From 815990a51feca9528e24601f2f9ee20ebe657e97 Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Mon, 17 Nov 2025 17:55:55 -0800
Subject: [PATCH 01/12] working on secrets tab

---
 frontend/builder/builder-apppanel.tsx       |  24 +---
 frontend/builder/tabs/builder-envtab.tsx    | 103 --------------
 frontend/builder/tabs/builder-secrettab.tsx | 150 ++++++++++++++++++++
 package-lock.json                           |   4 +-
 4 files changed, 154 insertions(+), 127 deletions(-)
 delete mode 100644 frontend/builder/tabs/builder-envtab.tsx
 create mode 100644 frontend/builder/tabs/builder-secrettab.tsx

diff --git a/frontend/builder/builder-apppanel.tsx b/frontend/builder/builder-apppanel.tsx
index a0f0523a2a..fbfa1c485a 100644
--- a/frontend/builder/builder-apppanel.tsx
+++ b/frontend/builder/builder-apppanel.tsx
@@ -8,7 +8,7 @@ import { TabRpcClient } from "@/app/store/wshrpcutil";
 import { BuilderAppPanelModel, type TabType } from "@/builder/store/builder-apppanel-model";
 import { BuilderFocusManager } from "@/builder/store/builder-focusmanager";
 import { BuilderCodeTab } from "@/builder/tabs/builder-codetab";
-import { BuilderEnvTab } from "@/builder/tabs/builder-envtab";
+import { BuilderEnvTab } from "@/builder/tabs/builder-secrettab";
 import { BuilderFilesTab } from "@/builder/tabs/builder-filestab";
 import { BuilderPreviewTab } from "@/builder/tabs/builder-previewtab";
 import { builderAppHasSelection } from "@/builder/utils/builder-focus-utils";
@@ -194,7 +194,6 @@ const BuilderAppPanel = memo(() => {
     const activeTab = useAtomValue(model.activeTab);
     const focusType = useAtomValue(BuilderFocusManager.getInstance().focusType);
     const isAppFocused = focusType === "app";
-    const envSaveNeeded = useAtomValue(model.envVarsDirtyAtom);
     const builderAppId = useAtomValue(atoms.builderAppId);
     const builderId = useAtomValue(atoms.builderId);
 
@@ -241,12 +240,6 @@ const BuilderAppPanel = memo(() => {
         [model]
     );
 
-    const handleEnvSave = useCallback(() => {
-        if (builderId) {
-            model.saveEnvVars(builderId);
-        }
-    }, [builderId, model]);
-
     const handleRestart = useCallback(() => {
         model.restartBuilder();
     }, [model]);
@@ -301,7 +294,7 @@ const BuilderAppPanel = memo(() => {
                             />
                         )}
                         <TabButton
-                            label="Env"
+                            label="Secrets"
                             tabType="env"
                             isActive={activeTab === "env"}
                             isAppFocused={isAppFocused}
@@ -316,19 +309,6 @@ const BuilderAppPanel = memo(() => {
                             Publish App
                         </button>
                     </div>
-                    {activeTab === "env" && (
-                        <button
-                            className={cn(
-                                "mr-4 px-3 py-1 text-sm font-medium rounded transition-colors",
-                                envSaveNeeded
-                                    ? "bg-accent text-white hover:opacity-80 cursor-pointer"
-                                    : "bg-gray-600 text-gray-400 cursor-default"
-                            )}
-                            onClick={envSaveNeeded ? handleEnvSave : undefined}
-                        >
-                            Save
-                        </button>
-                    )}
                 </div>
             </div>
             <ErrorStrip />
diff --git a/frontend/builder/tabs/builder-envtab.tsx b/frontend/builder/tabs/builder-envtab.tsx
deleted file mode 100644
index e269c4fcde..0000000000
--- a/frontend/builder/tabs/builder-envtab.tsx
+++ /dev/null
@@ -1,103 +0,0 @@
-// Copyright 2025, Command Line Inc.
-// SPDX-License-Identifier: Apache-2.0
-
-import { BuilderAppPanelModel } from "@/builder/store/builder-apppanel-model";
-import { useAtomValue } from "jotai";
-import { memo } from "react";
-
-type EnvVarRowProps = {
-    model: BuilderAppPanelModel;
-    index: number;
-};
-
-const EnvVarRow = memo(({ model, index }: EnvVarRowProps) => {
-    const envVar = useAtomValue(model.getEnvVarIndexAtom(index));
-
-    if (!envVar) {
-        return null;
-    }
-
-    const isValueVisible = envVar.visible ?? false;
-
-    return (
-        <div className="flex items-center gap-2">
-            <input
-                type="text"
-                value={envVar.name}
-                onChange={(e) => model.setEnvVarAtIndex(index, { ...envVar, name: e.target.value }, true)}
-                placeholder="Variable Name"
-                className="flex-1 px-3 py-2 bg-background border border-border rounded text-primary focus:outline-none focus:border-accent"
-            />
-            <div className="flex-1 relative">
-                <input
-                    type={isValueVisible ? "text" : "password"}
-                    value={envVar.value}
-                    onChange={(e) => model.setEnvVarAtIndex(index, { ...envVar, value: e.target.value }, true)}
-                    placeholder="Value"
-                    className="w-full px-3 py-2 pr-10 bg-background border border-border rounded text-primary focus:outline-none focus:border-accent"
-                />
-                <button
-                    type="button"
-                    onClick={() => model.setEnvVarAtIndex(index, { ...envVar, visible: !isValueVisible }, false)}
-                    className="absolute right-2 top-1/2 -translate-y-1/2 text-secondary hover:text-primary cursor-pointer transition-colors"
-                    title={isValueVisible ? "Hide value" : "Show value"}
-                >
-                    <i className={`fa-solid ${isValueVisible ? "fa-eye" : "fa-eye-slash"}`} />
-                </button>
-            </div>
-            <button
-                className="px-3 py-2 text-sm font-medium rounded bg-red-500/20 text-red-500 hover:brightness-110 cursor-pointer"
-                onClick={() => {
-                    model.removeEnvVar(index);
-                }}
-            >
-                Remove
-            </button>
-        </div>
-    );
-});
-
-EnvVarRow.displayName = "EnvVarRow";
-
-const BuilderEnvTab = memo(() => {
-    const model = BuilderAppPanelModel.getInstance();
-    const envVars = useAtomValue(model.envVarsArrayAtom);
-    const error = useAtomValue(model.errorAtom);
-
-    return (
-        <div className="w-full h-full flex flex-col p-4">
-            <div className="flex items-center justify-between mb-2">
-                <h2 className="text-lg font-semibold">Environment Variables</h2>
-                <button
-                    className="px-3 py-1 text-sm font-medium rounded bg-accent text-white hover:brightness-110 cursor-pointer"
-                    onClick={() => model.addEnvVar()}
-                >
-                    Add Variable
-                </button>
-            </div>
-
-            <div className="mb-4 p-2 bg-blue-500/10 border border-blue-500/30 rounded text-sm text-secondary">
-                These environment variables are transient and only used during builder testing. They are not bundled
-                with the app.
-            </div>
-
-            {error && <div className="mb-4 p-2 bg-red-500/20 text-red-500 rounded text-sm">{error}</div>}
-
-            <div className="flex-1 overflow-auto">
-                <div className="space-y-2">
-                    {envVars.length === 0 ? (
-                        <div className="text-secondary text-center py-8">
-                            No environment variables defined. Click "Add Variable" to create one.
-                        </div>
-                    ) : (
-                        envVars.map((_, index) => <EnvVarRow key={index} model={model} index={index} />)
-                    )}
-                </div>
-            </div>
-        </div>
-    );
-});
-
-BuilderEnvTab.displayName = "BuilderEnvTab";
-
-export { BuilderEnvTab };
diff --git a/frontend/builder/tabs/builder-secrettab.tsx b/frontend/builder/tabs/builder-secrettab.tsx
new file mode 100644
index 0000000000..72a4ab66c3
--- /dev/null
+++ b/frontend/builder/tabs/builder-secrettab.tsx
@@ -0,0 +1,150 @@
+// Copyright 2025, Command Line Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+import { BuilderAppPanelModel } from "@/builder/store/builder-apppanel-model";
+import { RpcApi } from "@/app/store/wshclientapi";
+import { TabRpcClient } from "@/app/store/wshrpcutil";
+import { atoms } from "@/store/global";
+import { globalStore } from "@/app/store/jotaiStore";
+import { useAtomValue } from "jotai";
+import { memo, useState } from "react";
+
+type SecretRowProps = {
+    secretName: string;
+    secretMeta: SecretMeta;
+    currentBinding: string;
+    onBindingChange: (secretName: string, binding: string) => void;
+};
+
+const SecretRow = memo(({ secretName, secretMeta, currentBinding, onBindingChange }: SecretRowProps) => {
+    return (
+        <div className="flex items-center gap-4 py-2 border-b border-border">
+            <div className="flex-1 flex items-center gap-2">
+                <span className="font-medium text-primary">{secretName}</span>
+                {!secretMeta.optional && (
+                    <span className="px-2 py-0.5 text-xs bg-red-500/20 text-red-500 rounded">Required</span>
+                )}
+                {secretMeta.optional && (
+                    <span className="px-2 py-0.5 text-xs bg-blue-500/20 text-blue-500 rounded">Optional</span>
+                )}
+                {secretMeta.desc && <span className="text-sm text-secondary">— {secretMeta.desc}</span>}
+            </div>
+            <div className="flex-1">
+                <input
+                    type="text"
+                    value={currentBinding}
+                    onChange={(e) => onBindingChange(secretName, e.target.value)}
+                    placeholder="Wave secret store name"
+                    className="w-full px-3 py-2 bg-background border border-border rounded text-primary focus:outline-none focus:border-accent"
+                />
+            </div>
+        </div>
+    );
+});
+
+SecretRow.displayName = "SecretRow";
+
+const BuilderEnvTab = memo(() => {
+    const model = BuilderAppPanelModel.getInstance();
+    const builderStatus = useAtomValue(model.builderStatusAtom);
+    const error = useAtomValue(model.errorAtom);
+
+    const [localBindings, setLocalBindings] = useState<{ [key: string]: string }>({});
+    const [isDirty, setIsDirty] = useState(false);
+    const [isSaving, setIsSaving] = useState(false);
+
+    const manifest = builderStatus?.manifest;
+    const secrets = manifest?.secrets || {};
+    const secretBindings = builderStatus?.secretbindings || {};
+
+    if (!localBindings || Object.keys(localBindings).length === 0) {
+        if (Object.keys(secretBindings).length > 0) {
+            setLocalBindings({ ...secretBindings });
+        }
+    }
+
+    const sortedSecretEntries = Object.entries(secrets).sort(([nameA, metaA], [nameB, metaB]) => {
+        if (!metaA.optional && metaB.optional) return -1;
+        if (metaA.optional && !metaB.optional) return 1;
+        return nameA.localeCompare(nameB);
+    });
+
+    const handleBindingChange = (secretName: string, binding: string) => {
+        setLocalBindings((prev) => ({ ...prev, [secretName]: binding }));
+        setIsDirty(true);
+    };
+
+    const handleSave = async () => {
+        setIsSaving(true);
+        try {
+            const appId = globalStore.get(atoms.builderAppId);
+            await RpcApi.WriteAppSecretBindingsCommand(TabRpcClient, {
+                appid: appId,
+                bindings: localBindings,
+            });
+            setIsDirty(false);
+            globalStore.set(model.errorAtom, "");
+        } catch (err) {
+            console.error("Failed to save secret bindings:", err);
+            globalStore.set(model.errorAtom, `Failed to save secret bindings: ${err.message || "Unknown error"}`);
+        } finally {
+            setIsSaving(false);
+        }
+    };
+
+    const allRequiredBound =
+        sortedSecretEntries.filter(([_, meta]) => !meta.optional).every(([name]) => localBindings[name]?.trim()) ||
+        false;
+
+    return (
+        <div className="w-full h-full flex flex-col p-4">
+            <div className="flex items-center justify-between mb-2">
+                <h2 className="text-lg font-semibold">Secret Bindings</h2>
+                <button
+                    className="px-3 py-1 text-sm font-medium rounded bg-accent/80 text-primary hover:bg-accent transition-colors cursor-pointer disabled:opacity-50 disabled:cursor-not-allowed"
+                    onClick={handleSave}
+                    disabled={!isDirty || isSaving}
+                >
+                    {isSaving ? "Saving..." : "Save"}
+                </button>
+            </div>
+
+            <div className="mb-4 p-2 bg-blue-500/10 border border-blue-500/30 rounded text-sm text-secondary">
+                Map app secrets to Wave secret store names. Required secrets must be bound before the app can run
+                successfully.
+            </div>
+
+            {!allRequiredBound && (
+                <div className="mb-4 p-2 bg-yellow-500/10 border border-yellow-500/30 rounded text-sm text-yellow-600">
+                    Some required secrets are not bound yet.
+                </div>
+            )}
+
+            {error && <div className="mb-4 p-2 bg-red-500/20 text-red-500 rounded text-sm">{error}</div>}
+
+            <div className="flex-1 overflow-auto">
+                {sortedSecretEntries.length === 0 ? (
+                    <div className="text-secondary text-center py-8">
+                        No secrets defined in this app manifest.
+                    </div>
+                ) : (
+                    <div className="space-y-1">
+                        {sortedSecretEntries.map(([secretName, secretMeta]) => (
+                            <SecretRow
+                                key={secretName}
+                                secretName={secretName}
+                                secretMeta={secretMeta}
+                                currentBinding={localBindings[secretName] || ""}
+                                onBindingChange={handleBindingChange}
+                            />
+                        ))}
+                    </div>
+                )}
+            </div>
+        </div>
+    );
+});
+
+BuilderEnvTab.displayName = "BuilderEnvTab";
+
+export { BuilderEnvTab };
diff --git a/package-lock.json b/package-lock.json
index dfc132373a..b626130608 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
     "name": "waveterm",
-    "version": "0.12.3-beta.2",
+    "version": "0.12.3",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "waveterm",
-            "version": "0.12.3-beta.2",
+            "version": "0.12.3",
             "hasInstallScript": true,
             "license": "Apache-2.0",
             "workspaces": [

From d3ce0b8568c4bb7976ef4fd427564c3e8ba85a76 Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Tue, 18 Nov 2025 10:54:50 -0800
Subject: [PATCH 02/12] only show secrets tab if there are secrets, remove
 "env" internal name

---
 frontend/builder/builder-apppanel.tsx         | 19 +++++++++++--------
 .../builder/store/builder-apppanel-model.ts   | 13 ++++++++++++-
 2 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/frontend/builder/builder-apppanel.tsx b/frontend/builder/builder-apppanel.tsx
index 8507a4ba5c..3f36cbdb1e 100644
--- a/frontend/builder/builder-apppanel.tsx
+++ b/frontend/builder/builder-apppanel.tsx
@@ -196,6 +196,7 @@ const BuilderAppPanel = memo(() => {
     const isAppFocused = focusType === "app";
     const builderAppId = useAtomValue(atoms.builderAppId);
     const builderId = useAtomValue(atoms.builderId);
+    const hasSecrets = useAtomValue(model.hasSecretsAtom);
 
     useEffect(() => {
         model.initialize();
@@ -291,13 +292,15 @@ const BuilderAppPanel = memo(() => {
                             isAppFocused={isAppFocused}
                             onClick={() => handleTabClick("files")}
                         />
-                        <TabButton
-                            label="Secrets"
-                            tabType="env"
-                            isActive={activeTab === "env"}
-                            isAppFocused={isAppFocused}
-                            onClick={() => handleTabClick("env")}
-                        />
+                        {hasSecrets && (
+                            <TabButton
+                                label="Secrets"
+                                tabType="secrets"
+                                isActive={activeTab === "secrets"}
+                                isAppFocused={isAppFocused}
+                                onClick={() => handleTabClick("secrets")}
+                            />
+                        )}
                     </div>
                     <div className="flex items-center gap-2 mr-4">
                         <button
@@ -326,7 +329,7 @@ const BuilderAppPanel = memo(() => {
                         <BuilderFilesTab />
                     </ErrorBoundary>
                 </div>
-                <div className="w-full h-full" style={{ display: activeTab === "env" ? "block" : "none" }}>
+                <div className="w-full h-full" style={{ display: activeTab === "secrets" ? "block" : "none" }}>
                     <ErrorBoundary>
                         <BuilderEnvTab />
                     </ErrorBoundary>
diff --git a/frontend/builder/store/builder-apppanel-model.ts b/frontend/builder/store/builder-apppanel-model.ts
index 09aec03dbf..5ee3d0e174 100644
--- a/frontend/builder/store/builder-apppanel-model.ts
+++ b/frontend/builder/store/builder-apppanel-model.ts
@@ -10,7 +10,7 @@ import { base64ToString, stringToBase64 } from "@/util/util";
 import { atom, type Atom, type PrimitiveAtom } from "jotai";
 import { debounce } from "throttle-debounce";
 
-export type TabType = "preview" | "files" | "code" | "env";
+export type TabType = "preview" | "files" | "code" | "secrets";
 
 export type EnvVar = {
     name: string;
@@ -30,6 +30,7 @@ export class BuilderAppPanelModel {
     isLoadingAtom: PrimitiveAtom<boolean> = atom<boolean>(false);
     errorAtom: PrimitiveAtom<string> = atom<string>("");
     builderStatusAtom = atom<BuilderStatusData>(null) as PrimitiveAtom<BuilderStatusData>;
+    hasSecretsAtom: PrimitiveAtom<boolean> = atom<boolean>(false);
     saveNeededAtom!: Atom<boolean>;
     focusElemRef: { current: HTMLInputElement | null } = { current: null };
     monacoEditorRef: { current: any | null } = { current: null };
@@ -85,6 +86,7 @@ export class BuilderAppPanelModel {
                 const currentStatus = globalStore.get(this.builderStatusAtom);
                 if (!currentStatus || !currentStatus.version || status.version > currentStatus.version) {
                     globalStore.set(this.builderStatusAtom, status);
+                    this.updateSecretsLatch(status);
                 }
             },
         });
@@ -92,6 +94,7 @@ export class BuilderAppPanelModel {
         try {
             const status = await RpcApi.GetBuilderStatusCommand(TabRpcClient, builderId);
             globalStore.set(this.builderStatusAtom, status);
+            this.updateSecretsLatch(status);
         } catch (err) {
             console.error("Failed to load builder status:", err);
         }
@@ -110,6 +113,14 @@ export class BuilderAppPanelModel {
         });
     }
 
+    updateSecretsLatch(status: BuilderStatusData) {
+        if (!status?.manifest?.secrets) return;
+        const secrets = status.manifest.secrets;
+        if (Object.keys(secrets).length > 0) {
+            globalStore.set(this.hasSecretsAtom, true);
+        }
+    }
+
     async loadEnvVars(builderId: string) {
         try {
             const rtInfo = await RpcApi.GetRTInfoCommand(TabRpcClient, {

From 7fecaa1b8352c592351bdd9bd2b616c33a786e6f Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Tue, 18 Nov 2025 11:16:48 -0800
Subject: [PATCH 03/12] different error message UI when secrets are not mapped
 (secret error sentinel)

---
 frontend/builder/tabs/builder-previewtab.tsx | 33 ++++++++++++++++++++
 pkg/buildercontroller/buildercontroller.go   |  5 ++-
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/frontend/builder/tabs/builder-previewtab.tsx b/frontend/builder/tabs/builder-previewtab.tsx
index 61f8157a07..2258e31441 100644
--- a/frontend/builder/tabs/builder-previewtab.tsx
+++ b/frontend/builder/tabs/builder-previewtab.tsx
@@ -34,9 +34,12 @@ const ErrorStateView = memo(({ errorMsg }: { errorMsg: string }) => {
     const displayMsg = errorMsg && errorMsg.trim() ? errorMsg : "Unknown Error";
     const waveAIModel = WaveAIModel.getInstance();
     const buildPanelModel = BuilderBuildPanelModel.getInstance();
+    const appPanelModel = BuilderAppPanelModel.getInstance();
     const outputLines = useAtomValue(buildPanelModel.outputLines);
     const isStreaming = useAtomValue(waveAIModel.isAIStreaming);
 
+    const isSecretError = displayMsg.includes("ERR-SECRET");
+
     const getBuildContext = () => {
         const filteredLines = outputLines.filter((line) => !line.startsWith("[debug]"));
         const buildOutput = filteredLines.join("\n").trim();
@@ -55,6 +58,36 @@ const ErrorStateView = memo(({ errorMsg }: { errorMsg: string }) => {
         await waveAIModel.handleSubmit();
     };
 
+    const handleGoToSecrets = () => {
+        appPanelModel.setActiveTab("secrets");
+    };
+
+    if (isSecretError) {
+        return (
+            <div className="w-full h-full flex items-center justify-center bg-background">
+                <div className="flex flex-col items-center gap-6 max-w-2xl text-center px-8">
+                    <div className="text-6xl">🔐</div>
+                    <div className="flex flex-col gap-3">
+                        <h2 className="text-2xl font-semibold text-error">Secrets Required</h2>
+                        <p className="text-base text-secondary leading-relaxed">
+                            This app requires secrets that must be configured. Please use the Secrets tab to set and bind
+                            the required secrets for your app to run.
+                        </p>
+                        <div className="text-left bg-panel border border-error/30 rounded-lg p-4 max-h-96 overflow-auto mt-2">
+                            <pre className="text-sm text-secondary whitespace-pre-wrap font-mono">{displayMsg}</pre>
+                        </div>
+                        <button
+                            onClick={handleGoToSecrets}
+                            className="px-6 py-2 mt-2 bg-accent/80 text-primary font-semibold rounded hover:bg-accent transition-colors cursor-pointer"
+                        >
+                            Go to Secrets Tab
+                        </button>
+                    </div>
+                </div>
+            </div>
+        );
+    }
+
     return (
         <div className="w-full h-full flex items-center justify-center bg-background">
             <div className="flex flex-col items-center gap-6 max-w-2xl text-center px-8">
diff --git a/pkg/buildercontroller/buildercontroller.go b/pkg/buildercontroller/buildercontroller.go
index 11ccfe1642..69e1da2ceb 100644
--- a/pkg/buildercontroller/buildercontroller.go
+++ b/pkg/buildercontroller/buildercontroller.go
@@ -301,12 +301,12 @@ func (bc *BuilderController) runBuilderApp(ctx context.Context, appId string, ap
 
 	secretBindings, err := waveappstore.ReadAppSecretBindings(appId)
 	if err != nil {
-		return nil, fmt.Errorf("failed to read secret bindings: %w", err)
+		return nil, fmt.Errorf("failed to read secret bindings (ERR-SECRET): %w", err)
 	}
 
 	secretEnv, err := waveappstore.BuildAppSecretEnv(appId, manifest, secretBindings)
 	if err != nil {
-		return nil, fmt.Errorf("failed to build secret environment: %w", err)
+		return nil, fmt.Errorf("failed to build secret environment (ERR-SECRET): %w", err)
 	}
 
 	if builderEnv == nil {
@@ -579,7 +579,6 @@ func (bc *BuilderController) publishOutputLine(line string, reset bool) {
 	})
 }
 
-
 func exitCodeFromWaitErr(waitErr error) int {
 	if waitErr == nil {
 		return 0

From edf3fa1152bf28b2e10c8ee620f7c43f8c999325 Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Tue, 18 Nov 2025 11:28:54 -0800
Subject: [PATCH 04/12] working on updated secrets UI

---
 frontend/app/modals/modalregistry.tsx       |   2 +
 frontend/builder/tabs/builder-secrettab.tsx | 170 ++++++++++++++++++--
 2 files changed, 159 insertions(+), 13 deletions(-)

diff --git a/frontend/app/modals/modalregistry.tsx b/frontend/app/modals/modalregistry.tsx
index cb67820b6a..53fabde064 100644
--- a/frontend/app/modals/modalregistry.tsx
+++ b/frontend/app/modals/modalregistry.tsx
@@ -5,6 +5,7 @@ import { MessageModal } from "@/app/modals/messagemodal";
 import { NewInstallOnboardingModal } from "@/app/onboarding/onboarding";
 import { UpgradeOnboardingModal } from "@/app/onboarding/onboarding-upgrade";
 import { DeleteFileModal, PublishAppModal, RenameFileModal } from "@/builder/builder-apppanel";
+import { SetSecretDialog } from "@/builder/tabs/builder-secrettab";
 import { AboutModal } from "./about";
 import { UserInputModal } from "./userinputmodal";
 
@@ -17,6 +18,7 @@ const modalRegistry: { [key: string]: React.ComponentType<any> } = {
     [PublishAppModal.displayName || "PublishAppModal"]: PublishAppModal,
     [RenameFileModal.displayName || "RenameFileModal"]: RenameFileModal,
     [DeleteFileModal.displayName || "DeleteFileModal"]: DeleteFileModal,
+    [SetSecretDialog.displayName || "SetSecretDialog"]: SetSecretDialog,
 };
 
 export const getModalComponent = (key: string): React.ComponentType<any> | undefined => {
diff --git a/frontend/builder/tabs/builder-secrettab.tsx b/frontend/builder/tabs/builder-secrettab.tsx
index 72a4ab66c3..dbc2d215c0 100644
--- a/frontend/builder/tabs/builder-secrettab.tsx
+++ b/frontend/builder/tabs/builder-secrettab.tsx
@@ -7,18 +7,34 @@ import { TabRpcClient } from "@/app/store/wshrpcutil";
 import { atoms } from "@/store/global";
 import { globalStore } from "@/app/store/jotaiStore";
 import { useAtomValue } from "jotai";
-import { memo, useState } from "react";
+import { memo, useState, useEffect } from "react";
+import { Check, AlertTriangle } from "lucide-react";
+import { Tooltip } from "@/app/element/tooltip";
+import { Modal } from "@/app/modals/modal";
+import { modalsModel } from "@/app/store/modalmodel";
 
 type SecretRowProps = {
     secretName: string;
     secretMeta: SecretMeta;
     currentBinding: string;
-    onBindingChange: (secretName: string, binding: string) => void;
+    availableSecrets: string[];
+    onMapDefault: (secretName: string) => void;
+    onSetAndMapDefault: (secretName: string) => void;
 };
 
-const SecretRow = memo(({ secretName, secretMeta, currentBinding, onBindingChange }: SecretRowProps) => {
+const SecretRow = memo(({ secretName, secretMeta, currentBinding, availableSecrets, onMapDefault, onSetAndMapDefault }: SecretRowProps) => {
+    const isMapped = currentBinding.trim().length > 0;
+    const isValid = isMapped && availableSecrets.includes(currentBinding);
+    const hasMatchingSecret = availableSecrets.includes(secretName);
+
     return (
         <div className="flex items-center gap-4 py-2 border-b border-border">
+            <Tooltip content={!isMapped ? "Secret is Not Mapped" : "Secret Has a Valid Mapping"}>
+                <div className="flex items-center">
+                    {!isMapped && <AlertTriangle className="w-5 h-5 text-yellow-500" />}
+                    {isMapped && isValid && <Check className="w-5 h-5 text-green-500" />}
+                </div>
+            </Tooltip>
             <div className="flex-1 flex items-center gap-2">
                 <span className="font-medium text-primary">{secretName}</span>
                 {!secretMeta.optional && (
@@ -29,14 +45,23 @@ const SecretRow = memo(({ secretName, secretMeta, currentBinding, onBindingChang
                 )}
                 {secretMeta.desc && <span className="text-sm text-secondary">— {secretMeta.desc}</span>}
             </div>
-            <div className="flex-1">
-                <input
-                    type="text"
-                    value={currentBinding}
-                    onChange={(e) => onBindingChange(secretName, e.target.value)}
-                    placeholder="Wave secret store name"
-                    className="w-full px-3 py-2 bg-background border border-border rounded text-primary focus:outline-none focus:border-accent"
-                />
+            <div className="flex items-center gap-2">
+                {!isMapped && hasMatchingSecret && (
+                    <button
+                        onClick={() => onMapDefault(secretName)}
+                        className="px-3 py-1 text-sm font-medium rounded bg-accent/80 text-primary hover:bg-accent transition-colors cursor-pointer whitespace-nowrap"
+                    >
+                        Map Default
+                    </button>
+                )}
+                {!isMapped && !hasMatchingSecret && (
+                    <button
+                        onClick={() => onSetAndMapDefault(secretName)}
+                        className="px-3 py-1 text-sm font-medium rounded bg-accent/80 text-primary hover:bg-accent transition-colors cursor-pointer whitespace-nowrap"
+                    >
+                        Set and Map Default
+                    </button>
+                )}
             </div>
         </div>
     );
@@ -44,6 +69,94 @@ const SecretRow = memo(({ secretName, secretMeta, currentBinding, onBindingChang
 
 SecretRow.displayName = "SecretRow";
 
+type SetSecretDialogProps = {
+    secretName: string;
+    onSetAndMap: (secretName: string, secretValue: string) => Promise<void>;
+};
+
+const SetSecretDialog = memo(({ secretName, onSetAndMap }: SetSecretDialogProps) => {
+    const [secretValue, setSecretValue] = useState("");
+    const [isSubmitting, setIsSubmitting] = useState(false);
+    const [error, setError] = useState("");
+
+    const handleSubmit = async () => {
+        if (!secretValue.trim()) return;
+        setIsSubmitting(true);
+        setError("");
+        try {
+            await onSetAndMap(secretName, secretValue);
+            modalsModel.popModal();
+        } catch (err) {
+            console.error("Failed to set secret:", err);
+            setError(err instanceof Error ? err.message : String(err));
+        } finally {
+            setIsSubmitting(false);
+        }
+    };
+
+    const handleClose = () => {
+        modalsModel.popModal();
+    };
+
+    useEffect(() => {
+        const handleKeyDown = (e: KeyboardEvent) => {
+            if (e.key === "Escape") {
+                e.preventDefault();
+                handleClose();
+            }
+        };
+
+        document.addEventListener("keydown", handleKeyDown);
+        return () => document.removeEventListener("keydown", handleKeyDown);
+    }, []);
+
+    if (error) {
+        return (
+            <Modal className="p-4 min-w-[500px]" onOk={handleClose} onClose={handleClose} okLabel="OK">
+                <div className="flex flex-col gap-4 mb-4">
+                    <h2 className="text-xl font-semibold">Error Setting Secret</h2>
+                    <div className="text-sm text-error">{error}</div>
+                </div>
+            </Modal>
+        );
+    }
+
+    return (
+        <Modal
+            className="p-4 min-w-[500px]"
+            onOk={handleSubmit}
+            onCancel={handleClose}
+            onClose={handleClose}
+            okLabel="Set and Map"
+            cancelLabel="Cancel"
+            okDisabled={!secretValue.trim() || isSubmitting}
+        >
+            <div className="flex flex-col gap-4 mb-4">
+                <h2 className="text-xl font-semibold">Set and Map Secret</h2>
+                <div className="flex flex-col gap-2">
+                    <div className="text-sm font-medium mb-1">
+                        Secret Name: <span className="text-accent">{secretName}</span>
+                    </div>
+                    <textarea
+                        value={secretValue}
+                        onChange={(e) => setSecretValue(e.target.value)}
+                        placeholder="Paste secret value here..."
+                        className="w-full px-3 py-2 bg-panel border border-border rounded focus:outline-none focus:border-accent resize-none"
+                        rows={4}
+                        autoFocus
+                        disabled={isSubmitting}
+                    />
+                    <div className="text-xs text-secondary">
+                        Secrets are stored securely in Wave's secret store
+                    </div>
+                </div>
+            </div>
+        </Modal>
+    );
+});
+
+SetSecretDialog.displayName = "SetSecretDialog";
+
 const BuilderEnvTab = memo(() => {
     const model = BuilderAppPanelModel.getInstance();
     const builderStatus = useAtomValue(model.builderStatusAtom);
@@ -52,11 +165,24 @@ const BuilderEnvTab = memo(() => {
     const [localBindings, setLocalBindings] = useState<{ [key: string]: string }>({});
     const [isDirty, setIsDirty] = useState(false);
     const [isSaving, setIsSaving] = useState(false);
+    const [availableSecrets, setAvailableSecrets] = useState<string[]>([]);
 
     const manifest = builderStatus?.manifest;
     const secrets = manifest?.secrets || {};
     const secretBindings = builderStatus?.secretbindings || {};
 
+    useEffect(() => {
+        const fetchSecrets = async () => {
+            try {
+                const secrets = await RpcApi.GetSecretsNamesCommand(TabRpcClient);
+                setAvailableSecrets(secrets || []);
+            } catch (err) {
+                console.error("Failed to fetch secrets:", err);
+            }
+        };
+        fetchSecrets();
+    }, []);
+
     if (!localBindings || Object.keys(localBindings).length === 0) {
         if (Object.keys(secretBindings).length > 0) {
             setLocalBindings({ ...secretBindings });
@@ -92,6 +218,22 @@ const BuilderEnvTab = memo(() => {
         }
     };
 
+    const handleMapDefault = (secretName: string) => {
+        setLocalBindings((prev) => ({ ...prev, [secretName]: secretName }));
+        setIsDirty(true);
+    };
+
+    const handleSetAndMapDefault = (secretName: string) => {
+        modalsModel.pushModal("SetSecretDialog", { secretName, onSetAndMap: handleSetAndMap });
+    };
+
+    const handleSetAndMap = async (secretName: string, secretValue: string) => {
+        await RpcApi.SetSecretsCommand(TabRpcClient, { [secretName]: secretValue });
+        setAvailableSecrets((prev) => [...prev, secretName]);
+        setLocalBindings((prev) => ({ ...prev, [secretName]: secretName }));
+        setIsDirty(true);
+    };
+
     const allRequiredBound =
         sortedSecretEntries.filter(([_, meta]) => !meta.optional).every(([name]) => localBindings[name]?.trim()) ||
         false;
@@ -135,7 +277,9 @@ const BuilderEnvTab = memo(() => {
                                 secretName={secretName}
                                 secretMeta={secretMeta}
                                 currentBinding={localBindings[secretName] || ""}
-                                onBindingChange={handleBindingChange}
+                                availableSecrets={availableSecrets}
+                                onMapDefault={handleMapDefault}
+                                onSetAndMapDefault={handleSetAndMapDefault}
                             />
                         ))}
                     </div>
@@ -147,4 +291,4 @@ const BuilderEnvTab = memo(() => {
 
 BuilderEnvTab.displayName = "BuilderEnvTab";
 
-export { BuilderEnvTab };
+export { BuilderEnvTab, SetSecretDialog };

From c3af71f186aaef7f88cf130ad4f94a691c254601 Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Tue, 18 Nov 2025 12:54:06 -0800
Subject: [PATCH 05/12] fix border radius

---
 frontend/builder/builder-buildpanel.tsx | 2 +-
 frontend/builder/builder-workspace.tsx  | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/frontend/builder/builder-buildpanel.tsx b/frontend/builder/builder-buildpanel.tsx
index b080cdb744..1ce2dc7ac3 100644
--- a/frontend/builder/builder-buildpanel.tsx
+++ b/frontend/builder/builder-buildpanel.tsx
@@ -85,7 +85,7 @@ const BuilderBuildPanel = memo(() => {
     const filteredLines = showDebug ? outputLines : outputLines.filter((line) => !line.startsWith("[debug]") && line.trim().length > 0);
 
     return (
-        <div className="w-full h-full flex flex-col bg-black">
+        <div className="w-full h-full flex flex-col bg-black rounded-br-2">
             <div className="flex-shrink-0 px-3 py-2 border-b border-gray-700 flex items-center justify-between">
                 <span className="text-sm font-semibold text-gray-300">Build Output</span>
                 <div className="flex items-center gap-4">
diff --git a/frontend/builder/builder-workspace.tsx b/frontend/builder/builder-workspace.tsx
index 395fdb32a1..94a06fad83 100644
--- a/frontend/builder/builder-workspace.tsx
+++ b/frontend/builder/builder-workspace.tsx
@@ -107,7 +107,7 @@ const BuilderWorkspace = memo(() => {
                             isAppFocused ? "border-2 border-accent" : "border-2 border-transparent"
                         )}
                         style={{
-                            borderBottomRightRadius: 10,
+                            borderBottomRightRadius: 8,
                         }}
                     >
                         <PanelGroup direction="vertical" onLayout={handleVerticalLayout}>
@@ -115,7 +115,12 @@ const BuilderWorkspace = memo(() => {
                                 <BuilderAppPanel />
                             </Panel>
                             <PanelResizeHandle className="h-0.5 bg-transparent hover:bg-gray-500/20 transition-colors" />
-                            <Panel defaultSize={layout.build} minSize={20} maxSize={50}>
+                            <Panel
+                                defaultSize={layout.build}
+                                minSize={20}
+                                maxSize={50}
+                                style={{ borderBottomRightRadius: 8 }}
+                            >
                                 <BuilderBuildPanel />
                             </Panel>
                         </PanelGroup>

From 9ed235999a1d88dd8c3db23c628e005371b7ff5d Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Tue, 18 Nov 2025 13:55:28 -0800
Subject: [PATCH 06/12] add liststaticfiles, make manifest generation more
 robust

---
 tsunami/app/defaultclient.go | 47 ++++++++++++++++++++++++++++++++++++
 tsunami/build/build.go       | 16 +++++++++++-
 tsunami/engine/clientimpl.go |  2 ++
 3 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/tsunami/app/defaultclient.go b/tsunami/app/defaultclient.go
index c3cfd7846e..f966af6672 100644
--- a/tsunami/app/defaultclient.go
+++ b/tsunami/app/defaultclient.go
@@ -11,6 +11,7 @@ import (
 	"net/http"
 	"os"
 	"strings"
+	"time"
 
 	"github.com/wavetermdev/waveterm/tsunami/engine"
 	"github.com/wavetermdev/waveterm/tsunami/util"
@@ -22,6 +23,18 @@ const MaxShortDescLen = 120
 
 type AppMeta engine.AppMeta
 
+type staticFileInfo struct {
+	fullPath string
+	info     fs.FileInfo
+}
+
+func (sfi *staticFileInfo) Name() string       { return sfi.fullPath }
+func (sfi *staticFileInfo) Size() int64        { return sfi.info.Size() }
+func (sfi *staticFileInfo) Mode() fs.FileMode  { return sfi.info.Mode() }
+func (sfi *staticFileInfo) ModTime() time.Time { return sfi.info.ModTime() }
+func (sfi *staticFileInfo) IsDir() bool        { return sfi.info.IsDir() }
+func (sfi *staticFileInfo) Sys() any           { return sfi.info.Sys() }
+
 func DefineComponent[P any](name string, renderFn func(props P) any) vdom.Component[P] {
 	return engine.DefineComponentEx(engine.GetDefaultClient(), name, renderFn)
 }
@@ -219,3 +232,37 @@ func OpenStaticFile(path string) (fs.File, error) {
 	relativePath := strings.TrimPrefix(path, "static/")
 	return client.StaticFS.Open(relativePath)
 }
+
+// ListStaticFiles returns FileInfo for all files in the embedded static filesystem.
+// The Name() of each FileInfo will be the full path prefixed with "static/" (e.g., "static/config.json"),
+// which can be passed directly to ReadStaticFile or OpenStaticFile.
+// Returns an empty slice if StaticFS is nil or on error.
+func ListStaticFiles() ([]fs.FileInfo, error) {
+	client := engine.GetDefaultClient()
+	if client.StaticFS == nil {
+		return nil, nil
+	}
+
+	var fileInfos []fs.FileInfo
+	err := fs.WalkDir(client.StaticFS, ".", func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if !d.IsDir() {
+			info, err := d.Info()
+			if err != nil {
+				return err
+			}
+			fullPath := "static/" + path
+			fileInfos = append(fileInfos, &staticFileInfo{
+				fullPath: fullPath,
+				info:     info,
+			})
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return fileInfos, nil
+}
diff --git a/tsunami/build/build.go b/tsunami/build/build.go
index ab1e8e2031..fcf9acca6b 100644
--- a/tsunami/build/build.go
+++ b/tsunami/build/build.go
@@ -825,8 +825,22 @@ func generateManifest(tempDir, exePath string, opts BuildOpts) error {
 		return fmt.Errorf("manifest generation failed: %w", err)
 	}
 
+	// Extract manifest between delimiters
+	manifestStr := string(manifestOutput)
+	startTag := "<AppManifest>"
+	endTag := "</AppManifest>"
+	startIdx := strings.Index(manifestStr, startTag)
+	endIdx := strings.Index(manifestStr, endTag)
+
+	if startIdx == -1 || endIdx == -1 {
+		return fmt.Errorf("manifest delimiters not found in output")
+	}
+
+	manifestJSON := manifestStr[startIdx+len(startTag) : endIdx]
+	manifestJSON = strings.TrimSpace(manifestJSON)
+
 	manifestPath := filepath.Join(tempDir, "manifest.json")
-	if err := os.WriteFile(manifestPath, manifestOutput, 0644); err != nil {
+	if err := os.WriteFile(manifestPath, []byte(manifestJSON), 0644); err != nil {
 		return fmt.Errorf("failed to write manifest.json: %w", err)
 	}
 
diff --git a/tsunami/engine/clientimpl.go b/tsunami/engine/clientimpl.go
index 73aeacfcfb..7e01f8e900 100644
--- a/tsunami/engine/clientimpl.go
+++ b/tsunami/engine/clientimpl.go
@@ -515,5 +515,7 @@ func (c *ClientImpl) PrintAppManifest() {
 		fmt.Printf("Error marshaling manifest: %v\n", err)
 		return
 	}
+	fmt.Println("<AppManifest>")
 	fmt.Println(string(manifestJSON))
+	fmt.Println("</AppManifest>")
 }

From 94a772a88a1a8dccf548c8ed5d75edbde6e44a58 Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Tue, 18 Nov 2025 17:14:28 -0800
Subject: [PATCH 07/12] better error messages, new AppInit function for
 initialization

---
 Taskfile.yml                       |  4 +-
 tsunami/app/defaultclient.go       | 16 ++---
 tsunami/build/build-ast.go         | 94 ++++++++++++++++++++++++++++++
 tsunami/build/build.go             | 84 +++++++++++++-------------
 tsunami/build/buildutil.go         |  3 +
 tsunami/engine/clientimpl.go       | 13 +++--
 tsunami/templates/app-init.go.tmpl |  7 +++
 7 files changed, 162 insertions(+), 59 deletions(-)
 create mode 100644 tsunami/build/build-ast.go
 create mode 100644 tsunami/templates/app-init.go.tmpl

diff --git a/Taskfile.yml b/Taskfile.yml
index 5b3e520434..1874a2cbc2 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -539,7 +539,7 @@ tasks:
             - mv scaffold/node_modules scaffold/nm
             - cp -r dist scaffold/
             - mkdir -p scaffold/dist/tw
-            - cp ../templates/app-main.go.tmpl scaffold/app-main.go
+            - cp ../templates/*.go.tmpl scaffold/
             - cp ../templates/tailwind.css scaffold/
             - cp ../templates/gitignore.tmpl scaffold/.gitignore
             - cp src/element/*.tsx scaffold/dist/tw/
@@ -560,7 +560,7 @@ tasks:
             - powershell Move-Item -Path scaffold/node_modules -Destination scaffold/nm
             - powershell Copy-Item -Recurse -Force -Path dist -Destination scaffold/
             - powershell New-Item -ItemType Directory -Force -Path scaffold/dist/tw
-            - powershell Copy-Item -Path ../templates/app-main.go.tmpl -Destination scaffold/app-main.go
+            - powershell Copy-Item -Path '../templates/*.go.tmpl' -Destination scaffold/
             - powershell Copy-Item -Path ../templates/tailwind.css -Destination scaffold/
             - powershell Copy-Item -Path ../templates/gitignore.tmpl -Destination scaffold/.gitignore
             - powershell Copy-Item -Path 'src/element/*.tsx' -Destination scaffold/dist/tw/
diff --git a/tsunami/app/defaultclient.go b/tsunami/app/defaultclient.go
index f966af6672..46119d13fc 100644
--- a/tsunami/app/defaultclient.go
+++ b/tsunami/app/defaultclient.go
@@ -5,6 +5,8 @@ package app
 
 import (
 	"encoding/json"
+	"errors"
+	"fmt"
 	"io"
 	"io/fs"
 	"log"
@@ -47,11 +49,11 @@ func SetGlobalEventHandler(handler func(event vdom.VDomEvent)) {
 	engine.GetDefaultClient().SetGlobalEventHandler(handler)
 }
 
-// RegisterSetupFn registers a single setup function that is called before the app starts running.
+// RegisterAppInitFn registers a single setup function that is called before the app starts running.
 // Only one setup function is allowed, so calling this will replace any previously registered
 // setup function.
-func RegisterSetupFn(fn func()) {
-	engine.GetDefaultClient().RegisterSetupFn(fn)
+func RegisterAppInitFn(fn func() error) {
+	engine.GetDefaultClient().RegisterAppInitFn(fn)
 }
 
 // SendAsyncInitiation notifies the frontend that the backend has updated state
@@ -207,10 +209,10 @@ func PrintAppManifest() {
 func ReadStaticFile(path string) ([]byte, error) {
 	client := engine.GetDefaultClient()
 	if client.StaticFS == nil {
-		return nil, fs.ErrNotExist
+		return nil, errors.New("static files not available before app initialization; use AppInit to access files during initialization")
 	}
 	if !strings.HasPrefix(path, "static/") {
-		return nil, fs.ErrNotExist
+		return nil, fmt.Errorf("ReadStaticFile path must start with 'static/': %w", fs.ErrNotExist)
 	}
 	// Strip "static/" prefix since the FS is already sub'd to the static directory
 	relativePath := strings.TrimPrefix(path, "static/")
@@ -223,10 +225,10 @@ func ReadStaticFile(path string) ([]byte, error) {
 func OpenStaticFile(path string) (fs.File, error) {
 	client := engine.GetDefaultClient()
 	if client.StaticFS == nil {
-		return nil, fs.ErrNotExist
+		return nil, errors.New("static files not available before app initialization; use AppInit to access files during initialization")
 	}
 	if !strings.HasPrefix(path, "static/") {
-		return nil, fs.ErrNotExist
+		return nil, fmt.Errorf("OpenStaticFile path must start with 'static/': %w", fs.ErrNotExist)
 	}
 	// Strip "static/" prefix since the FS is already sub'd to the static directory
 	relativePath := strings.TrimPrefix(path, "static/")
diff --git a/tsunami/build/build-ast.go b/tsunami/build/build-ast.go
new file mode 100644
index 0000000000..c14c38f64d
--- /dev/null
+++ b/tsunami/build/build-ast.go
@@ -0,0 +1,94 @@
+// Copyright 2025, Command Line Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+package build
+
+import (
+	"fmt"
+	"go/ast"
+	"go/parser"
+	"go/token"
+	"io/fs"
+	"path/filepath"
+	"strings"
+)
+
+const AppInitFnName = "AppInit"
+
+func buildImportsMap(dir string) (map[string]bool, error) {
+	imports := make(map[string]bool)
+
+	files, err := filepath.Glob(filepath.Join(dir, "*.go"))
+	if err != nil {
+		return nil, fmt.Errorf("failed to list go files: %w", err)
+	}
+
+	fset := token.NewFileSet()
+	for _, file := range files {
+		node, err := parser.ParseFile(fset, file, nil, parser.ImportsOnly)
+		if err != nil {
+			continue // Skip files that can't be parsed
+		}
+
+		for _, imp := range node.Imports {
+			// Remove quotes from import path
+			importPath := strings.Trim(imp.Path.Value, `"`)
+			imports[importPath] = true
+		}
+	}
+
+	return imports, nil
+}
+
+type parsedAppInfo struct {
+	HasAppInit bool
+}
+
+func parseAndValidateAppFile(appFS fs.FS) (*parsedAppInfo, error) {
+	appGoFile, err := fs.ReadFile(appFS, MainAppFileName)
+	if err != nil {
+		return &parsedAppInfo{HasAppInit: false}, nil
+	}
+
+	fset := token.NewFileSet()
+	node, err := parser.ParseFile(fset, MainAppFileName, appGoFile, 0)
+	if err != nil {
+		return &parsedAppInfo{HasAppInit: false}, nil
+	}
+
+	hasAppInit := false
+	for _, decl := range node.Decls {
+		funcDecl, ok := decl.(*ast.FuncDecl)
+		if !ok {
+			continue
+		}
+
+		if funcDecl.Name.Name == "init" {
+			hasNoParams := funcDecl.Type.Params == nil || len(funcDecl.Type.Params.List) == 0
+			hasNoResults := funcDecl.Type.Results == nil || len(funcDecl.Type.Results.List) == 0
+			if hasNoParams && hasNoResults {
+				return nil, fmt.Errorf("tsunami apps may not define an init() function, use %s for initialization", AppInitFnName)
+			}
+		}
+
+		if funcDecl.Name.Name == AppInitFnName {
+			if funcDecl.Type.Params != nil && len(funcDecl.Type.Params.List) > 0 {
+				return nil, fmt.Errorf("%s function must take no parameters, but has %d parameter(s)", AppInitFnName, len(funcDecl.Type.Params.List))
+			}
+
+			if funcDecl.Type.Results == nil || len(funcDecl.Type.Results.List) != 1 {
+				return nil, fmt.Errorf("%s function must return exactly one value of type error", AppInitFnName)
+			}
+
+			returnType := funcDecl.Type.Results.List[0]
+			ident, ok := returnType.Type.(*ast.Ident)
+			if !ok || ident.Name != "error" {
+				return nil, fmt.Errorf("%s function must return error, not %v", AppInitFnName, returnType.Type)
+			}
+
+			hasAppInit = true
+		}
+	}
+
+	return &parsedAppInfo{HasAppInit: hasAppInit}, nil
+}
diff --git a/tsunami/build/build.go b/tsunami/build/build.go
index fcf9acca6b..902a04a8ec 100644
--- a/tsunami/build/build.go
+++ b/tsunami/build/build.go
@@ -1,11 +1,12 @@
+// Copyright 2025, Command Line Inc.
+// SPDX-License-Identifier: Apache-2.0
+
 package build
 
 import (
 	"archive/zip"
 	"bufio"
 	"fmt"
-	"go/parser"
-	"go/token"
 	"io"
 	"io/fs"
 	"log"
@@ -28,6 +29,7 @@ import (
 
 const MinSupportedGoMinorVersion = 22
 const TsunamiUIImportPath = "github.com/wavetermdev/waveterm/tsunami/ui"
+const MainAppFileName = "app.go"
 
 type OutputCapture struct {
 	lock       sync.Mutex
@@ -446,9 +448,8 @@ func createGoMod(tempDir, appNS, appName string, buildEnv *BuildEnv, opts BuildO
 }
 
 func verifyAppPathFs(fsys fs.FS) error {
-	// Check for app.go file
-	if err := checkFileExistsFS(fsys, "app.go"); err != nil {
-		return fmt.Errorf("app.go check failed: %w", err)
+	if err := checkFileExistsFS(fsys, MainAppFileName); err != nil {
+		return fmt.Errorf("%s check failed: %w", MainAppFileName, err)
 	}
 
 	// Check static directory if it exists
@@ -468,10 +469,10 @@ func GetAppModTime(appPath string) (time.Time, error) {
 		return info.ModTime(), nil
 	}
 
-	appGoPath := filepath.Join(appPath, "app.go")
+	appGoPath := filepath.Join(appPath, MainAppFileName)
 	info, err := os.Stat(appGoPath)
 	if err != nil {
-		return time.Time{}, fmt.Errorf("failed to get app.go mod time: %w", err)
+		return time.Time{}, fmt.Errorf("failed to get %s mod time: %w", MainAppFileName, err)
 	}
 	return info.ModTime(), nil
 }
@@ -486,8 +487,12 @@ func verifyScaffoldFs(fsys fs.FS) error {
 		return fmt.Errorf("dist directory must exist in scaffold")
 	}
 
-	// Check for app-main.go file
-	if err := checkFileExistsFS(fsys, "app-main.go"); err != nil {
+	// Check for app-main.go.tmpl file
+	if err := checkFileExistsFS(fsys, "app-main.go.tmpl"); err != nil {
+		return fmt.Errorf("app-main.go check failed: %w", err)
+	}
+	// Check for app-init.go.tmpl file
+	if err := checkFileExistsFS(fsys, "app-main.go.tmpl"); err != nil {
 		return fmt.Errorf("app-main.go check failed: %w", err)
 	}
 
@@ -513,31 +518,6 @@ func verifyScaffoldFs(fsys fs.FS) error {
 	return nil
 }
 
-func buildImportsMap(dir string) (map[string]bool, error) {
-	imports := make(map[string]bool)
-
-	files, err := filepath.Glob(filepath.Join(dir, "*.go"))
-	if err != nil {
-		return nil, fmt.Errorf("failed to list go files: %w", err)
-	}
-
-	fset := token.NewFileSet()
-	for _, file := range files {
-		node, err := parser.ParseFile(fset, file, nil, parser.ImportsOnly)
-		if err != nil {
-			continue // Skip files that can't be parsed
-		}
-
-		for _, imp := range node.Imports {
-			// Remove quotes from import path
-			importPath := strings.Trim(imp.Path.Value, `"`)
-			imports[importPath] = true
-		}
-	}
-
-	return imports, nil
-}
-
 func (be *BuildEnv) cleanupTempDir(keepTemp bool, verbose bool) {
 	if be == nil || be.cleanupOnce == nil {
 		return
@@ -615,6 +595,11 @@ func TsunamiBuildInternal(opts BuildOpts) (*BuildEnv, error) {
 		return nil, err
 	}
 
+	appInfo, err := parseAndValidateAppFile(appFS)
+	if err != nil {
+		return nil, err
+	}
+
 	// Create temporary directory
 	tempDir, err := os.MkdirTemp("", "tsunami-build-*")
 	if err != nil {
@@ -637,7 +622,7 @@ func TsunamiBuildInternal(opts BuildOpts) (*BuildEnv, error) {
 	}
 
 	// Copy scaffold directory contents selectively
-	scaffoldCount, err := copyScaffoldFS(scaffoldFS, tempDir, opts.Verbose, oc)
+	scaffoldCount, err := copyScaffoldFS(scaffoldFS, tempDir, appInfo.HasAppInit, opts.Verbose, oc)
 	if err != nil {
 		return buildEnv, fmt.Errorf("failed to copy scaffold directory: %w", err)
 	}
@@ -647,13 +632,6 @@ func TsunamiBuildInternal(opts BuildOpts) (*BuildEnv, error) {
 			copyStats.GoFiles, copyStats.StaticFiles, scaffoldCount, copyStats.GoMod, copyStats.GoSum)
 	}
 
-	// Copy app-main.go from scaffold to main-app.go in temp dir
-	appMainSrc := filepath.Join(tempDir, "app-main.go")
-	appMainDest := filepath.Join(tempDir, "main-app.go")
-	if err := os.Rename(appMainSrc, appMainDest); err != nil {
-		return buildEnv, fmt.Errorf("failed to rename app-main.go to main-app.go: %w", err)
-	}
-
 	// Create go.mod file
 	appName := GetAppName(opts.AppPath)
 	if err := createGoMod(tempDir, opts.AppNS, appName, buildEnv, opts, opts.Verbose); err != nil {
@@ -1090,7 +1068,7 @@ func ParseTsunamiPort(line string) int {
 	return port
 }
 
-func copyScaffoldFS(scaffoldFS fs.FS, destDir string, verbose bool, oc *OutputCapture) (int, error) {
+func copyScaffoldFS(scaffoldFS fs.FS, destDir string, hasAppInit bool, verbose bool, oc *OutputCapture) (int, error) {
 	fileCount := 0
 
 	// Handle nm (node_modules) directory - prefer symlink if possible, otherwise copy
@@ -1153,8 +1131,24 @@ func copyScaffoldFS(scaffoldFS fs.FS, destDir string, verbose bool, oc *OutputCa
 	}
 	fileCount += dirCount
 
-	// Copy files by pattern (*.go, *.md, *.json, tailwind.css)
-	patterns := []string{"*.go", "*.md", "*.json", "tailwind.css"}
+	// Always copy app-main.go.tmpl => app-main.go
+	destPath := filepath.Join(destDir, "app-main.go")
+	if err := CopyFileFromFS(scaffoldFS, "app-main.go.tmpl", destPath); err != nil {
+		return 0, fmt.Errorf("failed to copy app-main.go.tmpl: %w", err)
+	}
+	fileCount++
+
+	// Conditionally copy app-init.go.tmpl => app-init.go
+	if hasAppInit {
+		destPath := filepath.Join(destDir, "app-init.go")
+		if err := CopyFileFromFS(scaffoldFS, "app-init.go.tmpl", destPath); err != nil {
+			return 0, fmt.Errorf("failed to copy app-init.go.tmpl: %w", err)
+		}
+		fileCount++
+	}
+
+	// Copy files by pattern (*.md, *.json, tailwind.css)
+	patterns := []string{"*.md", "*.json", "tailwind.css"}
 
 	for _, pattern := range patterns {
 		matches, err := fs.Glob(scaffoldFS, pattern)
diff --git a/tsunami/build/buildutil.go b/tsunami/build/buildutil.go
index 9a3798f09e..ee1bca78ef 100644
--- a/tsunami/build/buildutil.go
+++ b/tsunami/build/buildutil.go
@@ -1,3 +1,6 @@
+// Copyright 2025, Command Line Inc.
+// SPDX-License-Identifier: Apache-2.0
+
 package build
 
 import (
diff --git a/tsunami/engine/clientimpl.go b/tsunami/engine/clientimpl.go
index 7e01f8e900..79c760e98b 100644
--- a/tsunami/engine/clientimpl.go
+++ b/tsunami/engine/clientimpl.go
@@ -73,7 +73,7 @@ type ClientImpl struct {
 	SSEChannelsLock    *sync.Mutex
 	GlobalEventHandler func(event vdom.VDomEvent)
 	UrlHandlerMux      *http.ServeMux
-	SetupFn            func()
+	AppInitFn          func() error
 	AssetsFS           fs.FS
 	StaticFS           fs.FS
 	ManifestFileBytes  []byte
@@ -180,8 +180,11 @@ func (c *ClientImpl) makeBackendOpts() *rpctypes.VDomBackendOpts {
 }
 
 func (c *ClientImpl) runMainE() error {
-	if c.SetupFn != nil {
-		c.SetupFn()
+	if c.AppInitFn != nil {
+		err := c.AppInitFn()
+		if err != nil {
+			return err
+		}
 	}
 	err := c.listenAndServe(context.Background())
 	if err != nil {
@@ -191,8 +194,8 @@ func (c *ClientImpl) runMainE() error {
 	return nil
 }
 
-func (c *ClientImpl) RegisterSetupFn(fn func()) {
-	c.SetupFn = fn
+func (c *ClientImpl) RegisterAppInitFn(fn func() error) {
+	c.AppInitFn = fn
 }
 
 func (c *ClientImpl) RunMain() {
diff --git a/tsunami/templates/app-init.go.tmpl b/tsunami/templates/app-init.go.tmpl
new file mode 100644
index 0000000000..6379a8f22f
--- /dev/null
+++ b/tsunami/templates/app-init.go.tmpl
@@ -0,0 +1,7 @@
+package main
+
+import "github.com/wavetermdev/waveterm/tsunami/app"
+
+func init() {
+    app.RegisterAppInitFn(AppInit)
+}
\ No newline at end of file

From 77ec72de38b860cd2e5032046dd4750510dd3f12 Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Tue, 18 Nov 2025 21:19:14 -0800
Subject: [PATCH 08/12] minor

---
 frontend/app/aipanel/thinkingmode.tsx | 72 +++++++++++++++------------
 frontend/builder/builder-app.tsx      |  9 +++-
 2 files changed, 46 insertions(+), 35 deletions(-)

diff --git a/frontend/app/aipanel/thinkingmode.tsx b/frontend/app/aipanel/thinkingmode.tsx
index 99cc85bc6e..1e0fb76be7 100644
--- a/frontend/app/aipanel/thinkingmode.tsx
+++ b/frontend/app/aipanel/thinkingmode.tsx
@@ -45,6 +45,7 @@ export const ThinkingLevelDropdown = memo(() => {
     const dropdownRef = useRef<HTMLDivElement>(null);
 
     const hasPremium = !rateLimitInfo || rateLimitInfo.unknown || rateLimitInfo.preq > 0;
+    const hideQuick = model.inBuilder && hasPremium;
 
     const handleSelect = (mode: ThinkingMode) => {
         const metadata = ThinkingModeData[mode];
@@ -60,6 +61,9 @@ export const ThinkingLevelDropdown = memo(() => {
     if (!hasPremium && currentMetadata.premium) {
         currentMode = "quick";
     }
+    if (hideQuick && currentMode === "quick") {
+        currentMode = "balanced";
+    }
 
     return (
         <div className="relative" ref={dropdownRef}>
@@ -82,39 +86,41 @@ export const ThinkingLevelDropdown = memo(() => {
                 <>
                     <div className="fixed inset-0 z-40" onClick={() => setIsOpen(false)} />
                     <div className="absolute top-full left-0 mt-1 bg-gray-800 border border-gray-600 rounded shadow-lg z-50 min-w-[280px]">
-                        {(Object.keys(ThinkingModeData) as ThinkingMode[]).map((mode, index) => {
-                            const metadata = ThinkingModeData[mode];
-                            const isFirst = index === 0;
-                            const isLast = index === Object.keys(ThinkingModeData).length - 1;
-                            const isDisabled = !hasPremium && metadata.premium;
-                            const isSelected = currentMode === mode;
-                            return (
-                                <button
-                                    key={mode}
-                                    onClick={() => handleSelect(mode)}
-                                    disabled={isDisabled}
-                                    className={`w-full flex flex-col gap-0.5 px-3 ${
-                                        isFirst ? "pt-1 pb-0.5" : isLast ? "pt-0.5 pb-1" : "pt-0.5 pb-0.5"
-                                    } ${
-                                        isDisabled
-                                            ? "text-gray-500 cursor-not-allowed"
-                                            : "text-gray-300 hover:bg-gray-700 cursor-pointer"
-                                    } transition-colors text-left`}
-                                >
-                                    <div className="flex items-center gap-2 w-full">
-                                        <i className={`fa ${metadata.icon}`}></i>
-                                        <span className={`text-sm ${isSelected ? "font-bold" : ""}`}>
-                                            {metadata.name}
-                                            {isDisabled && " (premium)"}
-                                        </span>
-                                        {isSelected && <i className="fa fa-check ml-auto"></i>}
-                                    </div>
-                                    <div className="text-xs text-muted pl-5" style={{ whiteSpace: "pre-line" }}>
-                                        {metadata.desc}
-                                    </div>
-                                </button>
-                            );
-                        })}
+                        {(Object.keys(ThinkingModeData) as ThinkingMode[])
+                            .filter((mode) => !(hideQuick && mode === "quick"))
+                            .map((mode, index, filteredModes) => {
+                                const metadata = ThinkingModeData[mode];
+                                const isFirst = index === 0;
+                                const isLast = index === filteredModes.length - 1;
+                                const isDisabled = !hasPremium && metadata.premium;
+                                const isSelected = currentMode === mode;
+                                return (
+                                    <button
+                                        key={mode}
+                                        onClick={() => handleSelect(mode)}
+                                        disabled={isDisabled}
+                                        className={`w-full flex flex-col gap-0.5 px-3 ${
+                                            isFirst ? "pt-1 pb-0.5" : isLast ? "pt-0.5 pb-1" : "pt-0.5 pb-0.5"
+                                        } ${
+                                            isDisabled
+                                                ? "text-gray-500 cursor-not-allowed"
+                                                : "text-gray-300 hover:bg-gray-700 cursor-pointer"
+                                        } transition-colors text-left`}
+                                    >
+                                        <div className="flex items-center gap-2 w-full">
+                                            <i className={`fa ${metadata.icon}`}></i>
+                                            <span className={`text-sm ${isSelected ? "font-bold" : ""}`}>
+                                                {metadata.name}
+                                                {isDisabled && " (premium)"}
+                                            </span>
+                                            {isSelected && <i className="fa fa-check ml-auto"></i>}
+                                        </div>
+                                        <div className="text-xs text-muted pl-5" style={{ whiteSpace: "pre-line" }}>
+                                            {metadata.desc}
+                                        </div>
+                                    </button>
+                                );
+                            })}
                     </div>
                 </>
             )}
diff --git a/frontend/builder/builder-app.tsx b/frontend/builder/builder-app.tsx
index a7f092e9cd..e72a0578be 100644
--- a/frontend/builder/builder-app.tsx
+++ b/frontend/builder/builder-app.tsx
@@ -4,7 +4,7 @@
 import { AppSelectionModal } from "@/builder/app-selection-modal";
 import { BuilderWorkspace } from "@/builder/builder-workspace";
 import { ModalsRenderer } from "@/app/modals/modalsrenderer";
-import { atoms, globalStore } from "@/store/global";
+import { atoms, globalStore, isDev } from "@/store/global";
 import { appHandleKeyDown } from "@/store/keymodel";
 import * as keyutil from "@/util/keyutil";
 import { isBlank } from "@/util/util";
@@ -38,9 +38,14 @@ function BuilderAppInner() {
         <div className="w-full h-full flex flex-col bg-main-bg text-main-text">
             <BuilderKeyHandlers />
             <div
-                className="h-9 shrink-0 border-b border-b-border flex items-center justify-center"
+                className="h-9 shrink-0 border-b border-b-border flex items-center justify-center gap-2"
                 style={{ WebkitAppRegion: "drag" } as React.CSSProperties}
             >
+                {isDev() ? (
+                    <div className="text-accent text-xl" title="Running Wave Dev Build">
+                        <i className="fa fa-brands fa-dev fa-fw" />
+                    </div>
+                ) : null}
                 <div className="text-sm font-medium">
                     WaveApp Builder{!isBlank(builderAppId) && ` (${builderAppId})`}
                 </div>

From 8dbb2e9e18d6bbe7b871989dce6fa8c0ff356525 Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Tue, 18 Nov 2025 21:53:56 -0800
Subject: [PATCH 09/12] switch app

---
 emain/emain-builder.ts                        | 11 +++++-
 emain/emain-ipc.ts                            | 10 +++---
 emain/preload.ts                              |  1 +
 frontend/builder/builder-apppanel.tsx         | 34 ++++++++++++++++++-
 .../builder/store/builder-apppanel-model.ts   | 20 ++++++++++-
 frontend/types/custom.d.ts                    |  2 +-
 frontend/wave.ts                              |  9 +----
 7 files changed, 71 insertions(+), 16 deletions(-)

diff --git a/emain/emain-builder.ts b/emain/emain-builder.ts
index 3a389cb8e4..33ca244681 100644
--- a/emain/emain-builder.ts
+++ b/emain/emain-builder.ts
@@ -13,6 +13,7 @@ import { ElectronWshClient } from "./emain-wsh";
 
 export type BuilderWindowType = BrowserWindow & {
     builderId: string;
+    builderAppId?: string;
     savedInitOpts: BuilderInitOpts;
 };
 
@@ -39,6 +40,14 @@ export async function createBuilderWindow(appId: string): Promise<BuilderWindowT
     const clientId = clientData?.oid;
     const windowId = randomUUID();
 
+    if (appId) {
+        const oref = `builder:${builderId}`;
+        await RpcApi.SetRTInfoCommand(ElectronWshClient, {
+            oref,
+            data: { "builder:appid": appId },
+        });
+    }
+
     const winBounds = calculateWindowBounds(undefined, undefined, fullConfig.settings);
 
     const builderWindow = new BrowserWindow({
@@ -71,11 +80,11 @@ export async function createBuilderWindow(appId: string): Promise<BuilderWindowT
         builderId,
         clientId,
         windowId,
-        appId,
     };
 
     const typedBuilderWindow = builderWindow as BuilderWindowType;
     typedBuilderWindow.builderId = builderId;
+    typedBuilderWindow.builderAppId = appId;
     typedBuilderWindow.savedInitOpts = initOpts;
 
     typedBuilderWindow.on("focus", () => {
diff --git a/emain/emain-ipc.ts b/emain/emain-ipc.ts
index a4fd248061..0129d4337f 100644
--- a/emain/emain-ipc.ts
+++ b/emain/emain-ipc.ts
@@ -30,7 +30,7 @@ export function openBuilderWindow(appId?: string) {
     const normalizedAppId = appId || "";
     const existingBuilderWindows = getAllBuilderWindows();
     const existingWindow = existingBuilderWindows.find(
-        (win) => win.savedInitOpts?.appId === normalizedAppId
+        (win) => win.builderAppId === normalizedAppId
     );
     if (existingWindow) {
         existingWindow.focus();
@@ -426,9 +426,7 @@ export function initIpcHandlers() {
         if (bw == null) {
             return;
         }
-        if (bw.savedInitOpts) {
-            bw.savedInitOpts.appId = appId;
-        }
+        bw.builderAppId = appId;
         console.log("set-builder-window-appid", bw.builderId, appId);
     });
 
@@ -453,4 +451,8 @@ export function initIpcHandlers() {
         }
         bw.destroy();
     });
+
+    electron.ipcMain.on("do-refresh", (event) => {
+        event.sender.reloadIgnoringCache();
+    });
 }
diff --git a/emain/preload.ts b/emain/preload.ts
index 3acc23fb45..c6bdf14988 100644
--- a/emain/preload.ts
+++ b/emain/preload.ts
@@ -67,6 +67,7 @@ contextBridge.exposeInMainWorld("api", {
     nativePaste: () => ipcRenderer.send("native-paste"),
     openBuilder: (appId?: string) => ipcRenderer.send("open-builder", appId),
     setBuilderWindowAppId: (appId: string) => ipcRenderer.send("set-builder-window-appid", appId),
+    doRefresh: () => ipcRenderer.send("do-refresh"),
 });
 
 // Custom event for "new-window"
diff --git a/frontend/builder/builder-apppanel.tsx b/frontend/builder/builder-apppanel.tsx
index 3f36cbdb1e..5bdf0d720b 100644
--- a/frontend/builder/builder-apppanel.tsx
+++ b/frontend/builder/builder-apppanel.tsx
@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { Modal } from "@/app/modals/modal";
+import { ContextMenuModel } from "@/app/store/contextmenu";
 import { modalsModel } from "@/app/store/modalmodel";
 import { RpcApi } from "@/app/store/wshclientapi";
 import { TabRpcClient } from "@/app/store/wshrpcutil";
@@ -251,6 +252,30 @@ const BuilderAppPanel = memo(() => {
         modalsModel.pushModal("PublishAppModal", { appName });
     }, [builderAppId]);
 
+    const handleSwitchAppClick = useCallback(() => {
+        model.switchBuilderApp();
+    }, [model]);
+
+    const handleKebabClick = useCallback(
+        (e: React.MouseEvent) => {
+            const menu: ContextMenuItem[] = [
+                {
+                    label: "Publish App",
+                    click: handlePublishClick,
+                },
+                {
+                    type: "separator",
+                },
+                {
+                    label: "Switch App",
+                    click: handleSwitchAppClick,
+                },
+            ];
+            ContextMenuModel.showContextMenu(menu, e);
+        },
+        [handleSwitchAppClick, handlePublishClick]
+    );
+
     return (
         <div
             className="w-full h-full flex flex-col border-b-3 border-border shadow-[0_2px_4px_rgba(0,0,0,0.1)]"
@@ -302,13 +327,20 @@ const BuilderAppPanel = memo(() => {
                             />
                         )}
                     </div>
-                    <div className="flex items-center gap-2 mr-4">
+                    <div className="flex items-center gap-2 mr-2">
                         <button
                             className="px-3 py-1 text-sm font-medium rounded bg-accent/80 text-primary hover:bg-accent transition-colors cursor-pointer"
                             onClick={handlePublishClick}
                         >
                             Publish App
                         </button>
+                        <button
+                            className="px-2 py-1 text-sm font-medium rounded hover:bg-secondary/10 transition-colors cursor-pointer"
+                            onClick={handleKebabClick}
+                            aria-label="More options"
+                        >
+                            <i className="fa fa-ellipsis-vertical" />
+                        </button>
                     </div>
                 </div>
             </div>
diff --git a/frontend/builder/store/builder-apppanel-model.ts b/frontend/builder/store/builder-apppanel-model.ts
index 5ee3d0e174..b371ff129a 100644
--- a/frontend/builder/store/builder-apppanel-model.ts
+++ b/frontend/builder/store/builder-apppanel-model.ts
@@ -5,7 +5,7 @@ import { globalStore } from "@/app/store/jotaiStore";
 import { waveEventSubscribe } from "@/app/store/wps";
 import { RpcApi } from "@/app/store/wshclientapi";
 import { TabRpcClient } from "@/app/store/wshrpcutil";
-import { atoms, WOS } from "@/store/global";
+import { atoms, getApi, WOS } from "@/store/global";
 import { base64ToString, stringToBase64 } from "@/util/util";
 import { atom, type Atom, type PrimitiveAtom } from "jotai";
 import { debounce } from "throttle-debounce";
@@ -219,6 +219,24 @@ export class BuilderAppPanelModel {
         }
     }
 
+    async switchBuilderApp() {
+        const builderId = globalStore.get(atoms.builderId);
+        try {
+            await RpcApi.ControllerStopCommand(TabRpcClient, builderId);
+            await new Promise((resolve) => setTimeout(resolve, 500));
+            await RpcApi.SetRTInfoCommand(TabRpcClient, {
+                oref: WOS.makeORef("builder", builderId),
+                data: { "builder:appid": null },
+            });
+            getApi().setBuilderWindowAppId(null);
+            await new Promise((resolve) => setTimeout(resolve, 100));
+            getApi().doRefresh();
+        } catch (err) {
+            console.error("Failed to switch builder app:", err);
+            globalStore.set(this.errorAtom, `Failed to switch builder app: ${err.message || "Unknown error"}`);
+        }
+    }
+
     async loadAppFile(appId: string) {
         try {
             globalStore.set(this.isLoadingAtom, true);
diff --git a/frontend/types/custom.d.ts b/frontend/types/custom.d.ts
index 231599f858..36d22e5a75 100644
--- a/frontend/types/custom.d.ts
+++ b/frontend/types/custom.d.ts
@@ -70,7 +70,6 @@ declare global {
         builderId: string;
         clientId: string;
         windowId: string;
-        appId: string;
     };
 
     type ElectronApi = {
@@ -128,6 +127,7 @@ declare global {
         nativePaste: () => void; // native-paste
         openBuilder: (appId?: string) => void; // open-builder
         setBuilderWindowAppId: (appId: string) => void; // set-builder-window-appid
+        doRefresh: () => void; // do-refresh
     };
 
     type ElectronContextMenuItem = {
diff --git a/frontend/wave.ts b/frontend/wave.ts
index 6ebe907951..6f7047fdcf 100644
--- a/frontend/wave.ts
+++ b/frontend/wave.ts
@@ -239,8 +239,6 @@ async function initBuilder(initOpts: BuilderInitOpts) {
         initOpts.clientId,
         "windowid",
         initOpts.windowId,
-        "appid",
-        initOpts.appId,
         "platform",
         platform
     );
@@ -259,17 +257,12 @@ async function initBuilder(initOpts: BuilderInitOpts) {
     (window as any).TabRpcClient = TabRpcClient;
     await loadConnStatus();
 
-    let appIdToUse = initOpts.appId;
+    let appIdToUse: string = null;
     try {
         const oref = WOS.makeORef("builder", initOpts.builderId);
         const rtInfo = await RpcApi.GetRTInfoCommand(TabRpcClient, { oref });
         if (rtInfo && rtInfo["builder:appid"]) {
             appIdToUse = rtInfo["builder:appid"];
-        } else if (appIdToUse) {
-            await RpcApi.SetRTInfoCommand(TabRpcClient, {
-                oref,
-                data: { "builder:appid": appIdToUse },
-            });
         }
     } catch (e) {
         console.log("Could not load saved builder appId from rtinfo:", e);

From af1f898ee02e79598bc30a37ab260a1dd2ea652f Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Tue, 18 Nov 2025 22:08:23 -0800
Subject: [PATCH 10/12] get switch actually working

---
 frontend/app/store/wshclientapi.ts               |  5 +++++
 frontend/builder/store/builder-apppanel-model.ts | 12 ++----------
 pkg/buildercontroller/buildercontroller.go       |  1 +
 pkg/wshrpc/wshclient/wshclient.go                |  6 ++++++
 pkg/wshrpc/wshrpctypes.go                        |  1 +
 pkg/wshrpc/wshserver/wshserver.go                |  8 ++++++++
 6 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/frontend/app/store/wshclientapi.ts b/frontend/app/store/wshclientapi.ts
index 557154a710..0715eae699 100644
--- a/frontend/app/store/wshclientapi.ts
+++ b/frontend/app/store/wshclientapi.ts
@@ -547,6 +547,11 @@ class RpcApiType {
         return client.wshRpcCall("startbuilder", data, opts);
     }
 
+    // command "stopbuilder" [call]
+    StopBuilderCommand(client: WshClient, data: string, opts?: RpcOpts): Promise<void> {
+        return client.wshRpcCall("stopbuilder", data, opts);
+    }
+
     // command "streamcpudata" [responsestream]
 	StreamCpuDataCommand(client: WshClient, data: CpuDataRequest, opts?: RpcOpts): AsyncGenerator<TimeSeriesData, void, boolean> {
         return client.wshRpcStream("streamcpudata", data, opts);
diff --git a/frontend/builder/store/builder-apppanel-model.ts b/frontend/builder/store/builder-apppanel-model.ts
index b371ff129a..ccd6bb7777 100644
--- a/frontend/builder/store/builder-apppanel-model.ts
+++ b/frontend/builder/store/builder-apppanel-model.ts
@@ -208,21 +208,13 @@ export class BuilderAppPanelModel {
     }
 
     async restartBuilder() {
-        const builderId = globalStore.get(atoms.builderId);
-        try {
-            await RpcApi.ControllerStopCommand(TabRpcClient, builderId);
-            await new Promise((resolve) => setTimeout(resolve, 500));
-            await this.startBuilder();
-        } catch (err) {
-            console.error("Failed to restart builder:", err);
-            globalStore.set(this.errorAtom, `Failed to restart builder: ${err.message || "Unknown error"}`);
-        }
+        return this.restartBuilder();
     }
 
     async switchBuilderApp() {
         const builderId = globalStore.get(atoms.builderId);
         try {
-            await RpcApi.ControllerStopCommand(TabRpcClient, builderId);
+            await RpcApi.StopBuilderCommand(TabRpcClient, builderId);
             await new Promise((resolve) => setTimeout(resolve, 500));
             await RpcApi.SetRTInfoCommand(TabRpcClient, {
                 oref: WOS.makeORef("builder", builderId),
diff --git a/pkg/buildercontroller/buildercontroller.go b/pkg/buildercontroller/buildercontroller.go
index 69e1da2ceb..0200575124 100644
--- a/pkg/buildercontroller/buildercontroller.go
+++ b/pkg/buildercontroller/buildercontroller.go
@@ -153,6 +153,7 @@ func (bc *BuilderController) Start(ctx context.Context, appId string, builderEnv
 	if err := bc.waitForBuildDone(ctx); err != nil {
 		return err
 	}
+	log.Printf("*** BC %s\n", appId)
 
 	bc.lock.Lock()
 	defer bc.lock.Unlock()
diff --git a/pkg/wshrpc/wshclient/wshclient.go b/pkg/wshrpc/wshclient/wshclient.go
index e59019a208..10f2d17540 100644
--- a/pkg/wshrpc/wshclient/wshclient.go
+++ b/pkg/wshrpc/wshclient/wshclient.go
@@ -658,6 +658,12 @@ func StartBuilderCommand(w *wshutil.WshRpc, data wshrpc.CommandStartBuilderData,
 	return err
 }
 
+// command "stopbuilder", wshserver.StopBuilderCommand
+func StopBuilderCommand(w *wshutil.WshRpc, data string, opts *wshrpc.RpcOpts) error {
+	_, err := sendRpcRequestCallHelper[any](w, "stopbuilder", data, opts)
+	return err
+}
+
 // command "streamcpudata", wshserver.StreamCpuDataCommand
 func StreamCpuDataCommand(w *wshutil.WshRpc, data wshrpc.CpuDataRequest, opts *wshrpc.RpcOpts) chan wshrpc.RespOrErrorUnion[wshrpc.TimeSeriesData] {
 	return sendRpcRequestResponseStreamHelper[wshrpc.TimeSeriesData](w, "streamcpudata", data, opts)
diff --git a/pkg/wshrpc/wshrpctypes.go b/pkg/wshrpc/wshrpctypes.go
index 67acb4bba6..0ce53d257f 100644
--- a/pkg/wshrpc/wshrpctypes.go
+++ b/pkg/wshrpc/wshrpctypes.go
@@ -343,6 +343,7 @@ type WshRpcInterface interface {
 	WriteAppSecretBindingsCommand(ctx context.Context, data CommandWriteAppSecretBindingsData) error
 	DeleteBuilderCommand(ctx context.Context, builderId string) error
 	StartBuilderCommand(ctx context.Context, data CommandStartBuilderData) error
+	StopBuilderCommand(ctx context.Context, builderId string) error
 	RestartBuilderAndWaitCommand(ctx context.Context, data CommandRestartBuilderAndWaitData) (*RestartBuilderAndWaitResult, error)
 	GetBuilderStatusCommand(ctx context.Context, builderId string) (*BuilderStatusData, error)
 	GetBuilderOutputCommand(ctx context.Context, builderId string) ([]string, error)
diff --git a/pkg/wshrpc/wshserver/wshserver.go b/pkg/wshrpc/wshserver/wshserver.go
index d8acce8f58..e8672076a3 100644
--- a/pkg/wshrpc/wshserver/wshserver.go
+++ b/pkg/wshrpc/wshserver/wshserver.go
@@ -1083,6 +1083,14 @@ func (ws *WshServer) StartBuilderCommand(ctx context.Context, data wshrpc.Comman
 	return bc.Start(ctx, appId, rtInfo.BuilderEnv)
 }
 
+func (ws *WshServer) StopBuilderCommand(ctx context.Context, builderId string) error {
+	if builderId == "" {
+		return fmt.Errorf("must provide a builderId to StopBuilderCommand")
+	}
+	bc := buildercontroller.GetOrCreateController(builderId)
+	return bc.Stop()
+}
+
 func (ws *WshServer) RestartBuilderAndWaitCommand(ctx context.Context, data wshrpc.CommandRestartBuilderAndWaitData) (*wshrpc.RestartBuilderAndWaitResult, error) {
 	if data.BuilderId == "" {
 		return nil, fmt.Errorf("must provide a builderId to RestartBuilderAndWaitCommand")

From 629213ce0d20834c08c6359c280bb02f017ba38c Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Tue, 18 Nov 2025 23:18:32 -0800
Subject: [PATCH 11/12] address review concerns and some nits

---
 frontend/builder/store/builder-apppanel-model.ts | 3 ++-
 pkg/buildercontroller/buildercontroller.go       | 8 ++++++--
 pkg/wshrpc/wshserver/wshserver.go                | 5 ++++-
 tsunami/app/defaultclient.go                     | 3 +--
 tsunami/build/build.go                           | 8 ++++++--
 5 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/frontend/builder/store/builder-apppanel-model.ts b/frontend/builder/store/builder-apppanel-model.ts
index ccd6bb7777..9e9e771d00 100644
--- a/frontend/builder/store/builder-apppanel-model.ts
+++ b/frontend/builder/store/builder-apppanel-model.ts
@@ -208,7 +208,8 @@ export class BuilderAppPanelModel {
     }
 
     async restartBuilder() {
-        return this.restartBuilder();
+        // the RPC call that starts the builder actually forces a restart, so this works
+        return this.startBuilder();
     }
 
     async switchBuilderApp() {
diff --git a/pkg/buildercontroller/buildercontroller.go b/pkg/buildercontroller/buildercontroller.go
index 0200575124..79a63474ba 100644
--- a/pkg/buildercontroller/buildercontroller.go
+++ b/pkg/buildercontroller/buildercontroller.go
@@ -88,6 +88,12 @@ func GetOrCreateController(builderId string) *BuilderController {
 	return bc
 }
 
+func GetController(builderId string) *BuilderController {
+	mapLock.Lock()
+	defer mapLock.Unlock()
+	return controllerMap[builderId]
+}
+
 func DeleteController(builderId string) {
 	mapLock.Lock()
 	bc := controllerMap[builderId]
@@ -153,8 +159,6 @@ func (bc *BuilderController) Start(ctx context.Context, appId string, builderEnv
 	if err := bc.waitForBuildDone(ctx); err != nil {
 		return err
 	}
-	log.Printf("*** BC %s\n", appId)
-
 	bc.lock.Lock()
 	defer bc.lock.Unlock()
 
diff --git a/pkg/wshrpc/wshserver/wshserver.go b/pkg/wshrpc/wshserver/wshserver.go
index e8672076a3..131ac51e60 100644
--- a/pkg/wshrpc/wshserver/wshserver.go
+++ b/pkg/wshrpc/wshserver/wshserver.go
@@ -1087,7 +1087,10 @@ func (ws *WshServer) StopBuilderCommand(ctx context.Context, builderId string) e
 	if builderId == "" {
 		return fmt.Errorf("must provide a builderId to StopBuilderCommand")
 	}
-	bc := buildercontroller.GetOrCreateController(builderId)
+	bc := buildercontroller.GetController(builderId)
+	if bc == nil {
+		return nil
+	}
 	return bc.Stop()
 }
 
diff --git a/tsunami/app/defaultclient.go b/tsunami/app/defaultclient.go
index 46119d13fc..e033bfd2a6 100644
--- a/tsunami/app/defaultclient.go
+++ b/tsunami/app/defaultclient.go
@@ -238,11 +238,10 @@ func OpenStaticFile(path string) (fs.File, error) {
 // ListStaticFiles returns FileInfo for all files in the embedded static filesystem.
 // The Name() of each FileInfo will be the full path prefixed with "static/" (e.g., "static/config.json"),
 // which can be passed directly to ReadStaticFile or OpenStaticFile.
-// Returns an empty slice if StaticFS is nil or on error.
 func ListStaticFiles() ([]fs.FileInfo, error) {
 	client := engine.GetDefaultClient()
 	if client.StaticFS == nil {
-		return nil, nil
+		return nil, errors.New("static files not available before app initialization; use AppInit to access files during initialization")
 	}
 
 	var fileInfos []fs.FileInfo
diff --git a/tsunami/build/build.go b/tsunami/build/build.go
index 902a04a8ec..ef3022b1b5 100644
--- a/tsunami/build/build.go
+++ b/tsunami/build/build.go
@@ -17,6 +17,7 @@ import (
 	"path/filepath"
 	"regexp"
 	"runtime"
+	"slices"
 	"strconv"
 	"strings"
 	"sync"
@@ -492,8 +493,8 @@ func verifyScaffoldFs(fsys fs.FS) error {
 		return fmt.Errorf("app-main.go check failed: %w", err)
 	}
 	// Check for app-init.go.tmpl file
-	if err := checkFileExistsFS(fsys, "app-main.go.tmpl"); err != nil {
-		return fmt.Errorf("app-main.go check failed: %w", err)
+	if err := checkFileExistsFS(fsys, "app-init.go.tmpl"); err != nil {
+		return fmt.Errorf("app-init.go check failed: %w", err)
 	}
 
 	// Check for tailwind.css file
@@ -1157,6 +1158,9 @@ func copyScaffoldFS(scaffoldFS fs.FS, destDir string, hasAppInit bool, verbose b
 		}
 
 		for _, match := range matches {
+			if slices.Contains(packageFiles, match) {
+				continue
+			}
 			destPath := filepath.Join(destDir, match)
 			if err := CopyFileFromFS(scaffoldFS, match, destPath); err != nil {
 				return 0, fmt.Errorf("failed to copy %s: %w", match, err)

From 08b4bcb7461a466a58aa5e1ee178dacac272e35d Mon Sep 17 00:00:00 2001
From: sawka <mike@commandline.dev>
Date: Wed, 19 Nov 2025 09:40:54 -0800
Subject: [PATCH 12/12] minor

---
 tsunami/build/build.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tsunami/build/build.go b/tsunami/build/build.go
index ef3022b1b5..54e4a901b9 100644
--- a/tsunami/build/build.go
+++ b/tsunami/build/build.go
@@ -811,7 +811,7 @@ func generateManifest(tempDir, exePath string, opts BuildOpts) error {
 	startIdx := strings.Index(manifestStr, startTag)
 	endIdx := strings.Index(manifestStr, endTag)
 
-	if startIdx == -1 || endIdx == -1 {
+	if startIdx == -1 || endIdx == -1 || endIdx <= startIdx {
 		return fmt.Errorf("manifest delimiters not found in output")
 	}