From 645e7ff6732bb013e7fa15ce1c66c1ff518e59b2 Mon Sep 17 00:00:00 2001
From: fedorovvvv <nikitafedorov7@yandex.ru>
Date: Wed, 6 May 2026 21:00:31 +0400
Subject: [PATCH 1/6] feat(ui): shared UI primitives + npm update notification
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add Button, Code-with-copy, Dialog under template/src/shared/ui/ and a
modalManager service under template/src/shared/services/modal/ so widgets
can open dialogs without per-call mounting. ModalRoot is mounted once in
+layout.svelte.

Add /api/update-check endpoint that probes registry.npmjs.org for the
latest @forgeplan/web (5-min server-process cache, 5-second timeout, GET
only, never throws). VersionFooter polls it once at mount and every
30 minutes; when hasUpdate, an UpdateButton appears above the footer and
opens UpdateDialog (current → latest + copyable manual command).

Auto-update is intentionally out of scope: running `npx @forgeplan/web
update` from the running server would rmSync the very files serving the
request. Dialog explains this and offers the manual path only.

Rule 22 amended to allow exactly one non-forgeplan endpoint hitting the
literal URL https://registry.npmjs.org/@forgeplan/web/latest.

Refs: PRD-013, RFC-012, EVID-017

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .claude/rules/22-readonly-proxy.md            |  28 ++
 ...oint-probe-for-shared-ui-update-checker.md | 118 +++++++
 ...d-ui-primitives-npm-update-notification.md | 290 +++++++++++++++++
 ...-primitives-modalmanager-update-checker.md | 308 ++++++++++++++++++
 template/src/routes/+layout.svelte            |   2 +
 .../src/routes/api/update-check/+server.ts    |  79 +++++
 template/src/shared/server/index.ts           |   1 +
 template/src/shared/server/semver.ts          |  62 ++++
 template/src/shared/services/index.ts         |   1 +
 template/src/shared/services/modal/index.ts   |   1 +
 .../services/modal/modal-manager.svelte.ts    |  69 ++++
 template/src/shared/ui/README.md              | 117 +++++++
 template/src/shared/ui/button/Button.svelte   | 104 ++++++
 template/src/shared/ui/button/index.ts        |   1 +
 template/src/shared/ui/code/Code.svelte       | 165 ++++++++++
 template/src/shared/ui/code/index.ts          |   1 +
 template/src/shared/ui/dialog/Dialog.svelte   | 181 ++++++++++
 template/src/shared/ui/dialog/index.ts        |   1 +
 template/src/shared/ui/index.ts               |   4 +
 template/src/shared/ui/modal/ModalRoot.svelte |   8 +
 template/src/shared/ui/modal/index.ts         |   1 +
 .../version-footer/api/update-check.svelte.ts |  15 +
 .../version-footer/ui/UpdateButton.svelte     |  88 +++++
 .../version-footer/ui/UpdateDialog.svelte     | 131 ++++++++
 .../version-footer/ui/VersionFooter.svelte    |  25 +-
 25 files changed, 1800 insertions(+), 1 deletion(-)
 create mode 100644 .forgeplan/evidence/EVID-017-smoke-svelte-check-live-endpoint-probe-for-shared-ui-update-checker.md
 create mode 100644 .forgeplan/prds/PRD-013-shared-ui-primitives-npm-update-notification.md
 create mode 100644 .forgeplan/rfcs/RFC-012-shared-ui-primitives-modalmanager-update-checker.md
 create mode 100644 template/src/routes/api/update-check/+server.ts
 create mode 100644 template/src/shared/server/semver.ts
 create mode 100644 template/src/shared/services/index.ts
 create mode 100644 template/src/shared/services/modal/index.ts
 create mode 100644 template/src/shared/services/modal/modal-manager.svelte.ts
 create mode 100644 template/src/shared/ui/README.md
 create mode 100644 template/src/shared/ui/button/Button.svelte
 create mode 100644 template/src/shared/ui/button/index.ts
 create mode 100644 template/src/shared/ui/code/Code.svelte
 create mode 100644 template/src/shared/ui/code/index.ts
 create mode 100644 template/src/shared/ui/dialog/Dialog.svelte
 create mode 100644 template/src/shared/ui/dialog/index.ts
 create mode 100644 template/src/shared/ui/index.ts
 create mode 100644 template/src/shared/ui/modal/ModalRoot.svelte
 create mode 100644 template/src/shared/ui/modal/index.ts
 create mode 100644 template/src/widgets/version-footer/api/update-check.svelte.ts
 create mode 100644 template/src/widgets/version-footer/ui/UpdateButton.svelte
 create mode 100644 template/src/widgets/version-footer/ui/UpdateDialog.svelte

diff --git a/.claude/rules/22-readonly-proxy.md b/.claude/rules/22-readonly-proxy.md
index 2782cf6..4c108dd 100644
--- a/.claude/rules/22-readonly-proxy.md
+++ b/.claude/rules/22-readonly-proxy.md
@@ -27,6 +27,31 @@ This is the only flag-only invocation permitted from `/api/*`. Any new
 flag-only or subcommand entry requires an updating Forgeplan artifact and a
 revision of this rule. See PRD-012 / RFC-011.
 
+## Allow-list extension: `/api/update-check` (non-forgeplan)
+
+`/api/update-check` is the **single** non-forgeplan endpoint permitted from
+`/api/*`. It probes the npm registry for the latest published version of
+`@forgeplan/web` so the UI can surface an "Update available" affordance.
+
+Constraints (every one of these is enforceable from the diff):
+
+- Method: `GET` only.
+- URL: the **string literal** `https://registry.npmjs.org/@forgeplan/web/latest`.
+  No interpolation, no query params, no user input on the URL path.
+- No spawn, no host filesystem write, no Forgeplan invocation. The only
+  side-effect is a process-local in-memory cache (5 min TTL, single
+  inflight promise).
+- Headers: `accept: application/json` and a static `user-agent`. No cookies,
+  no credentials.
+- Response shape mirrors the standard envelope: `{ ok, data: { current,
+  latest, hasUpdate }, cmd, error? }` with `current = __FORGEPLAN_WEB_VERSION__`.
+- Network failures (timeout, non-2xx, JSON parse error) MUST fall back to
+  `{ ok: false, error, data: { ..., hasUpdate: false } }` — never throw.
+
+Any additional non-forgeplan endpoint (whether it hits npm, GitHub,
+crates.io, or anything else) requires a new Forgeplan artifact and a fresh
+amendment to this rule. See PRD-013 / RFC-012.
+
 ## Forbidden `forgeplan` subcommands from any `/api/*` endpoint
 
 Any subcommand that mutates the workspace:
@@ -69,3 +94,6 @@ browser invalidates that.
   `args[0] ∈ READ_ONLY_SUBCOMMANDS` before spawning, and the constant MUST
   match this allow-list (see rule above). The check is the runtime backstop
   for review-time enforcement.
+- `grep -RIn "fetch(" template/src/routes/api/` must show external URLs
+  only inside `update-check/+server.ts`, and the URL must appear as a
+  string literal (`https://registry.npmjs.org/@forgeplan/web/latest`).
diff --git a/.forgeplan/evidence/EVID-017-smoke-svelte-check-live-endpoint-probe-for-shared-ui-update-checker.md b/.forgeplan/evidence/EVID-017-smoke-svelte-check-live-endpoint-probe-for-shared-ui-update-checker.md
new file mode 100644
index 0000000..78a695e
--- /dev/null
+++ b/.forgeplan/evidence/EVID-017-smoke-svelte-check-live-endpoint-probe-for-shared-ui-update-checker.md
@@ -0,0 +1,118 @@
+---
+depth: standard
+id: EVID-017
+kind: evidence
+last_modified_at: 2026-05-06T16:58:57.023400+00:00
+last_modified_by: claude-code/2.1.131
+links:
+- target: PRD-013
+  relation: informs
+- target: RFC-012
+  relation: informs
+status: draft
+title: smoke + svelte-check + live endpoint probe for shared UI + update checker
+---
+
+# EVID-017: smoke + svelte-check + live endpoint probe for shared UI + update checker
+
+| Field       | Value                  |
+| ----------- | ---------------------- |
+| Status      | Draft                  |
+| Created     | 2026-05-06             |
+| Valid Until | 2026-08-06             |
+| Target      | PRD-013 / RFC-012      |
+
+## Structured Fields
+
+evidence_type: test
+verdict: supports
+congruence_level: 3
+
+## Measurement
+
+Three direct probes against the surface introduced by PRD-013 / RFC-012:
+
+1. `cd template && npm run check` — `svelte-kit sync` followed by
+   `svelte-check --tsconfig ./tsconfig.json`. Exercises every `.svelte`,
+   `.svelte.ts`, and `.ts` file under `template/src/` (including the new
+   `shared/ui/`, `shared/services/modal/`, and version-footer additions)
+   for type errors and a11y warnings.
+2. `npm run smoke` at the repo root — rebuilds `dist/` from scratch
+   (`scripts/build.mjs --clean`), `init -y` against a scratch dir, then
+   `init -y --force`, then boots `node dist/index.js`, and probes
+   `/api/health`, `/api/list`, `/`. This is the same smoke harness
+   already used to gate releases.
+3. Live spawn of the freshly built `dist/index.js` on PORT=15999 with
+   FORGEPLAN_CWD=/tmp + curl against the new endpoint.
+
+## Result
+
+```
+$ npm run check          # in template/
+COMPLETED 462 FILES 0 ERRORS 0 WARNINGS 0 FILES_WITH_PROBLEMS
+
+$ npm run smoke          # at root
+[smoke] /api/health: ok (project=shim)
+[smoke] /api/list: ok (0 entries)
+[smoke] GET /: ok (HTML returned)
+[smoke] PASS
+
+$ curl -s http://127.0.0.1:15999/api/update-check
+{"ok":true,"data":{"current":"0.1.11","latest":"0.1.11","hasUpdate":false},
+ "cmd":"GET registry.npmjs.org/@forgeplan/web/latest"}
+
+$ curl -s http://127.0.0.1:15999/api/version
+{"ok":true,"data":{"web":"0.1.11","cli":"0.27.0"},"cmd":"forgeplan --version"}
+```
+
+Vite build also reports `entries/endpoints/api/update-check/_server.ts.js
+1.78 kB │ gzip: 0.83 kB`, confirming the new endpoint is bundled into
+`dist/`.
+
+## Interpretation
+
+- **PRD-013 SC-1** (primitives exist + 1 widget imports): satisfied —
+  `template/src/widgets/version-footer/ui/UpdateDialog.svelte` imports
+  `Button`, `Code`, `Dialog` from `@/shared/ui`.
+- **PRD-013 SC-2** (caller line count ≤ 3 lines to open a dialog): met
+  by the `modalManager.open(UpdateDialog, { current, latest })` call
+  inside `VersionFooter.svelte`.
+- **PRD-013 SC-3** (update notice within ≤ 30 min of npm publish):
+  meets the upper bound by `THIRTY_MINUTES_MS` poll interval +
+  immediate `start()` on mount; live probe confirms the endpoint is
+  reachable and returns a well-formed envelope.
+- **PRD-013 SC-4** (dialog renders manual update command): rendered by
+  `UpdateDialog.svelte` via `<Code code="npx @forgeplan/web update" />`.
+- **PRD-013 SC-5** (endpoint is GET-only, respects rule 22): the only
+  HTTP method exported is `GET`; no `spawn` or `runForgeplan` is called
+  from `update-check/+server.ts`; URL is a string literal.
+- **NFR-002** (endpoint never throws on registry failure): try/catch
+  wraps `getLatestCached`; failure path returns `{ ok: false, ...,
+  hasUpdate: false }`. Live probe with reachable registry returns the
+  success path; failure path is exercised structurally.
+- **NFR-004** (zero new runtime deps): `git diff develop --
+  template/package.json` shows no change in `dependencies`.
+
+The svelte-check pass over 462 files (up from 460 — the two new
+modules) with zero errors and zero warnings means the new types
+(ModalEntry, UpdateData, compareSemver) compose cleanly with existing
+code. The smoke pass means `init` + `start` still work end-to-end after
+the addition. The live curl proves the endpoint is wired.
+
+## Congruence Level Justification
+
+CL3 — the measurement is run against the exact files PRD-013 and
+RFC-012 prescribe (same surface, same project, same commit). The smoke
+test exercises the full ship-path (`bin/forgeplan-web.mjs init` →
+`node dist/index.js` boot), and the curl probes the new endpoint by
+its actual URL. evidence_type=test (binary pass/fail) +
+verdict=supports (every assertion held).
+
+## Related Artifacts
+
+| Artifact | Relation |
+| -------- | -------- |
+| PRD-013  | informs  |
+| RFC-012  | informs  |
+
+
diff --git a/.forgeplan/prds/PRD-013-shared-ui-primitives-npm-update-notification.md b/.forgeplan/prds/PRD-013-shared-ui-primitives-npm-update-notification.md
new file mode 100644
index 0000000..365ad73
--- /dev/null
+++ b/.forgeplan/prds/PRD-013-shared-ui-primitives-npm-update-notification.md
@@ -0,0 +1,290 @@
+---
+depth: standard
+id: PRD-013
+kind: prd
+last_modified_at: 2026-05-06T16:49:09.687333+00:00
+last_modified_by: claude-code/2.1.131
+status: draft
+title: Shared UI primitives + npm update notification
+---
+
+---
+id: PRD-013
+title: "Shared UI primitives + npm update notification"
+status: Draft
+author: claude-code
+created: 2026-05-06
+updated: 2026-05-06
+priority: P1
+depth: standard
+domain: general
+projectType: web_app
+stepsCompleted: []
+---
+
+# PRD-013: Shared UI primitives + npm update notification
+
+## Executive Summary
+
+### Vision
+
+Establish a minimal but reusable shared UI layer (Button, Code-with-copy,
+Dialog) and a programmatic ModalManager so widgets can open dialogs without
+manually mounting a component each time, then leverage that layer to surface
+an "Update available" affordance in the version footer when a newer
+`@forgeplan/web` is published on npm.
+
+### Problem
+
+Two coupled gaps in the current `template/`:
+
+1. There are no shared UI primitives. Every widget that needs a button, code
+   block, or dialog has to roll its own markup and CSS. There is no
+   programmatic way to open a modal — components must be instantiated and
+   mounted by every caller, which discourages reuse and bloats widget code.
+2. Users have no way to learn that a newer `@forgeplan/web` is available.
+   The footer shows the running version but the user must check npm
+   manually. As a result, scaffolds drift behind the latest release for
+   weeks; bug fixes shipped in newer versions never reach users.
+
+**Impact**: New widgets needing a dialog (this PRD's update notice, plus
+future settings/help modals) duplicate boilerplate. Stale `.forgeplan-web/`
+installs miss CLI-CLI compatibility fixes and feature additions.
+
+### Target Users
+
+| Persona            | Description                                        | Key pain                                                                 |
+| ------------------ | -------------------------------------------------- | ------------------------------------------------------------------------ |
+| Forgeplan author   | Engineer running `npx @forgeplan/web start` daily | Doesn't know an update is available; widget code reinvents UI primitives |
+| Template developer | Maintainer adding new widgets to `template/`       | No shared Button/Dialog → reinvents markup, no consistent styling        |
+
+### Differentiators
+
+- ModalManager is a programmatic, single-mount-point API (`modalManager.open(Component, props)`),
+  not a per-widget mount.
+- Update check is read-only (HEAD/GET against npm registry), bounded
+  in frequency, and never auto-mutates the host. Manual update remains the
+  only path that touches `.forgeplan-web/`.
+
+---
+
+## Success Criteria
+
+| ID   | Criterion                                                                                                    | Metric                                                | Current      | Target       | Timeframe       | How to Measure                                  |
+| ---- | ------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------- | ------------ | ------------ | --------------- | ----------------------------------------------- |
+| SC-1 | Shared UI primitives Button/Code/Dialog exist under `template/src/shared/ui/` and are imported by ≥1 widget  | Files exist + 1 widget imports                        | 0 primitives | 3 primitives | This PR         | `ls template/src/shared/ui/` + grep for imports |
+| SC-2 | Modal can be opened without mounting in caller — single `ModalRoot` mounted in root layout                   | Caller line count to open a dialog                    | N/A          | ≤ 3 lines    | This PR         | Code review                                     |
+| SC-3 | When a newer `@forgeplan/web` is published, the user sees an Update affordance within ≤ 30 minutes           | Time-to-notice from npm publish                       | ∞ (never)    | ≤ 30 min     | First polled tick post-publish | Manual: bump local pkg version, wait, observe footer |
+| SC-4 | Update dialog shows current → latest and a copyable command; clicking copy writes the command to clipboard   | Functional behaviour                                  | N/A          | Pass         | This PR         | Manual smoke in browser                         |
+| SC-5 | npm-registry endpoint stays read-only and respects in-process concurrency cap                                | Endpoint method + spawn count                         | N/A          | GET-only     | This PR         | Code review + `grep -RIn POST template/src/routes/api/update-check` returns 0 hits |
+
+---
+
+## Product Scope
+
+### MVP (In-Scope)
+
+- `template/src/shared/ui/button/Button.svelte` — variants `primary`,
+  `secondary`, `ghost`; sizes `sm`, `md`; disabled state.
+- `template/src/shared/ui/code/Code.svelte` — monospaced block with a copy
+  button; uses `navigator.clipboard.writeText` (with a textarea fallback for
+  insecure contexts that block the Clipboard API).
+- `template/src/shared/ui/dialog/Dialog.svelte` — wraps `<dialog>`
+  (HTMLDialogElement) with title, body slot, footer slot, close button,
+  ESC-to-close, scrim click to dismiss (toggleable per call).
+- `template/src/shared/ui/modal/modalManager.svelte.ts` — exposes
+  `modalManager.open(component, props?)` returning a Promise that resolves
+  on close with optional return value; `modalManager.close(id?)`.
+- `template/src/shared/ui/modal/ModalRoot.svelte` — single mount point
+  rendered once in `+layout.svelte`; iterates over `modalManager.stack`.
+- `template/src/routes/api/update-check/+server.ts` — fetches
+  `https://registry.npmjs.org/@forgeplan/web/latest` via Node `fetch`,
+  returns `{ ok, data: { current, latest, hasUpdate } }`.
+- Update poller — runs once at app mount, then every 30 min; shared
+  `createPoller` reused with `intervalMs: 1_800_000`.
+- `UpdateButton` displayed above the version footer when `hasUpdate`;
+  click opens an `UpdateDialog` via modalManager.
+- Documentation file describing modalManager usage (
+  `template/src/shared/ui/modal/README.md`).
+- Rule 22 amended to allow flag-only `--version` AND a single
+  non-forgeplan read-only endpoint (`/api/update-check`) hitting
+  `registry.npmjs.org`.
+
+### Out of Scope
+
+- Auto-update from the browser (clicking → `spawn npx @forgeplan/web update`).
+  Reason: rule 22 requires endpoints be read-only proxies; running `update`
+  mutates the host's `.forgeplan-web/` and would `rmSync` the very files
+  serving the request, crashing the running process. Out of scope for this
+  PR; revisit in a follow-up RFC if demand justifies the rule change.
+- Dependency on third-party libraries for clipboard, modal, or button
+  (would inflate `dist/node_modules/` and break rule 21 purity goals).
+- Toast / snackbar primitives (separate concern, not needed here).
+- Theme tokens beyond what already exists in `template/src/app/styles/app.css`.
+
+### Growth Vision
+
+- Confirm/Alert convenience wrappers around modalManager (`modalManager.confirm("...")`).
+- Settings dialog using the same modalManager.
+- A future RFC may revisit auto-update via a detached spawn that exits the
+  running server gracefully.
+
+---
+
+## User Journeys
+
+### Journey 1: Forgeplan author notices an update
+
+**Goal**: Discover that a newer `@forgeplan/web` is available and learn how to apply it.
+
+| Step | User action                                  | System response                                                                        | Notes |
+| ---- | -------------------------------------------- | -------------------------------------------------------------------------------------- | ----- |
+| 1    | Opens `http://127.0.0.1:5174` in a browser   | App polls `/api/update-check` once at mount                                            |       |
+| 2    | Server fetches npm registry, finds newer ver | Returns `{current: '0.1.11', latest: '0.1.12', hasUpdate: true}`                       |       |
+| 3    | UI shows a small "Update v0.1.12 →" button   | Button rendered above the version footer (same corner)                                 |       |
+| 4    | Clicks the button                            | modalManager opens UpdateDialog with current → latest + copyable `npx @forgeplan/web update` command |       |
+| 5    | Clicks "Copy" on the code block              | Command copied to clipboard; visual confirmation                                       |       |
+| 6    | Pastes in terminal, runs                     | Local `.forgeplan-web/` updated; user refreshes browser                                |       |
+
+**Outcome**: User upgrades within minutes of becoming aware.
+
+### Journey 2: Template developer opens a dialog
+
+**Goal**: Open a settings dialog without mounting a component in their widget.
+
+| Step | User action                                                                  | System response                                                |
+| ---- | ---------------------------------------------------------------------------- | -------------------------------------------------------------- |
+| 1    | In a widget script: `import { modalManager } from '@/shared/ui/modal'`       | Type-checked import                                            |
+| 2    | Calls `await modalManager.open(SettingsDialog, { initialTab: 'theme' })`     | `ModalRoot` (mounted in `+layout.svelte`) renders the dialog   |
+| 3    | User dismisses; promise resolves                                             | Caller receives optional return value                          |
+
+**Outcome**: Caller adds 3 lines, no per-widget `<SettingsDialog>` markup.
+
+---
+
+## Functional Requirements
+
+| ID     | Category     | Priority | Requirement                                                                                                                                | Journey   |
+| ------ | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ | --------- |
+| FR-001 | UI           | Must     | Template developer can render a button via a single shared component supporting at least 3 visual variants and disabled state              | Journey 2 |
+| FR-002 | UI           | Must     | Template developer can render a copyable code block via a single shared component; the copy button writes the rendered text to clipboard   | Journey 1 |
+| FR-003 | UI           | Must     | Template developer can render a dialog with title, body, footer, ESC-close, and scrim-click-to-close (toggleable) via one shared component | Journey 2 |
+| FR-004 | UI           | Must     | Template developer can open a modal programmatically by calling a single API method that takes a component and optional props              | Journey 2 |
+| FR-005 | UI           | Must     | Forgeplan author can see at most one Update affordance when a newer package version is published; affordance is hidden otherwise           | Journey 1 |
+| FR-006 | Integration  | Must     | Forgeplan author can read current and latest version side-by-side in the update dialog                                                     | Journey 1 |
+| FR-007 | Integration  | Must     | Forgeplan author can copy the manual update command to clipboard with one click                                                            | Journey 1 |
+| FR-008 | Polling      | Must     | System polls the registry once at app mount and at most once every 30 minutes thereafter while the tab is open                             | Journey 1 |
+| FR-009 | Security     | Must     | System shall not mutate the host filesystem from any /api/update-check endpoint                                                            | Journey 1 |
+| FR-010 | UX           | Should   | Template developer can stack modals (open from inside a modal) without losing the underlying one                                           | Journey 2 |
+| FR-011 | UX           | Should   | Forgeplan author can dismiss the update affordance for the session without losing the dialog content                                       | Journey 1 |
+| FR-012 | Docs         | Should   | Template developer can find a one-page how-to for modalManager in the repo                                                                 | Journey 2 |
+
+---
+
+## Non-Functional Requirements
+
+| ID      | Category      | Requirement                                                                                                  | Metric                  | Condition                                | Measurement                                                                  |
+| ------- | ------------- | ------------------------------------------------------------------------------------------------------------ | ----------------------- | ---------------------------------------- | ---------------------------------------------------------------------------- |
+| NFR-001 | Performance   | System shall respond to /api/update-check                                                                    | < 500ms p95             | Cold cache, single client                | Manual timing during smoke test                                              |
+| NFR-002 | Resilience    | System shall return `{ok: false, error}` when the registry is unreachable, never throw an unhandled rejection | No 500s                 | Network error, DNS error, non-2xx status | curl -s /api/update-check after disabling network                            |
+| NFR-003 | Security      | System shall not pass user input to spawn or fetch URL construction                                          | Static URL, no spawn    | All requests                             | Code review: URL is a string literal, no `spawn` in update-check route       |
+| NFR-004 | Bundle        | System shall add zero new runtime npm dependencies to `template/package.json`                                | Diff in `dependencies`  | Post-merge                               | `git diff main -- template/package.json`                                     |
+| NFR-005 | Compatibility | System shall continue to work when registry returns no `latest` dist-tag (returns hasUpdate: false)          | Graceful degradation    | npm metadata edge case                   | Stub fetch with empty `dist-tags`                                            |
+
+---
+
+## Acceptance Criteria
+
+### AC-1: Update available — sticker shown
+
+```gherkin
+Given the npm registry has @forgeplan/web@0.1.12 as latest dist-tag
+And   the running scaffold reports __FORGEPLAN_WEB_VERSION__ === "0.1.11"
+When  the SvelteKit app polls /api/update-check
+Then  the response contains hasUpdate: true and latest: "0.1.12"
+And   the UpdateButton renders above the version footer
+```
+
+### AC-2: No update — sticker hidden
+
+```gherkin
+Given the npm registry latest dist-tag matches __FORGEPLAN_WEB_VERSION__
+When  the app polls /api/update-check
+Then  the response contains hasUpdate: false
+And   no UpdateButton is rendered
+```
+
+### AC-3: Update dialog flow
+
+```gherkin
+Given hasUpdate is true
+When  the user clicks the UpdateButton
+Then  modalManager opens an UpdateDialog containing:
+  - the current version (0.1.11) and latest version (0.1.12)
+  - a Code component with the literal text "npx @forgeplan/web update"
+  - a Copy action that writes that command to clipboard
+```
+
+### AC-4: Registry unreachable
+
+```gherkin
+Given the npm registry is unreachable (DNS fail or non-2xx)
+When  the app polls /api/update-check
+Then  the endpoint returns { ok: false, error: "<message>" } with HTTP 200
+And   no UpdateButton is rendered
+And   the Svelte console logs no unhandled error
+```
+
+### AC-5: ModalManager API
+
+```gherkin
+Given a Svelte component MyDialog
+When  a caller invokes modalManager.open(MyDialog, { foo: "bar" })
+Then  the dialog appears in ModalRoot
+And   the call returns a Promise that resolves when the dialog closes
+```
+
+---
+
+## Dependencies
+
+| Dependency                              | Type     | Status | Owner       |
+| --------------------------------------- | -------- | ------ | ----------- |
+| Existing `runForgeplan` server module   | Internal | Ready  | this repo   |
+| `__FORGEPLAN_WEB_VERSION__` Vite define | Internal | Ready  | this repo   |
+| `registry.npmjs.org` HTTPS              | External | Ready  | npm Inc.    |
+| Rule 22 amendment                       | Internal | This PR | this repo   |
+
+---
+
+## Risks & Mitigations
+
+| ID  | Risk                                                                                                              | Probability | Impact | Mitigation                                                                                                | Owner     |
+| --- | ----------------------------------------------------------------------------------------------------------------- | ----------- | ------ | --------------------------------------------------------------------------------------------------------- | --------- |
+| R-1 | npm registry rate-limits or returns 429                                                                           | Low         | Low    | 30-minute polling interval + graceful `hasUpdate: false` on non-2xx; cache result per server process      | this repo |
+| R-2 | navigator.clipboard fails on insecure context (older Safari)                                                      | Medium      | Low    | Fallback to a hidden `<textarea>` + `document.execCommand('copy')`; show a hint if fallback also fails    | this repo |
+| R-3 | ModalManager memory leak — components added but never released                                                    | Medium      | Medium | Close removes from store; component instances destroyed when stack item removed (Svelte handles unmount)  | this repo |
+| R-4 | Rule 22 amendment opens the door to future mutation endpoints                                                     | Medium      | Medium | Amendment names exactly one URL (`/api/update-check`) and one host (`registry.npmjs.org`), GET-only       | this repo |
+| R-5 | Auto-update follow-up implementation tries to `spawn` from the running process and crashes mid-request            | Low         | Medium | Out of scope for this PR; explicit Out-of-Scope clause + dialog wording sets expectation for manual run   | this repo |
+
+---
+
+## Affected Files
+
+- `template/src/shared/ui/**` (new)
+- `template/src/widgets/version-footer/**` (modified)
+- `template/src/routes/api/update-check/+server.ts` (new)
+- `template/src/routes/+layout.svelte` (mount ModalRoot)
+- `.claude/rules/22-readonly-proxy.md` (amend allow-list)
+- `.forgeplan/rfcs/RFC-012-*.md` (new)
+
+## Related Artifacts
+
+| Artifact | Relation             | Status |
+| -------- | -------------------- | ------ |
+| RFC-012  | Architecture proposal | Draft (this PR) |
+| EVID-017 | Smoke + svelte-check | This PR |
+
+---
+
+> **Next step**: validate PRD-013 → create RFC-012.
diff --git a/.forgeplan/rfcs/RFC-012-shared-ui-primitives-modalmanager-update-checker.md b/.forgeplan/rfcs/RFC-012-shared-ui-primitives-modalmanager-update-checker.md
new file mode 100644
index 0000000..499f01f
--- /dev/null
+++ b/.forgeplan/rfcs/RFC-012-shared-ui-primitives-modalmanager-update-checker.md
@@ -0,0 +1,308 @@
+---
+depth: standard
+id: RFC-012
+kind: rfc
+last_modified_at: 2026-05-06T16:50:53.031656+00:00
+last_modified_by: claude-code/2.1.131
+links:
+- target: PRD-013
+  relation: based_on
+status: draft
+title: Shared UI primitives + ModalManager + update checker
+---
+
+---
+id: RFC-012
+title: "Shared UI primitives + ModalManager + update checker"
+status: Draft
+author: claude-code
+created: 2026-05-06
+updated: 2026-05-06
+prd: PRD-013
+depth: standard
+---
+
+# RFC-012: Shared UI primitives + ModalManager + update checker
+
+## Summary
+
+Introduce a `template/src/shared/ui/` segment with three primitives
+(Button, Code-with-copy, Dialog) and a programmatic ModalManager. Add a
+new read-only endpoint `/api/update-check` that polls the npm registry
+and a poller that runs once at mount and every 30 minutes. Surface an
+Update affordance above the version footer when a newer release exists.
+
+## Motivation
+
+See PRD-013. Two problems: (1) widgets reinvent UI primitives; (2) users
+have no signal that a newer `@forgeplan/web` exists, so scaffolds drift
+behind. Both are solved by a small shared-ui layer + one read-only HTTP
+fetch.
+
+## Non-Goals
+
+- Auto-update from the browser (would require a write endpoint and
+  self-replacing the running server's files; rejected for this RFC,
+  see PRD-013 § Out of Scope).
+- New runtime npm dependencies in `template/`.
+- Theme tokens / global redesign — primitives reuse existing CSS vars
+  in `template/src/app/styles/app.css`.
+
+---
+
+## Architecture
+
+### File layout
+
+```
+template/src/shared/services/
+  index.ts                          # barrel
+  modal/
+    modal-manager.svelte.ts         # singleton store + open/close API (the service)
+    index.ts
+
+template/src/shared/ui/
+  index.ts                          # barrel: primitives + ModalRoot (no service re-export)
+  README.md                         # how-to-use modalManager (FR-012)
+  button/
+    Button.svelte                   # variants: primary | secondary | ghost; sizes: sm | md
+    index.ts
+  code/
+    Code.svelte                     # <pre><code> + copy button; clipboard with textarea fallback
+    index.ts
+  dialog/
+    Dialog.svelte                   # <dialog>-based, ESC-close, scrim-click-close (toggleable)
+    index.ts
+  modal/
+    ModalRoot.svelte                # iterates stack, mounted ONCE in +layout.svelte
+    index.ts
+
+template/src/widgets/version-footer/
+  ui/
+    VersionFooter.svelte            # existing; modified to render <UpdateButton/> on top
+    UpdateButton.svelte             # new: visible when state.hasUpdate
+    UpdateDialog.svelte             # new: opened via modalManager
+  api/
+    update-check.svelte.ts          # createPoller<UpdateData>('/api/update-check', 30 min)
+  index.ts                          # re-exports VersionFooter only
+
+template/src/routes/api/update-check/
+  +server.ts                        # GET — fetch registry.npmjs.org, return envelope
+```
+
+Per FSD `shared/ui` and `shared/services` are the lowest layer;
+`widgets/version-footer` may import from them freely. The split keeps
+`shared/ui` purely visual: any caller wanting the modalManager API
+imports from `@/shared/services`. `ModalRoot` stays in `shared/ui` since
+it is a render component (consumes the service to render its stack).
+
+### ModalManager API
+
+```ts
+// shared/services/modal/modal-manager.svelte.ts
+import type { Component, ComponentProps } from 'svelte';
+
+export interface ModalEntry<C extends Component = Component> {
+  id: number;
+  component: C;
+  props: ComponentProps<C>;
+  resolve: (value: unknown) => void;
+}
+
+export interface ModalManager {
+  readonly stack: ModalEntry[];          // reactive ($state)
+  open<C extends Component>(
+    component: C,
+    props?: Omit<ComponentProps<C>, 'modalId'>,
+  ): Promise<unknown>;
+  close(id: number, value?: unknown): void;
+  closeTop(value?: unknown): void;
+}
+
+export const modalManager: ModalManager = createModalManager();
+```
+
+Children opened via `modalManager.open` receive a `modalId: number` prop
+they can pass to `modalManager.close(modalId, value)` when dismissing
+themselves. The returned Promise resolves with that value.
+
+`ModalRoot.svelte` mounted once in `+layout.svelte`:
+
+```svelte
+<!-- shared/ui/modal/ModalRoot.svelte -->
+<script lang="ts">
+  import { modalManager } from '@/shared/services';
+</script>
+
+{#each modalManager.stack as entry (entry.id)}
+  {@const { component: Component, props } = entry}
+  <Component {...props} modalId={entry.id} />
+{/each}
+```
+
+### `/api/update-check` endpoint
+
+Read-only. Fetches `https://registry.npmjs.org/@forgeplan/web/latest`
+with a 5 s timeout and a `User-Agent` header. Compares with the build-
+time `__FORGEPLAN_WEB_VERSION__` Vite define already used in
+`/api/version`.
+
+```ts
+// +server.ts
+import { json } from '@sveltejs/kit';
+import { compareSemver } from '@/shared/server/semver';
+
+const REGISTRY_URL = 'https://registry.npmjs.org/@forgeplan/web/latest';
+const TIMEOUT_MS = 5_000;
+const CACHE_MS = 5 * 60_000;
+
+let cache: { latest: string; ts: number } | null = null;
+
+export const GET = async () => {
+  const current = __FORGEPLAN_WEB_VERSION__;
+  try {
+    const latest = await getLatestCached();
+    return json({
+      ok: true,
+      data: { current, latest, hasUpdate: latest ? compareSemver(latest, current) > 0 : false },
+      cmd: 'GET registry.npmjs.org/@forgeplan/web/latest',
+    });
+  } catch (err) {
+    return json({ ok: false, error: (err as Error).message, cmd: 'GET registry.npmjs.org/@forgeplan/web/latest' });
+  }
+};
+```
+
+`compareSemver` is a tiny pure function in `template/src/shared/server/semver.ts`
+that splits on `.` and `-`, compares numerically with prerelease less than
+release. Zero deps. Already needed; no equivalent in standard library.
+
+### Poller config
+
+`createPoller<UpdateData>('/api/update-check', 30 * 60_000)`. The
+existing `createPoller` already handles AbortController, `inflight`,
+`browser` guard, and start/stop on mount.
+
+### Footer composition
+
+```svelte
+<!-- VersionFooter.svelte (modified) -->
+<script lang="ts">
+  import { modalManager } from '@/shared/ui/modal';
+  import UpdateButton from './UpdateButton.svelte';
+  import UpdateDialog from './UpdateDialog.svelte';
+  import { updatePoller } from '../api/update-check.svelte';
+  // existing version state ...
+  updatePoller.start();
+</script>
+
+{#if updatePoller.state.data?.hasUpdate}
+  <UpdateButton
+    current={updatePoller.state.data.current}
+    latest={updatePoller.state.data.latest}
+    onclick={() => modalManager.open(UpdateDialog, {
+      current: updatePoller.state.data!.current,
+      latest: updatePoller.state.data!.latest,
+    })}
+  />
+{/if}
+<!-- ... existing version chip ... -->
+```
+
+### Rule 22 amendment
+
+Append a new section "Allow-list extension: `/api/update-check`" that
+permits exactly one URL (`https://registry.npmjs.org/@forgeplan/web/latest`),
+GET-only, no host filesystem mutation. The runtime backstop is a string
+literal in the route — no user input touches the URL.
+
+---
+
+## Implementation Plan
+
+| Phase | Task                                                                                                | File(s)                                                                                 |
+| ----- | --------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
+| 1     | Build Button primitive                                                                              | `template/src/shared/ui/button/**`                                                      |
+| 1     | Build Code-with-copy primitive                                                                      | `template/src/shared/ui/code/**`                                                        |
+| 1     | Build Dialog primitive                                                                              | `template/src/shared/ui/dialog/**`                                                      |
+| 1     | Build modalManager + ModalRoot                                                                      | `template/src/shared/ui/modal/**`                                                       |
+| 1     | Mount ModalRoot in root layout                                                                      | `template/src/routes/+layout.svelte`                                                    |
+| 1     | Write modalManager README                                                                           | `template/src/shared/ui/README.md`                                                      |
+| 2     | Add `compareSemver` helper                                                                          | `template/src/shared/server/semver.ts`                                                  |
+| 2     | Add `/api/update-check` endpoint                                                                    | `template/src/routes/api/update-check/+server.ts`                                       |
+| 2     | Add updatePoller (30-min interval)                                                                  | `template/src/widgets/version-footer/api/update-check.svelte.ts`                        |
+| 2     | Add UpdateButton + UpdateDialog                                                                     | `template/src/widgets/version-footer/ui/Update*.svelte`                                 |
+| 2     | Wire poller into VersionFooter                                                                      | `template/src/widgets/version-footer/ui/VersionFooter.svelte`                           |
+| 3     | Amend rule 22                                                                                       | `.claude/rules/22-readonly-proxy.md`                                                    |
+| 3     | Validate: `npm run check` in template, `npm run smoke` at root                                      | n/a                                                                                     |
+| 4     | Forgeplan: evidence, score, activate                                                                | `.forgeplan/`                                                                           |
+
+## Testing Strategy
+
+- Manual smoke in browser: open the SvelteKit dev server, force-bump the
+  local `__FORGEPLAN_WEB_VERSION__` define to a stale value via
+  `vite.config.ts`, confirm the button appears and the dialog opens.
+- `template`'s `npm run check` (svelte-check) — must stay clean.
+- Root `npm run smoke` — must pass; no regression in init/start path.
+- `compareSemver` unit test in `template` (`vitest`).
+
+## Rollout
+
+Single PR `feat/shared-ui-update-checker` → `develop`. No feature flag
+needed: behaviour is additive (extra endpoint + extra widget); existing
+endpoints unchanged.
+
+## Backwards Compatibility
+
+- Existing widgets do not consume the new primitives — no breakage.
+- `/api/version` and `/api/health` shapes unchanged.
+- The new `/api/update-check` is a brand-new path; no version migration
+  needed.
+- Footer layout: the chip itself is unchanged; the Update button only
+  appears when `hasUpdate`.
+
+## Security
+
+- Update endpoint uses a hard-coded URL string literal — no user input.
+- 5-second timeout via `AbortController`.
+- 5-minute server-process cache to avoid registry hammering.
+- No spawn from the new endpoint — pure `fetch`.
+- `navigator.clipboard` requires a secure context; the textarea fallback
+  uses `document.execCommand('copy')` which is widely available.
+
+## Performance
+
+- Poll interval 30 min × 1 fetch ≈ 48 req/day per open tab. Negligible.
+- Server-process cache returns within ms after the first hit.
+
+## Alternatives considered
+
+| Option                                             | Why rejected                                                            |
+| -------------------------------------------------- | ----------------------------------------------------------------------- |
+| Use a 3rd-party modal lib (svelte-headlessui)      | Adds runtime dep → bloats `dist/node_modules/`, breaks zero-dep ethos   |
+| Spawn `npm view @forgeplan/web version` server-side | Requires npm CLI on PATH at runtime; rule 22 spirit favours pure HTTP   |
+| Auto-update via POST endpoint                      | Mutates host fs; would `rmSync` files of the running server. Out-of-scope |
+| Client-side fetch to registry.npmjs.org            | CORS — npm registry does not allow browser CORS for `/<pkg>/latest`     |
+| 5-minute polling                                   | Wastes registry quota; updates are rare. 30 min meets PRD SC-3.         |
+
+## Open Questions
+
+None — all resolved in PRD-013.
+
+## Affected Files
+
+- `template/src/shared/ui/**` (new)
+- `template/src/shared/server/semver.ts` (new)
+- `template/src/widgets/version-footer/**` (modified)
+- `template/src/routes/api/update-check/+server.ts` (new)
+- `template/src/routes/+layout.svelte` (modified — mount ModalRoot)
+- `.claude/rules/22-readonly-proxy.md` (amended)
+- `.forgeplan/prds/PRD-013-*.md` (this RFC's parent)
+
+## Related Artifacts
+
+| Artifact | Relation     | Status |
+| -------- | ------------ | ------ |
+| PRD-013  | Parent PRD   | Draft  |
+| EVID-017 | Smoke + check | This PR |
+
diff --git a/template/src/routes/+layout.svelte b/template/src/routes/+layout.svelte
index 10ecc41..a2800d7 100644
--- a/template/src/routes/+layout.svelte
+++ b/template/src/routes/+layout.svelte
@@ -1,8 +1,10 @@
 <script lang="ts">
   import type { Snippet } from 'svelte';
   import '@/app';
+  import { ModalRoot } from '@/shared/ui';
 
   const { children }: { children?: Snippet } = $props();
 </script>
 
 {@render children?.()}
+<ModalRoot />
diff --git a/template/src/routes/api/update-check/+server.ts b/template/src/routes/api/update-check/+server.ts
new file mode 100644
index 0000000..839de51
--- /dev/null
+++ b/template/src/routes/api/update-check/+server.ts
@@ -0,0 +1,79 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+import { compareSemver } from '@/shared/server';
+
+// PRD-013 / RFC-012: read-only npm registry probe. Allowed by rule 22 as the
+// single non-forgeplan endpoint. URL is a string literal — no user input
+// reaches the network call. No host filesystem mutation occurs anywhere in
+// this module. See `.claude/rules/22-readonly-proxy.md`.
+
+const REGISTRY_URL = 'https://registry.npmjs.org/@forgeplan/web/latest';
+const TIMEOUT_MS = 5_000;
+const CACHE_MS = 5 * 60_000;
+const CMD_LABEL = 'GET registry.npmjs.org/@forgeplan/web/latest';
+const USER_AGENT = `@forgeplan/web ${__FORGEPLAN_WEB_VERSION__} (update-check)`;
+
+let cache: { latest: string; ts: number } | null = null;
+let inflight: Promise<string | null> | null = null;
+
+async function fetchLatest(): Promise<string | null> {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), TIMEOUT_MS);
+  try {
+    const res = await fetch(REGISTRY_URL, {
+      signal: controller.signal,
+      headers: {
+        accept: 'application/json',
+        'user-agent': USER_AGENT,
+      },
+    });
+    if (!res.ok) {
+      // FIXME(rate-limit): npm 429s could surface here — caller falls back to hasUpdate:false.
+      throw new Error(`registry HTTP ${res.status}`);
+    }
+    const body = (await res.json()) as { version?: unknown };
+    if (typeof body.version !== 'string' || body.version.length === 0) return null;
+    return body.version;
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+async function getLatestCached(): Promise<string | null> {
+  const now = Date.now();
+  if (cache && now - cache.ts < CACHE_MS) return cache.latest;
+  if (inflight) return inflight;
+  inflight = (async () => {
+    try {
+      const v = await fetchLatest();
+      if (v) cache = { latest: v, ts: Date.now() };
+      return v;
+    } finally {
+      inflight = null;
+    }
+  })();
+  return inflight;
+}
+
+export const GET: RequestHandler = async () => {
+  const current = __FORGEPLAN_WEB_VERSION__;
+  try {
+    const latest = await getLatestCached();
+    return json({
+      ok: true,
+      data: {
+        current,
+        latest,
+        hasUpdate: latest ? compareSemver(latest, current) > 0 : false,
+      },
+      cmd: CMD_LABEL,
+    });
+  } catch (err) {
+    return json({
+      ok: false,
+      error: (err as Error).message,
+      data: { current, latest: null, hasUpdate: false },
+      cmd: CMD_LABEL,
+    });
+  }
+};
diff --git a/template/src/shared/server/index.ts b/template/src/shared/server/index.ts
index f3894b6..0f53b1b 100644
--- a/template/src/shared/server/index.ts
+++ b/template/src/shared/server/index.ts
@@ -6,3 +6,4 @@ export {
   type ForgeplanResult,
 } from './forgeplan';
 export { respond } from './respond';
+export { compareSemver } from './semver';
diff --git a/template/src/shared/server/semver.ts b/template/src/shared/server/semver.ts
new file mode 100644
index 0000000..8749500
--- /dev/null
+++ b/template/src/shared/server/semver.ts
@@ -0,0 +1,62 @@
+// PRD-013 / RFC-012: minimal SemVer comparator. We only need ordering for the
+// "is the registry version newer than the running one?" check. Pre-release is
+// supported as a basic less-than-release rule (per SemVer §11.4).
+
+const SEMVER_RE = /^(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z.-]+))?(?:\+[0-9A-Za-z.-]+)?$/;
+
+interface Parsed {
+  major: number;
+  minor: number;
+  patch: number;
+  pre: string | null;
+}
+
+function parse(version: string): Parsed | null {
+  const match = SEMVER_RE.exec(version.trim());
+  if (!match) return null;
+  return {
+    major: Number(match[1]),
+    minor: Number(match[2]),
+    patch: Number(match[3]),
+    pre: match[4] ?? null,
+  };
+}
+
+function comparePre(a: string, b: string): number {
+  const aParts = a.split('.');
+  const bParts = b.split('.');
+  const len = Math.max(aParts.length, bParts.length);
+  for (let i = 0; i < len; i += 1) {
+    const ai = aParts[i];
+    const bi = bParts[i];
+    if (ai === undefined) return -1;
+    if (bi === undefined) return 1;
+    const aNum = /^\d+$/.test(ai);
+    const bNum = /^\d+$/.test(bi);
+    if (aNum && bNum) {
+      const diff = Number(ai) - Number(bi);
+      if (diff !== 0) return diff < 0 ? -1 : 1;
+    } else if (aNum !== bNum) {
+      return aNum ? -1 : 1;
+    } else if (ai !== bi) {
+      return ai < bi ? -1 : 1;
+    }
+  }
+  return 0;
+}
+
+export function compareSemver(a: string, b: string): number {
+  const pa = parse(a);
+  const pb = parse(b);
+  if (!pa || !pb) {
+    if (a === b) return 0;
+    return a < b ? -1 : 1;
+  }
+  if (pa.major !== pb.major) return pa.major < pb.major ? -1 : 1;
+  if (pa.minor !== pb.minor) return pa.minor < pb.minor ? -1 : 1;
+  if (pa.patch !== pb.patch) return pa.patch < pb.patch ? -1 : 1;
+  if (pa.pre === pb.pre) return 0;
+  if (pa.pre === null) return 1;
+  if (pb.pre === null) return -1;
+  return comparePre(pa.pre, pb.pre);
+}
diff --git a/template/src/shared/services/index.ts b/template/src/shared/services/index.ts
new file mode 100644
index 0000000..1f5cd4e
--- /dev/null
+++ b/template/src/shared/services/index.ts
@@ -0,0 +1 @@
+export { modalManager, type ModalManager, type ModalEntry } from './modal';
diff --git a/template/src/shared/services/modal/index.ts b/template/src/shared/services/modal/index.ts
new file mode 100644
index 0000000..c7036ab
--- /dev/null
+++ b/template/src/shared/services/modal/index.ts
@@ -0,0 +1 @@
+export { modalManager, type ModalManager, type ModalEntry } from './modal-manager.svelte';
diff --git a/template/src/shared/services/modal/modal-manager.svelte.ts b/template/src/shared/services/modal/modal-manager.svelte.ts
new file mode 100644
index 0000000..a58e212
--- /dev/null
+++ b/template/src/shared/services/modal/modal-manager.svelte.ts
@@ -0,0 +1,69 @@
+import type { Component, ComponentProps } from 'svelte';
+
+// Generic Component type covers the unknown-prop-shape case we need at the
+// store level; per-call, the public open() signature still infers props from
+// the concrete component type.
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+type AnyComponent = Component<any>;
+
+export interface ModalEntry {
+  id: number;
+  component: AnyComponent;
+  props: Record<string, unknown>;
+  resolve: (value: unknown) => void;
+}
+
+export interface ModalManager {
+  readonly stack: ModalEntry[];
+  open<C extends AnyComponent>(
+    component: C,
+    props?: Omit<ComponentProps<C>, 'modalId'>,
+  ): Promise<unknown>;
+  close(id: number, value?: unknown): void;
+  closeTop(value?: unknown): void;
+}
+
+function createModalManager(): ModalManager {
+  const stack = $state<ModalEntry[]>([]);
+  let nextId = 1;
+
+  function open<C extends AnyComponent>(
+    component: C,
+    props?: Omit<ComponentProps<C>, 'modalId'>,
+  ): Promise<unknown> {
+    return new Promise((resolve) => {
+      const id = nextId++;
+      stack.push({
+        id,
+        component,
+        props: (props ?? {}) as Record<string, unknown>,
+        resolve,
+      });
+    });
+  }
+
+  function close(id: number, value: unknown = undefined): void {
+    const idx = stack.findIndex((entry) => entry.id === id);
+    if (idx === -1) return;
+    const removed = stack.splice(idx, 1);
+    const entry = removed[0];
+    if (!entry) return;
+    entry.resolve(value);
+  }
+
+  function closeTop(value: unknown = undefined): void {
+    const top = stack[stack.length - 1];
+    if (top) close(top.id, value);
+  }
+
+  return {
+    get stack() {
+      return stack;
+    },
+    open,
+    close,
+    closeTop,
+  };
+}
+
+export const modalManager: ModalManager = createModalManager();
diff --git a/template/src/shared/ui/README.md b/template/src/shared/ui/README.md
new file mode 100644
index 0000000..9fa5a9a
--- /dev/null
+++ b/template/src/shared/ui/README.md
@@ -0,0 +1,117 @@
+# `shared/ui` — UI primitives (paired with `shared/services` for ModalManager)
+
+Tiny, dependency-free building blocks shared across `widgets/` and
+`pages/`. Driven by PRD-013 / RFC-012.
+
+The `modalManager` *service* itself lives under
+[`shared/services/modal`](../services/modal) — `shared/ui` only owns the
+`ModalRoot` mount component and the visual primitives below.
+
+## Primitives
+
+| Primitive   | Import path                                | Purpose                                                          |
+| ----------- | ------------------------------------------ | ---------------------------------------------------------------- |
+| `Button`    | `import { Button } from '@/shared/ui'`     | Button with `variant` (primary / secondary / ghost) and `size` (sm / md). |
+| `Code`      | `import { Code } from '@/shared/ui'`       | Monospaced block (or `inline`) with a copy-to-clipboard button.  |
+| `Dialog`    | `import { Dialog } from '@/shared/ui'`     | `<dialog>` wrapper — title, body / footer slots, ESC-close, scrim-close, close button. Pair with `ModalRoot` if you want programmatic open. |
+| `ModalRoot` | `import { ModalRoot } from '@/shared/ui'`  | Iterates the modalManager stack. Mount once in `+layout.svelte`. |
+
+```svelte
+<script lang="ts">
+  import { Button, Code } from '@/shared/ui';
+</script>
+
+<Button variant="primary" onclick={save}>Save</Button>
+<Code code="npx @forgeplan/web update" />
+```
+
+## ModalManager
+
+A programmatic modal API. Instead of mounting `<MyDialog open={...}/>`
+inside every caller, register the dialog component once and open it
+imperatively from anywhere.
+
+### One-time setup
+
+`ModalRoot` is mounted once in the root layout (`+layout.svelte`):
+
+```svelte
+<script lang="ts">
+  import { ModalRoot } from '@/shared/ui';
+</script>
+
+{@render children?.()}
+<ModalRoot />
+```
+
+This is already done in `template/src/routes/+layout.svelte`. New
+SvelteKit apps copying the template inherit it automatically.
+
+### Opening a modal
+
+```svelte
+<script lang="ts">
+  import { modalManager } from '@/shared/services';
+  import SettingsDialog from './SettingsDialog.svelte';
+
+  async function openSettings() {
+    const result = await modalManager.open(SettingsDialog, { tab: 'theme' });
+    // `result` is whatever the dialog passes to modalManager.close(modalId, value)
+  }
+</script>
+
+<button onclick={openSettings}>Settings…</button>
+```
+
+### Inside a dialog component
+
+The component receives `modalId: number` as an injected prop. Use it
+to close itself and optionally return a value:
+
+```svelte
+<script lang="ts">
+  import { Button, Dialog } from '@/shared/ui';
+  import { modalManager } from '@/shared/services';
+
+  interface Props {
+    modalId: number;
+    initialTab?: string;
+  }
+
+  let { modalId, initialTab = 'general' }: Props = $props();
+  let open = $state(true);
+  let tab = $state(initialTab);
+
+  function close(returnValue?: unknown) {
+    open = false;
+    modalManager.close(modalId, returnValue);
+  }
+</script>
+
+<Dialog {open} title="Settings" onclose={() => close()}>
+  <!-- ... body / footer using `{#snippet body()}` / `{#snippet footer()}` ... -->
+</Dialog>
+```
+
+### API
+
+```ts
+modalManager.open(Component, props?)  // → Promise resolved on close
+modalManager.close(modalId, value?)   // close a specific dialog
+modalManager.closeTop(value?)         // close the topmost dialog
+modalManager.stack                    // reactive stack — read-only
+```
+
+Stacked modals are supported: `modalManager.open` from inside a dialog
+just pushes another entry onto the stack.
+
+## Conventions
+
+- Primitives live one-folder-per-component (`button/`, `code/`, …) with a
+  barrel `index.ts` re-exporting the default. The top-level
+  `shared/ui/index.ts` is the public surface.
+- No third-party runtime deps — primitives reuse CSS vars from
+  `template/src/app/styles/app.css`.
+- Each primitive is self-contained: no cross-imports between siblings
+  except via `shared/ui` itself (e.g. `UpdateDialog` imports `{ Code,
+  Button, Dialog }` from `@/shared/ui`).
diff --git a/template/src/shared/ui/button/Button.svelte b/template/src/shared/ui/button/Button.svelte
new file mode 100644
index 0000000..1f9764d
--- /dev/null
+++ b/template/src/shared/ui/button/Button.svelte
@@ -0,0 +1,104 @@
+<script lang="ts">
+  import type { Snippet } from 'svelte';
+  import type { HTMLButtonAttributes } from 'svelte/elements';
+
+  type Variant = 'primary' | 'secondary' | 'ghost';
+  type Size = 'sm' | 'md';
+
+  interface Props extends Omit<HTMLButtonAttributes, 'children'> {
+    variant?: Variant;
+    size?: Size;
+    children?: Snippet;
+  }
+
+  let {
+    variant = 'secondary',
+    size = 'md',
+    type = 'button',
+    class: className,
+    children,
+    ...rest
+  }: Props = $props();
+</script>
+
+<button
+  {type}
+  class="btn variant-{variant} size-{size} {className ?? ''}"
+  {...rest}
+>
+  {@render children?.()}
+</button>
+
+<style>
+  .btn {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    gap: 6px;
+    border: 1px solid transparent;
+    border-radius: 3px;
+    cursor: pointer;
+    font-family: var(--font-sans);
+    font-weight: 500;
+    letter-spacing: 0.01em;
+    line-height: 1;
+    transition:
+      background 120ms ease,
+      border-color 120ms ease,
+      color 120ms ease;
+    white-space: nowrap;
+    user-select: none;
+  }
+
+  .btn:focus-visible {
+    outline: 2px solid var(--accent);
+    outline-offset: 2px;
+  }
+
+  .btn:disabled {
+    opacity: 0.5;
+    cursor: not-allowed;
+  }
+
+  .size-sm {
+    font-size: 11px;
+    padding: 4px 8px;
+    height: 22px;
+  }
+
+  .size-md {
+    font-size: 12px;
+    padding: 6px 12px;
+    height: 28px;
+  }
+
+  .variant-primary {
+    background: var(--accent);
+    border-color: var(--accent);
+    color: #0b0b0b;
+  }
+  .variant-primary:hover:not(:disabled) {
+    background: var(--accent-soft);
+    border-color: var(--accent-soft);
+  }
+
+  .variant-secondary {
+    background: var(--bg-2);
+    border-color: var(--line-2);
+    color: var(--fg-1);
+  }
+  .variant-secondary:hover:not(:disabled) {
+    background: var(--bg-3);
+    border-color: var(--line-3);
+  }
+
+  .variant-ghost {
+    background: transparent;
+    border-color: transparent;
+    color: var(--fg-2);
+  }
+  .variant-ghost:hover:not(:disabled) {
+    background: var(--bg-2);
+    color: var(--fg-1);
+  }
+</style>
diff --git a/template/src/shared/ui/button/index.ts b/template/src/shared/ui/button/index.ts
new file mode 100644
index 0000000..ae34e39
--- /dev/null
+++ b/template/src/shared/ui/button/index.ts
@@ -0,0 +1 @@
+export { default as Button } from './Button.svelte';
diff --git a/template/src/shared/ui/code/Code.svelte b/template/src/shared/ui/code/Code.svelte
new file mode 100644
index 0000000..b46064f
--- /dev/null
+++ b/template/src/shared/ui/code/Code.svelte
@@ -0,0 +1,165 @@
+<script lang="ts">
+  interface Props {
+    code: string;
+    language?: string;
+    inline?: boolean;
+    ariaLabel?: string;
+  }
+
+  let { code, language, inline = false, ariaLabel }: Props = $props();
+
+  let copied = $state(false);
+  let failed = $state(false);
+  let resetTimer: ReturnType<typeof setTimeout> | null = null;
+
+  function flashCopied(success: boolean) {
+    copied = success;
+    failed = !success;
+    if (resetTimer) clearTimeout(resetTimer);
+    resetTimer = setTimeout(() => {
+      copied = false;
+      failed = false;
+    }, 1500);
+  }
+
+  async function copyToClipboard() {
+    try {
+      if (typeof navigator !== 'undefined' && navigator.clipboard?.writeText) {
+        await navigator.clipboard.writeText(code);
+        flashCopied(true);
+        return;
+      }
+    } catch {
+      // FIXME(clipboard): clipboard API rejected (insecure context, permission) — falling back to textarea + execCommand.
+    }
+    flashCopied(legacyCopy(code));
+  }
+
+  function legacyCopy(text: string): boolean {
+    if (typeof document === 'undefined') return false;
+    const ta = document.createElement('textarea');
+    ta.value = text;
+    ta.setAttribute('readonly', '');
+    ta.style.position = 'fixed';
+    ta.style.opacity = '0';
+    ta.style.left = '-9999px';
+    document.body.appendChild(ta);
+    ta.select();
+    let ok = false;
+    try {
+      // TODO(deprecated): document.execCommand removed in future browsers — fallback path only.
+      ok = document.execCommand('copy');
+    } catch {
+      ok = false;
+    }
+    document.body.removeChild(ta);
+    return ok;
+  }
+</script>
+
+{#if inline}
+  <span class="inline" aria-label={ariaLabel}>
+    <code>{code}</code>
+    <button
+      type="button"
+      class="btn"
+      class:ok={copied}
+      class:err={failed}
+      aria-label={copied ? 'Copied' : 'Copy to clipboard'}
+      onclick={copyToClipboard}
+    >
+      {copied ? 'copied' : failed ? 'failed' : 'copy'}
+    </button>
+  </span>
+{:else}
+  <div class="block" data-language={language ?? 'shell'} aria-label={ariaLabel}>
+    <pre><code>{code}</code></pre>
+    <button
+      type="button"
+      class="btn floating"
+      class:ok={copied}
+      class:err={failed}
+      aria-label={copied ? 'Copied' : 'Copy to clipboard'}
+      onclick={copyToClipboard}
+    >
+      {copied ? 'copied' : failed ? 'failed' : 'copy'}
+    </button>
+  </div>
+{/if}
+
+<style>
+  .block {
+    position: relative;
+    background: var(--bg-1);
+    border: 1px solid var(--line-2);
+    border-radius: 3px;
+    padding: 10px 12px;
+    font-family: var(--font-mono);
+    font-size: 12px;
+    line-height: 1.5;
+    color: var(--fg-1);
+    overflow-x: auto;
+  }
+  .block pre {
+    margin: 0;
+    padding-right: 64px;
+  }
+  .block code {
+    white-space: pre;
+  }
+
+  .inline {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    background: var(--bg-1);
+    border: 1px solid var(--line-2);
+    border-radius: 3px;
+    padding: 2px 6px;
+    font-family: var(--font-mono);
+    font-size: 12px;
+  }
+  .inline code {
+    color: var(--fg-1);
+  }
+
+  .btn {
+    background: var(--bg-2);
+    border: 1px solid var(--line-2);
+    border-radius: 2px;
+    color: var(--fg-2);
+    cursor: pointer;
+    font-family: var(--font-mono);
+    font-size: 10px;
+    letter-spacing: 0.06em;
+    text-transform: uppercase;
+    padding: 3px 8px;
+    transition:
+      color 120ms ease,
+      background 120ms ease,
+      border-color 120ms ease;
+  }
+  .btn:hover {
+    color: var(--fg);
+    background: var(--bg-3);
+    border-color: var(--line-3);
+  }
+  .btn:focus-visible {
+    outline: 2px solid var(--accent);
+    outline-offset: 2px;
+  }
+  .btn.ok {
+    color: var(--good);
+    border-color: var(--good-dim);
+  }
+  .btn.err {
+    color: var(--bad);
+    border-color: var(--bad);
+  }
+
+  .floating {
+    position: absolute;
+    top: 6px;
+    right: 6px;
+  }
+</style>
diff --git a/template/src/shared/ui/code/index.ts b/template/src/shared/ui/code/index.ts
new file mode 100644
index 0000000..3da303c
--- /dev/null
+++ b/template/src/shared/ui/code/index.ts
@@ -0,0 +1 @@
+export { default as Code } from './Code.svelte';
diff --git a/template/src/shared/ui/dialog/Dialog.svelte b/template/src/shared/ui/dialog/Dialog.svelte
new file mode 100644
index 0000000..c965a12
--- /dev/null
+++ b/template/src/shared/ui/dialog/Dialog.svelte
@@ -0,0 +1,181 @@
+<script lang="ts">
+  import type { Snippet } from 'svelte';
+
+  interface Props {
+    open: boolean;
+    title?: string;
+    dismissOnScrim?: boolean;
+    dismissOnEscape?: boolean;
+    showClose?: boolean;
+    width?: string;
+    onclose?: () => void;
+    body?: Snippet;
+    footer?: Snippet;
+    children?: Snippet;
+  }
+
+  let {
+    open,
+    title,
+    dismissOnScrim = true,
+    dismissOnEscape = true,
+    showClose = true,
+    width = '420px',
+    onclose,
+    body,
+    footer,
+    children,
+  }: Props = $props();
+
+  let dialogEl = $state<HTMLDialogElement | null>(null);
+
+  $effect(() => {
+    const el = dialogEl;
+    if (!el) return;
+    if (open && !el.open) {
+      el.showModal();
+    } else if (!open && el.open) {
+      el.close();
+    }
+  });
+
+  function handleClose() {
+    onclose?.();
+  }
+
+  function handleCancel(e: Event) {
+    if (!dismissOnEscape) {
+      e.preventDefault();
+      return;
+    }
+    onclose?.();
+  }
+
+  function handleScrimMousedown(e: MouseEvent) {
+    if (!dismissOnScrim) return;
+    if (e.target === dialogEl) {
+      onclose?.();
+    }
+  }
+</script>
+
+<dialog
+  bind:this={dialogEl}
+  class="dialog"
+  style:--dialog-width={width}
+  onclose={handleClose}
+  oncancel={handleCancel}
+  onmousedown={handleScrimMousedown}
+>
+  <!-- svelte-ignore a11y_no_noninteractive_element_interactions
+       Stop scrim-mousedown from bubbling out of the panel — see PRD-013/RFC-012. -->
+  <div
+    class="panel"
+    role="document"
+    onmousedown={(e) => e.stopPropagation()}
+  >
+    {#if title || showClose}
+      <header class="header">
+        <h2 class="title">{title ?? ''}</h2>
+        {#if showClose}
+          <button
+            type="button"
+            class="close"
+            aria-label="Close dialog"
+            onclick={() => onclose?.()}
+          >×</button>
+        {/if}
+      </header>
+    {/if}
+    <div class="body">
+      {#if body}
+        {@render body()}
+      {:else if children}
+        {@render children()}
+      {/if}
+    </div>
+    {#if footer}
+      <footer class="footer">
+        {@render footer()}
+      </footer>
+    {/if}
+  </div>
+</dialog>
+
+<style>
+  .dialog {
+    background: transparent;
+    border: 0;
+    padding: 0;
+    color: var(--fg-1);
+    max-width: 90vw;
+    max-height: 90vh;
+  }
+
+  .dialog::backdrop {
+    background: rgba(0, 0, 0, 0.6);
+    backdrop-filter: blur(2px);
+  }
+
+  .panel {
+    width: var(--dialog-width);
+    max-width: 100%;
+    background: var(--bg-1);
+    border: 1px solid var(--line-2);
+    border-radius: 4px;
+    box-shadow: 0 12px 40px rgba(0, 0, 0, 0.5);
+    display: flex;
+    flex-direction: column;
+    max-height: 90vh;
+  }
+
+  .header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    gap: 12px;
+    padding: 12px 14px 8px 14px;
+    border-bottom: 1px solid var(--line);
+  }
+  .title {
+    margin: 0;
+    font-size: 13px;
+    font-weight: 600;
+    letter-spacing: 0.01em;
+    color: var(--fg);
+  }
+  .close {
+    background: transparent;
+    border: 0;
+    color: var(--fg-3);
+    cursor: pointer;
+    font-size: 18px;
+    line-height: 1;
+    padding: 2px 6px;
+    border-radius: 2px;
+  }
+  .close:hover {
+    color: var(--fg);
+    background: var(--bg-2);
+  }
+  .close:focus-visible {
+    outline: 2px solid var(--accent);
+    outline-offset: 2px;
+  }
+
+  .body {
+    padding: 14px;
+    overflow-y: auto;
+    font-size: 13px;
+    color: var(--fg-1);
+  }
+
+  .footer {
+    display: flex;
+    justify-content: flex-end;
+    gap: 8px;
+    padding: 10px 14px;
+    border-top: 1px solid var(--line);
+    background: var(--bg);
+  }
+</style>
diff --git a/template/src/shared/ui/dialog/index.ts b/template/src/shared/ui/dialog/index.ts
new file mode 100644
index 0000000..17f5a2a
--- /dev/null
+++ b/template/src/shared/ui/dialog/index.ts
@@ -0,0 +1 @@
+export { default as Dialog } from './Dialog.svelte';
diff --git a/template/src/shared/ui/index.ts b/template/src/shared/ui/index.ts
new file mode 100644
index 0000000..dc4e050
--- /dev/null
+++ b/template/src/shared/ui/index.ts
@@ -0,0 +1,4 @@
+export { Button } from './button';
+export { Code } from './code';
+export { Dialog } from './dialog';
+export { ModalRoot } from './modal';
diff --git a/template/src/shared/ui/modal/ModalRoot.svelte b/template/src/shared/ui/modal/ModalRoot.svelte
new file mode 100644
index 0000000..19d7f57
--- /dev/null
+++ b/template/src/shared/ui/modal/ModalRoot.svelte
@@ -0,0 +1,8 @@
+<script lang="ts">
+  import { modalManager } from '@/shared/services';
+</script>
+
+{#each modalManager.stack as entry (entry.id)}
+  {@const { component: ModalComponent, props, id } = entry}
+  <ModalComponent {...props} modalId={id} />
+{/each}
diff --git a/template/src/shared/ui/modal/index.ts b/template/src/shared/ui/modal/index.ts
new file mode 100644
index 0000000..56db4c8
--- /dev/null
+++ b/template/src/shared/ui/modal/index.ts
@@ -0,0 +1 @@
+export { default as ModalRoot } from './ModalRoot.svelte';
diff --git a/template/src/widgets/version-footer/api/update-check.svelte.ts b/template/src/widgets/version-footer/api/update-check.svelte.ts
new file mode 100644
index 0000000..475b72d
--- /dev/null
+++ b/template/src/widgets/version-footer/api/update-check.svelte.ts
@@ -0,0 +1,15 @@
+import { createPoller, type Poller } from '@/shared/api';
+
+export interface UpdateData {
+  current: string;
+  latest: string | null;
+  hasUpdate: boolean;
+}
+
+// PRD-013 SC-3 / FR-008: poll registry once at app mount, then every 30 min.
+const THIRTY_MINUTES_MS = 30 * 60_000;
+
+export const updatePoller: Poller<UpdateData> = createPoller<UpdateData>(
+  '/api/update-check',
+  THIRTY_MINUTES_MS,
+);
diff --git a/template/src/widgets/version-footer/ui/UpdateButton.svelte b/template/src/widgets/version-footer/ui/UpdateButton.svelte
new file mode 100644
index 0000000..49f41b2
--- /dev/null
+++ b/template/src/widgets/version-footer/ui/UpdateButton.svelte
@@ -0,0 +1,88 @@
+<script lang="ts">
+  interface Props {
+    current: string;
+    latest: string;
+    onclick: () => void;
+  }
+
+  let { current, latest, onclick }: Props = $props();
+</script>
+
+<button
+  type="button"
+  class="update-btn"
+  aria-label={`Update available: ${current} → ${latest}`}
+  {onclick}
+>
+  <span class="dot" aria-hidden="true"></span>
+  <span class="label">Update</span>
+  <span class="arrow" aria-hidden="true">→</span>
+  <span class="version">v{latest}</span>
+</button>
+
+<style>
+  .update-btn {
+    position: fixed;
+    bottom: 32px;
+    left: 10px;
+    z-index: 50;
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    background: var(--bg-2);
+    border: 1px solid var(--accent-dim);
+    border-radius: 2px;
+    color: var(--fg-1);
+    cursor: pointer;
+    font-family: var(--font-mono);
+    font-size: 10px;
+    letter-spacing: 0.04em;
+    padding: 3px 8px;
+    transition:
+      background 120ms ease,
+      border-color 120ms ease,
+      color 120ms ease;
+  }
+
+  .update-btn:hover {
+    background: var(--bg-3);
+    border-color: var(--accent);
+    color: var(--fg);
+  }
+
+  .update-btn:focus-visible {
+    outline: 2px solid var(--accent);
+    outline-offset: 2px;
+  }
+
+  .dot {
+    width: 6px;
+    height: 6px;
+    border-radius: 50%;
+    background: var(--accent);
+    box-shadow: 0 0 6px var(--accent);
+    flex-shrink: 0;
+  }
+
+  .label {
+    text-transform: uppercase;
+    color: var(--accent-soft);
+    font-weight: 600;
+  }
+
+  .arrow {
+    color: var(--fg-3);
+  }
+
+  .version {
+    color: var(--fg-1);
+  }
+
+  @media (max-width: 640px) {
+    .update-btn {
+      bottom: 26px;
+      left: 6px;
+      font-size: 9px;
+    }
+  }
+</style>
diff --git a/template/src/widgets/version-footer/ui/UpdateDialog.svelte b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
new file mode 100644
index 0000000..9779d3d
--- /dev/null
+++ b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
@@ -0,0 +1,131 @@
+<script lang="ts">
+  import { Button, Code, Dialog } from '@/shared/ui';
+  import { modalManager } from '@/shared/services';
+
+  interface Props {
+    modalId: number;
+    current: string;
+    latest: string;
+  }
+
+  let { modalId, current, latest }: Props = $props();
+
+  let open = $state(true);
+
+  function close() {
+    open = false;
+    modalManager.close(modalId);
+  }
+
+  const updateCommand = 'npx @forgeplan/web update';
+</script>
+
+<Dialog
+  {open}
+  title="Update available"
+  width="460px"
+  onclose={close}
+>
+  {#snippet body()}
+    <div class="versions" aria-label="Version transition">
+      <div class="ver">
+        <span class="ver-label">current</span>
+        <span class="ver-value">v{current}</span>
+      </div>
+      <span class="arrow" aria-hidden="true">→</span>
+      <div class="ver latest">
+        <span class="ver-label">latest</span>
+        <span class="ver-value">v{latest}</span>
+      </div>
+    </div>
+
+    <section class="section">
+      <h3 class="section-title">Manual update</h3>
+      <p class="hint">
+        Run this in the directory where you initialized <code>@forgeplan/web</code>:
+      </p>
+      <Code code={updateCommand} ariaLabel="Manual update command" />
+    </section>
+
+    <section class="section">
+      <h3 class="section-title">Automatic update</h3>
+      <p class="hint">
+        Not available from the browser: running <code>npx @forgeplan/web update</code>
+        replaces the very files this server is executing, which would crash the
+        running process mid-request. Use the manual command above and reload the
+        page when it finishes.
+      </p>
+    </section>
+  {/snippet}
+
+  {#snippet footer()}
+    <Button variant="secondary" size="md" onclick={close}>Close</Button>
+  {/snippet}
+</Dialog>
+
+<style>
+  .versions {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 14px;
+    padding: 14px;
+    margin-bottom: 14px;
+    background: var(--bg-2);
+    border: 1px solid var(--line);
+    border-radius: 3px;
+  }
+  .ver {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: 2px;
+  }
+  .ver-label {
+    font-family: var(--font-mono);
+    font-size: 10px;
+    letter-spacing: 0.06em;
+    text-transform: uppercase;
+    color: var(--fg-3);
+  }
+  .ver-value {
+    font-family: var(--font-mono);
+    font-size: 16px;
+    color: var(--fg);
+  }
+  .ver.latest .ver-value {
+    color: var(--accent-soft);
+  }
+  .arrow {
+    color: var(--fg-3);
+    font-size: 18px;
+  }
+
+  .section {
+    margin-top: 14px;
+  }
+  .section:first-child {
+    margin-top: 0;
+  }
+  .section-title {
+    margin: 0 0 6px 0;
+    font-size: 12px;
+    font-weight: 600;
+    color: var(--fg);
+    letter-spacing: 0.02em;
+  }
+  .hint {
+    margin: 0 0 8px 0;
+    font-size: 12px;
+    color: var(--fg-2);
+    line-height: 1.5;
+  }
+  .hint code {
+    font-family: var(--font-mono);
+    font-size: 11px;
+    color: var(--fg-1);
+    background: var(--bg-2);
+    padding: 1px 4px;
+    border-radius: 2px;
+  }
+</style>
diff --git a/template/src/widgets/version-footer/ui/VersionFooter.svelte b/template/src/widgets/version-footer/ui/VersionFooter.svelte
index f3fb095..6e265c1 100644
--- a/template/src/widgets/version-footer/ui/VersionFooter.svelte
+++ b/template/src/widgets/version-footer/ui/VersionFooter.svelte
@@ -1,6 +1,10 @@
 <script lang="ts">
-  import { onMount } from 'svelte';
+  import { onDestroy, onMount } from 'svelte';
   import type { ApiEnvelope } from '@/shared/api';
+  import { modalManager } from '@/shared/services';
+  import { updatePoller } from '../api/update-check.svelte';
+  import UpdateButton from './UpdateButton.svelte';
+  import UpdateDialog from './UpdateDialog.svelte';
 
   type VersionData = { web: string; cli: string | null };
 
@@ -9,6 +13,7 @@
   let loaded = $state(false);
 
   onMount(async () => {
+    updatePoller.start();
     try {
       const res = await fetch('/api/version');
       const env = (await res.json()) as ApiEnvelope<VersionData>;
@@ -23,11 +28,29 @@
     }
   });
 
+  onDestroy(() => {
+    updatePoller.stop();
+  });
+
   const ariaLabel = $derived(
     `forgeplan-web version ${web ?? 'unknown'}, forgeplan CLI version ${cli ?? 'unknown'}`
   );
+
+  const update = $derived(updatePoller.state.data);
+
+  function openUpdateDialog() {
+    if (!update?.hasUpdate || !update.latest) return;
+    void modalManager.open(UpdateDialog, {
+      current: update.current,
+      latest: update.latest,
+    });
+  }
 </script>
 
+{#if update?.hasUpdate && update.latest}
+  <UpdateButton current={update.current} latest={update.latest} onclick={openUpdateDialog} />
+{/if}
+
 {#if loaded}
   <span class="footer" aria-label={ariaLabel} role="contentinfo">
     <span class="seg">web v{web ?? '?'}</span>

From cc39c4237f278cd4aaf92d9de7a6fa44b90d2c4d Mon Sep 17 00:00:00 2001
From: fedorovvvv <nikitafedorov7@yandex.ru>
Date: Wed, 6 May 2026 21:07:14 +0400
Subject: [PATCH 2/6] fix(ui): use `npx -y @forgeplan/web@latest update` in
 update dialog
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

`npx @forgeplan/web update` has two interactive failure modes:
- if the package is not cached, npx prompts "Ok to proceed? (y)" and
  blocks waiting for Enter — bad UX when the user pasted the command;
- if a stale version is cached, npx silently runs the old copy, which
  copies the OLD dist/ into .forgeplan-web/ — the update is a no-op.

Switch the dialog command to `npx -y @forgeplan/web@latest update`:
`-y` auto-confirms the install prompt; `@latest` forces npx to fetch
the newest tarball. Add a one-line footnote explaining both flags.

Refs: PRD-013

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../version-footer/ui/UpdateDialog.svelte     | 32 ++++++++++++++++---
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/template/src/widgets/version-footer/ui/UpdateDialog.svelte b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
index 9779d3d..c1b69ed 100644
--- a/template/src/widgets/version-footer/ui/UpdateDialog.svelte
+++ b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
@@ -17,7 +17,10 @@
     modalManager.close(modalId);
   }
 
-  const updateCommand = 'npx @forgeplan/web update';
+  // `-y` skips npx's "Ok to proceed?" prompt for the install confirmation.
+  // `@latest` forces npx to fetch the newest tarball instead of running a
+  // stale cached copy (which would no-op the update). See PRD-013 § Risks.
+  const updateCommand = 'npx -y @forgeplan/web@latest update';
 </script>
 
 <Dialog
@@ -45,15 +48,20 @@
         Run this in the directory where you initialized <code>@forgeplan/web</code>:
       </p>
       <Code code={updateCommand} ariaLabel="Manual update command" />
+      <p class="footnote">
+        <code>-y</code> skips npx's install-confirmation prompt;
+        <code>@latest</code> forces npx to fetch the newest tarball
+        instead of running a stale cached copy.
+      </p>
     </section>
 
     <section class="section">
       <h3 class="section-title">Automatic update</h3>
       <p class="hint">
-        Not available from the browser: running <code>npx @forgeplan/web update</code>
-        replaces the very files this server is executing, which would crash the
-        running process mid-request. Use the manual command above and reload the
-        page when it finishes.
+        Not available from the browser: running the update command replaces the
+        very files this server is executing, which would crash the running
+        process mid-request. Use the manual command above and reload the page
+        when it finishes.
       </p>
     </section>
   {/snippet}
@@ -120,6 +128,20 @@
     color: var(--fg-2);
     line-height: 1.5;
   }
+  .footnote {
+    margin: 6px 0 0 0;
+    font-size: 11px;
+    color: var(--fg-3);
+    line-height: 1.5;
+  }
+  .footnote code {
+    font-family: var(--font-mono);
+    font-size: 10px;
+    color: var(--fg-2);
+    background: var(--bg-2);
+    padding: 1px 4px;
+    border-radius: 2px;
+  }
   .hint code {
     font-family: var(--font-mono);
     font-size: 11px;

From 6be54385b5b8a16058cdb559fe3c86bab1dd2da2 Mon Sep 17 00:00:00 2001
From: fedorovvvv <nikitafedorov7@yandex.ru>
Date: Wed, 6 May 2026 21:08:58 +0400
Subject: [PATCH 3/6] feat(ui): post-update server detector + explicit restart
 steps in dialog
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

After `update` runs, the host process keeps serving the OLD code:
- macOS/Linux: the running Node process holds the old .forgeplan-web/
  files open via open inodes, so rmSync from the new bin doesn't kill
  the request loop. The browser sees the old version until the user
  manually restarts `node .forgeplan-web/index.js`.
- Windows: the rm step itself can fail with EBUSY because Windows
  locks open files; update may partially fail, but again the running
  server is unaffected.

Either way the user has to stop+start the server. HMR is not an option
here — adapter-node has no dev-server hooks at runtime.

So the dialog now:
- enumerates the four steps (Stop, Update, Restart, Reload);
- pings /api/version every 5 s while open;
- shows a "Server now serves vX.Y.Z" banner with a Reload button when
  the polled web version differs from the dialog's `current`;
- shows an "offline" banner with a `npx @forgeplan/web start` hint
  when the ping fails (process killed but not yet restarted).

Refs: PRD-013

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../version-footer/ui/UpdateDialog.svelte     | 131 ++++++++++++++++--
 1 file changed, 122 insertions(+), 9 deletions(-)

diff --git a/template/src/widgets/version-footer/ui/UpdateDialog.svelte b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
index c1b69ed..36b31c5 100644
--- a/template/src/widgets/version-footer/ui/UpdateDialog.svelte
+++ b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
@@ -1,6 +1,7 @@
 <script lang="ts">
   import { Button, Code, Dialog } from '@/shared/ui';
   import { modalManager } from '@/shared/services';
+  import type { ApiEnvelope } from '@/shared/api';
 
   interface Props {
     modalId: number;
@@ -11,6 +12,8 @@
   let { modalId, current, latest }: Props = $props();
 
   let open = $state(true);
+  let detectedVersion = $state<string | null>(null);
+  let serverDown = $state(false);
 
   function close() {
     open = false;
@@ -21,6 +24,46 @@
   // `@latest` forces npx to fetch the newest tarball instead of running a
   // stale cached copy (which would no-op the update). See PRD-013 § Risks.
   const updateCommand = 'npx -y @forgeplan/web@latest update';
+
+  // While the dialog is open, ping /api/version every 5s to detect a
+  // server restart with a new version. The running Node process holds
+  // open file inodes after `update` rmSync's the .forgeplan-web/ tree,
+  // so a *running* server keeps serving the old code — only a fresh
+  // process boot exposes the new __FORGEPLAN_WEB_VERSION__.
+  const POLL_MS = 5_000;
+
+  type VersionData = { web: string; cli: string | null };
+
+  $effect(() => {
+    if (!open) return;
+    let cancelled = false;
+
+    async function ping() {
+      try {
+        const res = await fetch('/api/version', { cache: 'no-store' });
+        if (cancelled) return;
+        const env = (await res.json()) as ApiEnvelope<VersionData>;
+        if (env.ok && env.data && env.data.web && env.data.web !== current) {
+          detectedVersion = env.data.web;
+          serverDown = false;
+        } else {
+          serverDown = false;
+        }
+      } catch {
+        if (!cancelled) serverDown = true;
+      }
+    }
+
+    const timer = setInterval(ping, POLL_MS);
+    return () => {
+      cancelled = true;
+      clearInterval(timer);
+    };
+  });
+
+  function reload() {
+    if (typeof window !== 'undefined') window.location.reload();
+  }
 </script>
 
 <Dialog
@@ -42,11 +85,26 @@
       </div>
     </div>
 
+    {#if detectedVersion}
+      <div class="banner ok" role="status">
+        <span class="banner-title">✓ Server now serves v{detectedVersion}</span>
+        <Button variant="primary" size="sm" onclick={reload}>Reload page</Button>
+      </div>
+    {:else if serverDown}
+      <div class="banner warn" role="status">
+        <span class="banner-title">Server is offline</span>
+        <span class="banner-hint">Run <code>npx @forgeplan/web start</code> to restart it, then reload.</span>
+      </div>
+    {/if}
+
     <section class="section">
-      <h3 class="section-title">Manual update</h3>
-      <p class="hint">
-        Run this in the directory where you initialized <code>@forgeplan/web</code>:
-      </p>
+      <h3 class="section-title">Steps</h3>
+      <ol class="steps">
+        <li>Stop the running server (<code>Ctrl+C</code> in its terminal).</li>
+        <li>Run the command below in the directory where you initialized <code>@forgeplan/web</code>.</li>
+        <li>Restart the server: <code>npx @forgeplan/web start</code>.</li>
+        <li>Reload this page (this dialog will offer that automatically when it sees the new version).</li>
+      </ol>
       <Code code={updateCommand} ariaLabel="Manual update command" />
       <p class="footnote">
         <code>-y</code> skips npx's install-confirmation prompt;
@@ -56,12 +114,14 @@
     </section>
 
     <section class="section">
-      <h3 class="section-title">Automatic update</h3>
+      <h3 class="section-title">Why not run it from the browser?</h3>
       <p class="hint">
-        Not available from the browser: running the update command replaces the
-        very files this server is executing, which would crash the running
-        process mid-request. Use the manual command above and reload the page
-        when it finishes.
+        The update command replaces the very files this server is executing.
+        On macOS / Linux the running process holds the old files open in
+        memory and keeps serving the old code; on Windows the
+        <code>rm</code> step can fail with a busy-file error. Either way
+        the new version becomes visible only after a process restart —
+        which the browser cannot perform on the host.
       </p>
     </section>
   {/snippet}
@@ -109,6 +169,44 @@
     font-size: 18px;
   }
 
+  .banner {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    gap: 10px;
+    padding: 10px 12px;
+    margin-bottom: 14px;
+    border-radius: 3px;
+    font-size: 12px;
+  }
+  .banner.ok {
+    background: var(--good-dim);
+    border: 1px solid var(--good);
+    color: var(--fg);
+  }
+  .banner.warn {
+    background: color-mix(in srgb, var(--warn) 12%, transparent);
+    border: 1px solid var(--warn);
+    color: var(--fg-1);
+    flex-direction: column;
+    align-items: flex-start;
+  }
+  .banner-title {
+    font-weight: 600;
+  }
+  .banner-hint {
+    color: var(--fg-2);
+    font-size: 11px;
+  }
+  .banner-hint code {
+    font-family: var(--font-mono);
+    font-size: 10px;
+    background: var(--bg-2);
+    padding: 1px 4px;
+    border-radius: 2px;
+    color: var(--fg-1);
+  }
+
   .section {
     margin-top: 14px;
   }
@@ -150,4 +248,19 @@
     padding: 1px 4px;
     border-radius: 2px;
   }
+  .steps {
+    margin: 0 0 10px 0;
+    padding-left: 18px;
+    font-size: 12px;
+    color: var(--fg-1);
+    line-height: 1.6;
+  }
+  .steps code {
+    font-family: var(--font-mono);
+    font-size: 11px;
+    color: var(--fg-1);
+    background: var(--bg-2);
+    padding: 1px 4px;
+    border-radius: 2px;
+  }
 </style>

From 22ef26955acb329465c7e4551f8cc7a31c96a3df Mon Sep 17 00:00:00 2001
From: fedorovvvv <nikitafedorov7@yandex.ru>
Date: Wed, 6 May 2026 21:15:47 +0400
Subject: [PATCH 4/6] feat(ui): auto-reload after update with 1.5s window +
 Cancel
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The dialog already detects the server-side version change. Reloading is
the inevitable next step — adding a click between "we saw the new
version" and "you see the new version" is friction without value (the
user explicitly opened the update dialog, intent is clear).

So when the polled /api/version differs from the dialog's `current`:
- show a banner that the server now serves the new version + a fading
  "reloading…" hint;
- arm a 1.5 s setTimeout that calls window.location.reload();
- offer a Cancel button to stop the timer (preserves any in-tab state
  the user wants to keep) and a "Reload now" button to skip the wait;
- guard against the timer firing twice if the poller produces multiple
  hits before the page unloads (only the first detection arms it).

Refs: PRD-013

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../version-footer/ui/UpdateDialog.svelte     | 46 +++++++++++++++----
 1 file changed, 36 insertions(+), 10 deletions(-)

diff --git a/template/src/widgets/version-footer/ui/UpdateDialog.svelte b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
index 36b31c5..d65f2e5 100644
--- a/template/src/widgets/version-footer/ui/UpdateDialog.svelte
+++ b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
@@ -14,12 +14,28 @@
   let open = $state(true);
   let detectedVersion = $state<string | null>(null);
   let serverDown = $state(false);
+  // Short visible countdown before auto-reload — so the user can see what
+  // happened and Cancel if they have unsaved state in the page.
+  const AUTO_RELOAD_MS = 1500;
+  let reloadTimer: ReturnType<typeof setTimeout> | null = null;
 
   function close() {
     open = false;
     modalManager.close(modalId);
   }
 
+  function reload() {
+    if (typeof window !== 'undefined') window.location.reload();
+  }
+
+  function cancelReload() {
+    if (reloadTimer) {
+      clearTimeout(reloadTimer);
+      reloadTimer = null;
+    }
+    detectedVersion = null;
+  }
+
   // `-y` skips npx's "Ok to proceed?" prompt for the install confirmation.
   // `@latest` forces npx to fetch the newest tarball instead of running a
   // stale cached copy (which would no-op the update). See PRD-013 § Risks.
@@ -44,8 +60,13 @@
         if (cancelled) return;
         const env = (await res.json()) as ApiEnvelope<VersionData>;
         if (env.ok && env.data && env.data.web && env.data.web !== current) {
-          detectedVersion = env.data.web;
-          serverDown = false;
+          if (!detectedVersion) {
+            detectedVersion = env.data.web;
+            serverDown = false;
+            // Auto-reload — user explicitly opened the update dialog, so the
+            // intent to upgrade is clear. Short window leaves room for Cancel.
+            reloadTimer = setTimeout(reload, AUTO_RELOAD_MS);
+          }
         } else {
           serverDown = false;
         }
@@ -58,12 +79,9 @@
     return () => {
       cancelled = true;
       clearInterval(timer);
+      if (reloadTimer) clearTimeout(reloadTimer);
     };
   });
-
-  function reload() {
-    if (typeof window !== 'undefined') window.location.reload();
-  }
 </script>
 
 <Dialog
@@ -86,9 +104,12 @@
     </div>
 
     {#if detectedVersion}
-      <div class="banner ok" role="status">
-        <span class="banner-title">✓ Server now serves v{detectedVersion}</span>
-        <Button variant="primary" size="sm" onclick={reload}>Reload page</Button>
+      <div class="banner ok" role="status" aria-live="polite">
+        <span class="banner-title">✓ Server now serves v{detectedVersion} — reloading…</span>
+        <span class="banner-actions">
+          <Button variant="ghost" size="sm" onclick={cancelReload}>Cancel</Button>
+          <Button variant="primary" size="sm" onclick={reload}>Reload now</Button>
+        </span>
       </div>
     {:else if serverDown}
       <div class="banner warn" role="status">
@@ -103,7 +124,7 @@
         <li>Stop the running server (<code>Ctrl+C</code> in its terminal).</li>
         <li>Run the command below in the directory where you initialized <code>@forgeplan/web</code>.</li>
         <li>Restart the server: <code>npx @forgeplan/web start</code>.</li>
-        <li>Reload this page (this dialog will offer that automatically when it sees the new version).</li>
+        <li>Reload this page (this dialog auto-reloads after ~1.5&nbsp;s when it sees the new version — Cancel button stops it).</li>
       </ol>
       <Code code={updateCommand} ariaLabel="Manual update command" />
       <p class="footnote">
@@ -194,6 +215,11 @@
   .banner-title {
     font-weight: 600;
   }
+  .banner-actions {
+    display: inline-flex;
+    gap: 6px;
+    flex-shrink: 0;
+  }
   .banner-hint {
     color: var(--fg-2);
     font-size: 11px;

From cb31906c8c860169538419caecd3dafb089cb859 Mon Sep 17 00:00:00 2001
From: fedorovvvv <nikitafedorov7@yandex.ru>
Date: Wed, 6 May 2026 21:17:16 +0400
Subject: [PATCH 5/6] docs(ui): clarify in dialog that browser reload alone is
 not enough
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reload alone won't pick up the new version: Node holds the old ES
modules in memory after the rmSync — open inodes keep them alive, and
new requests are served from the in-memory module cache. The process
itself has to be restarted before browser reload becomes meaningful.

Add a warn-styled line right under the step list to make the chain
explicit (Stop → Update → Restart → Reload) and prevent the common
"I just refreshed but nothing changed" support question.

Refs: PRD-013

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../version-footer/ui/UpdateDialog.svelte     | 23 ++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/template/src/widgets/version-footer/ui/UpdateDialog.svelte b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
index d65f2e5..d1ed493 100644
--- a/template/src/widgets/version-footer/ui/UpdateDialog.svelte
+++ b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
@@ -121,11 +121,16 @@
     <section class="section">
       <h3 class="section-title">Steps</h3>
       <ol class="steps">
-        <li>Stop the running server (<code>Ctrl+C</code> in its terminal).</li>
+        <li><strong>Stop</strong> the running server (<code>Ctrl+C</code> in its terminal).</li>
         <li>Run the command below in the directory where you initialized <code>@forgeplan/web</code>.</li>
-        <li>Restart the server: <code>npx @forgeplan/web start</code>.</li>
-        <li>Reload this page (this dialog auto-reloads after ~1.5&nbsp;s when it sees the new version — Cancel button stops it).</li>
+        <li><strong>Restart</strong> the server: <code>npx @forgeplan/web start</code>.</li>
+        <li>This dialog auto-reloads the page ~1.5&nbsp;s after it sees the new version (Cancel stops it).</li>
       </ol>
+      <p class="warn-line">
+        Browser reload alone is <strong>not</strong> enough — Node holds the
+        old code in memory and keeps serving it from cached modules. The
+        process must be restarted before reload.
+      </p>
       <Code code={updateCommand} ariaLabel="Manual update command" />
       <p class="footnote">
         <code>-y</code> skips npx's install-confirmation prompt;
@@ -281,6 +286,18 @@
     color: var(--fg-1);
     line-height: 1.6;
   }
+  .warn-line {
+    margin: 0 0 10px 0;
+    padding: 8px 10px;
+    border-left: 2px solid var(--warn);
+    background: color-mix(in srgb, var(--warn) 8%, transparent);
+    font-size: 11px;
+    color: var(--fg-2);
+    line-height: 1.5;
+  }
+  .warn-line strong {
+    color: var(--warn);
+  }
   .steps code {
     font-family: var(--font-mono);
     font-size: 11px;

From 7ec75dea2be4f15aac3c177ed0fc5fafe1207203 Mon Sep 17 00:00:00 2001
From: fedorovvvv <nikitafedorov7@yandex.ru>
Date: Wed, 6 May 2026 21:18:13 +0400
Subject: [PATCH 6/6] refactor(ui): drop auto-reload + version pinger from
 UpdateDialog
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Per request: keep manual update only. The dialog now shows the
current → latest header, the four-step manual recipe, and the
copyable command. Everything else — the /api/version pinger,
serverDown banner, detected-version banner, auto-reload setTimeout,
Cancel/Reload-now buttons — is removed.

Manual update is the only supported path. The user runs the command,
restarts the server themselves, and reloads the tab on their own.

Refs: PRD-013

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../version-footer/ui/UpdateDialog.svelte     | 190 ++----------------
 1 file changed, 14 insertions(+), 176 deletions(-)

diff --git a/template/src/widgets/version-footer/ui/UpdateDialog.svelte b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
index d1ed493..cdc4bd4 100644
--- a/template/src/widgets/version-footer/ui/UpdateDialog.svelte
+++ b/template/src/widgets/version-footer/ui/UpdateDialog.svelte
@@ -1,7 +1,6 @@
 <script lang="ts">
   import { Button, Code, Dialog } from '@/shared/ui';
   import { modalManager } from '@/shared/services';
-  import type { ApiEnvelope } from '@/shared/api';
 
   interface Props {
     modalId: number;
@@ -12,76 +11,16 @@
   let { modalId, current, latest }: Props = $props();
 
   let open = $state(true);
-  let detectedVersion = $state<string | null>(null);
-  let serverDown = $state(false);
-  // Short visible countdown before auto-reload — so the user can see what
-  // happened and Cancel if they have unsaved state in the page.
-  const AUTO_RELOAD_MS = 1500;
-  let reloadTimer: ReturnType<typeof setTimeout> | null = null;
 
   function close() {
     open = false;
     modalManager.close(modalId);
   }
 
-  function reload() {
-    if (typeof window !== 'undefined') window.location.reload();
-  }
-
-  function cancelReload() {
-    if (reloadTimer) {
-      clearTimeout(reloadTimer);
-      reloadTimer = null;
-    }
-    detectedVersion = null;
-  }
-
   // `-y` skips npx's "Ok to proceed?" prompt for the install confirmation.
   // `@latest` forces npx to fetch the newest tarball instead of running a
   // stale cached copy (which would no-op the update). See PRD-013 § Risks.
   const updateCommand = 'npx -y @forgeplan/web@latest update';
-
-  // While the dialog is open, ping /api/version every 5s to detect a
-  // server restart with a new version. The running Node process holds
-  // open file inodes after `update` rmSync's the .forgeplan-web/ tree,
-  // so a *running* server keeps serving the old code — only a fresh
-  // process boot exposes the new __FORGEPLAN_WEB_VERSION__.
-  const POLL_MS = 5_000;
-
-  type VersionData = { web: string; cli: string | null };
-
-  $effect(() => {
-    if (!open) return;
-    let cancelled = false;
-
-    async function ping() {
-      try {
-        const res = await fetch('/api/version', { cache: 'no-store' });
-        if (cancelled) return;
-        const env = (await res.json()) as ApiEnvelope<VersionData>;
-        if (env.ok && env.data && env.data.web && env.data.web !== current) {
-          if (!detectedVersion) {
-            detectedVersion = env.data.web;
-            serverDown = false;
-            // Auto-reload — user explicitly opened the update dialog, so the
-            // intent to upgrade is clear. Short window leaves room for Cancel.
-            reloadTimer = setTimeout(reload, AUTO_RELOAD_MS);
-          }
-        } else {
-          serverDown = false;
-        }
-      } catch {
-        if (!cancelled) serverDown = true;
-      }
-    }
-
-    const timer = setInterval(ping, POLL_MS);
-    return () => {
-      cancelled = true;
-      clearInterval(timer);
-      if (reloadTimer) clearTimeout(reloadTimer);
-    };
-  });
 </script>
 
 <Dialog
@@ -103,34 +42,14 @@
       </div>
     </div>
 
-    {#if detectedVersion}
-      <div class="banner ok" role="status" aria-live="polite">
-        <span class="banner-title">✓ Server now serves v{detectedVersion} — reloading…</span>
-        <span class="banner-actions">
-          <Button variant="ghost" size="sm" onclick={cancelReload}>Cancel</Button>
-          <Button variant="primary" size="sm" onclick={reload}>Reload now</Button>
-        </span>
-      </div>
-    {:else if serverDown}
-      <div class="banner warn" role="status">
-        <span class="banner-title">Server is offline</span>
-        <span class="banner-hint">Run <code>npx @forgeplan/web start</code> to restart it, then reload.</span>
-      </div>
-    {/if}
-
     <section class="section">
-      <h3 class="section-title">Steps</h3>
+      <h3 class="section-title">Manual update</h3>
       <ol class="steps">
         <li><strong>Stop</strong> the running server (<code>Ctrl+C</code> in its terminal).</li>
         <li>Run the command below in the directory where you initialized <code>@forgeplan/web</code>.</li>
         <li><strong>Restart</strong> the server: <code>npx @forgeplan/web start</code>.</li>
-        <li>This dialog auto-reloads the page ~1.5&nbsp;s after it sees the new version (Cancel stops it).</li>
+        <li>Reload this page.</li>
       </ol>
-      <p class="warn-line">
-        Browser reload alone is <strong>not</strong> enough — Node holds the
-        old code in memory and keeps serving it from cached modules. The
-        process must be restarted before reload.
-      </p>
       <Code code={updateCommand} ariaLabel="Manual update command" />
       <p class="footnote">
         <code>-y</code> skips npx's install-confirmation prompt;
@@ -138,18 +57,6 @@
         instead of running a stale cached copy.
       </p>
     </section>
-
-    <section class="section">
-      <h3 class="section-title">Why not run it from the browser?</h3>
-      <p class="hint">
-        The update command replaces the very files this server is executing.
-        On macOS / Linux the running process holds the old files open in
-        memory and keeps serving the old code; on Windows the
-        <code>rm</code> step can fail with a busy-file error. Either way
-        the new version becomes visible only after a process restart —
-        which the browser cannot perform on the host.
-      </p>
-    </section>
   {/snippet}
 
   {#snippet footer()}
@@ -195,49 +102,6 @@
     font-size: 18px;
   }
 
-  .banner {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    gap: 10px;
-    padding: 10px 12px;
-    margin-bottom: 14px;
-    border-radius: 3px;
-    font-size: 12px;
-  }
-  .banner.ok {
-    background: var(--good-dim);
-    border: 1px solid var(--good);
-    color: var(--fg);
-  }
-  .banner.warn {
-    background: color-mix(in srgb, var(--warn) 12%, transparent);
-    border: 1px solid var(--warn);
-    color: var(--fg-1);
-    flex-direction: column;
-    align-items: flex-start;
-  }
-  .banner-title {
-    font-weight: 600;
-  }
-  .banner-actions {
-    display: inline-flex;
-    gap: 6px;
-    flex-shrink: 0;
-  }
-  .banner-hint {
-    color: var(--fg-2);
-    font-size: 11px;
-  }
-  .banner-hint code {
-    font-family: var(--font-mono);
-    font-size: 10px;
-    background: var(--bg-2);
-    padding: 1px 4px;
-    border-radius: 2px;
-    color: var(--fg-1);
-  }
-
   .section {
     margin-top: 14px;
   }
@@ -251,27 +115,14 @@
     color: var(--fg);
     letter-spacing: 0.02em;
   }
-  .hint {
-    margin: 0 0 8px 0;
+  .steps {
+    margin: 0 0 10px 0;
+    padding-left: 18px;
     font-size: 12px;
-    color: var(--fg-2);
-    line-height: 1.5;
-  }
-  .footnote {
-    margin: 6px 0 0 0;
-    font-size: 11px;
-    color: var(--fg-3);
-    line-height: 1.5;
-  }
-  .footnote code {
-    font-family: var(--font-mono);
-    font-size: 10px;
-    color: var(--fg-2);
-    background: var(--bg-2);
-    padding: 1px 4px;
-    border-radius: 2px;
+    color: var(--fg-1);
+    line-height: 1.6;
   }
-  .hint code {
+  .steps code {
     font-family: var(--font-mono);
     font-size: 11px;
     color: var(--fg-1);
@@ -279,29 +130,16 @@
     padding: 1px 4px;
     border-radius: 2px;
   }
-  .steps {
-    margin: 0 0 10px 0;
-    padding-left: 18px;
-    font-size: 12px;
-    color: var(--fg-1);
-    line-height: 1.6;
-  }
-  .warn-line {
-    margin: 0 0 10px 0;
-    padding: 8px 10px;
-    border-left: 2px solid var(--warn);
-    background: color-mix(in srgb, var(--warn) 8%, transparent);
+  .footnote {
+    margin: 6px 0 0 0;
     font-size: 11px;
-    color: var(--fg-2);
+    color: var(--fg-3);
     line-height: 1.5;
   }
-  .warn-line strong {
-    color: var(--warn);
-  }
-  .steps code {
+  .footnote code {
     font-family: var(--font-mono);
-    font-size: 11px;
-    color: var(--fg-1);
+    font-size: 10px;
+    color: var(--fg-2);
     background: var(--bg-2);
     padding: 1px 4px;
     border-radius: 2px;