Paragon panel: keep cascade passives, strip free actives; DK passive DBC fix

- PanelLearnSpellChain: record every non-chain passive as panel_spell_child;
  only revoke non-passive (Blood Presence, Death Coil, Death Grip, etc.).
- RevokeUnwantedCascadeSpellsForPlayer: skip passive rewards on login sweep.
- RevokeBlockedSpellsForPlayer: migrate legacy passive revoke rows to
  children; walk (parent, revoked) pairs from DB.
- PruneSkillLineCascadeChildrenFromDb: only strip actives wrongly stored as
  children; never strip passives.
- SpellInfoCorrections: set SPELL_ATTR0_PASSIVE on Forceful Deflection (49410)
  and Runic Focus (61455) so IsPassive() matches spellbook behavior.
- PanelUnlearnTalentPurchase: mirror resetTalents (_removeTalentAurasAndSpells,
  _removeTalent, SendTalentsInfoData) so Beast Mastery loss triggers pet reset.
- OnPlayerLogin: run legacy passive attach before scoped cascade sweep.
- Add .paragon recalibrate GM command (RBAC modify): full panel reset + AE/TE
  reconciliation for selected player or self.

Co-authored-by: Cursor <cursoragent@cursor.com>

.github/workflows/distro-release-sync.yml

@@ -0,0 +1,150 @@
+# When a release is published on this repo (or manual dispatch):
+#   1. Builds the Electron launcher from that tag (npm run pack:win).
+#   2. Downloads any assets attached to the same release on this repo (patches, Wow exe, …).
+#   3. Merges them (launcher files win on name collision) and creates/updates the matching
+#      release on Fractured-Distro.
+#
+# Setup (GitHub → Settings → Secrets and variables → Actions):
+#   DISTRO_SYNC_TOKEN — PAT with releases write on Fractured-Distro (see repo README).
+#
+# Change DISTRO_REPO or the job `if:` if your GitHub slugs differ.
+
+name: Sync release to Fractured-Distro
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Release tag on this repo (must exist; e.g. v1.0.0)'
+        required: true
+        type: string
+
+permissions:
+  contents: read
+
+env:
+  DISTRO_REPO: Dawnforger/Fractured-Distro
+
+jobs:
+  meta:
+    runs-on: ubuntu-latest
+    if: github.repository == 'Dawnforger/Fractured'
+    outputs:
+      tag: ${{ steps.t.outputs.tag }}
+    steps:
+      - name: Resolve tag
+        id: t
+        shell: bash
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            echo "tag=${{ inputs.tag }}" >> "$GITHUB_OUTPUT"
+          else
+            echo "tag=${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
+          fi
+
+  build-electron:
+    needs: meta
+    if: github.repository == 'Dawnforger/Fractured'
+    runs-on: windows-latest
+    timeout-minutes: 45
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.meta.outputs.tag }}
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: npm
+          cache-dependency-path: tools/fractured-launcher-electron/package-lock.json
+
+      - name: Install and pack (NSIS + portable)
+        working-directory: tools/fractured-launcher-electron
+        run: |
+          npm ci
+          npm run pack:win
+
+      - name: Stage launcher files for upload
+        shell: pwsh
+        run: |
+          New-Item -ItemType Directory -Force -Path launcher-publish | Out-Null
+          Copy-Item tools/fractured-launcher-electron/dist/*.exe launcher-publish/
+          if (Test-Path tools/fractured-launcher-electron/dist/latest.yml) {
+            Copy-Item tools/fractured-launcher-electron/dist/latest.yml launcher-publish/
+          }
+          Get-ChildItem tools/fractured-launcher-electron/dist/*.blockmap -ErrorAction SilentlyContinue |
+            Copy-Item -Destination launcher-publish/
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: electron-dist
+          path: launcher-publish/
+
+  sync-distro:
+    needs: [meta, build-electron]
+    if: github.repository == 'Dawnforger/Fractured'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: electron-dist
+          path: /tmp/electron
+
+      - name: Merge main release assets + Electron build
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          set -euo pipefail
+          TAG="${{ needs.meta.outputs.tag }}"
+          mkdir -p combined
+          mkdir -p /tmp/from-main
+          if gh release download "$TAG" -R "${{ github.repository }}" -D /tmp/from-main 2>/tmp/dl.err; then
+            shopt -s nullglob
+            for f in /tmp/from-main/*; do
+              if [ -f "$f" ]; then
+                cp -f "$f" combined/
+              fi
+            done
+            echo "Merged assets from ${{ github.repository }} release $TAG"
+          else
+            echo "Main release download note (continuing with launcher only):"
+            cat /tmp/dl.err || true
+          fi
+          shopt -s nullglob
+          for f in /tmp/electron/*; do
+            if [ -f "$f" ]; then
+              cp -f "$f" combined/
+            fi
+          done
+          echo "Combined directory:"
+          ls -la combined/
+
+      - name: Upload to Fractured-Distro
+        env:
+          GH_TOKEN: ${{ secrets.DISTRO_SYNC_TOKEN }}
+        run: |
+          set -euo pipefail
+          if [ -z "${GH_TOKEN:-}" ]; then
+            echo "Missing secret DISTRO_SYNC_TOKEN (PAT with access to $DISTRO_REPO)."
+            exit 1
+          fi
+          TAG="${{ needs.meta.outputs.tag }}"
+          shopt -s nullglob
+          files=(combined/*)
+          if [ "${#files[@]}" -eq 0 ]; then
+            echo "Nothing to upload (Electron pack produced no files?)."
+            exit 1
+          fi
+          SRC_URL="https://github.com/${{ github.repository }}/releases/tag/${TAG}"
+          if gh release view "$TAG" -R "$DISTRO_REPO" &>/dev/null; then
+            gh release upload "$TAG" -R "$DISTRO_REPO" "${files[@]}" --clobber
+            echo "Uploaded (clobber) to $DISTRO_REPO release $TAG"
+          else
+            gh release create "$TAG" -R "$DISTRO_REPO" \
+              --title "Fractured $TAG" \
+              --notes "Synced from [$TAG]($SRC_URL) on ${{ github.repository }}. Includes CI-built Electron launcher + release assets." \
+              "${files[@]}"
+            echo "Created $DISTRO_REPO release $TAG with ${#files[@]} asset(s)."
+          fi

.github/workflows/fractured-launcher-ci.yml

@@ -0,0 +1,81 @@
+# Verifies Electron launcher Windows pack and uploads installers for testing.
+
+name: Fractured launcher CI
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [master, main]
+    paths:
+      - 'tools/fractured-launcher-electron/**'
+      - '.github/workflows/fractured-launcher-ci.yml'
+  pull_request:
+    paths:
+      - 'tools/fractured-launcher-electron/**'
+      - '.github/workflows/fractured-launcher-ci.yml'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: fractured-launcher-ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  electron-launcher-windows:
+    runs-on: windows-latest
+    timeout-minutes: 45
+    defaults:
+      run:
+        working-directory: tools/fractured-launcher-electron
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: npm
+          cache-dependency-path: tools/fractured-launcher-electron/package-lock.json
+
+      - name: Install and pack (NSIS + portable)
+        run: |
+          npm ci
+          npm run pack:win
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: fractured-launcher-electron-windows-${{ github.run_id }}
+          if-no-files-found: warn
+          path: |
+            tools/fractured-launcher-electron/dist/*.exe
+            tools/fractured-launcher-electron/dist/latest.yml
+            tools/fractured-launcher-electron/dist/*.blockmap
+
+  electron-launcher-linux:
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    defaults:
+      run:
+        working-directory: tools/fractured-launcher-electron
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: npm
+          cache-dependency-path: tools/fractured-launcher-electron/package-lock.json
+
+      - name: Install and pack (AppImage)
+        run: |
+          npm ci
+          npm run pack:linux
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: fractured-launcher-electron-linux-${{ github.run_id }}
+          if-no-files-found: warn
+          path: |
+            tools/fractured-launcher-electron/dist/*.AppImage
+            tools/fractured-launcher-electron/dist/*.yml
+            tools/fractured-launcher-electron/dist/*.blockmap

.github/workflows/gitea-release-sync.yml

@@ -0,0 +1,224 @@
+# Primary path for player-facing binaries: every *published* GitHub Release on this repo
+# is mirrored to your self-hosted Gitea (same tag). No public GitHub distro repo.
+#
+# Triggers:
+#   - release: published / released → GitHub “Release” (not a raw git tag alone).
+#   - workflow_dispatch → Actions → this workflow → “Run workflow” (enter tag).
+#
+# Troubleshooting: “Re-run failed jobs” on an OLD run replays the *original* workflow
+# YAML (e.g. still runs `npm run pack:win` without --publish never). After changing this
+# file on default branch, start a *new* run via “Run workflow”, not Re-run on a pre-fix run.
+#
+# Important: pushing only a git tag does NOT run this — you must create/publish a
+# Release on github.com (Releases → Draft/new release → Publish). The workflow
+# definition must exist on the repo DEFAULT branch (GitHub runs it from there).
+#
+# Steps: Windows (NSIS+portable) + Linux (AppImage) in parallel, launcher from DEFAULT BRANCH
+# overlay on tag checkout → merge with GitHub release assets → upload all to Gitea.
+#
+# Secrets: GITEA_BASE_URL, GITEA_TOKEN, GITEA_OWNER, GITEA_REPO
+# Optional variable: GITEA_TARGET_REF (see tools/fractured-launcher-electron/README.md)
+#
+# Job guard: edit `if:` if github.repository is not Dawnforger/Fractured.
+
+name: Sync release to Gitea
+
+on:
+  release:
+    types: [published, released]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Release tag on this GitHub repo (must exist; e.g. v1.0.0)'
+        required: true
+        type: string
+
+permissions:
+  contents: read
+
+concurrency:
+  group: gitea-release-sync-${{ github.repository }}-${{ github.event_name == 'workflow_dispatch' && github.event.inputs.tag || github.event.release.tag_name }}
+  cancel-in-progress: false
+
+jobs:
+  meta:
+    runs-on: ubuntu-latest
+    if: github.repository == 'Dawnforger/Fractured'
+    outputs:
+      tag: ${{ steps.t.outputs.tag }}
+    steps:
+      - name: Resolve tag
+        id: t
+        shell: bash
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            echo "tag=${{ github.event.inputs.tag }}" >> "$GITHUB_OUTPUT"
+          else
+            echo "tag=${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
+          fi
+
+  build-electron:
+    needs: meta
+    if: github.repository == 'Dawnforger/Fractured'
+    runs-on: windows-latest
+    timeout-minutes: 45
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.meta.outputs.tag }}
+
+      # Release tags often point at server/game commits that predate launcher lib fixes.
+      # Always pack the launcher from default branch so app.asar includes the full tree.
+      - name: Overlay launcher from default branch
+        shell: bash
+        run: |
+          set -euo pipefail
+          DB="${{ github.event.repository.default_branch }}"
+          git fetch --no-tags --depth=1 origin "+refs/heads/${DB}:refs/remotes/origin/${DB}"
+          git checkout "origin/${DB}" -- tools/fractured-launcher-electron
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: npm
+          cache-dependency-path: tools/fractured-launcher-electron/package-lock.json
+
+      - name: Install and pack (NSIS + portable)
+        working-directory: tools/fractured-launcher-electron
+        run: |
+          npm ci
+          npm run pack:win
+
+      - name: Stage launcher files for upload
+        shell: pwsh
+        run: |
+          New-Item -ItemType Directory -Force -Path launcher-publish | Out-Null
+          Copy-Item tools/fractured-launcher-electron/dist/*.exe launcher-publish/
+          if (Test-Path tools/fractured-launcher-electron/dist/latest.yml) {
+            Copy-Item tools/fractured-launcher-electron/dist/latest.yml launcher-publish/
+          }
+          Get-ChildItem tools/fractured-launcher-electron/dist/*.blockmap -ErrorAction SilentlyContinue |
+            Copy-Item -Destination launcher-publish/
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: electron-dist-windows
+          path: launcher-publish/
+
+  build-electron-linux:
+    needs: meta
+    if: github.repository == 'Dawnforger/Fractured'
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.meta.outputs.tag }}
+
+      - name: Overlay launcher from default branch
+        shell: bash
+        run: |
+          set -euo pipefail
+          DB="${{ github.event.repository.default_branch }}"
+          git fetch --no-tags --depth=1 origin "+refs/heads/${DB}:refs/remotes/origin/${DB}"
+          git checkout "origin/${DB}" -- tools/fractured-launcher-electron
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: npm
+          cache-dependency-path: tools/fractured-launcher-electron/package-lock.json
+
+      - name: Install and pack (AppImage)
+        working-directory: tools/fractured-launcher-electron
+        run: |
+          npm ci
+          npm run pack:linux
+
+      - name: Stage Linux launcher for upload
+        shell: bash
+        run: |
+          set -euo pipefail
+          mkdir -p launcher-linux-publish
+          shopt -s nullglob
+          cp -f tools/fractured-launcher-electron/dist/*.AppImage launcher-linux-publish/ 2>/dev/null || true
+          cp -f tools/fractured-launcher-electron/dist/*.yml launcher-linux-publish/ 2>/dev/null || true
+          cp -f tools/fractured-launcher-electron/dist/*.blockmap launcher-linux-publish/ 2>/dev/null || true
+          ls -la launcher-linux-publish/
+          if ! compgen -G "launcher-linux-publish/*.AppImage" > /dev/null; then
+            echo "No AppImage under dist/ — electron-builder linux target failed" >&2
+            exit 1
+          fi
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: electron-dist-linux
+          path: launcher-linux-publish/
+
+  sync-gitea:
+    needs: [meta, build-electron, build-electron-linux]
+    if: github.repository == 'Dawnforger/Fractured'
+    runs-on: ubuntu-latest
+    env:
+      GITEA_BASE_URL: ${{ secrets.GITEA_BASE_URL }}
+      GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+      GITEA_OWNER: ${{ secrets.GITEA_OWNER }}
+      GITEA_REPO: ${{ secrets.GITEA_REPO }}
+      GITEA_TARGET_REF: ${{ vars.GITEA_TARGET_REF }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # Script may not exist on older release tags; always use default branch.
+          ref: ${{ github.event.repository.default_branch }}
+          sparse-checkout: |
+            tools/fractured-launcher-electron/scripts
+          sparse-checkout-cone-mode: true
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: electron-dist-windows
+          path: /tmp/electron-win
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: electron-dist-linux
+          path: /tmp/electron-linux
+
+      - name: Merge GitHub release assets + Electron build
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          set -euo pipefail
+          TAG="${{ needs.meta.outputs.tag }}"
+          mkdir -p combined
+          mkdir -p /tmp/from-main
+          if gh release download "$TAG" -R "${{ github.repository }}" -D /tmp/from-main 2>/tmp/dl.err; then
+            shopt -s nullglob
+            for f in /tmp/from-main/*; do
+              if [ -f "$f" ]; then
+                cp -f "$f" combined/
+              fi
+            done
+            echo "Merged assets from ${{ github.repository }} release $TAG"
+          else
+            echo "GitHub release download note (continuing with launcher only):"
+            cat /tmp/dl.err || true
+          fi
+          shopt -s nullglob
+          for f in /tmp/electron-win/* /tmp/electron-linux/*; do
+            if [ -f "$f" ]; then
+              cp -f "$f" combined/
+            fi
+          done
+          ls -la combined/
+
+      - name: Upload to Gitea
+        run: |
+          set -euo pipefail
+          for v in GITEA_BASE_URL GITEA_TOKEN GITEA_OWNER GITEA_REPO; do
+            if [ -z "${!v:-}" ]; then
+              echo "Missing secret $v — add it under repo Settings → Secrets and variables → Actions." >&2
+              exit 1
+            fi
+          done
+          bash tools/fractured-launcher-electron/scripts/upload-release-to-gitea.sh combined "${{ needs.meta.outputs.tag }}"

contrib/fractured-dev-extras/CLIENT-PATCHES.md

@@ -7,6 +7,13 @@ re-downloaded without bloating `git clone`.
 
 This file is the table of contents and install guide.
 
+**Launcher (Windows):** The maintained client launcher lives in
+[`tools/fractured-launcher-electron/`](../../tools/fractured-launcher-electron/)
+(see its README for build and config). **Public downloads** for the launcher
+and mirrored patch assets are pushed to
+[Fractured-Distro releases](https://github.com/Dawnforger/Fractured-Distro/releases)
+when a release is published here (workflow **Sync release to Fractured-Distro**).
+
 ---
 
 ## What ships in a release
@@ -14,15 +21,21 @@ This file is the table of contents and install guide.
 | Artifact | Size | Purpose |
 |---|---|---|
 | `patch-enUS-4.MPQ` | ~5 MB | DBC + GlueXML bake. Adds `CLASS_PARAGON` (id 12), the character-create slot, glue strings, game-table DBCs, and a patched `Spell.dbc`: **(1)** `RuneCostID` zeroed on every rune-cost spell so non–Death Knight clients still send DK casts (rune costs are shown via `RuneFrame.lua`); **(2)** `Reagent[]` / `ReagentCount[]` zeroed on every spell whose `SpellFamilyName` is non-zero (all class abilities), while profession crafts (`SpellFamilyName == 0`) keep their materials. Both edits mirror server load-time corrections so client preflight and server validation stay aligned. Required for character creation as Paragon to even show up. |
-| `patch-enUS-5.MPQ` | ~50 KB | FrameXML overrides. Replaces stock `PlayerFrame.lua` / `RuneFrame.lua` / `ComboFrame.lua` / `UnitFrame.lua` / `SpellBookFrame.lua` + `SpellBookFrame.xml` with Paragon-aware versions: rune simulator, combo-point simulator, server-authoritative resource sync over the `PARAA` addon channel, action-button usability + click guards, an expanded spellbook (higher `MAX_SPELLS`, 24 skill-line tabs instead of stock 8) so all-class spells render, Paragon stat tooltips on the character sheet, and a tooltip post-processor that appends ", Paragon" to the "Classes:" line on class-restricted gear / glyphs (the server bypasses `AllowableClass` for class 12, but the engine paints the line red and omits Paragon — the Lua hook recolors it green and adds the name so the player can tell it's wearable). The paper-doll **ammo slot** follows stock visibility rules (shown for hunters / ranged weapons; hidden when `UnitHasRelicSlot` applies). |
-| `patch-enUS-6.MPQ` | ~160 KB | The `ParagonAdvancement` addon. Replaces the talent pane (`N` key) for Paragon characters with the Character Advancement panel: per-class spell tabs, talent grid, Overview/Search tabs, AE/TE currency, commit / reset / preview, login-time toast suppression. |
+| `patch-enUS-5.MPQ` | ~57 KB | FrameXML overrides. Replaces stock `PlayerFrame.lua` / `RuneFrame.lua` / `ComboFrame.lua` / `UnitFrame.lua` / `SpellBookFrame.lua` + `SpellBookFrame.xml` with Paragon-aware versions: rune simulator, combo-point simulator, server-authoritative resource sync over the `PARAA` addon channel, action-button usability + click guards, an expanded spellbook (higher `MAX_SPELLS`, 24 skill-line tabs instead of stock 8) so all-class spells render, Paragon stat tooltips on the character sheet (including filtering duplicate “attack power from strength” lines so the paper doll matches server AP), a tooltip post-processor that appends ", Paragon" to the "Classes:" line on class-restricted gear / glyphs (the server bypasses `AllowableClass` for class 12, but the engine paints the line red and omits Paragon — the Lua hook recolors it green and adds the name so the player can tell it's wearable), and **PetFrame** re-anchored so the **pet unit frame sits below the rune row** for Paragon (stock layout had runes overlapping the pet portrait). The paper-doll **ammo slot** follows stock visibility rules (shown for hunters / ranged weapons; hidden when `UnitHasRelicSlot` applies). |
+| `patch-enUS-6.MPQ` | ~134 KB | The `ParagonAdvancement` addon. Replaces the talent pane (`N` key) for Paragon characters with the Character Advancement panel: per-class spell tabs, talent grid, Overview/Search tabs, AE/TE currency, commit / reset / preview, login-time toast suppression, a **PETS** tab with live hunter pet talent trees (preview learn, no TE/AE cost), a dedicated **Reset Pet Talents** control (server `PARAA` `C RESET PET TALENTS` — instant, no gold, no confirmation; requires matching worldserver), bottom-row **Reset all Abilities / Reset Build / Reset all Talents** disabled while on the PETS tab so those paths cannot dismiss the pet or unlearn Tame Beast, and a **Builds** page (full-pane overlay opened from the bottom-row Builds button) for saving named, icon-tagged loadouts: New Build (+) icon picker reuses `MACRO_ICON_FILENAMES`, right-click for edit/delete, shift-left-click to favorite (favorites bubble to the top), left-click pops a Load Build confirm. Build swaps reset + refund AE/TE, re-spend on the saved recipe, and **park hunter pets** to `PET_SAVE_NOT_IN_SLOT` so their name/talents/exp are preserved across swaps. |
 | `Wow.exe` | ~7.5 MB | 3.3.5a (build 12340) client byte-patched to skip the MPQ signature check so custom `patch-enUS-N.MPQ` files load. Diff against stock is a few bytes; everything else is unchanged. |
 
 Server and client work as a pair: the addon talks to `mod-paragon` on the
 worldserver via `WHISPER` addon-channel messages with the `PARAA` prefix
 (currency push, spell/talent snapshot, commit, combo points, rune
-cooldowns, learn-toast silence window). Mismatched versions usually
-manifest as the panel rendering blank or AE/TE reading 0/0.
+cooldowns, learn-toast silence window, **`C RESET PET TALENTS`**
+for hunter pet talent resets from the Character Advancement PETS tab,
+and the **build catalog** verbs `Q BUILDS` / `C BUILD NEW` / `C BUILD
+EDIT` / `C BUILD DELETE` / `C BUILD FAVORITE` / `C BUILD LOAD` for the
+saved-loadout system on the Builds page). Build swaps require the
+matching worldserver image because the swap path is server-driven
+(snapshot → reset → re-spend → pet park/unpark). Mismatched versions
+usually manifest as the panel rendering blank or AE/TE reading 0/0.
 
 ---
 

modules/mod-paragon/data/sql/db-characters/updates/2026_05_10_03.sql

@@ -0,0 +1,62 @@
+-- mod-paragon Character Advancement: Build catalog (saved loadouts).
+-- ----------------------------------------------------------------------------
+-- A "build" is a named, icon-tagged loadout of panel-purchased spells and
+-- talent ranks. Each Paragon character can save many builds and swap
+-- between them via the Builds page in the Character Advancement panel.
+--
+-- Swap workflow (see HandleBuildLoad in Paragon_Builds.cpp):
+--   1. If a build is currently active, snapshot the player's current
+--      panel-purchased spells + per-spec talent ranks into that build's
+--      recipe rows (overwriting the stored recipe).
+--   2. If the active build's hunter pet is currently summoned, unsummon
+--      it to PET_SAVE_NOT_IN_SLOT and store its `pet_number` on the
+--      active build row so it can be restored on swap-back.
+--   3. Reset all panel-bought abilities and talents (refunding AE/TE).
+--   4. Re-buy each spell + talent in the target build's recipe (charging
+--      AE/TE; aborts if insufficient AE/TE -- player keeps refunded
+--      currency in that case and active becomes NULL).
+--   5. Move the target build's parked pet (if any) back to current.
+--   6. Update active_build pointer.
+--
+-- Pet ownership: a parked pet sits in `character_pet` with slot=100
+-- (PET_SAVE_NOT_IN_SLOT), exactly like the engine's stable-master
+-- offload, but tied to the build via `pet_number` instead of any
+-- in-game stable slot. Build deletion drops the parked pet rows
+-- entirely (PET_SAVE_AS_DELETED equivalent) -- player is warned.
+-- ----------------------------------------------------------------------------
+
+CREATE TABLE IF NOT EXISTS `character_paragon_builds` (
+    `build_id`    INT UNSIGNED   NOT NULL AUTO_INCREMENT,
+    `guid`        INT UNSIGNED   NOT NULL COMMENT 'characters.guid',
+    `name`        VARCHAR(32)    NOT NULL,
+    `icon`        VARCHAR(64)    NOT NULL DEFAULT 'INV_Misc_QuestionMark',
+    `is_favorite` TINYINT UNSIGNED NOT NULL DEFAULT 0,
+    `pet_number`  INT UNSIGNED   NULL COMMENT 'character_pet.id of parked hunter pet, NULL when no pet bound to this build',
+    `created_at`  TIMESTAMP      NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (`build_id`),
+    KEY `idx_guid` (`guid`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
+    COMMENT='mod-paragon: saved Character Advancement build catalog';
+
+CREATE TABLE IF NOT EXISTS `character_paragon_build_spells` (
+    `build_id` INT UNSIGNED NOT NULL,
+    `spell_id` INT UNSIGNED NOT NULL,
+    PRIMARY KEY (`build_id`, `spell_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
+    COMMENT='mod-paragon: per-build recipe -- panel-purchased spells';
+
+CREATE TABLE IF NOT EXISTS `character_paragon_build_talents` (
+    `build_id`  INT UNSIGNED      NOT NULL,
+    `spec`      TINYINT UNSIGNED  NOT NULL COMMENT '0 = primary spec, 1 = secondary (dual spec)',
+    `talent_id` SMALLINT UNSIGNED NOT NULL,
+    `rank`      TINYINT UNSIGNED  NOT NULL,
+    PRIMARY KEY (`build_id`, `spec`, `talent_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
+    COMMENT='mod-paragon: per-build recipe -- panel-purchased talent ranks per spec';
+
+CREATE TABLE IF NOT EXISTS `character_paragon_active_build` (
+    `guid`     INT UNSIGNED NOT NULL COMMENT 'characters.guid',
+    `build_id` INT UNSIGNED NOT NULL COMMENT 'character_paragon_builds.build_id (per-character active pointer)',
+    PRIMARY KEY (`guid`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
+    COMMENT='mod-paragon: pointer to whichever build is currently loaded (one row per Paragon character)';

modules/mod-paragon/data/sql/db-characters/updates/2026_05_10_04.sql

@@ -0,0 +1,30 @@
+-- mod-paragon Character Advancement: Builds catalog schema cleanup.
+-- ----------------------------------------------------------------------------
+-- Two changes:
+--   1. Drop `is_favorite` -- the favorite flag and shift-click-to-favorite
+--      flow are removed. Builds are now ordered solely by build_id ASC.
+--   2. Add `share_code` CHAR(6) -- a random alphanumeric token generated
+--      server-side at build creation that uniquely identifies a saved
+--      build across the realm. Players exchange codes out-of-band and
+--      use the BuildsPane "Load Build!" share box to import a copy of
+--      the build (name + icon + spell + talent recipe) into their own
+--      catalog. The copy gets a fresh share_code so re-sharing is
+--      always traceable to the latest owner; the original isn't touched.
+--
+-- The column is NULL-tolerant so any rows that pre-date this migration
+-- (created under 2026_05_10_03's schema) coexist cleanly. The server
+-- backfills NULLs lazily in PushBuildCatalog -- the next time a player
+-- opens the BuildsPane on a Paragon character, any of their builds that
+-- still have a NULL share_code will get one generated and persisted.
+--
+-- Charset: 31 unambiguous chars (A-Z minus I/O minus 0/1) gives 31^6 ~=
+-- 887M codes; collision retry on insert keeps probability of a duplicate
+-- vanishing for any realistic catalog size.
+-- ----------------------------------------------------------------------------
+
+ALTER TABLE `character_paragon_builds`
+    DROP COLUMN `is_favorite`,
+    ADD COLUMN `share_code` CHAR(6) NULL DEFAULT NULL
+        COMMENT 'random alphanumeric token for import-by-code; lazily generated'
+        AFTER `icon`,
+    ADD UNIQUE INDEX `uk_share_code` (`share_code`);

modules/mod-paragon/data/sql/db-characters/updates/2026_05_10_05.sql

@@ -0,0 +1,34 @@
+-- mod-paragon: preserve superseded share codes as importable snapshots.
+-- ----------------------------------------------------------------------------
+-- When an active build is updated (Learn All), the live row gets a new
+-- share_code and a fresh recipe. Older codes the player posted to Discord
+-- must keep working: each retired code is frozen here with its spell/talent
+-- recipe so `C BUILD IMPORT <code>` still materializes that exact loadout.
+-- ----------------------------------------------------------------------------
+
+CREATE TABLE IF NOT EXISTS `character_paragon_build_share_archive` (
+    `share_code` CHAR(6) NOT NULL COMMENT 'retired code (same charset as live builds)',
+    `name`       VARCHAR(32)  NOT NULL,
+    `icon`       VARCHAR(64)  NOT NULL DEFAULT 'INV_Misc_QuestionMark',
+    `archived_at` TIMESTAMP   NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (`share_code`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
+    COMMENT='mod-paragon: frozen build metadata for retired share codes';
+
+CREATE TABLE IF NOT EXISTS `character_paragon_build_share_archive_spells` (
+    `share_code` CHAR(6)      NOT NULL,
+    `spell_id`   INT UNSIGNED NOT NULL,
+    PRIMARY KEY (`share_code`, `spell_id`),
+    KEY `idx_share` (`share_code`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
+    COMMENT='mod-paragon: spell recipe rows for an archived share code';
+
+CREATE TABLE IF NOT EXISTS `character_paragon_build_share_archive_talents` (
+    `share_code` CHAR(6)       NOT NULL,
+    `spec`       TINYINT UNSIGNED NOT NULL,
+    `talent_id`  SMALLINT UNSIGNED NOT NULL,
+    `rank`       TINYINT UNSIGNED NOT NULL,
+    PRIMARY KEY (`share_code`, `spec`, `talent_id`),
+    KEY `idx_share` (`share_code`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
+    COMMENT='mod-paragon: talent recipe rows for an archived share code';

modules/mod-paragon/src/Paragon_SC.cpp

@@ -7,9 +7,12 @@
 
 #include "Chat.h"
 #include "Config.h"
+#include "Creature.h"
+#include "CreatureData.h"
 #include "GameTime.h"
 #include "Log.h"
 #include "ObjectGuid.h"
+#include "Pet.h"
 #include "Player.h"
 #include "ScriptMgr.h"
 #include "SharedDefines.h"
@@ -44,43 +47,142 @@ public:
         if (!player || player->getClass() != CLASS_PARAGON)
             return std::nullopt;
 
-        // Death Knight rune / runic power ability stack (narrow on purpose).
-        if (unitClass == CLASS_DEATH_KNIGHT && context == CLASS_CONTEXT_ABILITY)
+        // ============================================================
+        // Ability stack -- claim ALL nine vanilla classes.
+        // ============================================================
+        // CLASS_CONTEXT_ABILITY is read by every class-specific spell
+        // gate in core / scripts: DK rune mechanics (Spell.cpp,
+        // SpellEffects.cpp, spell_dk.cpp, SpellAuraEffects.cpp),
+        // Warrior Titan's Grip / Bladestorm (Player.cpp 3783, 15432,
+        // PlayerUpdates.cpp 1547), Paladin Rebuke (Player.cpp 15441),
+        // Shaman dual-wield bookkeeping (Player.cpp 5028), Hunter pet
+        // / Hunter's Mark gates (spell_item.cpp 3718), Druid Insect
+        // Swarm / Wild Growth (SpellAuraEffects.cpp 2153, 2232),
+        // Priest Spirit of Redemption out-of-bounds check (Unit.cpp
+        // 14238), Rogue pickpocketing (LootHandler.cpp 86/165/385,
+        // Vehicle.cpp 80). Paragon learns abilities from every class
+        // through Character Advancement, so claiming all of them lets
+        // every gated spell script execute its class-specific branch
+        // for our players. The only downside is double-pathed scripts
+        // (e.g. a spell with both warrior and rogue branches) will
+        // pick whichever the script tests first -- acceptable.
+        if (context == CLASS_CONTEXT_ABILITY)
             return true;
 
-        // Warrior ability stack: enables warrior-spec ability gates anywhere
-        // they're checked. None of the currently-traced sites in core/scripts
-        // gate on (CLASS_WARRIOR, CLASS_CONTEXT_ABILITY), so this is a safe
-        // forward-compatible claim. Rage generation itself is gated on
-        // HasActivePowerType(POWER_RAGE) and is wired below.
-        if (unitClass == CLASS_WARRIOR && context == CLASS_CONTEXT_ABILITY)
-            return true;
-
-        // Reactive melee states: Overpower-on-dodge (warrior), Counterattack window (hunter).
-        // We intentionally do NOT claim CLASS_ROGUE here: that context skips the generic
-        // AURA_STATE_DEFENSE update on dodge (Riposte path) in Unit::ProcDamageAndSpellFor.
+        // ============================================================
+        // Reactive melee states.
+        // ============================================================
+        // Warrior dodge -> AURA_STATE_DEFENSE (Overpower window).
+        // Hunter parry -> AURA_STATE_HUNTER_PARRY (Counterattack).
+        // We intentionally do NOT claim CLASS_ROGUE here:
+        // Unit::ProcDamageAndSpellFor (Unit.cpp 12824) skips the
+        // generic AURA_STATE_DEFENSE update on dodge for rogues so
+        // Riposte can take over. Claiming rogue would silently kill
+        // Overpower for Paragon, and Riposte already works for us via
+        // the warrior-style state we already grant.
         if (context == CLASS_CONTEXT_ABILITY_REACTIVE)
         {
             if (unitClass == CLASS_WARRIOR || unitClass == CLASS_HUNTER)
                 return true;
         }
 
-        // Unified relic / ranged slot for class 12.
-        // ----------------------------------------------------------------
-        // CLASS_CONTEXT_EQUIP_RELIC is read in exactly two places in core
-        // (PlayerStorage.cpp): FindEquipSlot's INVTYPE_RELIC switch, which
-        // routes Librams/Idols/Totems/Misc/Sigils into EQUIPMENT_SLOT_RANGED
-        // for the matching class only, and CanEquipUniqueItem's per-subclass
-        // proficiency gate. By claiming this context for paladin/druid/
-        // shaman/warlock/dk we let Paragon drop any of those relics into the
-        // ranged slot exactly the same way each native class does, with no
-        // core patch and no other side effects (the constant is not read
-        // anywhere else in the codebase).
+        // ============================================================
+        // Pet ownership contexts.
+        // ============================================================
+        // CLASS_CONTEXT_PET is read by Pet::AddToWorld, Pet::CreateBase
+        // AtCreatureInfo, Pet::InitStatsForLevel (twice -- the
+        // MAX_PET_TYPE bootstrap branch and the per-class attack-time
+        // scaling), Pet::IsPermanentPetFor, Player::SummonPet,
+        // Player::CanResummonPet, Spell::EffectTameCreature,
+        // SpellEffects.cpp (CreateTamedPet debug effects, Eyes of the
+        // Beast), spell_generic.cpp 1760 (charm-as-pet conversion),
+        // and PlayerGossip.cpp's hunter stable check.
         //
-        // Bows/guns/crossbows already equip via the regular
-        // INVTYPE_RANGED/RANGEDRIGHT routing -- weapon proficiencies for
-        // class 12 are seeded by the Paragon proficiency SQL migrations, so
-        // they pass the GetSkillValue check in CanEquipUniqueItem.
+        // The cleanest disambiguation is by the *active pet's* shape:
+        //   HUNTER_PET                    -> hunter (beast tame)
+        //   SUMMON_PET + DEMON  type      -> warlock (Imp/VW/Succ/...)
+        //   SUMMON_PET + UNDEAD type      -> DK ghoul / Army of Dead
+        //   SUMMON_PET + ELEMENTAL type   -> mage water / shaman fire
+        // For HUNTER specifically the no-pet case is also claimed so
+        // Tame Beast's EffectTameCreature gate passes during cast.
+        if (context == CLASS_CONTEXT_PET)
+        {
+            Pet const* activePet = const_cast<Player*>(player)->GetPet();
+
+            // Hunter beast: claim during taming OR when a HUNTER_PET is
+            // already active. This is what makes Tame Beast / Call Pet
+            // / pet stable / Counterattack pet aura feedback work.
+            if (unitClass == CLASS_HUNTER)
+            {
+                if (!activePet || activePet->getPetType() == HUNTER_PET)
+                    return true;
+                return std::nullopt;
+            }
+
+            // All other classes only claim when an active SUMMON_PET is
+            // present. We then disambiguate by the creature's type
+            // because warlock / DK / mage / shaman all use SUMMON_PET.
+            if (!activePet || activePet->getPetType() != SUMMON_PET)
+                return std::nullopt;
+
+            CreatureTemplate const* tmpl = activePet->GetCreatureTemplate();
+            if (!tmpl)
+                return std::nullopt;
+
+            switch (unitClass)
+            {
+                case CLASS_WARLOCK:
+                    // Drives Master Demonologist / Demonic Knowledge /
+                    // Demonic Pact propagation, last-pet-spell tracking
+                    // (Pet.cpp 112), and IsPermanentPetFor (Pet.cpp
+                    // 2288) so demon pets persist across logins.
+                    if (tmpl->type == CREATURE_TYPE_DEMON)
+                        return true;
+                    break;
+                case CLASS_DEATH_KNIGHT:
+                    // Risen Ghoul + Army of the Dead. Player.cpp 14354
+                    // and Pet.cpp 243 / 1046 / 2290 read this; without
+                    // it the ghoul is invisible to the owner mid-load
+                    // and ScriptedAI hooks on the ghoul mis-route.
+                    if (tmpl->type == CREATURE_TYPE_UNDEAD)
+                        return true;
+                    break;
+                case CLASS_MAGE:
+                    // Glyph-of-Eternal-Water permanent Water Elemental
+                    // (entry 510, 37994). Used by Pet.cpp 1047/2292.
+                    if (tmpl->type == CREATURE_TYPE_ELEMENTAL)
+                        return true;
+                    break;
+                case CLASS_SHAMAN:
+                    // Fire Elemental / Earth Elemental. The base
+                    // engine spawns these as creatures rather than
+                    // proper Pet instances in most code paths, so the
+                    // claim mostly matters for the Pet.cpp 1045 stat
+                    // bootstrap when one is loaded as a SUMMON_PET.
+                    if (tmpl->type == CREATURE_TYPE_ELEMENTAL)
+                        return true;
+                    break;
+                default:
+                    break;
+            }
+            return std::nullopt;
+        }
+
+        // Warlock pet-charm context (Enslave Demon -- Unit.cpp 14828,
+        // 14894, 15025). Without this claim, charming a demon as a
+        // Paragon doesn't get the warlock-flavor charm semantics
+        // (faction-set-on-charm, action-bar layout, charm-break logic).
+        if (unitClass == CLASS_WARLOCK && context == CLASS_CONTEXT_PET_CHARM)
+            return true;
+
+        // ============================================================
+        // Equipment contexts.
+        // ============================================================
+        // CLASS_CONTEXT_EQUIP_RELIC: PlayerStorage.cpp 224-240 +
+        // 2475-2493. Routes Librams/Idols/Totems/Misc/Sigils into
+        // EQUIPMENT_SLOT_RANGED for the matching class. Claim every
+        // relic-bearing class so a Paragon can drop any of them into
+        // the ranged slot.
         if (context == CLASS_CONTEXT_EQUIP_RELIC)
         {
             switch (unitClass)
@@ -96,6 +198,67 @@ public:
             }
         }
 
+        // CLASS_CONTEXT_EQUIP_ARMOR_CLASS: PlayerStorage.cpp 2326,
+        // 2330, 2503-2523. At level 40 each class auto-learns its
+        // top armor proficiency. Paragon should pick up plate (via
+        // paladin/DK), shields (paladin/warrior/shaman), mail
+        // (hunter/shaman), and leather (rogue) so the level-40 train
+        // event grants Paragon full proficiency and we don't have to
+        // hand-curate it through the Paragon proficiency SQL.
+        if (context == CLASS_CONTEXT_EQUIP_ARMOR_CLASS)
+        {
+            switch (unitClass)
+            {
+                case CLASS_PALADIN:
+                case CLASS_WARRIOR:
+                case CLASS_DEATH_KNIGHT:
+                case CLASS_HUNTER:
+                case CLASS_SHAMAN:
+                case CLASS_DRUID:
+                case CLASS_ROGUE:
+                    return true;
+                default:
+                    break;
+            }
+        }
+
+        // CLASS_CONTEXT_EQUIP_SHIELDS: PlayerStorage.cpp 2467-2469.
+        // Lets a Paragon equip shields without a paladin/warrior/
+        // shaman skill gate.
+        if (context == CLASS_CONTEXT_EQUIP_SHIELDS)
+        {
+            switch (unitClass)
+            {
+                case CLASS_PALADIN:
+                case CLASS_WARRIOR:
+                case CLASS_SHAMAN:
+                    return true;
+                default:
+                    break;
+            }
+        }
+
+        // CLASS_CONTEXT_WEAPON_SWAP: PlayerStorage.cpp 1920, 2838 --
+        // rogue uses cooldown spell 6123 instead of 6119 on weapon
+        // swap (Quick Draw / Combat Potency interactions). Claim
+        // rogue so Paragon picks up the same cooldown spell.
+        if (context == CLASS_CONTEXT_WEAPON_SWAP && unitClass == CLASS_ROGUE)
+            return true;
+
+        // ============================================================
+        // Contexts we DELIBERATELY DO NOT claim:
+        // ============================================================
+        //   CLASS_CONTEXT_STATS  -- Paragon has its own STR/AGI->AP and
+        //   INT/SPI->SP curves wired in StatSystem.cpp's CLASS_PARAGON
+        //   branch (level*2 + STR + AGI - 20 etc.). Claiming any
+        //   vanilla class here would override our curves with theirs.
+        //
+        //   CLASS_CONTEXT_INIT, _TELEPORT, _QUEST, _TAXI, _SKILL,
+        //   _GRAVEYARD, _CLASS_TRAINER, _TALENT_POINT_CALC -- all
+        //   used by DK Ebon Hold / druid Moonglade starting-zone
+        //   scripts. Paragon doesn't go through those zones and we
+        //   don't want our players bound to Acherus or trapped in
+        //   the DK starting quest gates.
         return std::nullopt;
     }
 

scripts/vps-paragon-diagnostics.sh

@@ -0,0 +1,336 @@
+#!/usr/bin/env bash
+# Collect VPS evidence for Paragon / DBUpdater / binary staleness triage.
+# Run ON the VPS (Linux). Safe: read-only; does not restart services.
+#
+# Usage (from clone):
+#   bash scripts/vps-paragon-diagnostics.sh
+#
+# Optional environment:
+#   FRACTURED_REPO           — absolute path to Fractured git root (default: parent of scripts/)
+#   FRACTURED_WS_BIN         — path to worldserver binary (default: auto-detect)
+#   FRACTURED_WORLDSERVER_CONF — path to worldserver.conf (default: guess from BIN + common layouts)
+#   FRACTURED_SYSTEMD_UNITS  — space-separated units to try (default: "fractured-world worldserver ac-worldserver")
+#   FRACTURED_MYSQL          — prefix to invoke mysql, e.g. 'mysql -uacore -pacore -h127.0.0.1'
+#                              (default Fractured local DB user/password are often both "acore"; use ~/.my.cnf if you prefer not to pass -p on the command line)
+#                              If unset, SQL blocks are printed for manual copy-paste only.
+#   FRACTURED_SPELL_IDS      — space-separated spell IDs for spell_dbc spot-check (defaults to common DK rune spenders)
+#   FRACTURED_DIAG_OUTPUT    — full log file path (default: <repo>/var/vps-paragon-diagnostics-last.txt)
+#
+# All output is mirrored to the log file (tee) while still printing to the terminal.
+# Default path lives under var/ (gitignored in this repo). Open that file in Cursor,
+# scp it down, or: git add -f var/vps-paragon-diagnostics-last.txt  if you intend to commit it.
+
+set -u
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO="${FRACTURED_REPO:-$(cd "$SCRIPT_DIR/.." && pwd)}"
+
+DIAG_OUT="${FRACTURED_DIAG_OUTPUT:-$REPO/var/vps-paragon-diagnostics-last.txt}"
+mkdir -p "$(dirname "$DIAG_OUT")"
+exec > >(tee "$DIAG_OUT") 2>&1
+echo "Logging to: $DIAG_OUT"
+
+hr() { printf '\n%s\n' "================================================================================"; }
+sub() { printf '\n-- %s\n' "$1"; }
+
+detect_worldserver_bin() {
+  local bin="" es path u units
+  if [[ -n "${FRACTURED_WS_BIN:-}" ]]; then
+    readlink -f "$FRACTURED_WS_BIN" 2>/dev/null && return
+    echo "$FRACTURED_WS_BIN"
+    return
+  fi
+
+  units="${FRACTURED_SYSTEMD_UNITS:-fractured-world worldserver ac-worldserver}"
+  for u in $units; do
+    if systemctl is-active --quiet "$u" 2>/dev/null || systemctl is-enabled --quiet "$u" 2>/dev/null; then
+      es=$(systemctl show "$u" -p ExecStart --value 2>/dev/null || true)
+      if [[ -n "$es" ]]; then
+        if [[ "$es" == \{*path=* ]]; then
+          path=$(printf '%s' "$es" | sed -n 's/.*path=\([^;]*\).*/\1/p')
+        else
+          path=$(printf '%s' "$es" | awk '{print $1}' | sed 's/^path=//')
+        fi
+        if [[ -n "$path" && -x "$path" ]]; then
+          readlink -f "$path" 2>/dev/null && return
+        fi
+      fi
+    fi
+  done
+
+  local pid
+  pid=$(pgrep -xo worldserver 2>/dev/null || true)
+  if [[ -n "$pid" ]]; then
+    readlink -f "/proc/$pid/exe" 2>/dev/null && return
+  fi
+
+  if command -v worldserver >/dev/null 2>&1; then
+    readlink -f "$(command -v worldserver)" 2>/dev/null && return
+  fi
+
+  echo ""
+}
+
+guess_worldserver_conf() {
+  local bin="$1"
+  local d cands=()
+  [[ -z "$bin" ]] && return
+  d=$(dirname "$bin")
+  cands+=("$d/../etc/worldserver.conf")
+  cands+=("$d/../../etc/worldserver.conf")
+  cands+=("$HOME/azeroth-server/etc/worldserver.conf")
+  cands+=("$HOME/env/dist/etc/worldserver.conf")
+  for f in "${cands[@]}"; do
+    f=$(readlink -f "$f" 2>/dev/null || true)
+    if [[ -n "$f" && -f "$f" ]]; then
+      echo "$f"
+      return
+    fi
+  done
+  echo ""
+}
+
+binary_strings_paths() {
+  local ws="$1"
+  [[ -z "$ws" || ! -f "$ws" ]] && return
+  strings "$ws" 2>/dev/null | grep -iE '/(home|root|opt|srv|var)[^[:space:]]*/(Fractured|fractured|azeroth|AzerothCore|acore)' | sort -u | head -40
+}
+
+hr
+echo "Fractured Paragon / native VPS diagnostics"
+echo "Date (UTC): $(date -u '+%Y-%m-%d %H:%M:%S UTC')"
+echo "Repo (expected): $REPO"
+
+sub "1A — worldserver binary"
+WS=$(detect_worldserver_bin || true)
+if [[ -z "$WS" ]]; then
+  echo "ERROR: Could not find worldserver. Set FRACTURED_WS_BIN=/full/path/to/worldserver and re-run."
+else
+  echo "Binary: $WS"
+  if stat -c 'binary mtime: %y' "$WS" 2>/dev/null; then
+    :
+  else
+    stat -f 'binary mtime: %Sm' -t '%Y-%m-%d %H:%M:%S %z' "$WS" 2>/dev/null || stat "$WS"
+  fi
+fi
+
+sub "1B — repo HEAD + Paragon_Essence.cpp mtime"
+if [[ -d "$REPO/.git" ]]; then
+  (cd "$REPO" && git log -1 --format='HEAD commit: %h %ci %s')
+else
+  echo "WARN: not a git repo: $REPO (set FRACTURED_REPO)"
+fi
+PE="$REPO/modules/mod-paragon/src/Paragon_Essence.cpp"
+if [[ -f "$PE" ]]; then
+  if stat -c 'Paragon_Essence.cpp mtime: %y' "$PE" 2>/dev/null; then
+    :
+  else
+    stat -f 'Paragon_Essence.cpp mtime: %Sm' -t '%Y-%m-%d %H:%M:%S %z' "$PE" 2>/dev/null || stat "$PE"
+  fi
+else
+  echo "WARN: missing $PE"
+fi
+
+sub "1C — strings heuristics (0 can mean stripped binary — use 1A+1B)"
+if [[ -n "$WS" && -f "$WS" ]]; then
+  c1=$(strings "$WS" 2>/dev/null | grep -c 'CLASS_PARAGON' || true)
+  c2=$(strings "$WS" 2>/dev/null | grep -c 'C BUILD SAVE_CURRENT' || true)
+  c3=$(strings "$WS" 2>/dev/null | grep -c 'character_paragon_build_share_archive' || true)
+  echo "CLASS_PARAGON count: $c1"
+  echo "C BUILD SAVE_CURRENT count: $c2"
+  echo "character_paragon_build_share_archive count: $c3"
+else
+  echo "(skipped — no binary)"
+fi
+
+sub "1D — binary fingerprint (compare sha256 across dev vs VPS)"
+if [[ -n "$WS" && -f "$WS" ]]; then
+  if command -v sha256sum >/dev/null 2>&1; then
+    sha256sum "$WS"
+  elif command -v shasum >/dev/null 2>&1; then
+    shasum -a 256 "$WS"
+  else
+    echo "(no sha256sum — install coreutils)"
+  fi
+  echo "Embedded revision / version strings (first matches):"
+  strings "$WS" 2>/dev/null | grep -iE 'azerothcore|revision|git|commit|build.*20[0-9]{2}' | head -25 || echo "(none matched)"
+else
+  echo "(skipped — no binary)"
+fi
+
+CONF="${FRACTURED_WORLDSERVER_CONF:-}"
+if [[ -z "$CONF" && -n "$WS" ]]; then
+  CONF=$(guess_worldserver_conf "$WS")
+fi
+
+sub "2B — worldserver.conf (updater / source / rates / paragon)"
+if [[ -n "$CONF" && -f "$CONF" ]]; then
+  echo "Using conf: $CONF"
+  grep -E '^SourceDirectory|^Updates\.EnableDatabases|^Updates\.AutoSetup|^[[:space:]]*SourceDirectory|^[[:space:]]*Updates\.EnableDatabases|^[[:space:]]*Updates\.AutoSetup' "$CONF" 2>/dev/null || echo "(no matching lines or unreadable)"
+  echo "--- Rate.RunicPower (if set) ---"
+  grep -iE '^Rate\.RunicPower|^[[:space:]]*Rate\.RunicPower' "$CONF" 2>/dev/null || echo "(not set — server uses default)"
+  echo "--- Paragon.* module options (if any) ---"
+  grep -iE '^Paragon\.|^[[:space:]]*Paragon\.' "$CONF" 2>/dev/null || echo "(no Paragon.* keys in worldserver.conf — check etc/modules/mod_paragon.conf)"
+else
+  echo "WARN: worldserver.conf not found. Set FRACTURED_WORLDSERVER_CONF=/path/to/worldserver.conf"
+fi
+
+if [[ -n "$WS" && -f "$WS" ]]; then
+  ETCGuess=$(readlink -f "$(dirname "$WS")/../etc" 2>/dev/null || true)
+  MPC="$ETCGuess/modules/mod_paragon.conf"
+  if [[ -f "$MPC" ]]; then
+    sub "2B2 — mod_paragon.conf Paragon.* toggles (non-comment)"
+    grep -E '^Paragon\.' "$MPC" 2>/dev/null | head -40 || echo "(no uncommented Paragon.* lines)"
+  fi
+fi
+
+sub "2A — path-like strings from binary (candidate source roots)"
+if [[ -n "$WS" && -f "$WS" ]]; then
+  binary_strings_paths "$WS" || true
+else
+  echo "(skipped)"
+fi
+
+sub "Resolved source root for 2D"
+RESOLVED=""
+if [[ -n "$CONF" && -f "$CONF" ]]; then
+  sd=$(awk -F= '/^[[:space:]]*SourceDirectory[[:space:]]*=/ {
+    gsub(/^[[:space:]]+|[[:space:]]+$/, "", $2);
+    gsub(/^["'\'']|["'\'']$/, "", $2);
+    print $2; exit }' "$CONF" 2>/dev/null || true)
+  if [[ -n "${sd:-}" ]]; then
+    RESOLVED="$sd"
+  fi
+fi
+if [[ -z "$RESOLVED" ]]; then
+  RESOLVED="$REPO"
+fi
+echo "Using RESOLVED=$RESOLVED (from SourceDirectory if set in conf, else FRACTURED_REPO)"
+
+sub "2D — Paragon SQL dirs under RESOLVED"
+for subdir in \
+  "$RESOLVED/modules/mod-paragon/data/sql/db-world/updates/" \
+  "$RESOLVED/modules/mod-paragon/data/sql/db-characters/updates/"; do
+  if [[ -d "$subdir" ]]; then
+    echo "Listing: $subdir"
+    ls -la "$subdir" 2>/dev/null | tail -15
+  else
+    echo "MISSING: $subdir"
+  fi
+done
+
+sub "CMake build dir hints (common Fractured layouts)"
+for cand in "$REPO/var/build/obj" "$REPO/build" "$REPO/../build"; do
+  if [[ -f "$cand/CMakeCache.txt" ]]; then
+    echo "Found CMakeCache: $cand/CMakeCache.txt"
+    grep -E '^CMAKE_HOME_DIRECTORY:|^MODULES:|^CMAKE_INSTALL_PREFIX:' "$cand/CMakeCache.txt" 2>/dev/null | head -5
+  fi
+done
+
+sub "DATABASE — updates rows (2026_05_10 / paragon)"
+SQL_WORLD=$(cat <<'EOS'
+SELECT name, hash, speed FROM updates
+ WHERE name LIKE '2026_05_10%' OR name LIKE '%paragon%'
+ ORDER BY name DESC LIMIT 30;
+EOS
+)
+SQL_CHAR="$SQL_WORLD"
+
+if [[ -n "${FRACTURED_MYSQL:-}" ]]; then
+  echo "--- acore_world ---"
+  $FRACTURED_MYSQL acore_world -e "$SQL_WORLD" || echo "(mysql failed for acore_world)"
+  echo "--- acore_characters ---"
+  $FRACTURED_MYSQL acore_characters -e "$SQL_CHAR" || echo "(mysql failed for acore_characters)"
+
+  sub "DATABASE — DBC parity for runes / Paragon (acore_world)"
+  # Common DK rune spenders (WotLK). Override: export FRACTURED_SPELL_IDS='45477 45462'
+  SPELL_IDS="${FRACTURED_SPELL_IDS:-45477 45462 49923 55050 56815}"
+  IDS_CSV=$(echo "$SPELL_IDS" | tr ' ' ',')
+  echo "--- spell_dbc table size (world DB overrides; 0 rows = all spells from disk DBC only) ---"
+  $FRACTURED_MYSQL acore_world -e "SELECT COUNT(*) AS spell_dbc_rows FROM spell_dbc;" 2>/dev/null || echo "(spell_dbc missing or no access)"
+  echo "--- acore_world.version (last core revision written by worldserver) ---"
+  $FRACTURED_MYSQL acore_world -e "SELECT * FROM version LIMIT 5;" 2>/dev/null || echo "(version table missing?)"
+
+  echo "--- chrclasses_dbc class 6 + 12 (DisplayPower: 0=mana, 5=POWER_RUNE in AC) ---"
+  $FRACTURED_MYSQL acore_world -e "
+SELECT ID, DisplayPower, Name_Lang_enUS FROM chrclasses_dbc WHERE ID IN (6,12);
+" 2>/dev/null || echo "(query failed — chrclasses_dbc missing?)"
+  echo "Note: If only ID=12 appears, class 6 (DK) is not overridden in DB — loaded from disk DBC (normal)."
+
+  echo "--- spell_dbc: are sample DK spells overridden in DB? ---"
+  spell_sample_n=$($FRACTURED_MYSQL acore_world -N -B -e \
+    "SELECT COUNT(*) FROM spell_dbc WHERE ID IN ($IDS_CSV);" 2>/dev/null || echo 0)
+  echo "Row count in spell_dbc for sample IDs ($SPELL_IDS): ${spell_sample_n:-0}"
+  if [[ "${spell_sample_n:-0}" == "0" ]]; then
+    echo "=> 0 means those spells use on-disk Spell.dbc only; the sample block below will be empty (not an error)."
+  fi
+  echo "--- spell_dbc sample (PowerType 5 = POWER_RUNE in AC) ---"
+  $FRACTURED_MYSQL acore_world -e "
+SELECT ID, PowerType, ManaCost, RuneCostID FROM spell_dbc WHERE ID IN ($IDS_CSV);
+" 2>/dev/null || echo "(query failed — spell_dbc missing or wrong schema)"
+  echo "--- spellrunecost join for sample IDs (empty if no spell_dbc rows above) ---"
+  $FRACTURED_MYSQL acore_world -e "
+SELECT s.ID AS spell_id, s.PowerType, s.RuneCostID, r.Blood, r.Unholy, r.Frost, r.RunicPower
+FROM spell_dbc s
+LEFT JOIN spellrunecost_dbc r ON r.ID = s.RuneCostID
+WHERE s.ID IN ($IDS_CSV);
+" 2>/dev/null || echo "(join failed — check spellrunecost_dbc)"
+
+  echo "--- spell_dbc suspicious overrides: RuneCostID>0 but PowerType!=5 (can break rune checks) ---"
+  $FRACTURED_MYSQL acore_world -e "
+SELECT ID, PowerType, ManaCost, RuneCostID FROM spell_dbc
+ WHERE RuneCostID > 0 AND PowerType <> 5
+ ORDER BY ID LIMIT 40;
+" 2>/dev/null || echo "(query failed)"
+  echo "Compare counts/IDs to dev: unexpected rows here warrant a DB diff."
+
+  echo "--- spell_dbc POWER_RUNE (5) spells with RuneCostID (sample) ---"
+  $FRACTURED_MYSQL acore_world -e "
+SELECT ID, PowerType, RuneCostID FROM spell_dbc
+ WHERE PowerType = 5 AND RuneCostID > 0
+ ORDER BY ID LIMIT 15;
+" 2>/dev/null || echo "(query failed)"
+else
+  echo "FRACTURED_MYSQL not set — run manually (example: export FRACTURED_MYSQL='mysql -uUSER -hHOST')"
+  echo "acore_world:"
+  echo "$SQL_WORLD"
+  echo "acore_characters:"
+  echo "$SQL_CHAR"
+  echo ""
+  echo "Optional DBC parity (acore_world) — run after connecting:"
+  echo "  SELECT ID, DisplayPower, Name_Lang_enUS FROM chrclasses_dbc WHERE ID IN (6,12);"
+  echo "  SELECT ID, PowerType, ManaCost, RuneCostID FROM spell_dbc WHERE ID IN (45477,45462,49923,55050,56815);"
+  echo "  SELECT s.ID, s.RuneCostID, r.Blood, r.Unholy, r.Frost, r.RunicPower FROM spell_dbc s"
+  echo "    LEFT JOIN spellrunecost_dbc r ON r.ID = s.RuneCostID WHERE s.ID IN (45477,45462,49923,55050,56815);"
+fi
+
+sub "mod_paragon.conf vs .dist (install etc)"
+ETC=""
+if [[ -n "$WS" ]]; then
+  ETC=$(readlink -f "$(dirname "$WS")/../etc" 2>/dev/null || true)
+fi
+if [[ -z "$ETC" || ! -d "$ETC" ]]; then
+  ETC=$(readlink -f "$HOME/azeroth-server/etc" 2>/dev/null || true)
+fi
+if [[ -n "$ETC" && -d "$ETC/modules" ]]; then
+  MP="$ETC/modules/mod_paragon.conf"
+  MPD="$ETC/modules/mod_paragon.conf.dist"
+  if [[ -f "$MP" && -f "$MPD" ]]; then
+    diff -u "$MP" "$MPD" 2>/dev/null | head -80 || true
+  else
+    echo "ETC=$ETC — mod_paragon.conf or .dist missing (MP=$MP MPD=$MPD)"
+  fi
+else
+  echo "Could not find install etc/modules (set paths manually for diff)."
+fi
+
+hr
+echo "DELIVERABLE for maintainer:"
+echo "1) Paste 1A–1D (binary mtime, git HEAD, strings, sha256 + revision strings)."
+echo "2) Paste DATABASE blocks: updates + DBC parity (chrclasses 12, spell_dbc, spellrunecost join)."
+echo "3) Paste 2A path strings + 2D listings (or MISSING lines)."
+echo "4) From dev: same 1D sha256 of worldserver OR same SQL block — proves binary/data parity."
+echo "5) ONE sentence: exact in-game symptom."
+echo "Done."
+echo ""
+echo "Full transcript: $DIAG_OUT"

scripts/vps-update-server.sh

@@ -0,0 +1,181 @@
+#!/usr/bin/env bash
+# Fractured / AzerothCore — native VPS rolling update (git + compile).
+#
+# Run from anywhere; resolves the repository root from this script's location.
+# Typical production layout: sources in ~/src/Fractured, install prefix in ~/azeroth-server
+# (see docs/DEPLOY_LINUX_VPS.md).
+#
+# What this does:
+#   1. git pull on the current branch (optional; can skip)
+#   2. ./acore.sh compiler build  — or  compiler all  for a full clean rebuild
+#
+# Database migrations from data/sql/updates/ run when you next start worldserver/authserver
+# (Updates.* / SourceDirectory in *.conf). This script does not start or stop daemons unless
+# you pass --run-after or set FRACTURED_POST_UPDATE_CMD.
+#
+# Usage:
+#   bash scripts/vps-update-server.sh
+#   bash scripts/vps-update-server.sh --full
+#   bash scripts/vps-update-server.sh --no-pull
+#   bash scripts/vps-update-server.sh --dry-run
+#   FRACTURED_POST_UPDATE_CMD='sudo systemctl restart fractured-world' bash scripts/vps-update-server.sh --run-after
+#   bash scripts/vps-update-server.sh --run-after 'sudo systemctl restart fractured-world'
+#
+# Environment:
+#   FRACTURED_GIT_REMOTE   — remote name (default: origin)
+#   FRACTURED_POST_UPDATE_CMD — shell command run after a successful compile (if --run-after is passed without an argument, this is used)
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+NO_PULL=0
+FULL_BUILD=0
+COMPILE_ONLY=0
+DRY_RUN=0
+DO_RUN_AFTER=0
+POST_UPDATE_CMD="${FRACTURED_POST_UPDATE_CMD:-}"
+GIT_REMOTE="${FRACTURED_GIT_REMOTE:-origin}"
+
+usage() {
+  cat <<'EOF'
+Fractured VPS update — git pull + compiler (see header in script for full notes).
+
+Usage:
+  bash scripts/vps-update-server.sh [options]
+
+Options:
+  --no-pull       Skip git pull (only compile current tree).
+  --full          ./acore.sh compiler all (clean + configure + compile).
+  --compile-only  ./acore.sh compiler compile (incremental).
+  --dry-run       Print commands without running them.
+  --run-after [CMD]  Run shell command after successful compile. If CMD is omitted,
+                  uses FRACTURED_POST_UPDATE_CMD from the environment.
+
+Environment:
+  FRACTURED_GIT_REMOTE         Git remote (default: origin).
+  FRACTURED_POST_UPDATE_CMD    Used with bare --run-after.
+EOF
+}
+
+run() {
+  if [[ "$DRY_RUN" -eq 1 ]]; then
+    printf '[dry-run] '
+    printf '%q ' "$@"
+    printf '\n'
+  else
+    "$@"
+  fi
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    -h | --help)
+      usage
+      exit 0
+      ;;
+    --no-pull)
+      NO_PULL=1
+      shift
+      ;;
+    --full)
+      FULL_BUILD=1
+      shift
+      ;;
+    --compile-only)
+      COMPILE_ONLY=1
+      shift
+      ;;
+    --dry-run)
+      DRY_RUN=1
+      shift
+      ;;
+    --run-after)
+      DO_RUN_AFTER=1
+      shift
+      if [[ $# -gt 0 && "$1" != -* ]]; then
+        POST_UPDATE_CMD="$1"
+        shift
+      fi
+      ;;
+    *)
+      echo "error: unknown option: $1" >&2
+      echo "Try: bash scripts/vps-update-server.sh --help" >&2
+      exit 2
+      ;;
+  esac
+done
+
+if [[ "$FULL_BUILD" -eq 1 && "$COMPILE_ONLY" -eq 1 ]]; then
+  echo "error: use only one of --full or --compile-only" >&2
+  exit 2
+fi
+
+if [[ ! -d "$ROOT/.git" ]]; then
+  echo "error: not a git clone: $ROOT" >&2
+  exit 1
+fi
+
+if [[ ! -f "$ROOT/acore.sh" ]]; then
+  echo "error: acore.sh not found under $ROOT" >&2
+  exit 1
+fi
+
+if [[ ! -f "$ROOT/conf/config.sh" ]]; then
+  echo "error: missing $ROOT/conf/config.sh — copy conf/dist/config.sh and edit (see DEPLOY_LINUX_VPS.md)." >&2
+  exit 1
+fi
+
+cd "$ROOT"
+
+if [[ "$DO_RUN_AFTER" -eq 1 && -z "${POST_UPDATE_CMD// }" ]]; then
+  echo "error: --run-after needs a command or FRACTURED_POST_UPDATE_CMD set in the environment." >&2
+  exit 2
+fi
+
+current_branch() {
+  git symbolic-ref -q --short HEAD || git rev-parse --short HEAD
+}
+
+if [[ "$NO_PULL" -eq 0 ]]; then
+  ref="$(current_branch)"
+  if [[ "$ref" == "HEAD" ]]; then
+    echo "error: detached HEAD; checkout a branch or use --no-pull." >&2
+    exit 1
+  fi
+  echo "==> git pull $GIT_REMOTE $ref"
+  run git pull "$GIT_REMOTE" "$ref"
+else
+  echo "==> skipping git pull (--no-pull)"
+fi
+
+echo "==> ensuring acore.sh and JSONPath are executable"
+if [[ "$DRY_RUN" -eq 1 ]]; then
+  run chmod +x acore.sh deps/jsonpath/JSONPath.sh
+else
+  chmod +x acore.sh deps/jsonpath/JSONPath.sh 2>/dev/null || true
+fi
+
+if [[ "$FULL_BUILD" -eq 1 ]]; then
+  echo "==> ./acore.sh compiler all  (clean, configure, compile)"
+  run ./acore.sh compiler all
+elif [[ "$COMPILE_ONLY" -eq 1 ]]; then
+  echo "==> ./acore.sh compiler compile  (incremental; build dir must exist)"
+  run ./acore.sh compiler compile
+else
+  echo "==> ./acore.sh compiler build  (configure + compile)"
+  run ./acore.sh compiler build
+fi
+
+if [[ "$DO_RUN_AFTER" -eq 1 ]]; then
+  echo "==> post-update: $POST_UPDATE_CMD"
+  if [[ "$DRY_RUN" -eq 1 ]]; then
+    printf '[dry-run] eval %q\n' "$POST_UPDATE_CMD"
+  else
+    # shellcheck disable=SC2086
+    eval "$POST_UPDATE_CMD"
+  fi
+fi
+
+echo "Done. Restart authserver/worldserver (or your service manager) when ready so new binaries and SQL updates apply."

src/server/game/Spells/SpellInfoCorrections.cpp

@@ -5368,6 +5368,18 @@ void SpellMgr::LoadSpellInfoCorrections()
     LockEntry* key = const_cast<LockEntry*>(sLockStore.LookupEntry(36)); // 3366 Opening, allows to open without proper key
     key->Type[2] = LOCK_KEY_NONE;
 
+    // Fractured / Paragon: DK weapon-line "passives" Forceful Deflection and
+    // Runic Focus ship in 3.3.5a Spell.dbc without SPELL_ATTR0_PASSIVE set.
+    // SpellInfo::IsPassive() is therefore false, and mod-paragon's panel-learn
+    // diff treats them as castable actives and revokes them — while true
+    // actives (Blood Presence, Death Coil, Death Grip, ...) must stay
+    // stripped. Mark these two passive in-memory so the panel policy matches
+    // the spellbook UX for every class (stock DK benefits too).
+    ApplySpellFix({ 49410, 61455 }, [](SpellInfo* spellInfo)
+    {
+        spellInfo->Attributes |= SPELL_ATTR0_PASSIVE;
+    });
+
     // Fractured: strip reagent requirements from every player-class spell at
     // load time. Filtered by SpellFamilyName != 0 so that profession spells
     // (cooking, alchemy, enchanting, blacksmithing, jewelcrafting, leatherworking,

tools/fractured-launcher-electron/.gitignore

@@ -0,0 +1,5 @@
+node_modules/
+dist/
+launcher.json
+.DS_Store
+Thumbs.db

tools/fractured-launcher-electron/README.md

@@ -0,0 +1,169 @@
+# Fractured Launcher (Electron)
+
+**Windows** and **Linux (AppImage)** launcher with **no extra console window**, **native Browse folder** dialog, **Gitea or GitHub** release assets + GitHub repo file sync, **realmlist**, optional **auth**, **Play**, and **auto-update** (via `electron-updater`). This is the **only** supported client launcher in this repo.
+
+## Requirements
+
+- [Node.js](https://nodejs.org/) 20+ (includes npm)
+
+## Run from source
+
+```bash
+cd tools/fractured-launcher-electron
+npm install
+npm start
+```
+
+On first run, `launcher.json` is created next to the app (dev: in this folder).
+
+### Where patches download from
+
+- **Recommended (self-hosted Gitea):** set **`gitea.base_url`**, **`gitea.owner`**, **`gitea.repo`** in `launcher.json` (see **`default-launcher.json`**). Players need **`GITEA_TOKEN`** (or the env name in **`gitea.token_env`**) if the Gitea repo is **private** — same trade-off as any private host (per-player token, SSO proxy, or a read-only deploy token you accept distributing).
+- **Fallback:** if **`gitea.base_url`** is empty, **`from_release`** uses the **GitHub** Releases API against **`github.owner` / `github.repo`** (defaults to this **`Fractured`** repo for non-release paths), with optional **`GITHUB_TOKEN`** for private assets.
+
+## Build Windows installers
+
+```bash
+npm install
+npm run pack:win
+```
+
+Produces under **`dist/`**:
+
+| Artifact | Purpose |
+|----------|---------|
+| `Fractured-Launcher-${version}-Setup.exe` (NSIS) | **Recommended for players** — supports seamless **auto-update** and restart. |
+| `Fractured-Launcher-${version}-Windows-Portable.exe` | No installer; players replace the file manually. Auto-update is **less reliable** than NSIS. |
+
+## Build Linux AppImage
+
+```bash
+cd tools/fractured-launcher-electron
+npm install
+npm run pack:linux
+```
+
+Produces **`dist/Fractured-Launcher-${version}-Linux-x86_64.AppImage`**. Same **`lib/baked-gitea-channel.js`** and **`default-launcher.json`** as Windows; run on **Linux** (or use **Fractured launcher CI** / **Sync release to Gitea**, which upload this file to Gitea with the Windows installers).
+
+**Quick local test (avoids tag snapshot / CI):**
+- **Linux:** from repo root, **`bash tools/fractured-launcher-electron/scripts/manual-pack-linux.sh`** → **`dist/*.AppImage`**.
+- **Windows:** on a Windows machine, **`cd tools/fractured-launcher-electron`**, **`npm ci`**, **`npm run pack:win`** → **`dist/*.exe`**.
+
+### Hardcoded Gitea channel (non-token)
+
+**`lib/baked-gitea-channel.js`** exports **`base_url`**, **`owner`**, **`repo`**, **`release_tag`**. Set those strings once in the repo (same values you use for CI upload — not secret). At runtime **`config-store`** merges them into **`gitea.*`** so **`launcher.json`** does not need those fields; **`GITEA_TOKEN`** (or **`gitea.token_env`**) is still only for **private** Gitea. Leave a field **`''`** in the baked file to fall back to **`default-launcher.json`** / user **`launcher.json`** for that key.
+
+**`npm run pack:win`** is plain **electron-builder** — no inject step, no extra JSON beside the app.
+
+## Auto-update behaviour
+
+- **Packaged** builds only (`npm run pack:win` output). In `npm start` dev mode, update checks are skipped (button still explains that).
+- **No implicit GitHub feed:** the app does **not** guess `package.json` → `repository` anymore. Without configuration you get a clear “skipped” message instead of a **404** on a private repo.
+- **Configured feeds** (first match wins): **`update_feed_url` / `LAUNCHER_UPDATE_URL`** (generic `latest.yml`); or **`gitea`** block filled in + **`GITEA_TOKEN`** when the instance is private (resolves `…/releases/download/{tag}/`); or **`GITHUB_TOKEN`** + **`github.owner` / `github.repo`** for **private** GitHub releases only.
+- **~5 seconds** after launch, then **every 6 hours**, the app checks when a feed is configured.
+- When a download finishes, a dialog offers **Restart now** (calls `quitAndInstall`) or **Later**.
+- **Manual check:** button **Check launcher updates** in the UI.
+
+### Where launcher updates are hosted
+
+**`npm run publish:win`** runs **`electron-builder` with `--publish never`** — artifacts stay in **`dist/`**; CI uploads them to Gitea when you **publish a GitHub release**. For ad-hoc uploads, use **`scripts/upload-release-to-gitea.sh`**. For launcher auto-update, prefer:
+
+- Set **`update_feed_url`** (or **`LAUNCHER_UPDATE_URL`**) to a **generic** HTTPS base URL where **`latest.yml`** and the installer files are hosted (often the same Gitea release attachment URLs pattern your reverse proxy exposes), **or**
+- Keep publishing to a GitHub release only for **`latest.yml`** + installers if you accept that small metadata/binary channel there.
+
+**Private GitHub** updater: set **`GH_TOKEN`** / **`GITHUB_TOKEN`** / **`github.token_env`** as documented in `lib/auto-update.js` behaviour.
+
+**Generic feed:** optional Bearer token via the same token envs if your static host checks `Authorization`.
+
+### Publishing a new launcher version
+
+1. Bump **`version`** in `package.json` on `main` (or your release branch) and merge.
+2. Create a **GitHub release** (tag + attach patches / `Wow.exe` if needed) and click **Publish** — **Sync release to Gitea** builds **Windows + Linux** launcher artifacts and mirrors everything to Gitea.
+3. Local check: **`npm run pack:win`** (on Windows) or **`npm run pack:linux`** / **`scripts/manual-pack-linux.sh`**, then **`scripts/upload-release-to-gitea.sh`** with the same **`GITEA_*`** env vars as CI if you need a manual upload.
+
+## Sync to Gitea (patches + launcher binaries)
+
+CI workflow **Sync release to Gitea** (`.github/workflows/gitea-release-sync.yml`) runs on **every published GitHub release** on this repo:
+
+1. Triggers on **release published** on **`Dawnforger/Fractured`** (or **workflow_dispatch** with a tag).
+2. Builds **Windows** (NSIS + portable) and **Linux** (AppImage) in parallel, each using **`tools/fractured-launcher-electron` from the default branch** (overlaid onto the tag checkout), so older release tags never ship a launcher missing new **`lib/*.js`** files.
+3. Downloads **all assets** attached to that **GitHub** release (MPQs, patched `Wow.exe`, etc.).
+4. Merges with the built launcher artifacts and uploads everything to a **Gitea release** with the **same tag** (existing attachments on that Gitea release are replaced).
+
+**GitHub Actions secrets** (repository → Settings → Secrets and variables → Actions):
+
+| Secret | Example |
+|--------|---------|
+| **`GITEA_BASE_URL`** | `https://git.yourdomain.com` (no trailing slash) |
+| **`GITEA_TOKEN`** | Gitea personal access token with permission to manage releases and attachments on the target repo |
+| **`GITEA_OWNER`** | Organization or username on Gitea |
+| **`GITEA_REPO`** | Repository name — must already have **at least one commit** (Gitea returns HTTP 422 “repo is empty” for zero-commit repos; push e.g. a README on **`main`** or set **`GITEA_TARGET_REF`** to your default branch) |
+
+**Optional variable** (Settings → Variables): **`GITEA_TARGET_REF`** — default branch/commitish used **only when the workflow must create a new Gitea release** and Gitea needs `target_commitish` (defaults to **`main`** in the upload script if unset).
+
+**Player `launcher.json`:** packaged builds should already include **`gitea.base_url` / `owner` / `repo`** from the bake step above. Players only need to set **`GITEA_TOKEN`** (or your **`token_env`**) if the Gitea repo is **private**. To point at another instance, edit **`gitea`** in **`launcher.json`**:
+
+```json
+"gitea": {
+  "base_url": "https://git.yourdomain.com",
+  "owner": "myorg",
+  "repo": "fractured-patches",
+  "release_tag": "latest",
+  "token_env": "GITEA_TOKEN"
+}
+```
+
+**Manual upload:** `bash scripts/upload-release-to-gitea.sh /path/to/files v1.0.0` with the same env vars as CI.
+
+### Sync did not run / Gitea unchanged — checklist
+
+1. **Git tag ≠ GitHub Release** — Only **Releases** (published on the GitHub **Releases** page) trigger this workflow. If your teammate only **`git push --tags`**, create a **Release** from that tag and click **Publish** (or run **Actions → Sync release to Gitea → Run workflow** and enter the tag).
+2. **Draft release** — Must click **Publish release**; drafts do not mirror.
+3. **Workflow on default branch** — GitHub runs `release` workflows from the **default branch** (e.g. `main`). Ensure `.github/workflows/gitea-release-sync.yml` is merged there.
+4. **Repo name guard** — Jobs use `if: github.repository == 'Dawnforger/Fractured'`. Forks or renames must change that line or runs are skipped.
+5. **Secrets** — **`GITEA_BASE_URL`**, **`GITEA_TOKEN`**, **`GITEA_OWNER`**, **`GITEA_REPO`** must be set under **Settings → Secrets and variables → Actions**. A failed “Upload to Gitea” step usually prints which is missing.
+6. **Actions tab** — Open the latest **Sync release to Gitea** run; a red **build-electron** (old tag without `package-lock.json`, etc.) or **Upload to Gitea** step shows the real error.
+7. **HTTP 422 `repo is empty`** — The Gitea repo has **no commits** yet. Push any initial commit (e.g. **Add README** in the Gitea web UI, or `git push` to **`main`**). Optionally set **`GITEA_TARGET_REF`** to match your real default branch if it is not **`main`**. From this repo you can run **`scripts/bootstrap-gitea-repo.sh`** (see script header for `GITEA_*` env or pass the HTTPS/SSH clone URL as the first argument).
+
+### Private Gitea token for players
+
+Do **not** embed a shared admin PAT in a shipped `launcher.json`. Prefer read-only tokens scoped to one repo, short-lived tokens, or a small auth service that redirects to signed URLs.
+
+**Release asset names** must match **`files[].source`** when **`from_release`**: true. Use **`release_tag`**: `"latest"` or a pinned tag matching both GitHub and Gitea.
+
+## Patch versions (same filenames, different bytes)
+
+The launcher does **not** read Git commits. For **turn-key** updates when asset names stay fixed (`patch-Z.MPQ`, `Wow-patched.exe`, …):
+
+1. Ship **`patch-manifest.json`** next to those files on **every** release (Gitea/GitHub attachment). It lists a **`version`** label (any string you bump per release, e.g. `v0.9.0-client`) and a **`sha256`** per **`files[].source`** name.
+2. With **`patch_manifest.enabled`**: true (default in **`default-launcher.json`**), **Download updates** first fetches the manifest from the same release channel. If the files already on disk match those checksums, the player sees **“already match build … (nothing to download)”** — no redundant downloads.
+3. After a real download, the launcher **re-hashes** installed files and compares to the manifest; mismatch → clear error. It also writes **`.fractured/patch-state.json`** under the WoW folder so the UI can show **“Installed client files: …”**.
+
+If **`patch-manifest.json`** is missing on a release, the launcher falls back to **always downloading** all configured files (same as before).
+
+**Generate the manifest** when you cut a release (paths are your local patch binaries):
+
+```bash
+cd /path/to/staging
+node tools/fractured-launcher-electron/scripts/generate-patch-manifest.js v0.9.0-client patch-Z.MPQ Wow-patched.exe > patch-manifest.json
+```
+
+Attach **`patch-manifest.json`** together with the MPQ/exe to the GitHub release (CI sync copies it to Gitea with everything else).
+
+## CI
+
+Workflow **Fractured launcher CI** (`.github/workflows/fractured-launcher-ci.yml`) runs on pushes/PRs under `tools/fractured-launcher-electron/`: **Windows** (`npm run pack:win`) and **Linux** (`npm run pack:linux`) jobs, each **`electron-builder … --publish never`**. **Actions → Fractured launcher CI → Run workflow** runs it manually.
+
+**Sync release to Gitea** (`.github/workflows/gitea-release-sync.yml`) uses the same pack commands. If you see `GH_TOKEN` / `GitHubPublisher` errors in logs, the job is almost certainly an old **Re-run failed jobs** — open **Actions → Sync release to Gitea → Run workflow**, enter the tag, and start a **new** run instead.
+
+## Config
+
+Schema is defined by **`default-launcher.json`** (shipped in the app; first run copies to `launcher.json` beside the executable):
+
+- **`game_dir`**: WoW 3.3.5a root (contains `Wow.exe`).
+- **`update_feed_url`**: optional generic HTTPS base for launcher auto-update.
+- **`launcher_updates_from_github`**: default **`false`**. Only when **`true`** will a **`GITHUB_TOKEN`** (or **`github.token_env`**) enable **electron-updater**’s GitHub provider against **`github.owner` / `github.repo`**. Leave **`false`** when launcher binaries and **`latest.yml`** live on **Gitea** (use **`gitea`** + token instead) so a stray GitHub token does not produce “No published versions on GitHub”.
+- **`gitea`**: **`base_url`**, **`owner`**, **`repo`**, **`release_tag`**, **`token_env`** — when **`base_url`** is set (and owner/repo set), **`from_release`** downloads and (with token if needed) the **generic** updater feed use **Gitea**. **Required** for players if your CI mirrors patches/launchers to Gitea only.
+- **`github`**: used for **non-release** repo paths (`from_release`: false) and for **GitHub** **`from_release`** when **`gitea.base_url`** is empty.
+- **`patch_manifest`**: **`enabled`**, **`source`** (default `patch-manifest.json`), **`from_release`** — checksum-based skip + verify (see above).
+- **`files`**, **`realmlist`**, **`auth`**, **`launch`**.

tools/fractured-launcher-electron/default-launcher.json

@@ -0,0 +1,55 @@
+{
+  "game_dir": "",
+  "update_feed_url": "",
+  "launcher_updates_from_github": false,
+  "gitea": {
+    "base_url": "",
+    "owner": "",
+    "repo": "",
+    "release_tag": "latest",
+    "token_env": "GITEA_TOKEN"
+  },
+  "github": {
+    "owner": "Dawnforger",
+    "repo": "Fractured",
+    "ref": "main",
+    "release_tag": "latest",
+    "token_env": "GITHUB_TOKEN"
+  },
+  "patch_manifest": {
+    "enabled": true,
+    "source": "patch-manifest.json",
+    "from_release": true
+  },
+  "files": [
+    {
+      "source": "patch-Z.MPQ",
+      "dest": "Data/patch-Z.MPQ",
+      "backup": true,
+      "from_release": true
+    },
+    {
+      "source": "Wow-patched.exe",
+      "dest": "Wow.exe",
+      "backup": true,
+      "from_release": true
+    }
+  ],
+  "realmlist": {
+    "enabled": true,
+    "line": "set realmlist fracturedwow.ddns.net:47497",
+    "paths": ["Data/enUS/realmlist.wtf", "Data/enGB/realmlist.wtf"]
+  },
+  "auth": {
+    "enabled": false,
+    "url": "https://auth.your-realm.example/api/launcher/login",
+    "method": "POST",
+    "username_field": "username",
+    "password_field": "password"
+  },
+  "launch": {
+    "exe": "Wow.exe",
+    "args": [],
+    "linux_wrapper": ["wine"]
+  }
+}

tools/fractured-launcher-electron/index.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'" />
+  <title>Fractured Launcher</title>
+  <link rel="stylesheet" href="styles.css" />
+</head>
+<body>
+  <header>
+    <h1>Fractured Launcher</h1>
+    <p class="sub">Point at your 3.3.5a client, download patches, then play.</p>
+  </header>
+
+  <section class="card">
+    <label class="lbl">World of Warcraft folder (contains <span id="wowExeName">Wow.exe</span>)</label>
+    <div class="row">
+      <input type="text" id="gameDir" placeholder="Browse… or paste the folder that contains Wow.exe" />
+      <button type="button" id="btnBrowse">Browse…</button>
+      <button type="button" id="btnSaveFolder" class="primary">Save folder</button>
+    </div>
+  </section>
+
+  <section class="card hidden" id="authCard">
+    <label class="lbl">Account</label>
+    <div class="row stack">
+      <input type="text" id="username" autocomplete="username" placeholder="Username" />
+      <input type="password" id="password" autocomplete="current-password" placeholder="Password" />
+      <button type="button" id="btnAuth" class="primary">Sign in</button>
+    </div>
+  </section>
+
+  <section class="card row-actions">
+    <button type="button" id="btnCheckLauncher" class="ghost">Check launcher updates</button>
+  </section>
+
+  <section class="card">
+    <button type="button" id="btnSync" class="primary wide" disabled>Download updates</button>
+    <button type="button" id="btnPlay" class="success wide hidden" disabled>Play</button>
+  </section>
+
+  <pre id="log" class="log" aria-live="polite"></pre>
+
+  <script src="renderer.js"></script>
+</body>
+</html>

tools/fractured-launcher-electron/lib/auto-update.js

@@ -0,0 +1,148 @@
+'use strict';
+
+const { dialog } = require('electron');
+const { autoUpdater } = require('electron-updater');
+const { useGiteaReleases, getGiteaUpdaterFeedBase } = require('./gitea-release');
+
+/**
+ * @param {import('electron').App} app
+ * @param {() => import('electron').BrowserWindow | null} getMainWindow
+ * @param {{
+ *   updateFeedUrl?: string,
+ *   githubOwner?: string,
+ *   githubRepo?: string,
+ *   githubToken?: string,
+ *   giteaToken?: string,
+ *   allowGithubLauncherUpdates?: boolean,
+ *   config?: object,
+ * }} opts
+ */
+async function setupAutoUpdater(app, getMainWindow, opts = {}) {
+  if (!app.isPackaged) {
+    return {
+      checkNow: async () => ({ skipped: true, reason: 'development build' }),
+    };
+  }
+
+  const ghToken = String(opts.githubToken || '').trim();
+  const giteaTok = String(opts.giteaToken || '').trim();
+  const envGeneric = String(process.env.LAUNCHER_UPDATE_URL || '').trim();
+  const configGeneric = String(opts.updateFeedUrl || '').trim();
+  let genericUrl = envGeneric || configGeneric;
+  let genericAuthHeader = '';
+
+  if (!genericUrl && opts.config && useGiteaReleases(opts.config)) {
+    const gfb = await getGiteaUpdaterFeedBase(opts.config);
+    if (gfb && gfb.url) {
+      genericUrl = gfb.url;
+      const t = String(gfb.token || giteaTok || '').trim();
+      if (t) genericAuthHeader = `token ${t}`;
+    }
+  } else if (genericUrl) {
+    if (giteaTok) genericAuthHeader = `token ${giteaTok}`;
+    else if (ghToken) genericAuthHeader = `Bearer ${ghToken}`;
+  }
+
+  const owner = String(opts.githubOwner || '').trim();
+  const repo = String(opts.githubRepo || '').trim();
+
+  let feedConfigured = false;
+
+  if (genericUrl) {
+    const base = genericUrl.replace(/\/?$/, '/');
+    autoUpdater.setFeedURL({
+      provider: 'generic',
+      url: base,
+    });
+    if (genericAuthHeader) {
+      autoUpdater.requestHeaders = {
+        ...autoUpdater.requestHeaders,
+        Authorization: genericAuthHeader,
+      };
+    }
+    feedConfigured = true;
+  } else if (opts.allowGithubLauncherUpdates && ghToken && owner && repo) {
+    autoUpdater.setFeedURL({
+      provider: 'github',
+      owner,
+      repo,
+      private: true,
+      token: ghToken,
+    });
+    feedConfigured = true;
+  }
+
+  if (!feedConfigured) {
+    const reason =
+      'No update channel configured. Set launcher.json → update_feed_url (HTTPS folder with latest.yml), ' +
+      'or fill gitea.base_url/owner/repo (+ GITEA_TOKEN for private), ' +
+      'or set launcher_updates_from_github to true with GITHUB_TOKEN for private GitHub release feeds.';
+    return {
+      checkNow: async () => ({ skipped: true, reason }),
+    };
+  }
+
+  autoUpdater.autoDownload = true;
+  autoUpdater.autoInstallOnAppQuit = true;
+
+  const send = (msg) => {
+    const w = getMainWindow();
+    if (w && !w.isDestroyed()) {
+      w.webContents.send('launcher:progress', msg);
+    }
+  };
+
+  autoUpdater.on('checking-for-update', () => send('Checking for launcher updates…'));
+  autoUpdater.on('update-available', (info) => {
+    send(`Launcher update available: ${info.version}`);
+  });
+  autoUpdater.on('update-not-available', () => {});
+  autoUpdater.on('error', (err) => {
+    const m = (err && (err.message || String(err))) || '';
+    if (/404|releases\.atom|HttpError:\s*404/i.test(m)) {
+      send(
+        'Launcher update: 404 (no latest.yml or wrong URL). For Gitea use gitea.* + token, or set update_feed_url. ' +
+          'For private GitHub set GITHUB_TOKEN.'
+      );
+      return;
+    }
+    if (m && !/net::ERR|ENOTFOUND|ETIMEDOUT/i.test(m)) {
+      send(`Launcher update: ${m.slice(0, 400)}`);
+    }
+  });
+  autoUpdater.on('download-progress', (p) => {
+    const pct = Math.round(p.percent || 0);
+    send(`Launcher update download: ${pct}%`);
+  });
+  autoUpdater.on('update-downloaded', async (info) => {
+    const win = getMainWindow();
+    const r = await dialog.showMessageBox(win || undefined, {
+      type: 'info',
+      title: 'Launcher update',
+      message: `Version ${info.version} is ready to install.`,
+      detail: 'Restart the launcher now to finish. You can finish patching WoW after restart.',
+      buttons: ['Restart now', 'Later'],
+      defaultId: 0,
+      cancelId: 1,
+      noLink: true,
+    });
+    if (r.response === 0) {
+      autoUpdater.quitAndInstall(false, true);
+    }
+  });
+
+  const checkNow = async () => {
+    const r = await autoUpdater.checkForUpdates();
+    return { ok: true, updateInfo: r && r.updateInfo };
+  };
+
+  const tick = () => {
+    checkNow().catch(() => {});
+  };
+  setTimeout(tick, 5000);
+  setInterval(tick, 6 * 60 * 60 * 1000);
+
+  return { checkNow };
+}
+
+module.exports = { setupAutoUpdater };

tools/fractured-launcher-electron/lib/baked-gitea-channel.js

@@ -0,0 +1,14 @@
+'use strict';
+
+/**
+ * Production Gitea mirror (non-secret). Edit here and ship — no inject script,
+ * no fractured-release-channel.json, no CI env needed for these fields.
+ * Token stays in env: GITEA_TOKEN or launcher.json → gitea.token_env.
+ */
+module.exports = {
+  // Scheme optional — gitea-release normalizes to https:// if missing.
+  base_url: 'https://brassnet.ddns.net:33983',
+  owner: 'Dawnsorrow',
+  repo: 'Fractured-Distro',
+  release_tag: 'latest',
+};

tools/fractured-launcher-electron/lib/config-store.js

@@ -0,0 +1,87 @@
+'use strict';
+
+const path = require('path');
+const fs = require('fs').promises;
+
+function mergeConfig(defaults, user) {
+  return {
+    ...defaults,
+    ...user,
+    update_feed_url:
+      user.update_feed_url != null && user.update_feed_url !== ''
+        ? user.update_feed_url
+        : defaults.update_feed_url,
+    launcher_updates_from_github:
+      user.launcher_updates_from_github != null
+        ? user.launcher_updates_from_github
+        : defaults.launcher_updates_from_github,
+    github: { ...defaults.github, ...(user.github || {}) },
+    gitea: { ...defaults.gitea, ...(user.gitea || {}) },
+    patch_manifest: { ...defaults.patch_manifest, ...(user.patch_manifest || {}) },
+    launch: { ...defaults.launch, ...(user.launch || {}) },
+    auth: user.auth != null ? { ...defaults.auth, ...user.auth } : defaults.auth,
+    realmlist: user.realmlist != null ? { ...defaults.realmlist, ...user.realmlist } : defaults.realmlist,
+    files: Array.isArray(user.files) && user.files.length ? user.files : defaults.files,
+  };
+}
+
+/** Hardcoded Gitea host/repo (see lib/baked-gitea-channel.js). Non-empty baked values win. */
+function applyBakedGitea(cfg) {
+  let baked;
+  try {
+    baked = require('./baked-gitea-channel');
+  } catch {
+    return cfg;
+  }
+  if (!baked || typeof baked !== 'object') return cfg;
+  cfg.gitea = { ...(cfg.gitea || {}) };
+  for (const k of ['base_url', 'owner', 'repo', 'release_tag']) {
+    const v = baked[k];
+    if (v != null && String(v).trim() !== '') cfg.gitea[k] = String(v).trim();
+  }
+  return cfg;
+}
+
+function getConfigPath(app) {
+  if (process.env.FRACTURED_LAUNCHER_CONFIG) return process.env.FRACTURED_LAUNCHER_CONFIG;
+  if (app && app.isPackaged) {
+    return path.join(path.dirname(process.execPath), 'launcher.json');
+  }
+  return path.join(__dirname, '..', 'launcher.json');
+}
+
+async function loadConfig(app) {
+  const p = getConfigPath(app);
+  const defPath = path.join(__dirname, '..', 'default-launcher.json');
+  const defaults = JSON.parse(await fs.readFile(defPath, 'utf8'));
+  try {
+    const user = JSON.parse(await fs.readFile(p, 'utf8'));
+    return { configPath: p, config: applyBakedGitea(mergeConfig(defaults, user)) };
+  } catch (e) {
+    if (e.code === 'ENOENT') {
+      const initial = applyBakedGitea(mergeConfig(defaults, {}));
+      await fs.writeFile(p, JSON.stringify(initial, null, 2), 'utf8');
+      return { configPath: p, config: JSON.parse(JSON.stringify(initial)) };
+    }
+    throw e;
+  }
+}
+
+async function saveGameDir(configPath, gameDir) {
+  const defPath = path.join(__dirname, '..', 'default-launcher.json');
+  const defaults = JSON.parse(await fs.readFile(defPath, 'utf8'));
+  const user = JSON.parse(await fs.readFile(configPath, 'utf8'));
+  user.game_dir = gameDir;
+  const merged = applyBakedGitea(mergeConfig(defaults, user));
+  await fs.writeFile(configPath, JSON.stringify(merged, null, 2), 'utf8');
+  return merged;
+}
+
+function resolveGameDir(cfg, configPath) {
+  const gd = cfg.game_dir;
+  if (!gd) return '';
+  if (path.isAbsolute(gd)) return path.normalize(gd);
+  return path.normalize(path.join(path.dirname(configPath), gd));
+}
+
+module.exports = { getConfigPath, loadConfig, saveGameDir, resolveGameDir, mergeConfig, applyBakedGitea };

tools/fractured-launcher-electron/lib/gitea-release.js

@@ -0,0 +1,107 @@
+'use strict';
+
+const { downloadBodyToFile } = require('./http-download');
+
+function normalizeGiteaBaseUrl(raw) {
+  let b = String(raw || '').trim().replace(/\/+$/, '');
+  if (!b) return '';
+  if (!/^https?:\/\//i.test(b)) b = `https://${b}`;
+  return b;
+}
+
+function giteaApiBase(cfg) {
+  const base = normalizeGiteaBaseUrl(cfg.gitea.base_url);
+  return `${base}/api/v1`;
+}
+
+function giteaToken(cfg) {
+  const name = cfg.gitea && cfg.gitea.token_env;
+  if (name && process.env[name]) return String(process.env[name]).trim();
+  return String(process.env.GITEA_TOKEN || '').trim();
+}
+
+function giteaHeaders(token, json = false) {
+  const h = { 'User-Agent': 'Fractured-Launcher-Electron' };
+  if (json) h.Accept = 'application/json';
+  if (token) h.Authorization = `token ${token}`;
+  return h;
+}
+
+function useGiteaReleases(cfg) {
+  const g = cfg.gitea;
+  if (!g) return false;
+  return !!(String(g.base_url || '').trim() && String(g.owner || '').trim() && String(g.repo || '').trim());
+}
+
+async function downloadGiteaReleaseAsset(cfg, assetName, destPath) {
+  const api = giteaApiBase(cfg);
+  const { owner, repo } = cfg.gitea;
+  const tag = (cfg.gitea.release_tag || 'latest').trim() || 'latest';
+  const token = giteaToken(cfg);
+
+  let listUrl;
+  if (tag.toLowerCase() === 'latest') {
+    listUrl = `${api}/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/releases/latest`;
+  } else {
+    listUrl = `${api}/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/releases/tags/${encodeURIComponent(tag)}`;
+  }
+
+  const res = await fetch(listUrl, { headers: giteaHeaders(token, true) });
+  const text = await res.text();
+  if (!res.ok) {
+    let hint = '';
+    if (res.status === 404) hint = ' (wrong tag / no release / check base_url owner repo)';
+    if (res.status === 401 || res.status === 403) hint = ' (set GITEA_TOKEN or gitea.token_env)';
+    throw new Error(`Gitea release ${res.status}${hint}: ${text.slice(0, 600)}`);
+  }
+  const rel = JSON.parse(text);
+  const list = rel.attachments || rel.assets || [];
+  let downloadUrl = '';
+  for (const a of list) {
+    if (a.name !== assetName) continue;
+    downloadUrl = a.browser_download_url || a.download_url || '';
+    break;
+  }
+  if (!downloadUrl) {
+    const names = list.map((x) => x.name).filter(Boolean);
+    throw new Error(`Gitea release asset "${assetName}" not found; attachments: ${names.join(', ') || '(none)'}`);
+  }
+
+  const h = { Accept: 'application/octet-stream' };
+  if (token) h.Authorization = `token ${token}`;
+  const dl = await fetch(downloadUrl, { headers: h, redirect: 'follow' });
+  await downloadBodyToFile(dl, destPath);
+}
+
+/**
+ * Base URL for electron-updater generic provider (expects latest.yml under this path).
+ * Matches Gitea’s pattern: …/owner/repo/releases/download/{tag}/latest.yml
+ */
+async function getGiteaUpdaterFeedBase(cfg) {
+  if (!useGiteaReleases(cfg)) return null;
+  const api = giteaApiBase(cfg);
+  const { owner, repo } = cfg.gitea;
+  const tag = (cfg.gitea.release_tag || 'latest').trim() || 'latest';
+  const token = giteaToken(cfg);
+  let listUrl;
+  if (tag.toLowerCase() === 'latest') {
+    listUrl = `${api}/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/releases/latest`;
+  } else {
+    listUrl = `${api}/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/releases/tags/${encodeURIComponent(tag)}`;
+  }
+  const res = await fetch(listUrl, { headers: giteaHeaders(token, true) });
+  if (!res.ok) return null;
+  const rel = await res.json();
+  const tagName = rel.tag_name;
+  if (!tagName || typeof tagName !== 'string') return null;
+  const root = normalizeGiteaBaseUrl(cfg.gitea.base_url);
+  const url = `${root}/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/releases/download/${encodeURIComponent(tagName)}/`;
+  return { url, token };
+}
+
+module.exports = {
+  downloadGiteaReleaseAsset,
+  giteaToken,
+  useGiteaReleases,
+  getGiteaUpdaterFeedBase,
+};

tools/fractured-launcher-electron/lib/github-token.js

@@ -0,0 +1,9 @@
+'use strict';
+
+function githubToken(cfg) {
+  const name = cfg.github && cfg.github.token_env;
+  if (name && process.env[name]) return process.env[name];
+  return process.env.GITHUB_TOKEN || '';
+}
+
+module.exports = { githubToken };

tools/fractured-launcher-electron/lib/github.js

@@ -0,0 +1,121 @@
+'use strict';
+
+const path = require('path');
+const fs = require('fs').promises;
+const { githubToken } = require('./github-token');
+const { downloadGiteaReleaseAsset, useGiteaReleases } = require('./gitea-release');
+const { fetchToFile, downloadBodyToFile } = require('./http-download');
+
+function encodeRepoPath(repoPath) {
+  let p = String(repoPath || '').replace(/\\/g, '/').replace(/^\/+|\/+$/g, '');
+  if (!p) return '';
+  return p.split('/').map((seg) => encodeURIComponent(seg)).join('/');
+}
+
+function ghHeaders(token, json = false) {
+  const h = {
+    'User-Agent': 'Fractured-Launcher-Electron',
+    'X-GitHub-Api-Version': '2022-11-28',
+  };
+  if (json) h.Accept = 'application/vnd.github+json';
+  if (token) h.Authorization = `Bearer ${token}`;
+  return h;
+}
+
+async function downloadGitHubRepoFile(cfg, repoPath, destPath) {
+  const token = githubToken(cfg);
+  const enc = encodeRepoPath(repoPath);
+  const ref = cfg.github.ref || 'main';
+  const { owner, repo } = cfg.github;
+
+  if (!token) {
+    const url = `https://raw.githubusercontent.com/${owner}/${repo}/${ref}/${enc}`;
+    await fetchToFile(url, {}, destPath);
+    return;
+  }
+
+  const apiUrl = `https://api.github.com/repos/${owner}/${repo}/contents/${enc}?ref=${encodeURIComponent(ref)}`;
+  const res = await fetch(apiUrl, { headers: ghHeaders(token, true) });
+  const body = await res.text();
+  if (!res.ok) {
+    throw new Error(`GitHub contents API ${res.status}: ${body.slice(0, 800)}`);
+  }
+  const meta = JSON.parse(body);
+  if (meta.type && meta.type !== 'file') {
+    throw new Error(`not a file: ${repoPath}`);
+  }
+  if (meta.download_url) {
+    const h = { Accept: 'application/octet-stream' };
+    if (token) {
+      h.Authorization = `Bearer ${token}`;
+      h['X-GitHub-Api-Version'] = '2022-11-28';
+    }
+    await fetchToFile(meta.download_url, h, destPath);
+    return;
+  }
+  if (meta.content && meta.encoding === 'base64') {
+    const buf = Buffer.from(String(meta.content).replace(/\n/g, ''), 'base64');
+    if (!buf.length) throw new Error('empty base64 content');
+    await fs.mkdir(path.dirname(destPath), { recursive: true });
+    const tmp = destPath + '.downloading';
+    await fs.writeFile(tmp, buf);
+    await fs.rename(tmp, destPath);
+    return;
+  }
+  throw new Error(`unexpected GitHub response for ${repoPath}`);
+}
+
+async function downloadReleaseAsset(cfg, assetName, destPath) {
+  if (useGiteaReleases(cfg)) {
+    return downloadGiteaReleaseAsset(cfg, assetName, destPath);
+  }
+  const token = githubToken(cfg);
+  const tag = (cfg.github.release_tag || 'latest').trim() || 'latest';
+  const { owner, repo } = cfg.github;
+  let listUrl;
+  if (tag.toLowerCase() === 'latest') {
+    listUrl = `https://api.github.com/repos/${owner}/${repo}/releases/latest`;
+  } else {
+    listUrl = `https://api.github.com/repos/${owner}/${repo}/releases/tags/${encodeURIComponent(tag)}`;
+  }
+  const res = await fetch(listUrl, { headers: ghHeaders(token, true) });
+  const text = await res.text();
+  if (!res.ok) {
+    let hint = '';
+    if (res.status === 404) {
+      hint =
+        ' (wrong tag, private repo without token, or releases live on Gitea — set gitea.base_url, gitea.owner, gitea.repo in launcher.json)';
+    }
+    if (res.status === 401 || res.status === 403) hint = ' (set GITHUB_TOKEN or token_env PAT)';
+    throw new Error(`releases list ${res.status}${hint}: ${text.slice(0, 600)}`);
+  }
+  const rel = JSON.parse(text);
+  const assets = rel.assets || [];
+  let assetURL = '';
+  for (const a of assets) {
+    if (a.name !== assetName) continue;
+    if (token && a.url) {
+      assetURL = a.url;
+      break;
+    }
+    if (a.browser_download_url) {
+      assetURL = a.browser_download_url;
+      break;
+    }
+    assetURL = a.url;
+    break;
+  }
+  if (!assetURL) {
+    const names = assets.map((x) => x.name);
+    throw new Error(`release asset "${assetName}" not found; attachments: ${names.join(', ')}`);
+  }
+  const h = { Accept: 'application/octet-stream' };
+  if (token) {
+    h.Authorization = `Bearer ${token}`;
+    h['X-GitHub-Api-Version'] = '2022-11-28';
+  }
+  const dl = await fetch(assetURL, { headers: h, redirect: 'follow' });
+  await downloadBodyToFile(dl, destPath);
+}
+
+module.exports = { downloadGitHubRepoFile, downloadReleaseAsset, encodeRepoPath };

tools/fractured-launcher-electron/lib/http-download.js

@@ -0,0 +1,40 @@
+'use strict';
+
+const fs = require('fs').promises;
+const path = require('path');
+const { createWriteStream } = require('fs');
+const { pipeline } = require('stream/promises');
+const { Readable } = require('stream');
+
+async function downloadBodyToFile(res, destPath) {
+  if (!res.ok) {
+    const errText = await res.text().catch(() => '');
+    throw new Error(`HTTP ${res.status}: ${errText.slice(0, 500)}`);
+  }
+  if (!res.body) {
+    throw new Error('download has no body');
+  }
+  await fs.mkdir(path.dirname(destPath), { recursive: true });
+  const tmp = destPath + '.downloading';
+  let body = res.body;
+  if (body && typeof body.pipe !== 'function') {
+    body = Readable.fromWeb(body);
+  }
+  await pipeline(body, createWriteStream(tmp));
+  const st = await fs.stat(tmp);
+  if (st.size === 0) {
+    await fs.unlink(tmp).catch(() => {});
+    throw new Error('empty download');
+  }
+  await fs.rename(tmp, destPath);
+}
+
+async function fetchToFile(url, headers, destPath) {
+  const res = await fetch(url, {
+    headers,
+    redirect: 'follow',
+  });
+  await downloadBodyToFile(res, destPath);
+}
+
+module.exports = { fetchToFile, downloadBodyToFile };

tools/fractured-launcher-electron/lib/patch-manifest.js

@@ -0,0 +1,144 @@
+'use strict';
+
+const fs = require('fs').promises;
+const path = require('path');
+const os = require('os');
+const { createHash } = require('node:crypto');
+const { downloadReleaseAsset, downloadGitHubRepoFile } = require('./github');
+
+async function sha256File(absPath) {
+  const buf = await fs.readFile(absPath);
+  return createHash('sha256').update(buf).digest('hex');
+}
+
+function stateDir(gameDir) {
+  return path.join(gameDir, '.fractured');
+}
+
+function statePath(gameDir) {
+  return path.join(stateDir(gameDir), 'patch-state.json');
+}
+
+async function readPatchState(gameDir) {
+  if (!gameDir) return null;
+  try {
+    const t = await fs.readFile(statePath(gameDir), 'utf8');
+    return JSON.parse(t);
+  } catch {
+    return null;
+  }
+}
+
+async function writePatchState(gameDir, manifestVersion, fileShas) {
+  const p = statePath(gameDir);
+  await fs.mkdir(path.dirname(p), { recursive: true });
+  const body = {
+    client_build: manifestVersion,
+    updated_at: new Date().toISOString(),
+    files: fileShas,
+  };
+  const tmp = p + '.tmp';
+  await fs.writeFile(tmp, JSON.stringify(body, null, 2), 'utf8');
+  await fs.rename(tmp, p);
+}
+
+function validateManifest(m) {
+  if (!m || m.version == null || String(m.version).trim() === '') return false;
+  if (!m.files || typeof m.files !== 'object') return false;
+  return true;
+}
+
+/**
+ * Download and parse patch-manifest.json (or custom name). Returns null on any failure.
+ */
+async function loadManifest(cfg) {
+  const pm = cfg.patch_manifest;
+  if (!pm || !pm.enabled || !String(pm.source || '').trim()) return null;
+  const tmp = path.join(os.tmpdir(), `fr-patch-manifest-${Date.now()}-${Math.random().toString(36).slice(2)}.json`);
+  try {
+    if (pm.from_release) {
+      await downloadReleaseAsset(cfg, String(pm.source).trim(), tmp);
+    } else {
+      await downloadGitHubRepoFile(cfg, String(pm.source).trim(), tmp);
+    }
+    const raw = await fs.readFile(tmp, 'utf8');
+    await fs.unlink(tmp).catch(() => {});
+    return JSON.parse(raw);
+  } catch {
+    await fs.unlink(tmp).catch(() => {});
+    return null;
+  }
+}
+
+/**
+ * True if every from_release file on disk matches manifest sha256.
+ */
+async function patchesMatchManifest(cfg, manifest, onStatus) {
+  if (!validateManifest(manifest)) return false;
+  const gameDir = cfg.game_dir;
+  for (const entry of cfg.files || []) {
+    if (!entry.from_release) continue;
+    const spec = manifest.files[entry.source];
+    if (!spec || !spec.sha256) return false;
+    const parts = String(entry.dest).replace(/\\/g, '/').split('/').filter(Boolean);
+    const destAbs = path.join(gameDir, ...parts);
+    let disk;
+    try {
+      disk = await sha256File(destAbs);
+    } catch {
+      return false;
+    }
+    if (disk.toLowerCase() !== String(spec.sha256).trim().toLowerCase()) return false;
+  }
+  if (onStatus) {
+    onStatus(`Client files already match build ${manifest.version} (nothing to download).`);
+  }
+  return true;
+}
+
+async function verifyInstalledAgainstManifest(cfg, manifest) {
+  if (!validateManifest(manifest)) return;
+  for (const entry of cfg.files || []) {
+    if (!entry.from_release) continue;
+    const spec = manifest.files[entry.source];
+    if (!spec || !spec.sha256) {
+      throw new Error(
+        `patch-manifest.json is missing a sha256 for "${entry.source}" — regenerate the manifest for this release.`
+      );
+    }
+    const parts = String(entry.dest).replace(/\\/g, '/').split('/').filter(Boolean);
+    const destAbs = path.join(cfg.game_dir, ...parts);
+    const disk = await sha256File(destAbs);
+    if (disk.toLowerCase() !== String(spec.sha256).trim().toLowerCase()) {
+      throw new Error(
+        `${entry.source}: checksum mismatch after install (expected ${spec.sha256.slice(0, 12)}…, got ${disk.slice(0, 12)}…). Try syncing again.`
+      );
+    }
+  }
+}
+
+async function recordPatchState(cfg, manifest) {
+  if (!validateManifest(manifest)) return;
+  const shas = {};
+  for (const entry of cfg.files || []) {
+    if (!entry.from_release) continue;
+    const parts = String(entry.dest).replace(/\\/g, '/').split('/').filter(Boolean);
+    const destAbs = path.join(cfg.game_dir, ...parts);
+    try {
+      shas[entry.source] = await sha256File(destAbs);
+    } catch {
+      /* skip */
+    }
+  }
+  await writePatchState(cfg.game_dir, String(manifest.version), shas);
+}
+
+module.exports = {
+  loadManifest,
+  validateManifest,
+  patchesMatchManifest,
+  verifyInstalledAgainstManifest,
+  recordPatchState,
+  readPatchState,
+  statePath,
+};

tools/fractured-launcher-electron/lib/patch.js

@@ -0,0 +1,117 @@
+'use strict';
+
+const path = require('path');
+const fs = require('fs').promises;
+const { downloadGitHubRepoFile, downloadReleaseAsset } = require('./github');
+
+function pad2(n) {
+  return String(n).padStart(2, '0');
+}
+function backupSuffix() {
+  const d = new Date();
+  return `${d.getFullYear()}${pad2(d.getMonth() + 1)}${pad2(d.getDate())}-${pad2(d.getHours())}${pad2(d.getMinutes())}${pad2(d.getSeconds())}`;
+}
+
+function wowExePath(cfg) {
+  const exe = (cfg.launch && cfg.launch.exe) || 'Wow.exe';
+  const parts = exe.replace(/\\/g, '/').split('/').filter(Boolean);
+  return path.join(cfg.game_dir, ...parts);
+}
+
+function wowInstallValid(cfg) {
+  if (!cfg.game_dir) return false;
+  return require('fs').existsSync(wowExePath(cfg));
+}
+
+async function installFile(cfg, entry) {
+  const parts = String(entry.dest).replace(/\\/g, '/').split('/').filter(Boolean);
+  const destAbs = path.join(cfg.game_dir, ...parts);
+  if (entry.backup) {
+    try {
+      const st = await fs.stat(destAbs);
+      if (st.isFile()) {
+        const bak = `${destAbs}.bak-${backupSuffix()}`;
+        await fs.rename(destAbs, bak);
+      }
+    } catch (e) {
+      if (e.code !== 'ENOENT') throw e;
+    }
+  } else {
+    try {
+      await fs.unlink(destAbs);
+    } catch (e) {
+      if (e.code !== 'ENOENT') throw e;
+    }
+  }
+  const tmp = destAbs + '.new';
+  if (entry.from_release) {
+    await downloadReleaseAsset(cfg, entry.source, tmp);
+  } else {
+    await downloadGitHubRepoFile(cfg, entry.source, tmp);
+  }
+  await fs.rename(tmp, destAbs);
+}
+
+async function applyRealmlist(cfg) {
+  if (!cfg.realmlist || !cfg.realmlist.enabled) return;
+  let line = String(cfg.realmlist.line || '').trim();
+  if (!line) throw new Error('realmlist.line empty');
+  if (!line.toLowerCase().startsWith('set realmlist ')) {
+    line = `set realmlist ${line}`;
+  }
+  const content = line + '\n';
+  let paths = cfg.realmlist.paths;
+  if (!paths || !paths.length) paths = ['Data/enUS/realmlist.wtf'];
+  for (const rel of paths) {
+    const r = String(rel).trim().replace(/\\/g, '/');
+    if (!r) continue;
+    const segs = r.split('/').filter(Boolean);
+    const abs = path.join(cfg.game_dir, ...segs);
+    await fs.mkdir(path.dirname(abs), { recursive: true });
+    await fs.writeFile(abs, content, 'utf8');
+  }
+}
+
+async function applyPatches(cfg, onStatus) {
+  for (const f of cfg.files || []) {
+    if (onStatus) onStatus(`Updating ${f.dest} …`);
+    try {
+      await installFile(cfg, f);
+    } catch (e) {
+      throw new Error(`sync ${f.dest}: ${e.message || e}`);
+    }
+  }
+  if (cfg.realmlist && cfg.realmlist.enabled) {
+    if (onStatus) onStatus('Applying realmlist …');
+    await applyRealmlist(cfg);
+  }
+  if (onStatus) onStatus('All patches applied.');
+}
+
+async function doAuth(cfg, username, password) {
+  if (!cfg.auth || !cfg.auth.enabled) return;
+  const u = String(username || '').trim();
+  const p = String(password || '');
+  if (!u || !p) throw new Error('username and password required');
+  const body = {
+    [cfg.auth.username_field || 'username']: u,
+    [cfg.auth.password_field || 'password']: p,
+  };
+  const res = await fetch(cfg.auth.url, {
+    method: cfg.auth.method || 'POST',
+    headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+    body: JSON.stringify(body),
+  });
+  const t = await res.text();
+  if (res.status < 200 || res.status >= 300) {
+    throw new Error(`login failed ${res.status}: ${t.slice(0, 400)}`);
+  }
+}
+
+module.exports = {
+  applyPatches,
+  applyRealmlist,
+  wowExePath,
+  wowInstallValid,
+  doAuth,
+};

tools/fractured-launcher-electron/main.js

@@ -0,0 +1,156 @@
+'use strict';
+
+const { app, BrowserWindow, ipcMain, dialog, Menu } = require('electron');
+const path = require('path');
+const { spawn } = require('child_process');
+const { loadConfig, saveGameDir, resolveGameDir } = require('./lib/config-store');
+const { applyPatches, wowExePath, wowInstallValid, doAuth } = require('./lib/patch');
+const { readPatchState } = require('./lib/patch-manifest');
+const { setupAutoUpdater } = require('./lib/auto-update');
+
+let mainWindow;
+let autoUpdateApi = {
+  checkNow: async () => ({ skipped: true, reason: 'not initialized' }),
+};
+
+function createWindow() {
+  mainWindow = new BrowserWindow({
+    width: 720,
+    height: 640,
+    show: false,
+    autoHideMenuBar: true,
+    webPreferences: {
+      preload: path.join(__dirname, 'preload.cjs'),
+      contextIsolation: true,
+      nodeIntegration: false,
+      sandbox: false,
+    },
+  });
+  Menu.setApplicationMenu(null);
+  mainWindow.loadFile(path.join(__dirname, 'index.html'));
+  mainWindow.once('ready-to-show', () => mainWindow.show());
+}
+
+function sendProgress(msg) {
+  if (mainWindow && !mainWindow.isDestroyed()) {
+    mainWindow.webContents.send('launcher:progress', msg);
+  }
+}
+
+async function readMergedConfig() {
+  const { configPath, config } = await loadConfig(app);
+  const gameDir = resolveGameDir(config, configPath);
+  const merged = { ...config, game_dir: gameDir };
+  return { configPath, config: merged };
+}
+
+app.whenReady().then(async () => {
+  createWindow();
+  const { config } = await loadConfig(app);
+  const ghEnv = config.github && config.github.token_env;
+  const githubToken =
+    (ghEnv && String(process.env[ghEnv] || '').trim()) ||
+    String(process.env.GH_TOKEN || process.env.GITHUB_TOKEN || '').trim();
+  const giteaEnv = config.gitea && config.gitea.token_env;
+  const giteaToken =
+    (giteaEnv && String(process.env[giteaEnv] || '').trim()) ||
+    String(process.env.GITEA_TOKEN || '').trim();
+  const updateFeedUrl = String(process.env.LAUNCHER_UPDATE_URL || config.update_feed_url || '').trim();
+  autoUpdateApi = await setupAutoUpdater(app, () => mainWindow, {
+    updateFeedUrl,
+    config,
+    githubOwner: config.github && config.github.owner,
+    githubRepo: config.github && config.github.repo,
+    githubToken,
+    giteaToken,
+    allowGithubLauncherUpdates: config.launcher_updates_from_github === true,
+  });
+  app.on('activate', () => {
+    if (BrowserWindow.getAllWindows().length === 0) createWindow();
+  });
+});
+
+app.on('window-all-closed', () => {
+  if (process.platform !== 'darwin') app.quit();
+});
+
+ipcMain.handle('launcher:load', async () => {
+  const { configPath, config } = await readMergedConfig();
+  let clientBuild = '';
+  if (wowInstallValid(config)) {
+    const st = await readPatchState(config.game_dir);
+    if (st && st.client_build) clientBuild = String(st.client_build);
+  }
+  return {
+    configPath,
+    gameDir: config.game_dir || '',
+    authEnabled: !!(config.auth && config.auth.enabled),
+    wowExe: (config.launch && config.launch.exe) || 'Wow.exe',
+    wowOk: wowInstallValid(config),
+    clientBuild,
+  };
+});
+
+ipcMain.handle('launcher:saveGameDir', async (_e, dir) => {
+  const trimmed = String(dir || '').trim();
+  if (!trimmed) throw new Error('folder path is empty');
+  const { configPath } = await loadConfig(app);
+  const norm = path.normalize(trimmed);
+  const probe = { ...(await readMergedConfig()).config, game_dir: norm };
+  if (!wowInstallValid(probe)) {
+    throw new Error(`That folder does not contain ${(probe.launch && probe.launch.exe) || 'Wow.exe'}`);
+  }
+  const c = await saveGameDir(configPath, norm);
+  const merged = { ...c, game_dir: resolveGameDir(c, configPath) };
+  return { ok: true, gameDir: merged.game_dir, wowOk: wowInstallValid(merged) };
+});
+
+ipcMain.handle('launcher:pickFolder', async (_e, startDir) => {
+  const win = BrowserWindow.getFocusedWindow() || mainWindow;
+  const r = await dialog.showOpenDialog(win, {
+    title: 'Select World of Warcraft 3.3.5a folder',
+    properties: ['openDirectory', 'createDirectory'],
+    defaultPath: startDir && String(startDir).trim() ? String(startDir).trim() : undefined,
+  });
+  if (r.canceled || !r.filePaths || !r.filePaths[0]) return { canceled: true, path: '' };
+  return { canceled: false, path: r.filePaths[0] };
+});
+
+ipcMain.handle('launcher:auth', async (_e, { user, pass }) => {
+  const { config } = await readMergedConfig();
+  await doAuth(config, user, pass);
+  return { ok: true };
+});
+
+ipcMain.handle('launcher:sync', async () => {
+  const { config } = await readMergedConfig();
+  if (!wowInstallValid(config)) {
+    throw new Error('Set a valid WoW folder (must contain Wow.exe) first.');
+  }
+  await applyPatches(config, sendProgress);
+  return { ok: true };
+});
+
+ipcMain.handle('launcher:checkUpdates', async () => {
+  try {
+    return await autoUpdateApi.checkNow();
+  } catch (e) {
+    const msg = e && (e.message || String(e));
+    return { ok: false, error: msg };
+  }
+});
+
+ipcMain.handle('launcher:play', async () => {
+  const { config } = await readMergedConfig();
+  const exe = wowExePath(config);
+  const args = (config.launch && config.launch.args) || [];
+  const child = spawn(exe, args, {
+    cwd: config.game_dir,
+    detached: true,
+    stdio: 'ignore',
+    windowsHide: true,
+    shell: false,
+  });
+  child.unref();
+  return { ok: true };
+});

tools/fractured-launcher-electron/package.json

@@ -0,0 +1,77 @@
+{
+  "name": "fractured-launcher-electron",
+  "version": "1.0.2",
+  "description": "Fractured WoW launcher (Electron) — no console window, native folder picker, auto-update",
+  "main": "main.js",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Dawnforger/Fractured.git"
+  },
+  "scripts": {
+    "start": "electron .",
+    "pack:win": "electron-builder --win nsis portable --x64 --publish never",
+    "pack:linux": "electron-builder --linux AppImage --x64 --publish never",
+    "publish:win": "electron-builder --win nsis portable --x64 --publish never"
+  },
+  "author": "",
+  "license": "GPL-3.0",
+  "devDependencies": {
+    "electron": "^33.2.1",
+    "electron-builder": "^25.1.8"
+  },
+  "dependencies": {
+    "electron-updater": "^6.3.9"
+  },
+  "build": {
+    "appId": "net.fractured.launcher",
+    "productName": "Fractured Launcher",
+    "directories": {
+      "output": "dist"
+    },
+    "publish": null,
+    "files": [
+      "main.js",
+      "preload.cjs",
+      "index.html",
+      "renderer.js",
+      "styles.css",
+      "default-launcher.json",
+      "lib/baked-gitea-channel.js",
+      "lib/gitea-release.js",
+      "lib/patch-manifest.js",
+      "lib/**/*"
+    ],
+    "win": {
+      "target": [
+        {
+          "target": "nsis",
+          "arch": ["x64"]
+        },
+        {
+          "target": "portable",
+          "arch": ["x64"]
+        }
+      ]
+    },
+    "nsis": {
+      "oneClick": false,
+      "allowToChangeInstallationDirectory": true,
+      "artifactName": "Fractured-Launcher-${version}-Setup.${ext}"
+    },
+    "portable": {
+      "artifactName": "Fractured-Launcher-${version}-Windows-Portable.${ext}"
+    },
+    "linux": {
+      "target": [
+        {
+          "target": "AppImage",
+          "arch": ["x64"]
+        }
+      ],
+      "category": "Game"
+    },
+    "appImage": {
+      "artifactName": "Fractured-Launcher-${version}-Linux-x86_64.${ext}"
+    }
+  }
+}

tools/fractured-launcher-electron/preload.cjs

@@ -0,0 +1,16 @@
+'use strict';
+
+const { contextBridge, ipcRenderer } = require('electron');
+
+contextBridge.exposeInMainWorld('launcher', {
+  load: () => ipcRenderer.invoke('launcher:load'),
+  saveGameDir: (dir) => ipcRenderer.invoke('launcher:saveGameDir', dir),
+  pickFolder: (startDir) => ipcRenderer.invoke('launcher:pickFolder', startDir),
+  auth: (user, pass) => ipcRenderer.invoke('launcher:auth', { user, pass }),
+  sync: () => ipcRenderer.invoke('launcher:sync'),
+  checkUpdates: () => ipcRenderer.invoke('launcher:checkUpdates'),
+  play: () => ipcRenderer.invoke('launcher:play'),
+  onProgress: (cb) => {
+    ipcRenderer.on('launcher:progress', (_e, msg) => cb(msg));
+  },
+});

tools/fractured-launcher-electron/renderer.js

@@ -0,0 +1,130 @@
+'use strict';
+
+const logEl = document.getElementById('log');
+const gameDirEl = document.getElementById('gameDir');
+const btnBrowse = document.getElementById('btnBrowse');
+const btnSave = document.getElementById('btnSaveFolder');
+const btnSync = document.getElementById('btnSync');
+const btnPlay = document.getElementById('btnPlay');
+const btnCheckLauncher = document.getElementById('btnCheckLauncher');
+const authCard = document.getElementById('authCard');
+const btnAuth = document.getElementById('btnAuth');
+const wowExeName = document.getElementById('wowExeName');
+
+function log(msg) {
+  logEl.textContent += (logEl.textContent ? '\n' : '') + msg;
+  logEl.scrollTop = logEl.scrollHeight;
+}
+
+function setError(e) {
+  const m = e && (e.message || String(e));
+  log('Error: ' + m);
+}
+
+let authEnabled = false;
+let signedIn = false;
+
+async function refresh() {
+  try {
+    const s = await window.launcher.load();
+    authEnabled = s.authEnabled;
+    signedIn = !s.authEnabled;
+    wowExeName.textContent = s.wowExe || 'Wow.exe';
+    gameDirEl.value = s.gameDir || '';
+    authCard.classList.toggle('hidden', !authEnabled);
+    btnSync.disabled = !s.wowOk || (authEnabled && !signedIn);
+    btnPlay.classList.add('hidden');
+    btnPlay.disabled = true;
+    logEl.textContent = '';
+    if (!s.gameDir) log('Choose your WoW installation folder.');
+    else if (!s.wowOk) log('Folder does not look valid yet — pick the directory that contains ' + (s.wowExe || 'Wow.exe') + ', then Save folder.');
+    else if (authEnabled && !signedIn) log('Sign in, then download updates.');
+    else log('Ready — tap Download updates to sync from GitHub.');
+  } catch (e) {
+    setError(e);
+  }
+}
+
+window.launcher.onProgress((msg) => log(msg));
+
+btnBrowse.addEventListener('click', async () => {
+  try {
+    const start = gameDirEl.value.trim();
+    const r = await window.launcher.pickFolder(start);
+    if (!r.canceled && r.path) {
+      gameDirEl.value = r.path;
+      log('Selected: ' + r.path);
+    }
+  } catch (e) {
+    setError(e);
+  }
+});
+
+btnSave.addEventListener('click', async () => {
+  try {
+    const dir = gameDirEl.value.trim();
+    if (!dir) {
+      log('Pick a folder with Browse… first.');
+      return;
+    }
+    const r = await window.launcher.saveGameDir(dir);
+    gameDirEl.value = r.gameDir;
+    btnSync.disabled = !r.wowOk || (authEnabled && !signedIn);
+    log('Saved installation folder.');
+  } catch (e) {
+    setError(e);
+  }
+});
+
+btnAuth.addEventListener('click', async () => {
+  try {
+    const u = document.getElementById('username').value;
+    const p = document.getElementById('password').value;
+    await window.launcher.auth(u, p);
+    signedIn = true;
+    log('Signed in.');
+    btnSync.disabled = !gameDirEl.value.trim() || (authEnabled && !signedIn);
+    const s = await window.launcher.load();
+    btnSync.disabled = !s.wowOk;
+  } catch (e) {
+    setError(e);
+  }
+});
+
+btnSync.addEventListener('click', async () => {
+  btnSync.disabled = true;
+  log('—');
+  try {
+    await window.launcher.sync();
+    btnPlay.classList.remove('hidden');
+    btnPlay.disabled = false;
+    log('Done. You can launch the game.');
+  } catch (e) {
+    setError(e);
+  } finally {
+    const s = await window.launcher.load().catch(() => null);
+    btnSync.disabled = !s || !s.wowOk || (authEnabled && !signedIn);
+  }
+});
+
+btnPlay.addEventListener('click', async () => {
+  try {
+    await window.launcher.play();
+    window.close();
+  } catch (e) {
+    setError(e);
+  }
+});
+
+btnCheckLauncher.addEventListener('click', async () => {
+  try {
+    log('Checking for launcher updates…');
+    const r = await window.launcher.checkUpdates();
+    if (r && r.skipped) log('Launcher auto-update: ' + (r.reason || 'skipped (use a packaged build).'));
+    else if (r && r.ok === false && r.error) setError(new Error(r.error));
+  } catch (e) {
+    setError(e);
+  }
+});
+
+refresh();

tools/fractured-launcher-electron/scripts/bootstrap-gitea-repo.sh

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+# Push a one-file README so the Gitea repo is non-empty (fixes HTTP 422 "repo is empty"
+# when CI creates a release). Safe to re-run only if the repo still has no commits;
+# if it already has history, skip or use the Gitea web UI instead.
+#
+# Usage:
+#   export GITEA_BASE_URL=https://git.example.com
+#   export GITEA_OWNER=myorg
+#   export GITEA_REPO=fractured-patches
+#   ./bootstrap-gitea-repo.sh
+#
+# Or pass an explicit clone URL (HTTPS or SSH):
+#   ./bootstrap-gitea-repo.sh https://git.example.com/myorg/fractured-patches.git
+#
+set -euo pipefail
+
+BRANCH="${GITEA_TARGET_REF:-main}"
+
+if [ "${1:-}" != "" ]; then
+  URL="$1"
+else
+  : "${GITEA_BASE_URL:?Set GITEA_BASE_URL or pass clone URL as first argument}"
+  : "${GITEA_OWNER:?Set GITEA_OWNER or pass clone URL as first argument}"
+  : "${GITEA_REPO:?Set GITEA_REPO or pass clone URL as first argument}"
+  BASE="${GITEA_BASE_URL%/}"
+  URL="${BASE}/${GITEA_OWNER}/${GITEA_REPO}.git"
+fi
+
+TMP=$(mktemp -d)
+trap 'rm -rf "$TMP"' EXIT
+cd "$TMP"
+
+git init -q
+git checkout -q -b "$BRANCH"
+
+cat >README.md <<'EOF'
+# Fractured release mirror
+
+Release assets (launcher builds, patches, `patch-manifest.json`, etc.) are uploaded here by **GitHub Actions** (“Sync release to Gitea”) from the main Fractured repository.
+
+This initial commit exists because **Gitea requires at least one commit** in the repository before releases can be created.
+EOF
+
+git add README.md
+git commit -q -m "chore: initial commit (required for Gitea releases)"
+
+git remote add origin "$URL"
+git push -u origin "$BRANCH"
+
+echo "Pushed initial README to $URL (branch $BRANCH)."

tools/fractured-launcher-electron/scripts/generate-patch-manifest.js

@@ -0,0 +1,32 @@
+#!/usr/bin/env node
+/**
+ * Build patch-manifest.json for a release (same names as files[].source in launcher.json).
+ *
+ * Usage (from a folder containing the patch binaries):
+ *   node generate-patch-manifest.js v0.9.0-client patch-Z.MPQ Wow-patched.exe
+ *
+ * Prints JSON to stdout — redirect to file:
+ *   node generate-patch-manifest.js v0.9.0-client patch-Z.MPQ Wow-patched.exe > patch-manifest.json
+ */
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+
+const version = process.argv[2];
+const names = process.argv.slice(3);
+if (!version || names.length === 0) {
+  console.error('Usage: generate-patch-manifest.js <version-label> <file1> [file2 ...]');
+  console.error('  Example: generate-patch-manifest.js v0.9.0-client patch-Z.MPQ Wow-patched.exe');
+  process.exit(1);
+}
+
+const out = { version, files: {} };
+for (const f of names) {
+  const base = path.basename(f);
+  const buf = fs.readFileSync(f);
+  const sha256 = crypto.createHash('sha256').update(buf).digest('hex');
+  out.files[base] = { sha256 };
+}
+process.stdout.write(`${JSON.stringify(out, null, 2)}\n`);

tools/fractured-launcher-electron/scripts/manual-pack-linux.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# Local Linux AppImage build (uses current tree — no tag snapshot). Run from repo root or this dir.
+set -euo pipefail
+ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$ROOT"
+echo "==> npm ci"
+npm ci
+echo "==> npm run pack:linux (AppImage x64)"
+npm run pack:linux
+echo "==> dist/:"
+ls -la dist/

tools/fractured-launcher-electron/scripts/publish-to-distro.sh

@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+# Upload local files to a GitHub release on the public distro repo (default: Dawnforger/Fractured-Distro).
+#
+# Usage (from repo root or this directory):
+#   export GH_TOKEN=ghp_...   # PAT with repo/releases on the distro repo
+#   ./tools/fractured-launcher-electron/scripts/publish-to-distro.sh v1.0.0 patch-Z.MPQ Wow-patched.exe
+#
+# Optional:
+#   DISTRO_REPO=YourOrg/Fratured-Distro   # if your GitHub slug differs
+#   SRC_TAG=v1.0.0 ./publish-to-distro.sh v1.0.0   # copy all assets from SOURCE_REPO release SRC_TAG
+#
+set -euo pipefail
+
+DISTRO_REPO="${DISTRO_REPO:-Dawnforger/Fractured-Distro}"
+SOURCE_REPO="${SOURCE_REPO:-Dawnforger/Fractured}"
+
+if ! command -v gh >/dev/null 2>&1; then
+  echo "Install GitHub CLI: https://cli.github.com/"
+  exit 1
+fi
+
+if [ -z "${GH_TOKEN:-}" ]; then
+  echo "Set GH_TOKEN to a PAT with releases write access to ${DISTRO_REPO}."
+  exit 1
+fi
+
+if [ "$#" -lt 1 ]; then
+  echo "Usage: $0 <release-tag> [files...]"
+  echo "   or: SRC_TAG=v1.0.0 $0 <release-tag>   # copies all assets from ${SOURCE_REPO} release SRC_TAG"
+  exit 1
+fi
+
+TAG="$1"
+shift
+if [ "$#" -eq 0 ] && [ -z "${SRC_TAG:-}" ]; then
+  echo "After the tag, list files to upload, or set SRC_TAG=... to copy all assets from ${SOURCE_REPO}."
+  exit 1
+fi
+
+tmpdir=$(mktemp -d)
+cleanup() { rm -rf "$tmpdir"; }
+trap cleanup EXIT
+
+if [ "$#" -eq 0 ] && [ -n "${SRC_TAG:-}" ]; then
+  echo "Downloading assets from ${SOURCE_REPO}@${SRC_TAG} …"
+  gh release download "$SRC_TAG" -R "$SOURCE_REPO" -D "$tmpdir"
+else
+  for f in "$@"; do
+    if [ ! -f "$f" ]; then
+      echo "Not a file: $f"
+      exit 1
+    fi
+    cp -a "$f" "$tmpdir/"
+  done
+fi
+
+shopt -s nullglob
+files=("$tmpdir"/*)
+if [ "${#files[@]}" -eq 0 ]; then
+  echo "No files to upload."
+  exit 1
+fi
+
+if gh release view "$TAG" -R "$DISTRO_REPO" &>/dev/null; then
+  gh release upload "$TAG" -R "$DISTRO_REPO" "${files[@]}" --clobber
+  echo "Uploaded to https://github.com/${DISTRO_REPO}/releases/tag/${TAG}"
+else
+  gh release create "$TAG" -R "$DISTRO_REPO" \
+    --title "Fractured ${TAG}" \
+    --notes "Published from ${SOURCE_REPO} (local script)." \
+    "${files[@]}"
+  echo "Created https://github.com/${DISTRO_REPO}/releases/tag/${TAG}"
+fi

tools/fractured-launcher-electron/scripts/upload-release-to-gitea.sh

@@ -0,0 +1,91 @@
+#!/usr/bin/env bash
+# Upload all files in a directory as attachments on a Gitea release (create release if missing).
+#
+# Usage:
+#   export GITEA_BASE_URL=https://git.example.com
+#   export GITEA_TOKEN=gta_...
+#   export GITEA_OWNER=myorg
+#   export GITEA_REPO=fractured-patches
+#   export GITEA_TARGET_REF=main   # optional, used when creating a new release (tag must not exist yet)
+#   ./upload-release-to-gitea.sh /path/to/combined v1.0.0
+#
+set -euo pipefail
+
+COMBINED_DIR="${1:?first arg: directory of files to attach}"
+TAG="${2:?second arg: release tag (e.g. v1.0.0)}"
+
+: "${GITEA_BASE_URL:?Set GITEA_BASE_URL (no trailing slash required)}"
+: "${GITEA_TOKEN:?Set GITEA_TOKEN}"
+: "${GITEA_OWNER:?Set GITEA_OWNER}"
+: "${GITEA_REPO:?Set GITEA_REPO}"
+
+BASE="${GITEA_BASE_URL%/}"
+API="$BASE/api/v1"
+TARGET="${GITEA_TARGET_REF:-main}"
+AUTH_H=(-H "Authorization: token ${GITEA_TOKEN}" -H "Accept: application/json")
+
+TAG_ENC=$(python3 -c "import urllib.parse,sys; print(urllib.parse.quote(sys.argv[1], safe=''))" "$TAG")
+REL_JSON=$(mktemp)
+trap 'rm -f "$REL_JSON"' EXIT
+
+code=$(curl -sS -o "$REL_JSON" -w "%{http_code}" "${AUTH_H[@]}" \
+  "$API/repos/${GITEA_OWNER}/${GITEA_REPO}/releases/tags/${TAG_ENC}")
+
+if [ "$code" = "200" ]; then
+  rel_id=$(jq -r '.id' "$REL_JSON")
+elif [ "$code" = "404" ]; then
+  body=$(jq -n \
+    --arg tag "$TAG" \
+    --arg name "Fractured $TAG" \
+    --arg body "Synced from GitHub Actions (Fractured)." \
+    --arg target "$TARGET" \
+    '{tag_name:$tag,name:$name,body:$body,draft:false,prerelease:false,target_commitish:$target}')
+  code=$(curl -sS -o "$REL_JSON" -w "%{http_code}" -X POST "${AUTH_H[@]}" \
+    -H "Content-Type: application/json" \
+    -d "$body" \
+    "$API/repos/${GITEA_OWNER}/${GITEA_REPO}/releases")
+  if [ "$code" != "201" ] && [ "$code" != "200" ]; then
+    echo "Gitea create release failed HTTP $code:" >&2
+    cat "$REL_JSON" >&2
+    if [ "$code" = "422" ] && jq -e '.message == "repo is empty"' "$REL_JSON" >/dev/null 2>&1; then
+      echo >&2
+      echo "Gitea does not allow releases on a repo with zero commits. Fix: push at least one commit" >&2
+      echo "to ${GITEA_OWNER}/${GITEA_REPO} (e.g. add README.md on branch ${TARGET} via web UI or git push)," >&2
+      echo "or set Actions variable GITEA_TARGET_REF to an existing default branch name." >&2
+    fi
+    exit 1
+  fi
+  rel_id=$(jq -r '.id' "$REL_JSON")
+else
+  echo "Gitea GET release by tag failed HTTP $code:" >&2
+  cat "$REL_JSON" >&2
+  exit 1
+fi
+
+if [ -z "$rel_id" ] || [ "$rel_id" = "null" ]; then
+  echo "Could not resolve Gitea release id" >&2
+  exit 1
+fi
+
+while read -r aid; do
+  [ -z "$aid" ] || [ "$aid" = "null" ] && continue
+  curl -fsS -X DELETE "${AUTH_H[@]}" \
+    "$API/repos/${GITEA_OWNER}/${GITEA_REPO}/releases/${rel_id}/assets/${aid}" || true
+done < <(jq -r '(.attachments // .assets // [])[] | .id' "$REL_JSON")
+
+shopt -s nullglob
+files=("$COMBINED_DIR"/*)
+if [ "${#files[@]}" -eq 0 ]; then
+  echo "No files in $COMBINED_DIR" >&2
+  exit 1
+fi
+
+for f in "${files[@]}"; do
+  [ -f "$f" ] || continue
+  echo "Uploading $(basename "$f") …"
+  curl -fsS -X POST "${AUTH_H[@]}" \
+    -F "attachment=@${f}" \
+    "$API/repos/${GITEA_OWNER}/${GITEA_REPO}/releases/${rel_id}/assets"
+done
+
+echo "Gitea release $TAG (id=$rel_id) updated with ${#files[@]} file(s)."

tools/fractured-launcher-electron/styles.css

@@ -0,0 +1,126 @@
+* {
+  box-sizing: border-box;
+}
+body {
+  margin: 0;
+  font-family: system-ui, Segoe UI, Roboto, sans-serif;
+  background: #121018;
+  color: #e8e4f0;
+  padding: 20px 24px 28px;
+  min-height: 100vh;
+}
+header h1 {
+  margin: 0 0 6px;
+  font-size: 1.35rem;
+  font-weight: 600;
+}
+.sub {
+  margin: 0 0 18px;
+  color: #9a92b0;
+  font-size: 0.9rem;
+}
+.card {
+  background: #1c1828;
+  border: 1px solid #2e2840;
+  border-radius: 10px;
+  padding: 14px 16px;
+  margin-bottom: 14px;
+}
+.lbl {
+  display: block;
+  font-size: 0.8rem;
+  color: #b8b0d0;
+  margin-bottom: 8px;
+}
+.row {
+  display: flex;
+  gap: 8px;
+  align-items: center;
+  flex-wrap: wrap;
+}
+.row.stack {
+  flex-direction: column;
+  align-items: stretch;
+}
+#gameDir {
+  flex: 1;
+  min-width: 200px;
+  padding: 10px 12px;
+  border-radius: 8px;
+  border: 1px solid #3d3558;
+  background: #0e0c14;
+  color: #f0ecff;
+  font-size: 0.85rem;
+}
+input[type='text'],
+input[type='password'] {
+  padding: 10px 12px;
+  border-radius: 8px;
+  border: 1px solid #3d3558;
+  background: #0e0c14;
+  color: #f0ecff;
+  font-size: 0.9rem;
+}
+button {
+  padding: 10px 16px;
+  border-radius: 8px;
+  border: 1px solid #4a4268;
+  background: #2a243c;
+  color: #e8e4f0;
+  cursor: pointer;
+  font-size: 0.88rem;
+}
+button:hover:not(:disabled) {
+  background: #352d4c;
+}
+button:disabled {
+  opacity: 0.45;
+  cursor: not-allowed;
+}
+button.primary {
+  background: #4c3d8a;
+  border-color: #5c4d9a;
+}
+button.primary:hover:not(:disabled) {
+  background: #5a4a9e;
+}
+button.success {
+  background: #1d6b45;
+  border-color: #2a8a5a;
+  margin-top: 10px;
+}
+button.success:hover:not(:disabled) {
+  background: #258055;
+}
+button.ghost {
+  background: transparent;
+  border-color: #4a4268;
+  color: #b0a8d0;
+  font-size: 0.82rem;
+}
+button.ghost:hover:not(:disabled) {
+  background: #241f34;
+}
+.row-actions {
+  padding: 10px 16px;
+}
+button.wide {
+  width: 100%;
+}
+.log {
+  margin: 12px 0 0;
+  padding: 12px;
+  background: #0a090e;
+  border-radius: 8px;
+  border: 1px solid #2a2438;
+  min-height: 120px;
+  max-height: 200px;
+  overflow: auto;
+  font-size: 0.78rem;
+  color: #c4bdd8;
+  white-space: pre-wrap;
+  word-break: break-word;
+}
+.hidden {
+  display: none !important;
+}