diff --git a/.gitignore b/.gitignore
index 06989d0..a9c48b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,4 +38,8 @@ docs/.hugo_build.lock
 
 # Generated docs-gen binary
 /gen-ai-docs
+
+# Generated drop-ui binary
+/ui
+/drop-ui
 .kubeconfig
diff --git a/Makefile b/Makefile
index de99a67..f5c4315 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,6 @@
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
+IMG_UI ?= drop-ui:latest
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -27,10 +28,18 @@ help: ## Display this help.
 build: ## Build manager binary.
 	go build -o bin/manager cmd/main.go
 
+.PHONY: build-ui
+build-ui: ## Build Drop Control Center UI binary.
+	go build -o bin/drop-ui ./cmd/ui/
+
 .PHONY: run
 run: ## Run controller from your host.
 	go run ./cmd/main.go
 
+.PHONY: run-ui
+run-ui: ## Run Drop Control Center UI from your host (requires kubeconfig).
+	go run ./cmd/ui/
+
 .PHONY: fmt
 fmt: ## Run go fmt.
 	go fmt ./...
diff --git a/README.md b/README.md
index 308e612..568230a 100644
--- a/README.md
+++ b/README.md
@@ -100,6 +100,46 @@ go build ./...     # compile
 tilt up
 ```
 
+## Drop Control Center UI
+
+A cyberpunk-themed tactical web UI for visualising the drop operator in real-time.
+
+### Views
+
+| View | Description |
+|------|-------------|
+| **TACTICAL** | Animated canvas radar showing nodes as stations, live "drop pod" ships flying from the central nexus to nodes during pulls, particle bursts on success |
+| **MATRIX** | Searchable & sortable table of all `CachedImage` resources with progress bars, cached-node chips, and phase filters |
+| **RECON** | Discovery policy inspector with YAML viewer, sync metadata, and a ranked list of auto-discovered images |
+
+### Run locally
+
+```bash
+make build-ui
+./bin/drop-ui --bind-address :8888
+# or directly:
+go run ./cmd/ui/ --bind-address :8888
+```
+
+Then open **http://localhost:8888** in your browser.
+
+### Deploy via Helm
+
+```bash
+helm install drop charts/drop -n drop-system --create-namespace \
+  --set ui.enabled=true \
+  --set ui.image.repository=ghcr.io/breee/drop-ui
+```
+
+To expose the UI with a `NodePort`:
+
+```bash
+helm upgrade drop charts/drop -n drop-system \
+  --set ui.enabled=true \
+  --set ui.service.type=NodePort \
+  --set ui.service.nodePort=30888
+```
+
 ## Docs
 
 Full documentation at **[breee.github.io/drop/](https://breee.github.io/drop/)** (GitHub Pages).
diff --git a/charts/drop/templates/ui-clusterrole.yaml b/charts/drop/templates/ui-clusterrole.yaml
new file mode 100644
index 0000000..307990c
--- /dev/null
+++ b/charts/drop/templates/ui-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.ui.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "drop.fullname" . }}-ui
+  labels:
+    {{- include "drop.labels" . | nindent 4 }}
+    app.kubernetes.io/component: ui
+rules:
+  - apiGroups: ["drop.corewire.io"]
+    resources: ["cachedimages", "cachedimagesets", "discoverypolicies", "pullpolicies"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["drop.corewire.io"]
+    resources: ["cachedimages/status", "cachedimagesets/status", "discoverypolicies/status"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+{{- end }}
diff --git a/charts/drop/templates/ui-clusterrolebinding.yaml b/charts/drop/templates/ui-clusterrolebinding.yaml
new file mode 100644
index 0000000..19ad695
--- /dev/null
+++ b/charts/drop/templates/ui-clusterrolebinding.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.ui.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "drop.fullname" . }}-ui
+  labels:
+    {{- include "drop.labels" . | nindent 4 }}
+    app.kubernetes.io/component: ui
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "drop.fullname" . }}-ui
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "drop.fullname" . }}-ui
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/drop/templates/ui-deployment.yaml b/charts/drop/templates/ui-deployment.yaml
new file mode 100644
index 0000000..d152b69
--- /dev/null
+++ b/charts/drop/templates/ui-deployment.yaml
@@ -0,0 +1,66 @@
+{{- if .Values.ui.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "drop.fullname" . }}-ui
+  labels:
+    {{- include "drop.labels" . | nindent 4 }}
+    app.kubernetes.io/component: ui
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "drop.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: ui
+  template:
+    metadata:
+      labels:
+        {{- include "drop.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: ui
+    spec:
+      serviceAccountName: {{ include "drop.fullname" . }}-ui
+      securityContext:
+        runAsNonRoot: true
+      containers:
+        - name: ui
+          image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.ui.image.pullPolicy }}
+          args:
+            - --bind-address=:{{ .Values.ui.port }}
+            - --poll-interval={{ .Values.ui.pollInterval }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.ui.port }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: http
+            initialDelaySeconds: 3
+            periodSeconds: 10
+          resources:
+            {{- toYaml .Values.ui.resources | nindent 12 }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
diff --git a/charts/drop/templates/ui-service.yaml b/charts/drop/templates/ui-service.yaml
new file mode 100644
index 0000000..a894b17
--- /dev/null
+++ b/charts/drop/templates/ui-service.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.ui.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "drop.fullname" . }}-ui
+  labels:
+    {{- include "drop.labels" . | nindent 4 }}
+    app.kubernetes.io/component: ui
+spec:
+  type: {{ .Values.ui.service.type }}
+  ports:
+    - port: {{ .Values.ui.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+      {{- if and (eq .Values.ui.service.type "NodePort") .Values.ui.service.nodePort }}
+      nodePort: {{ .Values.ui.service.nodePort }}
+      {{- end }}
+  selector:
+    {{- include "drop.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: ui
+{{- end }}
diff --git a/charts/drop/templates/ui-serviceaccount.yaml b/charts/drop/templates/ui-serviceaccount.yaml
new file mode 100644
index 0000000..9e083fb
--- /dev/null
+++ b/charts/drop/templates/ui-serviceaccount.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.ui.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "drop.fullname" . }}-ui
+  labels:
+    {{- include "drop.labels" . | nindent 4 }}
+    app.kubernetes.io/component: ui
+{{- end }}
diff --git a/charts/drop/values.yaml b/charts/drop/values.yaml
index 19429a4..4edeeb7 100644
--- a/charts/drop/values.yaml
+++ b/charts/drop/values.yaml
@@ -43,3 +43,27 @@ certManager:
 nodeSelector: {}
 tolerations: []
 affinity: {}
+
+# Drop Control Center UI
+ui:
+  # Set to true to deploy the Drop Control Center UI alongside the operator.
+  enabled: false
+  image:
+    repository: ghcr.io/breee/drop-ui
+    pullPolicy: IfNotPresent
+    tag: ""  # Defaults to Chart appVersion
+  # Port the UI container listens on.
+  port: 8888
+  # How often the UI polls Kubernetes for live SSE updates.
+  pollInterval: 10s
+  service:
+    type: ClusterIP
+    port: 8888
+    # nodePort: 30888  # Uncomment when type=NodePort
+  resources:
+    limits:
+      cpu: 100m
+      memory: 64Mi
+    requests:
+      cpu: 10m
+      memory: 32Mi
diff --git a/cmd/ui/main.go b/cmd/ui/main.go
new file mode 100644
index 0000000..7470034
--- /dev/null
+++ b/cmd/ui/main.go
@@ -0,0 +1,82 @@
+/*
+Copyright (c) 2026 Breee
+
+SPDX-License-Identifier: MIT
+*/
+
+// drop-ui is a standalone web server that serves the Drop Control Center UI.
+// It connects to the Kubernetes API to read drop.corewire.io CRDs and
+// exposes a REST + SSE API consumed by the browser.
+//
+// Usage:
+//
+//	drop-ui --bind-address :8888
+//	drop-ui --kubeconfig ~/.kube/config --bind-address :8888
+package main
+
+import (
+	"flag"
+	"net/http"
+	"os"
+	"time"
+
+	_ "k8s.io/client-go/plugin/pkg/client/auth"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+
+	dropv1alpha1 "github.com/Breee/drop/api/v1alpha1"
+	"github.com/Breee/drop/internal/ui"
+)
+
+var scheme = runtime.NewScheme()
+
+func init() {
+	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
+	utilruntime.Must(dropv1alpha1.AddToScheme(scheme))
+}
+
+func main() {
+	var bindAddr string
+	var pollInterval time.Duration
+
+	opts := zap.Options{Development: true}
+	opts.BindFlags(flag.CommandLine)
+	flag.StringVar(&bindAddr, "bind-address", ":8888", "Address the UI server listens on.")
+	flag.DurationVar(&pollInterval, "poll-interval", 10*time.Second, "How often to poll Kubernetes for live SSE updates.")
+	flag.Parse()
+
+	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
+	logger := ctrl.Log.WithName("drop-ui")
+
+	cfg, err := ctrl.GetConfig()
+	if err != nil {
+		logger.Error(err, "failed to get kubeconfig")
+		os.Exit(1)
+	}
+
+	c, err := client.New(cfg, client.Options{Scheme: scheme})
+	if err != nil {
+		logger.Error(err, "failed to create Kubernetes client")
+		os.Exit(1)
+	}
+
+	srv := ui.NewServer(c, pollInterval)
+	httpSrv := &http.Server{
+		Addr:         bindAddr,
+		Handler:      srv.Handler(),
+		ReadTimeout:  5 * time.Second,
+		WriteTimeout: 0, // SSE streams need no write timeout
+		IdleTimeout:  120 * time.Second,
+	}
+
+	logger.Info("Drop Control Center UI starting", "address", bindAddr)
+	if err := httpSrv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+		logger.Error(err, "server exited with error")
+		os.Exit(1)
+	}
+}
diff --git a/docs/go.mod b/docs/go.mod
index c0e3c3f..2bcc3cb 100644
--- a/docs/go.mod
+++ b/docs/go.mod
@@ -1,5 +1,3 @@
 module github.com/Breee/drop/docs
 
 go 1.26.0
-
-require github.com/imfing/hextra v0.12.3 // indirect
diff --git a/docs/go.sum b/docs/go.sum
index afa8680..e69de29 100644
--- a/docs/go.sum
+++ b/docs/go.sum
@@ -1,2 +0,0 @@
-github.com/imfing/hextra v0.12.3 h1:DZHY2rUWYteyzjlHi9r4n7Bb5e2Q+6LXe4C1Dqn0ZjM=
-github.com/imfing/hextra v0.12.3/go.mod h1:vi+yhpq8YPp/aghvJlNKVnJKcPJ/VyAEcfC1BSV9ARo=
diff --git a/go.sum b/go.sum
index 06ca73e..760283c 100644
--- a/go.sum
+++ b/go.sum
@@ -66,8 +66,6 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
-github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 h1:EwtI+Al+DeppwYX2oXJCETMO23COyaKGP6fHVpkpWpg=
 github.com/google/pprof v0.0.0-20260402051712-545e8a4df936/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -107,14 +105,8 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd
 github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.27.4 h1:fcEcQW/A++6aZAZQNUmNjvA9PSOzefMJBerHJ4t8v8Y=
-github.com/onsi/ginkgo/v2 v2.27.4/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
 github.com/onsi/ginkgo/v2 v2.29.0 h1:rfh+ZFjgJhYWRoIqVf3Uwx/W20yLrcrE2h2GmYVRaag=
 github.com/onsi/ginkgo/v2 v2.29.0/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44=
-github.com/onsi/gomega v1.39.0 h1:y2ROC3hKFmQZJNFeGAMeHZKkjBL65mIZcvrLQBF9k6Q=
-github.com/onsi/gomega v1.39.0/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4=
-github.com/onsi/gomega v1.40.0 h1:Vtol0e1MghCD2ZVIilPDIg44XSL9l2QAn8ZNaljWcJc=
-github.com/onsi/gomega v1.40.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A=
 github.com/onsi/gomega v1.41.0 h1:OwKp4pXNgVxf6sCplzYo794OFNuoL2q2SBMU5NSWOjA=
 github.com/onsi/gomega v1.41.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -192,36 +184,22 @@ go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 h1:fQsdNF2N+/YewlRZiricy4P1iimyPKZ/xwniHj8Q2a0=
 golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU=
-golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
-golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
 golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM=
 golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU=
-golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
-golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
 golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA=
 golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs=
 golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
 golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
-golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
-golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
 golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
 golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
-golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
-golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
 golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
 golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
-golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
-golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
 golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
 golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
-golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
-golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
 golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c=
 golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
diff --git a/internal/ui/server.go b/internal/ui/server.go
new file mode 100644
index 0000000..633ac72
--- /dev/null
+++ b/internal/ui/server.go
@@ -0,0 +1,478 @@
+/*
+Copyright (c) 2026 Breee
+
+SPDX-License-Identifier: MIT
+*/
+
+// Package ui provides the HTTP server for the Drop Control Center UI.
+package ui
+
+import (
+	"context"
+	"embed"
+	"encoding/json"
+	"fmt"
+	"io/fs"
+	"net/http"
+	"time"
+
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+
+	dropv1alpha1 "github.com/Breee/drop/api/v1alpha1"
+)
+
+//go:embed static
+var staticFiles embed.FS
+
+// NodeSummary is a simplified node for the UI.
+type NodeSummary struct {
+	Name   string            `json:"name"`
+	Ready  bool              `json:"ready"`
+	Labels map[string]string `json:"labels"`
+	Arch   string            `json:"arch,omitempty"`
+	OS     string            `json:"os,omitempty"`
+}
+
+// CachedImageSummary is a simplified CachedImage for the UI.
+type CachedImageSummary struct {
+	Name          string   `json:"name"`
+	Image         string   `json:"image"`
+	Tag           string   `json:"tag,omitempty"`
+	Digest        string   `json:"digest,omitempty"`
+	Phase         string   `json:"phase"`
+	Ready         string   `json:"ready"`
+	NodesReady    int32    `json:"nodesReady"`
+	NodesTargeted int32    `json:"nodesTargeted"`
+	NodesPulling  int32    `json:"nodesPulling"`
+	CachedNodes   []string `json:"cachedNodes"`
+	SetName       string   `json:"setName,omitempty"`
+	PolicyRef     string   `json:"policyRef,omitempty"`
+	Age           string   `json:"age"`
+}
+
+// CachedImageSetSummary is a simplified CachedImageSet for the UI.
+type CachedImageSetSummary struct {
+	Name          string `json:"name"`
+	Phase         string `json:"phase"`
+	ImagesManaged int32  `json:"imagesManaged"`
+	ImagesReady   int32  `json:"imagesReady"`
+	DiscoveryRef  string `json:"discoveryRef,omitempty"`
+	Age           string `json:"age"`
+}
+
+// DiscoveredImageEntry is a single image from a discovery source.
+type DiscoveredImageEntry struct {
+	Image  string `json:"image"`
+	Score  int64  `json:"score"`
+	Source string `json:"source"`
+}
+
+// DiscoveryPolicySummary is a simplified DiscoveryPolicy for the UI.
+type DiscoveryPolicySummary struct {
+	Name             string                 `json:"name"`
+	Phase            string                 `json:"phase"`
+	ImageCount       int32                  `json:"imageCount"`
+	SourceCount      int32                  `json:"sourceCount"`
+	SyncInterval     string                 `json:"syncInterval,omitempty"`
+	MaxImages        int32                  `json:"maxImages"`
+	LastSync         string                 `json:"lastSync,omitempty"`
+	DiscoveredImages []DiscoveredImageEntry `json:"discoveredImages,omitempty"`
+	Spec             interface{}            `json:"spec"`
+	Age              string                 `json:"age"`
+}
+
+// StatusSummary provides overall cluster-level status for the UI.
+type StatusSummary struct {
+	TotalNodes     int `json:"totalNodes"`
+	ReadyNodes     int `json:"readyNodes"`
+	TotalImages    int `json:"totalImages"`
+	ReadyImages    int `json:"readyImages"`
+	PullingImages  int `json:"pullingImages"`
+	PendingImages  int `json:"pendingImages"`
+	DegradedImages int `json:"degradedImages"`
+	TotalSets      int `json:"totalSets"`
+	TotalPolicies  int `json:"totalPolicies"`
+}
+
+// FullPayload is the combined response for SSE updates.
+type FullPayload struct {
+	Nodes            []NodeSummary            `json:"nodes"`
+	CachedImages     []CachedImageSummary     `json:"cachedImages"`
+	CachedImageSets  []CachedImageSetSummary  `json:"cachedImageSets"`
+	DiscoveryPolicies []DiscoveryPolicySummary `json:"discoveryPolicies"`
+	Status           StatusSummary            `json:"status"`
+	Timestamp        string                   `json:"timestamp"`
+}
+
+// Server is the Drop UI HTTP server.
+type Server struct {
+	client   client.Client
+	pollInterval time.Duration
+}
+
+// NewServer creates a new UI server backed by the provided Kubernetes client.
+// A pollInterval <= 0 is replaced with the default of 10 seconds.
+func NewServer(c client.Client, pollInterval time.Duration) *Server {
+	if pollInterval <= 0 {
+		pollInterval = 10 * time.Second
+	}
+	return &Server{client: c, pollInterval: pollInterval}
+}
+
+// Handler returns the HTTP handler for the UI server.
+func (s *Server) Handler() http.Handler {
+	mux := http.NewServeMux()
+
+	staticFS, err := fs.Sub(staticFiles, "static")
+	if err != nil {
+		panic(fmt.Sprintf("ui: failed to sub static FS: %v", err))
+	}
+	mux.Handle("/", http.FileServer(http.FS(staticFS)))
+
+	// Lightweight health check used by the Helm readiness/liveness probes.
+	mux.HandleFunc("/healthz", func(w http.ResponseWriter, _ *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	})
+
+	mux.HandleFunc("/api/v1/nodes", s.withCORS(s.handleNodes))
+	mux.HandleFunc("/api/v1/cachedimages", s.withCORS(s.handleCachedImages))
+	mux.HandleFunc("/api/v1/cachedimagesets", s.withCORS(s.handleCachedImageSets))
+	mux.HandleFunc("/api/v1/discoverypolicies", s.withCORS(s.handleDiscoveryPolicies))
+	mux.HandleFunc("/api/v1/status", s.withCORS(s.handleStatus))
+	mux.HandleFunc("/api/v1/all", s.withCORS(s.handleAll))
+	mux.HandleFunc("/events", s.handleSSE)
+
+	return mux
+}
+
+// withCORS adds CORS headers. The UI is designed to be served in-cluster
+// (accessed via port-forward or NodePort); the wildcard origin is acceptable
+// for this internal tooling use-case.
+func (s *Server) withCORS(h http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Access-Control-Allow-Origin", "*")
+		w.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS")
+		w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
+		if r.Method == http.MethodOptions {
+			w.WriteHeader(http.StatusNoContent)
+			return
+		}
+		h(w, r)
+	}
+}
+
+func writeJSON(w http.ResponseWriter, v interface{}) {
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(v); err != nil {
+		http.Error(w, "encode error", http.StatusInternalServerError)
+	}
+}
+
+func (s *Server) handleNodes(w http.ResponseWriter, r *http.Request) {
+	nodes, err := s.fetchNodes(r.Context())
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, nodes)
+}
+
+func (s *Server) handleCachedImages(w http.ResponseWriter, r *http.Request) {
+	images, err := s.fetchCachedImages(r.Context())
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, images)
+}
+
+func (s *Server) handleCachedImageSets(w http.ResponseWriter, r *http.Request) {
+	sets, err := s.fetchCachedImageSets(r.Context())
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, sets)
+}
+
+func (s *Server) handleDiscoveryPolicies(w http.ResponseWriter, r *http.Request) {
+	policies, err := s.fetchDiscoveryPolicies(r.Context())
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, policies)
+}
+
+func (s *Server) handleStatus(w http.ResponseWriter, r *http.Request) {
+	payload, err := s.buildFullPayload(r.Context())
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, payload.Status)
+}
+
+func (s *Server) handleAll(w http.ResponseWriter, r *http.Request) {
+	payload, err := s.buildFullPayload(r.Context())
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	writeJSON(w, payload)
+}
+
+// handleSSE streams live updates to the browser via Server-Sent Events.
+func (s *Server) handleSSE(w http.ResponseWriter, r *http.Request) {
+	flusher, ok := w.(http.Flusher)
+	if !ok {
+		http.Error(w, "streaming unsupported", http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "text/event-stream")
+	w.Header().Set("Cache-Control", "no-cache")
+	w.Header().Set("Connection", "keep-alive")
+	w.Header().Set("Access-Control-Allow-Origin", "*")
+
+	logger := log.FromContext(r.Context()).WithName("ui-sse")
+
+	send := func() {
+		payload, err := s.buildFullPayload(r.Context())
+		if err != nil {
+			logger.V(1).Info("SSE fetch error", "error", err)
+			return
+		}
+		data, err := json.Marshal(payload)
+		if err != nil {
+			return
+		}
+		fmt.Fprintf(w, "data: %s\n\n", data)
+		flusher.Flush()
+	}
+
+	send() // immediate first event
+
+	ticker := time.NewTicker(s.pollInterval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-r.Context().Done():
+			return
+		case <-ticker.C:
+			send()
+		}
+	}
+}
+
+// --- Kubernetes fetch helpers ---
+
+func (s *Server) fetchNodes(ctx context.Context) ([]NodeSummary, error) {
+	var nodeList corev1.NodeList
+	if err := s.client.List(ctx, &nodeList); err != nil {
+		return nil, fmt.Errorf("list nodes: %w", err)
+	}
+
+	result := make([]NodeSummary, 0, len(nodeList.Items))
+	for i := range nodeList.Items {
+		n := &nodeList.Items[i]
+		ready := false
+		for _, c := range n.Status.Conditions {
+			if c.Type == corev1.NodeReady && c.Status == corev1.ConditionTrue {
+				ready = true
+				break
+			}
+		}
+		result = append(result, NodeSummary{
+			Name:   n.Name,
+			Ready:  ready,
+			Labels: n.Labels,
+			Arch:   n.Status.NodeInfo.Architecture,
+			OS:     n.Status.NodeInfo.OperatingSystem,
+		})
+	}
+	return result, nil
+}
+
+func (s *Server) fetchCachedImages(ctx context.Context) ([]CachedImageSummary, error) {
+	var list dropv1alpha1.CachedImageList
+	if err := s.client.List(ctx, &list); err != nil {
+		return nil, fmt.Errorf("list cachedimages: %w", err)
+	}
+
+	result := make([]CachedImageSummary, 0, len(list.Items))
+	for i := range list.Items {
+		ci := &list.Items[i]
+		setName := ci.Labels["drop.corewire.io/imageset"]
+		policyRef := ""
+		if ci.Spec.PolicyRef != nil {
+			policyRef = ci.Spec.PolicyRef.Name
+		}
+		cachedNodes := ci.Status.CachedNodes
+		if cachedNodes == nil {
+			cachedNodes = []string{}
+		}
+		result = append(result, CachedImageSummary{
+			Name:          ci.Name,
+			Image:         ci.Spec.Image,
+			Tag:           ci.Spec.Tag,
+			Digest:        ci.Spec.Digest,
+			Phase:         ci.Status.Phase,
+			Ready:         ci.Status.Ready,
+			NodesReady:    ci.Status.NodesReady,
+			NodesTargeted: ci.Status.NodesTargeted,
+			NodesPulling:  ci.Status.NodesPulling,
+			CachedNodes:   cachedNodes,
+			SetName:       setName,
+			PolicyRef:     policyRef,
+			Age:           formatAge(ci.CreationTimestamp.Time),
+		})
+	}
+	return result, nil
+}
+
+func (s *Server) fetchCachedImageSets(ctx context.Context) ([]CachedImageSetSummary, error) {
+	var list dropv1alpha1.CachedImageSetList
+	if err := s.client.List(ctx, &list); err != nil {
+		return nil, fmt.Errorf("list cachedimageset: %w", err)
+	}
+
+	result := make([]CachedImageSetSummary, 0, len(list.Items))
+	for i := range list.Items {
+		cis := &list.Items[i]
+		discRef := ""
+		if cis.Spec.DiscoveryPolicyRef != nil {
+			discRef = cis.Spec.DiscoveryPolicyRef.Name
+		}
+		result = append(result, CachedImageSetSummary{
+			Name:          cis.Name,
+			Phase:         cis.Status.Phase,
+			ImagesManaged: cis.Status.ImagesManaged,
+			ImagesReady:   cis.Status.ImagesReady,
+			DiscoveryRef:  discRef,
+			Age:           formatAge(cis.CreationTimestamp.Time),
+		})
+	}
+	return result, nil
+}
+
+func (s *Server) fetchDiscoveryPolicies(ctx context.Context) ([]DiscoveryPolicySummary, error) {
+	var list dropv1alpha1.DiscoveryPolicyList
+	if err := s.client.List(ctx, &list); err != nil {
+		return nil, fmt.Errorf("list discoverypolicies: %w", err)
+	}
+
+	result := make([]DiscoveryPolicySummary, 0, len(list.Items))
+	for i := range list.Items {
+		dp := &list.Items[i]
+
+		phase := ""
+		for _, c := range dp.Status.Conditions {
+			if c.Type == "Ready" {
+				phase = c.Reason
+				break
+			}
+		}
+
+		lastSync := ""
+		if dp.Status.LastSyncTime != nil {
+			lastSync = formatAge(dp.Status.LastSyncTime.Time)
+		}
+
+		discovered := make([]DiscoveredImageEntry, 0, len(dp.Status.DiscoveredImages))
+		for _, img := range dp.Status.DiscoveredImages {
+			discovered = append(discovered, DiscoveredImageEntry{
+				Image:  img.Image,
+				Score:  img.Score,
+				Source: img.Source,
+			})
+		}
+
+		result = append(result, DiscoveryPolicySummary{
+			Name:             dp.Name,
+			Phase:            phase,
+			ImageCount:       dp.Status.ImageCount,
+			SourceCount:      dp.Status.SourceCount,
+			SyncInterval:     dp.Spec.SyncInterval.Duration.String(),
+			MaxImages:        dp.Spec.MaxImages,
+			LastSync:         lastSync,
+			DiscoveredImages: discovered,
+			Spec:             dp.Spec,
+			Age:              formatAge(dp.CreationTimestamp.Time),
+		})
+	}
+	return result, nil
+}
+
+func (s *Server) buildFullPayload(ctx context.Context) (*FullPayload, error) {
+	nodes, err := s.fetchNodes(ctx)
+	if err != nil {
+		return nil, err
+	}
+	images, err := s.fetchCachedImages(ctx)
+	if err != nil {
+		return nil, err
+	}
+	sets, err := s.fetchCachedImageSets(ctx)
+	if err != nil {
+		return nil, err
+	}
+	policies, err := s.fetchDiscoveryPolicies(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	status := StatusSummary{
+		TotalNodes:    len(nodes),
+		TotalImages:   len(images),
+		TotalSets:     len(sets),
+		TotalPolicies: len(policies),
+	}
+	for _, n := range nodes {
+		if n.Ready {
+			status.ReadyNodes++
+		}
+	}
+	for _, img := range images {
+		switch img.Phase {
+		case "Ready":
+			status.ReadyImages++
+		case "Pulling":
+			status.PullingImages++
+		case "Pending":
+			status.PendingImages++
+		case "Degraded":
+			status.DegradedImages++
+		}
+	}
+
+	return &FullPayload{
+		Nodes:             nodes,
+		CachedImages:      images,
+		CachedImageSets:   sets,
+		DiscoveryPolicies: policies,
+		Status:            status,
+		Timestamp:         time.Now().UTC().Format(time.RFC3339),
+	}, nil
+}
+
+// formatAge returns a human-readable duration since t.
+func formatAge(t time.Time) string {
+	if t.IsZero() {
+		return ""
+	}
+	d := time.Since(t)
+	switch {
+	case d < time.Minute:
+		return fmt.Sprintf("%ds", int(d.Seconds()))
+	case d < time.Hour:
+		return fmt.Sprintf("%dm", int(d.Minutes()))
+	case d < 24*time.Hour:
+		return fmt.Sprintf("%dh", int(d.Hours()))
+	default:
+		return fmt.Sprintf("%dd", int(d.Hours()/24))
+	}
+}
diff --git a/internal/ui/static/index.html b/internal/ui/static/index.html
new file mode 100644
index 0000000..eb4a732
--- /dev/null
+++ b/internal/ui/static/index.html
@@ -0,0 +1,1220 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>DROP // CONTROL CENTER</title>
+<style>
+:root {
+  --bg:       #080810;
+  --bg2:      #0d0d1a;
+  --bg3:      #111126;
+  --border:   #1e1e42;
+  --cyan:     #00d4ff;
+  --green:    #00ff41;
+  --pink:     #ff006e;
+  --yellow:   #ffaa00;
+  --red:      #ff3333;
+  --purple:   #9d00ff;
+  --text:     #c8c8f0;
+  --text2:    #6060a0;
+  --font:     'Courier New', Courier, monospace;
+  --glow-c:   0 0 8px #00d4ff88, 0 0 20px #00d4ff33;
+  --glow-g:   0 0 8px #00ff4188, 0 0 20px #00ff4133;
+  --glow-p:   0 0 8px #ff006e88, 0 0 20px #ff006e33;
+}
+*{box-sizing:border-box;margin:0;padding:0}
+html,body{width:100%;height:100%;background:var(--bg);color:var(--text);font-family:var(--font);font-size:13px;overflow:hidden}
+
+/* ── SCANLINES OVERLAY ───────────────────────────────────────────── */
+body::after{
+  content:'';position:fixed;inset:0;pointer-events:none;z-index:9999;
+  background:repeating-linear-gradient(0deg,transparent,transparent 2px,rgba(0,0,0,.15) 2px,rgba(0,0,0,.15) 4px);
+}
+
+/* ── LAYOUT ──────────────────────────────────────────────────────── */
+#app{display:flex;flex-direction:column;height:100vh;overflow:hidden}
+
+/* ── HEADER ──────────────────────────────────────────────────────── */
+header{
+  flex-shrink:0;display:flex;align-items:center;gap:16px;
+  padding:8px 16px;border-bottom:1px solid var(--border);
+  background:var(--bg2);position:relative;overflow:hidden;
+}
+header::before{
+  content:'';position:absolute;inset:0;
+  background:linear-gradient(90deg,transparent,rgba(0,212,255,.04),transparent);
+  animation:hscroll 4s linear infinite;
+}
+@keyframes hscroll{0%{transform:translateX(-100%)}100%{transform:translateX(100%)}}
+
+.logo{
+  font-size:22px;font-weight:bold;letter-spacing:4px;
+  color:var(--cyan);text-shadow:var(--glow-c);
+  white-space:nowrap;
+}
+.logo span{color:var(--pink);text-shadow:var(--glow-p)}
+
+.status-bar{display:flex;gap:20px;flex:1;justify-content:center;flex-wrap:wrap}
+.stat{display:flex;flex-direction:column;align-items:center;gap:2px;min-width:60px}
+.stat-val{font-size:18px;font-weight:bold;line-height:1}
+.stat-lbl{font-size:9px;color:var(--text2);letter-spacing:1px;text-transform:uppercase}
+.stat-val.cyan{color:var(--cyan);text-shadow:var(--glow-c)}
+.stat-val.green{color:var(--green);text-shadow:var(--glow-g)}
+.stat-val.yellow{color:var(--yellow)}
+.stat-val.red{color:var(--red)}
+.stat-val.pink{color:var(--pink);text-shadow:var(--glow-p)}
+
+.clock{color:var(--text2);font-size:11px;white-space:nowrap;text-align:right}
+.conn-dot{
+  width:8px;height:8px;border-radius:50%;background:var(--green);
+  box-shadow:var(--glow-g);display:inline-block;margin-right:4px;
+  animation:blink 1.5s ease-in-out infinite;
+}
+.conn-dot.off{background:var(--red);box-shadow:none;animation:none}
+@keyframes blink{0%,100%{opacity:1}50%{opacity:.3}}
+
+/* ── NAV TABS ─────────────────────────────────────────────────────── */
+nav{
+  flex-shrink:0;display:flex;gap:0;
+  border-bottom:2px solid var(--border);background:var(--bg2);
+}
+.tab{
+  padding:8px 20px;cursor:pointer;border-right:1px solid var(--border);
+  color:var(--text2);letter-spacing:2px;font-size:11px;text-transform:uppercase;
+  transition:all .2s;position:relative;user-select:none;
+}
+.tab:hover{color:var(--cyan);background:rgba(0,212,255,.05)}
+.tab.active{
+  color:var(--cyan);background:rgba(0,212,255,.08);
+  border-bottom:2px solid var(--cyan);margin-bottom:-2px;
+  text-shadow:var(--glow-c);
+}
+.tab-icon{margin-right:6px}
+
+/* ── MAIN CONTENT ─────────────────────────────────────────────────── */
+main{flex:1;overflow:hidden;display:flex;position:relative}
+.view{position:absolute;inset:0;display:none;overflow:hidden}
+.view.active{display:flex}
+
+/* ── TACTICAL VIEW ────────────────────────────────────────────────── */
+#tactical{flex-direction:column}
+#tactical canvas{flex:1;width:100%;display:block}
+.tac-sidebar{
+  position:absolute;right:0;top:0;bottom:0;width:240px;
+  background:rgba(13,13,26,.9);border-left:1px solid var(--border);
+  overflow-y:auto;padding:12px;z-index:10;
+}
+.tac-sidebar h3{
+  color:var(--cyan);font-size:10px;letter-spacing:2px;text-transform:uppercase;
+  margin-bottom:8px;border-bottom:1px solid var(--border);padding-bottom:6px;
+}
+.node-list-item{
+  padding:6px 8px;margin-bottom:4px;border:1px solid var(--border);
+  background:var(--bg3);cursor:pointer;transition:all .2s;border-radius:2px;
+}
+.node-list-item:hover{border-color:var(--cyan);background:rgba(0,212,255,.06)}
+.node-list-item.selected{border-color:var(--cyan);box-shadow:var(--glow-c)}
+.node-name{color:var(--text);font-size:11px;margin-bottom:3px}
+.node-badges{display:flex;gap:4px;flex-wrap:wrap}
+.badge{
+  font-size:9px;padding:1px 5px;border-radius:2px;font-weight:bold;
+  letter-spacing:.5px;
+}
+.badge.ready{background:rgba(0,255,65,.15);color:var(--green);border:1px solid var(--green)}
+.badge.pulling{background:rgba(255,170,0,.15);color:var(--yellow);border:1px solid var(--yellow)}
+.badge.degraded{background:rgba(255,51,51,.15);color:var(--red);border:1px solid var(--red)}
+.badge.pending{background:rgba(0,212,255,.15);color:var(--cyan);border:1px solid var(--cyan)}
+.badge.notready{background:rgba(255,51,51,.15);color:var(--red);border:1px solid var(--red)}
+
+.tac-legend{
+  position:absolute;bottom:12px;left:12px;z-index:10;
+  background:rgba(13,13,26,.85);border:1px solid var(--border);
+  padding:8px 12px;font-size:10px;
+}
+.legend-row{display:flex;align-items:center;gap:6px;margin-bottom:4px}
+.legend-dot{width:10px;height:10px;border-radius:50%}
+
+/* ── MATRIX VIEW (TABLE) ──────────────────────────────────────────── */
+#matrix{flex-direction:column;overflow:hidden}
+.matrix-toolbar{
+  flex-shrink:0;padding:8px 16px;border-bottom:1px solid var(--border);
+  display:flex;gap:12px;align-items:center;background:var(--bg2);
+}
+.search-box{
+  background:var(--bg3);border:1px solid var(--border);color:var(--text);
+  padding:4px 10px;font-family:var(--font);font-size:12px;outline:none;
+  transition:border-color .2s;width:220px;
+}
+.search-box:focus{border-color:var(--cyan)}
+.search-box::placeholder{color:var(--text2)}
+.filter-btn{
+  background:transparent;border:1px solid var(--border);color:var(--text2);
+  padding:4px 10px;cursor:pointer;font-family:var(--font);font-size:11px;
+  transition:all .2s;letter-spacing:1px;
+}
+.filter-btn:hover,.filter-btn.active{
+  border-color:var(--cyan);color:var(--cyan);
+  background:rgba(0,212,255,.08);
+}
+.matrix-body{flex:1;overflow:auto}
+table{width:100%;border-collapse:collapse}
+th{
+  position:sticky;top:0;background:var(--bg2);
+  padding:8px 12px;text-align:left;font-size:10px;
+  letter-spacing:1px;text-transform:uppercase;color:var(--text2);
+  border-bottom:1px solid var(--border);cursor:pointer;user-select:none;
+  white-space:nowrap;
+}
+th:hover{color:var(--cyan)}
+th.sorted{color:var(--cyan)}
+th .sort-arrow{opacity:.5;margin-left:4px}
+td{
+  padding:7px 12px;border-bottom:1px solid rgba(30,30,66,.5);
+  vertical-align:middle;
+}
+tr:hover td{background:rgba(0,212,255,.03)}
+.img-ref{color:var(--text);font-size:12px}
+.img-ref .img-name{color:var(--cyan)}
+.img-ref .img-tag{color:var(--text2)}
+.phase-badge{
+  display:inline-block;padding:2px 8px;border-radius:2px;
+  font-size:10px;font-weight:bold;letter-spacing:.5px;
+}
+.phase-badge.Ready{background:rgba(0,255,65,.15);color:var(--green);border:1px solid rgba(0,255,65,.4)}
+.phase-badge.Pulling{background:rgba(255,170,0,.15);color:var(--yellow);border:1px solid rgba(255,170,0,.4)}
+.phase-badge.Pending{background:rgba(0,212,255,.15);color:var(--cyan);border:1px solid rgba(0,212,255,.4)}
+.phase-badge.Degraded{background:rgba(255,51,51,.15);color:var(--red);border:1px solid rgba(255,51,51,.4)}
+.progress-bar{
+  height:4px;background:var(--bg3);border-radius:2px;overflow:hidden;
+  min-width:80px;margin-top:3px;
+}
+.progress-fill{height:100%;border-radius:2px;transition:width .5s}
+.progress-fill.ready{background:var(--green);box-shadow:0 0 4px var(--green)}
+.progress-fill.pulling{background:var(--yellow)}
+.progress-fill.degraded{background:var(--red)}
+.node-chips{display:flex;gap:3px;flex-wrap:wrap;max-width:300px}
+.node-chip{
+  font-size:9px;padding:1px 5px;border-radius:2px;
+  background:rgba(0,255,65,.1);color:var(--green);
+  border:1px solid rgba(0,255,65,.3);
+}
+.empty-row td{text-align:center;color:var(--text2);padding:40px;font-size:12px}
+
+/* ── RECON VIEW (DISCOVERY) ───────────────────────────────────────── */
+#recon{flex-direction:row;overflow:hidden}
+.policy-list{
+  width:280px;flex-shrink:0;border-right:1px solid var(--border);
+  overflow-y:auto;background:var(--bg2);
+}
+.policy-list-header{
+  padding:10px 14px;border-bottom:1px solid var(--border);
+  font-size:10px;color:var(--text2);letter-spacing:2px;text-transform:uppercase;
+  display:flex;justify-content:space-between;align-items:center;
+}
+.policy-item{
+  padding:10px 14px;border-bottom:1px solid rgba(30,30,66,.5);
+  cursor:pointer;transition:all .2s;
+}
+.policy-item:hover{background:rgba(0,212,255,.05)}
+.policy-item.selected{
+  background:rgba(0,212,255,.08);border-left:2px solid var(--cyan);
+}
+.policy-item-name{color:var(--text);font-size:12px;margin-bottom:4px}
+.policy-item-meta{display:flex;gap:8px;font-size:10px;color:var(--text2)}
+.policy-detail{flex:1;overflow-y:auto;display:flex;flex-direction:column;gap:0}
+.detail-section{
+  border-bottom:1px solid var(--border);padding:14px 16px;
+}
+.detail-section h4{
+  font-size:10px;letter-spacing:2px;text-transform:uppercase;
+  color:var(--cyan);margin-bottom:10px;
+}
+.yaml-viewer{
+  background:var(--bg3);border:1px solid var(--border);
+  padding:10px 12px;font-size:11px;line-height:1.6;overflow-x:auto;
+  white-space:pre;color:var(--text);max-height:300px;overflow-y:auto;
+}
+.yaml-key{color:var(--cyan)}
+.yaml-str{color:var(--green)}
+.yaml-num{color:var(--yellow)}
+.yaml-bool{color:var(--pink)}
+.discovered-grid{display:grid;grid-template-columns:1fr auto auto;gap:1px;background:var(--border)}
+.disc-row{
+  display:contents;
+}
+.disc-row>div{
+  background:var(--bg3);padding:5px 8px;font-size:11px;
+}
+.disc-row>div:first-child{color:var(--text)}
+.disc-row>div:nth-child(2){color:var(--text2);text-align:center}
+.disc-row>div:nth-child(3){color:var(--yellow);text-align:right}
+.disc-header>div{
+  background:var(--bg2);color:var(--text2);font-size:9px;
+  letter-spacing:1px;text-transform:uppercase;
+}
+.no-policy{
+  flex:1;display:flex;align-items:center;justify-content:center;
+  color:var(--text2);font-size:12px;letter-spacing:2px;
+}
+
+/* ── SCROLLBARS ───────────────────────────────────────────────────── */
+::-webkit-scrollbar{width:6px;height:6px}
+::-webkit-scrollbar-track{background:var(--bg)}
+::-webkit-scrollbar-thumb{background:var(--border);border-radius:3px}
+::-webkit-scrollbar-thumb:hover{background:var(--text2)}
+
+/* ── TOOLTIP ──────────────────────────────────────────────────────── */
+#tooltip{
+  position:fixed;z-index:10000;pointer-events:none;
+  background:var(--bg2);border:1px solid var(--cyan);
+  padding:8px 12px;font-size:11px;color:var(--text);
+  box-shadow:var(--glow-c);display:none;max-width:280px;
+  line-height:1.5;
+}
+#tooltip.visible{display:block}
+
+/* ── LOADING OVERLAY ──────────────────────────────────────────────── */
+#loading{
+  position:fixed;inset:0;z-index:9998;background:var(--bg);
+  display:flex;flex-direction:column;align-items:center;justify-content:center;gap:16px;
+}
+#loading pre{
+  color:var(--green);font-size:12px;line-height:1.3;
+  text-shadow:var(--glow-g);animation:flicker 2s ease-in-out infinite;
+}
+@keyframes flicker{0%,100%{opacity:1}92%{opacity:1}95%{opacity:.4}97%{opacity:1}}
+.loading-msg{color:var(--cyan);font-size:12px;letter-spacing:2px;animation:blink 1s step-end infinite}
+</style>
+</head>
+<body>
+
+<div id="loading">
+<pre>
+  ██████╗ ██████╗  ██████╗ ██████╗
+  ██╔══██╗██╔══██╗██╔═══██╗██╔══██╗
+  ██║  ██║██████╔╝██║   ██║██████╔╝
+  ██║  ██║██╔══██╗██║   ██║██╔═══╝
+  ██████╔╝██║  ██║╚██████╔╝██║
+  ╚═════╝ ╚═╝  ╚═╝ ╚═════╝ ╚═╝
+
+  CONTROL CENTER // v0.1.0
+</pre>
+<div class="loading-msg">CONNECTING TO NEXUS…</div>
+</div>
+
+<div id="app" style="display:none">
+
+<!-- HEADER -->
+<header>
+  <div class="logo">DROP<span>//</span>CC</div>
+
+  <div class="status-bar">
+    <div class="stat">
+      <div class="stat-val cyan" id="s-nodes">—</div>
+      <div class="stat-lbl">Nodes</div>
+    </div>
+    <div class="stat">
+      <div class="stat-val green" id="s-ready">—</div>
+      <div class="stat-lbl">Ready</div>
+    </div>
+    <div class="stat">
+      <div class="stat-val yellow" id="s-pulling">—</div>
+      <div class="stat-lbl">Pulling</div>
+    </div>
+    <div class="stat">
+      <div class="stat-val pink" id="s-total">—</div>
+      <div class="stat-lbl">Images</div>
+    </div>
+    <div class="stat">
+      <div class="stat-val cyan" id="s-sets">—</div>
+      <div class="stat-lbl">Sets</div>
+    </div>
+    <div class="stat">
+      <div class="stat-val purple" id="s-policies" style="color:var(--purple)">—</div>
+      <div class="stat-lbl">Policies</div>
+    </div>
+  </div>
+
+  <div class="clock">
+    <span class="conn-dot" id="conn-dot"></span>
+    <span id="clock-ts">--:--:--</span>
+  </div>
+</header>
+
+<!-- NAV -->
+<nav>
+  <div class="tab active" data-view="tactical"><span class="tab-icon">◈</span>TACTICAL</div>
+  <div class="tab" data-view="matrix"><span class="tab-icon">⊞</span>MATRIX</div>
+  <div class="tab" data-view="recon"><span class="tab-icon">◉</span>RECON</div>
+</nav>
+
+<!-- MAIN -->
+<main>
+
+  <!-- ── TACTICAL ── -->
+  <div class="view active" id="tactical">
+    <canvas id="tac-canvas"></canvas>
+    <div class="tac-sidebar" id="tac-sidebar">
+      <h3>◈ NODES</h3>
+      <div id="node-list"></div>
+    </div>
+    <div class="tac-legend">
+      <div class="legend-row"><div class="legend-dot" style="background:var(--green)"></div> Ready</div>
+      <div class="legend-row"><div class="legend-dot" style="background:var(--yellow)"></div> Pulling</div>
+      <div class="legend-row"><div class="legend-dot" style="background:var(--red)"></div> Degraded</div>
+      <div class="legend-row"><div class="legend-dot" style="background:var(--text2)"></div> Offline</div>
+    </div>
+  </div>
+
+  <!-- ── MATRIX ── -->
+  <div class="view" id="matrix">
+    <div class="matrix-toolbar">
+      <input class="search-box" id="search" placeholder="⌕  filter images…" autocomplete="off">
+      <button class="filter-btn active" data-phase="">ALL</button>
+      <button class="filter-btn" data-phase="Ready">READY</button>
+      <button class="filter-btn" data-phase="Pulling">PULLING</button>
+      <button class="filter-btn" data-phase="Pending">PENDING</button>
+      <button class="filter-btn" data-phase="Degraded">DEGRADED</button>
+    </div>
+    <div class="matrix-body">
+      <table>
+        <thead>
+          <tr>
+            <th data-col="image">Image <span class="sort-arrow">↕</span></th>
+            <th data-col="phase">Status <span class="sort-arrow">↕</span></th>
+            <th data-col="nodesReady">Progress <span class="sort-arrow">↕</span></th>
+            <th data-col="cachedNodes">Cached Nodes</th>
+            <th data-col="setName">Set <span class="sort-arrow">↕</span></th>
+            <th data-col="age">Age <span class="sort-arrow">↕</span></th>
+          </tr>
+        </thead>
+        <tbody id="matrix-body"></tbody>
+      </table>
+    </div>
+  </div>
+
+  <!-- ── RECON ── -->
+  <div class="view" id="recon">
+    <div class="policy-list">
+      <div class="policy-list-header">
+        <span>◉ DISCOVERY POLICIES</span>
+        <span id="policy-count" style="color:var(--cyan)">0</span>
+      </div>
+      <div id="policy-list-items"></div>
+    </div>
+    <div class="policy-detail" id="policy-detail">
+      <div class="no-policy">SELECT A POLICY</div>
+    </div>
+  </div>
+
+</main>
+</div>
+
+<div id="tooltip"></div>
+
+<script>
+'use strict';
+
+// ── STATE ──────────────────────────────────────────────────────────────
+const state = {
+  nodes: [],
+  cachedImages: [],
+  cachedImageSets: [],
+  discoveryPolicies: [],
+  status: {},
+  connected: false,
+  selectedPolicy: null,
+  matrixFilter: { phase: '', search: '', sortCol: 'image', sortDir: 1 },
+  selectedNode: null,
+};
+
+// ── UTIL ───────────────────────────────────────────────────────────────
+function shortName(name, max = 14) {
+  return name && name.length > max ? name.slice(0, max - 2) + '..' : (name || '');
+}
+function imgLabel(img) {
+  return img.tag ? `${img.image}:${img.tag}` : img.image + (img.digest ? `@${img.digest.slice(0,12)}` : '');
+}
+
+// ── CLOCK ──────────────────────────────────────────────────────────────
+function tick() {
+  document.getElementById('clock-ts').textContent = new Date().toLocaleTimeString();
+}
+setInterval(tick, 1000);
+tick();
+
+// ── TABS ───────────────────────────────────────────────────────────────
+document.querySelectorAll('.tab').forEach(tab => {
+  tab.addEventListener('click', () => {
+    document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
+    document.querySelectorAll('.view').forEach(v => v.classList.remove('active'));
+    tab.classList.add('active');
+    document.getElementById(tab.dataset.view).classList.add('active');
+    if (tab.dataset.view === 'tactical') tactical.resize();
+  });
+});
+
+// ── HEADER STATS ──────────────────────────────────────────────────────
+function updateStats(s) {
+  document.getElementById('s-nodes').textContent   = s.totalNodes   ?? '—';
+  document.getElementById('s-ready').textContent   = s.readyImages  ?? '—';
+  document.getElementById('s-pulling').textContent = s.pullingImages ?? '—';
+  document.getElementById('s-total').textContent   = s.totalImages  ?? '—';
+  document.getElementById('s-sets').textContent    = s.totalSets    ?? '—';
+  document.getElementById('s-policies').textContent = s.totalPolicies ?? '—';
+}
+
+// ── TOOLTIP ────────────────────────────────────────────────────────────
+const tooltip = document.getElementById('tooltip');
+function showTooltip(e, html) {
+  tooltip.innerHTML = html;
+  tooltip.classList.add('visible');
+  moveTooltip(e);
+}
+function moveTooltip(e) {
+  let x = e.clientX + 14, y = e.clientY + 14;
+  if (x + 290 > window.innerWidth)  x = e.clientX - 300;
+  if (y + 200 > window.innerHeight) y = e.clientY - 160;
+  tooltip.style.left = x + 'px';
+  tooltip.style.top  = y + 'px';
+}
+function hideTooltip() { tooltip.classList.remove('visible'); }
+document.addEventListener('mousemove', e => { if (tooltip.classList.contains('visible')) moveTooltip(e); });
+
+// ═══════════════════════════════════════════════════════════════════════
+// ── TACTICAL VIEW ──────────────────────────────────────────────────────
+// ═══════════════════════════════════════════════════════════════════════
+const tactical = (() => {
+  const canvas = document.getElementById('tac-canvas');
+  const ctx    = canvas.getContext('2d');
+  let W, H, cx, cy, radius;
+  let tick = 0;
+  const nodePos  = {};   // name → {x,y,angle}
+  const pods     = [];   // active drop-pod animations
+  const particles= [];   // success burst particles
+  const stars    = [];   // background stars
+
+  function initStars() {
+    stars.length = 0;
+    for (let i = 0; i < 120; i++) {
+      stars.push({ x: Math.random() * W, y: Math.random() * H,
+        r: Math.random() * 1.2 + 0.2, a: Math.random() });
+    }
+  }
+
+  function resize() {
+    W = canvas.offsetWidth;
+    H = canvas.offsetHeight;
+    canvas.width  = W;
+    canvas.height = H;
+    cx = W / 2;
+    cy = H / 2;
+    radius = Math.min(cx, cy) * 0.60;
+    initStars();
+  }
+
+  // Compute node positions based on count
+  function calcNodePositions() {
+    const nodes = state.nodes;
+    nodes.forEach((n, i) => {
+      const angle = (i / nodes.length) * Math.PI * 2 - Math.PI / 2;
+      nodePos[n.name] = { x: cx + radius * Math.cos(angle), y: cy + radius * Math.sin(angle), angle };
+    });
+  }
+
+  // Spawn a pod from nexus to target node
+  function spawnPod(imageName, nodeName, color) {
+    if (pods.find(p => p.img === imageName && p.node === nodeName)) return;
+    const pos = nodePos[nodeName];
+    if (!pos) return;
+    pods.push({
+      img: imageName, node: nodeName,
+      x: cx, y: cy,
+      tx: pos.x, ty: pos.y,
+      t: 0, color,
+      trail: [],
+    });
+  }
+
+  // Spawn celebration particles
+  function burst(x, y, color) {
+    for (let i = 0; i < 10; i++) {
+      const angle = Math.random() * Math.PI * 2;
+      const speed = Math.random() * 2 + 0.5;
+      particles.push({ x, y, vx: Math.cos(angle) * speed, vy: Math.sin(angle) * speed,
+        life: 1, color, size: Math.random() * 2 + 1 });
+    }
+  }
+
+  // Update animations
+  function updatePods() {
+    const dead = [];
+    pods.forEach((p, i) => {
+      p.t = Math.min(p.t + 0.008, 1);
+      // Cubic ease-out
+      const e = 1 - Math.pow(1 - p.t, 3);
+      p.x = cx + (p.tx - cx) * e;
+      p.y = cy + (p.ty - cy) * e;
+      p.trail.push({ x: p.x, y: p.y });
+      if (p.trail.length > 20) p.trail.shift();
+      if (p.t >= 1) {
+        burst(p.tx, p.ty, p.color);
+        dead.push(i);
+      }
+    });
+    dead.reverse().forEach(i => pods.splice(i, 1));
+  }
+
+  function updateParticles() {
+    const dead = [];
+    particles.forEach((p, i) => {
+      p.x += p.vx; p.y += p.vy;
+      p.vy += 0.05; // gravity
+      p.life -= 0.04;
+      if (p.life <= 0) dead.push(i);
+    });
+    dead.reverse().forEach(i => particles.splice(i, 1));
+  }
+
+  // ── Draw functions ────────────────────────────────────────────────────
+
+  function drawBg() {
+    ctx.fillStyle = `rgba(8,8,16,0.88)`;
+    ctx.fillRect(0, 0, W, H);
+
+    // Grid
+    ctx.strokeStyle = 'rgba(30,30,66,0.5)';
+    ctx.lineWidth = 0.5;
+    const gs = 48;
+    for (let x = 0; x < W; x += gs) { ctx.beginPath(); ctx.moveTo(x,0); ctx.lineTo(x,H); ctx.stroke(); }
+    for (let y = 0; y < H; y += gs) { ctx.beginPath(); ctx.moveTo(0,y); ctx.lineTo(W,y); ctx.stroke(); }
+
+    // Scan line
+    const sy = (tick * 1.5) % (H + 20) - 10;
+    const sg = ctx.createLinearGradient(0, sy - 10, 0, sy + 10);
+    sg.addColorStop(0, 'rgba(0,212,255,0)');
+    sg.addColorStop(0.5, 'rgba(0,212,255,0.06)');
+    sg.addColorStop(1, 'rgba(0,212,255,0)');
+    ctx.fillStyle = sg;
+    ctx.fillRect(0, sy - 10, W, 20);
+  }
+
+  function drawStars() {
+    stars.forEach(s => {
+      const a = s.a * (0.5 + 0.5 * Math.sin(tick * 0.015 + s.x));
+      ctx.fillStyle = `rgba(200,200,255,${a})`;
+      ctx.beginPath();
+      ctx.arc(s.x, s.y, s.r, 0, Math.PI*2);
+      ctx.fill();
+    });
+  }
+
+  function drawRangeRings() {
+    [0.30, 0.55, 0.80].forEach(f => {
+      const r = radius * f;
+      ctx.strokeStyle = 'rgba(30,30,66,0.6)';
+      ctx.lineWidth = 0.5;
+      ctx.setLineDash([4, 8]);
+      ctx.beginPath();
+      ctx.arc(cx, cy, r, 0, Math.PI*2);
+      ctx.stroke();
+      ctx.setLineDash([]);
+    });
+  }
+
+  function drawNexus() {
+    const r = 26;
+    const pulse = r + Math.sin(tick * 0.04) * 5;
+
+    // Outer glow ring
+    const grd = ctx.createRadialGradient(cx, cy, r, cx, cy, pulse * 2.5);
+    grd.addColorStop(0, 'rgba(0,212,255,0.25)');
+    grd.addColorStop(1, 'rgba(0,212,255,0)');
+    ctx.fillStyle = grd;
+    ctx.beginPath(); ctx.arc(cx, cy, pulse * 2.5, 0, Math.PI*2); ctx.fill();
+
+    // Rotating hex
+    ctx.save();
+    ctx.translate(cx, cy);
+    ctx.rotate(tick * 0.008);
+    ctx.strokeStyle = '#00d4ff';
+    ctx.lineWidth = 1.5;
+    ctx.shadowBlur = 12; ctx.shadowColor = '#00d4ff';
+    ctx.beginPath();
+    for (let i = 0; i < 6; i++) {
+      const a = i * Math.PI / 3;
+      i === 0 ? ctx.moveTo(r*Math.cos(a), r*Math.sin(a)) : ctx.lineTo(r*Math.cos(a), r*Math.sin(a));
+    }
+    ctx.closePath(); ctx.stroke();
+    ctx.shadowBlur = 0;
+    ctx.restore();
+
+    // Inner fill
+    ctx.fillStyle = 'rgba(0,212,255,0.08)';
+    ctx.beginPath(); ctx.arc(cx, cy, r, 0, Math.PI*2); ctx.fill();
+
+    // Label
+    ctx.fillStyle = '#00d4ff';
+    ctx.font = 'bold 9px monospace';
+    ctx.textAlign = 'center';
+    ctx.fillText('NEXUS', cx, cy + r + 16);
+  }
+
+  function phaseColor(img) {
+    const phase = img ? img.phase : '';
+    if (phase === 'Ready')    return '#00ff41';
+    if (phase === 'Pulling')  return '#ffaa00';
+    if (phase === 'Degraded') return '#ff3333';
+    return '#00d4ff';
+  }
+
+  function nodeColor(nodeName) {
+    // Determine color based on images targeting this node
+    const pullingHere = state.cachedImages.some(img =>
+      img.phase === 'Pulling' &&
+      !(img.cachedNodes || []).includes(nodeName)
+    );
+    if (pullingHere) return '#ffaa00';
+    const degradedHere = state.cachedImages.some(img =>
+      img.phase === 'Degraded' &&
+      !(img.cachedNodes || []).includes(nodeName)
+    );
+    if (degradedHere) return '#ff3333';
+    const node = state.nodes.find(n => n.name === nodeName);
+    if (node && !node.ready) return '#555580';
+    return '#00ff41';
+  }
+
+  function drawConnections() {
+    state.cachedImages.forEach(img => {
+      (img.cachedNodes || []).forEach(nodeName => {
+        const pos = nodePos[nodeName];
+        if (!pos) return;
+        ctx.strokeStyle = 'rgba(0,255,65,0.18)';
+        ctx.lineWidth = 1;
+        ctx.setLineDash([3, 8]);
+        ctx.beginPath();
+        ctx.moveTo(cx, cy); ctx.lineTo(pos.x, pos.y);
+        ctx.stroke();
+        ctx.setLineDash([]);
+      });
+    });
+  }
+
+  function drawPodTrails() {
+    pods.forEach(p => {
+      if (p.trail.length < 2) return;
+      for (let i = 1; i < p.trail.length; i++) {
+        ctx.globalAlpha = (i / p.trail.length) * 0.5;
+        ctx.strokeStyle = p.color;
+        ctx.lineWidth = 1.5;
+        ctx.beginPath();
+        ctx.moveTo(p.trail[i-1].x, p.trail[i-1].y);
+        ctx.lineTo(p.trail[i].x, p.trail[i].y);
+        ctx.stroke();
+      }
+      ctx.globalAlpha = 1;
+    });
+  }
+
+  function drawPods() {
+    pods.forEach(p => {
+      ctx.shadowBlur = 10;
+      ctx.shadowColor = p.color;
+      ctx.fillStyle = p.color;
+      ctx.strokeStyle = '#fff';
+      ctx.lineWidth = 0.5;
+      ctx.beginPath();
+      ctx.arc(p.x, p.y, 4, 0, Math.PI*2);
+      ctx.fill();
+      ctx.stroke();
+      ctx.shadowBlur = 0;
+    });
+  }
+
+  function drawParticles() {
+    particles.forEach(p => {
+      ctx.globalAlpha = p.life;
+      ctx.fillStyle = p.color;
+      ctx.shadowBlur = 6;
+      ctx.shadowColor = p.color;
+      ctx.beginPath();
+      ctx.arc(p.x, p.y, p.size, 0, Math.PI*2);
+      ctx.fill();
+    });
+    ctx.globalAlpha = 1;
+    ctx.shadowBlur = 0;
+  }
+
+  function drawNodes() {
+    state.nodes.forEach((node, i) => {
+      const pos = nodePos[node.name];
+      if (!pos) return;
+      const { x, y } = pos;
+      const r = 18;
+      const color = nodeColor(node.name);
+      const isSelected = state.selectedNode === node.name;
+      const cachedCount = state.cachedImages.filter(img => (img.cachedNodes||[]).includes(node.name)).length;
+
+      // Outer ring pulse
+      if (color === '#ffaa00') {
+        const pr = r + Math.sin(tick * 0.12 + i * 0.9) * 5;
+        ctx.globalAlpha = 0.3;
+        ctx.strokeStyle = color;
+        ctx.lineWidth = 1;
+        ctx.beginPath(); ctx.arc(x, y, pr, 0, Math.PI*2); ctx.stroke();
+        ctx.globalAlpha = 1;
+      }
+
+      // Selected ring
+      if (isSelected) {
+        ctx.strokeStyle = '#ffffff';
+        ctx.lineWidth = 2;
+        ctx.shadowBlur = 16; ctx.shadowColor = color;
+        ctx.beginPath(); ctx.arc(x, y, r + 6, 0, Math.PI*2); ctx.stroke();
+        ctx.shadowBlur = 0;
+      }
+
+      // Main circle
+      ctx.shadowBlur = 14; ctx.shadowColor = color;
+      ctx.strokeStyle = color;
+      ctx.lineWidth = 1.5;
+      ctx.beginPath(); ctx.arc(x, y, r, 0, Math.PI*2); ctx.stroke();
+      ctx.fillStyle = color + '18';
+      ctx.fill();
+      ctx.shadowBlur = 0;
+
+      // Node icon
+      ctx.fillStyle = color;
+      ctx.font = '10px monospace';
+      ctx.textAlign = 'center';
+      ctx.textBaseline = 'middle';
+      ctx.fillText('⬡', x, y);
+      ctx.textBaseline = 'alphabetic';
+
+      // Short label below
+      const shortN = shortName(node.name, 12);
+      ctx.fillStyle = '#c8c8f0';
+      ctx.font = '9px monospace';
+      ctx.fillText(shortN, x, y + r + 14);
+
+      // Cache count badge
+      if (cachedCount > 0) {
+        ctx.fillStyle = '#00ff41';
+        ctx.font = 'bold 9px monospace';
+        ctx.fillText(`◆${cachedCount}`, x + r - 2, y - r + 4);
+      }
+    });
+  }
+
+  function drawImageLabels() {
+    // Show image labels near nexus (ring of image names)
+    const images = state.cachedImages.slice(0, 24);
+    images.forEach((img, i) => {
+      const angle = (i / images.length) * Math.PI * 2 - Math.PI / 2;
+      const r = radius * 0.3;
+      const x = cx + r * Math.cos(angle);
+      const y = cy + r * Math.sin(angle);
+      const color = phaseColor(img);
+      ctx.fillStyle = color + 'aa';
+      ctx.font = '8px monospace';
+      ctx.textAlign = 'center';
+      const lbl = shortName(img.tag || img.image.split('/').pop(), 12);
+      ctx.fillText(lbl, x, y);
+    });
+  }
+
+  // Sync pods from current state
+  function syncPods() {
+    state.cachedImages.forEach(img => {
+      if (img.phase !== 'Pulling') return;
+      state.nodes.forEach(node => {
+        if ((img.cachedNodes || []).includes(node.name)) return;
+        spawnPod(img.name, node.name, '#00d4ff');
+      });
+    });
+    // Remove pods for images no longer pulling
+    for (let i = pods.length - 1; i >= 0; i--) {
+      const p = pods[i];
+      const img = state.cachedImages.find(im => im.name === p.img);
+      if (!img || img.phase !== 'Pulling') pods.splice(i, 1);
+    }
+  }
+
+  function frame() {
+    requestAnimationFrame(frame);
+    if (!document.getElementById('tactical').classList.contains('active')) { tick++; return; }
+    calcNodePositions();
+    syncPods();
+    updatePods();
+    updateParticles();
+    drawBg();
+    drawStars();
+    drawRangeRings();
+    drawConnections();
+    drawPodTrails();
+    drawNexus();
+    drawImageLabels();
+    drawNodes();
+    drawPods();
+    drawParticles();
+    tick++;
+  }
+
+  // Node list sidebar
+  function renderNodeList() {
+    const list = document.getElementById('node-list');
+    list.innerHTML = '';
+    state.nodes.forEach(node => {
+      const div = document.createElement('div');
+      div.className = 'node-list-item' + (state.selectedNode === node.name ? ' selected' : '');
+      const cachedImgs = state.cachedImages.filter(img => (img.cachedNodes||[]).includes(node.name));
+      const pulling = state.cachedImages.filter(img =>
+        img.phase === 'Pulling' && !(img.cachedNodes||[]).includes(node.name));
+      let badges = `<span class="badge ${node.ready?'ready':'notready'}">${node.ready?'READY':'OFFLINE'}</span>`;
+      if (cachedImgs.length) badges += ` <span class="badge ready">${cachedImgs.length} cached</span>`;
+      if (pulling.length)    badges += ` <span class="badge pulling">${pulling.length} pulling</span>`;
+      div.innerHTML = `<div class="node-name">${node.name}</div><div class="node-badges">${badges}</div>`;
+      div.addEventListener('click', () => {
+        state.selectedNode = state.selectedNode === node.name ? null : node.name;
+        renderNodeList();
+      });
+      div.addEventListener('mouseenter', e => {
+        const imgs = state.cachedImages.filter(img => (img.cachedNodes||[]).includes(node.name));
+        const pullImgs = state.cachedImages.filter(img =>
+          img.phase === 'Pulling' && !(img.cachedNodes||[]).includes(node.name));
+        let html = `<b style="color:var(--cyan)">${node.name}</b><br>`;
+        if (node.arch) html += `Arch: ${node.arch} / ${node.os}<br>`;
+        html += `Cached: ${imgs.length} image(s)<br>`;
+        if (pullImgs.length) html += `Pulling: ${pullImgs.map(i=>i.name).join(', ')}<br>`;
+        showTooltip(e, html);
+      });
+      div.addEventListener('mouseleave', hideTooltip);
+      list.appendChild(div);
+    });
+  }
+
+  // Click on canvas to select node
+  canvas.addEventListener('click', e => {
+    const rect = canvas.getBoundingClientRect();
+    const mx = e.clientX - rect.left;
+    const my = e.clientY - rect.top;
+    let found = null;
+    for (const [name, pos] of Object.entries(nodePos)) {
+      const d = Math.hypot(pos.x - mx, pos.y - my);
+      if (d < 22) { found = name; break; }
+    }
+    state.selectedNode = found === state.selectedNode ? null : found;
+    renderNodeList();
+  });
+
+  canvas.addEventListener('mousemove', e => {
+    const rect = canvas.getBoundingClientRect();
+    const mx = e.clientX - rect.left;
+    const my = e.clientY - rect.top;
+    let found = null;
+    for (const [name, pos] of Object.entries(nodePos)) {
+      if (Math.hypot(pos.x - mx, pos.y - my) < 22) { found = name; break; }
+    }
+    if (found) {
+      const node = state.nodes.find(n => n.name === found);
+      if (node) {
+        const imgs = state.cachedImages.filter(i => (i.cachedNodes||[]).includes(found));
+        let html = `<b style="color:var(--cyan)">${found}</b><br>`;
+        if (node.arch) html += `${node.arch} / ${node.os}<br>`;
+        html += `Cached images: ${imgs.length}`;
+        if (imgs.length) html += '<br>' + imgs.slice(0,5).map(i=>imgLabel(i)).join('<br>');
+        if (imgs.length > 5) html += `<br>…+${imgs.length-5} more`;
+        showTooltip(e, html);
+        canvas.style.cursor = 'pointer';
+      }
+    } else {
+      hideTooltip();
+      canvas.style.cursor = 'default';
+    }
+  });
+  canvas.addEventListener('mouseleave', hideTooltip);
+
+  window.addEventListener('resize', resize);
+  resize();
+  requestAnimationFrame(frame);
+
+  return { resize, renderNodeList };
+})();
+
+// ═══════════════════════════════════════════════════════════════════════
+// ── MATRIX VIEW ────────────────────────────────────────────────────────
+// ═══════════════════════════════════════════════════════════════════════
+(function() {
+  const f = state.matrixFilter;
+  let tbody;
+
+  function pct(img) {
+    if (!img.nodesTargeted) return 0;
+    return Math.round((img.nodesReady / img.nodesTargeted) * 100);
+  }
+
+  function renderTable() {
+    tbody = document.getElementById('matrix-body');
+    const search = f.search.toLowerCase();
+    let rows = state.cachedImages.filter(img => {
+      if (f.phase && img.phase !== f.phase) return false;
+      if (search) {
+        const q = imgLabel(img).toLowerCase();
+        return q.includes(search) || (img.setName||'').toLowerCase().includes(search);
+      }
+      return true;
+    });
+
+    rows.sort((a, b) => {
+      let va = a[f.sortCol] ?? '';
+      let vb = b[f.sortCol] ?? '';
+      if (f.sortCol === 'image') { va = imgLabel(a); vb = imgLabel(b); }
+      if (va < vb) return -f.sortDir;
+      if (va > vb) return f.sortDir;
+      return 0;
+    });
+
+    if (!rows.length) {
+      tbody.innerHTML = `<tr class="empty-row"><td colspan="6">◈ NO IMAGES MATCH CURRENT FILTER</td></tr>`;
+      return;
+    }
+
+    tbody.innerHTML = rows.map(img => {
+      const label = imgLabel(img);
+      const p = pct(img);
+      const barColor = img.phase === 'Ready' ? 'ready' : img.phase === 'Pulling' ? 'pulling' : 'degraded';
+      const chips = (img.cachedNodes||[]).slice(0,6).map(n =>
+        `<span class="node-chip">${shortName(n,14)}</span>`).join('');
+      const more = (img.cachedNodes||[]).length > 6 ? `<span class="node-chip">+${(img.cachedNodes||[]).length-6}</span>` : '';
+      return `<tr>
+        <td><div class="img-ref">
+          <span class="img-name">${img.image.split('/').pop()}</span>
+          ${img.tag ? `<span class="img-tag">:${img.tag}</span>` : ''}
+          <div style="font-size:9px;color:var(--text2);margin-top:2px">${img.image}</div>
+        </div></td>
+        <td><span class="phase-badge ${img.phase||'Pending'}">${img.phase||'Pending'}</span></td>
+        <td>
+          <span style="font-size:11px">${img.nodesReady}/${img.nodesTargeted}</span>
+          <div class="progress-bar"><div class="progress-fill ${barColor}" style="width:${p}%"></div></div>
+        </td>
+        <td><div class="node-chips">${chips}${more}</div></td>
+        <td style="color:var(--text2);font-size:11px">${img.setName||'—'}</td>
+        <td style="color:var(--text2);font-size:11px">${img.age||'—'}</td>
+      </tr>`;
+    }).join('');
+  }
+
+  document.getElementById('search').addEventListener('input', e => {
+    f.search = e.target.value;
+    renderTable();
+  });
+
+  document.querySelectorAll('.filter-btn').forEach(btn => {
+    btn.addEventListener('click', () => {
+      document.querySelectorAll('.filter-btn').forEach(b => b.classList.remove('active'));
+      btn.classList.add('active');
+      f.phase = btn.dataset.phase;
+      renderTable();
+    });
+  });
+
+  document.querySelectorAll('th[data-col]').forEach(th => {
+    th.addEventListener('click', () => {
+      if (f.sortCol === th.dataset.col) { f.sortDir *= -1; }
+      else { f.sortCol = th.dataset.col; f.sortDir = 1; }
+      document.querySelectorAll('th[data-col]').forEach(t => {
+        t.classList.toggle('sorted', t.dataset.col === f.sortCol);
+        const arr = t.querySelector('.sort-arrow');
+        if (arr) arr.textContent = t.dataset.col === f.sortCol ? (f.sortDir > 0 ? '↓' : '↑') : '↕';
+      });
+      renderTable();
+    });
+  });
+
+  window._renderMatrix = renderTable;
+})();
+
+// ═══════════════════════════════════════════════════════════════════════
+// ── RECON VIEW ──────────────────────────────────────────────────────────
+// ═══════════════════════════════════════════════════════════════════════
+(function() {
+  function yamlify(obj, indent) {
+    indent = indent || 0;
+    const pad = '  '.repeat(indent);
+    let out = '';
+    if (Array.isArray(obj)) {
+      obj.forEach(item => {
+        if (typeof item === 'object' && item !== null) {
+          out += `${pad}-\n${yamlify(item, indent + 1)}`;
+        } else {
+          out += `${pad}- <span class="yaml-str">${JSON.stringify(item)}</span>\n`;
+        }
+      });
+    } else if (typeof obj === 'object' && obj !== null) {
+      Object.entries(obj).forEach(([k, v]) => {
+        if (v === null || v === undefined) return;
+        if (typeof v === 'object') {
+          out += `${pad}<span class="yaml-key">${k}</span>:\n${yamlify(v, indent + 1)}`;
+        } else if (typeof v === 'boolean') {
+          out += `${pad}<span class="yaml-key">${k}</span>: <span class="yaml-bool">${v}</span>\n`;
+        } else if (typeof v === 'number') {
+          out += `${pad}<span class="yaml-key">${k}</span>: <span class="yaml-num">${v}</span>\n`;
+        } else {
+          out += `${pad}<span class="yaml-key">${k}</span>: <span class="yaml-str">${String(v)}</span>\n`;
+        }
+      });
+    } else {
+      out += `${pad}<span class="yaml-str">${JSON.stringify(obj)}</span>\n`;
+    }
+    return out;
+  }
+
+  function renderPolicyList() {
+    const list = document.getElementById('policy-list-items');
+    document.getElementById('policy-count').textContent = state.discoveryPolicies.length;
+    list.innerHTML = '';
+
+    if (!state.discoveryPolicies.length) {
+      list.innerHTML = '<div style="padding:16px;color:var(--text2);font-size:11px">No discovery policies found.</div>';
+      return;
+    }
+
+    state.discoveryPolicies.forEach(dp => {
+      const div = document.createElement('div');
+      div.className = 'policy-item' + (state.selectedPolicy === dp.name ? ' selected' : '');
+      div.innerHTML = `
+        <div class="policy-item-name">${dp.name}</div>
+        <div class="policy-item-meta">
+          <span style="color:var(--cyan)">${dp.imageCount} images</span>
+          <span>${dp.sourceCount} sources</span>
+          <span style="color:var(--text2)">${dp.lastSync ? dp.lastSync + ' ago' : 'never synced'}</span>
+        </div>`;
+      div.addEventListener('click', () => {
+        state.selectedPolicy = dp.name;
+        renderPolicyList();
+        renderPolicyDetail(dp);
+      });
+      list.appendChild(div);
+    });
+  }
+
+  function renderPolicyDetail(dp) {
+    const detail = document.getElementById('policy-detail');
+    const discoveredRows = (dp.discoveredImages || []).map(img => `
+      <div class="disc-row">
+        <div>${img.image}</div>
+        <div>${img.source}</div>
+        <div>${img.score}</div>
+      </div>`).join('');
+
+    detail.innerHTML = `
+      <div class="detail-section">
+        <h4>◉ ${dp.name}</h4>
+        <div style="display:grid;grid-template-columns:1fr 1fr;gap:8px 16px;font-size:11px">
+          <div>Status: <span style="color:var(--cyan)">${dp.phase||'—'}</span></div>
+          <div>Images: <span style="color:var(--green)">${dp.imageCount}</span> / max ${dp.maxImages}</div>
+          <div>Sources: <span style="color:var(--cyan)">${dp.sourceCount}</span></div>
+          <div>Sync: <span style="color:var(--text2)">${dp.syncInterval||'—'}</span></div>
+          <div>Last Sync: <span style="color:var(--text2)">${dp.lastSync ? dp.lastSync + ' ago' : '—'}</span></div>
+          <div>Age: <span style="color:var(--text2)">${dp.age||'—'}</span></div>
+        </div>
+      </div>
+      <div class="detail-section" style="flex:0 0 auto">
+        <h4>⊞ SPEC</h4>
+        <div class="yaml-viewer">${yamlify(dp.spec)}</div>
+      </div>
+      ${dp.discoveredImages && dp.discoveredImages.length ? `
+      <div class="detail-section" style="flex:1;overflow:hidden;display:flex;flex-direction:column">
+        <h4>◈ DISCOVERED IMAGES (${dp.discoveredImages.length})</h4>
+        <div style="flex:1;overflow-y:auto">
+          <div class="discovered-grid">
+            <div class="disc-row disc-header">
+              <div>Image</div><div>Source</div><div>Score</div>
+            </div>
+            ${discoveredRows}
+          </div>
+        </div>
+      </div>` : '<div class="detail-section"><div style="color:var(--text2);font-size:11px">No discovered images yet.</div></div>'}`;
+  }
+
+  window._renderRecon = () => {
+    renderPolicyList();
+    if (state.selectedPolicy) {
+      const dp = state.discoveryPolicies.find(p => p.name === state.selectedPolicy);
+      if (dp) renderPolicyDetail(dp);
+      else document.getElementById('policy-detail').innerHTML = '<div class="no-policy">SELECT A POLICY</div>';
+    }
+  };
+})();
+
+// ═══════════════════════════════════════════════════════════════════════
+// ── DATA / SSE ──────────────────────────────────────────────────────────
+// ═══════════════════════════════════════════════════════════════════════
+function applyData(data) {
+  state.nodes              = data.nodes              || [];
+  state.cachedImages       = data.cachedImages       || [];
+  state.cachedImageSets    = data.cachedImageSets    || [];
+  state.discoveryPolicies  = data.discoveryPolicies  || [];
+  state.status             = data.status             || {};
+
+  updateStats(state.status);
+  tactical.renderNodeList();
+  window._renderMatrix();
+  window._renderRecon();
+}
+
+function setConnected(ok) {
+  state.connected = ok;
+  const dot = document.getElementById('conn-dot');
+  dot.classList.toggle('off', !ok);
+}
+
+function initSSE() {
+  const es = new EventSource('/events');
+  es.onopen    = () => setConnected(true);
+  es.onerror   = () => { setConnected(false); setTimeout(initSSE, 5000); es.close(); };
+  es.onmessage = e => {
+    try {
+      const data = JSON.parse(e.data);
+      applyData(data);
+      const loading = document.getElementById('loading');
+      if (loading.style.display !== 'none') {
+        loading.style.display = 'none';
+        document.getElementById('app').style.display = 'flex';
+      }
+    } catch(err) {
+      console.error('[drop-ui] SSE parse error:', err);
+    }
+  };
+}
+
+// Fallback poll when SSE not available
+async function poll() {
+  try {
+    const r = await fetch('/api/v1/all');
+    if (!r.ok) throw new Error(r.status);
+    const data = await r.json();
+    applyData(data);
+    setConnected(true);
+    const loading = document.getElementById('loading');
+    if (loading.style.display !== 'none') {
+      loading.style.display = 'none';
+      document.getElementById('app').style.display = 'flex';
+    }
+  } catch(e) {
+    console.error('[drop-ui] poll error:', e);
+    setConnected(false);
+  }
+}
+
+// Try SSE first, fall back to polling
+initSSE();
+// Also poll immediately as a fast-start fallback
+poll().then(() => { /* initial render done */ });
+// Keep polling as backup (SSE updates will override)
+setInterval(poll, 30000);
+</script>
+</body>
+</html>