direction: column;
+  gap: 10px;
+  margin-top: 8px;
+}
+
+.settings-auth-method-card {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  gap: 10px;
+  padding: 10px 12px;
+  border: 1px solid rgba(142, 218, 239, 0.24);
+  background: rgba(3, 4, 35, 0.52);
+}
+
+.settings-auth-method-details {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  min-width: 0;
+}
+
+.settings-auth-method-text {
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+  min-width: 0;
+}
+
+.settings-auth-provider-icon {
+  width: 28px;
+  height: 28px;
+  border-radius: 8px;
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  flex-shrink: 0;
+  border: 1px solid rgba(142, 218, 239, 0.18);
+  background: rgba(97, 208, 239, 0.06);
+  overflow: hidden;
+}
+
+.settings-auth-provider-icon img {
+  width: 18px;
+  height: 18px;
+  display: block;
+}
+
+.settings-auth-provider-azure img {
+  width: 19px;
+  height: 19px;
+}
+
+.settings-auth-fallback-icon {
+  font-size: 14px;
+  line-height: 1;
+  color: var(--text-colour--secondary);
+}
+
+.gnh-button {
+  appearance: none;
+  border-radius: 4px;
+  font-family: inherit;
+  cursor: pointer;
+  transition:
+    color var(--motion-duration--fast) var(--motion-easing--standard),
+    background var(--motion-duration--fast) var(--motion-easing--standard),
+    border-color var(--motion-duration--fast) var(--motion-easing--standard);
+}
+
+.gnh-button-outline {
+  border: 1px solid rgba(142, 218, 239, 0.34);
+  background: transparent;
+  color: var(--colour--brand-primary);
+}
+
+.gnh-button-outline:hover {
+  border-color: var(--border-colour--active);
+  color: var(--text-colour--primary);
+}
+
+.settings-btn-sm {
+  font-size: 12px;
+  padding: 6px 10px;
+}
+
+.extension-settings-nav-link:hover {
+  color: var(--text-colour--primary);
+  background: rgba(142, 218, 239, 0.08);
+  border-color: rgba(142, 218, 239, 0.18);
+}
+
+.extension-settings-nav-link.active {
+  color: var(--text-colour--primary);
+  background: rgba(97, 208, 239, 0.12);
+  border-color: rgba(142, 218, 239, 0.3);
+  font-weight: 700;
+}
+
+.extension-settings-main {
+  display: flex;
+  flex-direction: column;
+  gap: 14px;
+  min-width: 0;
+}
+
+.extension-settings-header {
+  display: flex;
+  flex-direction: column;
+  gap: 10px;
+}
+
+.settings-muted {
+  margin: 0;
+  font-size: 12px;
+  color: var(--text-colour--secondary);
+}
+
+.extension-settings-title {
+  margin: 0;
+  font-size: 20px;
+  line-height: 1.2;
+  color: var(--text-colour--primary);
+}
+
+.extension-settings-header-divider {
+  height: 1px;
+  margin-top: 10px;
+  background: rgba(142, 218, 239, 0.18);
+}
+
+.extension-settings-section {
+  display: flex;
+  flex-direction: column;
+  gap: 14px;
+}
+
+.settings-card {
+  border: 1px solid rgba(142, 218, 239, 0.24);
+  background: rgba(97, 208, 239, 0.05);
+  padding: 14px;
+}
+
+.settings-row {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 14px;
+}
+
+.settings-row + .settings-row {
+  margin-top: 14px;
+  padding-top: 14px;
+  border-top: 1px solid rgba(142, 218, 239, 0.18);
+}
+
+.settings-profile-edit {
+  display: grid;
+  grid-template-columns: minmax(0, 1fr) minmax(0, 1fr) auto;
+  gap: 10px;
+  margin-top: 10px;
+}
+
+.settings-input {
+  width: 100%;
+  min-height: 36px;
+  padding: 8px 10px;
+  border: 1px solid rgba(142, 218, 239, 0.35);
+  background: rgba(3, 4, 35, 0.72);
+  color: var(--text-colour--primary);
+  font: inherit;
+}
+
+.settings-input::placeholder {
+  color: rgba(223, 239, 255, 0.42);
+}
+
+.extension-settings-save {
+  align-self: end;
+}
+
 /* ─── Objects: Status Dots ──────────────────────────────────────────────── */
 
 .dot {
diff --git a/webflow-designer-extension-cli/public/styles/shell.css b/webflow-designer-extension-cli/public/styles/shell.css
new file mode 100644
index 000000000..0c7a02068
--- /dev/null
+++ b/webflow-designer-extension-cli/public/styles/shell.css
@@ -0,0 +1,128 @@
+.topbar-brand-link {
+  display: inline-flex;
+  align-items: center;
+  justify-content: flex-start;
+  padding: 0;
+  background: transparent;
+  border: 0;
+  cursor: pointer;
+}
+
+.brand-logo--topbar {
+  width: 88px;
+}
+
+.topbar-actions {
+  display: flex;
+  align-items: center;
+  justify-content: flex-end;
+  gap: var(--spacing--lg);
+  margin-left: auto;
+  min-width: 0;
+}
+
+.topbar-profile {
+  justify-content: center;
+  background: transparent;
+  border-color: var(--border-colour--default);
+  box-shadow: none;
+  padding: 0;
+  overflow: hidden;
+}
+
+.topbar-profile:not(:disabled):hover {
+  background: transparent;
+  border-color: var(--border-colour--default);
+  opacity: 0.85;
+}
+
+.topbar-profile-avatar {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  width: 100%;
+  height: 100%;
+  background: var(--colour--brand-primary);
+  font-size: 0.6rem;
+  font-weight: 700;
+  letter-spacing: 0.03em;
+  color: #fff;
+  overflow: hidden;
+  border-radius: inherit;
+  user-select: none;
+}
+
+.topbar-profile-avatar img {
+  display: block;
+  width: 100%;
+  height: 100%;
+  object-fit: cover;
+  border-radius: inherit;
+}
+
+.shell-profile-menu,
+.shell-notifications {
+  position: relative;
+  flex-shrink: 0;
+}
+
+.shell-notifications-button {
+  position: relative;
+}
+
+.shell-notifications-icon {
+  width: 18px;
+  height: 18px;
+  fill: none;
+  stroke: currentcolor;
+  stroke-width: 1.9;
+  stroke-linecap: round;
+  stroke-linejoin: round;
+}
+
+.shell-notifications-badge {
+  position: absolute;
+  top: -6px;
+  right: -6px;
+  min-width: 18px;
+  height: 18px;
+  padding: 0 5px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  border-radius: 999px;
+  background: var(--status-colour--danger);
+  color: #fff;
+  font-size: 11px;
+  font-weight: 700;
+  line-height: 1;
+}
+
+.corners--top-left {
+  border-radius: var(--radius--notch) 0 0 0;
+  corner-shape: notch square square square;
+}
+
+.btn--sm {
+  min-width: 0;
+  height: 21px;
+  padding: 0 8px;
+  font-size: var(--font-size--button-primary);
+  font-weight: 700;
+  line-height: 1;
+  gap: 3px;
+  box-shadow: var(--shadow--surface);
+}
+
+.btn--icon-square {
+  width: 29px;
+  height: 29px;
+  padding: 0;
+  flex-shrink: 0;
+  font-size: 12px;
+  line-height: 1;
+}
+
+.btn--border-thin {
+  border-width: var(--border-size--default);
+}
diff --git a/webflow-designer-extension-cli/scripts/dev.js b/webflow-designer-extension-cli/scripts/dev.js
new file mode 100644
index 000000000..cc2b1c492
--- /dev/null
+++ b/webflow-designer-extension-cli/scripts/dev.js
@@ -0,0 +1,154 @@
+#!/usr/bin/env node
+
+const fs = require("fs");
+const path = require("path");
+const { spawn, spawnSync } = require("child_process");
+
+const ROOT = path.resolve(__dirname, "..");
+const PUBLIC_DIR = path.join(ROOT, "public");
+const DEV_CONFIG_PATH = path.join(PUBLIC_DIR, "dev-runtime-config.js");
+const DEFAULT_DEV_CONFIG =
+  "window.HOVER_EXTENSION_CONFIG = window.HOVER_EXTENSION_CONFIG || {};\n";
+const NPM_CMD = process.platform === "win32" ? "npm.cmd" : "npm";
+
+function parsePreviewNumber(argv, env) {
+  const cliArgs = argv.slice(2);
+  const envPr = String(env.npm_config_pr || "").trim();
+
+  if (envPr && envPr !== "true" && envPr !== "false") {
+    return envPr;
+  }
+
+  const explicitArg = cliArgs.find((arg) => /^--pr=/.test(arg));
+  if (explicitArg) {
+    return explicitArg.split("=")[1] || "";
+  }
+
+  const prFlagIndex = cliArgs.indexOf("--pr");
+  if (prFlagIndex >= 0 && cliArgs[prFlagIndex + 1]) {
+    return cliArgs[prFlagIndex + 1];
+  }
+
+  if (envPr === "true") {
+    const positional = cliArgs.find((arg) => /^\d+$/.test(arg));
+    if (positional) {
+      return positional;
+    }
+  }
+
+  return "";
+}
+
+function buildAppOrigin(argv, env) {
+  const explicitOrigin = String(env.HOVER_APP_ORIGIN || "").trim();
+  if (explicitOrigin) {
+    return explicitOrigin.replace(/\/+$/, "");
+  }
+
+  const pr = parsePreviewNumber(argv, env);
+  if (pr) {
+    return `https://hover-pr-${pr}.fly.dev`;
+  }
+
+  return "";
+}
+
+function writeDevConfig(appOrigin) {
+  const content = appOrigin
+    ? `window.HOVER_EXTENSION_CONFIG = { appOrigin: ${JSON.stringify(appOrigin)} };\n`
+    : DEFAULT_DEV_CONFIG;
+  fs.writeFileSync(DEV_CONFIG_PATH, content, "utf8");
+}
+
+function runOrExit(command, args) {
+  const result = spawnSync(command, args, {
+    cwd: ROOT,
+    stdio: "inherit",
+  });
+
+  if (result.status !== 0) {
+    process.exit(result.status || 1);
+  }
+}
+
+let restored = false;
+function restoreDevConfig() {
+  if (restored) {
+    return;
+  }
+  restored = true;
+  try {
+    if (fs.existsSync(DEV_CONFIG_PATH)) {
+      fs.unlinkSync(DEV_CONFIG_PATH);
+    }
+  } catch (_error) {
+    // Best-effort cleanup only.
+  }
+}
+
+function main() {
+  const appOrigin = buildAppOrigin(process.argv, process.env);
+  writeDevConfig(appOrigin);
+
+  if (appOrigin) {
+    console.log(`[dev] Using override app origin: ${appOrigin}`);
+  } else {
+    console.log("[dev] Using default app origin");
+  }
+
+  runOrExit(NPM_CMD, ["run", "sync-shared"]);
+
+  const serve = spawn(
+    NPM_CMD,
+    ["exec", "--", "webflow", "extension", "serve", "--skip-update-check"],
+    {
+      cwd: ROOT,
+      stdio: "inherit",
+    }
+  );
+
+  const compile = spawn(
+    NPM_CMD,
+    ["run", "compile", "--", "--watch", "--preserveWatchOutput"],
+    {
+      cwd: ROOT,
+      stdio: "inherit",
+    }
+  );
+
+  let shuttingDown = false;
+
+  function shutdown(exitCode = 0) {
+    if (shuttingDown) {
+      return;
+    }
+    shuttingDown = true;
+
+    restoreDevConfig();
+
+    if (!serve.killed) {
+      serve.kill("SIGTERM");
+    }
+    if (!compile.killed) {
+      compile.kill("SIGTERM");
+    }
+
+    setTimeout(() => {
+      process.exit(exitCode);
+    }, 50);
+  }
+
+  serve.on("exit", (code) => {
+    shutdown(code || 0);
+  });
+
+  compile.on("exit", (code) => {
+    shutdown(code || 0);
+  });
+
+  process.on("SIGINT", () => shutdown(0));
+  process.on("SIGTERM", () => shutdown(0));
+  process.on("exit", restoreDevConfig);
+}
+
+main();
diff --git a/webflow-designer-extension-cli/scripts/sync-shared.js b/webflow-designer-extension-cli/scripts/sync-shared.js
index f248fdfa8..83b649237 100644
--- a/webflow-designer-extension-cli/scripts/sync-shared.js
+++ b/webflow-designer-extension-cli/scripts/sync-shared.js
@@ -25,8 +25,20 @@ const COMPONENTS = [
   "components/hover-tabs.js",
 ];
 
-// Lib modules — shared logic loaded via bridge.js
-const LIB_MODULES = [
+// Lib modules required by bridge.js or other shared extension runtime paths.
+const REQUIRED_LIB_MODULES = [
+  "lib/site-jobs.js",
+  "lib/site-view.js",
+  "lib/shell-nav.js",
+  "lib/settings/account.js",
+  "lib/job-export.js",
+  "lib/webflow-sites.js",
+  "lib/organisation-api.js",
+  "lib/scheduler-api.js",
+];
+
+// Lib modules — shared logic loaded via bridge.js or available for future reuse.
+const OPTIONAL_LIB_MODULES = [
   "lib/api-client.js",
   "lib/auth-session.js",
   "lib/formatters.js",
@@ -35,6 +47,8 @@ const LIB_MODULES = [
   "lib/invite-flow.js",
 ];
 
+const REQUIRED_STYLE_FILES = ["styles/shell.css"];
+
 function ensureDir(dir) {
   if (!fs.existsSync(dir)) {
     fs.mkdirSync(dir, { recursive: true });
@@ -62,14 +76,37 @@ for (const file of COMPONENTS) {
   }
 }
 
-// Sync lib modules to public/lib/
-for (const file of LIB_MODULES) {
+// Sync required lib modules to public/lib/
+for (const file of REQUIRED_LIB_MODULES) {
   const src = path.join(APP_ROOT, file);
   const dest = path.join(PUBLIC, file);
   if (fs.existsSync(src)) {
     syncFile(src, dest);
   } else {
-    console.warn(`  WARN: ${file} not found, skipping`);
+    console.error(`  ERROR: required shared module missing: ${file}`);
+    process.exit(1);
+  }
+}
+
+// Sync optional lib modules to public/lib/
+for (const file of OPTIONAL_LIB_MODULES) {
+  const src = path.join(APP_ROOT, file);
+  const dest = path.join(PUBLIC, file);
+  if (fs.existsSync(src)) {
+    syncFile(src, dest);
+  } else {
+    console.warn(`  WARN: optional shared module missing: ${file}, skipping`);
+  }
+}
+
+for (const file of REQUIRED_STYLE_FILES) {
+  const src = path.join(APP_ROOT, file);
+  const dest = path.join(PUBLIC, file);
+  if (fs.existsSync(src)) {
+    syncFile(src, dest);
+  } else {
+    console.error(`  ERROR: required shared style missing: ${file}`);
+    process.exit(1);
   }
 }
 
diff --git a/webflow-designer-extension-cli/src/index.ts b/webflow-designer-extension-cli/src/index.ts
index 146c37aff..bef00373e 100644
--- a/webflow-designer-extension-cli/src/index.ts
+++ b/webflow-designer-extension-cli/src/index.ts
@@ -12,6 +12,14 @@ type SupabaseClient = {
       access_token: string;
       refresh_token: string;
     }) => Promise<unknown>;
+    getUser?: () => Promise<{
+      data?: {
+        user?: {
+          email?: string | null;
+          user_metadata?: Record<string, unknown> | null;
+        } | null;
+      };
+    }>;
   };
   channel: (name: string) => RealtimeChannel;
   removeChannel: (channel: RealtimeChannel) => Promise<unknown>;
@@ -30,24 +38,25 @@ type RealtimeChannel = {
 
 const API_BASE_STORAGE_KEY = "gnh_extension_api_base";
 const API_TOKEN_STORAGE_KEY = "gnh_extension_api_token_session";
+const ACTIVE_ORG_STORAGE_KEY = "gnh_active_org_id";
 const AUTH_POPUP_WIDTH = 520;
 const AUTH_POPUP_HEIGHT = 760;
 const DEFAULT_GNH_APP_ORIGIN = "https://hover.app.goodnative.co";
-const LEGACY_EXTENSION_APP_ORIGINS = new Set(["https://hover-pr-255.fly.dev"]);
 const AUTH_POPUP_NAME = "bbbExtensionAuth";
 const SCHEDULE_PLACEHOLDER = "off";
 const SCHEDULE_OPTIONS = ["off", "6", "12", "24", "48"] as const;
 const JOB_POLLING_INTERVAL_MS = 6000;
-
-// Realtime subscription constants (mirrors dashboard pattern)
-const REALTIME_DEBOUNCE_MS = 250;
-const SUBSCRIBE_RETRY_INTERVAL_MS = 1000;
 const FALLBACK_POLLING_INTERVAL_MS = 1000;
-const MAX_SUBSCRIBE_RETRIES = 15;
+const ACCOUNT_SETTINGS_EXTENSION_SIZE = { width: 620, height: 660 } as const;
 
 const APP_ROUTES = {
   dashboard: "/dashboard",
   viewJob: "/jobs",
+  account: "/settings/account",
+  billing: "/settings/billing",
+  notifications: "/settings/notifications",
+  analytics: "/settings/analytics",
+  automatedJobs: "/settings/automated-jobs",
   changePlan: "/settings/plans",
   manageTeam: "/settings/team",
 } as const;
@@ -87,6 +96,13 @@ declare const webflow: {
   setExtensionSize: (size: ExtensionPanelSize) => Promise<null>;
 };
 
+type ExtensionWindow = Window & {
+  HOVER_EXTENSION_CONFIG?: {
+    appOrigin?: string;
+  };
+  HOVER_EXTENSION_SUPABASE_CLIENT?: SupabaseClient | null;
+};
+
 // Shared modules exposed by lib/bridge.js via window.HoverLib
 declare const HoverLib: {
   api: {
@@ -109,6 +125,18 @@ declare const HoverLib: {
     del: (path: string, init?: RequestInit) => Promise<unknown>;
     request: (path: string, init?: RequestInit) => Promise<unknown>;
   };
+  exports: {
+    downloadJobExport: (
+      jobId: string,
+      options?: {
+        api?: typeof HoverLib.api;
+      }
+    ) => Promise<{
+      empty: boolean;
+      filename: string;
+      taskCount: number;
+    }>;
+  };
   fmt: {
     formatDate: (value: string | null | undefined) => string;
     formatDateTime: (value: string | null | undefined) => string;
@@ -138,9 +166,206 @@ declare const HoverLib: {
       context?: string
     ) => Promise<Response>;
   };
+  organisations: {
+    loadOrganisationContext: (options?: {
+      api?: typeof HoverLib.api;
+      includeUsage?: boolean;
+    }) => Promise<{
+      organisations: unknown[];
+      activeOrganisationId: string;
+      usage: unknown | null;
+    }>;
+    switchOrganisation: (
+      organisationId: string,
+      options?: { api?: typeof HoverLib.api }
+    ) => Promise<unknown | null>;
+  };
+  schedulers: {
+    findSchedulerByDomain: (
+      domain: string,
+      options?: {
+        api?: typeof HoverLib.api;
+        schedulers?: unknown[];
+      }
+    ) => Promise<unknown | null>;
+    saveSchedulerForDomain: (
+      domain: string,
+      scheduleIntervalHours: number,
+      options?: {
+        api?: typeof HoverLib.api;
+        currentScheduler?: unknown | null;
+        extra?: Record<string, unknown>;
+      }
+    ) => Promise<unknown>;
+    disableScheduler: (
+      schedulerId: string,
+      options?: {
+        api?: typeof HoverLib.api;
+        expectedIsEnabled?: boolean;
+      }
+    ) => Promise<unknown>;
+  };
+  jobs: {
+    fetchJobs: (options?: {
+      limit?: number;
+      range?: string;
+      include?: string;
+    }) => Promise<unknown[]>;
+    normaliseDomain: (input: string) => string;
+    filterJobsByDomains: (
+      jobs: unknown[],
+      options?: { siteDomain?: string | null; siteDomainCandidates?: string[] }
+    ) => unknown[];
+    pickLatestJobByDomains: (
+      jobs: unknown[],
+      options?: { siteDomain?: string | null; siteDomainCandidates?: string[] }
+    ) => unknown | null;
+    buildCompletedJobsSignature: (
+      jobs: unknown[],
+      options?: { siteDomain?: string | null; siteDomainCandidates?: string[] },
+      isActiveJobStatus?: (status: string) => boolean
+    ) => string;
+    buildChartJobsSignature: (
+      jobs: unknown[],
+      options?: { siteDomain?: string | null; siteDomainCandidates?: string[] }
+    ) => string;
+    subscribeToJobUpdates: (options: {
+      orgId: string;
+      onUpdate: () => void;
+      supabaseClient?: SupabaseClient | null;
+      channelName?: string;
+      getFallbackInterval?: () => number;
+      onSubscriptionIssue?: (status?: string, err?: Error) => void;
+    }) => () => void;
+  };
+  shell: {
+    initSurfaceShell: (options?: {
+      profileButton?: HTMLElement | null;
+      profileDropdown?: HTMLElement | null;
+      notificationsContainer?: HTMLElement | null;
+      notificationsButton?: HTMLElement | null;
+      notificationsDropdown?: HTMLElement | null;
+      notificationsList?: HTMLElement | null;
+      notificationsBadge?: HTMLElement | null;
+      markAllReadButton?: HTMLElement | null;
+      onNavigate?: (path: string) => void;
+      onSignOut?: () => Promise<void> | void;
+      fetchNotifications?: (limit: number) => Promise<unknown>;
+      markNotificationRead?: (id: string) => Promise<void>;
+      markAllNotificationsRead?: () => Promise<void>;
+      subscribeToNotifications?: (
+        orgId: string,
+        onEvent: () => void
+      ) => Promise<() => void> | (() => void);
+    }) => {
+      refreshNotifications: (limit?: number) => Promise<unknown>;
+      renderNotificationsList: (limit?: number) => Promise<void>;
+      setActiveOrganisation: (nextOrganisationId: string) => void;
+      destroy: () => void;
+    };
+    renderProfileMenuSummary: (options?: {
+      emailNode?: Element | null;
+      organisationNode?: Element | null;
+      planNode?: Element | null;
+      usageNode?: Element | null;
+      email?: string;
+      organisationName?: string;
+      usage?: unknown | null;
+    }) => void;
+  };
+  settings: {
+    account: {
+      loadAccountDetails: (container: HTMLElement | null) => Promise<void>;
+      setupAccountActions: (
+        container: HTMLElement | null,
+        options?: { onNameSaved?: () => void }
+      ) => void;
+    };
+  };
+  view: {
+    renderUserAvatar: (options?: {
+      element?: HTMLElement | null;
+      displayName?: string;
+      email?: string;
+      avatarUrl?: string;
+    }) => Promise<void>;
+    renderUsage: (options?: {
+      usage?: unknown | null;
+      planNameText?: Element | null;
+      planRemainingValue?: Element | null;
+      profilePlanText?: Element | null;
+      profileUsageText?: Element | null;
+    }) => void;
+    renderOrganisations: (options?: {
+      select?: HTMLSelectElement | null;
+      organisations?: unknown[];
+      activeOrganisationId?: string;
+      emptyLabel?: string;
+    }) => void;
+    renderScheduleState: (options?: {
+      select?: HTMLSelectElement | null;
+      currentScheduler?: unknown | null;
+      placeholder?: string;
+      allowedValues?: string[];
+    }) => void;
+    renderJobState: (options?: {
+      jobSection?: HTMLElement | null;
+      job?: unknown | null;
+      isActiveJobStatus?: (status: string) => boolean;
+      context?: string;
+      onViewJob?: (path: string, job?: unknown) => void;
+      onExportJob?: (jobId: string, job?: unknown) => void;
+    }) => void;
+    renderRecentResults: (options?: {
+      latestResultsList?: HTMLElement | null;
+      recentResultsList?: HTMLElement | null;
+      noJobState?: HTMLElement | null;
+      noJobText?: Element | null;
+      noJobActionButton?: HTMLElement | null;
+      jobs?: unknown[];
+      siteDomain?: string | null;
+      siteDomainCandidates?: string[];
+      isActiveJobStatus?: (status: string) => boolean;
+      context?: string;
+      onViewJob?: (path: string, job?: unknown) => void;
+      onExportJob?: (jobId: string, job?: unknown) => void;
+      emptySelectionMessage?: string;
+      emptySiteMessage?: string;
+      emptyCompletedMessage?: string;
+      showEmptyAction?: boolean;
+    }) => void;
+    renderMiniChart: (options?: {
+      miniChart?: HTMLElement | null;
+      chartScaleLabels?: Element[];
+      jobs?: unknown[];
+      siteDomain?: string | null;
+      siteDomainCandidates?: string[];
+      onViewJob?: (path: string, job?: unknown) => void;
+    }) => void;
+  };
+  webflow: {
+    startWebflowConnection: () => Promise<{ auth_url?: string }>;
+    listWebflowConnections: () => Promise<unknown[]>;
+    findMatchingWebflowSite: (options: {
+      api?: typeof HoverLib.api;
+      connections?: unknown[];
+      siteDomain?: string | null;
+      siteDomainCandidates?: string[];
+      limit?: number;
+    }) => Promise<unknown | null>;
+    setWebflowSiteAutoPublish: (
+      siteId: string,
+      options: {
+        api?: typeof HoverLib.api;
+        connectionId: string;
+        enabled: boolean;
+      }
+    ) => Promise<void>;
+  };
 };
 
 type ScheduleOption = (typeof SCHEDULE_OPTIONS)[number] | "";
+type ExtensionView = "dashboard" | "settings-account";
 
 type ApiError = {
   status: number;
@@ -153,11 +378,6 @@ type Organisation = {
   name: string;
 };
 
-type OrganisationsResponse = {
-  organisations: Organisation[];
-  active_organisation_id?: string;
-};
-
 type UsageStats = {
   daily_limit: number;
   daily_used: number;
@@ -167,10 +387,6 @@ type UsageStats = {
   plan_display_name: string;
 };
 
-type UsageResponse = {
-  usage: UsageStats;
-};
-
 type JobItem = {
   id: string;
   status: string;
@@ -202,25 +418,6 @@ type JobItem = {
   };
 };
 
-type ExportColumn = {
-  key: string;
-  label: string;
-};
-
-type JobExportPayload = {
-  job_id: string;
-  domain?: string;
-  export_time?: string;
-  completed_at?: string | null;
-  export_type?: string;
-  columns?: ExportColumn[];
-  tasks?: Record<string, unknown>[];
-};
-
-type JobListResponse = {
-  jobs: JobItem[];
-};
-
 type Scheduler = {
   id: string;
   domain: string;
@@ -250,13 +447,6 @@ type WebflowSiteSetting = {
   scheduler_id?: string;
 };
 
-type WebflowSitesResponse = {
-  sites: WebflowSiteSetting[];
-  pagination?: {
-    has_next: boolean;
-  };
-};
-
 type AuthMessage = {
   source?: string;
   type?: string;
@@ -292,103 +482,24 @@ function extractErrorMessage(rawBody?: string): string {
   return rawBody;
 }
 
-// ---------------------------------------------------------------------------
-// Avatar helpers
-// ---------------------------------------------------------------------------
-
-async function getGravatarUrl(email: string, size = 80): Promise<string> {
-  const normalised = (email || "").trim().toLowerCase();
-  if (!normalised || !globalThis.crypto?.subtle) return "";
-  try {
-    const data = new TextEncoder().encode(normalised);
-    const digest = await globalThis.crypto.subtle.digest("SHA-256", data);
-    const hash = [...new Uint8Array(digest)]
-      .map((b) => b.toString(16).padStart(2, "0"))
-      .join("");
-    const params = new URLSearchParams({ s: String(size), d: "404" });
-    return `https://www.gravatar.com/avatar/${hash}?${params.toString()}`;
-  } catch {
-    return "";
-  }
-}
-
-async function renderAvatar(
-  target: HTMLElement,
-  email: string,
-  initials: string
-): Promise<void> {
-  const existingImg = target.querySelector("img");
-  if (existingImg) existingImg.remove();
-
-  target.textContent = initials;
-
-  const url = await getGravatarUrl(email, 80);
-  if (!url) return;
-
-  const img = document.createElement("img");
-  img.src = url;
-  img.alt = "User avatar";
-  img.loading = "lazy";
-  img.decoding = "async";
-  img.addEventListener(
-    "load",
-    () => {
-      target.textContent = "";
-      target.appendChild(img);
-    },
-    { once: true }
-  );
-  img.addEventListener(
-    "error",
-    () => {
-      if (img.parentNode) img.parentNode.removeChild(img);
-      target.textContent = initials;
-    },
-    { once: true }
-  );
-}
-
 async function updateAvatarFromState(): Promise<void> {
-  const avatarEl = document.querySelector<HTMLElement>(
-    ".topbar-profile-avatar"
-  );
+  const avatarEl = ui.profileAvatar as HTMLElement | null;
   if (!avatarEl) return;
 
-  const displayName = state.userDisplayName || state.userEmail || "";
-  const initials = displayName ? HoverLib.fmt.getInitials(displayName) : "?";
-
-  // Use the OAuth avatar_url from the auth postMessage if available,
-  // otherwise fall back to Gravatar via the shared renderAvatar helper.
-  if (state.userAvatarUrl) {
-    const existingImg = avatarEl.querySelector("img");
-    if (existingImg) existingImg.remove();
-    avatarEl.textContent = initials;
-
-    const img = document.createElement("img");
-    img.src = state.userAvatarUrl;
-    img.alt = "User avatar";
-    img.loading = "lazy";
-    img.decoding = "async";
-    img.addEventListener(
-      "load",
-      () => {
-        avatarEl.textContent = "";
-        avatarEl.appendChild(img);
-      },
-      { once: true }
-    );
-    img.addEventListener(
-      "error",
-      () => {
-        if (img.parentNode) img.parentNode.removeChild(img);
-        avatarEl.textContent = initials;
-      },
-      { once: true }
-    );
-    return;
-  }
+  await HoverLib.view.renderUserAvatar({
+    element: avatarEl,
+    displayName: state.userDisplayName || state.userEmail || "",
+    email: state.userEmail || "",
+    avatarUrl: state.userAvatarUrl || "",
+  });
+}
 
-  await renderAvatar(avatarEl, state.userEmail ?? "", initials);
+function getActiveOrganisationName(): string {
+  return (
+    state.organisations.find(
+      (organisation) => organisation.id === state.activeOrganisationId
+    )?.name || "Organisation"
+  );
 }
 
 const ui = {
@@ -406,13 +517,24 @@ const ui = {
   signInButton: document.getElementById("signInButton"),
 
   // Top bar
+  homeButton: document.getElementById("homeButton"),
+  profileMenuButton: document.getElementById("profileMenuButton"),
+  profileMenuDropdown: document.getElementById("profileMenuDropdown"),
+  profileAvatar: document.getElementById("profileAvatar"),
+  profileEmail: document.getElementById("profileEmail"),
+  profileOrgName: document.getElementById("profileOrgName"),
+  profilePlanText: document.getElementById("profilePlanText"),
+  profileUsageText: document.getElementById("profileUsageText"),
+  notificationsContainer: document.getElementById("notificationsContainer"),
+  notificationsButton: document.getElementById("notificationsBtn"),
+  notificationsDropdown: document.getElementById("notificationsDropdown"),
+  notificationsList: document.getElementById("notificationsList"),
+  notificationsBadge: document.getElementById("notificationsBadge"),
+  markAllReadButton: document.getElementById("markAllReadBtn"),
   orgSelect: document.getElementById("orgSelect") as HTMLSelectElement | null,
-  planNameText: document.getElementById("planNameText"),
-  planRemainingText: document.getElementById("planRemainingText"),
-  planRemainingValue: document.getElementById("planRemainingValue"),
-  settingsButton: document.getElementById("settingsButton"),
 
   // Action bar
+  actionBar: document.querySelector(".action-bar"),
   runNowButton: document.getElementById("runNowButton"),
   scheduleSelect: document.getElementById(
     "scheduleSelect"
@@ -439,6 +561,15 @@ const ui = {
   // Footer
   feedbackButton: document.getElementById("feedbackButton"),
   helpButton: document.getElementById("helpButton"),
+  panelFooter: document.querySelector(".panel-footer"),
+  contentScroll: document.querySelector(".content-scroll"),
+  settingsAccountView: document.getElementById("settingsAccountView"),
+  settingsBackButton: document.getElementById("settingsBackButton"),
+  extensionAccountSection: document.getElementById("extensionAccountSection"),
+  settingsProfileGroupTitle: document.getElementById(
+    "settingsProfileGroupTitle"
+  ),
+  settingsOrgGroupTitle: document.getElementById("settingsOrgGroupTitle"),
 };
 
 type ExtensionState = {
@@ -483,25 +614,33 @@ let jobStatusPoller: number | null = null;
 let jobPollInFlight = false;
 let lastCompletedJobsSignature = "";
 let lastChartJobsSignature = "";
+let crossSurfaceOrgRefreshInFlight = false;
+let shellChrome: ReturnType<typeof HoverLib.shell.initSurfaceShell> | null =
+  null;
+let extensionView: ExtensionView = "dashboard";
+let accountSettingsBound = false;
+let accountSettingsLayoutBound = false;
 
 // Supabase realtime state
 let supabaseClient: SupabaseClient | null = null;
-let jobsChannel: RealtimeChannel | null = null;
-let subscribeRetryCount = 0;
-let subscribeRetryTimeoutId: number | null = null;
-let fallbackPollingIntervalId: number | null = null;
-let lastRealtimeRefresh = 0;
-let throttleTimeoutId: number | null = null;
 let isRealtimeRefreshing = false;
-let cleanupHandlerRegistered = false;
+let jobsSubscriptionCleanup: (() => void) | null = null;
 
 function getStoredBaseUrl(): string {
+  const extensionWindow = window as ExtensionWindow;
+  const runtimeBaseUrl = String(
+    extensionWindow.HOVER_EXTENSION_CONFIG?.appOrigin || ""
+  ).trim();
+  if (runtimeBaseUrl) {
+    return runtimeBaseUrl.replace(/\/+$/, "");
+  }
+
   const storedBaseUrl = localStorage.getItem(API_BASE_STORAGE_KEY);
   if (!storedBaseUrl) {
     return DEFAULT_GNH_APP_ORIGIN;
   }
 
-  if (LEGACY_EXTENSION_APP_ORIGINS.has(storedBaseUrl)) {
+  if (/^https:\/\/hover-pr-\d+\.fly\.dev\/?$/i.test(storedBaseUrl)) {
     return DEFAULT_GNH_APP_ORIGIN;
   }
 
@@ -592,10 +731,113 @@ async function initSupabaseClient(): Promise<SupabaseClient | null> {
     access_token: state.token,
     refresh_token: "",
   });
+  (window as ExtensionWindow).HOVER_EXTENSION_SUPABASE_CLIENT = supabaseClient;
 
   return supabaseClient;
 }
 
+function pickUserDisplayName(
+  metadata: Record<string, unknown> | null | undefined
+): string {
+  const firstName = String(
+    metadata?.given_name || metadata?.first_name || ""
+  ).trim();
+  const lastName = String(
+    metadata?.family_name || metadata?.last_name || ""
+  ).trim();
+  const fullName = String(metadata?.full_name || metadata?.name || "").trim();
+  return fullName || [firstName, lastName].filter(Boolean).join(" ").trim();
+}
+
+function pickUserAvatarUrl(
+  user:
+    | {
+        user_metadata?: Record<string, unknown> | null;
+        identities?: Array<{
+          identity_data?: Record<string, unknown> | null;
+        } | null> | null;
+      }
+    | null
+    | undefined
+): string {
+  const metadata =
+    (user?.user_metadata as Record<string, unknown> | null | undefined) || null;
+  const directAvatar = String(
+    metadata?.avatar_url || metadata?.picture || metadata?.avatar || ""
+  ).trim();
+  if (directAvatar) {
+    return directAvatar;
+  }
+
+  const identityAvatar = user?.identities
+    ?.map((identity) =>
+      String(identity?.identity_data?.avatar_url || "").trim()
+    )
+    .find(Boolean);
+
+  return identityAvatar || "";
+}
+
+async function loadCurrentUserIdentity(): Promise<void> {
+  const client = await initSupabaseClient();
+  if (client?.auth?.getUser) {
+    try {
+      const result = await client.auth.getUser();
+      const user = result?.data?.user;
+      const metadata =
+        (user?.user_metadata as Record<string, unknown> | null | undefined) ||
+        null;
+
+      if (user?.email) {
+        state.userEmail = user.email;
+      }
+
+      const displayName = pickUserDisplayName(metadata);
+      if (displayName) {
+        state.userDisplayName = displayName;
+      }
+
+      const avatarUrl = pickUserAvatarUrl(user);
+      if (avatarUrl) {
+        state.userAvatarUrl = avatarUrl;
+      }
+    } catch (error) {
+      console.warn("Unable to load current user identity", error);
+    }
+  }
+
+  if (state.userEmail && state.userDisplayName) {
+    return;
+  }
+
+  try {
+    const profile = (await HoverLib.api.get("/v1/auth/profile")) as {
+      user?: {
+        email?: string | null;
+        first_name?: string | null;
+        last_name?: string | null;
+        full_name?: string | null;
+      };
+    };
+    const user = profile?.user;
+    if (user?.email) {
+      state.userEmail = user.email;
+    }
+    const displayName =
+      String(user?.full_name || "").trim() ||
+      [user?.first_name || "", user?.last_name || ""]
+        .map((value) => String(value).trim())
+        .filter(Boolean)
+        .join(" ")
+        .trim();
+    if (displayName) {
+      state.userDisplayName = displayName;
+    }
+  } catch (error) {
+    console.warn("Unable to load profile identity fallback", error);
+  }
+}
+
 function asNode(element: Element | null): HTMLElement | null {
   return element instanceof HTMLElement ? element : null;
 }
@@ -608,18 +850,6 @@ function asSelect(element: Element | null): HTMLSelectElement | null {
   return element instanceof HTMLSelectElement ? element : null;
 }
 
-function getSiteDomainCandidates(): string[] {
-  const normalised = new Set(
-    state.siteDomainCandidates
-      .map((candidate) => normalizeDomain(candidate))
-      .filter(Boolean)
-  );
-  if (state.siteDomain) {
-    normalised.add(state.siteDomain);
-  }
-  return [...normalised];
-}
-
 function hide(el: HTMLElement | null): void {
   if (el) {
     el.classList.add("hidden");
@@ -639,15 +869,7 @@ function setText(node: Element | null, value: string): void {
 }
 
 function normalizeDomain(input: string): string {
-  const trimmed = input
-    .trim()
-    .toLowerCase()
-    .replace(/^https?:\/\//, "")
-    .replace(/^www\./, "");
-  if (!trimmed) {
-    return "";
-  }
-  return trimmed.split("/")[0] || trimmed;
+  return HoverLib.jobs.normaliseDomain(input);
 }
 
 function normalizeJobStatus(status: string): string {
@@ -661,38 +883,28 @@ function isActiveJobStatus(status: string): boolean {
 function pickLatestJobForCurrentSite(
   jobs: JobItem[] | undefined
 ): JobItem | null {
-  const candidates = getSiteDomainCandidates();
-  return (
-    jobs?.find((job) => {
-      const jobDomain = normalizeDomain(job.domains?.name || "");
-      return !candidates.length || candidates.includes(jobDomain);
-    }) || null
-  );
+  return (HoverLib.jobs.pickLatestJobByDomains(jobs || [], {
+    siteDomain: state.siteDomain,
+    siteDomainCandidates: state.siteDomainCandidates,
+  }) || null) as JobItem | null;
 }
 
 function buildCompletedJobsSignature(jobs: JobItem[] | undefined): string {
-  const completed = filterSiteJobs(jobs || [])
-    .filter((job) => !isActiveJobStatus(job.status))
-    .slice(0, 6);
-
-  return completed
-    .map(
-      (job) =>
-        `${job.id}:${job.status}:${job.total_tasks}:${job.completed_tasks}:${job.failed_tasks}:${job.skipped_tasks}:${job.completed_at || ""}`
-    )
-    .join("|");
+  return HoverLib.jobs.buildCompletedJobsSignature(
+    jobs || [],
+    {
+      siteDomain: state.siteDomain,
+      siteDomainCandidates: state.siteDomainCandidates,
+    },
+    isActiveJobStatus
+  );
 }
 
 function buildChartJobsSignature(jobs: JobItem[] | undefined): string {
-  const chartJobs = filterSiteJobs(jobs || [])
-    .filter((job) => normalizeJobStatus(job.status) === "completed")
-    .slice(0, 12);
-  return chartJobs
-    .map(
-      (job) =>
-        `${job.id}:${job.status}:${job.failed_tasks}:${job.skipped_tasks}:${job.completed_at || ""}:${job.total_tasks}`
-    )
-    .join("|");
+  return HoverLib.jobs.buildChartJobsSignature(jobs || [], {
+    siteDomain: state.siteDomain,
+    siteDomainCandidates: state.siteDomainCandidates,
+  });
 }
 
 function stopJobStatusPolling(): void {
@@ -703,10 +915,9 @@ function stopJobStatusPolling(): void {
 }
 
 function startJobStatusPolling(): void {
-  // When realtime is active, the realtime subscription + fallback polling
-  // handle all refreshes. Only start the legacy 6s poller if we have no
-  // realtime channel (e.g. Supabase config unavailable).
-  if (jobsChannel || fallbackPollingIntervalId) {
+  // When realtime is active, the shared subscription also owns fallback polling.
+  // Only start the legacy 6 s poller if we have no shared subscription.
+  if (jobsSubscriptionCleanup) {
     return;
   }
 
@@ -732,178 +943,77 @@ function startJobStatusPolling(): void {
 async function realtimeRefresh(): Promise<void> {
   if (isRealtimeRefreshing) return;
   isRealtimeRefreshing = true;
-  lastRealtimeRefresh = Date.now();
 
   try {
-    // Refresh both job state and usage stats, matching the dashboard pattern.
-    await Promise.all([refreshCurrentJob(), refreshUsage()]);
+    // Refresh both job state and organisation context so cross-surface org
+    // switches update quota, selected org, and the realtime subscription.
+    await Promise.all([refreshCurrentJob(), refreshOrganisationContext()]);
   } finally {
     isRealtimeRefreshing = false;
   }
 }
 
-async function refreshUsage(): Promise<void> {
+async function refreshOrganisationContext(): Promise<void> {
   if (!state.token) return;
 
   try {
-    const usageData = (await HoverLib.api.get("/v1/usage")) as UsageResponse;
-    state.usage = usageData.usage || null;
+    const previousOrganisationId = state.activeOrganisationId;
+    await loadUsageAndOrgs();
     renderUsage(state.usage);
-  } catch (error) {
-    // Non-critical — keep existing usage displayed.
-    console.warn("Failed to refresh usage stats:", error);
-  }
-}
-
-function throttledRealtimeRefresh(): void {
-  // Receiving a real event proves realtime works — stop fallback polling.
-  clearFallbackPolling();
-
-  const now = Date.now();
-  const timeSinceLastRefresh = now - lastRealtimeRefresh;
-
-  if (timeSinceLastRefresh >= REALTIME_DEBOUNCE_MS && !isRealtimeRefreshing) {
-    void realtimeRefresh();
-    return;
-  }
-
-  // Schedule a refresh when the throttle window expires.
-  if (!throttleTimeoutId && !isRealtimeRefreshing) {
-    const delay = REALTIME_DEBOUNCE_MS - timeSinceLastRefresh;
-    throttleTimeoutId = window.setTimeout(
-      () => {
-        throttleTimeoutId = null;
-        if (!isRealtimeRefreshing) {
-          void realtimeRefresh();
-        }
-      },
-      Math.max(delay, 100)
-    );
-  }
-}
-
-function startFallbackPolling(): void {
-  if (fallbackPollingIntervalId) return;
-
-  fallbackPollingIntervalId = window.setInterval(() => {
-    void realtimeRefresh();
-  }, FALLBACK_POLLING_INTERVAL_MS);
-}
 
-function clearFallbackPolling(): void {
-  if (fallbackPollingIntervalId) {
-    window.clearInterval(fallbackPollingIntervalId);
-    fallbackPollingIntervalId = null;
+    if (state.activeOrganisationId !== previousOrganisationId) {
+      renderOrganisations();
+      if (supabaseClient) {
+        subscribeToJobUpdates();
+      }
+    }
+  } catch (error) {
+    // Non-critical — keep existing org/quota state displayed.
+    console.warn("Failed to refresh organisation context:", error);
   }
 }
 
 function cleanupRealtimeSubscription(): void {
-  if (subscribeRetryTimeoutId) {
-    window.clearTimeout(subscribeRetryTimeoutId);
-    subscribeRetryTimeoutId = null;
-  }
-
-  if (throttleTimeoutId) {
-    window.clearTimeout(throttleTimeoutId);
-    throttleTimeoutId = null;
+  if (jobsSubscriptionCleanup) {
+    jobsSubscriptionCleanup();
+    jobsSubscriptionCleanup = null;
   }
-
-  clearFallbackPolling();
-
-  if (jobsChannel && supabaseClient) {
-    void supabaseClient.removeChannel(jobsChannel);
-    jobsChannel = null;
-  }
-
-  subscribeRetryCount = 0;
-  cleanupHandlerRegistered = false;
 }
 
-async function subscribeToJobUpdates(): Promise<void> {
+function subscribeToJobUpdates(): void {
   const orgId = state.activeOrganisationId;
   if (!orgId || !supabaseClient) {
-    if (subscribeRetryCount < MAX_SUBSCRIBE_RETRIES) {
-      subscribeRetryCount++;
-      subscribeRetryTimeoutId = window.setTimeout(
-        () => void subscribeToJobUpdates(),
-        SUBSCRIBE_RETRY_INTERVAL_MS
-      );
-    } else {
-      console.warn("[Realtime] Max retries reached, enabling fallback polling");
-      startFallbackPolling();
-    }
     return;
   }
 
-  // Reset retry state on success.
-  subscribeRetryCount = 0;
-  subscribeRetryTimeoutId = null;
-
-  // Clean up existing subscription if any.
-  if (jobsChannel && supabaseClient) {
-    try {
-      await supabaseClient.removeChannel(jobsChannel);
-    } catch (_e) {
-      // Ignore removal errors.
-    }
-    jobsChannel = null;
-  }
-
-  // Register cleanup handler once.
-  if (!cleanupHandlerRegistered) {
-    window.addEventListener("beforeunload", cleanupRealtimeSubscription);
-    cleanupHandlerRegistered = true;
-  }
-
-  try {
-    const channel = supabaseClient
-      .channel(`jobs-changes:${orgId}`)
-      .on(
-        "postgres_changes",
-        {
-          event: "UPDATE",
-          schema: "public",
-          table: "jobs",
-          filter: `organisation_id=eq.${orgId}`,
-        },
-        () => throttledRealtimeRefresh()
-      )
-      .on(
-        "postgres_changes",
-        {
-          event: "INSERT",
-          schema: "public",
-          table: "jobs",
-          filter: `organisation_id=eq.${orgId}`,
-        },
-        () => throttledRealtimeRefresh()
-      )
-      .on(
-        "postgres_changes",
-        {
-          event: "DELETE",
-          schema: "public",
-          table: "jobs",
-          filter: `organisation_id=eq.${orgId}`,
-        },
-        () => throttledRealtimeRefresh()
-      )
-      .subscribe((status, err) => {
-        if (status === "CHANNEL_ERROR" || status === "TIMED_OUT" || err) {
-          console.warn(
-            "[Realtime] Connection issue, fallback polling will continue"
-          );
-        }
-        // Fallback polling stops only when we receive an actual realtime event.
-      });
-
-    // Start fallback polling immediately — cleared when a real event arrives.
-    startFallbackPolling();
-    jobsChannel = channel;
-  } catch (err) {
-    console.error("[Realtime] Failed to subscribe to jobs:", err);
-    startFallbackPolling();
-  }
+  // The shared subscription owns realtime fallback polling, so the older
+  // active-job interval must stop before we hand control across.
+  stopJobStatusPolling();
+  cleanupRealtimeSubscription();
+  jobsSubscriptionCleanup = HoverLib.jobs.subscribeToJobUpdates({
+    orgId,
+    onUpdate: () => {
+      void realtimeRefresh();
+    },
+    supabaseClient,
+    channelName: `jobs-changes:${orgId}`,
+    getFallbackInterval: () => FALLBACK_POLLING_INTERVAL_MS,
+    onSubscriptionIssue: (status, err) => {
+      if (
+        status === "CHANNEL_ERROR" ||
+        status === "TIMED_OUT" ||
+        status === "SUBSCRIBE_FAILED" ||
+        status === "MAX_RETRIES" ||
+        err
+      ) {
+        console.warn(
+          "[Realtime] Connection issue, fallback polling will continue",
+          status,
+          err
+        );
+      }
+    },
+  });
 }
 
 // ---------------------------------------------------------------------------
@@ -916,22 +1026,23 @@ async function refreshCurrentJob(): Promise<void> {
 
   try {
     jobPollInFlight = true;
-    const response = (await HoverLib.api.get(
-      "/v1/jobs?limit=50&include=stats"
-    )) as JobListResponse;
-    const latest = pickLatestJobForCurrentSite(response.jobs);
+    const jobs = (await HoverLib.jobs.fetchJobs({
+      limit: 50,
+      include: "stats",
+    })) as JobItem[];
+    const latest = pickLatestJobForCurrentSite(jobs);
     state.currentJob = latest;
     renderJobState(state.currentJob);
 
-    const completedSignature = buildCompletedJobsSignature(response.jobs);
+    const completedSignature = buildCompletedJobsSignature(jobs);
     if (completedSignature !== lastCompletedJobsSignature) {
-      renderRecentResults(response.jobs);
+      renderRecentResults(jobs);
       lastCompletedJobsSignature = completedSignature;
     }
 
-    const chartSignature = buildChartJobsSignature(response.jobs);
+    const chartSignature = buildChartJobsSignature(jobs);
     if (chartSignature !== lastChartJobsSignature) {
-      renderMiniChart(response.jobs);
+      renderMiniChart(jobs);
       lastChartJobsSignature = chartSignature;
     }
 
@@ -1125,11 +1236,23 @@ async function setExtensionSizeForAuthState(isAuthed: boolean): Promise<void> {
   }
 }
 
+async function setExtensionSizeForView(view: ExtensionView): Promise<void> {
+  try {
+    await webflow.setExtensionSize(
+      view === "settings-account"
+        ? ACCOUNT_SETTINGS_EXTENSION_SIZE
+        : AUTHENTICATED_EXTENSION_SIZE
+    );
+  } catch (error) {
+    console.warn("Unable to set extension size", error);
+  }
+}
+
 function renderAuthState(isAuthed: boolean): void {
   if (isAuthed) {
     hide(asNode(ui.unauthState));
     show(asNode(ui.authState));
-    void setExtensionSizeForAuthState(true);
+    void setExtensionSizeForView(extensionView);
     return;
   }
 
@@ -1138,185 +1261,194 @@ function renderAuthState(isAuthed: boolean): void {
   void setExtensionSizeForAuthState(false);
 }
 
-// ---------------------------------------------------------------------------
-// Rendering helpers
-// ---------------------------------------------------------------------------
+function renderView(): void {
+  const showSettingsAccount = extensionView === "settings-account";
 
-/** Show the in-progress card only for active jobs; hide for completed/none. */
-function renderJobState(job: JobItem | null): void {
-  const section = asNode(ui.jobSection);
-  if (!job || !isActiveJobStatus(job.status)) {
-    stopJobStatusPolling();
-    hide(section);
-    return;
+  if (showSettingsAccount) {
+    hide(asNode(ui.actionBar));
+    hide(asNode(ui.statusBlock));
+    hide(asNode(ui.contentScroll));
+    hide(asNode(ui.panelFooter));
+    show(asNode(ui.settingsAccountView));
+  } else {
+    show(asNode(ui.actionBar));
+    show(asNode(ui.statusBlock));
+    show(asNode(ui.contentScroll));
+    show(asNode(ui.panelFooter));
+    hide(asNode(ui.settingsAccountView));
   }
 
-  const hoverJobCard = (window as any).HoverJobCard;
-  const card: HTMLElement = hoverJobCard
-    ? hoverJobCard.createJobCard(job, { context: "extension" })
-    : buildResultCardFallback(job, false);
-
-  if (section) {
-    section.replaceChildren(card);
-    card.addEventListener("hover-job-card:view", (e: Event) =>
-      openSettingsPage((e as CustomEvent).detail.path)
-    );
-    card.addEventListener("hover-job-card:export", (e: Event) => {
-      void exportJob((e as CustomEvent).detail.jobId);
-    });
-    show(section);
+  if (state.token) {
+    void setExtensionSizeForView(extensionView);
   }
 }
 
-function asCount(value: unknown): number {
-  if (typeof value !== "number" || !Number.isFinite(value)) {
-    return 0;
-  }
-  return Math.max(0, Math.floor(value));
+function renderSettingsSidebar(path: string): void {
+  document
+    .querySelectorAll<HTMLElement>("[data-settings-path]")
+    .forEach((element) => {
+      const isActive = element.dataset.settingsPath === path;
+      element.classList.toggle("active", isActive);
+      if (isActive) {
+        element.setAttribute("aria-current", "page");
+      } else {
+        element.removeAttribute("aria-current");
+      }
+    });
 }
 
-function getIssueCounts(job: JobItem): {
-  brokenLinks: number;
-  verySlow: number;
-  slow: number;
-} {
-  const buckets = job.stats?.slow_page_buckets;
-  const statsBrokenLinks = asCount(job.stats?.total_broken_links);
-  const fallbackBrokenLinks = asCount(job.failed_tasks);
-
-  if (job.stats && buckets) {
-    const verySlow = asCount(buckets.over_10s) + asCount(buckets["5_to_10s"]);
-    const slow = asCount(buckets["3_to_5s"]);
-    return {
-      brokenLinks: Math.max(statsBrokenLinks, fallbackBrokenLinks),
-      verySlow,
-      slow,
-    };
+function renderSettingsOrganisationGroupTitle(): void {
+  const heading = asNode(ui.settingsOrgGroupTitle);
+  if (!heading) {
+    return;
   }
-
-  return {
-    brokenLinks: fallbackBrokenLinks,
-    verySlow: 0,
-    slow: 0,
-  };
-}
-
-// ---------------------------------------------------------------------------
-// Recent results list (completed jobs only)
-// ---------------------------------------------------------------------------
-
-function filterSiteJobs(jobs: JobItem[]): JobItem[] {
-  const candidates = getSiteDomainCandidates();
-  return jobs.filter((job) => {
-    const jobDomain = normalizeDomain(job.domains?.name || "");
-    return !candidates.length || candidates.includes(jobDomain);
-  });
+  const activeOrg = state.organisations.find(
+    (organisation) => organisation.id === state.activeOrganisationId
+  );
+  heading.textContent = activeOrg?.name
+    ? `Manage ${activeOrg.name}`
+    : "Manage organisation";
 }
 
-function renderRecentResults(jobs: JobItem[]): void {
-  const latestContainer = ui.latestResultsList;
-  const recentContainer = ui.recentResultsList;
-  if (!latestContainer || !recentContainer) {
+function renderSettingsProfileGroupTitle(): void {
+  const heading = asNode(ui.settingsProfileGroupTitle);
+  if (!heading) {
     return;
   }
 
-  while (latestContainer.firstChild) {
-    latestContainer.removeChild(latestContainer.firstChild);
-  }
+  const firstName = asInput(
+    document.getElementById("settingsUserFirstNameInput")
+  )?.value.trim();
+  const lastName = asInput(
+    document.getElementById("settingsUserLastNameInput")
+  )?.value.trim();
+  const displayNameFromFields = [firstName, lastName].filter(Boolean).join(" ");
+  heading.textContent =
+    displayNameFromFields ||
+    state.userDisplayName ||
+    state.userEmail ||
+    "Profile";
+}
 
-  while (recentContainer.firstChild) {
-    recentContainer.removeChild(recentContainer.firstChild);
+function bindAccountSettingsLayout(): void {
+  if (accountSettingsLayoutBound) {
+    return;
   }
 
-  const siteJobs = filterSiteJobs(jobs);
-
-  // All completed / non-active jobs go here
-  const completedJobs = siteJobs.filter(
-    (job) => !isActiveJobStatus(job.status)
-  );
+  document
+    .querySelectorAll<HTMLElement>("[data-settings-path]")
+    .forEach((element) => {
+      element.addEventListener("click", () => {
+        const path = element.dataset.settingsPath;
+        if (!path) {
+          return;
+        }
+        openSettingsPage(path);
+      });
+    });
 
-  // Show/hide no-job state based on whether there are ANY jobs
-  if (siteJobs.length === 0) {
-    show(asNode(ui.noJobState));
-  } else {
-    hide(asNode(ui.noJobState));
-  }
+  accountSettingsLayoutBound = true;
+}
 
-  if (completedJobs.length === 0) {
-    const empty = document.createElement("p");
-    empty.className = "detail";
-    empty.textContent = "No completed runs yet.";
-    latestContainer.appendChild(empty);
+async function openAccountSettingsView(): Promise<void> {
+  if (!state.token || !ui.extensionAccountSection) {
     return;
   }
 
-  const groupedJobs = completedJobs.slice(0, 6);
-  const latestJob = groupedJobs[0] || null;
-  const recentJobs = groupedJobs.slice(1, 6);
-
-  const hoverJobCard = (window as any).HoverJobCard;
-
-  function makeCard(cardJob: JobItem, compact: boolean): HTMLElement {
-    const card: HTMLElement = hoverJobCard
-      ? hoverJobCard.createJobCard(cardJob, { context: "extension", compact })
-      : buildResultCardFallback(cardJob, compact);
-    card.addEventListener("hover-job-card:view", (e: Event) =>
-      openSettingsPage((e as CustomEvent).detail.path)
-    );
-    card.addEventListener("hover-job-card:export", (e: Event) => {
-      void exportJob((e as CustomEvent).detail.jobId);
+  extensionView = "settings-account";
+  renderSettingsSidebar(APP_ROUTES.account);
+  renderSettingsOrganisationGroupTitle();
+  bindAccountSettingsLayout();
+  renderView();
+
+  if (!accountSettingsBound) {
+    HoverLib.settings.account.setupAccountActions(ui.extensionAccountSection, {
+      onNameSaved: () => {
+        const firstName = asInput(
+          document.getElementById("settingsUserFirstNameInput")
+        )?.value.trim();
+        const lastName = asInput(
+          document.getElementById("settingsUserLastNameInput")
+        )?.value.trim();
+        const nextDisplayName = [firstName, lastName]
+          .filter(Boolean)
+          .join(" ")
+          .trim();
+        if (nextDisplayName) {
+          state.userDisplayName = nextDisplayName;
+          void updateAvatarFromState();
+        }
+        renderSettingsProfileGroupTitle();
+      },
     });
-    return card;
+    accountSettingsBound = true;
   }
 
-  if (latestJob) {
-    latestContainer.appendChild(makeCard(latestJob, false));
-  }
+  await HoverLib.settings.account.loadAccountDetails(
+    ui.extensionAccountSection
+  );
+  renderSettingsProfileGroupTitle();
+}
 
-  if (recentJobs.length > 0) {
-    for (const job of recentJobs) {
-      recentContainer.appendChild(makeCard(job, true));
-    }
-  }
+function openDashboardView(): void {
+  extensionView = "dashboard";
+  renderView();
 }
 
 // ---------------------------------------------------------------------------
-// Result card fallback (used only if hover-job-card.js fails to load)
+// Rendering helpers
 // ---------------------------------------------------------------------------
 
-function buildResultCardFallback(job: JobItem, compact = false): HTMLElement {
-  // Minimal fallback used only if hover-job-card.js fails to load.
-  const card = document.createElement("div");
-  card.className = compact
-    ? "result-card result-card--complete result-card--compact"
-    : "result-card result-card--complete";
-  const label = document.createElement("p");
-  label.textContent = String(job.status || "unknown");
-  card.appendChild(label);
-  return card;
+/** Show the in-progress card only for active jobs; hide for completed/none. */
+function renderJobState(job: JobItem | null): void {
+  const section = asNode(ui.jobSection);
+  if (!job || !isActiveJobStatus(job.status)) {
+    stopJobStatusPolling();
+  }
+  HoverLib.view.renderJobState({
+    jobSection: section,
+    job,
+    isActiveJobStatus,
+    context: "extension",
+    onViewJob: (path) => {
+      openSettingsPage(path);
+    },
+    onExportJob: (jobId) => {
+      void exportJob(jobId);
+    },
+  });
+}
+
+function renderRecentResults(jobs: JobItem[]): void {
+  HoverLib.view.renderRecentResults({
+    latestResultsList: asNode(ui.latestResultsList),
+    recentResultsList: asNode(ui.recentResultsList),
+    noJobState: asNode(ui.noJobState),
+    jobs,
+    siteDomain: state.siteDomain,
+    siteDomainCandidates: state.siteDomainCandidates,
+    isActiveJobStatus,
+    context: "extension",
+    onViewJob: (path) => {
+      openSettingsPage(path);
+    },
+    onExportJob: (jobId) => {
+      void exportJob(jobId);
+    },
+    emptySiteMessage: "No runs yet for this site.",
+  });
 }
 // Job export
 // ---------------------------------------------------------------------------
 
 async function exportJob(jobId: string): Promise<void> {
   try {
-    const payload = (await HoverLib.api.get(
-      `/v1/jobs/${jobId}/export`
-    )) as JobExportPayload;
-
-    const tasks = Array.isArray(payload.tasks) ? payload.tasks : [];
-    const { keys, headers } = prepareExportColumns(payload.columns, tasks);
-
-    const csvRows = [headers.join(",")];
-    for (const task of tasks) {
-      const values = keys.map((key) => escapeCSVValue(task[key]));
-      csvRows.push(values.join(","));
+    const result = await HoverLib.exports.downloadJobExport(jobId, {
+      api: HoverLib.api,
+    });
+    if (result.empty) {
+      setStatus("Export unavailable", "No tasks to export.");
     }
-
-    const csvContent = csvRows.join("\n");
-    const filenameBase = sanitizeForFilename(payload.domain || `job-${jobId}`);
-    const filename = `${filenameBase}-hover-export.csv`;
-    triggerFileDownload(csvContent, "text/csv", filename);
   } catch (error) {
     setStatus(
       "Export failed",
@@ -1325,207 +1457,47 @@ async function exportJob(jobId: string): Promise<void> {
   }
 }
 
-function prepareExportColumns(
-  columns: ExportColumn[] | undefined,
-  tasks: Record<string, unknown>[]
-): { keys: string[]; headers: string[] } {
-  if (Array.isArray(columns) && columns.length > 0) {
-    return {
-      keys: columns.map((column) => column.key),
-      headers: columns.map((column) => column.label || column.key),
-    };
-  }
-
-  const keySet = new Set<string>();
-  for (const task of tasks) {
-    Object.keys(task || {}).forEach((key) => keySet.add(key));
-  }
-
-  const keys = [...keySet];
-  return { keys, headers: keys };
-}
-
-// CSV/file utilities — delegated to shared formatters via HoverLib bridge
-const escapeCSVValue = (value: unknown): string =>
-  HoverLib?.fmt?.escapeCSVValue?.(value) ?? String(value ?? "");
-
-function triggerFileDownload(
-  content: string,
-  mimeType: string,
-  filename: string
-): void {
-  if (HoverLib?.fmt?.triggerFileDownload) {
-    HoverLib.fmt.triggerFileDownload(content, mimeType, filename);
-  }
-}
-
-const sanitizeForFilename = (value: string): string =>
-  HoverLib?.fmt?.sanitiseForFilename?.(value) ?? value;
-
 // ---------------------------------------------------------------------------
 // Mini chart
 // ---------------------------------------------------------------------------
 
 function renderMiniChart(jobs: JobItem[]): void {
-  const container = ui.miniChart;
-  if (!container) {
-    return;
-  }
-
-  while (container.firstChild) {
-    container.removeChild(container.firstChild);
-  }
-
-  const completedJobs = filterSiteJobs(jobs)
-    .filter((job) => normalizeJobStatus(job.status) === "completed")
-    .slice(0, 12);
-
-  if (completedJobs.length === 0) {
-    for (const label of ui.chartScaleLabels || []) {
-      label.textContent = "0";
-    }
-    return;
-  }
-
-  const chartRows = completedJobs
-    .filter(
-      (job) =>
-        normalizeJobStatus(job.status) === "completed" && Boolean(job.stats)
-    )
-    .map((job) => {
-      const { brokenLinks, verySlow, slow } = getIssueCounts(job);
-      const errorCount = brokenLinks;
-      const okCount = verySlow + slow;
-      const totalPages = Math.max(0, job.total_tasks);
-      return {
-        job,
-        errorCount,
-        okCount,
-        issueTotal: errorCount + okCount,
-        totalPages,
-      };
-    })
-    .filter((row) => row.issueTotal > 0 && row.totalPages > 0)
-    .reverse();
-
-  if (chartRows.length === 0) {
-    for (const label of ui.chartScaleLabels || []) {
-      label.textContent = "0";
-    }
-    return;
-  }
-
-  const maxIssues = Math.max(...chartRows.map((row) => row.issueTotal), 1);
-
-  const tickTop = maxIssues;
-  const tickMid = Math.round(maxIssues * 0.5);
-  const tickQuarter = Math.round(maxIssues * 0.25);
-  const tickValues = [tickTop, tickMid, tickQuarter, 0];
-
-  (ui.chartScaleLabels || []).forEach((label, index) => {
-    const value = tickValues[index] ?? 0;
-    label.textContent = String(value);
+  HoverLib.view.renderMiniChart({
+    miniChart: asNode(ui.miniChart),
+    chartScaleLabels: ui.chartScaleLabels,
+    jobs,
+    siteDomain: state.siteDomain,
+    siteDomainCandidates: state.siteDomainCandidates,
+    onViewJob: (path) => {
+      openSettingsPage(path);
+    },
   });
-
-  const minSegmentHeightPercent = 2;
-
-  for (const row of chartRows) {
-    const job = row.job;
-    const bar = document.createElement("div");
-    bar.className = "chart-bar";
-    bar.role = "button";
-    bar.tabIndex = 0;
-    const dateStr = HoverLib.fmt.formatDateTime(
-      job.completed_at || job.created_at
-    );
-    bar.title = `${dateStr}\nStatus: Completed\nOK: ${row.okCount}\nError: ${row.errorCount}\nTotal pages: ${job.total_tasks.toLocaleString()}`;
-
-    const detailPath = `${APP_ROUTES.viewJob}/${encodeURIComponent(job.id)}`;
-    bar.addEventListener("click", () => {
-      openSettingsPage(detailPath);
-    });
-    bar.addEventListener("keydown", (event) => {
-      if (event.key === "Enter" || event.key === " ") {
-        event.preventDefault();
-        openSettingsPage(detailPath);
-      }
-    });
-
-    if (row.okCount > 0) {
-      const seg = document.createElement("div");
-      seg.className = "chart-bar--warning";
-      const okHeight = Math.max(
-        minSegmentHeightPercent,
-        Math.min((row.okCount / maxIssues) * 100, 100)
-      );
-      seg.style.height = `${okHeight}%`;
-      bar.appendChild(seg);
-    }
-
-    if (row.errorCount > 0) {
-      const seg = document.createElement("div");
-      seg.className = "chart-bar--danger";
-      const errorHeight = Math.max(
-        minSegmentHeightPercent,
-        Math.min((row.errorCount / maxIssues) * 100, 100)
-      );
-      seg.style.height = `${errorHeight}%`;
-      bar.appendChild(seg);
-    }
-
-    if (bar.children.length > 0) {
-      container.appendChild(bar);
-    }
-  }
 }
 
 function renderUsage(usage: UsageStats | null): void {
-  if (!usage) {
-    if (ui.planNameText) {
-      ui.planNameText.innerHTML = "<strong>Plan:</strong> \u2014";
-    }
-    setText(ui.planRemainingValue, "\u2014");
-    return;
-  }
-
-  const plan = usage.plan_display_name || usage.plan_name || "Plan";
-  const limit = usage.daily_limit.toLocaleString();
-
-  if (ui.planNameText) {
-    ui.planNameText.innerHTML = `<strong>Plan:</strong> <strong>${plan}</strong> (${limit} / day)`;
-  }
-
-  const remaining = usage.daily_remaining.toLocaleString();
-  setText(ui.planRemainingValue, `${remaining} remaining`);
+  HoverLib.view.renderUsage({
+    usage,
+    profilePlanText: ui.profilePlanText,
+    profileUsageText: ui.profileUsageText,
+  });
+  HoverLib.shell.renderProfileMenuSummary({
+    emailNode: ui.profileEmail,
+    organisationNode: ui.profileOrgName,
+    planNode: ui.profilePlanText,
+    usageNode: ui.profileUsageText,
+    email: state.userEmail || "",
+    organisationName: getActiveOrganisationName(),
+    usage,
+  });
 }
 
 function renderOrganisations() {
-  const select = asSelect(ui.orgSelect);
-  if (!select) {
-    return;
-  }
-
-  while (select.firstChild) {
-    select.removeChild(select.firstChild);
-  }
-
-  if (state.organisations.length === 0) {
-    const placeholder = document.createElement("option");
-    placeholder.textContent = "No organisations";
-    placeholder.value = "";
-    select.appendChild(placeholder);
-    select.disabled = true;
-    return;
-  }
-
-  select.disabled = false;
-  state.organisations.forEach((org) => {
-    const option = document.createElement("option");
-    option.value = org.id;
-    option.textContent = org.name;
-    option.selected = org.id === state.activeOrganisationId;
-    select.appendChild(option);
+  HoverLib.view.renderOrganisations({
+    select: asSelect(ui.orgSelect),
+    organisations: state.organisations,
+    activeOrganisationId: state.activeOrganisationId,
   });
+  renderSettingsOrganisationGroupTitle();
 }
 
 function renderWebflowStatus(isConnected: boolean) {
@@ -1538,20 +1510,12 @@ function renderWebflowStatus(isConnected: boolean) {
 }
 
 function renderScheduleState(): void {
-  const scheduleSelect = asSelect(ui.scheduleSelect);
-  if (!scheduleSelect) {
-    return;
-  }
-
-  if (!state.currentScheduler || !state.currentScheduler.is_enabled) {
-    scheduleSelect.value = SCHEDULE_PLACEHOLDER;
-    return;
-  }
-
-  const hours = String(state.currentScheduler.schedule_interval_hours);
-  if (SCHEDULE_OPTIONS.includes(hours as any)) {
-    scheduleSelect.value = hours;
-  }
+  HoverLib.view.renderScheduleState({
+    select: asSelect(ui.scheduleSelect),
+    currentScheduler: state.currentScheduler,
+    placeholder: SCHEDULE_PLACEHOLDER,
+    allowedValues: [...SCHEDULE_OPTIONS],
+  });
 }
 
 function buildAppUrl(path: string): string {
@@ -1583,7 +1547,6 @@ function setDisabledAll(disabled: boolean): void {
     ui.scheduleSelect,
     ui.orgSelect,
     ui.webflowPublishToggle,
-    ui.settingsButton,
   ];
 
   for (const control of controls) {
@@ -1637,18 +1600,19 @@ async function loadLatestJob(): Promise<void> {
   }
 
   try {
-    const response = (await HoverLib.api.get(
-      "/v1/jobs?limit=50&include=stats"
-    )) as JobListResponse;
+    const jobs = (await HoverLib.jobs.fetchJobs({
+      limit: 50,
+      include: "stats",
+    })) as JobItem[];
 
-    const latest = pickLatestJobForCurrentSite(response.jobs);
+    const latest = pickLatestJobForCurrentSite(jobs);
 
     state.currentJob = latest;
     renderJobState(state.currentJob);
-    renderRecentResults(response.jobs);
-    renderMiniChart(response.jobs);
-    lastCompletedJobsSignature = buildCompletedJobsSignature(response.jobs);
-    lastChartJobsSignature = buildChartJobsSignature(response.jobs);
+    renderRecentResults(jobs);
+    renderMiniChart(jobs);
+    lastCompletedJobsSignature = buildCompletedJobsSignature(jobs);
+    lastChartJobsSignature = buildChartJobsSignature(jobs);
     startJobStatusPolling();
   } catch (error) {
     state.currentJob = null;
@@ -1670,15 +1634,19 @@ async function loadUsageAndOrgs(): Promise<void> {
     return;
   }
 
-  const [orgData, usageData] = (await Promise.all([
-    HoverLib.api.get("/v1/organisations"),
-    HoverLib.api.get("/v1/usage"),
-  ])) as [OrganisationsResponse, UsageResponse];
+  const context = (await HoverLib.organisations.loadOrganisationContext({
+    api: HoverLib.api,
+  })) as {
+    organisations: Organisation[];
+    activeOrganisationId: string;
+    usage: UsageStats | null;
+  };
 
-  state.organisations = orgData.organisations || [];
+  state.organisations = context.organisations || [];
   state.activeOrganisationId =
-    orgData.active_organisation_id || state.activeOrganisationId;
-  state.usage = usageData.usage || null;
+    context.activeOrganisationId || state.activeOrganisationId;
+  state.usage = context.usage || null;
+  shellChrome?.setActiveOrganisation(state.activeOrganisationId);
 }
 
 async function loadCurrentSchedule(): Promise<void> {
@@ -1688,24 +1656,26 @@ async function loadCurrentSchedule(): Promise<void> {
     return;
   }
 
-  const siteDomain = normalizeDomain(state.siteDomain);
-  const schedulers = (await HoverLib.api.get("/v1/schedulers")) as Scheduler[];
-  const matching = schedulers.find(
-    (scheduler) => normalizeDomain(scheduler.domain) === siteDomain
-  );
-  state.currentScheduler = matching || null;
+  const matching = (await HoverLib.schedulers.findSchedulerByDomain(
+    state.siteDomain,
+    {
+      api: HoverLib.api,
+    }
+  )) as Scheduler | null;
+  state.currentScheduler = matching;
   renderScheduleState();
 }
 
 async function findConnectedWebflowSite(): Promise<WebflowSiteSetting | null> {
   if (!state.token || !state.siteDomain) {
+    state.webflowConnected = false;
+    state.webflowAutoPublishEnabled = false;
     renderWebflowStatus(false);
     return null;
   }
 
-  const connections = (await HoverLib.api.get(
-    "/v1/integrations/webflow"
-  )) as WebflowConnection[];
+  const connections =
+    (await HoverLib.webflow.listWebflowConnections()) as WebflowConnection[];
 
   if (!connections || connections.length === 0) {
     state.webflowConnected = false;
@@ -1716,41 +1686,12 @@ async function findConnectedWebflowSite(): Promise<WebflowSiteSetting | null> {
 
   state.webflowConnected = true;
 
-  const candidates = getSiteDomainCandidates();
-  let matched: WebflowSiteSetting | null = null;
-
-  for (const connection of connections) {
-    let page = 1;
-
-    while (true) {
-      const sites = (await HoverLib.api.get(
-        `/v1/integrations/webflow/${connection.id}/sites?page=${page}&limit=50`
-      )) as WebflowSitesResponse;
-
-      const candidate = sites.sites?.find((site) => {
-        const domain = normalizeDomain(site.primary_domain);
-        return candidates.includes(domain);
-      });
-
-      if (candidate) {
-        matched = {
-          ...candidate,
-          connection_id: connection.id,
-        };
-        break;
-      }
-
-      if (!sites.pagination?.has_next) {
-        break;
-      }
-
-      page += 1;
-    }
-
-    if (matched) {
-      break;
-    }
-  }
+  const matched = (await HoverLib.webflow.findMatchingWebflowSite({
+    api: HoverLib.api,
+    connections,
+    siteDomain: state.siteDomain,
+    siteDomainCandidates: state.siteDomainCandidates,
+  })) as WebflowSiteSetting | null;
 
   if (matched) {
     state.webflowAutoPublishEnabled = Boolean(matched.auto_publish_enabled);
@@ -1786,9 +1727,13 @@ async function setWebflowAutoPublish(enabled: boolean): Promise<void> {
   };
 
   try {
-    await HoverLib.api.put(
-      `/v1/integrations/webflow/sites/${siteSetting.webflow_site_id}/auto-publish`,
-      payload
+    await HoverLib.webflow.setWebflowSiteAutoPublish(
+      siteSetting.webflow_site_id,
+      {
+        api: HoverLib.api,
+        connectionId: payload.connection_id,
+        enabled: payload.enabled,
+      }
     );
   } catch (error) {
     // Revert on failure.
@@ -1819,8 +1764,9 @@ async function setJobSchedule(value: ScheduleOption): Promise<void> {
   const domain = state.siteDomain;
   if (value === "off") {
     if (state.currentScheduler) {
-      await HoverLib.api.put(`/v1/schedulers/${state.currentScheduler.id}`, {
-        is_enabled: false,
+      await HoverLib.schedulers.disableScheduler(state.currentScheduler.id, {
+        api: HoverLib.api,
+        expectedIsEnabled: state.currentScheduler.is_enabled,
       });
     }
     state.currentScheduler = null;
@@ -1832,16 +1778,23 @@ async function setJobSchedule(value: ScheduleOption): Promise<void> {
   const scheduleHours = Number(value);
 
   if (!state.currentScheduler) {
-    const created = (await HoverLib.api.post("/v1/schedulers", {
+    const created = (await HoverLib.schedulers.saveSchedulerForDomain(
       domain,
-      schedule_interval_hours: scheduleHours,
-    })) as Scheduler;
+      scheduleHours,
+      {
+        api: HoverLib.api,
+      }
+    )) as Scheduler;
     state.currentScheduler = created;
     setStatus("Schedule enabled.", "");
   } else {
-    const updated = (await HoverLib.api.put(
-      `/v1/schedulers/${state.currentScheduler.id}`,
-      { schedule_interval_hours: scheduleHours, is_enabled: true }
+    const updated = (await HoverLib.schedulers.saveSchedulerForDomain(
+      domain,
+      scheduleHours,
+      {
+        api: HoverLib.api,
+        currentScheduler: state.currentScheduler,
+      }
     )) as Scheduler;
     state.currentScheduler = updated;
     setStatus("Schedule updated.", "");
@@ -1888,7 +1841,9 @@ function handleAuthError(error: unknown): void {
     if (apiError.status === 401) {
       setStoredToken(null);
       cleanupRealtimeSubscription();
+      shellChrome?.setActiveOrganisation("");
       supabaseClient = null;
+      (window as ExtensionWindow).HOVER_EXTENSION_SUPABASE_CLIENT = null;
       renderAuthState(false);
       setStatus("Session expired. Sign in again.", "");
       return;
@@ -1929,7 +1884,9 @@ async function refreshDashboard(): Promise<void> {
       state.currentScheduler = null;
       stopJobStatusPolling();
       cleanupRealtimeSubscription();
+      shellChrome?.setActiveOrganisation("");
       supabaseClient = null;
+      (window as ExtensionWindow).HOVER_EXTENSION_SUPABASE_CLIENT = null;
       renderJobState(null);
       renderRecentResults([]);
       renderMiniChart([]);
@@ -1939,12 +1896,14 @@ async function refreshDashboard(): Promise<void> {
       renderOrganisations();
       renderScheduleState();
       renderWebflowStatus(false);
+      openDashboardView();
       return;
     }
 
     try {
       await Promise.all([
         loadUsageAndOrgs(),
+        loadCurrentUserIdentity(),
         loadLatestJob(),
         loadCurrentSchedule(),
         findConnectedWebflowSite(),
@@ -1952,6 +1911,15 @@ async function refreshDashboard(): Promise<void> {
       renderUsage(state.usage);
       renderOrganisations();
       void updateAvatarFromState();
+      HoverLib.shell.renderProfileMenuSummary({
+        emailNode: ui.profileEmail,
+        organisationNode: ui.profileOrgName,
+        planNode: ui.profilePlanText,
+        usageNode: ui.profileUsageText,
+        email: state.userEmail || "",
+        organisationName: getActiveOrganisationName(),
+        usage: state.usage,
+      });
 
       // Initialise Supabase realtime; fall back to legacy polling on failure.
       const client = await initSupabaseClient();
@@ -1968,6 +1936,29 @@ async function refreshDashboard(): Promise<void> {
   }
 }
 
+async function syncActiveOrganisationFromStorage(
+  nextOrganisationId: string | null
+): Promise<void> {
+  if (!state.token || !nextOrganisationId) {
+    return;
+  }
+
+  if (
+    crossSurfaceOrgRefreshInFlight ||
+    nextOrganisationId === state.activeOrganisationId
+  ) {
+    return;
+  }
+
+  crossSurfaceOrgRefreshInFlight = true;
+  try {
+    state.activeOrganisationId = nextOrganisationId;
+    await refreshDashboard();
+  } finally {
+    crossSurfaceOrgRefreshInFlight = false;
+  }
+}
+
 async function switchOrganisation(): Promise<void> {
   const select = asSelect(ui.orgSelect);
   if (!select || !select.value) {
@@ -1976,8 +1967,8 @@ async function switchOrganisation(): Promise<void> {
 
   setDisabledAll(true);
   try {
-    await HoverLib.api.post("/v1/organisations/switch", {
-      organisation_id: select.value,
+    await HoverLib.organisations.switchOrganisation(select.value, {
+      api: HoverLib.api,
     });
     state.activeOrganisationId = select.value;
     await refreshDashboard();
@@ -1987,6 +1978,11 @@ async function switchOrganisation(): Promise<void> {
 }
 
 function openSettingsPage(path: string): void {
+  if (path === APP_ROUTES.account) {
+    void openAccountSettingsView();
+    return;
+  }
+
   const targetUrl = buildAppUrl(path);
   const popup = window.open(targetUrl, "_blank", "noopener,noreferrer");
   if (!popup) {
@@ -1994,6 +1990,36 @@ function openSettingsPage(path: string): void {
   }
 }
 
+async function subscribeToNotificationsChannel(
+  organisationId: string,
+  onEvent: () => void
+): Promise<() => void> {
+  const client = await initSupabaseClient();
+  if (!organisationId || !client) {
+    return () => {};
+  }
+
+  const channel = client
+    .channel(`hover-notifications:${organisationId}`)
+    .on(
+      "postgres_changes",
+      {
+        event: "INSERT",
+        schema: "public",
+        table: "notifications",
+        filter: `organisation_id=eq.${organisationId}`,
+      },
+      () => {
+        onEvent();
+      }
+    )
+    .subscribe();
+
+  return () => {
+    client.removeChannel(channel).catch(() => {});
+  };
+}
+
 async function connectWebflow(): Promise<void> {
   if (!state.token) {
     const token = await connectAccount();
@@ -2002,7 +2028,7 @@ async function connectWebflow(): Promise<void> {
     }
   }
 
-  const response = (await HoverLib.api.post("/v1/integrations/webflow")) as {
+  const response = (await HoverLib.webflow.startWebflowConnection()) as {
     auth_url: string;
   };
 
@@ -2119,9 +2145,11 @@ function initEventHandlers(): void {
     }
   });
 
-  // Auth: settings gear
-  ui.settingsButton?.addEventListener("click", () => {
-    openSettingsPage(APP_ROUTES.changePlan);
+  ui.homeButton?.addEventListener("click", () => {
+    openDashboardView();
+  });
+  ui.settingsBackButton?.addEventListener("click", () => {
+    openDashboardView();
   });
 
   // Auth: org switcher
@@ -2182,9 +2210,18 @@ async function initialise(): Promise<void> {
   window.addEventListener("beforeunload", () => {
     stopJobStatusPolling();
     cleanupRealtimeSubscription();
+    shellChrome?.destroy();
+  });
+  window.addEventListener("storage", (event) => {
+    if (event.key !== ACTIVE_ORG_STORAGE_KEY) {
+      return;
+    }
+    void syncActiveOrganisationFromStorage(event.newValue);
   });
   try {
-    localStorage.setItem(API_BASE_STORAGE_KEY, state.apiBaseUrl);
+    if (!(window as ExtensionWindow).HOVER_EXTENSION_CONFIG?.appOrigin) {
+      localStorage.setItem(API_BASE_STORAGE_KEY, state.apiBaseUrl);
+    }
   } catch (_error) {
     // ignore
   }
@@ -2199,6 +2236,30 @@ async function initialise(): Promise<void> {
 
   initHoverJobCard();
   initEventHandlers();
+  shellChrome = HoverLib.shell.initSurfaceShell({
+    profileButton: ui.profileMenuButton as HTMLElement | null,
+    profileDropdown: ui.profileMenuDropdown as HTMLElement | null,
+    notificationsContainer: ui.notificationsContainer as HTMLElement | null,
+    notificationsButton: ui.notificationsButton as HTMLElement | null,
+    notificationsDropdown: ui.notificationsDropdown as HTMLElement | null,
+    notificationsList: ui.notificationsList as HTMLElement | null,
+    notificationsBadge: ui.notificationsBadge as HTMLElement | null,
+    markAllReadButton: ui.markAllReadButton as HTMLElement | null,
+    onNavigate: (path) => {
+      openSettingsPage(path);
+    },
+    fetchNotifications: (limit) =>
+      HoverLib.api.get(`/v1/notifications?limit=${limit}`),
+    markNotificationRead: async (id) => {
+      await HoverLib.api.post(`/v1/notifications/${id}/read`);
+    },
+    markAllNotificationsRead: async () => {
+      await HoverLib.api.post("/v1/notifications/read-all");
+    },
+    subscribeToNotifications: (orgId, onEvent) =>
+      subscribeToNotificationsChannel(orgId, onEvent),
+  });
+  renderView();
   await refreshDashboard();
   renderAuthState(Boolean(state.token));