diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 95686406..ed00e2e0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -67,13 +67,13 @@ jobs:
             fi
           }
 
-          set_output canister '^(Cargo\.lock|crates/(vfs_canister|vfs_runtime|vfs_types|vfs_store|wiki_domain)/|docs/DB_LIFECYCLE\.md|scripts/build-vfs-canister\.sh)'
+          set_output canister '^(Cargo\.lock|crates/(vfs_canister|vfs_runtime|vfs_types|vfs_store|wiki_domain)/|docs/DB_LIFECYCLE\.md|scripts/(build-vfs-canister|check-build-vfs-canister-guard)\.(sh|mjs))'
           set_output rust_all '^(Cargo\.toml|crates/(vfs_canister|vfs_runtime|vfs_types|vfs_cli_app|vfs_cli_core|vfs_client|vfs_store|wiki_domain|ic_sqlite_vfs_probe)/|scripts/(kinic_vfs_cli_release_version|package_kinic_vfs_cli)\.sh)'
           set_output cli '^(crates/(vfs_cli_app|vfs_cli_core|vfs_client)/|docs/(CLI|PUBLIC_SMOKE)\.md|scripts/(local|smoke|mainnet|kinic_vfs_cli_release_version|package_kinic_vfs_cli))'
           set_output wikibrowser '^(wikibrowser/|crates/vfs_canister/vfs\.did)'
           set_output extension '^(extensions/wiki-clipper/|crates/vfs_canister/vfs\.did)'
-          set_output wiki_generator '^workers/wiki-generator/'
-          set_output skill_registry_web '^(skill-registry-web/|wikibrowser/app/skills/|wikibrowser/scripts/check-skill-registry\.mjs|skills/)'
+          set_output wiki_generator '^(workers/wiki-generator/|crates/vfs_canister/vfs\.did)'
+          set_output skill_registry_web '^(skill-registry-web/|wikibrowser/app/skills/|wikibrowser/scripts/check-skill-registry\.mjs|skills/|crates/vfs_canister/vfs\.did)'
 
   regression-groups-check:
     runs-on: ubuntu-latest
@@ -267,6 +267,8 @@ jobs:
         run: |
           node scripts/build-icp-cli-login.mjs
           git diff --exit-code crates/vfs_canister/src/icp_cli_login.html
+      - name: Check build environment guard
+        run: node scripts/check-build-vfs-canister-guard.mjs
       - name: Cache cargo registry
         uses: actions/cache@v5
         with:
diff --git a/Cargo.lock b/Cargo.lock
index 86014c95..254167d0 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3522,6 +3522,7 @@ dependencies = [
  "kinic-wiki-domain",
  "proptest",
  "rusqlite",
+ "serde_json",
  "sha2 0.10.9",
  "tempfile",
  "vfs-store",
diff --git a/MARKETPLACE_PLAN.md b/MARKETPLACE_PLAN.md
new file mode 100644
index 00000000..d5918b6e
--- /dev/null
+++ b/MARKETPLACE_PLAN.md
@@ -0,0 +1,493 @@
+# Marketplace Plan
+
+Kinic Wiki に DB 閲覧権マーケットプレイスを追加するための計画。
+
+目的は、複雑な金融商品ではなく「価値ある private DB を、購入者だけが読める」状態を最小実装で作ること。
+
+## 結論
+
+最初は「DB 全体の永続 Reader 相当閲覧権」を販売する。
+
+- 売るもの: DB の閲覧権
+- 売らないもの: Writer 権、Owner 権、DB 所有権、二次流通権
+- 購入前に見せるもの: title、description、LLM summary、verified stats、sample excerpts、category graph、最終更新日、tags、price
+- 購入後に許可するもの: read、list、search、graph
+- 権限正本: `database_members` ではなく `market_entitlements`
+- API 名: `market_` prefix
+- 購入権: 永続。active 判定は `status = 'active'` のみ。
+- DB delete/archive: owner 権限を維持し、禁止しない。UI/CLI で購入者影響を警告する。
+- 決済: ユーザー別 KINIC balance を正本にし、購入時は外部 ledger を呼ばない。
+- cashout: MVP では実装しない。seller 売上は内部 balance までに留める。
+
+## なぜこの形にするか
+
+`database_members` に reader を直接追加すると、owner が後から revoke できる。
+購入者から見ると「買った権利が消える」ため、販売契約として弱い。
+
+購入権は `market_entitlements` に分離する。
+通常 ACL と購入権を分けることで、手動 grant、owner 管理、paid access、期限管理を混ぜずに扱える。
+
+決済は buyer から seller への direct transfer ではなく、deposit 済み残高で処理する。
+閲覧権購入時に ledger call を行うと、ledger await と entitlement 付与が同じ update に混在し、曖昧結果、重複実行、local apply failure の復旧分岐が増える。
+購入は canister 内の SQLite transaction だけで buyer debit、seller credit、entitlement grant を確定する。
+
+## 決済前提
+
+- deposit は `approve + icrc2_transfer_from` で buyer account から canister account へ KINIC を移す。
+- 閲覧権購入時は外部 ledger を呼ばず、内部 balance transaction だけで確定する。
+- deposit の ledger 曖昧結果は `kinic_pending_operations` で扱う。
+
+## MVP Scope
+
+MVP で作るもの:
+
+- DB owner が listing を作成できる。
+- listing は DB 全体に紐付く。
+- listing は公開 metadata を持つ。
+- buyer は KINIC を deposit して内部 balance を持つ。
+- buyer は内部 balance で閲覧権を購入する。
+- purchase 成功後、buyer に active entitlement を付与する。
+- seller 売上は seller の内部 balance に credit する。
+- read 系認可は `database_members` または active `market_entitlements` を許可する。
+- active entitlement が残る DB の delete/archive は許可し、UI/CLI で警告する。
+- listing 検索は本文検索と分離する。
+- delete/archive 前に active entitlement count を返す query を提供する。
+
+MVP で作らないもの:
+
+- Writer / Owner 権限販売
+- prefix 単位販売
+- snapshot 固定販売
+- platform fee split
+- refund
+- resale
+- ZKP
+- 購入者ごとの LLM 要約生成
+- 複数 token
+- seller withdraw
+- kinic pending operation repair/cancel
+
+## Buyer Experience
+
+購入者は Marketplace 一覧から listing を探す。
+詳細画面では本文全体ではなく、購入判断材料だけを見る。
+
+表示するもの:
+
+- title
+- description
+- LLM summary
+- sample excerpts
+- topics / tags
+- node count
+- logical size
+- last updated
+- seller
+- price
+
+購入前に balance が不足する場合、deposit 画面へ誘導する。
+購入後は My purchases に DB が表示され、通常の WikiBrowser と同じ read/search/graph UI で読む。
+
+## Seller Experience
+
+seller は既存 DB 管理画面から「Sell this DB」を押す。
+公開情報を入力し、必要なら LLM summary を生成する。
+
+seller が入力するもの:
+
+- title
+- description
+- tags
+- price
+- sample excerpts
+
+LLM summary は任意。
+生成する場合も listing publish 時だけ実行し、閲覧ごとには生成しない。
+summary には `summary_snapshot_revision` を持たせる。
+DB 更新で listing snapshot と current snapshot がズレた場合、購入は止めずに stale 警告を表示する。
+
+## Value Signals
+
+DB 本文は購入前に全面公開しない。
+価値証明は暗号ではなく、購入判断材料として提示する。
+
+使う signal:
+
+- LLM summary
+- seller description
+- sample excerpts
+- verified stats
+- top-level contents sample
+- category graph
+- prefix stats
+- last updated
+- provenance
+- purchase count
+- report count
+
+ZKP は使わない。
+「内容が有益」という性質は暗号で証明しにくい。
+最初は preview、sample、統計、評判で判断させる。
+
+## Entitlement Model
+
+`market_entitlements` を追加する。
+
+```sql
+CREATE TABLE market_entitlements (
+  database_id TEXT NOT NULL,
+  buyer_principal TEXT NOT NULL,
+  listing_id TEXT NOT NULL,
+  order_id TEXT NOT NULL,
+  purchased_at_ms INTEGER NOT NULL,
+  status TEXT NOT NULL,
+  PRIMARY KEY (database_id, buyer_principal, listing_id)
+);
+```
+
+DB 全体閲覧権販売なので、同じ DB を relist しても二重購入させない。
+
+```sql
+CREATE UNIQUE INDEX market_entitlements_database_buyer_idx
+  ON market_entitlements(database_id, buyer_principal)
+  WHERE status = 'active';
+```
+
+認可判定:
+
+```text
+can_read = database_members has reader/writer/owner
+        OR market_entitlements has active entitlement
+```
+
+Writer 系 update は entitlement では許可しない。
+owner revoke は entitlement に影響しない。
+`list_database_members`、cycles history、Owner/Writer update は entitlement を見ない。
+
+実装では `load_member_role` と `role_allows` を変更しない。
+`require_database_read_access` などの新規 helper を作り、member role が通る場合は許可し、明示した read surface だけ active entitlement を許可する。
+
+active entitlement 判定:
+
+```sql
+status = 'active'
+```
+
+anonymous principal は entitlement 対象外にする。
+
+購入済み entitlement で許可する read surface は以下に限定する。
+
+- `read_node`
+- `list_children`
+- `list_nodes`
+- `search_nodes`
+- `search_node_paths`
+- `incoming_links`
+- `outgoing_links`
+- `graph_links`
+- `graph_neighborhood`
+- `read_node_context`
+
+`export_snapshot`、`fetch_updates`、source generation、URL ingest、write/update 系、member/cycles 管理系は entitlement では許可しない。
+
+## Payment Model
+
+KINIC は canister 内部 KINIC balance に deposit してから使う。
+
+購入時に外部 ledger は呼ばない。
+購入 transaction は index DB だけを更新する。
+
+MVP invariant:
+
+- deposit は既存 cycles purchase と同じく `approve + icrc2_transfer_from` で canister account に入れる。
+- deposit の ledger await は購入処理と分離する。
+- seller 売上の withdraw は実装しない。
+
+deposit は buyer から canister default account への `transfer_from` として扱う。
+既に `database_cycle_pending_operations` が ledger await と曖昧結果を扱う設計を持つため、KINIC deposit も同じ pattern の pending table を持つ。
+
+### Deposit Flow
+
+1. wallet が KINIC ledger で canister を spender に `icrc2_approve` する。
+2. buyer が `kinic_deposit_balance(amount_e8s, expected_fee_e8s)` を呼ぶ。
+3. canister が `kinic_pending_operations` に `deposit` を作成する。
+4. canister が `icrc2_transfer_from` で buyer account から canister account へ KINIC を移す。
+5. ledger success または `Duplicate` success なら buyer internal balance に credit する。
+6. `kinic_ledger` に `deposit` を記録し、pending operation を削除する。
+
+同一 caller の deposit は guard で直列化する。
+ledger 明示 error では pending operation を削除し、内部 balance は更新しない。
+ledger 結果曖昧、または ledger success 後 local apply 前に失敗した場合は pending operation を残す。
+MVP では deposit repair/cancel API は作らず、既存 cycles purchase と同じく caller と billing authority が pending 状態を確認して運用する。
+
+### Internal Balance
+
+`kinic_accounts` を追加する。
+これは marketplace 専用ではなく、将来ほかの KINIC 利用でも参照できる canister 内部 account である。
+
+```sql
+CREATE TABLE kinic_accounts (
+  principal TEXT PRIMARY KEY,
+  balance_e8s INTEGER NOT NULL,
+  created_at_ms INTEGER NOT NULL,
+  updated_at_ms INTEGER NOT NULL
+);
+```
+
+`kinic_ledger` を内部 balance の正本履歴にする。
+履歴の `source` で marketplace 由来か別用途由来かを区別する。
+
+```sql
+CREATE TABLE kinic_ledger (
+  entry_id INTEGER PRIMARY KEY AUTOINCREMENT,
+  principal TEXT NOT NULL,
+  source TEXT NOT NULL,
+  kind TEXT NOT NULL,
+  amount_e8s INTEGER NOT NULL,
+  balance_after_e8s INTEGER NOT NULL,
+  counterparty TEXT,
+  listing_id TEXT,
+  order_id TEXT,
+  external_block_index INTEGER,
+  created_at_ms INTEGER NOT NULL
+);
+```
+
+`kind` は MVP では `deposit`, `purchase`, `sale` だけにする。
+
+### Purchase Flow
+
+`market_purchase_access(listing_id, price_e8s)` は ledger を呼ばない。
+
+1. caller 認証。anonymous は拒否。
+2. listing が active で、price が一致することを確認。
+3. buyer balance が price 以上であることを確認。
+4. buyer から price を debit。
+5. seller に price を credit。
+6. `market_orders` と buyer/seller の `kinic_ledger` を記録。
+7. `market_entitlements` を付与。
+
+全手順を 1 SQLite transaction で行う。
+同じ buyer が同じ listing を再購入した場合は拒否する。
+
+### Future Withdraw
+
+MVP では withdraw を実装しない。
+理由は、canister から外部 ledger へ outgoing transfer する場合、fee、ambiguous transfer repair、同一 TransferArg retry が同時に必要になるためである。
+
+withdraw は別 PR とし、fee、created_at_time、`Duplicate` 成功扱い、同一 TransferArg retry、repair/cancel API を同時に設計する。
+
+## Listing Model
+
+`market_listings` を追加する。
+
+```sql
+CREATE TABLE market_listings (
+  listing_id TEXT PRIMARY KEY,
+  seller_principal TEXT NOT NULL,
+  database_id TEXT NOT NULL,
+  title TEXT NOT NULL,
+  description TEXT NOT NULL,
+  llm_summary TEXT,
+  summary_snapshot_revision TEXT,
+  sample_excerpts_json TEXT NOT NULL,
+  tags_json TEXT NOT NULL,
+  price_e8s INTEGER NOT NULL,
+  status TEXT NOT NULL,
+  revision INTEGER NOT NULL,
+  purchase_count INTEGER NOT NULL,
+  report_count INTEGER NOT NULL,
+  created_at_ms INTEGER NOT NULL,
+  updated_at_ms INTEGER NOT NULL
+);
+```
+
+制約:
+
+- seller は対象 DB の owner だけ。
+- `price_e8s > 0`。
+- `status` は `draft`, `active`, `paused`。
+- active listing の公開 metadata / price 変更は revision を進める。
+
+## Order Model
+
+`market_orders` を追加する。
+
+```sql
+CREATE TABLE market_orders (
+  order_id TEXT PRIMARY KEY,
+  listing_id TEXT NOT NULL,
+  database_id TEXT NOT NULL,
+  buyer_principal TEXT NOT NULL,
+  seller_principal TEXT NOT NULL,
+  price_e8s INTEGER NOT NULL,
+  listing_revision INTEGER NOT NULL,
+  created_at_ms INTEGER NOT NULL
+);
+```
+
+`order_id` は canister 側生成にする。
+購入 API が ledger を呼ばないため、重複購入は entitlement existence で判定する。
+
+## Pending Operations
+
+MVP では `kinic_pending_operations` を deposit の曖昧結果に使う。
+purchase は外部 ledger を呼ばないため pending operation を持たない。
+
+構造は既存 `database_cycle_pending_operations` と同じ考え方にする。
+既存 table は DB cycles 専用であり、KINIC 内部 balance には流用しない。
+
+```sql
+CREATE TABLE kinic_pending_operations (
+  operation_id INTEGER PRIMARY KEY AUTOINCREMENT,
+  kind TEXT NOT NULL,
+  caller TEXT NOT NULL,
+  amount_e8s INTEGER NOT NULL,
+  from_owner TEXT,
+  from_subaccount BLOB,
+  to_owner TEXT,
+  to_subaccount BLOB,
+  ledger_fee_e8s INTEGER,
+  operation_status TEXT NOT NULL,
+  external_block_index INTEGER,
+  ledger_created_at_time_ns INTEGER,
+  created_at_ms INTEGER NOT NULL
+);
+```
+
+`operation_status` は `in_flight`, `ambiguous`, `completed`。
+MVP では repair/cancel method は作らず、caller と billing authority が pending 状態を確認できる query を用意する。
+withdraw PR では repair/cancel method も同時に実装する。
+
+## API
+
+内部 KINIC balance は `kinic_` prefix、listing / order / entitlement は `market_` prefix を付ける。
+
+MVP:
+
+- `kinic_get_balance`
+- `kinic_deposit_balance`
+- `kinic_fund_database_cycles`
+- `market_create_listing`
+- `market_update_listing`
+- `market_publish_listing`
+- `market_pause_listing`
+- `market_list_listings`
+- `market_list_database_listings`
+- `market_get_listing`
+- `market_preview_purchase`
+- `market_purchase_access`
+- `market_list_entitlements`
+- `market_list_orders`
+- `market_count_active_entitlements`
+- `kinic_list_pending_operations`
+
+`kinic_list_pending_operations` は `kinic_pending_operations` のうち KINIC deposit に関係する pending だけを返す。
+
+MVP では作らない:
+
+- `kinic_withdraw_balance`
+- `kinic_repair_withdraw_complete`
+- `kinic_repair_withdraw_cancel`
+- `market_refund_purchase`
+
+後続候補:
+
+- `market_list_seller_listings`
+- `market_report_listing`
+- `market_update_summary`
+- platform fee 設定
+
+## UI
+
+最初の画面は 4 つにする。
+
+- Marketplace: listing 一覧
+- Listing detail: preview と purchase
+- My purchases: 購入済み DB 一覧
+- KINIC balance: deposit、balance、履歴
+
+seller 操作は既存 DB 管理画面に追加する。
+
+- Sell this DB
+- Edit listing
+- Publish listing
+- Pause listing
+- Delete/archive warning
+
+## Delete And Archive Rule
+
+active entitlement がある DB でも owner は delete/archive できる。
+
+理由:
+
+- 著作権と DB 管理権は作者・owner 側に残す。
+- marketplace entitlement は Reader 相当の閲覧権であり、owner 権限を奪わない。
+- refund や escrow は MVP に入れない。
+
+UI/CLI は delete/archive 前に active entitlement 数を表示し、購入者が影響を受けることを警告する。
+canister API は既存 owner 権限を維持する。
+
+DB delete 後は listing と entitlement rows を削除する。
+market_orders は購入履歴・監査ログとして残す。
+
+Marketplace write operation は DB storage metering ではなく KINIC internal account と listing metadata の管理面 write として扱い、`with_unmetered_update` のままにする。
+listing metadata は validator のサイズ上限を持ち、seller は DB owner に限定する。
+
+## Abuse Controls
+
+MVP は DB owner が listing を作成できる。
+seller 制限 table は作らない。
+
+必要な後続管理操作:
+
+- listing pause
+- abusive listing delist
+- report count display
+
+## Open Questions
+
+- price は seller 入力か、初期は固定価格か。
+- purchase count と report count を公開するか。
+- LLM summary generation は Worker 経由か、seller 手書きだけで始めるか。
+- active entitlement が残る DB の rename は許可するか。
+- seller cashout を後続で入れる場合の outgoing transfer repair 方式。
+- seller cashout を入れる前に seller 内部 balance を何に使えるようにするか。
+
+## Implementation Order
+
+1. `market_` public types を `vfs_types` に追加する。
+2. index schema に `kinic_accounts`、`kinic_ledger`、`kinic_pending_operations`、listing、order、entitlement を追加する。
+3. canister runtime に deposit transfer_from、balance credit、listing CRUD を追加する。
+4. purchase なしで entitlement seed helper を作り、read surface の認可テストを追加する。
+5. read/list/search/graph 認可に entitlement 判定を追加する。
+6. market purchase transaction を追加する。
+7. delete/archive の UI/CLI warning を追加する。canister guard は追加しない。
+8. CLI に最小 market commands を追加する。
+9. WikiBrowser に Marketplace、Listing detail、My purchases、KINIC balance を追加する。
+10. IDL generator、hand-written TS IDL、Rust client、candid shape tests を同期する。
+11. unit tests と e2e smoke を追加する。
+
+## Verification
+
+最低限の検証:
+
+- DB owner は listing 作成可能。
+- DB owner 以外は listing 作成不可。
+- listing publish 後、anonymous は preview だけ読める。
+- 未購入 buyer は DB 本文を読めない。
+- `kinic_deposit_balance` は pending operation を作り、ledger success 後だけ buyer balance を credit する。
+- ledger `Duplicate` は同一 pending operation の success として扱う。
+- deposit の ambiguous / completed pending は repair API なしで caller と billing authority が確認する。
+- purchase は外部 ledger を呼ばず、buyer balance を debit し seller balance を credit する。
+- purchase 成功後、buyer は read/list/search/graph できる。
+- purchase entitlement では write できない。
+- owner revoke は entitlement に影響しない。
+- 永続 entitlement は期限切れしない。
+- DB 更新後、listing は stale 警告を表示するが購入可能。
+- sample excerpt は検証済み listing metadata から返り、DB 本文 API を匿名に開かない。
+- category graph は top-level category のみ返し、node path、link text、raw href は返さない。
+- `export_snapshot` と `fetch_updates` は entitlement では拒否される。
+- seller が対象 DB owner であることは create/update/publish/purchase 時に再確認される。
+- active entitlement があっても owner は delete/archive できる。
+- UI/CLI は delete/archive 前に購入者影響を警告する。
diff --git a/README.md b/README.md
index e283a477..6484ac81 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ https://wiki.kinic.xyz
 
 The official Kinic Wiki database is:
 
-https://wiki.kinic.xyz/db_kva4v2twg6jv/Wiki
+https://wiki.kinic.xyz/db/db_kva4v2twg6jv/Wiki
 
 Database ID:
 
diff --git a/crates/vfs_canister/build.rs b/crates/vfs_canister/build.rs
new file mode 100644
index 00000000..a8d07f0d
--- /dev/null
+++ b/crates/vfs_canister/build.rs
@@ -0,0 +1,6 @@
+// Where: crates/vfs_canister/build.rs
+// What: Rebuild the canister when local II origin compilation changes.
+// Why: The certified ii-alternative-origins body is selected at compile time.
+fn main() {
+    println!("cargo:rerun-if-env-changed=KINIC_VFS_LOCAL_II_ORIGINS");
+}
diff --git a/crates/vfs_canister/src/icp_cli_login.html b/crates/vfs_canister/src/icp_cli_login.html
index eca15c90..f3ab70dd 100644
--- a/crates/vfs_canister/src/icp_cli_login.html
+++ b/crates/vfs_canister/src/icp_cli_login.html
@@ -83,7 +83,7 @@ <h1>CLI login</h1>
       <button id="login" type="button" disabled>Continue with Internet Identity</button>
     </main>
     <script>
-(()=>{var ho=Object.defineProperty;var qr=e=>{throw TypeError(e)};var lo=(e,t,r)=>t in e?ho(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r;var Nt=(e,t,r)=>lo(e,typeof t!="symbol"?t+"":t,r),Hr=(e,t,r)=>t.has(e)||qr("Cannot "+r);var C=(e,t,r)=>(Hr(e,t,"read from private field"),r?r.call(e):t.get(e)),F=(e,t,r)=>t.has(e)?qr("Cannot add the same private member more than once"):t instanceof WeakSet?t.add(e):t.set(e,r),Y=(e,t,r,n)=>(Hr(e,t,"write to private field"),n?n.call(e,r):t.set(e,r),r);var de="abcdefghijklmnopqrstuvwxyz234567",Ut=Object.create(null);for(let e=0;e<de.length;e++)Ut[de[e]]=e;Ut[0]=Ut.o;Ut[1]=Ut.i;function kr(e){let t=0,r=0,n="";function o(s){return t<0?r|=s>>-t:r=s<<t&248,t>3?(t-=8,1):(t<4&&(n+=de[r>>3],t+=5),0)}for(let s=0;s<e.length;)s+=o(e[s]);return n+(t<0?de[r>>3]:"")}function Kr(e){let t=0,r=0,n=new Uint8Array(e.length*4/3|0),o=0;function s(i){let a=Ut[i.toLowerCase()];if(a===void 0)throw new Error(`Invalid character: ${JSON.stringify(i)}`);a<<=3,r|=a>>>t,t+=5,t>=8&&(n[o++]=r,t-=8,t>0?r=a<<5-t&255:r=0)}for(let i of e)s(i);return n.slice(0,o)}var xo=new Uint32Array([0,1996959894,3993919788,2567524794,124634137,1886057615,3915621685,2657392035,249268274,2044508324,3772115230,2547177864,162941995,2125561021,3887607047,2428444049,498536548,1789927666,4089016648,2227061214,450548861,1843258603,4107580753,2211677639,325883990,1684777152,4251122042,2321926636,335633487,1661365465,4195302755,2366115317,997073096,1281953886,3579855332,2724688242,1006888145,1258607687,3524101629,2768942443,901097722,1119000684,3686517206,2898065728,853044451,1172266101,3705015759,2882616665,651767980,1373503546,3369554304,3218104598,565507253,1454621731,3485111705,3099436303,671266974,1594198024,3322730930,2970347812,795835527,1483230225,3244367275,3060149565,1994146192,31158534,2563907772,4023717930,1907459465,112637215,2680153253,3904427059,2013776290,251722036,2517215374,3775830040,2137656763,141376813,2439277719,3865271297,1802195444,476864866,2238001368,4066508878,1812370925,453092731,2181625025,4111451223,1706088902,314042704,2344532202,4240017532,1658658271,366619977,2362670323,4224994405,1303535960,984961486,2747007092,3569037538,1256170817,1037604311,2765210733,3554079995,1131014506,879679996,2909243462,3663771856,1141124467,855842277,2852801631,3708648649,1342533948,654459306,3188396048,3373015174,1466479909,544179635,3110523913,3462522015,1591671054,702138776,2966460450,3352799412,1504918807,783551873,3082640443,3233442989,3988292384,2596254646,62317068,1957810842,3939845945,2647816111,81470997,1943803523,3814918930,2489596804,225274430,2053790376,3826175755,2466906013,167816743,2097651377,4027552580,2265490386,503444072,1762050814,4150417245,2154129355,426522225,1852507879,4275313526,2312317920,282753626,1742555852,4189708143,2394877945,397917763,1622183637,3604390888,2714866558,953729732,1340076626,3518719985,2797360999,1068828381,1219638859,3624741850,2936675148,906185462,1090812512,3747672003,2825379669,829329135,1181335161,3412177804,3160834842,628085408,1382605366,3423369109,3138078467,570562233,1426400815,3317316542,2998733608,733239954,1555261956,3268935591,3050360625,752459403,1541320221,2607071920,3965973030,1969922972,40735498,2617837225,3943577151,1913087877,83908371,2512341634,3803740692,2075208622,213261112,2463272603,3855990285,2094854071,198958881,2262029012,4057260610,1759359992,534414190,2176718541,4139329115,1873836001,414664567,2282248934,4279200368,1711684554,285281116,2405801727,4167216745,1634467795,376229701,2685067896,3608007406,1308918612,956543938,2808555105,3495958263,1231636301,1047427035,2932959818,3654703836,1088359270,936918e3,2847714899,3736837829,1202900863,817233897,3183342108,3401237130,1404277552,615818150,3134207493,3453421203,1423857449,601450431,3009837614,3294710456,1567103746,711928724,3020668471,3272380065,1510334235,755167117]);function $r(e){let t=-1;for(let r=0;r<e.length;r++){let o=(e[r]^t)&255;t=xo[o]^t>>>8}return(t^-1)>>>0}var _t=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0;function It(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&e.constructor.name==="Uint8Array"}function He(e){if(!Number.isSafeInteger(e)||e<0)throw new Error("positive integer expected, got "+e)}function V(e,...t){if(!It(e))throw new Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw new Error("Uint8Array expected of length "+t+", got length="+e.length)}function ke(e,t=!0){if(e.destroyed)throw new Error("Hash instance has been destroyed");if(t&&e.finished)throw new Error("Hash#digest() has already been called")}function Gr(e,t){V(e);let r=t.outputLen;if(e.length<r)throw new Error("digestInto() expects output buffer of length at least "+r)}function Bt(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function le(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}function Z(e,t){return e<<32-t|e>>>t}var Fr=typeof Uint8Array.from([]).toHex=="function"&&typeof Uint8Array.fromHex=="function",po=Array.from({length:256},(e,t)=>t.toString(16).padStart(2,"0"));function v(e){if(V(e),Fr)return e.toHex();let t="";for(let r=0;r<e.length;r++)t+=po[e[r]];return t}var nt={_0:48,_9:57,A:65,F:70,a:97,f:102};function Vr(e){if(e>=nt._0&&e<=nt._9)return e-nt._0;if(e>=nt.A&&e<=nt.F)return e-(nt.A-10);if(e>=nt.a&&e<=nt.f)return e-(nt.a-10)}function H(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);if(Fr)return Uint8Array.fromHex(e);let t=e.length,r=t/2;if(t%2)throw new Error("hex string expected, got unpadded hex of length "+t);let n=new Uint8Array(r);for(let o=0,s=0;o<r;o++,s+=2){let i=Vr(e.charCodeAt(s)),a=Vr(e.charCodeAt(s+1));if(i===void 0||a===void 0){let c=e[s]+e[s+1];throw new Error('hex string expected, got non-hex character "'+c+'" at index '+s)}n[o]=i*16+a}return n}function Ke(e){if(typeof e!="string")throw new Error("string expected");return new Uint8Array(new TextEncoder().encode(e))}function $e(e){return typeof e=="string"&&(e=Ke(e)),V(e),e}function G(...e){let t=0;for(let n=0;n<e.length;n++){let o=e[n];V(o),t+=o.length}let r=new Uint8Array(t);for(let n=0,o=0;n<e.length;n++){let s=e[n];r.set(s,o),o+=s.length}return r}var he=class{};function xe(e){let t=n=>e().update($e(n)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function Ve(e=32){if(_t&&typeof _t.getRandomValues=="function")return _t.getRandomValues(new Uint8Array(e));if(_t&&typeof _t.randomBytes=="function")return Uint8Array.from(_t.randomBytes(e));throw new Error("crypto.getRandomValues must be defined")}function yo(e,t,r,n){if(typeof e.setBigUint64=="function")return e.setBigUint64(t,r,n);let o=BigInt(32),s=BigInt(4294967295),i=Number(r>>o&s),a=Number(r&s),c=n?4:0,u=n?0:4;e.setUint32(t+c,i,n),e.setUint32(t+u,a,n)}function Yr(e,t,r){return e&t^~e&r}function Zr(e,t,r){return e&t^e&r^t&r}var Kt=class extends he{constructor(t,r,n,o){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=r,this.padOffset=n,this.isLE=o,this.buffer=new Uint8Array(t),this.view=le(this.buffer)}update(t){ke(this),t=$e(t),V(t);let{view:r,buffer:n,blockLen:o}=this,s=t.length;for(let i=0;i<s;){let a=Math.min(o-this.pos,s-i);if(a===o){let c=le(t);for(;o<=s-i;i+=o)this.process(c,i);continue}n.set(t.subarray(i,i+a),this.pos),this.pos+=a,i+=a,this.pos===o&&(this.process(r,0),this.pos=0)}return this.length+=t.length,this.roundClean(),this}digestInto(t){ke(this),Gr(t,this),this.finished=!0;let{buffer:r,view:n,blockLen:o,isLE:s}=this,{pos:i}=this;r[i++]=128,Bt(this.buffer.subarray(i)),this.padOffset>o-i&&(this.process(n,0),i=0);for(let d=i;d<o;d++)r[d]=0;yo(n,o-8,BigInt(this.length*8),s),this.process(n,0);let a=le(t),c=this.outputLen;if(c%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let u=c/4,h=this.get();if(u>h.length)throw new Error("_sha2: outputLen bigger than state");for(let d=0;d<u;d++)a.setUint32(4*d,h[d],s)}digest(){let{buffer:t,outputLen:r}=this;this.digestInto(t);let n=t.slice(0,r);return this.destroy(),n}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());let{blockLen:r,buffer:n,length:o,finished:s,destroyed:i,pos:a}=this;return t.destroyed=i,t.finished=s,t.length=o,t.pos=a,o%r&&t.buffer.set(n),t}clone(){return this._cloneInto()}},ot=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),st=Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]);var P=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209]);var pe=BigInt(4294967295),Wr=BigInt(32);function bo(e,t=!1){return t?{h:Number(e&pe),l:Number(e>>Wr&pe)}:{h:Number(e>>Wr&pe)|0,l:Number(e&pe)|0}}function zr(e,t=!1){let r=e.length,n=new Uint32Array(r),o=new Uint32Array(r);for(let s=0;s<r;s++){let{h:i,l:a}=bo(e[s],t);[n[s],o[s]]=[i,a]}return[n,o]}var Ge=(e,t,r)=>e>>>r,Fe=(e,t,r)=>e<<32-r|t>>>r,At=(e,t,r)=>e>>>r|t<<32-r,St=(e,t,r)=>e<<32-r|t>>>r,$t=(e,t,r)=>e<<64-r|t>>>r-32,Vt=(e,t,r)=>e>>>r-32|t<<64-r;function X(e,t,r,n){let o=(t>>>0)+(n>>>0);return{h:e+r+(o/2**32|0)|0,l:o|0}}var Xr=(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0),Jr=(e,t,r,n)=>t+r+n+(e/2**32|0)|0,Qr=(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0),tn=(e,t,r,n,o)=>t+r+n+o+(e/2**32|0)|0,en=(e,t,r,n,o)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(o>>>0),rn=(e,t,r,n,o,s)=>t+r+n+o+s+(e/2**32|0)|0;var mo=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),ht=new Uint32Array(64),ye=class extends Kt{constructor(t=32){super(64,t,8,!1),this.A=ot[0]|0,this.B=ot[1]|0,this.C=ot[2]|0,this.D=ot[3]|0,this.E=ot[4]|0,this.F=ot[5]|0,this.G=ot[6]|0,this.H=ot[7]|0}get(){let{A:t,B:r,C:n,D:o,E:s,F:i,G:a,H:c}=this;return[t,r,n,o,s,i,a,c]}set(t,r,n,o,s,i,a,c){this.A=t|0,this.B=r|0,this.C=n|0,this.D=o|0,this.E=s|0,this.F=i|0,this.G=a|0,this.H=c|0}process(t,r){for(let d=0;d<16;d++,r+=4)ht[d]=t.getUint32(r,!1);for(let d=16;d<64;d++){let f=ht[d-15],p=ht[d-2],x=Z(f,7)^Z(f,18)^f>>>3,g=Z(p,17)^Z(p,19)^p>>>10;ht[d]=g+ht[d-7]+x+ht[d-16]|0}let{A:n,B:o,C:s,D:i,E:a,F:c,G:u,H:h}=this;for(let d=0;d<64;d++){let f=Z(a,6)^Z(a,11)^Z(a,25),p=h+f+Yr(a,c,u)+mo[d]+ht[d]|0,g=(Z(n,2)^Z(n,13)^Z(n,22))+Zr(n,o,s)|0;h=u,u=c,c=a,a=i+p|0,i=s,s=o,o=n,n=p+g|0}n=n+this.A|0,o=o+this.B|0,s=s+this.C|0,i=i+this.D|0,a=a+this.E|0,c=c+this.F|0,u=u+this.G|0,h=h+this.H|0,this.set(n,o,s,i,a,c,u,h)}roundClean(){Bt(ht)}destroy(){this.set(0,0,0,0,0,0,0,0),Bt(this.buffer)}},Ye=class extends ye{constructor(){super(28),this.A=st[0]|0,this.B=st[1]|0,this.C=st[2]|0,this.D=st[3]|0,this.E=st[4]|0,this.F=st[5]|0,this.G=st[6]|0,this.H=st[7]|0}},nn=zr(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(e=>BigInt(e))),wo=nn[0],Eo=nn[1],lt=new Uint32Array(80),xt=new Uint32Array(80),Ze=class extends Kt{constructor(t=64){super(128,t,16,!1),this.Ah=P[0]|0,this.Al=P[1]|0,this.Bh=P[2]|0,this.Bl=P[3]|0,this.Ch=P[4]|0,this.Cl=P[5]|0,this.Dh=P[6]|0,this.Dl=P[7]|0,this.Eh=P[8]|0,this.El=P[9]|0,this.Fh=P[10]|0,this.Fl=P[11]|0,this.Gh=P[12]|0,this.Gl=P[13]|0,this.Hh=P[14]|0,this.Hl=P[15]|0}get(){let{Ah:t,Al:r,Bh:n,Bl:o,Ch:s,Cl:i,Dh:a,Dl:c,Eh:u,El:h,Fh:d,Fl:f,Gh:p,Gl:x,Hh:g,Hl:E}=this;return[t,r,n,o,s,i,a,c,u,h,d,f,p,x,g,E]}set(t,r,n,o,s,i,a,c,u,h,d,f,p,x,g,E){this.Ah=t|0,this.Al=r|0,this.Bh=n|0,this.Bl=o|0,this.Ch=s|0,this.Cl=i|0,this.Dh=a|0,this.Dl=c|0,this.Eh=u|0,this.El=h|0,this.Fh=d|0,this.Fl=f|0,this.Gh=p|0,this.Gl=x|0,this.Hh=g|0,this.Hl=E|0}process(t,r){for(let y=0;y<16;y++,r+=4)lt[y]=t.getUint32(r),xt[y]=t.getUint32(r+=4);for(let y=16;y<80;y++){let I=lt[y-15]|0,A=xt[y-15]|0,D=At(I,A,1)^At(I,A,8)^Ge(I,A,7),L=St(I,A,1)^St(I,A,8)^Fe(I,A,7),B=lt[y-2]|0,b=xt[y-2]|0,m=At(B,b,19)^$t(B,b,61)^Ge(B,b,6),_=St(B,b,19)^Vt(B,b,61)^Fe(B,b,6),S=Qr(L,_,xt[y-7],xt[y-16]),T=tn(S,D,m,lt[y-7],lt[y-16]);lt[y]=T|0,xt[y]=S|0}let{Ah:n,Al:o,Bh:s,Bl:i,Ch:a,Cl:c,Dh:u,Dl:h,Eh:d,El:f,Fh:p,Fl:x,Gh:g,Gl:E,Hh:l,Hl:w}=this;for(let y=0;y<80;y++){let I=At(d,f,14)^At(d,f,18)^$t(d,f,41),A=St(d,f,14)^St(d,f,18)^Vt(d,f,41),D=d&p^~d&g,L=f&x^~f&E,B=en(w,A,L,Eo[y],xt[y]),b=rn(B,l,I,D,wo[y],lt[y]),m=B|0,_=At(n,o,28)^$t(n,o,34)^$t(n,o,39),S=St(n,o,28)^Vt(n,o,34)^Vt(n,o,39),T=n&s^n&a^s&a,O=o&i^o&c^i&c;l=g|0,w=E|0,g=p|0,E=x|0,p=d|0,x=f|0,{h:d,l:f}=X(u|0,h|0,b|0,m|0),u=a|0,h=c|0,a=s|0,c=i|0,s=n|0,i=o|0;let N=Xr(m,S,O);n=Jr(N,b,_,T),o=N|0}({h:n,l:o}=X(this.Ah|0,this.Al|0,n|0,o|0)),{h:s,l:i}=X(this.Bh|0,this.Bl|0,s|0,i|0),{h:a,l:c}=X(this.Ch|0,this.Cl|0,a|0,c|0),{h:u,l:h}=X(this.Dh|0,this.Dl|0,u|0,h|0),{h:d,l:f}=X(this.Eh|0,this.El|0,d|0,f|0),{h:p,l:x}=X(this.Fh|0,this.Fl|0,p|0,x|0),{h:g,l:E}=X(this.Gh|0,this.Gl|0,g|0,E|0),{h:l,l:w}=X(this.Hh|0,this.Hl|0,l|0,w|0),this.set(n,o,s,i,a,c,u,h,d,f,p,x,g,E,l,w)}roundClean(){Bt(lt,xt)}destroy(){Bt(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}};var pt=xe(()=>new ye),on=xe(()=>new Ye),sn=xe(()=>new Ze);var be="__principal__",_o=2,cn=4,Io="aaaaa-aa",W=class e{static anonymous(){return new this(new Uint8Array([cn]))}static managementCanister(){return this.fromText(Io)}static selfAuthenticating(t){let r=on(t);return new this(new Uint8Array([...r,_o]))}static from(t){if(typeof t=="string")return e.fromText(t);if(Object.getPrototypeOf(t)===Uint8Array.prototype)return new e(t);if(e.isPrincipal(t))return new e(t._arr);throw new Error(`Impossible to convert ${JSON.stringify(t)} to Principal.`)}static fromHex(t){return new this(H(t))}static fromText(t){let r=t;if(t.includes(be)){let i=JSON.parse(t);be in i&&(r=i[be])}let n=r.toLowerCase().replace(/-/g,""),o=Kr(n);o=o.slice(4,o.length);let s=new this(o);if(s.toText()!==r)throw new Error(`Principal "${s.toText()}" does not have a valid checksum (original value "${r}" may not be a valid Principal ID).`);return s}static fromUint8Array(t){return new this(t)}static isPrincipal(t){return t instanceof e||typeof t=="object"&&t!==null&&"_isPrincipal"in t&&t._isPrincipal===!0&&"_arr"in t&&t._arr instanceof Uint8Array}constructor(t){this._arr=t,this._isPrincipal=!0}isAnonymous(){return this._arr.byteLength===1&&this._arr[0]===cn}toUint8Array(){return this._arr}toHex(){return v(this._arr).toUpperCase()}toText(){let t=new ArrayBuffer(4);new DataView(t).setUint32(0,$r(this._arr));let n=new Uint8Array(t),o=new Uint8Array([...n,...this._arr]),i=kr(o).match(/.{1,5}/g);if(!i)throw new Error;return i.join("-")}toString(){return this.toText()}toJSON(){return{[be]:this.toText()}}compareTo(t){for(let r=0;r<Math.min(this._arr.length,t._arr.length);r++){if(this._arr[r]<t._arr[r])return"lt";if(this._arr[r]>t._arr[r])return"gt"}return this._arr.length<t._arr.length?"lt":this._arr.length>t._arr.length?"gt":"eq"}ltEq(t){let r=this.compareTo(t);return r=="lt"||r=="eq"}gtEq(t){let r=this.compareTo(t);return r=="gt"||r=="eq"}};var We;(function(e){e.Trust="Trust",e.Protocol="Protocol",e.Reject="Reject",e.Transport="Transport",e.External="External",e.Limit="Limit",e.Input="Input",e.Unknown="Unknown"})(We||(We={}));var ge;(function(e){e.Normal="normal",e.Verbose="verbose"})(ge||(ge={}));var Bo=new Set(["arg","certificate","nonce"]);function Ao(e){return(t,r)=>r instanceof Uint8Array?e===ge.Normal&&Bo.has(t)?`<${r.length} bytes, set ErrorCode.verbosity = ErrorVerbosity.Verbose to display>`:`hex(${r.length}):${v(r)}`:r}var Ee=class Ee{constructor(t=!1){this.isCertified=t}toString(){let t=this.toErrorMessage();return this.requestContext&&(t+=`
+(()=>{var ho=Object.defineProperty;var qr=e=>{throw TypeError(e)};var lo=(e,t,r)=>t in e?ho(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r;var Nt=(e,t,r)=>lo(e,typeof t!="symbol"?t+"":t,r),Hr=(e,t,r)=>t.has(e)||qr("Cannot "+r);var C=(e,t,r)=>(Hr(e,t,"read from private field"),r?r.call(e):t.get(e)),F=(e,t,r)=>t.has(e)?qr("Cannot add the same private member more than once"):t instanceof WeakSet?t.add(e):t.set(e,r),Y=(e,t,r,n)=>(Hr(e,t,"write to private field"),n?n.call(e,r):t.set(e,r),r);var de="abcdefghijklmnopqrstuvwxyz234567",Ut=Object.create(null);for(let e=0;e<de.length;e++)Ut[de[e]]=e;Ut[0]=Ut.o;Ut[1]=Ut.i;function kr(e){let t=0,r=0,n="";function o(s){return t<0?r|=s>>-t:r=s<<t&248,t>3?(t-=8,1):(t<4&&(n+=de[r>>3],t+=5),0)}for(let s=0;s<e.length;)s+=o(e[s]);return n+(t<0?de[r>>3]:"")}function Kr(e){let t=0,r=0,n=new Uint8Array(e.length*4/3|0),o=0;function s(i){let a=Ut[i.toLowerCase()];if(a===void 0)throw new Error(`Invalid character: ${JSON.stringify(i)}`);a<<=3,r|=a>>>t,t+=5,t>=8&&(n[o++]=r,t-=8,t>0?r=a<<5-t&255:r=0)}for(let i of e)s(i);return n.slice(0,o)}var xo=new Uint32Array([0,1996959894,3993919788,2567524794,124634137,1886057615,3915621685,2657392035,249268274,2044508324,3772115230,2547177864,162941995,2125561021,3887607047,2428444049,498536548,1789927666,4089016648,2227061214,450548861,1843258603,4107580753,2211677639,325883990,1684777152,4251122042,2321926636,335633487,1661365465,4195302755,2366115317,997073096,1281953886,3579855332,2724688242,1006888145,1258607687,3524101629,2768942443,901097722,1119000684,3686517206,2898065728,853044451,1172266101,3705015759,2882616665,651767980,1373503546,3369554304,3218104598,565507253,1454621731,3485111705,3099436303,671266974,1594198024,3322730930,2970347812,795835527,1483230225,3244367275,3060149565,1994146192,31158534,2563907772,4023717930,1907459465,112637215,2680153253,3904427059,2013776290,251722036,2517215374,3775830040,2137656763,141376813,2439277719,3865271297,1802195444,476864866,2238001368,4066508878,1812370925,453092731,2181625025,4111451223,1706088902,314042704,2344532202,4240017532,1658658271,366619977,2362670323,4224994405,1303535960,984961486,2747007092,3569037538,1256170817,1037604311,2765210733,3554079995,1131014506,879679996,2909243462,3663771856,1141124467,855842277,2852801631,3708648649,1342533948,654459306,3188396048,3373015174,1466479909,544179635,3110523913,3462522015,1591671054,702138776,2966460450,3352799412,1504918807,783551873,3082640443,3233442989,3988292384,2596254646,62317068,1957810842,3939845945,2647816111,81470997,1943803523,3814918930,2489596804,225274430,2053790376,3826175755,2466906013,167816743,2097651377,4027552580,2265490386,503444072,1762050814,4150417245,2154129355,426522225,1852507879,4275313526,2312317920,282753626,1742555852,4189708143,2394877945,397917763,1622183637,3604390888,2714866558,953729732,1340076626,3518719985,2797360999,1068828381,1219638859,3624741850,2936675148,906185462,1090812512,3747672003,2825379669,829329135,1181335161,3412177804,3160834842,628085408,1382605366,3423369109,3138078467,570562233,1426400815,3317316542,2998733608,733239954,1555261956,3268935591,3050360625,752459403,1541320221,2607071920,3965973030,1969922972,40735498,2617837225,3943577151,1913087877,83908371,2512341634,3803740692,2075208622,213261112,2463272603,3855990285,2094854071,198958881,2262029012,4057260610,1759359992,534414190,2176718541,4139329115,1873836001,414664567,2282248934,4279200368,1711684554,285281116,2405801727,4167216745,1634467795,376229701,2685067896,3608007406,1308918612,956543938,2808555105,3495958263,1231636301,1047427035,2932959818,3654703836,1088359270,936918e3,2847714899,3736837829,1202900863,817233897,3183342108,3401237130,1404277552,615818150,3134207493,3453421203,1423857449,601450431,3009837614,3294710456,1567103746,711928724,3020668471,3272380065,1510334235,755167117]);function $r(e){let t=-1;for(let r=0;r<e.length;r++){let o=(e[r]^t)&255;t=xo[o]^t>>>8}return(t^-1)>>>0}var _t=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0;function It(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&e.constructor.name==="Uint8Array"}function He(e){if(!Number.isSafeInteger(e)||e<0)throw new Error("positive integer expected, got "+e)}function V(e,...t){if(!It(e))throw new Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw new Error("Uint8Array expected of length "+t+", got length="+e.length)}function ke(e,t=!0){if(e.destroyed)throw new Error("Hash instance has been destroyed");if(t&&e.finished)throw new Error("Hash#digest() has already been called")}function Gr(e,t){V(e);let r=t.outputLen;if(e.length<r)throw new Error("digestInto() expects output buffer of length at least "+r)}function Bt(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function le(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}function Z(e,t){return e<<32-t|e>>>t}var Fr=typeof Uint8Array.from([]).toHex=="function"&&typeof Uint8Array.fromHex=="function",po=Array.from({length:256},(e,t)=>t.toString(16).padStart(2,"0"));function v(e){if(V(e),Fr)return e.toHex();let t="";for(let r=0;r<e.length;r++)t+=po[e[r]];return t}var nt={_0:48,_9:57,A:65,F:70,a:97,f:102};function Vr(e){if(e>=nt._0&&e<=nt._9)return e-nt._0;if(e>=nt.A&&e<=nt.F)return e-(nt.A-10);if(e>=nt.a&&e<=nt.f)return e-(nt.a-10)}function H(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);if(Fr)return Uint8Array.fromHex(e);let t=e.length,r=t/2;if(t%2)throw new Error("hex string expected, got unpadded hex of length "+t);let n=new Uint8Array(r);for(let o=0,s=0;o<r;o++,s+=2){let i=Vr(e.charCodeAt(s)),a=Vr(e.charCodeAt(s+1));if(i===void 0||a===void 0){let c=e[s]+e[s+1];throw new Error('hex string expected, got non-hex character "'+c+'" at index '+s)}n[o]=i*16+a}return n}function Ke(e){if(typeof e!="string")throw new Error("string expected");return new Uint8Array(new TextEncoder().encode(e))}function $e(e){return typeof e=="string"&&(e=Ke(e)),V(e),e}function G(...e){let t=0;for(let n=0;n<e.length;n++){let o=e[n];V(o),t+=o.length}let r=new Uint8Array(t);for(let n=0,o=0;n<e.length;n++){let s=e[n];r.set(s,o),o+=s.length}return r}var he=class{};function xe(e){let t=n=>e().update($e(n)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function Ve(e=32){if(_t&&typeof _t.getRandomValues=="function")return _t.getRandomValues(new Uint8Array(e));if(_t&&typeof _t.randomBytes=="function")return Uint8Array.from(_t.randomBytes(e));throw new Error("crypto.getRandomValues must be defined")}function yo(e,t,r,n){if(typeof e.setBigUint64=="function")return e.setBigUint64(t,r,n);let o=BigInt(32),s=BigInt(4294967295),i=Number(r>>o&s),a=Number(r&s),c=n?4:0,u=n?0:4;e.setUint32(t+c,i,n),e.setUint32(t+u,a,n)}function Yr(e,t,r){return e&t^~e&r}function Zr(e,t,r){return e&t^e&r^t&r}var Kt=class extends he{constructor(t,r,n,o){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=r,this.padOffset=n,this.isLE=o,this.buffer=new Uint8Array(t),this.view=le(this.buffer)}update(t){ke(this),t=$e(t),V(t);let{view:r,buffer:n,blockLen:o}=this,s=t.length;for(let i=0;i<s;){let a=Math.min(o-this.pos,s-i);if(a===o){let c=le(t);for(;o<=s-i;i+=o)this.process(c,i);continue}n.set(t.subarray(i,i+a),this.pos),this.pos+=a,i+=a,this.pos===o&&(this.process(r,0),this.pos=0)}return this.length+=t.length,this.roundClean(),this}digestInto(t){ke(this),Gr(t,this),this.finished=!0;let{buffer:r,view:n,blockLen:o,isLE:s}=this,{pos:i}=this;r[i++]=128,Bt(this.buffer.subarray(i)),this.padOffset>o-i&&(this.process(n,0),i=0);for(let d=i;d<o;d++)r[d]=0;yo(n,o-8,BigInt(this.length*8),s),this.process(n,0);let a=le(t),c=this.outputLen;if(c%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let u=c/4,h=this.get();if(u>h.length)throw new Error("_sha2: outputLen bigger than state");for(let d=0;d<u;d++)a.setUint32(4*d,h[d],s)}digest(){let{buffer:t,outputLen:r}=this;this.digestInto(t);let n=t.slice(0,r);return this.destroy(),n}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());let{blockLen:r,buffer:n,length:o,finished:s,destroyed:i,pos:a}=this;return t.destroyed=i,t.finished=s,t.length=o,t.pos=a,o%r&&t.buffer.set(n),t}clone(){return this._cloneInto()}},ot=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),st=Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]);var P=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209]);var pe=BigInt(4294967295),zr=BigInt(32);function bo(e,t=!1){return t?{h:Number(e&pe),l:Number(e>>zr&pe)}:{h:Number(e>>zr&pe)|0,l:Number(e&pe)|0}}function Wr(e,t=!1){let r=e.length,n=new Uint32Array(r),o=new Uint32Array(r);for(let s=0;s<r;s++){let{h:i,l:a}=bo(e[s],t);[n[s],o[s]]=[i,a]}return[n,o]}var Ge=(e,t,r)=>e>>>r,Fe=(e,t,r)=>e<<32-r|t>>>r,At=(e,t,r)=>e>>>r|t<<32-r,St=(e,t,r)=>e<<32-r|t>>>r,$t=(e,t,r)=>e<<64-r|t>>>r-32,Vt=(e,t,r)=>e>>>r-32|t<<64-r;function X(e,t,r,n){let o=(t>>>0)+(n>>>0);return{h:e+r+(o/2**32|0)|0,l:o|0}}var Xr=(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0),Jr=(e,t,r,n)=>t+r+n+(e/2**32|0)|0,Qr=(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0),tn=(e,t,r,n,o)=>t+r+n+o+(e/2**32|0)|0,en=(e,t,r,n,o)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(o>>>0),rn=(e,t,r,n,o,s)=>t+r+n+o+s+(e/2**32|0)|0;var mo=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),ht=new Uint32Array(64),ye=class extends Kt{constructor(t=32){super(64,t,8,!1),this.A=ot[0]|0,this.B=ot[1]|0,this.C=ot[2]|0,this.D=ot[3]|0,this.E=ot[4]|0,this.F=ot[5]|0,this.G=ot[6]|0,this.H=ot[7]|0}get(){let{A:t,B:r,C:n,D:o,E:s,F:i,G:a,H:c}=this;return[t,r,n,o,s,i,a,c]}set(t,r,n,o,s,i,a,c){this.A=t|0,this.B=r|0,this.C=n|0,this.D=o|0,this.E=s|0,this.F=i|0,this.G=a|0,this.H=c|0}process(t,r){for(let d=0;d<16;d++,r+=4)ht[d]=t.getUint32(r,!1);for(let d=16;d<64;d++){let f=ht[d-15],p=ht[d-2],x=Z(f,7)^Z(f,18)^f>>>3,g=Z(p,17)^Z(p,19)^p>>>10;ht[d]=g+ht[d-7]+x+ht[d-16]|0}let{A:n,B:o,C:s,D:i,E:a,F:c,G:u,H:h}=this;for(let d=0;d<64;d++){let f=Z(a,6)^Z(a,11)^Z(a,25),p=h+f+Yr(a,c,u)+mo[d]+ht[d]|0,g=(Z(n,2)^Z(n,13)^Z(n,22))+Zr(n,o,s)|0;h=u,u=c,c=a,a=i+p|0,i=s,s=o,o=n,n=p+g|0}n=n+this.A|0,o=o+this.B|0,s=s+this.C|0,i=i+this.D|0,a=a+this.E|0,c=c+this.F|0,u=u+this.G|0,h=h+this.H|0,this.set(n,o,s,i,a,c,u,h)}roundClean(){Bt(ht)}destroy(){this.set(0,0,0,0,0,0,0,0),Bt(this.buffer)}},Ye=class extends ye{constructor(){super(28),this.A=st[0]|0,this.B=st[1]|0,this.C=st[2]|0,this.D=st[3]|0,this.E=st[4]|0,this.F=st[5]|0,this.G=st[6]|0,this.H=st[7]|0}},nn=Wr(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(e=>BigInt(e))),wo=nn[0],Eo=nn[1],lt=new Uint32Array(80),xt=new Uint32Array(80),Ze=class extends Kt{constructor(t=64){super(128,t,16,!1),this.Ah=P[0]|0,this.Al=P[1]|0,this.Bh=P[2]|0,this.Bl=P[3]|0,this.Ch=P[4]|0,this.Cl=P[5]|0,this.Dh=P[6]|0,this.Dl=P[7]|0,this.Eh=P[8]|0,this.El=P[9]|0,this.Fh=P[10]|0,this.Fl=P[11]|0,this.Gh=P[12]|0,this.Gl=P[13]|0,this.Hh=P[14]|0,this.Hl=P[15]|0}get(){let{Ah:t,Al:r,Bh:n,Bl:o,Ch:s,Cl:i,Dh:a,Dl:c,Eh:u,El:h,Fh:d,Fl:f,Gh:p,Gl:x,Hh:g,Hl:E}=this;return[t,r,n,o,s,i,a,c,u,h,d,f,p,x,g,E]}set(t,r,n,o,s,i,a,c,u,h,d,f,p,x,g,E){this.Ah=t|0,this.Al=r|0,this.Bh=n|0,this.Bl=o|0,this.Ch=s|0,this.Cl=i|0,this.Dh=a|0,this.Dl=c|0,this.Eh=u|0,this.El=h|0,this.Fh=d|0,this.Fl=f|0,this.Gh=p|0,this.Gl=x|0,this.Hh=g|0,this.Hl=E|0}process(t,r){for(let y=0;y<16;y++,r+=4)lt[y]=t.getUint32(r),xt[y]=t.getUint32(r+=4);for(let y=16;y<80;y++){let I=lt[y-15]|0,A=xt[y-15]|0,D=At(I,A,1)^At(I,A,8)^Ge(I,A,7),L=St(I,A,1)^St(I,A,8)^Fe(I,A,7),B=lt[y-2]|0,b=xt[y-2]|0,m=At(B,b,19)^$t(B,b,61)^Ge(B,b,6),_=St(B,b,19)^Vt(B,b,61)^Fe(B,b,6),S=Qr(L,_,xt[y-7],xt[y-16]),T=tn(S,D,m,lt[y-7],lt[y-16]);lt[y]=T|0,xt[y]=S|0}let{Ah:n,Al:o,Bh:s,Bl:i,Ch:a,Cl:c,Dh:u,Dl:h,Eh:d,El:f,Fh:p,Fl:x,Gh:g,Gl:E,Hh:l,Hl:w}=this;for(let y=0;y<80;y++){let I=At(d,f,14)^At(d,f,18)^$t(d,f,41),A=St(d,f,14)^St(d,f,18)^Vt(d,f,41),D=d&p^~d&g,L=f&x^~f&E,B=en(w,A,L,Eo[y],xt[y]),b=rn(B,l,I,D,wo[y],lt[y]),m=B|0,_=At(n,o,28)^$t(n,o,34)^$t(n,o,39),S=St(n,o,28)^Vt(n,o,34)^Vt(n,o,39),T=n&s^n&a^s&a,O=o&i^o&c^i&c;l=g|0,w=E|0,g=p|0,E=x|0,p=d|0,x=f|0,{h:d,l:f}=X(u|0,h|0,b|0,m|0),u=a|0,h=c|0,a=s|0,c=i|0,s=n|0,i=o|0;let N=Xr(m,S,O);n=Jr(N,b,_,T),o=N|0}({h:n,l:o}=X(this.Ah|0,this.Al|0,n|0,o|0)),{h:s,l:i}=X(this.Bh|0,this.Bl|0,s|0,i|0),{h:a,l:c}=X(this.Ch|0,this.Cl|0,a|0,c|0),{h:u,l:h}=X(this.Dh|0,this.Dl|0,u|0,h|0),{h:d,l:f}=X(this.Eh|0,this.El|0,d|0,f|0),{h:p,l:x}=X(this.Fh|0,this.Fl|0,p|0,x|0),{h:g,l:E}=X(this.Gh|0,this.Gl|0,g|0,E|0),{h:l,l:w}=X(this.Hh|0,this.Hl|0,l|0,w|0),this.set(n,o,s,i,a,c,u,h,d,f,p,x,g,E,l,w)}roundClean(){Bt(lt,xt)}destroy(){Bt(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}};var pt=xe(()=>new ye),on=xe(()=>new Ye),sn=xe(()=>new Ze);var be="__principal__",_o=2,cn=4,Io="aaaaa-aa",z=class e{static anonymous(){return new this(new Uint8Array([cn]))}static managementCanister(){return this.fromText(Io)}static selfAuthenticating(t){let r=on(t);return new this(new Uint8Array([...r,_o]))}static from(t){if(typeof t=="string")return e.fromText(t);if(Object.getPrototypeOf(t)===Uint8Array.prototype)return new e(t);if(e.isPrincipal(t))return new e(t._arr);throw new Error(`Impossible to convert ${JSON.stringify(t)} to Principal.`)}static fromHex(t){return new this(H(t))}static fromText(t){let r=t;if(t.includes(be)){let i=JSON.parse(t);be in i&&(r=i[be])}let n=r.toLowerCase().replace(/-/g,""),o=Kr(n);o=o.slice(4,o.length);let s=new this(o);if(s.toText()!==r)throw new Error(`Principal "${s.toText()}" does not have a valid checksum (original value "${r}" may not be a valid Principal ID).`);return s}static fromUint8Array(t){return new this(t)}static isPrincipal(t){return t instanceof e||typeof t=="object"&&t!==null&&"_isPrincipal"in t&&t._isPrincipal===!0&&"_arr"in t&&t._arr instanceof Uint8Array}constructor(t){this._arr=t,this._isPrincipal=!0}isAnonymous(){return this._arr.byteLength===1&&this._arr[0]===cn}toUint8Array(){return this._arr}toHex(){return v(this._arr).toUpperCase()}toText(){let t=new ArrayBuffer(4);new DataView(t).setUint32(0,$r(this._arr));let n=new Uint8Array(t),o=new Uint8Array([...n,...this._arr]),i=kr(o).match(/.{1,5}/g);if(!i)throw new Error;return i.join("-")}toString(){return this.toText()}toJSON(){return{[be]:this.toText()}}compareTo(t){for(let r=0;r<Math.min(this._arr.length,t._arr.length);r++){if(this._arr[r]<t._arr[r])return"lt";if(this._arr[r]>t._arr[r])return"gt"}return this._arr.length<t._arr.length?"lt":this._arr.length>t._arr.length?"gt":"eq"}ltEq(t){let r=this.compareTo(t);return r=="lt"||r=="eq"}gtEq(t){let r=this.compareTo(t);return r=="gt"||r=="eq"}};var ze;(function(e){e.Trust="Trust",e.Protocol="Protocol",e.Reject="Reject",e.Transport="Transport",e.External="External",e.Limit="Limit",e.Input="Input",e.Unknown="Unknown"})(ze||(ze={}));var ge;(function(e){e.Normal="normal",e.Verbose="verbose"})(ge||(ge={}));var Bo=new Set(["arg","certificate","nonce"]);function Ao(e){return(t,r)=>r instanceof Uint8Array?e===ge.Normal&&Bo.has(t)?`<${r.length} bytes, set ErrorCode.verbosity = ErrorVerbosity.Verbose to display>`:`hex(${r.length}):${v(r)}`:r}var Ee=class Ee{constructor(t=!1){this.isCertified=t}toString(){let t=this.toErrorMessage();return this.requestContext&&(t+=`
 Request context:
   Request ID (hex): ${this.requestContext.requestId?v(this.requestContext.requestId):"undefined"}
   Sender pubkey (hex): ${v(this.requestContext.senderPubKey)}
@@ -92,8 +92,8 @@ <h1>CLI login</h1>
 Call context:
   Canister ID: ${this.callContext.canisterId.toText()}
   Method name: ${this.callContext.methodName}`,"httpDetails"in this.callContext&&(t+=`
-  HTTP details: ${JSON.stringify(this.callContext.httpDetails,Ao(Ee.verbosity),2)}`)),t}};Ee.verbosity=ge.Normal;var Pt=Ee,ze=class e extends Error{get code(){return this.cause.code}set code(t){this.cause.code=t}get kind(){return this.cause.kind}set kind(t){this.cause.kind=t}get isCertified(){return this.code.isCertified}constructor(t,r){super(t.toString()),this.name="AgentError",this.cause={code:t,kind:r},Object.setPrototypeOf(this,e.prototype)}hasCode(t){return this.code instanceof t}toString(){return`${this.name} (${this.kind}): ${this.message}`}},Xe=class extends ze{static fromCode(t){return new this(t)}};var k=class e extends Xe{constructor(t){super(t,We.Input),this.name="InputError",Object.setPrototypeOf(this,e.prototype)}};var me=class e extends Pt{constructor(t,r){super(),this.expectedLength=t,this.actualLength=r,this.name="DerDecodeLengthMismatchErrorCode",Object.setPrototypeOf(this,e.prototype)}toErrorMessage(){return`DER payload mismatch: Expected length ${this.expectedLength}, actual length: ${this.actualLength}`}},yt=class e extends Pt{constructor(t){super(),this.error=t,this.name="DerDecodeErrorCode",Object.setPrototypeOf(this,e.prototype)}toErrorMessage(){return`Failed to decode DER: ${this.error}`}},Gt=class e extends Pt{constructor(t){super(),this.error=t,this.name="DerEncodeErrorCode",Object.setPrototypeOf(this,e.prototype)}toErrorMessage(){return`Failed to encode DER: ${this.error}`}};var we=class e extends Pt{constructor(t){super(),this.value=t,this.name="HashValueErrorCode",Object.setPrototypeOf(this,e.prototype)}toErrorMessage(){return`Attempt to hash a value of unsupported type: ${this.value}`}};var oi=new Error("unreachable");var _e=class{save(){return this._view}restore(t){if(!(t instanceof Uint8Array))throw new Error("Checkpoint must be a Uint8Array");this._view=t}constructor(t,r=t?.byteLength||0){if(t&&!(t instanceof Uint8Array))try{t=J(t)}catch{throw new Error("Buffer must be a Uint8Array")}if(r<0||!Number.isInteger(r))throw new Error("Length must be a non-negative integer");if(t&&r>t.byteLength)throw new Error("Length cannot exceed buffer length");this._buffer=t||new Uint8Array(0),this._view=new Uint8Array(this._buffer.buffer,0,r)}get buffer(){return this._view.slice()}get byteLength(){return this._view.byteLength}read(t){let r=this._view.subarray(0,t);return this._view=this._view.subarray(t),r.slice()}readUint8(){if(this._view.byteLength===0)return;let t=this._view[0];return this._view=this._view.subarray(1),t}write(t){if(!(t instanceof Uint8Array))throw new Error("Buffer must be a Uint8Array");let r=this._view.byteLength;this._view.byteOffset+this._view.byteLength+t.byteLength>=this._buffer.byteLength?this.alloc(t.byteLength):this._view=new Uint8Array(this._buffer.buffer,this._view.byteOffset,this._view.byteLength+t.byteLength),this._view.set(t,r)}get end(){return this._view.byteLength===0}alloc(t){if(t<=0||!Number.isInteger(t))throw new Error("Amount must be a positive integer");let r=new Uint8Array((this._buffer.byteLength+t)*1.2|0),n=new Uint8Array(r.buffer,0,this._view.byteLength+t);n.set(this._view),this._buffer=r,this._view=n}};function J(e){if(!e)throw new Error("Input cannot be null or undefined");return e instanceof Uint8Array?e:e instanceof ArrayBuffer?new Uint8Array(e):Array.isArray(e)?new Uint8Array(e):"buffer"in e?J(e.buffer):new Uint8Array(e)}function Je(e,t){if(e.byteLength!==t.byteLength)return e.byteLength-t.byteLength;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return e[r]-t[r];return 0}function an(e,t){return Je(e,t)===0}function fn(e){let t=BigInt(e);if(e<=0)throw new RangeError("Input must be positive");return t.toString(2).length-1}function Qe(e){if(typeof e=="number"&&(e=BigInt(e)),e<BigInt(0))throw new Error("Cannot leb encode negative values.");let t=(e===BigInt(0)?0:fn(e))+1,r=new _e(new Uint8Array(t),0);for(;;){let n=Number(e&BigInt(127));if(e/=BigInt(128),e===BigInt(0)){r.write(new Uint8Array([n]));break}else r.write(new Uint8Array([n|128]))}return r.buffer}function tr(e){if(!e)throw new Error("Input cannot be null or undefined");return e instanceof Uint8Array?e:e instanceof ArrayBuffer?new Uint8Array(e):Array.isArray(e)?new Uint8Array(e):"buffer"in e?tr(e.buffer):new Uint8Array(e)}function un(e,t){if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0}function er(e){if(typeof e=="string")return dn(e);if(typeof e=="number")return pt(Qe(e));if(e instanceof Uint8Array||ArrayBuffer.isView(e))return pt(tr(e));if(Array.isArray(e)){let t=e.map(er);return pt(G(...t))}if(e&&typeof e=="object"&&e._isPrincipal)return pt(e.toUint8Array());if(typeof e=="object"&&e!==null&&typeof e.toHash=="function")return er(e.toHash());if(typeof e=="object")return hn(e);if(typeof e=="bigint")return pt(Qe(e));throw k.fromCode(new we(e))}var dn=e=>{let t=new TextEncoder().encode(e);return pt(t)};function Ft(e){return hn(e)}function hn(e){let n=Object.entries(e).filter(([,i])=>i!==void 0).map(([i,a])=>{let c=dn(i),u=er(a);return[c,u]}).sort(([i],[a])=>Je(i,a)),o=G(...n.map(i=>G(...i)));return pt(o)}var So=new TextEncoder().encode("\ric-state-root"),Yt=new TextEncoder().encode(`
-ic-request`),Oo=new TextEncoder().encode("\vic-response"),rr=new TextEncoder().encode("ic-request-auth-delegation");var bt=class{getPrincipal(){return this._principal||(this._principal=W.selfAuthenticating(new Uint8Array(this.getPublicKey().toDer()))),this._principal}async transformRequest(t){let{body:r,...n}=t,o=Ft(r);return{...n,body:{content:r,sender_pubkey:this.getPublicKey().toDer(),sender_sig:await this.sign(G(Yt,o))}}}},Zt=class{getPrincipal(){return W.anonymous()}async transformRequest(t){return{...t,body:{content:t.body}}}};var sr=BigInt(0),or=BigInt(1);function Ie(e,t=""){if(typeof e!="boolean"){let r=t&&`"${t}"`;throw new Error(r+"expected boolean, got type="+typeof e)}return e}function Wt(e,t,r=""){let n=It(e),o=e?.length,s=t!==void 0;if(!n||s&&o!==t){let i=r&&`"${r}" `,a=s?` of length ${t}`:"",c=n?`length=${o}`:`type=${typeof e}`;throw new Error(i+"expected Uint8Array"+a+", got "+c)}return e}function ln(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);return e===""?sr:BigInt("0x"+e)}function xn(e){return ln(v(e))}function gt(e){return V(e),ln(v(Uint8Array.from(e).reverse()))}function ir(e,t){return H(e.toString(16).padStart(t*2,"0"))}function pn(e,t){return ir(e,t).reverse()}function K(e,t,r){let n;if(typeof t=="string")try{n=H(t)}catch(s){throw new Error(e+" must be hex string or Uint8Array, cause: "+s)}else if(It(t))n=Uint8Array.from(t);else throw new Error(e+" must be hex string or Uint8Array");let o=n.length;if(typeof r=="number"&&o!==r)throw new Error(e+" of length "+r+" expected, got "+o);return n}function yn(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return r===0}function cr(e){return Uint8Array.from(e)}var nr=e=>typeof e=="bigint"&&sr<=e;function To(e,t,r){return nr(e)&&nr(t)&&nr(r)&&t<=e&&e<r}function ar(e,t,r,n){if(!To(t,r,n))throw new Error("expected valid "+e+": "+r+" <= n < "+n+", got "+t)}function bn(e){let t;for(t=0;e>sr;e>>=or,t+=1);return t}var zt=e=>(or<<BigInt(e))-or;function Xt(e,t,r={}){if(!e||typeof e!="object")throw new Error("expected valid options object");function n(o,s,i){let a=e[o];if(i&&a===void 0)return;let c=typeof a;if(c!==s||a===null)throw new Error(`param "${o}" is invalid: expected ${s}, got ${c}`)}Object.entries(t).forEach(([o,s])=>n(o,s,!1)),Object.entries(r).forEach(([o,s])=>n(o,s,!0))}var fr=()=>{throw new Error("not implemented")};function ur(e){let t=new WeakMap;return(r,...n)=>{let o=t.get(r);if(o!==void 0)return o;let s=e(r,...n);return t.set(r,s),s}}var j=BigInt(0),M=BigInt(1),Ot=BigInt(2),wn=BigInt(3),En=BigInt(4),_n=BigInt(5),vo=BigInt(7),In=BigInt(8),Do=BigInt(9),Bn=BigInt(16);function R(e,t){let r=e%t;return r>=j?r:t+r}function z(e,t,r){let n=e;for(;t-- >j;)n*=n,n%=r;return n}function gn(e,t){if(e===j)throw new Error("invert: expected non-zero number");if(t<=j)throw new Error("invert: expected positive modulus, got "+t);let r=R(e,t),n=t,o=j,s=M,i=M,a=j;for(;r!==j;){let u=n/r,h=n%r,d=o-i*u,f=s-a*u;n=r,r=h,o=i,s=a,i=d,a=f}if(n!==M)throw new Error("invert: does not exist");return R(o,t)}function dr(e,t,r){if(!e.eql(e.sqr(t),r))throw new Error("Cannot find square root")}function An(e,t){let r=(e.ORDER+M)/En,n=e.pow(t,r);return dr(e,n,t),n}function Lo(e,t){let r=(e.ORDER-_n)/In,n=e.mul(t,Ot),o=e.pow(n,r),s=e.mul(t,o),i=e.mul(e.mul(s,Ot),o),a=e.mul(s,e.sub(i,e.ONE));return dr(e,a,t),a}function Co(e){let t=ct(e),r=Sn(e),n=r(t,t.neg(t.ONE)),o=r(t,n),s=r(t,t.neg(n)),i=(e+vo)/Bn;return(a,c)=>{let u=a.pow(c,i),h=a.mul(u,n),d=a.mul(u,o),f=a.mul(u,s),p=a.eql(a.sqr(h),c),x=a.eql(a.sqr(d),c);u=a.cmov(u,h,p),h=a.cmov(f,d,x);let g=a.eql(a.sqr(h),c),E=a.cmov(u,h,g);return dr(a,E,c),E}}function Sn(e){if(e<wn)throw new Error("sqrt is not defined for small field");let t=e-M,r=0;for(;t%Ot===j;)t/=Ot,r++;let n=Ot,o=ct(e);for(;mn(o,n)===1;)if(n++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(r===1)return An;let s=o.pow(n,t),i=(t+M)/Ot;return function(c,u){if(c.is0(u))return u;if(mn(c,u)!==1)throw new Error("Cannot find square root");let h=r,d=c.mul(c.ONE,s),f=c.pow(u,t),p=c.pow(u,i);for(;!c.eql(f,c.ONE);){if(c.is0(f))return c.ZERO;let x=1,g=c.sqr(f);for(;!c.eql(g,c.ONE);)if(x++,g=c.sqr(g),x===h)throw new Error("Cannot find square root");let E=M<<BigInt(h-x-1),l=c.pow(d,E);h=x,d=c.sqr(l),f=c.mul(f,d),p=c.mul(p,l)}return p}}function Ro(e){return e%En===wn?An:e%In===_n?Lo:e%Bn===Do?Co(e):Sn(e)}var it=(e,t)=>(R(e,t)&M)===M,No=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function On(e){let t={ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"},r=No.reduce((n,o)=>(n[o]="function",n),t);return Xt(e,r),e}function Uo(e,t,r){if(r<j)throw new Error("invalid exponent, negatives unsupported");if(r===j)return e.ONE;if(r===M)return t;let n=e.ONE,o=t;for(;r>j;)r&M&&(n=e.mul(n,o)),o=e.sqr(o),r>>=M;return n}function Be(e,t,r=!1){let n=new Array(t.length).fill(r?e.ZERO:void 0),o=t.reduce((i,a,c)=>e.is0(a)?i:(n[c]=i,e.mul(i,a)),e.ONE),s=e.inv(o);return t.reduceRight((i,a,c)=>e.is0(a)?i:(n[c]=e.mul(i,n[c]),e.mul(i,a)),s),n}function mn(e,t){let r=(e.ORDER-M)/Ot,n=e.pow(t,r),o=e.eql(n,e.ONE),s=e.eql(n,e.ZERO),i=e.eql(n,e.neg(e.ONE));if(!o&&!s&&!i)throw new Error("invalid Legendre symbol result");return o?1:s?0:-1}function Tn(e,t){t!==void 0&&He(t);let r=t!==void 0?t:e.toString(2).length,n=Math.ceil(r/8);return{nBitLength:r,nByteLength:n}}function ct(e,t,r=!1,n={}){if(e<=j)throw new Error("invalid field: expected ORDER > 0, got "+e);let o,s,i=!1,a;if(typeof t=="object"&&t!=null){if(n.sqrt||r)throw new Error("cannot specify opts in two arguments");let f=t;f.BITS&&(o=f.BITS),f.sqrt&&(s=f.sqrt),typeof f.isLE=="boolean"&&(r=f.isLE),typeof f.modFromBytes=="boolean"&&(i=f.modFromBytes),a=f.allowedLengths}else typeof t=="number"&&(o=t),n.sqrt&&(s=n.sqrt);let{nBitLength:c,nByteLength:u}=Tn(e,o);if(u>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let h,d=Object.freeze({ORDER:e,isLE:r,BITS:c,BYTES:u,MASK:zt(c),ZERO:j,ONE:M,allowedLengths:a,create:f=>R(f,e),isValid:f=>{if(typeof f!="bigint")throw new Error("invalid field element: expected bigint, got "+typeof f);return j<=f&&f<e},is0:f=>f===j,isValidNot0:f=>!d.is0(f)&&d.isValid(f),isOdd:f=>(f&M)===M,neg:f=>R(-f,e),eql:(f,p)=>f===p,sqr:f=>R(f*f,e),add:(f,p)=>R(f+p,e),sub:(f,p)=>R(f-p,e),mul:(f,p)=>R(f*p,e),pow:(f,p)=>Uo(d,f,p),div:(f,p)=>R(f*gn(p,e),e),sqrN:f=>f*f,addN:(f,p)=>f+p,subN:(f,p)=>f-p,mulN:(f,p)=>f*p,inv:f=>gn(f,e),sqrt:s||(f=>(h||(h=Ro(e)),h(d,f))),toBytes:f=>r?pn(f,u):ir(f,u),fromBytes:(f,p=!0)=>{if(a){if(!a.includes(f.length)||f.length>u)throw new Error("Field.fromBytes: expected "+a+" bytes, got "+f.length);let g=new Uint8Array(u);g.set(f,r?0:g.length-f.length),f=g}if(f.length!==u)throw new Error("Field.fromBytes: expected "+u+" bytes, got "+f.length);let x=r?gt(f):xn(f);if(i&&(x=R(x,e)),!p&&!d.isValid(x))throw new Error("invalid field element: outside of range 0..ORDER");return x},invertBatch:f=>Be(d,f),cmov:(f,p,x)=>x?p:f});return Object.freeze(d)}var Ae=BigInt(0),pr=BigInt(1);function vn(e,t){let r=t.negate();return e?r:t}function Jt(e,t){let r=Be(e.Fp,t.map(n=>n.Z));return t.map((n,o)=>e.fromAffine(n.toAffine(r[o])))}function Rn(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw new Error("invalid window size, expected [1.."+t+"], got W="+e)}function hr(e,t){Rn(e,t);let r=Math.ceil(t/e)+1,n=2**(e-1),o=2**e,s=zt(e),i=BigInt(e);return{windows:r,windowSize:n,mask:s,maxNumber:o,shiftBy:i}}function Dn(e,t,r){let{windowSize:n,mask:o,maxNumber:s,shiftBy:i}=r,a=Number(e&o),c=e>>i;a>n&&(a-=s,c+=pr);let u=t*n,h=u+Math.abs(a)-1,d=a===0,f=a<0,p=t%2!==0;return{nextN:c,offset:h,isZero:d,isNeg:f,isNegF:p,offsetF:u}}function Po(e,t){if(!Array.isArray(e))throw new Error("array expected");e.forEach((r,n)=>{if(!(r instanceof t))throw new Error("invalid point at index "+n)})}function Mo(e,t){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach((r,n)=>{if(!t.isValid(r))throw new Error("invalid scalar at index "+n)})}var lr=new WeakMap,Nn=new WeakMap;function xr(e){return Nn.get(e)||1}function Ln(e){if(e!==Ae)throw new Error("invalid wNAF")}var Se=class{constructor(t,r){this.BASE=t.BASE,this.ZERO=t.ZERO,this.Fn=t.Fn,this.bits=r}_unsafeLadder(t,r,n=this.ZERO){let o=t;for(;r>Ae;)r&pr&&(n=n.add(o)),o=o.double(),r>>=pr;return n}precomputeWindow(t,r){let{windows:n,windowSize:o}=hr(r,this.bits),s=[],i=t,a=i;for(let c=0;c<n;c++){a=i,s.push(a);for(let u=1;u<o;u++)a=a.add(i),s.push(a);i=a.double()}return s}wNAF(t,r,n){if(!this.Fn.isValid(n))throw new Error("invalid scalar");let o=this.ZERO,s=this.BASE,i=hr(t,this.bits);for(let a=0;a<i.windows;a++){let{nextN:c,offset:u,isZero:h,isNeg:d,isNegF:f,offsetF:p}=Dn(n,a,i);n=c,h?s=s.add(vn(f,r[p])):o=o.add(vn(d,r[u]))}return Ln(n),{p:o,f:s}}wNAFUnsafe(t,r,n,o=this.ZERO){let s=hr(t,this.bits);for(let i=0;i<s.windows&&n!==Ae;i++){let{nextN:a,offset:c,isZero:u,isNeg:h}=Dn(n,i,s);if(n=a,!u){let d=r[c];o=o.add(h?d.negate():d)}}return Ln(n),o}getPrecomputes(t,r,n){let o=lr.get(r);return o||(o=this.precomputeWindow(r,t),t!==1&&(typeof n=="function"&&(o=n(o)),lr.set(r,o))),o}cached(t,r,n){let o=xr(t);return this.wNAF(o,this.getPrecomputes(o,t,n),r)}unsafe(t,r,n,o){let s=xr(t);return s===1?this._unsafeLadder(t,r,o):this.wNAFUnsafe(s,this.getPrecomputes(s,t,n),r,o)}createCache(t,r){Rn(r,this.bits),Nn.set(t,r),lr.delete(t)}hasCache(t){return xr(t)!==1}};function Oe(e,t,r,n){Po(r,e),Mo(n,t);let o=r.length,s=n.length;if(o!==s)throw new Error("arrays of points and scalars must have equal length");let i=e.ZERO,a=bn(BigInt(o)),c=1;a>12?c=a-3:a>4?c=a-2:a>0&&(c=2);let u=zt(c),h=new Array(Number(u)+1).fill(i),d=Math.floor((t.BITS-1)/c)*c,f=i;for(let p=d;p>=0;p-=c){h.fill(i);for(let g=0;g<s;g++){let E=n[g],l=Number(E>>BigInt(p)&u);h[l]=h[l].add(r[g])}let x=i;for(let g=h.length-1,E=i;g>0;g--)E=E.add(h[g]),x=x.add(E);if(f=f.add(x),p!==0)for(let g=0;g<c;g++)f=f.double()}return f}function Cn(e,t,r){if(t){if(t.ORDER!==e)throw new Error("Field.ORDER must match order: Fp == p, Fn == n");return On(t),t}else return ct(e,{isLE:r})}function Un(e,t,r={},n){if(n===void 0&&(n=e==="edwards"),!t||typeof t!="object")throw new Error(`expected valid ${e} CURVE object`);for(let c of["p","n","h"]){let u=t[c];if(!(typeof u=="bigint"&&u>Ae))throw new Error(`CURVE.${c} must be positive bigint`)}let o=Cn(t.p,r.Fp,n),s=Cn(t.n,r.Fn,n),a=["Gx","Gy","a",e==="weierstrass"?"b":"d"];for(let c of a)if(!o.isValid(t[c]))throw new Error(`CURVE.${c} must be valid field element of CURVE.Fp`);return t=Object.freeze(Object.assign({},t)),{CURVE:t,Fp:o,Fn:s}}var mt=BigInt(0),U=BigInt(1),yr=BigInt(2),jo=BigInt(8);function qo(e,t,r,n){let o=e.sqr(r),s=e.sqr(n),i=e.add(e.mul(t.a,o),s),a=e.add(e.ONE,e.mul(t.d,e.mul(o,s)));return e.eql(i,a)}function Ho(e,t={}){let r=Un("edwards",e,t,t.FpFnLE),{Fp:n,Fn:o}=r,s=r.CURVE,{h:i}=s;Xt(t,{},{uvRatio:"function"});let a=yr<<BigInt(o.BYTES*8)-U,c=E=>n.create(E),u=t.uvRatio||((E,l)=>{try{return{isValid:!0,value:n.sqrt(n.div(E,l))}}catch{return{isValid:!1,value:mt}}});if(!qo(n,s,s.Gx,s.Gy))throw new Error("bad curve params: generator point");function h(E,l,w=!1){let y=w?U:mt;return ar("coordinate "+E,l,y,a),l}function d(E){if(!(E instanceof x))throw new Error("ExtendedPoint expected")}let f=ur((E,l)=>{let{X:w,Y:y,Z:I}=E,A=E.is0();l==null&&(l=A?jo:n.inv(I));let D=c(w*l),L=c(y*l),B=n.mul(I,l);if(A)return{x:mt,y:U};if(B!==U)throw new Error("invZ was invalid");return{x:D,y:L}}),p=ur(E=>{let{a:l,d:w}=s;if(E.is0())throw new Error("bad point: ZERO");let{X:y,Y:I,Z:A,T:D}=E,L=c(y*y),B=c(I*I),b=c(A*A),m=c(b*b),_=c(L*l),S=c(b*c(_+B)),T=c(m+c(w*c(L*B)));if(S!==T)throw new Error("bad point: equation left != right (1)");let O=c(y*I),N=c(A*D);if(O!==N)throw new Error("bad point: equation left != right (2)");return!0});class x{constructor(l,w,y,I){this.X=h("x",l),this.Y=h("y",w),this.Z=h("z",y,!0),this.T=h("t",I),Object.freeze(this)}static CURVE(){return s}static fromAffine(l){if(l instanceof x)throw new Error("extended point not allowed");let{x:w,y}=l||{};return h("x",w),h("y",y),new x(w,y,U,c(w*y))}static fromBytes(l,w=!1){let y=n.BYTES,{a:I,d:A}=s;l=cr(Wt(l,y,"point")),Ie(w,"zip215");let D=cr(l),L=l[y-1];D[y-1]=L&-129;let B=gt(D),b=w?a:n.ORDER;ar("point.y",B,mt,b);let m=c(B*B),_=c(m-U),S=c(A*m-I),{isValid:T,value:O}=u(_,S);if(!T)throw new Error("bad point: invalid y coordinate");let N=(O&U)===U,q=(L&128)!==0;if(!w&&O===mt&&q)throw new Error("bad point: x=0 and x_0=1");return q!==N&&(O=c(-O)),x.fromAffine({x:O,y:B})}static fromHex(l,w=!1){return x.fromBytes(K("point",l),w)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(l=8,w=!0){return g.createCache(this,l),w||this.multiply(yr),this}assertValidity(){p(this)}equals(l){d(l);let{X:w,Y:y,Z:I}=this,{X:A,Y:D,Z:L}=l,B=c(w*L),b=c(A*I),m=c(y*L),_=c(D*I);return B===b&&m===_}is0(){return this.equals(x.ZERO)}negate(){return new x(c(-this.X),this.Y,this.Z,c(-this.T))}double(){let{a:l}=s,{X:w,Y:y,Z:I}=this,A=c(w*w),D=c(y*y),L=c(yr*c(I*I)),B=c(l*A),b=w+y,m=c(c(b*b)-A-D),_=B+D,S=_-L,T=B-D,O=c(m*S),N=c(_*T),q=c(m*T),dt=c(S*_);return new x(O,N,dt,q)}add(l){d(l);let{a:w,d:y}=s,{X:I,Y:A,Z:D,T:L}=this,{X:B,Y:b,Z:m,T:_}=l,S=c(I*B),T=c(A*b),O=c(L*y*_),N=c(D*m),q=c((I+A)*(B+b)-S-T),dt=N-O,Et=N+O,rt=c(T-w*S),kt=c(q*dt),ue=c(Et*rt),qe=c(q*rt),jr=c(dt*Et);return new x(kt,ue,jr,qe)}subtract(l){return this.add(l.negate())}multiply(l){if(!o.isValidNot0(l))throw new Error("invalid scalar: expected 1 <= sc < curve.n");let{p:w,f:y}=g.cached(this,l,I=>Jt(x,I));return Jt(x,[w,y])[0]}multiplyUnsafe(l,w=x.ZERO){if(!o.isValid(l))throw new Error("invalid scalar: expected 0 <= sc < curve.n");return l===mt?x.ZERO:this.is0()||l===U?this:g.unsafe(this,l,y=>Jt(x,y),w)}isSmallOrder(){return this.multiplyUnsafe(i).is0()}isTorsionFree(){return g.unsafe(this,s.n).is0()}toAffine(l){return f(this,l)}clearCofactor(){return i===U?this:this.multiplyUnsafe(i)}toBytes(){let{x:l,y:w}=this.toAffine(),y=n.toBytes(w);return y[y.length-1]|=l&U?128:0,y}toHex(){return v(this.toBytes())}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get ex(){return this.X}get ey(){return this.Y}get ez(){return this.Z}get et(){return this.T}static normalizeZ(l){return Jt(x,l)}static msm(l,w){return Oe(x,o,l,w)}_setWindowSize(l){this.precompute(l)}toRawBytes(){return this.toBytes()}}x.BASE=new x(s.Gx,s.Gy,U,c(s.Gx*s.Gy)),x.ZERO=new x(mt,U,U,mt),x.Fp=n,x.Fn=o;let g=new Se(x,o.BITS);return x.BASE.precompute(8),x}var Te=class{constructor(t){this.ep=t}static fromBytes(t){fr()}static fromHex(t){fr()}get x(){return this.toAffine().x}get y(){return this.toAffine().y}clearCofactor(){return this}assertValidity(){this.ep.assertValidity()}toAffine(t){return this.ep.toAffine(t)}toHex(){return v(this.toBytes())}toString(){return this.toHex()}isTorsionFree(){return!0}isSmallOrder(){return!1}add(t){return this.assertSame(t),this.init(this.ep.add(t.ep))}subtract(t){return this.assertSame(t),this.init(this.ep.subtract(t.ep))}multiply(t){return this.init(this.ep.multiply(t))}multiplyUnsafe(t){return this.init(this.ep.multiplyUnsafe(t))}double(){return this.init(this.ep.double())}negate(){return this.init(this.ep.negate())}precompute(t,r){return this.init(this.ep.precompute(t,r))}toRawBytes(){return this.toBytes()}};function ko(e,t,r={}){if(typeof t!="function")throw new Error('"hash" function param is required');Xt(r,{},{adjustScalarBytes:"function",randomBytes:"function",domain:"function",prehash:"function",mapToCurve:"function"});let{prehash:n}=r,{BASE:o,Fp:s,Fn:i}=e,a=r.randomBytes||Ve,c=r.adjustScalarBytes||(b=>b),u=r.domain||((b,m,_)=>{if(Ie(_,"phflag"),m.length||_)throw new Error("Contexts/pre-hash are not supported");return b});function h(b){return i.create(gt(b))}function d(b){let m=y.secretKey;b=K("private key",b,m);let _=K("hashed private key",t(b),2*m),S=c(_.slice(0,m)),T=_.slice(m,2*m),O=h(S);return{head:S,prefix:T,scalar:O}}function f(b){let{head:m,prefix:_,scalar:S}=d(b),T=o.multiply(S),O=T.toBytes();return{head:m,prefix:_,scalar:S,point:T,pointBytes:O}}function p(b){return f(b).pointBytes}function x(b=Uint8Array.of(),...m){let _=G(...m);return h(t(u(_,K("context",b),!!n)))}function g(b,m,_={}){b=K("message",b),n&&(b=n(b));let{prefix:S,scalar:T,pointBytes:O}=f(m),N=x(_.context,S,b),q=o.multiply(N).toBytes(),dt=x(_.context,q,O,b),Et=i.create(N+dt*T);if(!i.isValid(Et))throw new Error("sign failed: invalid s");let rt=G(q,i.toBytes(Et));return Wt(rt,y.signature,"result")}let E={zip215:!0};function l(b,m,_,S=E){let{context:T,zip215:O}=S,N=y.signature;b=K("signature",b,N),m=K("message",m),_=K("publicKey",_,y.publicKey),O!==void 0&&Ie(O,"zip215"),n&&(m=n(m));let q=N/2,dt=b.subarray(0,q),Et=gt(b.subarray(q,N)),rt,kt,ue;try{rt=e.fromBytes(_,O),kt=e.fromBytes(dt,O),ue=o.multiplyUnsafe(Et)}catch{return!1}if(!O&&rt.isSmallOrder())return!1;let qe=x(T,kt.toBytes(),rt.toBytes(),m);return kt.add(rt.multiplyUnsafe(qe)).subtract(ue).clearCofactor().is0()}let w=s.BYTES,y={secretKey:w,publicKey:w,signature:2*w,seed:w};function I(b=a(y.seed)){return Wt(b,y.seed,"seed")}function A(b){let m=B.randomSecretKey(b);return{secretKey:m,publicKey:p(m)}}function D(b){return It(b)&&b.length===i.BYTES}function L(b,m){try{return!!e.fromBytes(b,m)}catch{return!1}}let B={getExtendedPublicKey:f,randomSecretKey:I,isValidSecretKey:D,isValidPublicKey:L,toMontgomery(b){let{y:m}=e.fromBytes(b),_=y.publicKey,S=_===32;if(!S&&_!==57)throw new Error("only defined for 25519 and 448");let T=S?s.div(U+m,U-m):s.div(m-U,m+U);return s.toBytes(T)},toMontgomerySecret(b){let m=y.secretKey;Wt(b,m);let _=t(b.subarray(0,m));return c(_).subarray(0,m)},randomPrivateKey:I,precompute(b=8,m=e.BASE){return m.precompute(b,!1)}};return Object.freeze({keygen:A,getPublicKey:p,sign:g,verify:l,utils:B,Point:e,lengths:y})}function Ko(e){let t={a:e.a,d:e.d,p:e.Fp.ORDER,n:e.n,h:e.h,Gx:e.Gx,Gy:e.Gy},r=e.Fp,n=ct(t.n,e.nBitLength,!0),o={Fp:r,Fn:n,uvRatio:e.uvRatio},s={randomBytes:e.randomBytes,adjustScalarBytes:e.adjustScalarBytes,domain:e.domain,prehash:e.prehash,mapToCurve:e.mapToCurve};return{CURVE:t,curveOpts:o,hash:e.hash,eddsaOpts:s}}function $o(e,t){let r=t.Point;return Object.assign({},t,{ExtendedPoint:r,CURVE:e,nBitLength:r.Fn.BITS,nByteLength:r.Fn.BYTES})}function Pn(e){let{CURVE:t,curveOpts:r,hash:n,eddsaOpts:o}=Ko(e),s=Ho(t,r),i=ko(s,n,o);return $o(e,i)}var Vo=BigInt(0),at=BigInt(1),Mn=BigInt(2),Gi=BigInt(3),Go=BigInt(5),Fo=BigInt(8),Mt=BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed"),Qt={p:Mt,n:BigInt("0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed"),h:Fo,a:BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"),d:BigInt("0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3"),Gx:BigInt("0x216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a"),Gy:BigInt("0x6666666666666666666666666666666666666666666666666666666666666658")};function Yo(e){let t=BigInt(10),r=BigInt(20),n=BigInt(40),o=BigInt(80),s=Mt,a=e*e%s*e%s,c=z(a,Mn,s)*a%s,u=z(c,at,s)*e%s,h=z(u,Go,s)*u%s,d=z(h,t,s)*h%s,f=z(d,r,s)*d%s,p=z(f,n,s)*f%s,x=z(p,o,s)*p%s,g=z(x,o,s)*p%s,E=z(g,t,s)*h%s;return{pow_p_5_8:z(E,Mn,s)*e%s,b2:a}}function Zo(e){return e[0]&=248,e[31]&=127,e[31]|=64,e}var br=BigInt("19681161376707505956807079304988542015446066515923890162744021073123829784752");function wr(e,t){let r=Mt,n=R(t*t*t,r),o=R(n*n*t,r),s=Yo(e*o).pow_p_5_8,i=R(e*n*s,r),a=R(t*i*i,r),c=i,u=R(i*br,r),h=a===e,d=a===R(-e,r),f=a===R(-e*br,r);return h&&(i=c),(d||f)&&(i=u),it(i,r)&&(i=R(-i,r)),{isValid:h||d,value:i}}var wt=ct(Qt.p,{isLE:!0}),Wo=ct(Qt.n,{isLE:!0}),zo={...Qt,Fp:wt,hash:sn,adjustScalarBytes:Zo,uvRatio:wr},$=Pn(zo);var gr=br,Xo=BigInt("25063068953384623474111414158702152701244531502492656460079210482610430750235"),Jo=BigInt("54469307008909316920995813868745141605393597292927456921205312896311721017578"),Qo=BigInt("1159843021668779879193775521855586647937357759715417654439879720876111806838"),ts=BigInt("40440834346308536858101042469323190826248399146238708352240133220865137265952"),jn=e=>wr(at,e),es=BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),mr=e=>$.Point.Fp.create(gt(e)&es);function qn(e){let{d:t}=Qt,r=Mt,n=l=>wt.create(l),o=n(gr*e*e),s=n((o+at)*Qo),i=BigInt(-1),a=n((i-t*o)*n(o+t)),{isValid:c,value:u}=wr(s,a),h=n(u*e);it(h,r)||(h=n(-h)),c||(u=h),c||(i=o);let d=n(i*(o-at)*ts-a),f=u*u,p=n((u+u)*a),x=n(d*Xo),g=n(at-f),E=n(at+f);return new $.Point(n(p*E),n(g*x),n(x*E),n(p*g))}function rs(e){V(e,64);let t=mr(e.subarray(0,32)),r=qn(t),n=mr(e.subarray(32,64)),o=qn(n);return new ft(r.add(o))}var ft=class e extends Te{constructor(t){super(t)}static fromAffine(t){return new e($.Point.fromAffine(t))}assertSame(t){if(!(t instanceof e))throw new Error("RistrettoPoint expected")}init(t){return new e(t)}static hashToCurve(t){return rs(K("ristrettoHash",t,64))}static fromBytes(t){V(t,32);let{a:r,d:n}=Qt,o=Mt,s=I=>wt.create(I),i=mr(t);if(!yn(wt.toBytes(i),t)||it(i,o))throw new Error("invalid ristretto255 encoding 1");let a=s(i*i),c=s(at+r*a),u=s(at-r*a),h=s(c*c),d=s(u*u),f=s(r*n*h-d),{isValid:p,value:x}=jn(s(f*d)),g=s(x*u),E=s(x*g*f),l=s((i+i)*g);it(l,o)&&(l=s(-l));let w=s(c*E),y=s(l*w);if(!p||it(y,o)||w===Vo)throw new Error("invalid ristretto255 encoding 2");return new e(new $.Point(l,w,at,y))}static fromHex(t){return e.fromBytes(K("ristrettoHex",t,32))}static msm(t,r){return Oe(e,$.Point.Fn,t,r)}toBytes(){let{X:t,Y:r,Z:n,T:o}=this.ep,s=Mt,i=E=>wt.create(E),a=i(i(n+r)*i(n-r)),c=i(t*r),u=i(c*c),{value:h}=jn(i(a*u)),d=i(h*a),f=i(h*c),p=i(d*f*o),x;if(it(o*p,s)){let E=i(r*gr),l=i(t*gr);t=E,r=l,x=i(d*Jo)}else x=f;it(t*p,s)&&(r=i(-r));let g=i((n-r)*x);return it(g,s)&&(g=i(-g)),wt.toBytes(g)}equals(t){this.assertSame(t);let{X:r,Y:n}=this.ep,{X:o,Y:s}=t.ep,i=u=>wt.create(u),a=i(r*s)===i(n*o),c=i(n*s)===i(r*o);return a||c}is0(){return this.equals(e.ZERO)}};ft.BASE=new ft($.Point.BASE);ft.ZERO=new ft($.Point.ZERO);ft.Fp=wt;ft.Fn=Wo;var Hn=e=>{if(e<=127)return 1;if(e<=255)return 2;if(e<=65535)return 3;if(e<=16777215)return 4;throw k.fromCode(new Gt("Length too long (> 4 bytes)"))},kn=(e,t,r)=>{if(r<=127)return e[t]=r,1;if(r<=255)return e[t]=129,e[t+1]=r,2;if(r<=65535)return e[t]=130,e[t+1]=r>>8,e[t+2]=r,3;if(r<=16777215)return e[t]=131,e[t+1]=r>>16,e[t+2]=r>>8,e[t+3]=r,4;throw k.fromCode(new Gt("Length too long (> 4 bytes)"))},Er=(e,t)=>{if(e[t]<128)return 1;if(e[t]===128)throw k.fromCode(new yt("Invalid length 0"));if(e[t]===129)return 2;if(e[t]===130)return 3;if(e[t]===131)return 4;throw k.fromCode(new yt("Length too long (> 4 bytes)"))},ns=(e,t)=>{let r=Er(e,t);if(r===1)return e[t];if(r===2)return e[t+1];if(r===3)return(e[t+1]<<8)+e[t+2];if(r===4)return(e[t+1]<<16)+(e[t+2]<<8)+e[t+3];throw k.fromCode(new yt("Length too long (> 4 bytes)"))},Wi=Uint8Array.from([48,12,6,10,43,6,1,4,1,131,184,67,1,1]),_r=Uint8Array.from([48,5,6,3,43,101,112]),zi=Uint8Array.from([48,16,6,7,42,134,72,206,61,2,1,6,5,43,129,4,0,10]),Xi=Uint8Array.from([48,29,6,13,43,6,1,4,1,130,220,124,5,3,1,2,1,6,12,43,6,1,4,1,130,220,124,5,3,2,1]);function Kn(e,t){let r=2+Hn(e.byteLength+1),n=t.byteLength+r+e.byteLength,o=0,s=new Uint8Array(1+Hn(n)+n);return s[o++]=48,o+=kn(s,o,n),s.set(t,o),o+=t.byteLength,s[o++]=3,o+=kn(s,o,e.byteLength+1),s[o++]=0,s.set(new Uint8Array(e),o),s}var $n=(e,t)=>{let r=0,n=(a,c)=>{if(o[r++]!==a)throw k.fromCode(new yt(`Expected ${c} at offset ${r}`))},o=new Uint8Array(e);if(n(48,"sequence"),r+=Er(o,r),!un(o.slice(r,r+t.byteLength),t))throw k.fromCode(new yt("Not the expected OID."));r+=t.byteLength,n(3,"bit string");let s=ns(o,r)-1;r+=Er(o,r),n(0,"0 padding");let i=o.slice(r);if(s!==i.length)throw k.fromCode(new me(s,i.length));return i};function Vn(e){return e!==null&&typeof e=="object"}var ee,re,Tt=class Tt{constructor(t){F(this,ee);F(this,re);if(t.byteLength!==Tt.RAW_KEY_LENGTH)throw new Error("An Ed25519 public key must be exactly 32bytes long");Y(this,ee,t),Y(this,re,Tt.derEncode(t))}static from(t){if(typeof t=="string"){let r=H(t);return this.fromRaw(r)}if(Vn(t)){let r=t;if(Vn(r)&&Object.hasOwnProperty.call(r,"__derEncodedPublicKey__"))return this.fromDer(r);if(ArrayBuffer.isView(r)){let n=r;return this.fromRaw(J(n.buffer))}if(r instanceof ArrayBuffer)return this.fromRaw(J(r));if("rawKey"in r&&r.rawKey instanceof Uint8Array)return this.fromRaw(r.rawKey);if("derKey"in r)return this.fromDer(r.derKey);if("toDer"in r)return this.fromDer(r.toDer())}throw new Error("Cannot construct Ed25519PublicKey from the provided key.")}static fromRaw(t){return new Tt(t)}static fromDer(t){return new Tt(this.derDecode(t))}static derEncode(t){let r=Kn(t,_r);return r.__derEncodedPublicKey__=void 0,r}static derDecode(t){let r=$n(t,_r);if(r.length!==this.RAW_KEY_LENGTH)throw new Error("An Ed25519 public key must be exactly 32bytes long");return r}get rawKey(){return C(this,ee)}get derKey(){return C(this,re)}toDer(){return this.derKey}toRaw(){return this.rawKey}};ee=new WeakMap,re=new WeakMap,Tt.RAW_KEY_LENGTH=32;var te=Tt,vt,Dt,jt=class jt extends bt{constructor(r,n){super();F(this,vt);F(this,Dt);Y(this,vt,te.from(r)),Y(this,Dt,n)}static generate(r){if(r&&r.length!==32)throw new Error("Ed25519 Seed needs to be 32 bytes long.");r||(r=$.utils.randomPrivateKey()),an(r,new Uint8Array(new Array(32).fill(0)))&&console.warn("Seed is all zeros. This is not a secure seed. Please provide a seed with sufficient entropy if this is a production environment.");let n=new Uint8Array(32);for(let s=0;s<32;s++)n[s]=r[s];let o=$.getPublicKey(n);return jt.fromKeyPair(o,n)}static fromParsedJson(r){let[n,o]=r;return new jt(te.fromDer(H(n)),H(o))}static fromJSON(r){let n=JSON.parse(r);if(Array.isArray(n)){if(typeof n[0]=="string"&&typeof n[1]=="string")return this.fromParsedJson([n[0],n[1]]);throw new Error("Deserialization error: JSON must have at least 2 items.")}throw new Error(`Deserialization error: Invalid JSON type for string: ${JSON.stringify(r)}`)}static fromKeyPair(r,n){return new jt(te.fromRaw(r),n)}static fromSecretKey(r){let n=$.getPublicKey(r);return jt.fromKeyPair(n,r)}toJSON(){return[v(C(this,vt).toDer()),v(C(this,Dt))]}getKeyPair(){return{secretKey:C(this,Dt),publicKey:C(this,vt)}}getPublicKey(){return C(this,vt)}async sign(r){let n=$.sign(r,C(this,Dt).slice(0,32));return Object.defineProperty(n,"__signature__",{enumerable:!1,value:void 0}),n}static verify(r,n,o){let[s,i,a]=[r,n,o].map(c=>(typeof c=="string"&&(c=H(c)),J(c)));return $.verify(s,i,a)}};vt=new WeakMap,Dt=new WeakMap;var Lt=jt;var Ir=class e extends Error{constructor(t){super(t),this.message=t,Object.setPrototypeOf(this,e.prototype)}};function Gn(e){if(typeof global<"u"&&global.crypto&&global.crypto.subtle)return global.crypto.subtle;if(e)return e;if(typeof crypto<"u"&&crypto.subtle)return crypto.subtle;throw new Ir("Global crypto was not available and none was provided. Please inlcude a SubtleCrypto implementation. See https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto")}var qt=class e extends bt{static async generate(t){let{extractable:r=!1,keyUsages:n=["sign","verify"],subtleCrypto:o}=t??{},s=Gn(o),i=await s.generateKey({name:"ECDSA",namedCurve:"P-256"},r,n),a=J(await s.exportKey("spki",i.publicKey));return Object.assign(a,{__derEncodedPublicKey__:void 0}),new this(i,a,s)}static async fromKeyPair(t,r){let n=Gn(r),o=J(await n.exportKey("spki",t.publicKey));return Object.assign(o,{__derEncodedPublicKey__:void 0}),new e(t,o,n)}constructor(t,r,n){super(),this._keyPair=t,this._derKey=r,this._subtleCrypto=n}getKeyPair(){return this._keyPair}getPublicKey(){let t=this._derKey,r=Object.create(this._keyPair.publicKey);return r.toDer=function(){return t},r}async sign(t){let r={name:"ECDSA",hash:{name:"SHA-256"}},n=J(await this._subtleCrypto.sign(r,this._keyPair.privateKey,t));return Object.assign(n,{__signature__:void 0}),n}};var Q,ve=class{constructor(t){F(this,Q);Y(this,Q,t)}get rawKey(){return C(this,Q).rawKey}get derKey(){return C(this,Q).derKey}toDer(){return C(this,Q).toDer()}getPublicKey(){return C(this,Q)}getPrincipal(){if(!C(this,Q).rawKey)throw new Error("Cannot get principal from a public key without a raw key.");return W.fromUint8Array(new Uint8Array(C(this,Q).rawKey))}transformRequest(){return Promise.reject("Not implemented. You are attempting to use a partial identity to sign calls, but this identity only has access to the public key.To sign calls, use a DelegationIdentity instead.")}};Q=new WeakMap;function De(e){return e instanceof Uint8Array?v(e):v(new Uint8Array(e))}function Br(e){if(typeof e!="string"||e.length<64)throw new Error("Invalid public key.");return H(e)}var Ht=class{constructor(t,r,n){this.pubkey=t,this.expiration=r,this.targets=n}toCborValue(){return{pubkey:this.pubkey,expiration:this.expiration,...this.targets&&{targets:this.targets}}}toJSON(){return{expiration:this.expiration.toString(16),pubkey:De(this.pubkey),...this.targets&&{targets:this.targets.map(t=>t.toHex())}}}};async function os(e,t,r,n){let o=new Ht(t.toDer(),BigInt(+r)*BigInt(1e6),n),s=new Uint8Array([...rr,...new Uint8Array(Ft({...o}))]),i=await e.sign(s);return{delegation:o,signature:i}}var Ct=class e{static async create(t,r,n=new Date(Date.now()+900*1e3),o={}){let s=await os(t,r,n,o.targets);return new e([...o.previous?.delegations||[],s],o.previous?.publicKey||t.getPublicKey().toDer())}static fromJSON(t){let{publicKey:r,delegations:n}=typeof t=="string"?JSON.parse(t):t;if(!Array.isArray(n))throw new Error("Invalid delegations.");let o=n.map(s=>{let{delegation:i,signature:a}=s,{pubkey:c,expiration:u,targets:h}=i;if(h!==void 0&&!Array.isArray(h))throw new Error("Invalid targets.");return{delegation:new Ht(Br(c),BigInt(`0x${u}`),h&&h.map(d=>{if(typeof d!="string")throw new Error("Invalid target.");return W.fromHex(d)})),signature:Br(a)}});return new this(o,Br(r))}static fromDelegations(t,r){return new this(t,r)}constructor(t,r){this.delegations=t,this.publicKey=r}toJSON(){return{delegations:this.delegations.map(t=>{let{delegation:r,signature:n}=t,{targets:o}=r;return{delegation:{expiration:r.expiration.toString(16),pubkey:De(r.pubkey),...o&&{targets:o.map(s=>s.toHex())}},signature:De(n)}}),publicKey:De(this.publicKey)}}},Rt=class extends bt{static fromDelegation(t,r){return new this(t,r)}constructor(t,r){super(),this._inner=t,this._delegation=r}getDelegation(){return this._delegation}getPublicKey(){return{derKey:this._delegation.publicKey,toDer:()=>this._delegation.publicKey}}sign(t){return this._inner.sign(t)}async transformRequest(t){let{body:r,...n}=t,o=await Ft(r);return{...n,body:{content:r,sender_sig:await this.sign(new Uint8Array([...Yt,...new Uint8Array(o)])),sender_delegation:this._delegation.delegations,sender_pubkey:this._delegation.publicKey}}}},oe,Sr=class Sr extends ve{constructor(r,n){super(r);F(this,oe);Y(this,oe,n)}get delegation(){return C(this,oe)}static fromDelegation(r,n){return new Sr(r,n)}};oe=new WeakMap;var ne=Sr;function Ar(e,t){for(let{delegation:o}of e.delegations)if(+new Date(Number(o.expiration/BigInt(1e6)))<=+Date.now())return!1;let r=[],n=t?.scope;n&&(Array.isArray(n)?r.push(...n.map(o=>typeof o=="string"?W.fromText(o):o)):r.push(typeof n=="string"?W.fromText(n):n));for(let o of r){let s=o.toText();for(let{delegation:i}of e.delegations){if(i.targets===void 0)continue;let a=!0;for(let c of i.targets)if(c.toText()===s){a=!1;break}if(a)return!1}}return!0}var Fn=["mousedown","mousemove","keydown","touchstart","wheel"],se=class e{constructor(t={}){Nt(this,"callbacks",[]);Nt(this,"idleTimeout",600*1e3);Nt(this,"timeoutID");let{onIdle:r,idleTimeout:n=600*1e3}=t||{};this.callbacks=r?[r]:[],this.idleTimeout=n;let o=this._resetTimer.bind(this);window.addEventListener("load",o,!0),Fn.forEach(i=>{document.addEventListener(i,o,!0)});let s=(i,a)=>{let c;return(...u)=>{let h=this,d=()=>{c=void 0,i.apply(h,u)};clearTimeout(c),c=window.setTimeout(d,a)}};if(t?.captureScroll){let i=s(o,t?.scrollDebounce??100);window.addEventListener("scroll",i,!0)}o()}static create(t={}){return new e(t)}registerCallback(t){this.callbacks.push(t)}exit(){clearTimeout(this.timeoutID),window.removeEventListener("load",this._resetTimer,!0);let t=this._resetTimer.bind(this);Fn.forEach(r=>{document.removeEventListener(r,t,!0)}),this.callbacks.forEach(r=>{r()})}_resetTimer(){let t=this.exit.bind(this);window.clearTimeout(this.timeoutID),this.timeoutID=window.setTimeout(t,this.idleTimeout)}};var ss=(e,t)=>t.some(r=>e instanceof r),Yn,Zn;function is(){return Yn||(Yn=[IDBDatabase,IDBObjectStore,IDBIndex,IDBCursor,IDBTransaction])}function cs(){return Zn||(Zn=[IDBCursor.prototype.advance,IDBCursor.prototype.continue,IDBCursor.prototype.continuePrimaryKey])}var Wn=new WeakMap,Tr=new WeakMap,zn=new WeakMap,Or=new WeakMap,Dr=new WeakMap;function as(e){let t=new Promise((r,n)=>{let o=()=>{e.removeEventListener("success",s),e.removeEventListener("error",i)},s=()=>{r(tt(e.result)),o()},i=()=>{n(e.error),o()};e.addEventListener("success",s),e.addEventListener("error",i)});return t.then(r=>{r instanceof IDBCursor&&Wn.set(r,e)}).catch(()=>{}),Dr.set(t,e),t}function fs(e){if(Tr.has(e))return;let t=new Promise((r,n)=>{let o=()=>{e.removeEventListener("complete",s),e.removeEventListener("error",i),e.removeEventListener("abort",i)},s=()=>{r(),o()},i=()=>{n(e.error||new DOMException("AbortError","AbortError")),o()};e.addEventListener("complete",s),e.addEventListener("error",i),e.addEventListener("abort",i)});Tr.set(e,t)}var vr={get(e,t,r){if(e instanceof IDBTransaction){if(t==="done")return Tr.get(e);if(t==="objectStoreNames")return e.objectStoreNames||zn.get(e);if(t==="store")return r.objectStoreNames[1]?void 0:r.objectStore(r.objectStoreNames[0])}return tt(e[t])},set(e,t,r){return e[t]=r,!0},has(e,t){return e instanceof IDBTransaction&&(t==="done"||t==="store")?!0:t in e}};function Xn(e){vr=e(vr)}function us(e){return e===IDBDatabase.prototype.transaction&&!("objectStoreNames"in IDBTransaction.prototype)?function(t,...r){let n=e.call(Le(this),t,...r);return zn.set(n,t.sort?t.sort():[t]),tt(n)}:cs().includes(e)?function(...t){return e.apply(Le(this),t),tt(Wn.get(this))}:function(...t){return tt(e.apply(Le(this),t))}}function ds(e){return typeof e=="function"?us(e):(e instanceof IDBTransaction&&fs(e),ss(e,is())?new Proxy(e,vr):e)}function tt(e){if(e instanceof IDBRequest)return as(e);if(Or.has(e))return Or.get(e);let t=ds(e);return t!==e&&(Or.set(e,t),Dr.set(t,e)),t}var Le=e=>Dr.get(e);function Qn(e,t,{blocked:r,upgrade:n,blocking:o,terminated:s}={}){let i=indexedDB.open(e,t),a=tt(i);return n&&i.addEventListener("upgradeneeded",c=>{n(tt(i.result),c.oldVersion,c.newVersion,tt(i.transaction),c)}),r&&i.addEventListener("blocked",c=>r(c.oldVersion,c.newVersion,c)),a.then(c=>{s&&c.addEventListener("close",()=>s()),o&&c.addEventListener("versionchange",u=>o(u.oldVersion,u.newVersion,u))}).catch(()=>{}),a}var hs=["get","getKey","getAll","getAllKeys","count"],ls=["put","add","delete","clear"],Lr=new Map;function Jn(e,t){if(!(e instanceof IDBDatabase&&!(t in e)&&typeof t=="string"))return;if(Lr.get(t))return Lr.get(t);let r=t.replace(/FromIndex$/,""),n=t!==r,o=ls.includes(r);if(!(r in(n?IDBIndex:IDBObjectStore).prototype)||!(o||hs.includes(r)))return;let s=async function(i,...a){let c=this.transaction(i,o?"readwrite":"readonly"),u=c.store;return n&&(u=u.index(a.shift())),(await Promise.all([u[r](...a),o&&c.done]))[0]};return Lr.set(t,s),s}Xn(e=>({...e,get:(t,r,n)=>Jn(t,r)||e.get(t,r,n),has:(t,r)=>!!Jn(t,r)||e.has(t,r)}));var to="auth-client-db",eo="ic-keyval",xs=async(e=to,t=eo,r)=>(globalThis.localStorage?.getItem(et)&&(globalThis.localStorage.removeItem(et),globalThis.localStorage.removeItem(ut)),await Qn(e,r,{upgrade:n=>{n.objectStoreNames.contains(t)&&n.clear(t),n.createObjectStore(t)}}));async function ps(e,t,r){return await e.get(t,r)}async function ys(e,t,r,n){return await e.put(t,n,r)}async function bs(e,t,r){return await e.delete(t,r)}var Ce=class e{constructor(t,r){this._db=t,this._storeName=r}static async create(t){let{dbName:r=to,storeName:n=eo,version:o=ro}=t??{},s=await xs(r,n,o);return new e(s,n)}async set(t,r){return await ys(this._db,this._storeName,t,r)}async get(t){return await ps(this._db,this._storeName,t)??null}async remove(t){return await bs(this._db,this._storeName,t)}};var ut="identity",et="delegation",no="iv",ro=1,Re=class{constructor(t="ic-",r){this.prefix=t,this._localStorage=r}get(t){return Promise.resolve(this._getLocalStorage().getItem(this.prefix+t))}set(t,r){return this._getLocalStorage().setItem(this.prefix+t,r),Promise.resolve()}remove(t){return this._getLocalStorage().removeItem(this.prefix+t),Promise.resolve()}_getLocalStorage(){if(this._localStorage)return this._localStorage;let t=globalThis.localStorage;if(!t)throw new Error("Could not find local storage.");return t}},ie,Ne=class{constructor(t){F(this,ie);Nt(this,"initializedDb");Y(this,ie,t??{})}get _db(){return new Promise((t,r)=>{if(this.initializedDb){t(this.initializedDb);return}Ce.create(C(this,ie)).then(n=>{this.initializedDb=n,t(n)}).catch(r)})}async get(t){return await(await this._db).get(t)}async set(t,r){await(await this._db).set(t,r)}async remove(t){await(await this._db).remove(t)}};ie=new WeakMap;var gs=BigInt(1e9),ms=BigInt(3600),ws=gs*ms,Es="https://identity.internetcomputer.org",_s="#authorize",Is=BigInt(8)*ws,Cr="ECDSA",Rr="Ed25519",Bs=500,so="UserInterrupt",ce=class e{constructor(t,r,n,o,s,i,a,c){this._identity=t,this._key=r,this._chain=n,this._storage=o,this.idleManager=s,this._createOptions=i,this._idpWindow=a,this._eventHandler=c,this._registerDefaultIdleCallback()}static async create(t={}){let r=t.storage??new Ne,n=t.keyType??Cr,o=null;if(t.identity)o=t.identity;else{let c=await r.get(ut);if(!c)try{let u=new Re,h=await u.get(et),d=await u.get(ut);h&&d&&n===Cr&&(console.log("Discovered an identity stored in localstorage. Migrating to IndexedDB"),await r.set(et,h),await r.set(ut,d),c=h,await u.remove(et),await u.remove(ut))}catch(u){console.error(`error while attempting to recover localstorage: ${u}`)}if(c)try{typeof c=="object"?n===Rr&&typeof c=="string"?o=Lt.fromJSON(c):o=await qt.fromKeyPair(c):typeof c=="string"&&(o=Lt.fromJSON(c))}catch{}}let s=new Zt,i=null;if(o)try{let c=await r.get(et);if(typeof c=="object"&&c!==null)throw new Error("Delegation chain is incorrectly stored. A delegation chain should be stored as a string.");t.identity?s=t.identity:c&&(i=Ct.fromJSON(c),Ar(i)?"toDer"in o?s=ne.fromDelegation(o,i):s=Rt.fromDelegation(o,i):(await Nr(r),o=null))}catch(c){console.error(c),await Nr(r),o=null}let a;return t.idleOptions?.disableIdle?a=void 0:(i||t.identity)&&(a=se.create(t.idleOptions)),o||(n===Rr?o=Lt.generate():(t.storage&&n===Cr&&console.warn(`You are using a custom storage provider that may not support CryptoKey storage. If you are using a custom storage provider that does not support CryptoKey storage, you should use '${Rr}' as the key type, as it can serialize to a string`),o=await qt.generate()),await oo(r,o)),new e(s,o,i,r,a,t)}_registerDefaultIdleCallback(){let t=this._createOptions?.idleOptions;!t?.onIdle&&!t?.disableDefaultIdleCallback&&this.idleManager?.registerCallback(()=>{this.logout(),location.reload()})}async _handleSuccess(t,r){let n=t.delegations.map(a=>({delegation:new Ht(a.delegation.pubkey,a.delegation.expiration,a.delegation.targets),signature:a.signature})),o=Ct.fromDelegations(n,t.userPublicKey),s=this._key;if(!s)return;this._chain=o,"toDer"in s?this._identity=ne.fromDelegation(s,this._chain):this._identity=Rt.fromDelegation(s,this._chain),this._idpWindow?.close();let i=this._createOptions?.idleOptions;!this.idleManager&&!i?.disableIdle&&(this.idleManager=se.create(i),this._registerDefaultIdleCallback()),this._removeEventListener(),delete this._idpWindow,this._chain&&await this._storage.set(et,JSON.stringify(this._chain.toJSON())),await oo(this._storage,this._key),r?.(t)}getIdentity(){return this._identity}async isAuthenticated(){return!this.getIdentity().getPrincipal().isAnonymous()&&this._chain!==null&&Ar(this._chain)}async login(t){let r=As(this._createOptions?.loginOptions,t),n=r?.maxTimeToLive??Is,o=new URL(r?.identityProvider?.toString()||Es);o.hash=_s,this._idpWindow?.close(),this._removeEventListener(),this._eventHandler=this._getEventHandler(o,{maxTimeToLive:n,...r}),window.addEventListener("message",this._eventHandler),this._idpWindow=window.open(o.toString(),"idpWindow",r?.windowOpenerFeatures)??void 0;let s=()=>{this._idpWindow&&(this._idpWindow.closed?this._handleFailure(so,r?.onError):setTimeout(s,Bs))};s()}_getEventHandler(t,r){return async n=>{if(n.origin!==t.origin)return;let o=n.data;switch(o.kind){case"authorize-ready":{let s={kind:"authorize-client",sessionPublicKey:new Uint8Array(this._key?.getPublicKey().toDer()),maxTimeToLive:r?.maxTimeToLive,allowPinAuthentication:r?.allowPinAuthentication,derivationOrigin:r?.derivationOrigin?.toString(),...r?.customValues};this._idpWindow?.postMessage(s,t.origin);break}case"authorize-client-success":try{await this._handleSuccess(o,r?.onSuccess)}catch(s){this._handleFailure(s.message,r?.onError)}break;case"authorize-client-failure":this._handleFailure(o.text,r?.onError);break}}}_handleFailure(t,r){this._idpWindow?.close(),r?.(t),this._removeEventListener(),delete this._idpWindow}_removeEventListener(){this._eventHandler&&window.removeEventListener("message",this._eventHandler),this._eventHandler=void 0}async logout(t={}){if(await Nr(this._storage),this._identity=new Zt,this._chain=null,t.returnTo)try{window.history.pushState({},"",t.returnTo)}catch{window.location.href=t.returnTo}}};async function Nr(e){await e.remove(ut),await e.remove(et),await e.remove(no)}function As(e,t){if(!e&&!t)return;let r=e?.customValues||t?.customValues?{...e?.customValues,...t?.customValues}:void 0;return{...e,...t,customValues:r}}function Ss(e){if(e instanceof qt)return e.getKeyPair();if(e instanceof Lt)return JSON.stringify(e.toJSON());throw new Error("Unsupported key type")}async function oo(e,t){let r=Ss(t);await e.set(ut,r)}var Os="https://id.ai",Ts="https://xis3j-paaaa-aaaai-axumq-cai.icp0.io";var vs=BigInt(86400)*BigInt(1e9),Ds=29*864e5,Qc=BigInt(29)*vs,ae=480*60*1e3,io=BigInt(ae)*1000000n;function co(e=Ds){return{idleOptions:{idleTimeout:e,disableDefaultIdleCallback:!0}}}function ao(e){let t=e?.hostname??"";return t==="localhost"||t==="127.0.0.1"||t.endsWith(".localhost")?`http://id.ai.localhost:${e?.port||"8000"}`:Os}function Ur(e){let t=e?.hostname??"";return t==="localhost"||t==="127.0.0.1"||t.endsWith(".localhost")?e.origin:Ts}function fo(e){let t=new URLSearchParams(e.startsWith("#")?e.slice(1):e),r=t.get("public_key")??"",n=t.get("callback")??"";if(!r||!n||!Ls(n))return null;try{if(Pr(r).length<32)return null}catch{return null}return{publicKey:r,callback:n}}function Pr(e){if(!/^[A-Za-z0-9_-]+={0,2}$/.test(e))throw new Error("public key is not base64url");let t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t+"=".repeat(r);if(typeof atob=="function"){let o=atob(n);return Uint8Array.from(o,s=>s.charCodeAt(0))}return Uint8Array.from(Buffer.from(n,"base64"))}function Ls(e){let t;try{t=new URL(e)}catch{return!1}return t.protocol!=="http:"||t.username||t.password?!1:t.hostname==="localhost"||t.hostname.endsWith(".localhost")||t.hostname==="127.0.0.1"||t.hostname==="::1"||t.hostname==="[::1]"}var fe=document.querySelector("#status"),uo=document.querySelector("#error"),Pe=document.querySelector("#login"),Cs=document.querySelector("#request-details"),Rs=document.querySelector("#callback-host-port"),Ns=document.querySelector("#derivation-origin"),Us=document.querySelector("#delegation-ttl"),Me=fo(location.hash),Ue=null;Me?(Ps(Me),history.replaceState(null,"",location.pathname),ce.create(co(ae)).then(e=>{Ue=e,Pe.disabled=!1,fe.textContent="Continue to authorize this local CLI session."}).catch(e=>je(Mr(e)))):je("Invalid CLI login request.");Pe.addEventListener("click",async()=>{!Ue||!Me||(Pe.disabled=!0,fe.textContent="Waiting for Internet Identity.",await Ue.login({identityProvider:ao(location),derivationOrigin:Ur(location),maxTimeToLive:io,onSuccess:()=>void js(Ue,Me),onError:e=>je(Mr(e))}))});function Ps(e){let t=new URL(e.callback);Rs.textContent=t.port?`${t.hostname}:${t.port}`:t.hostname,Ns.textContent=Ur(location),Us.textContent=Ms(ae),Cs.hidden=!1}function Ms(e){let t=e/36e5;return Number.isInteger(t)?`${t} hours`:`${Math.round(e/6e4)} minutes`}async function js(e,t){try{fe.textContent="Sending the delegation to the local CLI.";let r=e.getIdentity();if(!(r instanceof Rt))throw new Error("Internet Identity delegation was not available.");let n=Pr(t.publicKey),o=await Ct.create(r,{toDer(){return n}},new Date(Date.now()+ae),{previous:r.getDelegation()}),s=await fetch(t.callback,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify(o.toJSON()),redirect:"error"});if(!s.ok)throw new Error(`CLI callback failed with HTTP ${s.status}.`);await e.logout(),fe.textContent="CLI login complete.",setTimeout(()=>window.close(),1e3)}catch(r){je(Mr(r))}}function je(e){fe.textContent="CLI login failed.",uo.hidden=!1,uo.textContent=e,Pe.disabled=!0}function Mr(e){return e instanceof Error?e.message:String(e)}})();
+  HTTP details: ${JSON.stringify(this.callContext.httpDetails,Ao(Ee.verbosity),2)}`)),t}};Ee.verbosity=ge.Normal;var Pt=Ee,We=class e extends Error{get code(){return this.cause.code}set code(t){this.cause.code=t}get kind(){return this.cause.kind}set kind(t){this.cause.kind=t}get isCertified(){return this.code.isCertified}constructor(t,r){super(t.toString()),this.name="AgentError",this.cause={code:t,kind:r},Object.setPrototypeOf(this,e.prototype)}hasCode(t){return this.code instanceof t}toString(){return`${this.name} (${this.kind}): ${this.message}`}},Xe=class extends We{static fromCode(t){return new this(t)}};var k=class e extends Xe{constructor(t){super(t,ze.Input),this.name="InputError",Object.setPrototypeOf(this,e.prototype)}};var me=class e extends Pt{constructor(t,r){super(),this.expectedLength=t,this.actualLength=r,this.name="DerDecodeLengthMismatchErrorCode",Object.setPrototypeOf(this,e.prototype)}toErrorMessage(){return`DER payload mismatch: Expected length ${this.expectedLength}, actual length: ${this.actualLength}`}},yt=class e extends Pt{constructor(t){super(),this.error=t,this.name="DerDecodeErrorCode",Object.setPrototypeOf(this,e.prototype)}toErrorMessage(){return`Failed to decode DER: ${this.error}`}},Gt=class e extends Pt{constructor(t){super(),this.error=t,this.name="DerEncodeErrorCode",Object.setPrototypeOf(this,e.prototype)}toErrorMessage(){return`Failed to encode DER: ${this.error}`}};var we=class e extends Pt{constructor(t){super(),this.value=t,this.name="HashValueErrorCode",Object.setPrototypeOf(this,e.prototype)}toErrorMessage(){return`Attempt to hash a value of unsupported type: ${this.value}`}};var oi=new Error("unreachable");var _e=class{save(){return this._view}restore(t){if(!(t instanceof Uint8Array))throw new Error("Checkpoint must be a Uint8Array");this._view=t}constructor(t,r=t?.byteLength||0){if(t&&!(t instanceof Uint8Array))try{t=J(t)}catch{throw new Error("Buffer must be a Uint8Array")}if(r<0||!Number.isInteger(r))throw new Error("Length must be a non-negative integer");if(t&&r>t.byteLength)throw new Error("Length cannot exceed buffer length");this._buffer=t||new Uint8Array(0),this._view=new Uint8Array(this._buffer.buffer,0,r)}get buffer(){return this._view.slice()}get byteLength(){return this._view.byteLength}read(t){let r=this._view.subarray(0,t);return this._view=this._view.subarray(t),r.slice()}readUint8(){if(this._view.byteLength===0)return;let t=this._view[0];return this._view=this._view.subarray(1),t}write(t){if(!(t instanceof Uint8Array))throw new Error("Buffer must be a Uint8Array");let r=this._view.byteLength;this._view.byteOffset+this._view.byteLength+t.byteLength>=this._buffer.byteLength?this.alloc(t.byteLength):this._view=new Uint8Array(this._buffer.buffer,this._view.byteOffset,this._view.byteLength+t.byteLength),this._view.set(t,r)}get end(){return this._view.byteLength===0}alloc(t){if(t<=0||!Number.isInteger(t))throw new Error("Amount must be a positive integer");let r=new Uint8Array((this._buffer.byteLength+t)*1.2|0),n=new Uint8Array(r.buffer,0,this._view.byteLength+t);n.set(this._view),this._buffer=r,this._view=n}};function J(e){if(!e)throw new Error("Input cannot be null or undefined");return e instanceof Uint8Array?e:e instanceof ArrayBuffer?new Uint8Array(e):Array.isArray(e)?new Uint8Array(e):"buffer"in e?J(e.buffer):new Uint8Array(e)}function Je(e,t){if(e.byteLength!==t.byteLength)return e.byteLength-t.byteLength;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return e[r]-t[r];return 0}function an(e,t){return Je(e,t)===0}function fn(e){let t=BigInt(e);if(e<=0)throw new RangeError("Input must be positive");return t.toString(2).length-1}function Qe(e){if(typeof e=="number"&&(e=BigInt(e)),e<BigInt(0))throw new Error("Cannot leb encode negative values.");let t=(e===BigInt(0)?0:fn(e))+1,r=new _e(new Uint8Array(t),0);for(;;){let n=Number(e&BigInt(127));if(e/=BigInt(128),e===BigInt(0)){r.write(new Uint8Array([n]));break}else r.write(new Uint8Array([n|128]))}return r.buffer}function tr(e){if(!e)throw new Error("Input cannot be null or undefined");return e instanceof Uint8Array?e:e instanceof ArrayBuffer?new Uint8Array(e):Array.isArray(e)?new Uint8Array(e):"buffer"in e?tr(e.buffer):new Uint8Array(e)}function un(e,t){if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r])return!1;return!0}function er(e){if(typeof e=="string")return dn(e);if(typeof e=="number")return pt(Qe(e));if(e instanceof Uint8Array||ArrayBuffer.isView(e))return pt(tr(e));if(Array.isArray(e)){let t=e.map(er);return pt(G(...t))}if(e&&typeof e=="object"&&e._isPrincipal)return pt(e.toUint8Array());if(typeof e=="object"&&e!==null&&typeof e.toHash=="function")return er(e.toHash());if(typeof e=="object")return hn(e);if(typeof e=="bigint")return pt(Qe(e));throw k.fromCode(new we(e))}var dn=e=>{let t=new TextEncoder().encode(e);return pt(t)};function Ft(e){return hn(e)}function hn(e){let n=Object.entries(e).filter(([,i])=>i!==void 0).map(([i,a])=>{let c=dn(i),u=er(a);return[c,u]}).sort(([i],[a])=>Je(i,a)),o=G(...n.map(i=>G(...i)));return pt(o)}var So=new TextEncoder().encode("\ric-state-root"),Yt=new TextEncoder().encode(`
+ic-request`),Oo=new TextEncoder().encode("\vic-response"),rr=new TextEncoder().encode("ic-request-auth-delegation");var bt=class{getPrincipal(){return this._principal||(this._principal=z.selfAuthenticating(new Uint8Array(this.getPublicKey().toDer()))),this._principal}async transformRequest(t){let{body:r,...n}=t,o=Ft(r);return{...n,body:{content:r,sender_pubkey:this.getPublicKey().toDer(),sender_sig:await this.sign(G(Yt,o))}}}},Zt=class{getPrincipal(){return z.anonymous()}async transformRequest(t){return{...t,body:{content:t.body}}}};var sr=BigInt(0),or=BigInt(1);function Ie(e,t=""){if(typeof e!="boolean"){let r=t&&`"${t}"`;throw new Error(r+"expected boolean, got type="+typeof e)}return e}function zt(e,t,r=""){let n=It(e),o=e?.length,s=t!==void 0;if(!n||s&&o!==t){let i=r&&`"${r}" `,a=s?` of length ${t}`:"",c=n?`length=${o}`:`type=${typeof e}`;throw new Error(i+"expected Uint8Array"+a+", got "+c)}return e}function ln(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);return e===""?sr:BigInt("0x"+e)}function xn(e){return ln(v(e))}function gt(e){return V(e),ln(v(Uint8Array.from(e).reverse()))}function ir(e,t){return H(e.toString(16).padStart(t*2,"0"))}function pn(e,t){return ir(e,t).reverse()}function K(e,t,r){let n;if(typeof t=="string")try{n=H(t)}catch(s){throw new Error(e+" must be hex string or Uint8Array, cause: "+s)}else if(It(t))n=Uint8Array.from(t);else throw new Error(e+" must be hex string or Uint8Array");let o=n.length;if(typeof r=="number"&&o!==r)throw new Error(e+" of length "+r+" expected, got "+o);return n}function yn(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return r===0}function cr(e){return Uint8Array.from(e)}var nr=e=>typeof e=="bigint"&&sr<=e;function To(e,t,r){return nr(e)&&nr(t)&&nr(r)&&t<=e&&e<r}function ar(e,t,r,n){if(!To(t,r,n))throw new Error("expected valid "+e+": "+r+" <= n < "+n+", got "+t)}function bn(e){let t;for(t=0;e>sr;e>>=or,t+=1);return t}var Wt=e=>(or<<BigInt(e))-or;function Xt(e,t,r={}){if(!e||typeof e!="object")throw new Error("expected valid options object");function n(o,s,i){let a=e[o];if(i&&a===void 0)return;let c=typeof a;if(c!==s||a===null)throw new Error(`param "${o}" is invalid: expected ${s}, got ${c}`)}Object.entries(t).forEach(([o,s])=>n(o,s,!1)),Object.entries(r).forEach(([o,s])=>n(o,s,!0))}var fr=()=>{throw new Error("not implemented")};function ur(e){let t=new WeakMap;return(r,...n)=>{let o=t.get(r);if(o!==void 0)return o;let s=e(r,...n);return t.set(r,s),s}}var j=BigInt(0),M=BigInt(1),Ot=BigInt(2),wn=BigInt(3),En=BigInt(4),_n=BigInt(5),vo=BigInt(7),In=BigInt(8),Do=BigInt(9),Bn=BigInt(16);function R(e,t){let r=e%t;return r>=j?r:t+r}function W(e,t,r){let n=e;for(;t-- >j;)n*=n,n%=r;return n}function gn(e,t){if(e===j)throw new Error("invert: expected non-zero number");if(t<=j)throw new Error("invert: expected positive modulus, got "+t);let r=R(e,t),n=t,o=j,s=M,i=M,a=j;for(;r!==j;){let u=n/r,h=n%r,d=o-i*u,f=s-a*u;n=r,r=h,o=i,s=a,i=d,a=f}if(n!==M)throw new Error("invert: does not exist");return R(o,t)}function dr(e,t,r){if(!e.eql(e.sqr(t),r))throw new Error("Cannot find square root")}function An(e,t){let r=(e.ORDER+M)/En,n=e.pow(t,r);return dr(e,n,t),n}function Lo(e,t){let r=(e.ORDER-_n)/In,n=e.mul(t,Ot),o=e.pow(n,r),s=e.mul(t,o),i=e.mul(e.mul(s,Ot),o),a=e.mul(s,e.sub(i,e.ONE));return dr(e,a,t),a}function Co(e){let t=ct(e),r=Sn(e),n=r(t,t.neg(t.ONE)),o=r(t,n),s=r(t,t.neg(n)),i=(e+vo)/Bn;return(a,c)=>{let u=a.pow(c,i),h=a.mul(u,n),d=a.mul(u,o),f=a.mul(u,s),p=a.eql(a.sqr(h),c),x=a.eql(a.sqr(d),c);u=a.cmov(u,h,p),h=a.cmov(f,d,x);let g=a.eql(a.sqr(h),c),E=a.cmov(u,h,g);return dr(a,E,c),E}}function Sn(e){if(e<wn)throw new Error("sqrt is not defined for small field");let t=e-M,r=0;for(;t%Ot===j;)t/=Ot,r++;let n=Ot,o=ct(e);for(;mn(o,n)===1;)if(n++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(r===1)return An;let s=o.pow(n,t),i=(t+M)/Ot;return function(c,u){if(c.is0(u))return u;if(mn(c,u)!==1)throw new Error("Cannot find square root");let h=r,d=c.mul(c.ONE,s),f=c.pow(u,t),p=c.pow(u,i);for(;!c.eql(f,c.ONE);){if(c.is0(f))return c.ZERO;let x=1,g=c.sqr(f);for(;!c.eql(g,c.ONE);)if(x++,g=c.sqr(g),x===h)throw new Error("Cannot find square root");let E=M<<BigInt(h-x-1),l=c.pow(d,E);h=x,d=c.sqr(l),f=c.mul(f,d),p=c.mul(p,l)}return p}}function Ro(e){return e%En===wn?An:e%In===_n?Lo:e%Bn===Do?Co(e):Sn(e)}var it=(e,t)=>(R(e,t)&M)===M,No=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function On(e){let t={ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"},r=No.reduce((n,o)=>(n[o]="function",n),t);return Xt(e,r),e}function Uo(e,t,r){if(r<j)throw new Error("invalid exponent, negatives unsupported");if(r===j)return e.ONE;if(r===M)return t;let n=e.ONE,o=t;for(;r>j;)r&M&&(n=e.mul(n,o)),o=e.sqr(o),r>>=M;return n}function Be(e,t,r=!1){let n=new Array(t.length).fill(r?e.ZERO:void 0),o=t.reduce((i,a,c)=>e.is0(a)?i:(n[c]=i,e.mul(i,a)),e.ONE),s=e.inv(o);return t.reduceRight((i,a,c)=>e.is0(a)?i:(n[c]=e.mul(i,n[c]),e.mul(i,a)),s),n}function mn(e,t){let r=(e.ORDER-M)/Ot,n=e.pow(t,r),o=e.eql(n,e.ONE),s=e.eql(n,e.ZERO),i=e.eql(n,e.neg(e.ONE));if(!o&&!s&&!i)throw new Error("invalid Legendre symbol result");return o?1:s?0:-1}function Tn(e,t){t!==void 0&&He(t);let r=t!==void 0?t:e.toString(2).length,n=Math.ceil(r/8);return{nBitLength:r,nByteLength:n}}function ct(e,t,r=!1,n={}){if(e<=j)throw new Error("invalid field: expected ORDER > 0, got "+e);let o,s,i=!1,a;if(typeof t=="object"&&t!=null){if(n.sqrt||r)throw new Error("cannot specify opts in two arguments");let f=t;f.BITS&&(o=f.BITS),f.sqrt&&(s=f.sqrt),typeof f.isLE=="boolean"&&(r=f.isLE),typeof f.modFromBytes=="boolean"&&(i=f.modFromBytes),a=f.allowedLengths}else typeof t=="number"&&(o=t),n.sqrt&&(s=n.sqrt);let{nBitLength:c,nByteLength:u}=Tn(e,o);if(u>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let h,d=Object.freeze({ORDER:e,isLE:r,BITS:c,BYTES:u,MASK:Wt(c),ZERO:j,ONE:M,allowedLengths:a,create:f=>R(f,e),isValid:f=>{if(typeof f!="bigint")throw new Error("invalid field element: expected bigint, got "+typeof f);return j<=f&&f<e},is0:f=>f===j,isValidNot0:f=>!d.is0(f)&&d.isValid(f),isOdd:f=>(f&M)===M,neg:f=>R(-f,e),eql:(f,p)=>f===p,sqr:f=>R(f*f,e),add:(f,p)=>R(f+p,e),sub:(f,p)=>R(f-p,e),mul:(f,p)=>R(f*p,e),pow:(f,p)=>Uo(d,f,p),div:(f,p)=>R(f*gn(p,e),e),sqrN:f=>f*f,addN:(f,p)=>f+p,subN:(f,p)=>f-p,mulN:(f,p)=>f*p,inv:f=>gn(f,e),sqrt:s||(f=>(h||(h=Ro(e)),h(d,f))),toBytes:f=>r?pn(f,u):ir(f,u),fromBytes:(f,p=!0)=>{if(a){if(!a.includes(f.length)||f.length>u)throw new Error("Field.fromBytes: expected "+a+" bytes, got "+f.length);let g=new Uint8Array(u);g.set(f,r?0:g.length-f.length),f=g}if(f.length!==u)throw new Error("Field.fromBytes: expected "+u+" bytes, got "+f.length);let x=r?gt(f):xn(f);if(i&&(x=R(x,e)),!p&&!d.isValid(x))throw new Error("invalid field element: outside of range 0..ORDER");return x},invertBatch:f=>Be(d,f),cmov:(f,p,x)=>x?p:f});return Object.freeze(d)}var Ae=BigInt(0),pr=BigInt(1);function vn(e,t){let r=t.negate();return e?r:t}function Jt(e,t){let r=Be(e.Fp,t.map(n=>n.Z));return t.map((n,o)=>e.fromAffine(n.toAffine(r[o])))}function Rn(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw new Error("invalid window size, expected [1.."+t+"], got W="+e)}function hr(e,t){Rn(e,t);let r=Math.ceil(t/e)+1,n=2**(e-1),o=2**e,s=Wt(e),i=BigInt(e);return{windows:r,windowSize:n,mask:s,maxNumber:o,shiftBy:i}}function Dn(e,t,r){let{windowSize:n,mask:o,maxNumber:s,shiftBy:i}=r,a=Number(e&o),c=e>>i;a>n&&(a-=s,c+=pr);let u=t*n,h=u+Math.abs(a)-1,d=a===0,f=a<0,p=t%2!==0;return{nextN:c,offset:h,isZero:d,isNeg:f,isNegF:p,offsetF:u}}function Po(e,t){if(!Array.isArray(e))throw new Error("array expected");e.forEach((r,n)=>{if(!(r instanceof t))throw new Error("invalid point at index "+n)})}function Mo(e,t){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach((r,n)=>{if(!t.isValid(r))throw new Error("invalid scalar at index "+n)})}var lr=new WeakMap,Nn=new WeakMap;function xr(e){return Nn.get(e)||1}function Ln(e){if(e!==Ae)throw new Error("invalid wNAF")}var Se=class{constructor(t,r){this.BASE=t.BASE,this.ZERO=t.ZERO,this.Fn=t.Fn,this.bits=r}_unsafeLadder(t,r,n=this.ZERO){let o=t;for(;r>Ae;)r&pr&&(n=n.add(o)),o=o.double(),r>>=pr;return n}precomputeWindow(t,r){let{windows:n,windowSize:o}=hr(r,this.bits),s=[],i=t,a=i;for(let c=0;c<n;c++){a=i,s.push(a);for(let u=1;u<o;u++)a=a.add(i),s.push(a);i=a.double()}return s}wNAF(t,r,n){if(!this.Fn.isValid(n))throw new Error("invalid scalar");let o=this.ZERO,s=this.BASE,i=hr(t,this.bits);for(let a=0;a<i.windows;a++){let{nextN:c,offset:u,isZero:h,isNeg:d,isNegF:f,offsetF:p}=Dn(n,a,i);n=c,h?s=s.add(vn(f,r[p])):o=o.add(vn(d,r[u]))}return Ln(n),{p:o,f:s}}wNAFUnsafe(t,r,n,o=this.ZERO){let s=hr(t,this.bits);for(let i=0;i<s.windows&&n!==Ae;i++){let{nextN:a,offset:c,isZero:u,isNeg:h}=Dn(n,i,s);if(n=a,!u){let d=r[c];o=o.add(h?d.negate():d)}}return Ln(n),o}getPrecomputes(t,r,n){let o=lr.get(r);return o||(o=this.precomputeWindow(r,t),t!==1&&(typeof n=="function"&&(o=n(o)),lr.set(r,o))),o}cached(t,r,n){let o=xr(t);return this.wNAF(o,this.getPrecomputes(o,t,n),r)}unsafe(t,r,n,o){let s=xr(t);return s===1?this._unsafeLadder(t,r,o):this.wNAFUnsafe(s,this.getPrecomputes(s,t,n),r,o)}createCache(t,r){Rn(r,this.bits),Nn.set(t,r),lr.delete(t)}hasCache(t){return xr(t)!==1}};function Oe(e,t,r,n){Po(r,e),Mo(n,t);let o=r.length,s=n.length;if(o!==s)throw new Error("arrays of points and scalars must have equal length");let i=e.ZERO,a=bn(BigInt(o)),c=1;a>12?c=a-3:a>4?c=a-2:a>0&&(c=2);let u=Wt(c),h=new Array(Number(u)+1).fill(i),d=Math.floor((t.BITS-1)/c)*c,f=i;for(let p=d;p>=0;p-=c){h.fill(i);for(let g=0;g<s;g++){let E=n[g],l=Number(E>>BigInt(p)&u);h[l]=h[l].add(r[g])}let x=i;for(let g=h.length-1,E=i;g>0;g--)E=E.add(h[g]),x=x.add(E);if(f=f.add(x),p!==0)for(let g=0;g<c;g++)f=f.double()}return f}function Cn(e,t,r){if(t){if(t.ORDER!==e)throw new Error("Field.ORDER must match order: Fp == p, Fn == n");return On(t),t}else return ct(e,{isLE:r})}function Un(e,t,r={},n){if(n===void 0&&(n=e==="edwards"),!t||typeof t!="object")throw new Error(`expected valid ${e} CURVE object`);for(let c of["p","n","h"]){let u=t[c];if(!(typeof u=="bigint"&&u>Ae))throw new Error(`CURVE.${c} must be positive bigint`)}let o=Cn(t.p,r.Fp,n),s=Cn(t.n,r.Fn,n),a=["Gx","Gy","a",e==="weierstrass"?"b":"d"];for(let c of a)if(!o.isValid(t[c]))throw new Error(`CURVE.${c} must be valid field element of CURVE.Fp`);return t=Object.freeze(Object.assign({},t)),{CURVE:t,Fp:o,Fn:s}}var mt=BigInt(0),U=BigInt(1),yr=BigInt(2),jo=BigInt(8);function qo(e,t,r,n){let o=e.sqr(r),s=e.sqr(n),i=e.add(e.mul(t.a,o),s),a=e.add(e.ONE,e.mul(t.d,e.mul(o,s)));return e.eql(i,a)}function Ho(e,t={}){let r=Un("edwards",e,t,t.FpFnLE),{Fp:n,Fn:o}=r,s=r.CURVE,{h:i}=s;Xt(t,{},{uvRatio:"function"});let a=yr<<BigInt(o.BYTES*8)-U,c=E=>n.create(E),u=t.uvRatio||((E,l)=>{try{return{isValid:!0,value:n.sqrt(n.div(E,l))}}catch{return{isValid:!1,value:mt}}});if(!qo(n,s,s.Gx,s.Gy))throw new Error("bad curve params: generator point");function h(E,l,w=!1){let y=w?U:mt;return ar("coordinate "+E,l,y,a),l}function d(E){if(!(E instanceof x))throw new Error("ExtendedPoint expected")}let f=ur((E,l)=>{let{X:w,Y:y,Z:I}=E,A=E.is0();l==null&&(l=A?jo:n.inv(I));let D=c(w*l),L=c(y*l),B=n.mul(I,l);if(A)return{x:mt,y:U};if(B!==U)throw new Error("invZ was invalid");return{x:D,y:L}}),p=ur(E=>{let{a:l,d:w}=s;if(E.is0())throw new Error("bad point: ZERO");let{X:y,Y:I,Z:A,T:D}=E,L=c(y*y),B=c(I*I),b=c(A*A),m=c(b*b),_=c(L*l),S=c(b*c(_+B)),T=c(m+c(w*c(L*B)));if(S!==T)throw new Error("bad point: equation left != right (1)");let O=c(y*I),N=c(A*D);if(O!==N)throw new Error("bad point: equation left != right (2)");return!0});class x{constructor(l,w,y,I){this.X=h("x",l),this.Y=h("y",w),this.Z=h("z",y,!0),this.T=h("t",I),Object.freeze(this)}static CURVE(){return s}static fromAffine(l){if(l instanceof x)throw new Error("extended point not allowed");let{x:w,y}=l||{};return h("x",w),h("y",y),new x(w,y,U,c(w*y))}static fromBytes(l,w=!1){let y=n.BYTES,{a:I,d:A}=s;l=cr(zt(l,y,"point")),Ie(w,"zip215");let D=cr(l),L=l[y-1];D[y-1]=L&-129;let B=gt(D),b=w?a:n.ORDER;ar("point.y",B,mt,b);let m=c(B*B),_=c(m-U),S=c(A*m-I),{isValid:T,value:O}=u(_,S);if(!T)throw new Error("bad point: invalid y coordinate");let N=(O&U)===U,q=(L&128)!==0;if(!w&&O===mt&&q)throw new Error("bad point: x=0 and x_0=1");return q!==N&&(O=c(-O)),x.fromAffine({x:O,y:B})}static fromHex(l,w=!1){return x.fromBytes(K("point",l),w)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(l=8,w=!0){return g.createCache(this,l),w||this.multiply(yr),this}assertValidity(){p(this)}equals(l){d(l);let{X:w,Y:y,Z:I}=this,{X:A,Y:D,Z:L}=l,B=c(w*L),b=c(A*I),m=c(y*L),_=c(D*I);return B===b&&m===_}is0(){return this.equals(x.ZERO)}negate(){return new x(c(-this.X),this.Y,this.Z,c(-this.T))}double(){let{a:l}=s,{X:w,Y:y,Z:I}=this,A=c(w*w),D=c(y*y),L=c(yr*c(I*I)),B=c(l*A),b=w+y,m=c(c(b*b)-A-D),_=B+D,S=_-L,T=B-D,O=c(m*S),N=c(_*T),q=c(m*T),dt=c(S*_);return new x(O,N,dt,q)}add(l){d(l);let{a:w,d:y}=s,{X:I,Y:A,Z:D,T:L}=this,{X:B,Y:b,Z:m,T:_}=l,S=c(I*B),T=c(A*b),O=c(L*y*_),N=c(D*m),q=c((I+A)*(B+b)-S-T),dt=N-O,Et=N+O,rt=c(T-w*S),kt=c(q*dt),ue=c(Et*rt),qe=c(q*rt),jr=c(dt*Et);return new x(kt,ue,jr,qe)}subtract(l){return this.add(l.negate())}multiply(l){if(!o.isValidNot0(l))throw new Error("invalid scalar: expected 1 <= sc < curve.n");let{p:w,f:y}=g.cached(this,l,I=>Jt(x,I));return Jt(x,[w,y])[0]}multiplyUnsafe(l,w=x.ZERO){if(!o.isValid(l))throw new Error("invalid scalar: expected 0 <= sc < curve.n");return l===mt?x.ZERO:this.is0()||l===U?this:g.unsafe(this,l,y=>Jt(x,y),w)}isSmallOrder(){return this.multiplyUnsafe(i).is0()}isTorsionFree(){return g.unsafe(this,s.n).is0()}toAffine(l){return f(this,l)}clearCofactor(){return i===U?this:this.multiplyUnsafe(i)}toBytes(){let{x:l,y:w}=this.toAffine(),y=n.toBytes(w);return y[y.length-1]|=l&U?128:0,y}toHex(){return v(this.toBytes())}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get ex(){return this.X}get ey(){return this.Y}get ez(){return this.Z}get et(){return this.T}static normalizeZ(l){return Jt(x,l)}static msm(l,w){return Oe(x,o,l,w)}_setWindowSize(l){this.precompute(l)}toRawBytes(){return this.toBytes()}}x.BASE=new x(s.Gx,s.Gy,U,c(s.Gx*s.Gy)),x.ZERO=new x(mt,U,U,mt),x.Fp=n,x.Fn=o;let g=new Se(x,o.BITS);return x.BASE.precompute(8),x}var Te=class{constructor(t){this.ep=t}static fromBytes(t){fr()}static fromHex(t){fr()}get x(){return this.toAffine().x}get y(){return this.toAffine().y}clearCofactor(){return this}assertValidity(){this.ep.assertValidity()}toAffine(t){return this.ep.toAffine(t)}toHex(){return v(this.toBytes())}toString(){return this.toHex()}isTorsionFree(){return!0}isSmallOrder(){return!1}add(t){return this.assertSame(t),this.init(this.ep.add(t.ep))}subtract(t){return this.assertSame(t),this.init(this.ep.subtract(t.ep))}multiply(t){return this.init(this.ep.multiply(t))}multiplyUnsafe(t){return this.init(this.ep.multiplyUnsafe(t))}double(){return this.init(this.ep.double())}negate(){return this.init(this.ep.negate())}precompute(t,r){return this.init(this.ep.precompute(t,r))}toRawBytes(){return this.toBytes()}};function ko(e,t,r={}){if(typeof t!="function")throw new Error('"hash" function param is required');Xt(r,{},{adjustScalarBytes:"function",randomBytes:"function",domain:"function",prehash:"function",mapToCurve:"function"});let{prehash:n}=r,{BASE:o,Fp:s,Fn:i}=e,a=r.randomBytes||Ve,c=r.adjustScalarBytes||(b=>b),u=r.domain||((b,m,_)=>{if(Ie(_,"phflag"),m.length||_)throw new Error("Contexts/pre-hash are not supported");return b});function h(b){return i.create(gt(b))}function d(b){let m=y.secretKey;b=K("private key",b,m);let _=K("hashed private key",t(b),2*m),S=c(_.slice(0,m)),T=_.slice(m,2*m),O=h(S);return{head:S,prefix:T,scalar:O}}function f(b){let{head:m,prefix:_,scalar:S}=d(b),T=o.multiply(S),O=T.toBytes();return{head:m,prefix:_,scalar:S,point:T,pointBytes:O}}function p(b){return f(b).pointBytes}function x(b=Uint8Array.of(),...m){let _=G(...m);return h(t(u(_,K("context",b),!!n)))}function g(b,m,_={}){b=K("message",b),n&&(b=n(b));let{prefix:S,scalar:T,pointBytes:O}=f(m),N=x(_.context,S,b),q=o.multiply(N).toBytes(),dt=x(_.context,q,O,b),Et=i.create(N+dt*T);if(!i.isValid(Et))throw new Error("sign failed: invalid s");let rt=G(q,i.toBytes(Et));return zt(rt,y.signature,"result")}let E={zip215:!0};function l(b,m,_,S=E){let{context:T,zip215:O}=S,N=y.signature;b=K("signature",b,N),m=K("message",m),_=K("publicKey",_,y.publicKey),O!==void 0&&Ie(O,"zip215"),n&&(m=n(m));let q=N/2,dt=b.subarray(0,q),Et=gt(b.subarray(q,N)),rt,kt,ue;try{rt=e.fromBytes(_,O),kt=e.fromBytes(dt,O),ue=o.multiplyUnsafe(Et)}catch{return!1}if(!O&&rt.isSmallOrder())return!1;let qe=x(T,kt.toBytes(),rt.toBytes(),m);return kt.add(rt.multiplyUnsafe(qe)).subtract(ue).clearCofactor().is0()}let w=s.BYTES,y={secretKey:w,publicKey:w,signature:2*w,seed:w};function I(b=a(y.seed)){return zt(b,y.seed,"seed")}function A(b){let m=B.randomSecretKey(b);return{secretKey:m,publicKey:p(m)}}function D(b){return It(b)&&b.length===i.BYTES}function L(b,m){try{return!!e.fromBytes(b,m)}catch{return!1}}let B={getExtendedPublicKey:f,randomSecretKey:I,isValidSecretKey:D,isValidPublicKey:L,toMontgomery(b){let{y:m}=e.fromBytes(b),_=y.publicKey,S=_===32;if(!S&&_!==57)throw new Error("only defined for 25519 and 448");let T=S?s.div(U+m,U-m):s.div(m-U,m+U);return s.toBytes(T)},toMontgomerySecret(b){let m=y.secretKey;zt(b,m);let _=t(b.subarray(0,m));return c(_).subarray(0,m)},randomPrivateKey:I,precompute(b=8,m=e.BASE){return m.precompute(b,!1)}};return Object.freeze({keygen:A,getPublicKey:p,sign:g,verify:l,utils:B,Point:e,lengths:y})}function Ko(e){let t={a:e.a,d:e.d,p:e.Fp.ORDER,n:e.n,h:e.h,Gx:e.Gx,Gy:e.Gy},r=e.Fp,n=ct(t.n,e.nBitLength,!0),o={Fp:r,Fn:n,uvRatio:e.uvRatio},s={randomBytes:e.randomBytes,adjustScalarBytes:e.adjustScalarBytes,domain:e.domain,prehash:e.prehash,mapToCurve:e.mapToCurve};return{CURVE:t,curveOpts:o,hash:e.hash,eddsaOpts:s}}function $o(e,t){let r=t.Point;return Object.assign({},t,{ExtendedPoint:r,CURVE:e,nBitLength:r.Fn.BITS,nByteLength:r.Fn.BYTES})}function Pn(e){let{CURVE:t,curveOpts:r,hash:n,eddsaOpts:o}=Ko(e),s=Ho(t,r),i=ko(s,n,o);return $o(e,i)}var Vo=BigInt(0),at=BigInt(1),Mn=BigInt(2),Gi=BigInt(3),Go=BigInt(5),Fo=BigInt(8),Mt=BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed"),Qt={p:Mt,n:BigInt("0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed"),h:Fo,a:BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"),d:BigInt("0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3"),Gx:BigInt("0x216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a"),Gy:BigInt("0x6666666666666666666666666666666666666666666666666666666666666658")};function Yo(e){let t=BigInt(10),r=BigInt(20),n=BigInt(40),o=BigInt(80),s=Mt,a=e*e%s*e%s,c=W(a,Mn,s)*a%s,u=W(c,at,s)*e%s,h=W(u,Go,s)*u%s,d=W(h,t,s)*h%s,f=W(d,r,s)*d%s,p=W(f,n,s)*f%s,x=W(p,o,s)*p%s,g=W(x,o,s)*p%s,E=W(g,t,s)*h%s;return{pow_p_5_8:W(E,Mn,s)*e%s,b2:a}}function Zo(e){return e[0]&=248,e[31]&=127,e[31]|=64,e}var br=BigInt("19681161376707505956807079304988542015446066515923890162744021073123829784752");function wr(e,t){let r=Mt,n=R(t*t*t,r),o=R(n*n*t,r),s=Yo(e*o).pow_p_5_8,i=R(e*n*s,r),a=R(t*i*i,r),c=i,u=R(i*br,r),h=a===e,d=a===R(-e,r),f=a===R(-e*br,r);return h&&(i=c),(d||f)&&(i=u),it(i,r)&&(i=R(-i,r)),{isValid:h||d,value:i}}var wt=ct(Qt.p,{isLE:!0}),zo=ct(Qt.n,{isLE:!0}),Wo={...Qt,Fp:wt,hash:sn,adjustScalarBytes:Zo,uvRatio:wr},$=Pn(Wo);var gr=br,Xo=BigInt("25063068953384623474111414158702152701244531502492656460079210482610430750235"),Jo=BigInt("54469307008909316920995813868745141605393597292927456921205312896311721017578"),Qo=BigInt("1159843021668779879193775521855586647937357759715417654439879720876111806838"),ts=BigInt("40440834346308536858101042469323190826248399146238708352240133220865137265952"),jn=e=>wr(at,e),es=BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),mr=e=>$.Point.Fp.create(gt(e)&es);function qn(e){let{d:t}=Qt,r=Mt,n=l=>wt.create(l),o=n(gr*e*e),s=n((o+at)*Qo),i=BigInt(-1),a=n((i-t*o)*n(o+t)),{isValid:c,value:u}=wr(s,a),h=n(u*e);it(h,r)||(h=n(-h)),c||(u=h),c||(i=o);let d=n(i*(o-at)*ts-a),f=u*u,p=n((u+u)*a),x=n(d*Xo),g=n(at-f),E=n(at+f);return new $.Point(n(p*E),n(g*x),n(x*E),n(p*g))}function rs(e){V(e,64);let t=mr(e.subarray(0,32)),r=qn(t),n=mr(e.subarray(32,64)),o=qn(n);return new ft(r.add(o))}var ft=class e extends Te{constructor(t){super(t)}static fromAffine(t){return new e($.Point.fromAffine(t))}assertSame(t){if(!(t instanceof e))throw new Error("RistrettoPoint expected")}init(t){return new e(t)}static hashToCurve(t){return rs(K("ristrettoHash",t,64))}static fromBytes(t){V(t,32);let{a:r,d:n}=Qt,o=Mt,s=I=>wt.create(I),i=mr(t);if(!yn(wt.toBytes(i),t)||it(i,o))throw new Error("invalid ristretto255 encoding 1");let a=s(i*i),c=s(at+r*a),u=s(at-r*a),h=s(c*c),d=s(u*u),f=s(r*n*h-d),{isValid:p,value:x}=jn(s(f*d)),g=s(x*u),E=s(x*g*f),l=s((i+i)*g);it(l,o)&&(l=s(-l));let w=s(c*E),y=s(l*w);if(!p||it(y,o)||w===Vo)throw new Error("invalid ristretto255 encoding 2");return new e(new $.Point(l,w,at,y))}static fromHex(t){return e.fromBytes(K("ristrettoHex",t,32))}static msm(t,r){return Oe(e,$.Point.Fn,t,r)}toBytes(){let{X:t,Y:r,Z:n,T:o}=this.ep,s=Mt,i=E=>wt.create(E),a=i(i(n+r)*i(n-r)),c=i(t*r),u=i(c*c),{value:h}=jn(i(a*u)),d=i(h*a),f=i(h*c),p=i(d*f*o),x;if(it(o*p,s)){let E=i(r*gr),l=i(t*gr);t=E,r=l,x=i(d*Jo)}else x=f;it(t*p,s)&&(r=i(-r));let g=i((n-r)*x);return it(g,s)&&(g=i(-g)),wt.toBytes(g)}equals(t){this.assertSame(t);let{X:r,Y:n}=this.ep,{X:o,Y:s}=t.ep,i=u=>wt.create(u),a=i(r*s)===i(n*o),c=i(n*s)===i(r*o);return a||c}is0(){return this.equals(e.ZERO)}};ft.BASE=new ft($.Point.BASE);ft.ZERO=new ft($.Point.ZERO);ft.Fp=wt;ft.Fn=zo;var Hn=e=>{if(e<=127)return 1;if(e<=255)return 2;if(e<=65535)return 3;if(e<=16777215)return 4;throw k.fromCode(new Gt("Length too long (> 4 bytes)"))},kn=(e,t,r)=>{if(r<=127)return e[t]=r,1;if(r<=255)return e[t]=129,e[t+1]=r,2;if(r<=65535)return e[t]=130,e[t+1]=r>>8,e[t+2]=r,3;if(r<=16777215)return e[t]=131,e[t+1]=r>>16,e[t+2]=r>>8,e[t+3]=r,4;throw k.fromCode(new Gt("Length too long (> 4 bytes)"))},Er=(e,t)=>{if(e[t]<128)return 1;if(e[t]===128)throw k.fromCode(new yt("Invalid length 0"));if(e[t]===129)return 2;if(e[t]===130)return 3;if(e[t]===131)return 4;throw k.fromCode(new yt("Length too long (> 4 bytes)"))},ns=(e,t)=>{let r=Er(e,t);if(r===1)return e[t];if(r===2)return e[t+1];if(r===3)return(e[t+1]<<8)+e[t+2];if(r===4)return(e[t+1]<<16)+(e[t+2]<<8)+e[t+3];throw k.fromCode(new yt("Length too long (> 4 bytes)"))},zi=Uint8Array.from([48,12,6,10,43,6,1,4,1,131,184,67,1,1]),_r=Uint8Array.from([48,5,6,3,43,101,112]),Wi=Uint8Array.from([48,16,6,7,42,134,72,206,61,2,1,6,5,43,129,4,0,10]),Xi=Uint8Array.from([48,29,6,13,43,6,1,4,1,130,220,124,5,3,1,2,1,6,12,43,6,1,4,1,130,220,124,5,3,2,1]);function Kn(e,t){let r=2+Hn(e.byteLength+1),n=t.byteLength+r+e.byteLength,o=0,s=new Uint8Array(1+Hn(n)+n);return s[o++]=48,o+=kn(s,o,n),s.set(t,o),o+=t.byteLength,s[o++]=3,o+=kn(s,o,e.byteLength+1),s[o++]=0,s.set(new Uint8Array(e),o),s}var $n=(e,t)=>{let r=0,n=(a,c)=>{if(o[r++]!==a)throw k.fromCode(new yt(`Expected ${c} at offset ${r}`))},o=new Uint8Array(e);if(n(48,"sequence"),r+=Er(o,r),!un(o.slice(r,r+t.byteLength),t))throw k.fromCode(new yt("Not the expected OID."));r+=t.byteLength,n(3,"bit string");let s=ns(o,r)-1;r+=Er(o,r),n(0,"0 padding");let i=o.slice(r);if(s!==i.length)throw k.fromCode(new me(s,i.length));return i};function Vn(e){return e!==null&&typeof e=="object"}var ee,re,Tt=class Tt{constructor(t){F(this,ee);F(this,re);if(t.byteLength!==Tt.RAW_KEY_LENGTH)throw new Error("An Ed25519 public key must be exactly 32bytes long");Y(this,ee,t),Y(this,re,Tt.derEncode(t))}static from(t){if(typeof t=="string"){let r=H(t);return this.fromRaw(r)}if(Vn(t)){let r=t;if(Vn(r)&&Object.hasOwnProperty.call(r,"__derEncodedPublicKey__"))return this.fromDer(r);if(ArrayBuffer.isView(r)){let n=r;return this.fromRaw(J(n.buffer))}if(r instanceof ArrayBuffer)return this.fromRaw(J(r));if("rawKey"in r&&r.rawKey instanceof Uint8Array)return this.fromRaw(r.rawKey);if("derKey"in r)return this.fromDer(r.derKey);if("toDer"in r)return this.fromDer(r.toDer())}throw new Error("Cannot construct Ed25519PublicKey from the provided key.")}static fromRaw(t){return new Tt(t)}static fromDer(t){return new Tt(this.derDecode(t))}static derEncode(t){let r=Kn(t,_r);return r.__derEncodedPublicKey__=void 0,r}static derDecode(t){let r=$n(t,_r);if(r.length!==this.RAW_KEY_LENGTH)throw new Error("An Ed25519 public key must be exactly 32bytes long");return r}get rawKey(){return C(this,ee)}get derKey(){return C(this,re)}toDer(){return this.derKey}toRaw(){return this.rawKey}};ee=new WeakMap,re=new WeakMap,Tt.RAW_KEY_LENGTH=32;var te=Tt,vt,Dt,jt=class jt extends bt{constructor(r,n){super();F(this,vt);F(this,Dt);Y(this,vt,te.from(r)),Y(this,Dt,n)}static generate(r){if(r&&r.length!==32)throw new Error("Ed25519 Seed needs to be 32 bytes long.");r||(r=$.utils.randomPrivateKey()),an(r,new Uint8Array(new Array(32).fill(0)))&&console.warn("Seed is all zeros. This is not a secure seed. Please provide a seed with sufficient entropy if this is a production environment.");let n=new Uint8Array(32);for(let s=0;s<32;s++)n[s]=r[s];let o=$.getPublicKey(n);return jt.fromKeyPair(o,n)}static fromParsedJson(r){let[n,o]=r;return new jt(te.fromDer(H(n)),H(o))}static fromJSON(r){let n=JSON.parse(r);if(Array.isArray(n)){if(typeof n[0]=="string"&&typeof n[1]=="string")return this.fromParsedJson([n[0],n[1]]);throw new Error("Deserialization error: JSON must have at least 2 items.")}throw new Error(`Deserialization error: Invalid JSON type for string: ${JSON.stringify(r)}`)}static fromKeyPair(r,n){return new jt(te.fromRaw(r),n)}static fromSecretKey(r){let n=$.getPublicKey(r);return jt.fromKeyPair(n,r)}toJSON(){return[v(C(this,vt).toDer()),v(C(this,Dt))]}getKeyPair(){return{secretKey:C(this,Dt),publicKey:C(this,vt)}}getPublicKey(){return C(this,vt)}async sign(r){let n=$.sign(r,C(this,Dt).slice(0,32));return Object.defineProperty(n,"__signature__",{enumerable:!1,value:void 0}),n}static verify(r,n,o){let[s,i,a]=[r,n,o].map(c=>(typeof c=="string"&&(c=H(c)),J(c)));return $.verify(s,i,a)}};vt=new WeakMap,Dt=new WeakMap;var Lt=jt;var Ir=class e extends Error{constructor(t){super(t),this.message=t,Object.setPrototypeOf(this,e.prototype)}};function Gn(e){if(typeof global<"u"&&global.crypto&&global.crypto.subtle)return global.crypto.subtle;if(e)return e;if(typeof crypto<"u"&&crypto.subtle)return crypto.subtle;throw new Ir("Global crypto was not available and none was provided. Please inlcude a SubtleCrypto implementation. See https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto")}var qt=class e extends bt{static async generate(t){let{extractable:r=!1,keyUsages:n=["sign","verify"],subtleCrypto:o}=t??{},s=Gn(o),i=await s.generateKey({name:"ECDSA",namedCurve:"P-256"},r,n),a=J(await s.exportKey("spki",i.publicKey));return Object.assign(a,{__derEncodedPublicKey__:void 0}),new this(i,a,s)}static async fromKeyPair(t,r){let n=Gn(r),o=J(await n.exportKey("spki",t.publicKey));return Object.assign(o,{__derEncodedPublicKey__:void 0}),new e(t,o,n)}constructor(t,r,n){super(),this._keyPair=t,this._derKey=r,this._subtleCrypto=n}getKeyPair(){return this._keyPair}getPublicKey(){let t=this._derKey,r=Object.create(this._keyPair.publicKey);return r.toDer=function(){return t},r}async sign(t){let r={name:"ECDSA",hash:{name:"SHA-256"}},n=J(await this._subtleCrypto.sign(r,this._keyPair.privateKey,t));return Object.assign(n,{__signature__:void 0}),n}};var Q,ve=class{constructor(t){F(this,Q);Y(this,Q,t)}get rawKey(){return C(this,Q).rawKey}get derKey(){return C(this,Q).derKey}toDer(){return C(this,Q).toDer()}getPublicKey(){return C(this,Q)}getPrincipal(){if(!C(this,Q).rawKey)throw new Error("Cannot get principal from a public key without a raw key.");return z.fromUint8Array(new Uint8Array(C(this,Q).rawKey))}transformRequest(){return Promise.reject("Not implemented. You are attempting to use a partial identity to sign calls, but this identity only has access to the public key.To sign calls, use a DelegationIdentity instead.")}};Q=new WeakMap;function De(e){return e instanceof Uint8Array?v(e):v(new Uint8Array(e))}function Br(e){if(typeof e!="string"||e.length<64)throw new Error("Invalid public key.");return H(e)}var Ht=class{constructor(t,r,n){this.pubkey=t,this.expiration=r,this.targets=n}toCborValue(){return{pubkey:this.pubkey,expiration:this.expiration,...this.targets&&{targets:this.targets}}}toJSON(){return{expiration:this.expiration.toString(16),pubkey:De(this.pubkey),...this.targets&&{targets:this.targets.map(t=>t.toHex())}}}};async function os(e,t,r,n){let o=new Ht(t.toDer(),BigInt(+r)*BigInt(1e6),n),s=new Uint8Array([...rr,...new Uint8Array(Ft({...o}))]),i=await e.sign(s);return{delegation:o,signature:i}}var Ct=class e{static async create(t,r,n=new Date(Date.now()+900*1e3),o={}){let s=await os(t,r,n,o.targets);return new e([...o.previous?.delegations||[],s],o.previous?.publicKey||t.getPublicKey().toDer())}static fromJSON(t){let{publicKey:r,delegations:n}=typeof t=="string"?JSON.parse(t):t;if(!Array.isArray(n))throw new Error("Invalid delegations.");let o=n.map(s=>{let{delegation:i,signature:a}=s,{pubkey:c,expiration:u,targets:h}=i;if(h!==void 0&&!Array.isArray(h))throw new Error("Invalid targets.");return{delegation:new Ht(Br(c),BigInt(`0x${u}`),h&&h.map(d=>{if(typeof d!="string")throw new Error("Invalid target.");return z.fromHex(d)})),signature:Br(a)}});return new this(o,Br(r))}static fromDelegations(t,r){return new this(t,r)}constructor(t,r){this.delegations=t,this.publicKey=r}toJSON(){return{delegations:this.delegations.map(t=>{let{delegation:r,signature:n}=t,{targets:o}=r;return{delegation:{expiration:r.expiration.toString(16),pubkey:De(r.pubkey),...o&&{targets:o.map(s=>s.toHex())}},signature:De(n)}}),publicKey:De(this.publicKey)}}},Rt=class extends bt{static fromDelegation(t,r){return new this(t,r)}constructor(t,r){super(),this._inner=t,this._delegation=r}getDelegation(){return this._delegation}getPublicKey(){return{derKey:this._delegation.publicKey,toDer:()=>this._delegation.publicKey}}sign(t){return this._inner.sign(t)}async transformRequest(t){let{body:r,...n}=t,o=await Ft(r);return{...n,body:{content:r,sender_sig:await this.sign(new Uint8Array([...Yt,...new Uint8Array(o)])),sender_delegation:this._delegation.delegations,sender_pubkey:this._delegation.publicKey}}}},oe,Sr=class Sr extends ve{constructor(r,n){super(r);F(this,oe);Y(this,oe,n)}get delegation(){return C(this,oe)}static fromDelegation(r,n){return new Sr(r,n)}};oe=new WeakMap;var ne=Sr;function Ar(e,t){for(let{delegation:o}of e.delegations)if(+new Date(Number(o.expiration/BigInt(1e6)))<=+Date.now())return!1;let r=[],n=t?.scope;n&&(Array.isArray(n)?r.push(...n.map(o=>typeof o=="string"?z.fromText(o):o)):r.push(typeof n=="string"?z.fromText(n):n));for(let o of r){let s=o.toText();for(let{delegation:i}of e.delegations){if(i.targets===void 0)continue;let a=!0;for(let c of i.targets)if(c.toText()===s){a=!1;break}if(a)return!1}}return!0}var Fn=["mousedown","mousemove","keydown","touchstart","wheel"],se=class e{constructor(t={}){Nt(this,"callbacks",[]);Nt(this,"idleTimeout",600*1e3);Nt(this,"timeoutID");let{onIdle:r,idleTimeout:n=600*1e3}=t||{};this.callbacks=r?[r]:[],this.idleTimeout=n;let o=this._resetTimer.bind(this);window.addEventListener("load",o,!0),Fn.forEach(i=>{document.addEventListener(i,o,!0)});let s=(i,a)=>{let c;return(...u)=>{let h=this,d=()=>{c=void 0,i.apply(h,u)};clearTimeout(c),c=window.setTimeout(d,a)}};if(t?.captureScroll){let i=s(o,t?.scrollDebounce??100);window.addEventListener("scroll",i,!0)}o()}static create(t={}){return new e(t)}registerCallback(t){this.callbacks.push(t)}exit(){clearTimeout(this.timeoutID),window.removeEventListener("load",this._resetTimer,!0);let t=this._resetTimer.bind(this);Fn.forEach(r=>{document.removeEventListener(r,t,!0)}),this.callbacks.forEach(r=>{r()})}_resetTimer(){let t=this.exit.bind(this);window.clearTimeout(this.timeoutID),this.timeoutID=window.setTimeout(t,this.idleTimeout)}};var ss=(e,t)=>t.some(r=>e instanceof r),Yn,Zn;function is(){return Yn||(Yn=[IDBDatabase,IDBObjectStore,IDBIndex,IDBCursor,IDBTransaction])}function cs(){return Zn||(Zn=[IDBCursor.prototype.advance,IDBCursor.prototype.continue,IDBCursor.prototype.continuePrimaryKey])}var zn=new WeakMap,Tr=new WeakMap,Wn=new WeakMap,Or=new WeakMap,Dr=new WeakMap;function as(e){let t=new Promise((r,n)=>{let o=()=>{e.removeEventListener("success",s),e.removeEventListener("error",i)},s=()=>{r(tt(e.result)),o()},i=()=>{n(e.error),o()};e.addEventListener("success",s),e.addEventListener("error",i)});return t.then(r=>{r instanceof IDBCursor&&zn.set(r,e)}).catch(()=>{}),Dr.set(t,e),t}function fs(e){if(Tr.has(e))return;let t=new Promise((r,n)=>{let o=()=>{e.removeEventListener("complete",s),e.removeEventListener("error",i),e.removeEventListener("abort",i)},s=()=>{r(),o()},i=()=>{n(e.error||new DOMException("AbortError","AbortError")),o()};e.addEventListener("complete",s),e.addEventListener("error",i),e.addEventListener("abort",i)});Tr.set(e,t)}var vr={get(e,t,r){if(e instanceof IDBTransaction){if(t==="done")return Tr.get(e);if(t==="objectStoreNames")return e.objectStoreNames||Wn.get(e);if(t==="store")return r.objectStoreNames[1]?void 0:r.objectStore(r.objectStoreNames[0])}return tt(e[t])},set(e,t,r){return e[t]=r,!0},has(e,t){return e instanceof IDBTransaction&&(t==="done"||t==="store")?!0:t in e}};function Xn(e){vr=e(vr)}function us(e){return e===IDBDatabase.prototype.transaction&&!("objectStoreNames"in IDBTransaction.prototype)?function(t,...r){let n=e.call(Le(this),t,...r);return Wn.set(n,t.sort?t.sort():[t]),tt(n)}:cs().includes(e)?function(...t){return e.apply(Le(this),t),tt(zn.get(this))}:function(...t){return tt(e.apply(Le(this),t))}}function ds(e){return typeof e=="function"?us(e):(e instanceof IDBTransaction&&fs(e),ss(e,is())?new Proxy(e,vr):e)}function tt(e){if(e instanceof IDBRequest)return as(e);if(Or.has(e))return Or.get(e);let t=ds(e);return t!==e&&(Or.set(e,t),Dr.set(t,e)),t}var Le=e=>Dr.get(e);function Qn(e,t,{blocked:r,upgrade:n,blocking:o,terminated:s}={}){let i=indexedDB.open(e,t),a=tt(i);return n&&i.addEventListener("upgradeneeded",c=>{n(tt(i.result),c.oldVersion,c.newVersion,tt(i.transaction),c)}),r&&i.addEventListener("blocked",c=>r(c.oldVersion,c.newVersion,c)),a.then(c=>{s&&c.addEventListener("close",()=>s()),o&&c.addEventListener("versionchange",u=>o(u.oldVersion,u.newVersion,u))}).catch(()=>{}),a}var hs=["get","getKey","getAll","getAllKeys","count"],ls=["put","add","delete","clear"],Lr=new Map;function Jn(e,t){if(!(e instanceof IDBDatabase&&!(t in e)&&typeof t=="string"))return;if(Lr.get(t))return Lr.get(t);let r=t.replace(/FromIndex$/,""),n=t!==r,o=ls.includes(r);if(!(r in(n?IDBIndex:IDBObjectStore).prototype)||!(o||hs.includes(r)))return;let s=async function(i,...a){let c=this.transaction(i,o?"readwrite":"readonly"),u=c.store;return n&&(u=u.index(a.shift())),(await Promise.all([u[r](...a),o&&c.done]))[0]};return Lr.set(t,s),s}Xn(e=>({...e,get:(t,r,n)=>Jn(t,r)||e.get(t,r,n),has:(t,r)=>!!Jn(t,r)||e.has(t,r)}));var to="auth-client-db",eo="ic-keyval",xs=async(e=to,t=eo,r)=>(globalThis.localStorage?.getItem(et)&&(globalThis.localStorage.removeItem(et),globalThis.localStorage.removeItem(ut)),await Qn(e,r,{upgrade:n=>{n.objectStoreNames.contains(t)&&n.clear(t),n.createObjectStore(t)}}));async function ps(e,t,r){return await e.get(t,r)}async function ys(e,t,r,n){return await e.put(t,n,r)}async function bs(e,t,r){return await e.delete(t,r)}var Ce=class e{constructor(t,r){this._db=t,this._storeName=r}static async create(t){let{dbName:r=to,storeName:n=eo,version:o=ro}=t??{},s=await xs(r,n,o);return new e(s,n)}async set(t,r){return await ys(this._db,this._storeName,t,r)}async get(t){return await ps(this._db,this._storeName,t)??null}async remove(t){return await bs(this._db,this._storeName,t)}};var ut="identity",et="delegation",no="iv",ro=1,Re=class{constructor(t="ic-",r){this.prefix=t,this._localStorage=r}get(t){return Promise.resolve(this._getLocalStorage().getItem(this.prefix+t))}set(t,r){return this._getLocalStorage().setItem(this.prefix+t,r),Promise.resolve()}remove(t){return this._getLocalStorage().removeItem(this.prefix+t),Promise.resolve()}_getLocalStorage(){if(this._localStorage)return this._localStorage;let t=globalThis.localStorage;if(!t)throw new Error("Could not find local storage.");return t}},ie,Ne=class{constructor(t){F(this,ie);Nt(this,"initializedDb");Y(this,ie,t??{})}get _db(){return new Promise((t,r)=>{if(this.initializedDb){t(this.initializedDb);return}Ce.create(C(this,ie)).then(n=>{this.initializedDb=n,t(n)}).catch(r)})}async get(t){return await(await this._db).get(t)}async set(t,r){await(await this._db).set(t,r)}async remove(t){await(await this._db).remove(t)}};ie=new WeakMap;var gs=BigInt(1e9),ms=BigInt(3600),ws=gs*ms,Es="https://identity.internetcomputer.org",_s="#authorize",Is=BigInt(8)*ws,Cr="ECDSA",Rr="Ed25519",Bs=500,so="UserInterrupt",ce=class e{constructor(t,r,n,o,s,i,a,c){this._identity=t,this._key=r,this._chain=n,this._storage=o,this.idleManager=s,this._createOptions=i,this._idpWindow=a,this._eventHandler=c,this._registerDefaultIdleCallback()}static async create(t={}){let r=t.storage??new Ne,n=t.keyType??Cr,o=null;if(t.identity)o=t.identity;else{let c=await r.get(ut);if(!c)try{let u=new Re,h=await u.get(et),d=await u.get(ut);h&&d&&n===Cr&&(console.log("Discovered an identity stored in localstorage. Migrating to IndexedDB"),await r.set(et,h),await r.set(ut,d),c=h,await u.remove(et),await u.remove(ut))}catch(u){console.error(`error while attempting to recover localstorage: ${u}`)}if(c)try{typeof c=="object"?n===Rr&&typeof c=="string"?o=Lt.fromJSON(c):o=await qt.fromKeyPair(c):typeof c=="string"&&(o=Lt.fromJSON(c))}catch{}}let s=new Zt,i=null;if(o)try{let c=await r.get(et);if(typeof c=="object"&&c!==null)throw new Error("Delegation chain is incorrectly stored. A delegation chain should be stored as a string.");t.identity?s=t.identity:c&&(i=Ct.fromJSON(c),Ar(i)?"toDer"in o?s=ne.fromDelegation(o,i):s=Rt.fromDelegation(o,i):(await Nr(r),o=null))}catch(c){console.error(c),await Nr(r),o=null}let a;return t.idleOptions?.disableIdle?a=void 0:(i||t.identity)&&(a=se.create(t.idleOptions)),o||(n===Rr?o=Lt.generate():(t.storage&&n===Cr&&console.warn(`You are using a custom storage provider that may not support CryptoKey storage. If you are using a custom storage provider that does not support CryptoKey storage, you should use '${Rr}' as the key type, as it can serialize to a string`),o=await qt.generate()),await oo(r,o)),new e(s,o,i,r,a,t)}_registerDefaultIdleCallback(){let t=this._createOptions?.idleOptions;!t?.onIdle&&!t?.disableDefaultIdleCallback&&this.idleManager?.registerCallback(()=>{this.logout(),location.reload()})}async _handleSuccess(t,r){let n=t.delegations.map(a=>({delegation:new Ht(a.delegation.pubkey,a.delegation.expiration,a.delegation.targets),signature:a.signature})),o=Ct.fromDelegations(n,t.userPublicKey),s=this._key;if(!s)return;this._chain=o,"toDer"in s?this._identity=ne.fromDelegation(s,this._chain):this._identity=Rt.fromDelegation(s,this._chain),this._idpWindow?.close();let i=this._createOptions?.idleOptions;!this.idleManager&&!i?.disableIdle&&(this.idleManager=se.create(i),this._registerDefaultIdleCallback()),this._removeEventListener(),delete this._idpWindow,this._chain&&await this._storage.set(et,JSON.stringify(this._chain.toJSON())),await oo(this._storage,this._key),r?.(t)}getIdentity(){return this._identity}async isAuthenticated(){return!this.getIdentity().getPrincipal().isAnonymous()&&this._chain!==null&&Ar(this._chain)}async login(t){let r=As(this._createOptions?.loginOptions,t),n=r?.maxTimeToLive??Is,o=new URL(r?.identityProvider?.toString()||Es);o.hash=_s,this._idpWindow?.close(),this._removeEventListener(),this._eventHandler=this._getEventHandler(o,{maxTimeToLive:n,...r}),window.addEventListener("message",this._eventHandler),this._idpWindow=window.open(o.toString(),"idpWindow",r?.windowOpenerFeatures)??void 0;let s=()=>{this._idpWindow&&(this._idpWindow.closed?this._handleFailure(so,r?.onError):setTimeout(s,Bs))};s()}_getEventHandler(t,r){return async n=>{if(n.origin!==t.origin)return;let o=n.data;switch(o.kind){case"authorize-ready":{let s={kind:"authorize-client",sessionPublicKey:new Uint8Array(this._key?.getPublicKey().toDer()),maxTimeToLive:r?.maxTimeToLive,allowPinAuthentication:r?.allowPinAuthentication,derivationOrigin:r?.derivationOrigin?.toString(),...r?.customValues};this._idpWindow?.postMessage(s,t.origin);break}case"authorize-client-success":try{await this._handleSuccess(o,r?.onSuccess)}catch(s){this._handleFailure(s.message,r?.onError)}break;case"authorize-client-failure":this._handleFailure(o.text,r?.onError);break}}}_handleFailure(t,r){this._idpWindow?.close(),r?.(t),this._removeEventListener(),delete this._idpWindow}_removeEventListener(){this._eventHandler&&window.removeEventListener("message",this._eventHandler),this._eventHandler=void 0}async logout(t={}){if(await Nr(this._storage),this._identity=new Zt,this._chain=null,t.returnTo)try{window.history.pushState({},"",t.returnTo)}catch{window.location.href=t.returnTo}}};async function Nr(e){await e.remove(ut),await e.remove(et),await e.remove(no)}function As(e,t){if(!e&&!t)return;let r=e?.customValues||t?.customValues?{...e?.customValues,...t?.customValues}:void 0;return{...e,...t,customValues:r}}function Ss(e){if(e instanceof qt)return e.getKeyPair();if(e instanceof Lt)return JSON.stringify(e.toJSON());throw new Error("Unsupported key type")}async function oo(e,t){let r=Ss(t);await e.set(ut,r)}var Os="https://id.ai",Ts="https://xis3j-paaaa-aaaai-axumq-cai.icp0.io";var vs=BigInt(86400)*BigInt(1e9),Ds=29*864e5,Qc=BigInt(29)*vs,ae=480*60*1e3,io=BigInt(ae)*1000000n;function co(e=Ds){return{idleOptions:{idleTimeout:e,disableDefaultIdleCallback:!0}}}function ao(){return Os}function Ur(){return Ts}function fo(e){let t=new URLSearchParams(e.startsWith("#")?e.slice(1):e),r=t.get("public_key")??"",n=t.get("callback")??"";if(!r||!n||!Ls(n))return null;try{if(Pr(r).length<32)return null}catch{return null}return{publicKey:r,callback:n}}function Pr(e){if(!/^[A-Za-z0-9_-]+={0,2}$/.test(e))throw new Error("public key is not base64url");let t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t+"=".repeat(r);if(typeof atob=="function"){let o=atob(n);return Uint8Array.from(o,s=>s.charCodeAt(0))}return Uint8Array.from(Buffer.from(n,"base64"))}function Ls(e){let t;try{t=new URL(e)}catch{return!1}return t.protocol!=="http:"||t.username||t.password?!1:t.hostname==="localhost"||t.hostname.endsWith(".localhost")||t.hostname==="127.0.0.1"||t.hostname==="::1"||t.hostname==="[::1]"}var fe=document.querySelector("#status"),uo=document.querySelector("#error"),Pe=document.querySelector("#login"),Cs=document.querySelector("#request-details"),Rs=document.querySelector("#callback-host-port"),Ns=document.querySelector("#derivation-origin"),Us=document.querySelector("#delegation-ttl"),Me=fo(location.hash),Ue=null;Me?(Ps(Me),history.replaceState(null,"",location.pathname),ce.create(co(ae)).then(e=>{Ue=e,Pe.disabled=!1,fe.textContent="Continue to authorize this local CLI session."}).catch(e=>je(Mr(e)))):je("Invalid CLI login request.");Pe.addEventListener("click",async()=>{!Ue||!Me||(Pe.disabled=!0,fe.textContent="Waiting for Internet Identity.",await Ue.login({identityProvider:ao(location),derivationOrigin:Ur(location),maxTimeToLive:io,onSuccess:()=>void js(Ue,Me),onError:e=>je(Mr(e))}))});function Ps(e){let t=new URL(e.callback);Rs.textContent=t.port?`${t.hostname}:${t.port}`:t.hostname,Ns.textContent=Ur(location),Us.textContent=Ms(ae),Cs.hidden=!1}function Ms(e){let t=e/36e5;return Number.isInteger(t)?`${t} hours`:`${Math.round(e/6e4)} minutes`}async function js(e,t){try{fe.textContent="Sending the delegation to the local CLI.";let r=e.getIdentity();if(!(r instanceof Rt))throw new Error("Internet Identity delegation was not available.");let n=Pr(t.publicKey),o=await Ct.create(r,{toDer(){return n}},new Date(Date.now()+ae),{previous:r.getDelegation()}),s=await fetch(t.callback,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify(o.toJSON()),redirect:"error"});if(!s.ok)throw new Error(`CLI callback failed with HTTP ${s.status}.`);await e.logout(),fe.textContent="CLI login complete.",setTimeout(()=>window.close(),1e3)}catch(r){je(Mr(r))}}function je(e){fe.textContent="CLI login failed.",uo.hidden=!1,uo.textContent=e,Pe.disabled=!0}function Mr(e){return e instanceof Error?e.message:String(e)}})();
     </script>
   </body>
 </html>
diff --git a/crates/vfs_canister/src/lib.rs b/crates/vfs_canister/src/lib.rs
index 2916e432..a7be9a07 100644
--- a/crates/vfs_canister/src/lib.rs
+++ b/crates/vfs_canister/src/lib.rs
@@ -36,7 +36,7 @@ use ic_stable_structures::memory_manager::{MemoryId, MemoryManager};
 use vfs_runtime::STORAGE_BILLING_INTERVAL_MS;
 use vfs_runtime::{
     CyclesPendingLedgerDetailsInput, DatabaseCyclesPurchaseWithLedgerDetails, DatabaseMeta,
-    RequiredRole, VfsService, cycles_for_payment_amount_e8s,
+    KinicDepositWithLedgerDetails, RequiredRole, VfsService, cycles_for_payment_amount_e8s,
 };
 use vfs_types::{
     AppendNodeRequest, CanisterHealth, CanonicalRole, ChildNode, CreateDatabaseRequest,
@@ -47,17 +47,21 @@ use vfs_types::{
     DeleteNodeRequest, DeleteNodeResult, EditNodeRequest, EditNodeResult, ExportSnapshotRequest,
     ExportSnapshotResponse, FetchUpdatesRequest, FetchUpdatesResponse, GlobNodeHit,
     GlobNodesRequest, GraphLinksRequest, GraphNeighborhoodRequest, IncomingLinksRequest,
-    IndexSqlJsonQueryResult, KINIC_DECIMALS, KINIC_LEDGER_FEE_E8S, LinkEdge, ListChildrenRequest,
-    ListNodesRequest, MemoryCapability, MemoryManifest, MemoryRoot, MkdirNodeRequest,
-    MkdirNodeResult, MoveNodeRequest, MoveNodeResult, MultiEditNodeRequest, MultiEditNodeResult,
-    Node, NodeContext, NodeContextRequest, NodeEntry, OpsAnswerSessionCheckRequest,
-    OpsAnswerSessionCheckResult, OpsAnswerSessionRequest, OutgoingLinksRequest, QueryContext,
-    QueryContextRequest, RenameDatabaseRequest, SearchNodeHit, SearchNodePathsRequest,
-    SearchNodesRequest, SourceEvidence, SourceEvidenceRequest, SourceRunSessionCheckRequest,
-    Status, StorageBillingBatchRequest, StorageBillingBatchResult,
-    UrlIngestTriggerSessionCheckRequest, UrlIngestTriggerSessionRequest, WriteNodeRequest,
-    WriteNodeResult, WriteNodesRequest, WriteSourceForGenerationRequest,
-    WriteSourceForGenerationResult, kinic_base_units_per_token,
+    IndexSqlJsonQueryResult, KINIC_DECIMALS, KINIC_LEDGER_FEE_E8S, KinicBalance,
+    KinicDepositRequest, KinicDepositResult, KinicFundDatabaseCyclesRequest,
+    KinicFundDatabaseCyclesResult, KinicPendingOperationsPage, KinicPendingOperationsPageRequest,
+    LinkEdge, ListChildrenRequest, ListNodesRequest, MarketCreateListingRequest,
+    MarketEntitlementPage, MarketListing, MarketListingDetail, MarketListingPage, MarketOrder,
+    MarketOrderPage, MarketPurchasePreview, MarketPurchaseRequest, MarketUpdateListingRequest,
+    MemoryCapability, MemoryManifest, MemoryRoot, MkdirNodeRequest, MkdirNodeResult,
+    MoveNodeRequest, MoveNodeResult, MultiEditNodeRequest, MultiEditNodeResult, Node, NodeContext,
+    NodeContextRequest, NodeEntry, OpsAnswerSessionCheckRequest, OpsAnswerSessionCheckResult,
+    OpsAnswerSessionRequest, OutgoingLinksRequest, QueryContext, QueryContextRequest,
+    RenameDatabaseRequest, SearchNodeHit, SearchNodePathsRequest, SearchNodesRequest,
+    SourceEvidence, SourceEvidenceRequest, SourceRunSessionCheckRequest, Status,
+    StorageBillingBatchRequest, StorageBillingBatchResult, UrlIngestTriggerSessionCheckRequest,
+    UrlIngestTriggerSessionRequest, WriteNodeRequest, WriteNodeResult, WriteNodesRequest,
+    WriteSourceForGenerationRequest, WriteSourceForGenerationResult, kinic_base_units_per_token,
 };
 
 #[cfg(not(target_arch = "wasm32"))]
@@ -65,7 +69,8 @@ const INDEX_DB_PATH: &str = "./DB/index.sqlite3";
 #[cfg(not(target_arch = "wasm32"))]
 const DATABASES_DIR: &str = "./DB/databases";
 const II_ALTERNATIVE_ORIGINS_PATH: &str = "/.well-known/ii-alternative-origins";
-const II_ALTERNATIVE_ORIGINS_BODY: &str = r#"{"alternativeOrigins":["https://wiki.kinic.xyz","https://kinic.xyz","chrome-extension://jcfniiflikojmbfnaoamlbbddlikchaj","chrome-extension://hbnicbmdodpmihmcnfgejcdgbfmemoci","chrome-extension://moebdnadaffhlddnhifmmdoecifhcbdi"]}"#;
+const II_PRODUCTION_ALTERNATIVE_ORIGINS_BODY: &str = r#"{"alternativeOrigins":["https://wiki.kinic.xyz","https://kinic.xyz","chrome-extension://jcfniiflikojmbfnaoamlbbddlikchaj","chrome-extension://hbnicbmdodpmihmcnfgejcdgbfmemoci","chrome-extension://moebdnadaffhlddnhifmmdoecifhcbdi"]}"#;
+const II_LOCAL_DEV_ALTERNATIVE_ORIGINS_BODY: &str = r#"{"alternativeOrigins":["https://wiki.kinic.xyz","https://kinic.xyz","chrome-extension://jcfniiflikojmbfnaoamlbbddlikchaj","chrome-extension://hbnicbmdodpmihmcnfgejcdgbfmemoci","chrome-extension://moebdnadaffhlddnhifmmdoecifhcbdi","http://localhost:3000","http://127.0.0.1:3010","http://localhost:3010","http://127.0.0.1:3100","http://localhost:3100"]}"#;
 const ICP_CLI_LOGIN_DISCOVERY_PATH: &str = "/.well-known/ic-cli-login";
 const ICP_CLI_LOGIN_PATH: &str = "/login";
 const ICP_CLI_LOGIN_HTML: &str = include_str!("icp_cli_login.html");
@@ -434,49 +439,79 @@ fn icrc10_supported_standards() -> Vec<Icrc10SupportedStandard> {
 fn icrc21_canister_call_consent_message(
     request: Icrc21ConsentMessageRequest,
 ) -> Icrc21ConsentMessageResponse {
-    if request.method != "purchase_database_cycles" {
-        return icrc21_unsupported(format!("unsupported canister call: {}", request.method));
-    }
-    let purchase = match Decode!(&request.arg, DatabaseCyclesPurchaseRequest) {
-        Ok(decoded) => decoded,
-        Err(error) => {
-            return icrc21_unavailable(format!(
-                "purchase_database_cycles argument decode failed: {error}"
-            ));
-        }
-    };
-    let cycles = match with_service(|service| {
-        let config = service.cycles_billing_config()?;
-        let cycles = cycles_for_payment_amount_e8s(purchase.payment_amount_e8s, &config)?;
-        service.validate_database_cycles_purchase_with_minimum(
-            &purchase.database_id,
-            purchase.payment_amount_e8s,
-            purchase.min_expected_cycles,
-        )?;
-        Ok(cycles)
-    }) {
-        Ok(cycles) => cycles,
-        Err(error) => return icrc21_unsupported(error),
-    };
     let language = if request.user_preferences.metadata.language.trim().is_empty() {
         "en".to_string()
     } else {
         request.user_preferences.metadata.language
     };
-    Icrc21ConsentMessageResponse::Ok(Icrc21ConsentInfo {
-        metadata: Icrc21ConsentMessageMetadata {
-            language,
-            utc_offset_minutes: request.user_preferences.metadata.utc_offset_minutes,
-        },
-        consent_message: Icrc21ConsentMessage::GenericDisplayMessage(format!(
-            "# Purchase Kinic database cycles\n\nDatabase: `{database_id}`\n\nCycles: `{cycles}`\n\nPayment: `{payment}` KINIC\n\nLedger transfer fee in allowance: `{fee}` KINIC\n\nSpender canister: `{spender}`",
-            database_id = purchase.database_id,
-            cycles = format_cycles(cycles),
-            payment = format_e8s(purchase.payment_amount_e8s),
-            fee = format_e8s(KINIC_LEDGER_FEE_E8S),
-            spender = canister_principal().to_text()
-        )),
-    })
+    let metadata = Icrc21ConsentMessageMetadata {
+        language,
+        utc_offset_minutes: request.user_preferences.metadata.utc_offset_minutes,
+    };
+    match request.method.as_str() {
+        "purchase_database_cycles" => {
+            let purchase = match Decode!(&request.arg, DatabaseCyclesPurchaseRequest) {
+                Ok(decoded) => decoded,
+                Err(error) => {
+                    return icrc21_unavailable(format!(
+                        "purchase_database_cycles argument decode failed: {error}"
+                    ));
+                }
+            };
+            let cycles = match with_service(|service| {
+                let config = service.cycles_billing_config()?;
+                let cycles = cycles_for_payment_amount_e8s(purchase.payment_amount_e8s, &config)?;
+                service.validate_database_cycles_purchase_with_minimum(
+                    &purchase.database_id,
+                    purchase.payment_amount_e8s,
+                    purchase.min_expected_cycles,
+                )?;
+                Ok(cycles)
+            }) {
+                Ok(cycles) => cycles,
+                Err(error) => return icrc21_unsupported(error),
+            };
+            Icrc21ConsentMessageResponse::Ok(Icrc21ConsentInfo {
+                metadata,
+                consent_message: Icrc21ConsentMessage::GenericDisplayMessage(format!(
+                    "# Purchase Kinic database cycles\n\nDatabase: `{database_id}`\n\nCycles: `{cycles}`\n\nPayment: `{payment}` KINIC\n\nLedger transfer fee in allowance: `{fee}` KINIC\n\nSpender canister: `{spender}`",
+                    database_id = purchase.database_id,
+                    cycles = format_cycles(cycles),
+                    payment = format_e8s(purchase.payment_amount_e8s),
+                    fee = format_e8s(KINIC_LEDGER_FEE_E8S),
+                    spender = canister_principal().to_text()
+                )),
+            })
+        }
+        "kinic_deposit_balance" => {
+            let deposit = match Decode!(&request.arg, KinicDepositRequest) {
+                Ok(decoded) => decoded,
+                Err(error) => {
+                    return icrc21_unavailable(format!(
+                        "kinic_deposit_balance argument decode failed: {error}"
+                    ));
+                }
+            };
+            if deposit.amount_e8s == 0 {
+                return icrc21_unsupported("KINIC deposit amount must be positive".to_string());
+            }
+            if i64::try_from(deposit.amount_e8s).is_err()
+                || i64::try_from(deposit.expected_fee_e8s).is_err()
+            {
+                return icrc21_unsupported("KINIC deposit amount exceeds i64".to_string());
+            }
+            Icrc21ConsentMessageResponse::Ok(Icrc21ConsentInfo {
+                metadata,
+                consent_message: Icrc21ConsentMessage::GenericDisplayMessage(format!(
+                    "# Deposit KINIC to KINIC balance\n\nAmount: `{amount}` KINIC\n\nLedger transfer fee in allowance: `{fee}` KINIC\n\nSpender canister: `{spender}`\n\nPurpose: canister-held KINIC balance",
+                    amount = format_e8s(deposit.amount_e8s),
+                    fee = format_e8s(deposit.expected_fee_e8s),
+                    spender = canister_principal().to_text()
+                )),
+            })
+        }
+        method => icrc21_unsupported(format!("unsupported canister call: {method}")),
+    }
 }
 
 #[update]
@@ -709,6 +744,229 @@ fn list_database_cycles_pending_purchases(
     })
 }
 
+#[query]
+fn kinic_get_balance() -> Result<KinicBalance, String> {
+    with_service(|service| service.kinic_get_balance(&caller_text()))
+}
+
+#[update]
+fn kinic_fund_database_cycles(
+    request: KinicFundDatabaseCyclesRequest,
+) -> Result<KinicFundDatabaseCyclesResult, String> {
+    require_authenticated_caller()?;
+    with_unmetered_update(
+        "kinic_fund_database_cycles",
+        Some(request.database_id.clone()),
+        |service, caller, now| service.kinic_fund_database_cycles(caller, request, now),
+    )
+}
+
+#[update]
+async fn kinic_deposit_balance(request: KinicDepositRequest) -> Result<KinicDepositResult, String> {
+    require_authenticated_caller()?;
+    let caller = caller_text();
+    let now = now_millis();
+    let config = with_service(|service| service.cycles_billing_config())?;
+    let ledger = Principal::from_text(&config.kinic_ledger_canister_id)
+        .map_err(|error| format!("invalid KINIC ledger canister id: {error}"))?;
+    let ledger_created_at_time_ns = now_nanos();
+    let canister_owner = canister_principal().to_text();
+    let deposit_start = with_service(|service| {
+        service.begin_kinic_deposit_with_ledger_details(KinicDepositWithLedgerDetails {
+            caller: &caller,
+            amount_e8s: request.amount_e8s,
+            ledger: CyclesPendingLedgerDetailsInput {
+                from_owner: &caller,
+                from_subaccount: None,
+                to_owner: &canister_owner,
+                to_subaccount: None,
+                ledger_fee_e8s: request.expected_fee_e8s,
+                ledger_created_at_time_ns,
+            },
+            now,
+        })
+    })?;
+    let operation_id = deposit_start.operation_id;
+    match ledger_transfer_from_with_memo(
+        ledger,
+        IcrcAccount {
+            owner: caller_principal(),
+            subaccount: None,
+        },
+        IcrcAccount {
+            owner: canister_principal(),
+            subaccount: None,
+        },
+        request.amount_e8s,
+        request.expected_fee_e8s,
+        kinic_deposit_memo(operation_id),
+        ledger_created_at_time_ns,
+    )
+    .await
+    {
+        LedgerTransferFromOutcome::Completed(block_index) => {
+            if let Err(error) = with_service(|service| {
+                service.complete_kinic_deposit_ledger_transfer(
+                    operation_id,
+                    &caller,
+                    request.amount_e8s,
+                    block_index,
+                )
+            }) {
+                return Err(kinic_deposit_local_apply_error(
+                    operation_id,
+                    block_index,
+                    error,
+                ));
+            }
+            #[cfg(test)]
+            if TEST_KINIC_DEPOSIT_APPLY_FAIL_ONCE.with(|flag| flag.replace(false)) {
+                return Err(kinic_deposit_local_apply_error(
+                    operation_id,
+                    block_index,
+                    "test KINIC deposit apply failure".to_string(),
+                ));
+            }
+            let balance = with_service(|service| {
+                service.apply_kinic_deposit(operation_id, &caller, request.amount_e8s, now)
+            })
+            .map_err(|error| kinic_deposit_local_apply_error(operation_id, block_index, error))?;
+            Ok(KinicDepositResult {
+                block_index,
+                amount_e8s: deposit_start.amount_e8s,
+                balance_e8s: balance.balance_e8s,
+            })
+        }
+        LedgerTransferFromOutcome::BadFee { expected_fee_e8s } => {
+            let _ = with_service(|service| {
+                service.cancel_kinic_deposit_after_ledger_error(
+                    operation_id,
+                    &caller,
+                    request.amount_e8s,
+                )
+            });
+            Err(format!(
+                "icrc2_transfer_from failed: BadFee expected fee {expected_fee_e8s}; re-approve with the current ledger fee and retry"
+            ))
+        }
+        LedgerTransferFromOutcome::LedgerErr(error) => {
+            let _ = with_service(|service| {
+                service.cancel_kinic_deposit_after_ledger_error(
+                    operation_id,
+                    &caller,
+                    request.amount_e8s,
+                )
+            });
+            Err(error)
+        }
+        LedgerTransferFromOutcome::Ambiguous(error) => {
+            if let Err(mark_error) = with_service(|service| {
+                service.mark_kinic_deposit_ambiguous(operation_id, &caller, request.amount_e8s)
+            }) {
+                return Err(format!(
+                    "icrc2_transfer_from result ambiguous for KINIC deposit operation_id {operation_id}; failed to mark operation ambiguous; billing authority review required: {mark_error}; original ledger ambiguity: {error}"
+                ));
+            }
+            Err(format!(
+                "icrc2_transfer_from result ambiguous for KINIC deposit operation_id {operation_id}; billing authority review required: {error}"
+            ))
+        }
+    }
+}
+
+fn kinic_deposit_local_apply_error(operation_id: u64, block_index: u64, cause: String) -> String {
+    format!(
+        "KINIC deposit completed at ledger block {block_index} but local balance application failed; pending operation {operation_id} remains completed for billing authority review: {cause}"
+    )
+}
+
+#[query]
+fn kinic_list_pending_operations(
+    request: KinicPendingOperationsPageRequest,
+) -> Result<KinicPendingOperationsPage, String> {
+    with_service(|service| service.kinic_list_pending_operations(&caller_text(), request))
+}
+
+#[update]
+fn market_create_listing(request: MarketCreateListingRequest) -> Result<MarketListing, String> {
+    require_authenticated_caller()?;
+    with_unmetered_update(
+        "market_create_listing",
+        Some(request.database_id.clone()),
+        |service, caller, now| service.market_create_listing(caller, request, now),
+    )
+}
+
+#[update]
+fn market_update_listing(request: MarketUpdateListingRequest) -> Result<MarketListing, String> {
+    require_authenticated_caller()?;
+    with_unmetered_update("market_update_listing", None, |service, caller, now| {
+        service.market_update_listing(caller, request, now)
+    })
+}
+
+#[update]
+fn market_publish_listing(listing_id: String) -> Result<MarketListing, String> {
+    require_authenticated_caller()?;
+    with_unmetered_update("market_publish_listing", None, |service, caller, now| {
+        service.market_publish_listing(caller, &listing_id, now)
+    })
+}
+
+#[update]
+fn market_pause_listing(listing_id: String) -> Result<MarketListing, String> {
+    require_authenticated_caller()?;
+    with_unmetered_update("market_pause_listing", None, |service, caller, now| {
+        service.market_pause_listing(caller, &listing_id, now)
+    })
+}
+
+#[query]
+fn market_list_listings(cursor: Option<String>, limit: u32) -> Result<MarketListingPage, String> {
+    with_service(|service| service.market_list_listings(cursor, limit))
+}
+
+#[query]
+fn market_list_database_listings(database_id: String) -> Result<Vec<MarketListing>, String> {
+    with_service(|service| service.market_list_database_listings(&caller_text(), &database_id))
+}
+
+#[query]
+fn market_get_listing(listing_id: String) -> Result<MarketListingDetail, String> {
+    with_service(|service| service.market_get_listing(&caller_text(), &listing_id))
+}
+
+#[query]
+fn market_preview_purchase(listing_id: String) -> Result<MarketPurchasePreview, String> {
+    with_service(|service| service.market_preview_purchase(&caller_text(), &listing_id))
+}
+
+#[update]
+fn market_purchase_access(request: MarketPurchaseRequest) -> Result<MarketOrder, String> {
+    require_authenticated_caller()?;
+    with_unmetered_update("market_purchase_access", None, |service, caller, now| {
+        service.market_purchase_access(caller, request, now)
+    })
+}
+
+#[query]
+fn market_list_entitlements(
+    cursor: Option<String>,
+    limit: u32,
+) -> Result<MarketEntitlementPage, String> {
+    with_service(|service| service.market_list_entitlements(&caller_text(), cursor, limit))
+}
+
+#[query]
+fn market_list_orders(cursor: Option<String>, limit: u32) -> Result<MarketOrderPage, String> {
+    with_service(|service| service.market_list_orders(&caller_text(), cursor, limit))
+}
+
+#[query]
+fn market_count_active_entitlements(database_id: String) -> Result<u64, String> {
+    with_service(|service| service.market_count_active_entitlements(&caller_text(), &database_id))
+}
+
 #[update]
 fn update_cycles_billing_config(update: CyclesBillingConfigUpdate) -> Result<(), String> {
     require_authenticated_caller()?;
@@ -1246,6 +1504,7 @@ thread_local! {
     static TEST_LAST_LEDGER_FROM: RefCell<Option<IcrcAccount>> = const { RefCell::new(None) };
     static TEST_CALLER_PRINCIPAL: RefCell<Option<Principal>> = const { RefCell::new(None) };
     static TEST_DATABASE_CYCLES_PURCHASE_APPLY_FAIL_ONCE: RefCell<bool> = const { RefCell::new(false) };
+    static TEST_KINIC_DEPOSIT_APPLY_FAIL_ONCE: RefCell<bool> = const { RefCell::new(false) };
     static TEST_UPDATE_CHARGE_UNITS: RefCell<Vec<u128>> = const { RefCell::new(Vec::new()) };
 }
 
@@ -1259,6 +1518,11 @@ fn fail_next_apply_database_cycles_purchase_apply_for_test() {
     TEST_DATABASE_CYCLES_PURCHASE_APPLY_FAIL_ONCE.with(|flag| flag.replace(true));
 }
 
+#[cfg(test)]
+fn fail_next_apply_kinic_deposit_for_test() {
+    TEST_KINIC_DEPOSIT_APPLY_FAIL_ONCE.with(|flag| flag.replace(true));
+}
+
 #[cfg(test)]
 fn set_next_ledger_transfer_from_outcome_for_test(outcome: LedgerTransferFromOutcome) {
     TEST_LEDGER_TRANSFER_FROM_OUTCOMES.with(|slot| {
@@ -1495,6 +1759,27 @@ async fn ledger_transfer_from(
     created_at_time_ns: u64,
 ) -> LedgerTransferFromOutcome {
     let memo = cycles_purchase_memo(operation_id);
+    ledger_transfer_from_with_memo(
+        ledger,
+        from,
+        to,
+        amount_e8s,
+        ledger_fee_e8s,
+        memo,
+        created_at_time_ns,
+    )
+    .await
+}
+
+async fn ledger_transfer_from_with_memo(
+    ledger: Principal,
+    from: IcrcAccount,
+    to: IcrcAccount,
+    amount_e8s: u64,
+    ledger_fee_e8s: u64,
+    memo: Vec<u8>,
+    created_at_time_ns: u64,
+) -> LedgerTransferFromOutcome {
     #[cfg(test)]
     {
         record_test_ledger_from(&from);
@@ -1581,6 +1866,10 @@ fn cycles_purchase_memo(operation_id: u64) -> Vec<u8> {
     format!("kvfs:cp:{operation_id}").into_bytes()
 }
 
+fn kinic_deposit_memo(operation_id: u64) -> Vec<u8> {
+    format!("kvfs:md:{operation_id}").into_bytes()
+}
+
 fn with_unmetered_update<T, F>(method: &str, database_id: Option<String>, f: F) -> Result<T, String>
 where
     F: FnOnce(&VfsService, &str, i64) -> Result<T, String>,
@@ -1811,7 +2100,7 @@ fn certified_static_responses() -> Vec<(
     vec![
         certified_static_response_entry(
             II_ALTERNATIVE_ORIGINS_PATH,
-            II_ALTERNATIVE_ORIGINS_BODY.as_bytes().to_vec(),
+            ii_alternative_origins_body().as_bytes().to_vec(),
             "application/json; charset=utf-8",
             true,
         ),
@@ -1830,6 +2119,13 @@ fn certified_static_responses() -> Vec<(
     ]
 }
 
+fn ii_alternative_origins_body() -> &'static str {
+    match option_env!("KINIC_VFS_LOCAL_II_ORIGINS") {
+        Some("1") => II_LOCAL_DEV_ALTERNATIVE_ORIGINS_BODY,
+        _ => II_PRODUCTION_ALTERNATIVE_ORIGINS_BODY,
+    }
+}
+
 fn certified_static_response_entry(
     path: &'static str,
     body: Vec<u8>,
diff --git a/crates/vfs_canister/src/tests.rs b/crates/vfs_canister/src/tests.rs
index 5421bd90..a01ac46a 100644
--- a/crates/vfs_canister/src/tests.rs
+++ b/crates/vfs_canister/src/tests.rs
@@ -13,12 +13,13 @@ use vfs_types::{
     DatabaseCyclesPurchaseRequest, DatabaseRestoreChunkRequest, DatabaseRole, DatabaseStatus,
     DeleteDatabaseRequest, DeleteNodeRequest, EditNodeRequest, ExportSnapshotRequest,
     FetchUpdatesRequest, GlobNodeType, GlobNodesRequest, GraphLinksRequest,
-    GraphNeighborhoodRequest, IncomingLinksRequest, KINIC_LEDGER_FEE_E8S, ListChildrenRequest,
-    ListNodesRequest, MkdirNodeRequest, MoveNodeRequest, MultiEdit, MultiEditNodeRequest,
-    NodeContextRequest, NodeEntryKind, NodeKind, OutgoingLinksRequest, QueryContextRequest,
-    RenameDatabaseRequest, SearchNodePathsRequest, SearchNodesRequest, SearchPreviewMode,
-    SourceEvidenceRequest, StorageBillingBatchRequest, WriteNodeItem, WriteNodeRequest,
-    WriteNodesRequest,
+    GraphNeighborhoodRequest, IncomingLinksRequest, KINIC_LEDGER_FEE_E8S, KinicDepositRequest,
+    KinicFundDatabaseCyclesRequest, KinicPendingOperationsPageRequest, ListChildrenRequest,
+    ListNodesRequest, MarketCreateListingRequest, MarketPurchaseRequest, MkdirNodeRequest,
+    MoveNodeRequest, MultiEdit, MultiEditNodeRequest, NodeContextRequest, NodeEntryKind, NodeKind,
+    OutgoingLinksRequest, QueryContextRequest, RenameDatabaseRequest, SearchNodePathsRequest,
+    SearchNodesRequest, SearchPreviewMode, SourceEvidenceRequest, StorageBillingBatchRequest,
+    WriteNodeItem, WriteNodeRequest, WriteNodesRequest,
 };
 
 use super::{
@@ -28,20 +29,22 @@ use super::{
     cancel_database_archive, check_database_write_cycles, clear_last_ledger_memo_for_test,
     clear_ledger_transactions_for_test, create_database, delete_node, edit_node, export_snapshot,
     fail_next_apply_database_cycles_purchase_apply_for_test,
-    fail_next_mount_database_file_for_test, fetch_updates, finalize_database_archive,
-    finalize_database_restore, get_cycles_billing_config, glob_nodes, grant_database_access,
-    graph_links, graph_neighborhood, icrc21_canister_call_consent_message, incoming_links,
-    last_ledger_from_for_test, last_ledger_memo_for_test, ledger_transfer_fees_for_test,
-    list_children, list_database_cycle_entries, list_database_cycles_pending_purchases,
-    list_database_members, list_databases, list_nodes, memory_manifest, mkdir_node, move_node,
-    multi_edit_node, outgoing_links, parse_upgrade_cycles_billing_config_arg,
-    purchase_database_cycles, query_context, query_index_sql_json, read_database_archive_chunk,
-    read_node, read_node_context, rename_database, revoke_database_access, search_node_paths,
-    search_nodes, set_next_ledger_transfer_from_outcome_for_test,
-    set_test_caller_principal_for_test, set_update_charge_units_for_test,
-    settle_database_storage_charges_batch, source_evidence, status, transfer_from_error_outcome,
-    update_charge_cycles, update_cycles_billing_config, write_database_restore_chunk, write_node,
-    write_nodes,
+    fail_next_apply_kinic_deposit_for_test, fail_next_mount_database_file_for_test, fetch_updates,
+    finalize_database_archive, finalize_database_restore, get_cycles_billing_config, glob_nodes,
+    grant_database_access, graph_links, graph_neighborhood, icrc21_canister_call_consent_message,
+    incoming_links, kinic_deposit_balance, kinic_fund_database_cycles, kinic_get_balance,
+    kinic_list_pending_operations, last_ledger_from_for_test, last_ledger_memo_for_test,
+    ledger_transfer_fees_for_test, list_children, list_database_cycle_entries,
+    list_database_cycles_pending_purchases, list_database_members, list_databases, list_nodes,
+    market_create_listing, market_publish_listing, market_purchase_access, memory_manifest,
+    mkdir_node, move_node, multi_edit_node, outgoing_links,
+    parse_upgrade_cycles_billing_config_arg, purchase_database_cycles, query_context,
+    query_index_sql_json, read_database_archive_chunk, read_node, read_node_context,
+    rename_database, revoke_database_access, search_node_paths, search_nodes,
+    set_next_ledger_transfer_from_outcome_for_test, set_test_caller_principal_for_test,
+    set_update_charge_units_for_test, settle_database_storage_charges_batch, source_evidence,
+    status, transfer_from_error_outcome, update_charge_cycles, update_cycles_billing_config,
+    write_database_restore_chunk, write_node, write_nodes,
 };
 
 fn install_test_service() {
@@ -131,6 +134,63 @@ fn pending_cycle_purchase_state(database_id: &str) -> String {
     })
 }
 
+fn pending_kinic_deposit_state() -> String {
+    SERVICE.with(|slot| {
+        slot.borrow()
+            .as_ref()
+            .expect("service should be installed")
+            .query_index_sql_json(
+                "SELECT json_object('status', operation_status, 'block', external_block_index) FROM kinic_pending_operations WHERE kind = 'deposit' LIMIT 1",
+                1,
+            )
+            .expect("pending operation should query")
+            .rows
+            .into_iter()
+            .next()
+            .expect("pending operation should exist")
+    })
+}
+
+fn kinic_deposit_ledger_count(principal: &str) -> String {
+    SERVICE.with(|slot| {
+        slot.borrow()
+            .as_ref()
+            .expect("service should be installed")
+            .query_index_sql_json(
+                &format!(
+                    "SELECT json_object('count', COUNT(*)) FROM kinic_ledger WHERE principal = '{}' AND kind = 'deposit' LIMIT 1",
+                    principal
+                ),
+                1,
+            )
+            .expect("KINIC ledger should query")
+            .rows
+            .into_iter()
+            .next()
+            .expect("KINIC ledger count should exist")
+    })
+}
+
+fn database_cycles_balance_json(database_id: &str) -> String {
+    SERVICE.with(|slot| {
+        slot.borrow()
+            .as_ref()
+            .expect("service should be installed")
+            .query_index_sql_json(
+                &format!(
+                    "SELECT json_object('balance', balance_cycles) FROM database_cycle_accounts WHERE database_id = '{}' LIMIT 1",
+                    database_id
+                ),
+                1,
+            )
+            .expect("database cycles account should query")
+            .rows
+            .into_iter()
+            .next()
+            .expect("database cycles account should exist")
+    })
+}
+
 fn cycles_for_test_payment(service: &VfsService, payment_amount_e8s: u64) -> u64 {
     super::cycles_for_payment_amount_e8s(
         payment_amount_e8s,
@@ -173,6 +233,37 @@ fn cycles_purchase_request(
     }
 }
 
+fn kinic_deposit_request(amount_e8s: u64) -> KinicDepositRequest {
+    KinicDepositRequest {
+        amount_e8s,
+        expected_fee_e8s: KINIC_LEDGER_FEE_E8S,
+    }
+}
+
+fn kinic_fund_request(
+    database_id: &str,
+    payment_amount_e8s: u64,
+) -> KinicFundDatabaseCyclesRequest {
+    KinicFundDatabaseCyclesRequest {
+        database_id: database_id.to_string(),
+        payment_amount_e8s,
+        min_expected_cycles: 1,
+    }
+}
+
+fn market_listing_request(database_id: &str, price_e8s: u64) -> MarketCreateListingRequest {
+    MarketCreateListingRequest {
+        database_id: database_id.to_string(),
+        title: "Private market DB".to_string(),
+        description: "Paid reader access".to_string(),
+        llm_summary: None,
+        summary_snapshot_revision: None,
+        sample_excerpts_json: "[]".to_string(),
+        tags_json: "[]".to_string(),
+        price_e8s,
+    }
+}
+
 fn consent_request(method: &str, arg: Vec<u8>) -> Icrc21ConsentMessageRequest {
     Icrc21ConsentMessageRequest {
         arg,
@@ -392,6 +483,16 @@ fn test_billing_authority_principal() -> Principal {
         .expect("billing authority principal should parse")
 }
 
+fn pending_operations_request(
+    cursor_operation_id: Option<u64>,
+    limit: u32,
+) -> KinicPendingOperationsPageRequest {
+    KinicPendingOperationsPageRequest {
+        cursor_operation_id,
+        limit,
+    }
+}
+
 struct AuthenticatedCallerGuard;
 
 impl AuthenticatedCallerGuard {
@@ -576,6 +677,251 @@ fn purchase_database_cycles_treats_duplicate_as_completed_transfer() {
     assert_eq!(entries[0].ledger_block_index, Some(77));
 }
 
+#[test]
+fn kinic_fund_database_cycles_uses_internal_balance_without_ledger_call() {
+    install_empty_test_service();
+    let _caller = AuthenticatedCallerGuard::install();
+    let database_id = "internal-funding-active";
+    SERVICE.with(|slot| {
+        slot.borrow()
+            .as_ref()
+            .expect("service should be installed")
+            .create_database(database_id, &Principal::management_canister().to_text(), 1)
+            .expect("active database should create");
+    });
+    set_next_ledger_transfer_from_outcome_for_test(LedgerTransferFromOutcome::Completed(90));
+    block_on_ready(kinic_deposit_balance(kinic_deposit_request(1_000)))
+        .expect("deposit should credit internal KINIC balance");
+    clear_last_ledger_memo_for_test();
+
+    let result = kinic_fund_database_cycles(kinic_fund_request(database_id, 500))
+        .expect("internal balance should fund database cycles");
+
+    assert_eq!(result.payment_amount_e8s, 500);
+    assert_eq!(result.amount_cycles, 1_172_500);
+    assert_eq!(result.database_balance_cycles, 1_172_500);
+    assert_eq!(result.kinic_balance_e8s, 500);
+    assert_eq!(last_ledger_memo_for_test(), None);
+    let entries = list_database_cycle_entries(database_id.to_string(), None, 10)
+        .expect("database ledger should load")
+        .entries;
+    assert_eq!(entries.len(), 1);
+    assert_eq!(entries[0].kind, "cycles_purchase");
+    assert_eq!(
+        entries[0].method.as_deref(),
+        Some("kinic_fund_database_cycles")
+    );
+    assert_eq!(entries[0].ledger_block_index, None);
+}
+
+#[test]
+fn kinic_fund_database_cycles_rejects_unallocated_pending_without_state_change() {
+    install_empty_test_service();
+    let _caller = AuthenticatedCallerGuard::install();
+    let database = create_database(CreateDatabaseRequest {
+        name: "Pending internal funding".to_string(),
+    })
+    .expect("pending database should create");
+    set_next_ledger_transfer_from_outcome_for_test(LedgerTransferFromOutcome::Completed(91));
+    block_on_ready(kinic_deposit_balance(kinic_deposit_request(1_000)))
+        .expect("deposit should credit internal KINIC balance");
+    clear_last_ledger_memo_for_test();
+    assert_eq!(
+        database_status_and_mount(&database.database_id),
+        (DatabaseStatus::Pending, None)
+    );
+    assert_eq!(
+        database_cycles_balance_json(&database.database_id),
+        "{\"balance\":0}"
+    );
+    let balance_before = kinic_get_balance()
+        .expect("KINIC balance should load")
+        .balance_e8s;
+
+    let error = kinic_fund_database_cycles(kinic_fund_request(&database.database_id, 500))
+        .expect_err("unallocated pending database should reject");
+
+    assert!(error.contains("pending database has no activation mount"));
+    assert_eq!(
+        database_status_and_mount(&database.database_id),
+        (DatabaseStatus::Pending, None)
+    );
+    assert_eq!(
+        database_cycles_balance_json(&database.database_id),
+        "{\"balance\":0}"
+    );
+    assert_eq!(
+        kinic_get_balance()
+            .expect("KINIC balance should load")
+            .balance_e8s,
+        balance_before
+    );
+    assert_eq!(last_ledger_memo_for_test(), None);
+    assert!(
+        list_database_cycle_entries(database.database_id, None, 10)
+            .expect("database ledger should load")
+            .entries
+            .is_empty()
+    );
+}
+
+#[test]
+fn kinic_deposit_balance_credits_wallet_after_completed_transfer() {
+    install_empty_test_service();
+    let _caller = AuthenticatedCallerGuard::install();
+    set_next_ledger_transfer_from_outcome_for_test(LedgerTransferFromOutcome::Completed(42));
+
+    let result = block_on_ready(kinic_deposit_balance(kinic_deposit_request(500)))
+        .expect("completed transfer-from should credit KINIC balance");
+
+    assert_eq!(result.block_index, 42);
+    assert_eq!(result.amount_e8s, 500);
+    assert_eq!(result.balance_e8s, 500);
+    assert_eq!(
+        kinic_get_balance()
+            .expect("KINIC balance should load")
+            .balance_e8s,
+        500
+    );
+    assert!(
+        kinic_list_pending_operations(pending_operations_request(None, 100))
+            .expect("pending operations should load")
+            .operations
+            .is_empty()
+    );
+}
+
+#[test]
+fn kinic_deposit_duplicate_transfer_is_success_without_double_credit() {
+    install_empty_test_service();
+    let _caller = AuthenticatedCallerGuard::install();
+    set_next_ledger_transfer_from_outcome_for_test(transfer_from_error_outcome(
+        TransferFromError::Duplicate {
+            duplicate_of: Nat::from(77_u64),
+        },
+    ));
+
+    let result = block_on_ready(kinic_deposit_balance(kinic_deposit_request(700)))
+        .expect("duplicate transfer-from should credit KINIC balance");
+
+    assert_eq!(result.block_index, 77);
+    assert_eq!(result.balance_e8s, 700);
+    assert_eq!(
+        kinic_deposit_ledger_count(&Principal::management_canister().to_text()),
+        r#"{"count":1}"#
+    );
+    assert!(
+        kinic_list_pending_operations(pending_operations_request(None, 100))
+            .expect("pending operations should load")
+            .operations
+            .is_empty()
+    );
+}
+
+#[test]
+fn kinic_deposit_completed_local_apply_failure_keeps_pending_for_review() {
+    install_empty_test_service();
+    let caller = Principal::management_canister();
+    let _caller = AuthenticatedCallerGuard::install_principal(caller);
+    set_next_ledger_transfer_from_outcome_for_test(LedgerTransferFromOutcome::Completed(44));
+    fail_next_apply_kinic_deposit_for_test();
+
+    let error = block_on_ready(kinic_deposit_balance(kinic_deposit_request(600)))
+        .expect_err("local apply failure should keep completed pending deposit");
+
+    assert!(error.contains("test KINIC deposit apply failure"));
+    assert!(error.contains("remains completed for billing authority review"));
+    assert_eq!(
+        pending_kinic_deposit_state(),
+        r#"{"status":"completed","block":44}"#
+    );
+    let caller_view = kinic_list_pending_operations(pending_operations_request(None, 100))
+        .expect("caller should view own pending");
+    assert_eq!(caller_view.operations.len(), 1);
+    assert_eq!(caller_view.operations[0].status, "completed");
+    assert_eq!(
+        caller_view.operations[0].required_action,
+        "billing_authority_review"
+    );
+    drop(_caller);
+
+    let _authority =
+        AuthenticatedCallerGuard::install_principal(test_billing_authority_principal());
+    let authority_view = kinic_list_pending_operations(pending_operations_request(None, 100))
+        .expect("billing authority should view all pending");
+    assert_eq!(authority_view.operations.len(), 1);
+    assert_eq!(authority_view.operations[0].caller, caller.to_text());
+}
+
+#[test]
+fn kinic_deposit_ambiguous_transfer_keeps_pending_for_review() {
+    install_empty_test_service();
+    let _caller = AuthenticatedCallerGuard::install();
+    set_next_ledger_transfer_from_outcome_for_test(LedgerTransferFromOutcome::Ambiguous(
+        "icrc2_transfer_from timeout".to_string(),
+    ));
+
+    let error = block_on_ready(kinic_deposit_balance(kinic_deposit_request(800)))
+        .expect_err("ambiguous transfer-from should keep pending deposit");
+
+    assert!(error.contains("result ambiguous"));
+    assert!(error.contains("billing authority review required"));
+    assert_eq!(
+        pending_kinic_deposit_state(),
+        r#"{"status":"ambiguous","block":null}"#
+    );
+    let pending = kinic_list_pending_operations(pending_operations_request(None, 100))
+        .expect("caller should view own pending");
+    assert_eq!(pending.operations.len(), 1);
+    assert_eq!(pending.operations[0].status, "ambiguous");
+    assert_eq!(
+        pending.operations[0].required_action,
+        "billing_authority_review"
+    );
+}
+
+#[test]
+fn kinic_list_pending_operations_paginates_authority_view() {
+    install_empty_test_service();
+    for index in 0..3 {
+        let caller = Principal::self_authenticating([index as u8]);
+        let _caller = AuthenticatedCallerGuard::install_principal(caller);
+        set_next_ledger_transfer_from_outcome_for_test(LedgerTransferFromOutcome::Ambiguous(
+            format!("ambiguous deposit {index}"),
+        ));
+        block_on_ready(kinic_deposit_balance(kinic_deposit_request(800 + index)))
+            .expect_err("ambiguous transfer should keep pending operation");
+    }
+
+    let _authority =
+        AuthenticatedCallerGuard::install_principal(test_billing_authority_principal());
+    let first = kinic_list_pending_operations(pending_operations_request(None, 2))
+        .expect("first pending page should load");
+    assert_eq!(first.operations.len(), 2);
+    assert_eq!(first.next_cursor_operation_id, Some(2));
+
+    let second = kinic_list_pending_operations(pending_operations_request(
+        first.next_cursor_operation_id,
+        2,
+    ))
+    .expect("second pending page should load");
+    assert_eq!(second.operations.len(), 1);
+    assert_eq!(second.operations[0].operation_id, 3);
+    assert_eq!(second.next_cursor_operation_id, None);
+}
+
+#[test]
+fn kinic_balance_queries_reject_anonymous_caller() {
+    install_empty_test_service();
+    set_test_caller_principal_for_test(Principal::anonymous());
+
+    let balance_error = kinic_get_balance().expect_err("anonymous balance query should reject");
+    assert!(balance_error.contains("anonymous caller not allowed"));
+    let pending_error = kinic_list_pending_operations(pending_operations_request(None, 100))
+        .expect_err("anonymous pending query should reject");
+    assert!(pending_error.contains("anonymous caller not allowed"));
+}
+
 #[test]
 fn list_database_cycle_entries_paginates_with_clamped_limits() {
     install_empty_test_service();
@@ -1123,6 +1469,62 @@ fn icrc21_purchase_database_cycles_rejects_missing_database() {
     }
 }
 
+#[test]
+fn icrc21_kinic_deposit_balance_returns_consent_message() {
+    install_empty_test_service();
+    let request = kinic_deposit_request(150_000_000);
+    let arg = Encode!(&request).expect("arg should encode");
+
+    let response =
+        icrc21_canister_call_consent_message(consent_request("kinic_deposit_balance", arg));
+
+    let message = match response {
+        Icrc21ConsentMessageResponse::Ok(info) => match info.consent_message {
+            Icrc21ConsentMessage::GenericDisplayMessage(message) => message,
+        },
+        Icrc21ConsentMessageResponse::Err(error) => {
+            panic!("KINIC deposit consent message should succeed: {error:?}");
+        }
+    };
+    assert!(message.contains("Deposit KINIC to KINIC balance"));
+    assert!(message.contains("Amount: `1.5` KINIC"));
+    assert!(message.contains("Ledger transfer fee in allowance: `0.001` KINIC"));
+    assert!(message.contains("Spender canister:"));
+    assert!(message.contains("canister-held KINIC balance"));
+}
+
+#[test]
+fn icrc21_kinic_deposit_balance_rejects_zero_amount() {
+    install_empty_test_service();
+    let arg = Encode!(&kinic_deposit_request(0)).expect("arg should encode");
+
+    let response =
+        icrc21_canister_call_consent_message(consent_request("kinic_deposit_balance", arg));
+
+    match response {
+        Icrc21ConsentMessageResponse::Err(super::Icrc21Error::UnsupportedCanisterCall(info)) => {
+            assert!(info.description.contains("amount must be positive"));
+        }
+        other => panic!("zero deposit consent should reject: {other:?}"),
+    }
+}
+
+#[test]
+fn icrc21_kinic_deposit_balance_rejects_overflow_amount() {
+    install_empty_test_service();
+    let arg = Encode!(&kinic_deposit_request(u64::MAX)).expect("arg should encode");
+
+    let response =
+        icrc21_canister_call_consent_message(consent_request("kinic_deposit_balance", arg));
+
+    match response {
+        Icrc21ConsentMessageResponse::Err(super::Icrc21Error::UnsupportedCanisterCall(info)) => {
+            assert!(info.description.contains("amount exceeds i64"));
+        }
+        other => panic!("overflow deposit consent should reject: {other:?}"),
+    }
+}
+
 #[test]
 fn icrc21_rejects_unsupported_cycle_consent_method() {
     install_empty_test_service();
@@ -1148,6 +1550,18 @@ fn icrc21_rejects_malformed_cycle_consent_arg() {
     ));
 }
 
+#[test]
+fn icrc21_rejects_malformed_kinic_deposit_consent_arg() {
+    install_empty_test_service();
+    let response =
+        icrc21_canister_call_consent_message(consent_request("kinic_deposit_balance", Vec::new()));
+
+    assert!(matches!(
+        response,
+        Icrc21ConsentMessageResponse::Err(super::Icrc21Error::ConsentMessageUnavailable(_))
+    ));
+}
+
 #[test]
 fn purchase_database_cycles_sends_operation_memo_to_ledger() {
     install_empty_test_service();
@@ -1371,6 +1785,97 @@ fn canister_list_databases_hides_deleted_databases() {
     assert!(summaries.is_empty());
 }
 
+#[test]
+fn canister_list_databases_includes_market_entitlements_as_reader_access() {
+    install_empty_test_service();
+    let owner = Principal::management_canister();
+    let buyer = Principal::self_authenticating(b"market buyer");
+    let database_id;
+    let listing_id;
+
+    {
+        let _caller = AuthenticatedCallerGuard::install_principal(owner);
+        let database = create_database(CreateDatabaseRequest {
+            name: "Private market".to_string(),
+        })
+        .expect("market database should create");
+        database_id = database.database_id;
+        set_next_ledger_transfer_from_outcome_for_test(LedgerTransferFromOutcome::Completed(201));
+        block_on_ready(purchase_database_cycles(cycles_purchase_request(
+            &database_id,
+            1_000_000,
+        )))
+        .expect("market database should activate");
+        write_node(WriteNodeRequest {
+            database_id: database_id.clone(),
+            path: "/Wiki/paid.md".to_string(),
+            kind: NodeKind::File,
+            content: "# Paid\n\nPrivate body".to_string(),
+            metadata_json: "{}".to_string(),
+            expected_etag: None,
+        })
+        .expect("market database content should write");
+        let listing = market_create_listing(market_listing_request(&database_id, 500))
+            .expect("listing should create");
+        assert!(!listing.listing_id.starts_with("listing_"));
+        let active = market_publish_listing(listing.listing_id).expect("listing should publish");
+        listing_id = active.listing_id;
+    }
+
+    {
+        let _caller = AuthenticatedCallerGuard::install_principal(buyer);
+        set_next_ledger_transfer_from_outcome_for_test(LedgerTransferFromOutcome::Completed(202));
+        block_on_ready(kinic_deposit_balance(kinic_deposit_request(1_000)))
+            .expect("buyer should deposit KINIC");
+        market_purchase_access(MarketPurchaseRequest {
+            listing_id: listing_id.clone(),
+            price_e8s: 500,
+        })
+        .expect("buyer should purchase access");
+
+        let summaries = list_databases().expect("buyer database summaries should load");
+        let summary = summaries
+            .iter()
+            .find(|summary| summary.database_id == database_id)
+            .expect("entitled database should appear in authenticated list");
+        assert_eq!(summary.role, DatabaseRole::Reader);
+
+        let node = read_node(database_id.clone(), "/Wiki/paid.md".to_string())
+            .expect("entitled buyer read should succeed")
+            .expect("paid node should exist");
+        assert_eq!(node.content, "# Paid\n\nPrivate body");
+        let children = list_children(ListChildrenRequest {
+            database_id: database_id.clone(),
+            path: "/Wiki".to_string(),
+        })
+        .expect("entitled buyer should list children");
+        assert!(children.iter().any(|child| child.path == "/Wiki/paid.md"));
+    }
+
+    let anonymous_summaries = list_databases().expect("anonymous summaries should load");
+    assert!(
+        anonymous_summaries
+            .iter()
+            .all(|summary| summary.database_id != database_id)
+    );
+
+    {
+        let _caller = AuthenticatedCallerGuard::install_principal(owner);
+        grant_database_access(database_id.clone(), buyer.to_text(), DatabaseRole::Writer)
+            .expect("owner should grant writer access");
+    }
+    {
+        let _caller = AuthenticatedCallerGuard::install_principal(buyer);
+        let summaries = list_databases().expect("buyer database summaries should load");
+        let matching = summaries
+            .iter()
+            .filter(|summary| summary.database_id == database_id)
+            .collect::<Vec<_>>();
+        assert_eq!(matching.len(), 1);
+        assert_eq!(matching[0].role, DatabaseRole::Writer);
+    }
+}
+
 #[test]
 fn update_charge_cycles_checks_counter_order_and_overflow() {
     assert_eq!(
diff --git a/crates/vfs_canister/src/tests_sync_contract.rs b/crates/vfs_canister/src/tests_sync_contract.rs
index 03065195..8df52e57 100644
--- a/crates/vfs_canister/src/tests_sync_contract.rs
+++ b/crates/vfs_canister/src/tests_sync_contract.rs
@@ -10,8 +10,9 @@ use vfs_types::{
 
 use super::{
     HttpRequest, ICP_CLI_LOGIN_DISCOVERY_PATH, ICP_CLI_LOGIN_PATH, II_ALTERNATIVE_ORIGINS_PATH,
-    SERVICE, delete_node, export_snapshot, fetch_updates, http_request, mkdir_node,
-    search_node_paths, search_nodes, write_node,
+    II_LOCAL_DEV_ALTERNATIVE_ORIGINS_BODY, II_PRODUCTION_ALTERNATIVE_ORIGINS_BODY, SERVICE,
+    delete_node, export_snapshot, fetch_updates, http_request, mkdir_node, search_node_paths,
+    search_nodes, write_node,
 };
 use ic_http_certification::CERTIFICATE_EXPRESSION_HEADER_NAME;
 
@@ -97,6 +98,31 @@ fn http_request_serves_certified_ii_alternative_origins() {
     );
 }
 
+#[test]
+fn production_ii_alternative_origins_do_not_include_localhost() {
+    assert!(!II_PRODUCTION_ALTERNATIVE_ORIGINS_BODY.contains("http://127.0.0.1:3000"));
+    assert!(!II_PRODUCTION_ALTERNATIVE_ORIGINS_BODY.contains("http://localhost:3000"));
+    assert!(!II_PRODUCTION_ALTERNATIVE_ORIGINS_BODY.contains("http://127.0.0.1:3010"));
+    assert!(!II_PRODUCTION_ALTERNATIVE_ORIGINS_BODY.contains("http://localhost:3010"));
+    assert!(!II_PRODUCTION_ALTERNATIVE_ORIGINS_BODY.contains("http://127.0.0.1:3100"));
+    assert!(!II_PRODUCTION_ALTERNATIVE_ORIGINS_BODY.contains("http://localhost:3100"));
+}
+
+#[test]
+fn local_dev_ii_alternative_origins_include_fixed_dev_server_origins() {
+    assert!(!II_LOCAL_DEV_ALTERNATIVE_ORIGINS_BODY.contains("http://127.0.0.1:3000"));
+    assert!(II_LOCAL_DEV_ALTERNATIVE_ORIGINS_BODY.contains("http://localhost:3000"));
+    assert!(II_LOCAL_DEV_ALTERNATIVE_ORIGINS_BODY.contains("http://127.0.0.1:3010"));
+    assert!(II_LOCAL_DEV_ALTERNATIVE_ORIGINS_BODY.contains("http://localhost:3010"));
+    assert!(II_LOCAL_DEV_ALTERNATIVE_ORIGINS_BODY.contains("http://127.0.0.1:3100"));
+    assert!(II_LOCAL_DEV_ALTERNATIVE_ORIGINS_BODY.contains("http://localhost:3100"));
+    assert_eq!(
+        II_LOCAL_DEV_ALTERNATIVE_ORIGINS_BODY.matches("://").count(),
+        10,
+        "Internet Identity rejects ii-alternative-origins with more than 10 entries"
+    );
+}
+
 #[test]
 fn http_request_serves_icp_cli_login_discovery() {
     let response = http_request(test_http_get(ICP_CLI_LOGIN_DISCOVERY_PATH));
@@ -133,9 +159,10 @@ fn http_request_serves_icp_cli_login_page() {
     assert!(body.contains("Callback host/port"));
     assert!(body.contains("Derivation origin"));
     assert!(body.contains("Delegation TTL"));
-    assert!(body.contains("http://id.ai.localhost:"));
+    assert!(body.contains("https://id.ai"));
+    assert!(!body.contains("http://id.ai.localhost:"));
     assert!(body.contains("https://xis3j-paaaa-aaaai-axumq-cai.icp0.io"));
-    assert!(compact_body.contains("endsWith(\".localhost\")?"));
+    assert!(compact_body.contains("endsWith(\".localhost\")"));
     assert!(compact_body.contains("derivationOrigin:"));
     assert!(compact_body.contains(r#"method:"POST""#));
     assert!(compact_body.contains(r#""content-type":"application/json""#));
diff --git a/crates/vfs_canister/vfs.did b/crates/vfs_canister/vfs.did
index dc4433a3..4a72fc44 100644
--- a/crates/vfs_canister/vfs.did
+++ b/crates/vfs_canister/vfs.did
@@ -233,6 +233,45 @@ type IndexSqlJsonQueryResult = record {
   row_count : nat32;
   limit : nat32;
 };
+type KinicBalance = record { balance_e8s : nat64 };
+type KinicDepositRequest = record {
+  amount_e8s : nat64;
+  expected_fee_e8s : nat64;
+};
+type KinicDepositResult = record {
+  block_index : nat64;
+  amount_e8s : nat64;
+  balance_e8s : nat64;
+};
+type KinicFundDatabaseCyclesRequest = record {
+  payment_amount_e8s : nat64;
+  database_id : text;
+  min_expected_cycles : nat64;
+};
+type KinicFundDatabaseCyclesResult = record {
+  database_balance_cycles : nat64;
+  payment_amount_e8s : nat64;
+  kinic_balance_e8s : nat64;
+  amount_cycles : nat64;
+};
+type KinicPendingOperation = record {
+  status : text;
+  kind : text;
+  operation_id : nat64;
+  created_at_ms : int64;
+  amount_e8s : nat64;
+  required_action : text;
+  ledger_block_index : opt nat64;
+  caller : text;
+};
+type KinicPendingOperationsPage = record {
+  operations : vec KinicPendingOperation;
+  next_cursor_operation_id : opt nat64;
+};
+type KinicPendingOperationsPageRequest = record {
+  limit : nat32;
+  cursor_operation_id : opt nat64;
+};
 type OutgoingLinksRequest = record { path : text; limit : nat32; database_id : text };
 type LinkEdge = record {
   updated_at : int64;
@@ -248,6 +287,117 @@ type ListNodesRequest = record {
   database_id : text;
   prefix : text;
 };
+type MarketCategoryGraph = record {
+  edges : vec MarketCategoryGraphEdge;
+  nodes : vec MarketCategoryGraphNode;
+};
+type MarketCategoryGraphEdge = record {
+  source_category : text;
+  target_category : text;
+  link_count : nat64;
+};
+type MarketCategoryGraphNode = record { node_count : nat64; category : text };
+type MarketCreateListingRequest = record {
+  llm_summary : opt text;
+  title : text;
+  summary_snapshot_revision : opt text;
+  description : text;
+  database_id : text;
+  price_e8s : nat64;
+  sample_excerpts_json : text;
+  tags_json : text;
+};
+type MarketEntitlement = record {
+  status : text;
+  purchased_at_ms : int64;
+  database_id : text;
+  buyer_principal : text;
+  order_id : text;
+  listing_id : text;
+};
+type MarketEntitlementPage = record {
+  next_cursor : opt text;
+  entitlements : vec MarketEntitlement;
+};
+type MarketListing = record {
+  status : MarketListingStatus;
+  llm_summary : opt text;
+  title : text;
+  summary_snapshot_revision : opt text;
+  report_count : nat64;
+  description : text;
+  updated_at_ms : int64;
+  created_at_ms : int64;
+  seller_principal : text;
+  purchase_count : nat64;
+  database_id : text;
+  listing_id : text;
+  price_e8s : nat64;
+  revision : nat64;
+  sample_excerpts_json : text;
+  tags_json : text;
+};
+type MarketListingDetail = record {
+  listing : MarketListing;
+  preview : MarketListingPreview;
+  verified_stats : MarketListingVerifiedStats;
+};
+type MarketListingPage = record {
+  listings : vec MarketListing;
+  next_cursor : opt text;
+};
+type MarketListingPreview = record {
+  excerpts : vec MarketPreviewExcerpt;
+  top_level_paths : vec text;
+  preview_stale : bool;
+  category_graph : MarketCategoryGraph;
+};
+type MarketListingStatus = variant { Paused; Active; Draft };
+type MarketListingVerifiedStats = record {
+  source_chars : nat64;
+  last_content_updated_at_ms : opt int64;
+  total_nodes : nat64;
+  folder_nodes : nat64;
+  logical_size_bytes : nat64;
+  source_nodes : nat64;
+  wiki_nodes : nat64;
+  markdown_chars : nat64;
+  link_edges : nat64;
+};
+type MarketOrder = record {
+  created_at_ms : int64;
+  seller_principal : text;
+  database_id : text;
+  buyer_principal : text;
+  order_id : text;
+  listing_id : text;
+  price_e8s : nat64;
+  listing_revision : nat64;
+};
+type MarketOrderPage = record {
+  orders : vec MarketOrder;
+  next_cursor : opt text;
+};
+type MarketPreviewExcerpt = record { etag : text; path : text; excerpt : text };
+type MarketPurchasePreview = record {
+  already_entitled : bool;
+  buyer_balance_e8s : nat64;
+  database_id : text;
+  listing_id : text;
+  price_e8s : nat64;
+};
+type MarketPurchaseRequest = record { listing_id : text; price_e8s : nat64 };
+type MarketUpdateListingRequest = record {
+  llm_summary : opt text;
+  title : text;
+  summary_snapshot_revision : opt text;
+  description : text;
+  listing_id : text;
+  price_e8s : nat64;
+  expected_revision : nat64;
+  sample_excerpts_json : text;
+  tags_json : text;
+};
 type MemoryCapability = record { name : text; description : text };
 type MemoryManifest = record {
   recommended_entrypoint : text;
@@ -344,28 +494,41 @@ type Result = variant { Ok : WriteNodeResult; Err : text };
 type Result_1 = variant { Ok; Err : text };
 type Result_10 = variant { Ok : vec GlobNodeHit; Err : text };
 type Result_11 = variant { Ok : vec LinkEdge; Err : text };
-type Result_12 = variant { Ok : vec ChildNode; Err : text };
-type Result_13 = variant { Ok : DatabaseCycleEntryPage; Err : text };
-type Result_14 = variant { Ok : vec DatabaseCyclesPendingPurchase; Err : text };
-type Result_15 = variant { Ok : vec DatabaseMember; Err : text };
-type Result_16 = variant { Ok : vec DatabaseSummary; Err : text };
-type Result_17 = variant { Ok : vec NodeEntry; Err : text };
-type Result_18 = variant { Ok : MkdirNodeResult; Err : text };
-type Result_19 = variant { Ok : MoveNodeResult; Err : text };
+type Result_12 = variant { Ok : KinicDepositResult; Err : text };
+type Result_13 = variant { Ok : KinicFundDatabaseCyclesResult; Err : text };
+type Result_14 = variant { Ok : KinicBalance; Err : text };
+type Result_15 = variant { Ok : KinicPendingOperationsPage; Err : text };
+type Result_16 = variant { Ok : vec ChildNode; Err : text };
+type Result_17 = variant { Ok : DatabaseCycleEntryPage; Err : text };
+type Result_18 = variant { Ok : vec DatabaseCyclesPendingPurchase; Err : text };
+type Result_19 = variant { Ok : vec DatabaseMember; Err : text };
 type Result_2 = variant { Ok : DatabaseArchiveInfo; Err : text };
-type Result_20 = variant { Ok : CyclesPurchaseResult; Err : text };
-type Result_21 = variant { Ok : QueryContext; Err : text };
-type Result_22 = variant { Ok : IndexSqlJsonQueryResult; Err : text };
-type Result_23 = variant { Ok : DatabaseArchiveChunk; Err : text };
-type Result_24 = variant { Ok : opt Node; Err : text };
-type Result_25 = variant { Ok : opt NodeContext; Err : text };
-type Result_26 = variant { Ok : vec SearchNodeHit; Err : text };
-type Result_27 = variant { Ok : StorageBillingBatchResult; Err : text };
-type Result_28 = variant { Ok : SourceEvidence; Err : text };
-type Result_29 = variant { Ok : vec WriteNodeResult; Err : text };
+type Result_20 = variant { Ok : vec DatabaseSummary; Err : text };
+type Result_21 = variant { Ok : vec NodeEntry; Err : text };
+type Result_22 = variant { Ok : nat64; Err : text };
+type Result_23 = variant { Ok : MarketListing; Err : text };
+type Result_24 = variant { Ok : MarketListingDetail; Err : text };
+type Result_25 = variant { Ok : vec MarketListing; Err : text };
+type Result_26 = variant { Ok : MarketEntitlementPage; Err : text };
+type Result_27 = variant { Ok : MarketListingPage; Err : text };
+type Result_28 = variant { Ok : MarketOrderPage; Err : text };
+type Result_29 = variant { Ok : MarketPurchasePreview; Err : text };
 type Result_3 = variant { Ok : OpsAnswerSessionCheckResult; Err : text };
-type Result_30 = variant { Ok : WriteSourceForGenerationResult; Err : text };
+type Result_30 = variant { Ok : MarketOrder; Err : text };
+type Result_31 = variant { Ok : MkdirNodeResult; Err : text };
+type Result_32 = variant { Ok : MoveNodeResult; Err : text };
+type Result_33 = variant { Ok : CyclesPurchaseResult; Err : text };
+type Result_34 = variant { Ok : QueryContext; Err : text };
+type Result_35 = variant { Ok : IndexSqlJsonQueryResult; Err : text };
+type Result_36 = variant { Ok : DatabaseArchiveChunk; Err : text };
+type Result_37 = variant { Ok : opt Node; Err : text };
+type Result_38 = variant { Ok : opt NodeContext; Err : text };
+type Result_39 = variant { Ok : vec SearchNodeHit; Err : text };
 type Result_4 = variant { Ok : CreateDatabaseResult; Err : text };
+type Result_40 = variant { Ok : StorageBillingBatchResult; Err : text };
+type Result_41 = variant { Ok : SourceEvidence; Err : text };
+type Result_42 = variant { Ok : vec WriteNodeResult; Err : text };
+type Result_43 = variant { Ok : WriteSourceForGenerationResult; Err : text };
 type Result_5 = variant { Ok : DeleteNodeResult; Err : text };
 type Result_6 = variant { Ok : EditNodeResult; Err : text };
 type Result_7 = variant { Ok : ExportSnapshotResponse; Err : text };
@@ -504,37 +667,55 @@ service : (CyclesBillingConfig) -> {
       Icrc21ConsentMessageResponse,
     );
   incoming_links : (IncomingLinksRequest) -> (Result_11) query;
-  list_children : (ListChildrenRequest) -> (Result_12) query;
-  list_database_cycle_entries : (text, opt nat64, nat32) -> (Result_13) query;
-  list_database_cycles_pending_purchases : (text) -> (Result_14) query;
-  list_database_members : (text) -> (Result_15) query;
-  list_databases : () -> (Result_16) query;
-  list_nodes : (ListNodesRequest) -> (Result_17) query;
+  kinic_deposit_balance : (KinicDepositRequest) -> (Result_12);
+  kinic_fund_database_cycles : (KinicFundDatabaseCyclesRequest) -> (Result_13);
+  kinic_get_balance : () -> (Result_14) query;
+  kinic_list_pending_operations : (KinicPendingOperationsPageRequest) -> (
+      Result_15,
+    ) query;
+  list_children : (ListChildrenRequest) -> (Result_16) query;
+  list_database_cycle_entries : (text, opt nat64, nat32) -> (Result_17) query;
+  list_database_cycles_pending_purchases : (text) -> (Result_18) query;
+  list_database_members : (text) -> (Result_19) query;
+  list_databases : () -> (Result_20) query;
+  list_nodes : (ListNodesRequest) -> (Result_21) query;
+  market_count_active_entitlements : (text) -> (Result_22) query;
+  market_create_listing : (MarketCreateListingRequest) -> (Result_23);
+  market_get_listing : (text) -> (Result_24) query;
+  market_list_database_listings : (text) -> (Result_25) query;
+  market_list_entitlements : (opt text, nat32) -> (Result_26) query;
+  market_list_listings : (opt text, nat32) -> (Result_27) query;
+  market_list_orders : (opt text, nat32) -> (Result_28) query;
+  market_pause_listing : (text) -> (Result_23);
+  market_preview_purchase : (text) -> (Result_29) query;
+  market_publish_listing : (text) -> (Result_23);
+  market_purchase_access : (MarketPurchaseRequest) -> (Result_30);
+  market_update_listing : (MarketUpdateListingRequest) -> (Result_23);
   memory_manifest : () -> (MemoryManifest) query;
-  mkdir_node : (MkdirNodeRequest) -> (Result_18);
-  move_node : (MoveNodeRequest) -> (Result_19);
+  mkdir_node : (MkdirNodeRequest) -> (Result_31);
+  move_node : (MoveNodeRequest) -> (Result_32);
   multi_edit_node : (MultiEditNodeRequest) -> (Result_6);
   outgoing_links : (OutgoingLinksRequest) -> (Result_11) query;
-  purchase_database_cycles : (DatabaseCyclesPurchaseRequest) -> (Result_20);
-  query_context : (QueryContextRequest) -> (Result_21) query;
-  query_index_sql_json : (text, nat32) -> (Result_22) query;
-  read_database_archive_chunk : (text, nat64, nat32) -> (Result_23) query;
-  read_node : (text, text) -> (Result_24) query;
-  read_node_context : (NodeContextRequest) -> (Result_25) query;
+  purchase_database_cycles : (DatabaseCyclesPurchaseRequest) -> (Result_33);
+  query_context : (QueryContextRequest) -> (Result_34) query;
+  query_index_sql_json : (text, nat32) -> (Result_35) query;
+  read_database_archive_chunk : (text, nat64, nat32) -> (Result_36) query;
+  read_node : (text, text) -> (Result_37) query;
+  read_node_context : (NodeContextRequest) -> (Result_38) query;
   rename_database : (RenameDatabaseRequest) -> (Result_1);
   revoke_database_access : (text, text) -> (Result_1);
-  search_node_paths : (SearchNodePathsRequest) -> (Result_26) query;
-  search_nodes : (SearchNodesRequest) -> (Result_26) query;
+  search_node_paths : (SearchNodePathsRequest) -> (Result_39) query;
+  search_nodes : (SearchNodesRequest) -> (Result_39) query;
   settle_database_storage_charges_batch : (StorageBillingBatchRequest) -> (
-      Result_27,
+      Result_40,
     );
-  source_evidence : (SourceEvidenceRequest) -> (Result_28) query;
+  source_evidence : (SourceEvidenceRequest) -> (Result_41) query;
   status : (text) -> (Status) query;
   update_cycles_billing_config : (CyclesBillingConfigUpdate) -> (Result_1);
   write_database_restore_chunk : (DatabaseRestoreChunkRequest) -> (Result_1);
   write_node : (WriteNodeRequest) -> (Result);
-  write_nodes : (WriteNodesRequest) -> (Result_29);
+  write_nodes : (WriteNodesRequest) -> (Result_42);
   write_source_for_generation : (WriteSourceForGenerationRequest) -> (
-      Result_30,
+      Result_43,
     );
 }
diff --git a/crates/vfs_client/src/lib.rs b/crates/vfs_client/src/lib.rs
index db26029a..011c619f 100644
--- a/crates/vfs_client/src/lib.rs
+++ b/crates/vfs_client/src/lib.rs
@@ -18,12 +18,17 @@ use vfs_types::{
     DeleteDatabaseRequest, DeleteNodeRequest, DeleteNodeResult, EditNodeRequest, EditNodeResult,
     ExportSnapshotRequest, ExportSnapshotResponse, FetchUpdatesRequest, FetchUpdatesResponse,
     GlobNodeHit, GlobNodesRequest, GraphLinksRequest, GraphNeighborhoodRequest,
-    IncomingLinksRequest, LinkEdge, ListChildrenRequest, ListNodesRequest, MemoryManifest,
-    MkdirNodeRequest, MkdirNodeResult, MoveNodeRequest, MoveNodeResult, MultiEditNodeRequest,
-    MultiEditNodeResult, Node, NodeContext, NodeContextRequest, NodeEntry, OutgoingLinksRequest,
-    QueryContext, QueryContextRequest, RenameDatabaseRequest, SearchNodeHit,
-    SearchNodePathsRequest, SearchNodesRequest, SourceEvidence, SourceEvidenceRequest, Status,
-    WriteNodeRequest, WriteNodeResult, WriteNodesRequest,
+    IncomingLinksRequest, KinicBalance, KinicDepositRequest, KinicDepositResult,
+    KinicFundDatabaseCyclesRequest, KinicFundDatabaseCyclesResult, KinicPendingOperationsPage,
+    KinicPendingOperationsPageRequest, LinkEdge, ListChildrenRequest, ListNodesRequest,
+    MarketCreateListingRequest, MarketEntitlementPage, MarketListing, MarketListingPage,
+    MarketOrder, MarketOrderPage, MarketPurchasePreview, MarketPurchaseRequest,
+    MarketUpdateListingRequest, MemoryManifest, MkdirNodeRequest, MkdirNodeResult, MoveNodeRequest,
+    MoveNodeResult, MultiEditNodeRequest, MultiEditNodeResult, Node, NodeContext,
+    NodeContextRequest, NodeEntry, OutgoingLinksRequest, QueryContext, QueryContextRequest,
+    RenameDatabaseRequest, SearchNodeHit, SearchNodePathsRequest, SearchNodesRequest,
+    SourceEvidence, SourceEvidenceRequest, Status, WriteNodeRequest, WriteNodeResult,
+    WriteNodesRequest,
 };
 
 #[async_trait]
@@ -76,6 +81,116 @@ pub trait VfsApi: Sync {
             "list_database_cycles_pending_purchases is not implemented by this client"
         ))
     }
+    async fn kinic_get_balance(&self) -> Result<KinicBalance> {
+        Err(anyhow!(
+            "kinic_get_balance is not implemented by this client"
+        ))
+    }
+    async fn kinic_deposit_balance(
+        &self,
+        _request: KinicDepositRequest,
+    ) -> Result<KinicDepositResult> {
+        Err(anyhow!(
+            "kinic_deposit_balance is not implemented by this client"
+        ))
+    }
+    async fn kinic_fund_database_cycles(
+        &self,
+        _request: KinicFundDatabaseCyclesRequest,
+    ) -> Result<KinicFundDatabaseCyclesResult> {
+        Err(anyhow!(
+            "kinic_fund_database_cycles is not implemented by this client"
+        ))
+    }
+    async fn kinic_list_pending_operations(
+        &self,
+        _request: KinicPendingOperationsPageRequest,
+    ) -> Result<KinicPendingOperationsPage> {
+        Err(anyhow!(
+            "kinic_list_pending_operations is not implemented by this client"
+        ))
+    }
+    async fn market_create_listing(
+        &self,
+        _request: MarketCreateListingRequest,
+    ) -> Result<MarketListing> {
+        Err(anyhow!(
+            "market_create_listing is not implemented by this client"
+        ))
+    }
+    async fn market_update_listing(
+        &self,
+        _request: MarketUpdateListingRequest,
+    ) -> Result<MarketListing> {
+        Err(anyhow!(
+            "market_update_listing is not implemented by this client"
+        ))
+    }
+    async fn market_publish_listing(&self, _listing_id: &str) -> Result<MarketListing> {
+        Err(anyhow!(
+            "market_publish_listing is not implemented by this client"
+        ))
+    }
+    async fn market_pause_listing(&self, _listing_id: &str) -> Result<MarketListing> {
+        Err(anyhow!(
+            "market_pause_listing is not implemented by this client"
+        ))
+    }
+    async fn market_list_listings(
+        &self,
+        _cursor: Option<String>,
+        _limit: u32,
+    ) -> Result<MarketListingPage> {
+        Err(anyhow!(
+            "market_list_listings is not implemented by this client"
+        ))
+    }
+    async fn market_list_database_listings(
+        &self,
+        _database_id: &str,
+    ) -> Result<Vec<MarketListing>> {
+        Err(anyhow!(
+            "market_list_database_listings is not implemented by this client"
+        ))
+    }
+    async fn market_get_listing(&self, _listing_id: &str) -> Result<MarketListing> {
+        Err(anyhow!(
+            "market_get_listing is not implemented by this client"
+        ))
+    }
+    async fn market_preview_purchase(&self, _listing_id: &str) -> Result<MarketPurchasePreview> {
+        Err(anyhow!(
+            "market_preview_purchase is not implemented by this client"
+        ))
+    }
+    async fn market_purchase_access(&self, _request: MarketPurchaseRequest) -> Result<MarketOrder> {
+        Err(anyhow!(
+            "market_purchase_access is not implemented by this client"
+        ))
+    }
+    async fn market_list_entitlements(
+        &self,
+        _cursor: Option<String>,
+        _limit: u32,
+    ) -> Result<MarketEntitlementPage> {
+        Err(anyhow!(
+            "market_list_entitlements is not implemented by this client"
+        ))
+    }
+    async fn market_list_orders(
+        &self,
+        _cursor: Option<String>,
+        _limit: u32,
+    ) -> Result<MarketOrderPage> {
+        Err(anyhow!(
+            "market_list_orders is not implemented by this client"
+        ))
+    }
+    async fn market_count_active_entitlements(&self, _database_id: &str) -> Result<u64> {
+        Err(anyhow!(
+            "market_count_active_entitlements is not implemented by this client"
+        ))
+    }
     async fn get_cycles_billing_config(&self) -> Result<CyclesBillingConfig> {
         Err(anyhow!(
             "get_cycles_billing_config is not implemented by this client"
@@ -493,6 +608,136 @@ impl VfsApi for CanisterVfsClient {
         result.map_err(|error| anyhow!(error))
     }
 
+    async fn kinic_get_balance(&self) -> Result<KinicBalance> {
+        let result: Result<KinicBalance, String> = self.query("kinic_get_balance", &()).await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn kinic_deposit_balance(
+        &self,
+        request: KinicDepositRequest,
+    ) -> Result<KinicDepositResult> {
+        let result: Result<KinicDepositResult, String> =
+            self.update("kinic_deposit_balance", &request).await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn kinic_fund_database_cycles(
+        &self,
+        request: KinicFundDatabaseCyclesRequest,
+    ) -> Result<KinicFundDatabaseCyclesResult> {
+        let result: Result<KinicFundDatabaseCyclesResult, String> =
+            self.update("kinic_fund_database_cycles", &request).await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn kinic_list_pending_operations(
+        &self,
+        request: KinicPendingOperationsPageRequest,
+    ) -> Result<KinicPendingOperationsPage> {
+        let result: Result<KinicPendingOperationsPage, String> = self
+            .query("kinic_list_pending_operations", &request)
+            .await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_create_listing(
+        &self,
+        request: MarketCreateListingRequest,
+    ) -> Result<MarketListing> {
+        let result: Result<MarketListing, String> =
+            self.update("market_create_listing", &request).await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_update_listing(
+        &self,
+        request: MarketUpdateListingRequest,
+    ) -> Result<MarketListing> {
+        let result: Result<MarketListing, String> =
+            self.update("market_update_listing", &request).await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_publish_listing(&self, listing_id: &str) -> Result<MarketListing> {
+        let result: Result<MarketListing, String> = self
+            .update("market_publish_listing", &listing_id.to_string())
+            .await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_pause_listing(&self, listing_id: &str) -> Result<MarketListing> {
+        let result: Result<MarketListing, String> = self
+            .update("market_pause_listing", &listing_id.to_string())
+            .await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_list_listings(
+        &self,
+        cursor: Option<String>,
+        limit: u32,
+    ) -> Result<MarketListingPage> {
+        let result: Result<MarketListingPage, String> =
+            self.query2("market_list_listings", &cursor, &limit).await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_list_database_listings(&self, database_id: &str) -> Result<Vec<MarketListing>> {
+        let result: Result<Vec<MarketListing>, String> = self
+            .query("market_list_database_listings", &database_id.to_string())
+            .await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_get_listing(&self, listing_id: &str) -> Result<MarketListing> {
+        let result: Result<MarketListing, String> = self
+            .query("market_get_listing", &listing_id.to_string())
+            .await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_preview_purchase(&self, listing_id: &str) -> Result<MarketPurchasePreview> {
+        let result: Result<MarketPurchasePreview, String> = self
+            .query("market_preview_purchase", &listing_id.to_string())
+            .await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_purchase_access(&self, request: MarketPurchaseRequest) -> Result<MarketOrder> {
+        let result: Result<MarketOrder, String> =
+            self.update("market_purchase_access", &request).await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_list_entitlements(
+        &self,
+        cursor: Option<String>,
+        limit: u32,
+    ) -> Result<MarketEntitlementPage> {
+        let result: Result<MarketEntitlementPage, String> = self
+            .query2("market_list_entitlements", &cursor, &limit)
+            .await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_list_orders(
+        &self,
+        cursor: Option<String>,
+        limit: u32,
+    ) -> Result<MarketOrderPage> {
+        let result: Result<MarketOrderPage, String> =
+            self.query2("market_list_orders", &cursor, &limit).await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
+    async fn market_count_active_entitlements(&self, database_id: &str) -> Result<u64> {
+        let result: Result<u64, String> = self
+            .query("market_count_active_entitlements", &database_id.to_string())
+            .await?;
+        result.map_err(|error| anyhow!(error))
+    }
+
     async fn grant_database_access(
         &self,
         database_id: &str,
diff --git a/crates/vfs_runtime/Cargo.toml b/crates/vfs_runtime/Cargo.toml
index 97ee1f1d..1e78c078 100644
--- a/crates/vfs_runtime/Cargo.toml
+++ b/crates/vfs_runtime/Cargo.toml
@@ -5,6 +5,7 @@ edition = "2024"
 
 [dependencies]
 candid = "0.10.26"
+serde_json = "1.0.145"
 sha2 = "0.10.9"
 vfs_types = { package = "kinic-vfs-types", version = "0.1.0", path = "../vfs_types" }
 vfs-store = { path = "../vfs_store" }
diff --git a/crates/vfs_runtime/migrations/index_db/011_to_latest.sql b/crates/vfs_runtime/migrations/index_db/011_to_latest.sql
index 40810db2..ff991819 100644
--- a/crates/vfs_runtime/migrations/index_db/011_to_latest.sql
+++ b/crates/vfs_runtime/migrations/index_db/011_to_latest.sql
@@ -61,6 +61,115 @@ CREATE TABLE storage_billing_state (
   CHECK (key = 'timer')
 );
 
+CREATE TABLE kinic_accounts (
+  principal TEXT PRIMARY KEY,
+  balance_e8s INTEGER NOT NULL,
+  created_at_ms INTEGER NOT NULL,
+  updated_at_ms INTEGER NOT NULL
+);
+
+CREATE TABLE kinic_ledger (
+  entry_id INTEGER PRIMARY KEY AUTOINCREMENT,
+  principal TEXT NOT NULL,
+  source TEXT NOT NULL,
+  kind TEXT NOT NULL,
+  amount_e8s INTEGER NOT NULL,
+  balance_after_e8s INTEGER NOT NULL,
+  counterparty TEXT,
+  listing_id TEXT,
+  order_id TEXT,
+  external_block_index INTEGER,
+  created_at_ms INTEGER NOT NULL
+);
+
+CREATE INDEX kinic_ledger_principal_idx
+  ON kinic_ledger(principal, entry_id);
+
+CREATE UNIQUE INDEX kinic_ledger_external_block_idx
+  ON kinic_ledger(external_block_index)
+  WHERE external_block_index IS NOT NULL;
+
+CREATE TABLE kinic_pending_operations (
+  operation_id INTEGER PRIMARY KEY AUTOINCREMENT,
+  kind TEXT NOT NULL,
+  caller TEXT NOT NULL,
+  amount_e8s INTEGER NOT NULL,
+  from_owner TEXT,
+  from_subaccount BLOB,
+  to_owner TEXT,
+  to_subaccount BLOB,
+  ledger_fee_e8s INTEGER,
+  operation_status TEXT NOT NULL,
+  external_block_index INTEGER,
+  ledger_created_at_time_ns INTEGER,
+  created_at_ms INTEGER NOT NULL
+);
+
+CREATE INDEX kinic_pending_operations_caller_idx
+  ON kinic_pending_operations(caller, operation_id);
+
+CREATE UNIQUE INDEX kinic_pending_operations_external_block_kind_idx
+  ON kinic_pending_operations(external_block_index, kind)
+  WHERE external_block_index IS NOT NULL;
+
+CREATE TABLE market_listings (
+  listing_id TEXT PRIMARY KEY,
+  seller_principal TEXT NOT NULL,
+  database_id TEXT NOT NULL,
+  title TEXT NOT NULL,
+  description TEXT NOT NULL,
+  llm_summary TEXT,
+  summary_snapshot_revision TEXT,
+  sample_excerpts_json TEXT NOT NULL,
+  tags_json TEXT NOT NULL,
+  price_e8s INTEGER NOT NULL,
+  status TEXT NOT NULL,
+  revision INTEGER NOT NULL,
+  purchase_count INTEGER NOT NULL,
+  report_count INTEGER NOT NULL,
+  created_at_ms INTEGER NOT NULL,
+  updated_at_ms INTEGER NOT NULL,
+  FOREIGN KEY (database_id) REFERENCES databases(database_id)
+);
+
+CREATE INDEX market_listings_status_idx
+  ON market_listings(status, listing_id);
+
+CREATE INDEX market_listings_database_idx
+  ON market_listings(database_id);
+
+CREATE TABLE market_orders (
+  order_id TEXT PRIMARY KEY,
+  listing_id TEXT NOT NULL,
+  database_id TEXT NOT NULL,
+  buyer_principal TEXT NOT NULL,
+  seller_principal TEXT NOT NULL,
+  price_e8s INTEGER NOT NULL,
+  listing_revision INTEGER NOT NULL,
+  created_at_ms INTEGER NOT NULL
+);
+
+CREATE INDEX market_orders_buyer_idx
+  ON market_orders(buyer_principal, order_id);
+
+CREATE TABLE market_entitlements (
+  database_id TEXT NOT NULL,
+  buyer_principal TEXT NOT NULL,
+  listing_id TEXT NOT NULL,
+  order_id TEXT NOT NULL,
+  purchased_at_ms INTEGER NOT NULL,
+  status TEXT NOT NULL,
+  PRIMARY KEY (database_id, buyer_principal, listing_id),
+  FOREIGN KEY (database_id) REFERENCES databases(database_id)
+);
+
+CREATE UNIQUE INDEX market_entitlements_database_buyer_active_idx
+  ON market_entitlements(database_id, buyer_principal)
+  WHERE status = 'active';
+
+CREATE INDEX market_entitlements_buyer_idx
+  ON market_entitlements(buyer_principal, database_id);
+
 INSERT INTO database_cycle_accounts
   (database_id, balance_cycles, suspended_at_ms, storage_charged_at_ms,
    created_at_ms, updated_at_ms)
diff --git a/crates/vfs_runtime/migrations/index_db/fresh_index_schema.sql b/crates/vfs_runtime/migrations/index_db/fresh_index_schema.sql
index fc65cc66..ebab806e 100644
--- a/crates/vfs_runtime/migrations/index_db/fresh_index_schema.sql
+++ b/crates/vfs_runtime/migrations/index_db/fresh_index_schema.sql
@@ -166,3 +166,112 @@ CREATE TABLE storage_billing_state (
   updated_at_ms INTEGER NOT NULL,
   CHECK (key = 'timer')
 );
+
+CREATE TABLE kinic_accounts (
+  principal TEXT PRIMARY KEY,
+  balance_e8s INTEGER NOT NULL,
+  created_at_ms INTEGER NOT NULL,
+  updated_at_ms INTEGER NOT NULL
+);
+
+CREATE TABLE kinic_ledger (
+  entry_id INTEGER PRIMARY KEY AUTOINCREMENT,
+  principal TEXT NOT NULL,
+  source TEXT NOT NULL,
+  kind TEXT NOT NULL,
+  amount_e8s INTEGER NOT NULL,
+  balance_after_e8s INTEGER NOT NULL,
+  counterparty TEXT,
+  listing_id TEXT,
+  order_id TEXT,
+  external_block_index INTEGER,
+  created_at_ms INTEGER NOT NULL
+);
+
+CREATE INDEX kinic_ledger_principal_idx
+  ON kinic_ledger(principal, entry_id);
+
+CREATE UNIQUE INDEX kinic_ledger_external_block_idx
+  ON kinic_ledger(external_block_index)
+  WHERE external_block_index IS NOT NULL;
+
+CREATE TABLE kinic_pending_operations (
+  operation_id INTEGER PRIMARY KEY AUTOINCREMENT,
+  kind TEXT NOT NULL,
+  caller TEXT NOT NULL,
+  amount_e8s INTEGER NOT NULL,
+  from_owner TEXT,
+  from_subaccount BLOB,
+  to_owner TEXT,
+  to_subaccount BLOB,
+  ledger_fee_e8s INTEGER,
+  operation_status TEXT NOT NULL,
+  external_block_index INTEGER,
+  ledger_created_at_time_ns INTEGER,
+  created_at_ms INTEGER NOT NULL
+);
+
+CREATE INDEX kinic_pending_operations_caller_idx
+  ON kinic_pending_operations(caller, operation_id);
+
+CREATE UNIQUE INDEX kinic_pending_operations_external_block_kind_idx
+  ON kinic_pending_operations(external_block_index, kind)
+  WHERE external_block_index IS NOT NULL;
+
+CREATE TABLE market_listings (
+  listing_id TEXT PRIMARY KEY,
+  seller_principal TEXT NOT NULL,
+  database_id TEXT NOT NULL,
+  title TEXT NOT NULL,
+  description TEXT NOT NULL,
+  llm_summary TEXT,
+  summary_snapshot_revision TEXT,
+  sample_excerpts_json TEXT NOT NULL,
+  tags_json TEXT NOT NULL,
+  price_e8s INTEGER NOT NULL,
+  status TEXT NOT NULL,
+  revision INTEGER NOT NULL,
+  purchase_count INTEGER NOT NULL,
+  report_count INTEGER NOT NULL,
+  created_at_ms INTEGER NOT NULL,
+  updated_at_ms INTEGER NOT NULL,
+  FOREIGN KEY (database_id) REFERENCES databases(database_id)
+);
+
+CREATE INDEX market_listings_status_idx
+  ON market_listings(status, listing_id);
+
+CREATE INDEX market_listings_database_idx
+  ON market_listings(database_id);
+
+CREATE TABLE market_orders (
+  order_id TEXT PRIMARY KEY,
+  listing_id TEXT NOT NULL,
+  database_id TEXT NOT NULL,
+  buyer_principal TEXT NOT NULL,
+  seller_principal TEXT NOT NULL,
+  price_e8s INTEGER NOT NULL,
+  listing_revision INTEGER NOT NULL,
+  created_at_ms INTEGER NOT NULL
+);
+
+CREATE INDEX market_orders_buyer_idx
+  ON market_orders(buyer_principal, order_id);
+
+CREATE TABLE market_entitlements (
+  database_id TEXT NOT NULL,
+  buyer_principal TEXT NOT NULL,
+  listing_id TEXT NOT NULL,
+  order_id TEXT NOT NULL,
+  purchased_at_ms INTEGER NOT NULL,
+  status TEXT NOT NULL,
+  PRIMARY KEY (database_id, buyer_principal, listing_id),
+  FOREIGN KEY (database_id) REFERENCES databases(database_id)
+);
+
+CREATE UNIQUE INDEX market_entitlements_database_buyer_active_idx
+  ON market_entitlements(database_id, buyer_principal)
+  WHERE status = 'active';
+
+CREATE INDEX market_entitlements_buyer_idx
+  ON market_entitlements(buyer_principal, database_id);
diff --git a/crates/vfs_runtime/src/lib.rs b/crates/vfs_runtime/src/lib.rs
index e7d10d63..592a7797 100644
--- a/crates/vfs_runtime/src/lib.rs
+++ b/crates/vfs_runtime/src/lib.rs
@@ -15,6 +15,7 @@ use crate::sqlite::{Connection, OptionalExtension, Transaction, params};
 use candid::Principal;
 #[cfg(target_arch = "wasm32")]
 use ic_sqlite_vfs::{Db, DbError, DbHandle};
+use serde_json::Value;
 use sha2::{Digest, Sha256};
 use vfs_store::FsStore;
 use vfs_types::{
@@ -24,7 +25,13 @@ use vfs_types::{
     DeleteDatabaseRequest, DeleteNodeRequest, DeleteNodeResult, EditNodeRequest, EditNodeResult,
     ExportSnapshotRequest, ExportSnapshotResponse, FetchUpdatesRequest, FetchUpdatesResponse,
     GlobNodeHit, GlobNodesRequest, GraphLinksRequest, GraphNeighborhoodRequest,
-    IncomingLinksRequest, IndexSqlJsonQueryResult, LinkEdge, ListChildrenRequest, ListNodesRequest,
+    IncomingLinksRequest, IndexSqlJsonQueryResult, KinicBalance, KinicFundDatabaseCyclesRequest,
+    KinicFundDatabaseCyclesResult, KinicPendingOperation, KinicPendingOperationsPage,
+    KinicPendingOperationsPageRequest, LinkEdge, ListChildrenRequest, ListNodesRequest,
+    MarketCategoryGraph, MarketCreateListingRequest, MarketEntitlement, MarketEntitlementPage,
+    MarketListing, MarketListingDetail, MarketListingPage, MarketListingPreview,
+    MarketListingStatus, MarketListingVerifiedStats, MarketOrder, MarketOrderPage,
+    MarketPreviewExcerpt, MarketPurchasePreview, MarketPurchaseRequest, MarketUpdateListingRequest,
     MkdirNodeRequest, MkdirNodeResult, MoveNodeRequest, MoveNodeResult, MultiEditNodeRequest,
     MultiEditNodeResult, Node, NodeContext, NodeContextRequest, NodeEntry, NodeKind,
     OpsAnswerSessionCheckRequest, OpsAnswerSessionCheckResult, OpsAnswerSessionRequest,
@@ -71,6 +78,10 @@ const INDEX_SCHEMA_VERSION_DIRECT_CYCLES: &str = concat!("database_index:024_",
 const INDEX_SCHEMA_VERSION_CYCLES_PENDING_LEDGER_BLOCK_INDEX: &str =
     "database_index:025_cycles_pending_ledger_block_index";
 const INDEX_SCHEMA_VERSION_STORAGE_BILLING_BATCH: &str = "database_index:026_storage_billing_batch";
+const INDEX_SCHEMA_VERSION_MARKETPLACE_CORE: &str = "database_index:027_marketplace_core";
+const INDEX_SCHEMA_VERSION_KINIC_EXTERNAL_BLOCK_INDEXES: &str =
+    "database_index:028_kinic_external_block_indexes";
+const INDEX_SCHEMA_VERSION_MARKETPLACE_PREVIEW: &str = "database_index:029_marketplace_preview";
 const PENDING_DATABASE_MOUNT_ID: u16 = 0;
 const DATABASE_SCHEMA_VERSION: &str = "vfs_store:current";
 const MIN_DATABASE_MOUNT_ID: u16 = 11;
@@ -96,6 +107,7 @@ pub const STORAGE_CYCLES_PER_GIB_SECOND: u128 = 127_000;
 const DEFAULT_STORAGE_BILLING_BATCH_LIMIT: u32 = 100;
 const MAX_STORAGE_BILLING_BATCH_LIMIT: u32 = 1_000;
 const TIMER_STORAGE_BILLING_BATCH_LIMIT: u32 = 1_000;
+const MAX_KINIC_PENDING_OPERATIONS_PAGE_LIMIT: u32 = 100;
 const STORAGE_BILLING_BULK_MIN_BATCH_LEN: usize = 50;
 const GIB_BYTES: u128 = 1024 * 1024 * 1024;
 const MAX_DATABASE_NAME_CHARS: usize = 80;
@@ -107,6 +119,23 @@ const ANONYMOUS_PRINCIPAL: &str = "2vxsx-fae";
 const CYCLES_OPERATION_STATUS_IN_FLIGHT: &str = "in_flight";
 const CYCLES_OPERATION_STATUS_COMPLETED: &str = "completed";
 const CYCLES_OPERATION_STATUS_AMBIGUOUS: &str = "ambiguous";
+const KINIC_OPERATION_STATUS_IN_FLIGHT: &str = "in_flight";
+const KINIC_OPERATION_STATUS_COMPLETED: &str = "completed";
+const KINIC_OPERATION_STATUS_AMBIGUOUS: &str = "ambiguous";
+const KINIC_LEDGER_SOURCE_INTERNAL: &str = "canister_internal";
+const KINIC_PENDING_KIND_DEPOSIT: &str = "deposit";
+const MARKET_LISTING_STATUS_DRAFT: &str = "draft";
+const MARKET_LISTING_STATUS_ACTIVE: &str = "active";
+const MARKET_LISTING_STATUS_PAUSED: &str = "paused";
+const MARKET_ENTITLEMENT_STATUS_ACTIVE: &str = "active";
+const GENERATED_LISTING_ID_PREFIX: &str = "";
+const GENERATED_ORDER_ID_PREFIX: &str = "order_";
+const GENERATED_MARKET_ID_HASH_CHARS: usize = 16;
+const MAX_MARKET_TITLE_CHARS: usize = 160;
+const MAX_MARKET_DESCRIPTION_CHARS: usize = 4_000;
+const MAX_MARKET_JSON_CHARS: usize = 20_000;
+const MAX_MARKET_PREVIEW_EXCERPTS: usize = 5;
+const MAX_MARKET_PREVIEW_EXCERPT_CHARS: usize = 400;
 
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub struct DatabaseMeta {
@@ -165,6 +194,19 @@ pub struct DatabaseCyclesPurchaseStart {
     pub amount_cycles: u64,
 }
 
+pub struct KinicDepositWithLedgerDetails<'a> {
+    pub caller: &'a str,
+    pub amount_e8s: u64,
+    pub ledger: CyclesPendingLedgerDetailsInput<'a>,
+    pub now: i64,
+}
+
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub struct KinicDepositStart {
+    pub operation_id: u64,
+    pub amount_e8s: u64,
+}
+
 #[derive(Clone, Debug, PartialEq, Eq)]
 struct RestoreChunk {
     offset: u64,
@@ -601,6 +643,16 @@ impl VfsService {
                 params![database_id],
             )
             .map_err(|error| error.to_string())?;
+            tx.execute(
+                "DELETE FROM market_entitlements WHERE database_id = ?1",
+                params![database_id],
+            )
+            .map_err(|error| error.to_string())?;
+            tx.execute(
+                "DELETE FROM market_listings WHERE database_id = ?1",
+                params![database_id],
+            )
+            .map_err(|error| error.to_string())?;
             tx.execute(
                 "DELETE FROM database_members WHERE database_id = ?1",
                 params![database_id],
@@ -1050,1244 +1102,2196 @@ impl VfsService {
         })
     }
 
-    pub fn require_database_write_cycles_available(&self, database_id: &str) -> Result<(), String> {
+    pub fn kinic_get_balance(&self, caller: &str) -> Result<KinicBalance, String> {
+        require_authenticated_principal(caller)?;
         self.read_index(|conn| {
-            let config = load_cycles_billing_config(conn)?;
-            require_database_write_cycles_available_for_conn(conn, database_id, &config)
+            Ok(KinicBalance {
+                balance_e8s: u64::try_from(load_kinic_balance(conn, caller)?)
+                    .map_err(|error| error.to_string())?,
+            })
         })
     }
 
-    pub fn prepare_metered_update(
+    pub fn validate_kinic_fund_database_cycles(
         &self,
-        database_id: &str,
         caller: &str,
-        required_role: RequiredRole,
-    ) -> Result<CyclesBillingConfig, String> {
+        request: &KinicFundDatabaseCyclesRequest,
+    ) -> Result<(), String> {
+        require_authenticated_principal(caller)?;
+        let payment_amount = amount_to_i64(request.payment_amount_e8s)?;
         self.read_index(|conn| {
-            let role = load_database_status(conn, database_id).and_then(|_| {
-                load_member_role(conn, database_id, caller)?
-                    .ok_or_else(|| format!("principal has no access to database: {database_id}"))
-            })?;
-            if !role_allows(role, required_role) {
-                return Err(format!(
-                    "principal lacks required database role: {database_id}"
-                ));
-            }
             let config = load_cycles_billing_config(conn)?;
-            require_database_write_cycles_available_for_conn(conn, database_id, &config)?;
-            Ok(config)
+            let amount_cycles = cycles_for_payment_amount_e8s(request.payment_amount_e8s, &config)?;
+            validate_cycles_purchase_minimum(amount_cycles, request.min_expected_cycles)?;
+            validate_database_cycles_purchase_for_conn(
+                conn,
+                &request.database_id,
+                cycles_to_i64(amount_cycles)?,
+            )?;
+            let kinic_balance = load_kinic_balance(conn, caller)?;
+            if kinic_balance < payment_amount {
+                return Err("insufficient KINIC balance".to_string());
+            }
+            Ok(())
         })
     }
 
-    pub fn check_database_write_cycles(
-        &self,
-        database_id: &str,
-        caller: &str,
-    ) -> Result<(), String> {
-        if caller == ANONYMOUS_PRINCIPAL {
-            return Err("anonymous caller not allowed".to_string());
-        }
-        self.require_role(database_id, caller, RequiredRole::Writer)?;
-        self.require_database_write_cycles_available(database_id)
-    }
-
-    pub fn charge_database_update(
+    pub fn kinic_fund_database_cycles(
         &self,
-        config: &CyclesBillingConfig,
-        database_id: &str,
         caller: &str,
-        method: &str,
-        cycles_delta: u128,
+        request: KinicFundDatabaseCyclesRequest,
         now: i64,
-    ) -> Result<(), String> {
-        let computed_charge = compute_update_charge(cycles_delta)?;
-        if computed_charge == 0 {
-            return Ok(());
-        }
+    ) -> Result<KinicFundDatabaseCyclesResult, String> {
+        require_authenticated_principal(caller)?;
+        let payment_amount = amount_to_i64(request.payment_amount_e8s)?;
         self.write_index(|tx| {
-            charge_database_update_in_tx(
+            let config = load_cycles_billing_config(tx)?;
+            let amount_cycles = cycles_for_payment_amount_e8s(request.payment_amount_e8s, &config)?;
+            validate_cycles_purchase_minimum(amount_cycles, request.min_expected_cycles)?;
+            let amount_cycles_i64 = cycles_to_i64(amount_cycles)?;
+            validate_database_cycles_purchase_for_conn(
                 tx,
-                DatabaseCharge {
-                    database_id,
+                &request.database_id,
+                amount_cycles_i64,
+            )?;
+            complete_pending_database_activation(tx, &request.database_id, now)?;
+
+            let kinic_balance = load_kinic_balance(tx, caller)?;
+            if kinic_balance < payment_amount {
+                return Err("insufficient KINIC balance".to_string());
+            }
+            let next_kinic_balance = checked_balance_add(kinic_balance, -payment_amount)?;
+            let database_balance = database_balance_for_update(tx, &request.database_id)?;
+            let next_database_balance = checked_balance_add(database_balance, amount_cycles_i64)?;
+
+            upsert_kinic_balance(tx, caller, next_kinic_balance, now)?;
+            update_database_cycles_balance(
+                tx,
+                &request.database_id,
+                next_database_balance,
+                &config,
+                now,
+            )?;
+            insert_kinic_ledger(
+                tx,
+                KinicLedgerInsert {
+                    principal: caller,
+                    source: KINIC_LEDGER_SOURCE_INTERNAL,
+                    kind: "fund_database_cycles",
+                    amount_e8s: -payment_amount,
+                    balance_after_e8s: next_kinic_balance,
+                    counterparty: Some(&request.database_id),
+                    listing_id: None,
+                    order_id: None,
+                    external_block_index: None,
+                    now,
+                },
+            )?;
+            insert_database_ledger(
+                tx,
+                DatabaseLedgerInsert {
+                    database_id: &request.database_id,
+                    kind: "cycles_purchase",
+                    amount_cycles: amount_cycles_i64,
+                    balance_after_cycles: next_database_balance,
+                    payment_amount_e8s: Some(payment_amount),
                     caller,
-                    method,
-                    cycles_delta,
+                    method: Some("kinic_fund_database_cycles"),
+                    cycles_delta: None,
+                    config: Some(&config),
+                    ledger_block_index: None,
                     now,
-                    config,
-                    computed_charge,
                 },
-            )
+            )?;
+            Ok(KinicFundDatabaseCyclesResult {
+                payment_amount_e8s: request.payment_amount_e8s,
+                amount_cycles,
+                database_balance_cycles: u64::try_from(next_database_balance)
+                    .map_err(|error| error.to_string())?,
+                kinic_balance_e8s: u64::try_from(next_kinic_balance)
+                    .map_err(|error| error.to_string())?,
+            })
         })
     }
 
-    pub fn run_database_migrations(&self, database_id: &str) -> Result<(), String> {
-        let meta = self.database_meta(database_id)?;
-        self.run_database_migrations_for_meta(database_id, &meta)
-    }
-
-    pub fn run_pending_database_migrations(&self, database_id: &str) -> Result<(), String> {
-        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Pending])?;
-        self.run_database_migrations_for_meta(database_id, &meta)
-    }
-
-    fn run_database_migrations_for_meta(
+    pub fn begin_kinic_deposit_with_ledger_details(
         &self,
-        database_id: &str,
-        meta: &DatabaseMeta,
-    ) -> Result<(), String> {
-        #[cfg(not(target_arch = "wasm32"))]
-        if let Some(parent) = Path::new(&meta.db_file_name).parent() {
-            create_dir_all(parent).map_err(|error| error.to_string())?;
-        }
-        let result = self.database_store(meta)?.run_fs_migrations();
-        if result.is_ok() {
-            let _ = self.refresh_logical_size(database_id);
+        request: KinicDepositWithLedgerDetails<'_>,
+    ) -> Result<KinicDepositStart, String> {
+        require_authenticated_principal(request.caller)?;
+        if request.amount_e8s == 0 {
+            return Err("KINIC deposit amount must be positive".to_string());
         }
-        result
+        let amount_e8s = amount_to_i64(request.amount_e8s)?;
+        let ledger_fee = amount_to_i64(request.ledger.ledger_fee_e8s)?;
+        let ledger_created_at_time = i64::try_from(request.ledger.ledger_created_at_time_ns)
+            .map_err(|_| "ledger created_at_time exceeds i64".to_string())?;
+        self.write_index(|tx| {
+            ensure_no_pending_kinic_deposit_for_caller(tx, request.caller)?;
+            let operation_id = insert_pending_kinic_operation(
+                tx,
+                PendingKinicOperationInsert {
+                    kind: KINIC_PENDING_KIND_DEPOSIT,
+                    caller: request.caller,
+                    amount_e8s,
+                    ledger: PendingCyclesLedgerDetails {
+                        from_owner: request.ledger.from_owner,
+                        from_subaccount: request.ledger.from_subaccount,
+                        to_owner: request.ledger.to_owner,
+                        to_subaccount: request.ledger.to_subaccount,
+                        ledger_fee_e8s: ledger_fee,
+                        ledger_created_at_time_ns: ledger_created_at_time,
+                    },
+                    operation_status: KINIC_OPERATION_STATUS_IN_FLIGHT,
+                    now: request.now,
+                },
+            )?;
+            Ok(KinicDepositStart {
+                operation_id,
+                amount_e8s: request.amount_e8s,
+            })
+        })
     }
 
-    pub fn delete_database(
+    pub fn complete_kinic_deposit_ledger_transfer(
         &self,
-        request: DeleteDatabaseRequest,
+        operation_id: u64,
         caller: &str,
-        _now: i64,
+        amount_e8s: u64,
+        ledger_block_index: u64,
     ) -> Result<(), String> {
-        let database_id = request.database_id.as_str();
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        self.require_no_pending_cycles_operations(database_id)?;
-        let status = self.read_index(|conn| load_database_status(conn, database_id))?;
-        if !matches!(status, DatabaseStatus::Pending | DatabaseStatus::Active) {
-            return Err(format!(
-                "database is {}: {database_id}",
-                status_to_db(status)
-            ));
-        }
-        let meta = self.database_meta(database_id).ok();
-        #[cfg(target_arch = "wasm32")]
-        let _ = &meta;
-        #[cfg(not(target_arch = "wasm32"))]
-        if let Some(meta) = &meta
-            && let Err(error) = remove_file(&meta.db_file_name)
-            && error.kind() != std::io::ErrorKind::NotFound
-        {
-            return Err(error.to_string());
-        }
-        self.write_index(|conn| {
-            delete_database_index_rows(conn, database_id)?;
+        let amount_e8s = amount_to_i64(amount_e8s)?;
+        let ledger_block_index = i64::try_from(ledger_block_index)
+            .map_err(|_| "ledger block index exceeds i64".to_string())?;
+        self.write_index(|tx| {
+            let operation = load_required_pending_kinic_operation(
+                tx,
+                PendingKinicOperationMatch {
+                    operation_id,
+                    kind: KINIC_PENDING_KIND_DEPOSIT,
+                    caller,
+                    amount_e8s,
+                },
+            )?;
+            require_pending_kinic_operation_status(
+                &operation,
+                &[KINIC_OPERATION_STATUS_IN_FLIGHT],
+                "complete KINIC deposit ledger transfer",
+            )?;
+            let operation_id = i64::try_from(operation_id).map_err(|error| error.to_string())?;
+            tx.execute(
+                "UPDATE kinic_pending_operations
+                 SET operation_status = ?2,
+                     external_block_index = ?3
+                 WHERE operation_id = ?1",
+                params![
+                    operation_id,
+                    KINIC_OPERATION_STATUS_COMPLETED,
+                    ledger_block_index
+                ],
+            )
+            .map_err(|error| error.to_string())?;
             Ok(())
         })
     }
 
-    fn require_no_pending_cycles_operations(&self, database_id: &str) -> Result<(), String> {
-        self.read_index(|conn| {
-            let pending = first_database_cycles_pending_purchase_status(conn, database_id)?;
-            if let Some(pending) = pending {
-                return Err(format!(
-                    "database has pending cycle operation: {database_id}; operation_id={}; status={}; required_action={}",
-                    pending.operation_id,
-                    pending.status,
-                    pending.required_action
-                ));
-            }
-            Ok(())
+    pub fn apply_kinic_deposit(
+        &self,
+        operation_id: u64,
+        caller: &str,
+        amount_e8s: u64,
+        now: i64,
+    ) -> Result<KinicBalance, String> {
+        let amount_i64 = amount_to_i64(amount_e8s)?;
+        self.write_index(|tx| {
+            let operation = load_required_pending_kinic_operation(
+                tx,
+                PendingKinicOperationMatch {
+                    operation_id,
+                    kind: KINIC_PENDING_KIND_DEPOSIT,
+                    caller,
+                    amount_e8s: amount_i64,
+                },
+            )?;
+            require_pending_kinic_operation_status(
+                &operation,
+                &[KINIC_OPERATION_STATUS_COMPLETED],
+                "apply KINIC deposit",
+            )?;
+            let block_index = operation
+                .external_block_index
+                .ok_or_else(|| "completed KINIC deposit missing ledger block index".to_string())?;
+            let balance = load_kinic_balance(tx, caller)?;
+            let next_balance = checked_balance_add(balance, amount_i64)?;
+            upsert_kinic_balance(tx, caller, next_balance, now)?;
+            insert_kinic_ledger(
+                tx,
+                KinicLedgerInsert {
+                    principal: caller,
+                    source: KINIC_LEDGER_SOURCE_INTERNAL,
+                    kind: "deposit",
+                    amount_e8s: amount_i64,
+                    balance_after_e8s: next_balance,
+                    counterparty: None,
+                    listing_id: None,
+                    order_id: None,
+                    external_block_index: Some(block_index),
+                    now,
+                },
+            )?;
+            delete_pending_kinic_operation(tx, operation_id)?;
+            Ok(KinicBalance {
+                balance_e8s: u64::try_from(next_balance).map_err(|error| error.to_string())?,
+            })
         })
     }
 
-    pub fn begin_database_archive(
+    pub fn mark_kinic_deposit_ambiguous(
         &self,
-        database_id: &str,
+        operation_id: u64,
         caller: &str,
-        now: i64,
-    ) -> Result<DatabaseArchiveInfo, String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        self.require_no_pending_cycles_operations(database_id)?;
-        let meta = self.database_meta(database_id)?;
-        let size_bytes = self.database_size(&meta)?;
-        self.write_index(|conn| {
-            conn.execute(
-                "UPDATE databases
-             SET status = 'archiving',
-                 updated_at_ms = ?2,
-                 logical_size_bytes = ?3
-             WHERE database_id = ?1",
-                params![
-                    database_id,
-                    now,
-                    i64::try_from(size_bytes).map_err(|error| error.to_string())?
-                ],
+        amount_e8s: u64,
+    ) -> Result<(), String> {
+        let amount_i64 = amount_to_i64(amount_e8s)?;
+        self.write_index(|tx| {
+            let operation = load_required_pending_kinic_operation(
+                tx,
+                PendingKinicOperationMatch {
+                    operation_id,
+                    kind: KINIC_PENDING_KIND_DEPOSIT,
+                    caller,
+                    amount_e8s: amount_i64,
+                },
+            )?;
+            require_pending_kinic_operation_status(
+                &operation,
+                &[KINIC_OPERATION_STATUS_IN_FLIGHT],
+                "mark KINIC deposit ambiguous",
+            )?;
+            let operation_id = i64::try_from(operation_id).map_err(|error| error.to_string())?;
+            tx.execute(
+                "UPDATE kinic_pending_operations
+                 SET operation_status = ?2
+                 WHERE operation_id = ?1",
+                params![operation_id, KINIC_OPERATION_STATUS_AMBIGUOUS],
             )
             .map_err(|error| error.to_string())?;
             Ok(())
-        })?;
-        Ok(DatabaseArchiveInfo {
-            database_id: database_id.to_string(),
-            size_bytes,
         })
     }
 
-    pub fn read_database_archive_chunk(
+    pub fn cancel_kinic_deposit_after_ledger_error(
         &self,
-        database_id: &str,
+        operation_id: u64,
         caller: &str,
-        offset: u64,
-        max_bytes: u32,
-    ) -> Result<Vec<u8>, String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Archiving])?;
-        if max_bytes == 0 {
-            return Ok(Vec::new());
-        }
-        if max_bytes > MAX_ARCHIVE_CHUNK_BYTES {
-            return Err(format!(
-                "archive chunk size exceeds limit: {max_bytes} > {MAX_ARCHIVE_CHUNK_BYTES}"
-            ));
-        }
-        let size = meta.logical_size_bytes;
-        if offset >= size {
-            return Ok(Vec::new());
-        }
-        let remaining = size.saturating_sub(offset);
-        let chunk_len = remaining.min(u64::from(max_bytes));
-        self.database_export_chunk(&meta, offset, chunk_len)
+        amount_e8s: u64,
+    ) -> Result<(), String> {
+        let amount_i64 = amount_to_i64(amount_e8s)?;
+        self.write_index(|tx| {
+            let operation = load_required_pending_kinic_operation(
+                tx,
+                PendingKinicOperationMatch {
+                    operation_id,
+                    kind: KINIC_PENDING_KIND_DEPOSIT,
+                    caller,
+                    amount_e8s: amount_i64,
+                },
+            )?;
+            require_pending_kinic_operation_status(
+                &operation,
+                &[KINIC_OPERATION_STATUS_IN_FLIGHT],
+                "cancel KINIC deposit",
+            )?;
+            delete_pending_kinic_operation(tx, operation_id)
+        })
     }
 
-    pub fn finalize_database_archive(
+    pub fn kinic_list_pending_operations(
         &self,
-        database_id: &str,
         caller: &str,
-        snapshot_hash: Vec<u8>,
+        request: KinicPendingOperationsPageRequest,
+    ) -> Result<KinicPendingOperationsPage, String> {
+        require_authenticated_principal(caller)?;
+        let limit = clamp_kinic_pending_operations_page_limit(request.limit);
+        let config = self.cycles_billing_config()?;
+        self.read_index(|conn| {
+            let show_all = caller == config.billing_authority_id;
+            let raw = load_kinic_pending_operations(
+                conn,
+                caller,
+                show_all,
+                request.cursor_operation_id,
+                limit,
+            )?;
+            let has_next = raw.len() > limit as usize;
+            let operations = raw
+                .into_iter()
+                .take(limit as usize)
+                .map(PendingKinicOperationRaw::into_public)
+                .collect::<Result<Vec<_>, _>>()?;
+            let next_cursor_operation_id = if has_next {
+                operations.last().map(|operation| operation.operation_id)
+            } else {
+                None
+            };
+            Ok(KinicPendingOperationsPage {
+                operations,
+                next_cursor_operation_id,
+            })
+        })
+    }
+
+    pub fn market_create_listing(
+        &self,
+        caller: &str,
+        request: MarketCreateListingRequest,
         now: i64,
-    ) -> Result<DatabaseMeta, String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Archiving])?;
-        validate_snapshot_hash(&snapshot_hash)?;
-        let actual_hash = self.database_sha256(&meta, meta.logical_size_bytes)?;
-        if actual_hash != snapshot_hash {
-            return Err("snapshot_hash does not match archived database bytes".to_string());
-        }
-        self.write_index(|conn| {
-            conn.execute(
-                "UPDATE databases
-             SET status = 'archived',
-                 snapshot_hash = ?2,
-                 restore_size_bytes = NULL,
-                 archived_at_ms = ?3,
-                 updated_at_ms = ?3
-             WHERE database_id = ?1",
-                params![database_id, snapshot_hash, now],
+    ) -> Result<MarketListing, String> {
+        require_authenticated_principal(caller)?;
+        validate_market_create_listing_request(&request)?;
+        self.validate_market_listing_excerpts(&request.database_id, &request.sample_excerpts_json)?;
+        self.write_index(|tx| {
+            require_market_seller_can_list(tx, caller, &request.database_id)?;
+            let listing_id = unique_market_id(
+                tx,
+                "market_listings",
+                "listing_id",
+                GENERATED_LISTING_ID_PREFIX,
+                caller,
+                &request.database_id,
+                now,
+            )?;
+            tx.execute(
+                "INSERT INTO market_listings
+                 (listing_id, seller_principal, database_id, title, description,
+                  llm_summary, summary_snapshot_revision, sample_excerpts_json,
+                  tags_json, price_e8s, status, revision,
+                  purchase_count, report_count, created_at_ms, updated_at_ms)
+                 VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, 1, 0, 0, ?12, ?12)",
+                params![
+                    listing_id,
+                    caller,
+                    request.database_id,
+                    request.title,
+                    request.description,
+                    crate::sqlite::nullable_text_value(request.llm_summary),
+                    crate::sqlite::nullable_text_value(request.summary_snapshot_revision),
+                    request.sample_excerpts_json,
+                    request.tags_json,
+                    i64::try_from(request.price_e8s).map_err(|error| error.to_string())?,
+                    MARKET_LISTING_STATUS_DRAFT,
+                    now
+                ],
             )
             .map_err(|error| error.to_string())?;
-            Ok(())
-        })?;
-        Ok(meta)
+            load_market_listing_by_id(tx, &listing_id)?
+                .ok_or_else(|| "market listing insert failed".to_string())
+        })
     }
 
-    pub fn cancel_database_archive(
+    pub fn market_update_listing(
         &self,
-        database_id: &str,
         caller: &str,
+        request: MarketUpdateListingRequest,
         now: i64,
-    ) -> Result<DatabaseMeta, String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Archiving])?;
-        self.write_index(|conn| {
-            conn.execute(
-                "UPDATE databases
-             SET status = 'active',
-                 updated_at_ms = ?2
-             WHERE database_id = ?1",
-                params![database_id, now],
+    ) -> Result<MarketListing, String> {
+        require_authenticated_principal(caller)?;
+        validate_market_update_listing_request(&request)?;
+        let listing_database_id = self.read_index(|tx| {
+            let listing = load_market_listing_by_id(tx, &request.listing_id)?
+                .ok_or_else(|| "market listing not found".to_string())?;
+            require_market_listing_seller_or_admin(tx, caller, &listing)?;
+            if listing.revision != request.expected_revision {
+                return Err("market listing revision mismatch".to_string());
+            }
+            Ok(listing.database_id)
+        })?;
+        self.validate_market_listing_excerpts(&listing_database_id, &request.sample_excerpts_json)?;
+        self.write_index(|tx| {
+            let listing = load_market_listing_by_id(tx, &request.listing_id)?
+                .ok_or_else(|| "market listing not found".to_string())?;
+            require_market_listing_seller_or_admin(tx, caller, &listing)?;
+            if listing.revision != request.expected_revision {
+                return Err("market listing revision mismatch".to_string());
+            }
+            if listing.status == MarketListingStatus::Active {
+                require_market_seller_can_list(
+                    tx,
+                    &listing.seller_principal,
+                    &listing.database_id,
+                )?;
+            }
+            tx.execute(
+                "UPDATE market_listings
+                 SET title = ?2,
+                     description = ?3,
+                     llm_summary = ?4,
+                     summary_snapshot_revision = ?5,
+                     sample_excerpts_json = ?6,
+                     tags_json = ?7,
+                     price_e8s = ?8,
+                     revision = revision + 1,
+                     updated_at_ms = ?9
+                 WHERE listing_id = ?1",
+                params![
+                    request.listing_id,
+                    request.title,
+                    request.description,
+                    crate::sqlite::nullable_text_value(request.llm_summary),
+                    crate::sqlite::nullable_text_value(request.summary_snapshot_revision),
+                    request.sample_excerpts_json,
+                    request.tags_json,
+                    i64::try_from(request.price_e8s).map_err(|error| error.to_string())?,
+                    now
+                ],
             )
             .map_err(|error| error.to_string())?;
-            Ok(())
-        })?;
-        Ok(meta)
+            load_market_listing_by_id(tx, &listing.listing_id)?
+                .ok_or_else(|| "market listing update failed".to_string())
+        })
     }
 
-    pub fn begin_database_restore(
+    pub fn market_publish_listing(
         &self,
-        database_id: &str,
         caller: &str,
-        snapshot_hash: Vec<u8>,
-        size_bytes: u64,
+        listing_id: &str,
         now: i64,
-    ) -> Result<DatabaseMeta, String> {
-        self.begin_database_restore_session(database_id, caller, snapshot_hash, size_bytes, now)
-            .map(|restore| restore.meta)
+    ) -> Result<MarketListing, String> {
+        self.market_set_listing_status(caller, listing_id, MARKET_LISTING_STATUS_ACTIVE, now)
     }
 
-    pub fn begin_database_restore_session(
+    pub fn market_pause_listing(
         &self,
-        database_id: &str,
         caller: &str,
-        snapshot_hash: Vec<u8>,
-        size_bytes: u64,
+        listing_id: &str,
         now: i64,
-    ) -> Result<DatabaseRestoreBegin, String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        validate_snapshot_hash(&snapshot_hash)?;
-        if size_bytes > MAX_DATABASE_SIZE_BYTES {
-            return Err(format!(
-                "database size exceeds limit: {size_bytes} > {MAX_DATABASE_SIZE_BYTES}"
-            ));
-        }
-        self.require_no_pending_cycles_operations(database_id)?;
-        let rollback = self.database_restore_rollback(database_id)?;
-        if rollback.status != DatabaseStatus::Archived {
-            return Err("database restore can only begin from archived status".to_string());
-        }
-        let mount_id = rollback
-            .active_mount_id
-            .ok_or_else(|| format!("archived database has no mount: {database_id}"))?;
+    ) -> Result<MarketListing, String> {
+        self.market_set_listing_status(caller, listing_id, MARKET_LISTING_STATUS_PAUSED, now)
+    }
+
+    fn market_set_listing_status(
+        &self,
+        caller: &str,
+        listing_id: &str,
+        status: &str,
+        now: i64,
+    ) -> Result<MarketListing, String> {
+        require_authenticated_principal(caller)?;
         self.write_index(|tx| {
-            record_database_restore_session(tx, &rollback, now)?;
+            let listing = load_market_listing_by_id(tx, listing_id)?
+                .ok_or_else(|| "market listing not found".to_string())?;
+            require_market_listing_seller_or_admin(tx, caller, &listing)?;
+            if status == MARKET_LISTING_STATUS_ACTIVE {
+                require_market_seller_can_list(
+                    tx,
+                    &listing.seller_principal,
+                    &listing.database_id,
+                )?;
+            }
             tx.execute(
-                "DELETE FROM database_restore_chunks WHERE database_id = ?1",
-                params![database_id],
+                "UPDATE market_listings
+                 SET status = ?2,
+                     revision = revision + 1,
+                     updated_at_ms = ?3
+                 WHERE listing_id = ?1",
+                params![listing_id, status, now],
             )
             .map_err(|error| error.to_string())?;
-            tx.execute(
-                "UPDATE databases
-	             SET status = 'restoring',
-	                 active_mount_id = ?2,
-	                 snapshot_hash = ?3,
-	                 archived_at_ms = NULL,
-	                 restore_size_bytes = ?4,
-	                 updated_at_ms = ?5
-             WHERE database_id = ?1",
+            load_market_listing_by_id(tx, listing_id)?
+                .ok_or_else(|| "market listing status update failed".to_string())
+        })
+    }
+
+    pub fn market_list_listings(
+        &self,
+        cursor: Option<String>,
+        limit: u32,
+    ) -> Result<MarketListingPage, String> {
+        let limit = page_limit(limit);
+        let after = cursor.unwrap_or_default();
+        self.read_index(|conn| {
+            let mut stmt = conn
+                .prepare(
+                    "SELECT l.listing_id, l.seller_principal, l.database_id, l.title, l.description,
+                            l.llm_summary, l.summary_snapshot_revision, l.sample_excerpts_json,
+                            l.tags_json, l.price_e8s, l.status, l.revision,
+                            l.purchase_count, l.report_count, l.created_at_ms, l.updated_at_ms
+                     FROM market_listings l
+                     JOIN databases d ON d.database_id = l.database_id
+                     JOIN database_members m
+                       ON m.database_id = l.database_id
+                      AND m.principal = l.seller_principal
+                      AND m.role = 'owner'
+                     WHERE l.status = ?1
+                       AND d.status = ?2
+                       AND l.listing_id > ?3
+                     ORDER BY l.listing_id ASC
+                     LIMIT ?4",
+                )
+                .map_err(|error| error.to_string())?;
+            let mut listings = crate::sqlite::query_map(
+                &mut stmt,
                 params![
-                    database_id,
-                    i64::from(mount_id),
-                    snapshot_hash,
-                    i64::try_from(size_bytes).map_err(|error| error.to_string())?,
-                    now
+                    MARKET_LISTING_STATUS_ACTIVE,
+                    status_to_db(DatabaseStatus::Active),
+                    after,
+                    i64::from(limit) + 1
                 ],
+                map_market_listing,
             )
             .map_err(|error| error.to_string())?;
-            Ok(())
-        })?;
-        let meta = self.database_meta_allowing_restoring(database_id)?;
-        #[cfg(not(target_arch = "wasm32"))]
-        let _ = remove_file(&meta.db_file_name);
-        Ok(DatabaseRestoreBegin { meta, rollback })
+            let next_cursor = if listings.len() > limit as usize {
+                listings.pop();
+                listings.last().map(|listing| listing.listing_id.clone())
+            } else {
+                None
+            };
+            Ok(MarketListingPage {
+                listings,
+                next_cursor,
+            })
+        })
     }
 
-    pub fn rollback_database_restore_begin(
+    pub fn market_list_database_listings(
         &self,
-        rollback: DatabaseRestoreRollback,
-        now: i64,
-    ) -> Result<(), String> {
-        self.write_index(|tx| {
-            let current_status = load_database_status(tx, &rollback.database_id)?;
-            if current_status != DatabaseStatus::Restoring {
+        caller: &str,
+        database_id: &str,
+    ) -> Result<Vec<MarketListing>, String> {
+        require_authenticated_principal(caller)?;
+        validate_database_id(database_id)?;
+        self.read_index(|conn| {
+            let role = load_member_role(conn, database_id, caller)?
+                .ok_or_else(|| format!("principal has no access to database: {database_id}"))?;
+            if role != DatabaseRole::Owner {
                 return Err(format!(
-                    "database restore rollback requires restoring status: {}",
-                    rollback.database_id
+                    "principal lacks required database role: {database_id}"
                 ));
             }
-            tx.execute(
-                "DELETE FROM database_restore_chunks WHERE database_id = ?1",
-                params![rollback.database_id],
-            )
-            .map_err(|error| error.to_string())?;
-            restore_database_state(tx, &rollback, now)?;
-            Ok(())
+            let mut stmt = conn
+                .prepare(
+                    "SELECT listing_id, seller_principal, database_id, title, description,
+                            llm_summary, summary_snapshot_revision, sample_excerpts_json,
+                            tags_json, price_e8s, status, revision,
+                            purchase_count, report_count, created_at_ms, updated_at_ms
+                     FROM market_listings
+                     WHERE database_id = ?1
+                     ORDER BY updated_at_ms DESC, listing_id ASC",
+                )
+                .map_err(|error| error.to_string())?;
+            crate::sqlite::query_map(&mut stmt, params![database_id], map_market_listing)
+                .map_err(|error| error.to_string())
         })
     }
 
-    pub fn cancel_database_restore(
+    pub fn market_get_listing(
         &self,
-        database_id: &str,
         caller: &str,
-        now: i64,
-    ) -> Result<DatabaseMeta, String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Restoring])?;
-        let rollback = self.database_restore_session(database_id)?;
-        #[cfg(not(target_arch = "wasm32"))]
-        if let Err(error) = remove_file(&meta.db_file_name)
-            && error.kind() != std::io::ErrorKind::NotFound
-        {
-            return Err(error.to_string());
-        }
-        self.write_index(|tx| {
-            tx.execute(
-                "DELETE FROM database_restore_chunks WHERE database_id = ?1",
-                params![database_id],
-            )
-            .map_err(|error| error.to_string())?;
-            restore_database_state(tx, &rollback, now)?;
-            Ok(())
+        listing_id: &str,
+    ) -> Result<MarketListingDetail, String> {
+        let listing = self.read_index(|conn| {
+            let listing = load_market_listing_by_id(conn, listing_id)?
+                .ok_or_else(|| "market listing not found".to_string())?;
+            if require_market_listing_purchasable(conn, &listing).is_ok() {
+                return Ok(listing);
+            }
+            require_market_listing_seller_or_admin(conn, caller, &listing)?;
+            Ok(listing)
         })?;
-        Ok(meta)
+        self.market_listing_detail(listing)
     }
 
-    pub fn write_database_restore_chunk(
+    fn market_listing_detail(&self, listing: MarketListing) -> Result<MarketListingDetail, String> {
+        let Ok(meta) = self.database_meta_with_statuses(
+            &listing.database_id,
+            &[
+                DatabaseStatus::Active,
+                DatabaseStatus::Archiving,
+                DatabaseStatus::Restoring,
+            ],
+        ) else {
+            return Ok(empty_market_listing_detail(listing));
+        };
+        let store = self.database_store(&meta)?;
+        let (verified_stats, mut preview) = store.marketplace_preview()?;
+        let (excerpts, stale) = self.load_verified_market_preview_excerpts(
+            &listing.database_id,
+            &listing.sample_excerpts_json,
+        )?;
+        preview.excerpts = excerpts;
+        preview.preview_stale = stale;
+        Ok(MarketListingDetail {
+            listing,
+            verified_stats,
+            preview,
+        })
+    }
+
+    fn validate_market_listing_excerpts(
         &self,
         database_id: &str,
-        caller: &str,
-        offset: u64,
-        bytes: &[u8],
+        sample_excerpts_json: &str,
     ) -> Result<(), String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        if bytes.len() > MAX_RESTORE_CHUNK_BYTES {
-            return Err(format!(
-                "restore chunk size exceeds limit: {} > {MAX_RESTORE_CHUNK_BYTES}",
-                bytes.len()
-            ));
+        let (excerpts, stale) =
+            self.load_verified_market_preview_excerpts(database_id, sample_excerpts_json)?;
+        if stale || excerpts.len() != parse_market_preview_excerpts(sample_excerpts_json)?.len() {
+            return Err(
+                "market listing sample excerpts must match existing wiki nodes".to_string(),
+            );
         }
-        let _meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Restoring])?;
-        let expected_size = self.restore_size_bytes(database_id)?;
-        let end = offset
-            .checked_add(bytes.len() as u64)
-            .ok_or_else(|| "restore chunk range overflows u64".to_string())?;
-        if end > expected_size {
-            return Err(format!(
-                "restore chunk exceeds expected size: end {end} > {expected_size}"
-            ));
+        Ok(())
+    }
+
+    fn load_verified_market_preview_excerpts(
+        &self,
+        database_id: &str,
+        sample_excerpts_json: &str,
+    ) -> Result<(Vec<MarketPreviewExcerpt>, bool), String> {
+        let excerpts = parse_market_preview_excerpts(sample_excerpts_json)?;
+        if excerpts.is_empty() {
+            return Ok((Vec::new(), false));
         }
-        self.write_index(|conn| {
-            conn.execute(
-                "INSERT OR REPLACE INTO database_restore_chunks
-             (database_id, offset_bytes, end_bytes, bytes)
-             VALUES (?1, ?2, ?3, ?4)",
-                params![
-                    database_id,
-                    i64::try_from(offset).map_err(|error| error.to_string())?,
-                    i64::try_from(end).map_err(|error| error.to_string())?,
-                    bytes.to_vec()
-                ],
-            )
-            .map_err(|error| error.to_string())?;
-            Ok(())
+        let meta = self.database_meta(database_id)?;
+        let store = self.database_store(&meta)?;
+        let mut verified = Vec::new();
+        let mut stale = false;
+        for excerpt in excerpts {
+            match store.read_node(&excerpt.path)? {
+                Some(node)
+                    if node.kind == NodeKind::File
+                        && node.etag == excerpt.etag
+                        && node.content.contains(&excerpt.excerpt) =>
+                {
+                    verified.push(excerpt);
+                }
+                _ => stale = true,
+            }
+        }
+        Ok((verified, stale))
+    }
+
+    pub fn market_preview_purchase(
+        &self,
+        caller: &str,
+        listing_id: &str,
+    ) -> Result<MarketPurchasePreview, String> {
+        require_authenticated_principal(caller)?;
+        self.read_index(|conn| {
+            let listing = load_market_listing_by_id(conn, listing_id)?
+                .ok_or_else(|| "market listing not found".to_string())?;
+            require_market_listing_purchasable(conn, &listing)?;
+            Ok(MarketPurchasePreview {
+                listing_id: listing.listing_id.clone(),
+                database_id: listing.database_id.clone(),
+                price_e8s: listing.price_e8s,
+                buyer_balance_e8s: u64::try_from(load_kinic_balance(conn, caller)?)
+                    .map_err(|error| error.to_string())?,
+                already_entitled: has_active_market_entitlement(
+                    conn,
+                    &listing.database_id,
+                    caller,
+                )?,
+            })
         })
     }
 
-    pub fn finalize_database_restore(
+    pub fn market_purchase_access(
         &self,
-        database_id: &str,
         caller: &str,
+        request: MarketPurchaseRequest,
         now: i64,
-    ) -> Result<DatabaseMeta, String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Restoring])?;
-        let expected_size = self.restore_size_bytes(database_id)?;
-        let chunks = self.read_index(|conn| load_restore_chunks(conn, database_id))?;
-        if !restore_chunks_cover_expected_size(&chunks, expected_size)? {
-            return Err(format!(
-                "restore chunks are incomplete for expected size {expected_size} bytes"
-            ));
-        }
-        let expected_hash = self.restore_snapshot_hash(database_id)?;
-        let mut hasher = Sha256::new();
-        let mut checksum = FNV1A64_OFFSET;
-        for chunk in &chunks {
-            hasher.update(&chunk.bytes);
-            checksum = fnv1a64_update(checksum, &chunk.bytes);
-        }
-        let actual_hash = hasher.finalize().to_vec();
-        if actual_hash != expected_hash {
-            return Err("snapshot_hash does not match restored database bytes".to_string());
-        }
-        self.import_database_bytes(&meta, expected_size, checksum, &chunks)?;
-        self.database_store(&meta)?.run_fs_migrations()?;
+    ) -> Result<MarketOrder, String> {
+        require_authenticated_principal(caller)?;
         self.write_index(|tx| {
+            let listing = load_market_listing_by_id(tx, &request.listing_id)?
+                .ok_or_else(|| "market listing not found".to_string())?;
+            require_market_listing_purchasable(tx, &listing)?;
+            if listing.price_e8s != request.price_e8s {
+                return Err("market listing price mismatch".to_string());
+            }
+            if caller == listing.seller_principal {
+                return Err("market seller cannot purchase own listing".to_string());
+            }
+            if has_active_market_entitlement(tx, &listing.database_id, caller)? {
+                return Err("active entitlement already exists".to_string());
+            }
+            let price_i64 = amount_to_i64(request.price_e8s)?;
+            let buyer_balance = load_kinic_balance(tx, caller)?;
+            if buyer_balance < price_i64 {
+                return Err("insufficient KINIC balance".to_string());
+            }
+            let seller_balance = load_kinic_balance(tx, &listing.seller_principal)?;
+            let buyer_next = checked_balance_add(buyer_balance, -price_i64)?;
+            let seller_next = checked_balance_add(seller_balance, price_i64)?;
+            let order_id = unique_market_id(
+                tx,
+                "market_orders",
+                "order_id",
+                GENERATED_ORDER_ID_PREFIX,
+                caller,
+                &listing.listing_id,
+                now,
+            )?;
+            upsert_kinic_balance(tx, caller, buyer_next, now)?;
+            upsert_kinic_balance(tx, &listing.seller_principal, seller_next, now)?;
+            insert_kinic_ledger(
+                tx,
+                KinicLedgerInsert {
+                    principal: caller,
+                    source: KINIC_LEDGER_SOURCE_INTERNAL,
+                    kind: "purchase",
+                    amount_e8s: -price_i64,
+                    balance_after_e8s: buyer_next,
+                    counterparty: Some(&listing.seller_principal),
+                    listing_id: Some(&listing.listing_id),
+                    order_id: Some(&order_id),
+                    external_block_index: None,
+                    now,
+                },
+            )?;
+            insert_kinic_ledger(
+                tx,
+                KinicLedgerInsert {
+                    principal: &listing.seller_principal,
+                    source: KINIC_LEDGER_SOURCE_INTERNAL,
+                    kind: "sale",
+                    amount_e8s: price_i64,
+                    balance_after_e8s: seller_next,
+                    counterparty: Some(caller),
+                    listing_id: Some(&listing.listing_id),
+                    order_id: Some(&order_id),
+                    external_block_index: None,
+                    now,
+                },
+            )?;
             tx.execute(
-                "DELETE FROM database_restore_chunks WHERE database_id = ?1",
-                params![database_id],
-            )
-            .map_err(|error| error.to_string())?;
-            tx.execute(
-                "DELETE FROM database_restore_sessions WHERE database_id = ?1",
-                params![database_id],
+                "INSERT INTO market_orders
+                 (order_id, listing_id, database_id, buyer_principal, seller_principal,
+                  price_e8s, listing_revision, created_at_ms)
+                 VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)",
+                params![
+                    order_id,
+                    listing.listing_id,
+                    listing.database_id,
+                    caller,
+                    listing.seller_principal,
+                    price_i64,
+                    i64::try_from(listing.revision).map_err(|error| error.to_string())?,
+                    now
+                ],
             )
             .map_err(|error| error.to_string())?;
             tx.execute(
-                "UPDATE databases
-             SET status = 'active',
-                 logical_size_bytes = ?2,
-                 restore_size_bytes = NULL,
-                 updated_at_ms = ?3
-             WHERE database_id = ?1",
+                "INSERT INTO market_entitlements
+                 (database_id, buyer_principal, listing_id, order_id, purchased_at_ms, status)
+                 VALUES (?1, ?2, ?3, ?4, ?5, ?6)",
                 params![
-                    database_id,
-                    i64::try_from(expected_size).map_err(|error| error.to_string())?,
-                    now
+                    listing.database_id,
+                    caller,
+                    listing.listing_id,
+                    order_id,
+                    now,
+                    MARKET_ENTITLEMENT_STATUS_ACTIVE
                 ],
             )
             .map_err(|error| error.to_string())?;
-            Ok(())
-        })?;
-        self.database_meta(database_id)
-    }
-
-    pub fn grant_database_access(
-        &self,
-        database_id: &str,
-        caller: &str,
-        principal: &str,
-        role: DatabaseRole,
-        now: i64,
-    ) -> Result<(), String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        if caller == principal && role != DatabaseRole::Owner {
-            return Err("owner cannot downgrade own access".to_string());
-        }
-        self.write_index(|conn| {
-            if !database_member_exists(conn, database_id, principal)? {
-                let member_count = database_member_count_for_conn(conn, database_id)?;
-                if member_count >= MAX_DATABASE_MEMBERS_PER_DATABASE {
-                    return Err("too many database members".to_string());
-                }
-            }
-            conn.execute(
-                "INSERT INTO database_members (database_id, principal, role, created_at_ms)
-             VALUES (?1, ?2, ?3, ?4)
-             ON CONFLICT(database_id, principal)
-             DO UPDATE SET role = excluded.role",
-                params![database_id, principal, role_to_db(role), now],
+            tx.execute(
+                "UPDATE market_listings
+                 SET purchase_count = purchase_count + 1,
+                     updated_at_ms = ?2
+                 WHERE listing_id = ?1",
+                params![listing.listing_id, now],
             )
             .map_err(|error| error.to_string())?;
-            Ok(())
+            load_market_order_by_id(tx, &order_id)?
+                .ok_or_else(|| "market order insert failed".to_string())
         })
     }
 
-    pub fn rename_database(
+    pub fn market_list_entitlements(
         &self,
-        database_id: &str,
         caller: &str,
-        name: &str,
-        now: i64,
-    ) -> Result<(), String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        self.database_meta(database_id)?;
-        let name = normalize_database_name(name)?;
-        self.write_index(|conn| {
-            conn.execute(
-                "UPDATE databases
-                 SET name = ?2,
-                     updated_at_ms = ?3
-                 WHERE database_id = ?1",
-                params![database_id, name, now],
+        cursor: Option<String>,
+        limit: u32,
+    ) -> Result<MarketEntitlementPage, String> {
+        require_authenticated_principal(caller)?;
+        let limit = page_limit(limit);
+        let after = cursor.unwrap_or_default();
+        self.read_index(|conn| {
+            let mut stmt = conn
+                .prepare(
+                    "SELECT database_id, buyer_principal, listing_id, order_id,
+                            purchased_at_ms, status
+                     FROM market_entitlements
+                     WHERE buyer_principal = ?1
+                       AND database_id > ?2
+                       AND status = ?3
+                     ORDER BY database_id ASC
+                     LIMIT ?4",
+                )
+                .map_err(|error| error.to_string())?;
+            let mut entitlements = crate::sqlite::query_map(
+                &mut stmt,
+                params![
+                    caller,
+                    after,
+                    MARKET_ENTITLEMENT_STATUS_ACTIVE,
+                    i64::from(limit) + 1
+                ],
+                map_market_entitlement,
             )
             .map_err(|error| error.to_string())?;
-            Ok(())
+            let next_cursor = if entitlements.len() > limit as usize {
+                entitlements.pop();
+                entitlements
+                    .last()
+                    .map(|entitlement| entitlement.database_id.clone())
+            } else {
+                None
+            };
+            Ok(MarketEntitlementPage {
+                entitlements,
+                next_cursor,
+            })
         })
     }
 
-    pub fn revoke_database_access(
+    pub fn market_list_orders(
         &self,
-        database_id: &str,
         caller: &str,
-        principal: &str,
-    ) -> Result<(), String> {
-        self.require_role(database_id, caller, RequiredRole::Owner)?;
-        self.database_meta(database_id)?;
-        if caller == principal {
-            return Err("owner cannot revoke own access".to_string());
-        }
-        self.write_index(|conn| {
-            conn.execute(
-                "DELETE FROM database_members WHERE database_id = ?1 AND principal = ?2",
-                params![database_id, principal],
+        cursor: Option<String>,
+        limit: u32,
+    ) -> Result<MarketOrderPage, String> {
+        require_authenticated_principal(caller)?;
+        let limit = page_limit(limit);
+        let after = cursor.unwrap_or_default();
+        self.read_index(|conn| {
+            let mut stmt = conn
+                .prepare(
+                    "SELECT order_id, listing_id, database_id, buyer_principal, seller_principal,
+                            price_e8s, listing_revision, created_at_ms
+                     FROM market_orders
+                     WHERE buyer_principal = ?1 AND order_id > ?2
+                     ORDER BY order_id ASC
+                     LIMIT ?3",
+                )
+                .map_err(|error| error.to_string())?;
+            let mut orders = crate::sqlite::query_map(
+                &mut stmt,
+                params![caller, after, i64::from(limit) + 1],
+                map_market_order,
             )
             .map_err(|error| error.to_string())?;
-            Ok(())
+            let next_cursor = if orders.len() > limit as usize {
+                orders.pop();
+                orders.last().map(|order| order.order_id.clone())
+            } else {
+                None
+            };
+            Ok(MarketOrderPage {
+                orders,
+                next_cursor,
+            })
         })
     }
 
-    pub fn list_database_members(
+    pub fn market_count_active_entitlements(
         &self,
-        database_id: &str,
         caller: &str,
-    ) -> Result<Vec<DatabaseMember>, String> {
-        self.database_meta(database_id)?;
+        database_id: &str,
+    ) -> Result<u64, String> {
+        require_authenticated_principal(caller)?;
         self.read_index(|conn| {
-            let caller_role = load_member_role(conn, database_id, caller)?
-                .ok_or_else(|| format!("principal has no access to database: {database_id}"))?;
-            if caller_role != DatabaseRole::Owner
-                && !(caller == ANONYMOUS_PRINCIPAL
-                    && role_allows(caller_role, RequiredRole::Reader))
-            {
-                return Err(format!(
-                    "principal lacks required database role: {database_id}"
-                ));
+            load_database_status(conn, database_id)?;
+            let config = load_cycles_billing_config(conn)?;
+            if caller != config.billing_authority_id {
+                let role = load_member_role(conn, database_id, caller)?
+                    .ok_or_else(|| format!("principal has no access to database: {database_id}"))?;
+                if role != DatabaseRole::Owner {
+                    return Err(format!(
+                        "principal lacks required database role: {database_id}"
+                    ));
+                }
             }
-            let mut stmt = conn
-                .prepare(
-                    "SELECT database_id, principal, role, created_at_ms
-             FROM database_members
-             WHERE database_id = ?1
-             ORDER BY principal ASC",
+            let count: i64 = conn
+                .query_row(
+                    "SELECT COUNT(*)
+                     FROM market_entitlements
+                     WHERE database_id = ?1
+                       AND status = ?2",
+                    params![database_id, MARKET_ENTITLEMENT_STATUS_ACTIVE],
+                    |row| crate::sqlite::row_get(row, 0),
                 )
                 .map_err(|error| error.to_string())?;
-            crate::sqlite::query_map(&mut stmt, params![database_id], |row| {
-                Ok(DatabaseMember {
-                    database_id: crate::sqlite::row_get(row, 0)?,
-                    principal: crate::sqlite::row_get(row, 1)?,
-                    role: role_from_db(&crate::sqlite::row_get::<String>(row, 2)?)?,
-                    created_at_ms: crate::sqlite::row_get(row, 3)?,
-                })
-            })
-            .map_err(|error| error.to_string())
+            u64::try_from(count).map_err(|error| error.to_string())
         })
     }
 
-    pub fn status(&self, database_id: &str, caller: &str) -> Result<Status, String> {
-        self.with_database_store(database_id, caller, RequiredRole::Reader, |store| {
-            store.status()
+    pub fn require_database_write_cycles_available(&self, database_id: &str) -> Result<(), String> {
+        self.read_index(|conn| {
+            let config = load_cycles_billing_config(conn)?;
+            require_database_write_cycles_available_for_conn(conn, database_id, &config)
         })
     }
 
-    pub fn read_node(
+    pub fn prepare_metered_update(
         &self,
         database_id: &str,
         caller: &str,
-        path: &str,
-    ) -> Result<Option<Node>, String> {
-        self.with_database_store(database_id, caller, RequiredRole::Reader, |store| {
-            store.read_node(path)
+        required_role: RequiredRole,
+    ) -> Result<CyclesBillingConfig, String> {
+        self.read_index(|conn| {
+            let role = load_database_status(conn, database_id).and_then(|_| {
+                load_member_role(conn, database_id, caller)?
+                    .ok_or_else(|| format!("principal has no access to database: {database_id}"))
+            })?;
+            if !role_allows(role, required_role) {
+                return Err(format!(
+                    "principal lacks required database role: {database_id}"
+                ));
+            }
+            let config = load_cycles_billing_config(conn)?;
+            require_database_write_cycles_available_for_conn(conn, database_id, &config)?;
+            Ok(config)
         })
     }
 
-    pub fn authorize_url_ingest_trigger_session(
+    pub fn check_database_write_cycles(
         &self,
+        database_id: &str,
         caller: &str,
-        request: UrlIngestTriggerSessionRequest,
-        now: i64,
     ) -> Result<(), String> {
-        validate_url_ingest_trigger_session_request(&request)?;
-        if caller == "2vxsx-fae" {
+        if caller == ANONYMOUS_PRINCIPAL {
             return Err("anonymous caller not allowed".to_string());
         }
-        self.require_role(&request.database_id, caller, RequiredRole::Writer)?;
-        self.require_role(
-            &request.database_id,
-            DEFAULT_LLM_WRITER_PRINCIPAL,
-            RequiredRole::Writer,
-        )
-        .map_err(|error| format!("LLM writer principal lacks writer access: {error}"))?;
-        self.write_index(|conn| {
-            purge_expired_url_ingest_trigger_sessions(conn, now)?;
-            conn.execute(
-                "INSERT INTO url_ingest_trigger_sessions
-             (database_id, session_nonce, principal, expires_at_ms, created_at_ms,
-              refreshed_at_ms)
-             VALUES (?1, ?2, ?3, ?4, ?5, ?5)
-             ON CONFLICT(database_id, session_nonce) DO UPDATE SET
-               principal = excluded.principal,
-               expires_at_ms = excluded.expires_at_ms,
-               refreshed_at_ms = excluded.refreshed_at_ms",
-                params![
-                    request.database_id,
-                    request.session_nonce,
-                    caller,
-                    now + URL_INGEST_TRIGGER_SESSION_TTL_MS,
-                    now
-                ],
-            )
-            .map_err(|error| error.to_string())?;
-            Ok(())
-        })
-    }
-
-    pub fn check_url_ingest_trigger_session(
-        &self,
-        request: UrlIngestTriggerSessionCheckRequest,
-        now: i64,
-    ) -> Result<(), String> {
-        validate_url_ingest_trigger_session_check_request(&request)?;
-        self.require_role(
-            &request.database_id,
-            DEFAULT_LLM_WRITER_PRINCIPAL,
-            RequiredRole::Writer,
-        )
-        .map_err(|error| format!("LLM writer principal lacks writer access: {error}"))?;
-        let principal: String = self.read_index(|conn| {
-            conn.query_row(
-                "SELECT principal FROM url_ingest_trigger_sessions
-                 WHERE database_id = ?1
-                   AND session_nonce = ?2
-                   AND expires_at_ms >= ?3",
-                params![request.database_id, request.session_nonce, now],
-                |row| crate::sqlite::row_get(row, 0),
-            )
-            .optional()
-            .map_err(|error| error.to_string())?
-            .ok_or_else(|| "url ingest trigger session is missing or expired".to_string())
-        })?;
-        let node = self
-            .read_node(&request.database_id, &principal, &request.request_path)?
-            .ok_or_else(|| format!("url ingest request not found: {}", request.request_path))?;
-        validate_url_ingest_request_node(&node, &principal)?;
-        self.require_database_write_cycles_available(&request.database_id)
+        self.require_role(database_id, caller, RequiredRole::Writer)?;
+        self.require_database_write_cycles_available(database_id)
     }
 
-    pub fn authorize_ops_answer_session(
+    pub fn charge_database_update(
         &self,
+        config: &CyclesBillingConfig,
+        database_id: &str,
         caller: &str,
-        request: OpsAnswerSessionRequest,
+        method: &str,
+        cycles_delta: u128,
         now: i64,
     ) -> Result<(), String> {
-        validate_ops_answer_session_request(&request)?;
-        if caller == "2vxsx-fae" {
-            return Err("anonymous caller not allowed".to_string());
+        let computed_charge = compute_update_charge(cycles_delta)?;
+        if computed_charge == 0 {
+            return Ok(());
         }
-        self.require_role(&request.database_id, caller, RequiredRole::Reader)?;
-        self.write_index(|conn| {
-            purge_expired_ops_answer_sessions(conn, now)?;
-            conn.execute(
-                "INSERT INTO ops_answer_sessions
-             (database_id, session_nonce, principal, expires_at_ms, created_at_ms,
-              refreshed_at_ms)
-             VALUES (?1, ?2, ?3, ?4, ?5, ?5)
-             ON CONFLICT(database_id, session_nonce) DO UPDATE SET
-               principal = excluded.principal,
-               expires_at_ms = excluded.expires_at_ms,
-               refreshed_at_ms = excluded.refreshed_at_ms",
-                params![
-                    request.database_id,
-                    request.session_nonce,
+        self.write_index(|tx| {
+            charge_database_update_in_tx(
+                tx,
+                DatabaseCharge {
+                    database_id,
                     caller,
-                    now + OPS_ANSWER_SESSION_TTL_MS,
-                    now
-                ],
+                    method,
+                    cycles_delta,
+                    now,
+                    config,
+                    computed_charge,
+                },
             )
-            .map_err(|error| error.to_string())?;
-            Ok(())
         })
     }
 
-    pub fn check_ops_answer_session(
-        &self,
-        request: OpsAnswerSessionCheckRequest,
-        now: i64,
-    ) -> Result<OpsAnswerSessionCheckResult, String> {
-        validate_ops_answer_session_check_request(&request)?;
-        let principal: String = self.read_index(|conn| {
-            conn.query_row(
-                "SELECT principal FROM ops_answer_sessions
-                 WHERE database_id = ?1
-                   AND session_nonce = ?2
-                   AND expires_at_ms >= ?3",
-                params![request.database_id, request.session_nonce, now],
-                |row| crate::sqlite::row_get(row, 0),
-            )
-            .optional()
-            .map_err(|error| error.to_string())?
-            .ok_or_else(|| "ops answer session is missing or expired".to_string())
-        })?;
-        self.require_role(&request.database_id, &principal, RequiredRole::Reader)?;
-        self.require_database_write_cycles_available(&request.database_id)?;
-        Ok(OpsAnswerSessionCheckResult { principal })
+    pub fn run_database_migrations(&self, database_id: &str) -> Result<(), String> {
+        let meta = self.database_meta(database_id)?;
+        self.run_database_migrations_for_meta(database_id, &meta)
     }
 
-    pub fn check_source_run_session(
+    pub fn run_pending_database_migrations(&self, database_id: &str) -> Result<(), String> {
+        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Pending])?;
+        self.run_database_migrations_for_meta(database_id, &meta)
+    }
+
+    fn run_database_migrations_for_meta(
         &self,
-        request: SourceRunSessionCheckRequest,
-        now: i64,
+        database_id: &str,
+        meta: &DatabaseMeta,
     ) -> Result<(), String> {
-        validate_source_run_session_check_request(&request)?;
-        self.require_role(
-            &request.database_id,
-            DEFAULT_LLM_WRITER_PRINCIPAL,
-            RequiredRole::Writer,
-        )
-        .map_err(|error| format!("LLM writer principal lacks writer access: {error}"))?;
-        let principal: String = self.read_index(|conn| {
-            conn.query_row(
-                "SELECT principal FROM source_run_sessions
-                 WHERE database_id = ?1
-                   AND source_path = ?2
-                   AND source_etag = ?3
-                   AND session_nonce = ?4
-                   AND expires_at_ms >= ?5",
-                params![
-                    request.database_id,
-                    request.source_path,
-                    request.source_etag,
-                    request.session_nonce,
-                    now
-                ],
-                |row| crate::sqlite::row_get(row, 0),
-            )
-            .optional()
-            .map_err(|error| error.to_string())?
-            .ok_or_else(|| "source run session is missing or expired".to_string())
-        })?;
-        self.require_role(&request.database_id, &principal, RequiredRole::Writer)?;
-        let source = self
-            .read_node(&request.database_id, &principal, &request.source_path)?
-            .ok_or_else(|| format!("source node not found: {}", request.source_path))?;
-        if source.kind != NodeKind::Source {
-            return Err("source run session target is not a source node".to_string());
+        #[cfg(not(target_arch = "wasm32"))]
+        if let Some(parent) = Path::new(&meta.db_file_name).parent() {
+            create_dir_all(parent).map_err(|error| error.to_string())?;
         }
-        if source.etag != request.source_etag {
-            return Err("source run session source etag is stale".to_string());
+        let result = self.database_store(meta)?.run_fs_migrations();
+        if result.is_ok() {
+            let _ = self.refresh_logical_size(database_id);
         }
-        self.require_database_write_cycles_available(&request.database_id)?;
-        Ok(())
+        result
     }
 
-    pub fn list_nodes(
+    pub fn delete_database(
         &self,
+        request: DeleteDatabaseRequest,
         caller: &str,
-        request: ListNodesRequest,
-    ) -> Result<Vec<NodeEntry>, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.list_nodes(request)
+        _now: i64,
+    ) -> Result<(), String> {
+        let database_id = request.database_id.as_str();
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        self.require_no_pending_cycles_operations(database_id)?;
+        let status = self.read_index(|conn| load_database_status(conn, database_id))?;
+        if !matches!(status, DatabaseStatus::Pending | DatabaseStatus::Active) {
+            return Err(format!(
+                "database is {}: {database_id}",
+                status_to_db(status)
+            ));
+        }
+        let meta = self.database_meta(database_id).ok();
+        #[cfg(target_arch = "wasm32")]
+        let _ = &meta;
+        #[cfg(not(target_arch = "wasm32"))]
+        if let Some(meta) = &meta
+            && let Err(error) = remove_file(&meta.db_file_name)
+            && error.kind() != std::io::ErrorKind::NotFound
+        {
+            return Err(error.to_string());
+        }
+        self.write_index(|conn| {
+            delete_database_index_rows(conn, database_id)?;
+            Ok(())
         })
     }
 
-    pub fn list_children(
-        &self,
-        caller: &str,
-        request: ListChildrenRequest,
-    ) -> Result<Vec<ChildNode>, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.list_children(request)
+    fn require_no_pending_cycles_operations(&self, database_id: &str) -> Result<(), String> {
+        self.read_index(|conn| {
+            let pending = first_database_cycles_pending_purchase_status(conn, database_id)?;
+            if let Some(pending) = pending {
+                return Err(format!(
+                    "database has pending cycle operation: {database_id}; operation_id={}; status={}; required_action={}",
+                    pending.operation_id,
+                    pending.status,
+                    pending.required_action
+                ));
+            }
+            Ok(())
         })
     }
 
-    pub fn write_node(
+    pub fn begin_database_archive(
         &self,
+        database_id: &str,
         caller: &str,
-        request: WriteNodeRequest,
         now: i64,
-    ) -> Result<WriteNodeResult, String> {
-        validate_source_path_for_kind(&request.path, &request.kind)?;
-        let database_id = request.database_id.clone();
-        let result =
-            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
-                store.write_node(request, now)
-            });
-        if result.is_ok() {
-            let _ = self.refresh_logical_size(&database_id);
-        }
-        result
+    ) -> Result<DatabaseArchiveInfo, String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        self.require_no_pending_cycles_operations(database_id)?;
+        let meta = self.database_meta(database_id)?;
+        let size_bytes = self.database_size(&meta)?;
+        self.write_index(|conn| {
+            conn.execute(
+                "UPDATE databases
+             SET status = 'archiving',
+                 updated_at_ms = ?2,
+                 logical_size_bytes = ?3
+             WHERE database_id = ?1",
+                params![
+                    database_id,
+                    now,
+                    i64::try_from(size_bytes).map_err(|error| error.to_string())?
+                ],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
+        })?;
+        Ok(DatabaseArchiveInfo {
+            database_id: database_id.to_string(),
+            size_bytes,
+        })
     }
 
-    pub fn write_source_for_generation(
+    pub fn read_database_archive_chunk(
         &self,
+        database_id: &str,
         caller: &str,
-        request: WriteSourceForGenerationRequest,
-        now: i64,
-    ) -> Result<WriteSourceForGenerationResult, String> {
-        if caller == ANONYMOUS_PRINCIPAL {
-            return Err("anonymous caller not allowed".to_string());
+        offset: u64,
+        max_bytes: u32,
+    ) -> Result<Vec<u8>, String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Archiving])?;
+        if max_bytes == 0 {
+            return Ok(Vec::new());
         }
-        validate_source_for_generation_request(&request)?;
-        self.require_role(&request.database_id, caller, RequiredRole::Writer)?;
-        self.require_role(
-            &request.database_id,
-            DEFAULT_LLM_WRITER_PRINCIPAL,
-            RequiredRole::Writer,
-        )
-        .map_err(|error| format!("LLM writer principal lacks writer access: {error}"))?;
-
-        let database_id = request.database_id.clone();
-        let session_nonce = request.session_nonce.clone();
-        let path = request.path.clone();
-        let write_request = WriteNodeRequest {
-            database_id: request.database_id,
-            path: request.path,
-            kind: NodeKind::Source,
-            content: request.content,
-            metadata_json: request.metadata_json,
-            expected_etag: request.expected_etag,
-        };
-        let write =
-            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
-                store.write_node(write_request, now)
-            })?;
-        let _ = self.write_source_run_session(
-            &database_id,
-            &path,
-            &write.node.etag,
-            &session_nonce,
-            caller,
-            now,
-        );
-        let _ = self.refresh_logical_size(&database_id);
-        Ok(WriteSourceForGenerationResult {
-            write,
-            session_nonce,
-        })
+        if max_bytes > MAX_ARCHIVE_CHUNK_BYTES {
+            return Err(format!(
+                "archive chunk size exceeds limit: {max_bytes} > {MAX_ARCHIVE_CHUNK_BYTES}"
+            ));
+        }
+        let size = meta.logical_size_bytes;
+        if offset >= size {
+            return Ok(Vec::new());
+        }
+        let remaining = size.saturating_sub(offset);
+        let chunk_len = remaining.min(u64::from(max_bytes));
+        self.database_export_chunk(&meta, offset, chunk_len)
     }
 
-    pub fn write_nodes(
+    pub fn finalize_database_archive(
         &self,
+        database_id: &str,
         caller: &str,
-        request: WriteNodesRequest,
+        snapshot_hash: Vec<u8>,
         now: i64,
-    ) -> Result<Vec<WriteNodeResult>, String> {
-        for node in &request.nodes {
-            validate_source_path_for_kind(&node.path, &node.kind)?;
-        }
-        let database_id = request.database_id.clone();
-        let result =
-            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
-                store.write_nodes(request, now)
-            });
-        if result.is_ok() {
-            let _ = self.refresh_logical_size(&database_id);
+    ) -> Result<DatabaseMeta, String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Archiving])?;
+        validate_snapshot_hash(&snapshot_hash)?;
+        let actual_hash = self.database_sha256(&meta, meta.logical_size_bytes)?;
+        if actual_hash != snapshot_hash {
+            return Err("snapshot_hash does not match archived database bytes".to_string());
         }
-        result
+        self.write_index(|conn| {
+            conn.execute(
+                "UPDATE databases
+             SET status = 'archived',
+                 snapshot_hash = ?2,
+                 restore_size_bytes = NULL,
+                 archived_at_ms = ?3,
+                 updated_at_ms = ?3
+             WHERE database_id = ?1",
+                params![database_id, snapshot_hash, now],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
+        })?;
+        Ok(meta)
     }
 
-    pub fn delete_node(
+    pub fn cancel_database_archive(
         &self,
+        database_id: &str,
         caller: &str,
-        request: DeleteNodeRequest,
         now: i64,
-    ) -> Result<DeleteNodeResult, String> {
-        let database_id = request.database_id.clone();
-        let result =
-            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
-                store.delete_node(request, now)
-            });
-        if result.is_ok() {
-            let _ = self.refresh_logical_size(&database_id);
-        }
-        result
+    ) -> Result<DatabaseMeta, String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Archiving])?;
+        self.write_index(|conn| {
+            conn.execute(
+                "UPDATE databases
+             SET status = 'active',
+                 updated_at_ms = ?2
+             WHERE database_id = ?1",
+                params![database_id, now],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
+        })?;
+        Ok(meta)
     }
 
-    pub fn append_node(
+    pub fn begin_database_restore(
         &self,
+        database_id: &str,
         caller: &str,
-        request: AppendNodeRequest,
+        snapshot_hash: Vec<u8>,
+        size_bytes: u64,
         now: i64,
-    ) -> Result<WriteNodeResult, String> {
-        let database_id = request.database_id.clone();
-        let result =
-            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
-                let kind = store
-                    .read_node(&request.path)?
-                    .map(|node| node.kind)
-                    .or_else(|| request.kind.clone())
-                    .unwrap_or(NodeKind::File);
-                validate_source_path_for_kind(&request.path, &kind)?;
-                store.append_node(request, now)
-            });
-        if result.is_ok() {
-            let _ = self.refresh_logical_size(&database_id);
-        }
-        result
+    ) -> Result<DatabaseMeta, String> {
+        self.begin_database_restore_session(database_id, caller, snapshot_hash, size_bytes, now)
+            .map(|restore| restore.meta)
     }
 
-    pub fn edit_node(
+    pub fn begin_database_restore_session(
         &self,
+        database_id: &str,
         caller: &str,
-        request: EditNodeRequest,
+        snapshot_hash: Vec<u8>,
+        size_bytes: u64,
         now: i64,
-    ) -> Result<EditNodeResult, String> {
-        let database_id = request.database_id.clone();
-        let result =
-            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
-                store.edit_node(request, now)
-            });
-        if result.is_ok() {
-            let _ = self.refresh_logical_size(&database_id);
+    ) -> Result<DatabaseRestoreBegin, String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        validate_snapshot_hash(&snapshot_hash)?;
+        if size_bytes > MAX_DATABASE_SIZE_BYTES {
+            return Err(format!(
+                "database size exceeds limit: {size_bytes} > {MAX_DATABASE_SIZE_BYTES}"
+            ));
         }
-        result
+        self.require_no_pending_cycles_operations(database_id)?;
+        let rollback = self.database_restore_rollback(database_id)?;
+        if rollback.status != DatabaseStatus::Archived {
+            return Err("database restore can only begin from archived status".to_string());
+        }
+        let mount_id = rollback
+            .active_mount_id
+            .ok_or_else(|| format!("archived database has no mount: {database_id}"))?;
+        self.write_index(|tx| {
+            record_database_restore_session(tx, &rollback, now)?;
+            tx.execute(
+                "DELETE FROM database_restore_chunks WHERE database_id = ?1",
+                params![database_id],
+            )
+            .map_err(|error| error.to_string())?;
+            tx.execute(
+                "UPDATE databases
+	             SET status = 'restoring',
+	                 active_mount_id = ?2,
+	                 snapshot_hash = ?3,
+	                 archived_at_ms = NULL,
+	                 restore_size_bytes = ?4,
+	                 updated_at_ms = ?5
+             WHERE database_id = ?1",
+                params![
+                    database_id,
+                    i64::from(mount_id),
+                    snapshot_hash,
+                    i64::try_from(size_bytes).map_err(|error| error.to_string())?,
+                    now
+                ],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
+        })?;
+        let meta = self.database_meta_allowing_restoring(database_id)?;
+        #[cfg(not(target_arch = "wasm32"))]
+        let _ = remove_file(&meta.db_file_name);
+        Ok(DatabaseRestoreBegin { meta, rollback })
     }
 
-    pub fn mkdir_node(
+    pub fn rollback_database_restore_begin(
         &self,
-        caller: &str,
-        request: MkdirNodeRequest,
+        rollback: DatabaseRestoreRollback,
         now: i64,
-    ) -> Result<MkdirNodeResult, String> {
-        let database_id = request.database_id.clone();
-        let result =
-            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
-                store.mkdir_node(request, now)
-            });
-        if result.is_ok() {
-            let _ = self.refresh_logical_size(&database_id);
-        }
-        result
+    ) -> Result<(), String> {
+        self.write_index(|tx| {
+            let current_status = load_database_status(tx, &rollback.database_id)?;
+            if current_status != DatabaseStatus::Restoring {
+                return Err(format!(
+                    "database restore rollback requires restoring status: {}",
+                    rollback.database_id
+                ));
+            }
+            tx.execute(
+                "DELETE FROM database_restore_chunks WHERE database_id = ?1",
+                params![rollback.database_id],
+            )
+            .map_err(|error| error.to_string())?;
+            restore_database_state(tx, &rollback, now)?;
+            Ok(())
+        })
     }
 
-    pub fn move_node(
+    pub fn cancel_database_restore(
         &self,
+        database_id: &str,
         caller: &str,
-        request: MoveNodeRequest,
         now: i64,
-    ) -> Result<MoveNodeResult, String> {
-        let database_id = request.database_id.clone();
-        let result =
-            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
-                if let Some(node) = store.read_node(&request.from_path)? {
-                    validate_source_path_for_kind(&request.to_path, &node.kind)?;
-                }
-                store.move_node(request, now)
-            });
-        if result.is_ok() {
-            let _ = self.refresh_logical_size(&database_id);
+    ) -> Result<DatabaseMeta, String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Restoring])?;
+        let rollback = self.database_restore_session(database_id)?;
+        #[cfg(not(target_arch = "wasm32"))]
+        if let Err(error) = remove_file(&meta.db_file_name)
+            && error.kind() != std::io::ErrorKind::NotFound
+        {
+            return Err(error.to_string());
         }
-        result
-    }
-
-    pub fn glob_nodes(
-        &self,
-        caller: &str,
-        request: GlobNodesRequest,
-    ) -> Result<Vec<GlobNodeHit>, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.glob_nodes(request)
-        })
+        self.write_index(|tx| {
+            tx.execute(
+                "DELETE FROM database_restore_chunks WHERE database_id = ?1",
+                params![database_id],
+            )
+            .map_err(|error| error.to_string())?;
+            restore_database_state(tx, &rollback, now)?;
+            Ok(())
+        })?;
+        Ok(meta)
     }
 
-    pub fn incoming_links(
+    pub fn write_database_restore_chunk(
         &self,
+        database_id: &str,
         caller: &str,
-        request: IncomingLinksRequest,
-    ) -> Result<Vec<LinkEdge>, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.incoming_links(request)
+        offset: u64,
+        bytes: &[u8],
+    ) -> Result<(), String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        if bytes.len() > MAX_RESTORE_CHUNK_BYTES {
+            return Err(format!(
+                "restore chunk size exceeds limit: {} > {MAX_RESTORE_CHUNK_BYTES}",
+                bytes.len()
+            ));
+        }
+        let _meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Restoring])?;
+        let expected_size = self.restore_size_bytes(database_id)?;
+        let end = offset
+            .checked_add(bytes.len() as u64)
+            .ok_or_else(|| "restore chunk range overflows u64".to_string())?;
+        if end > expected_size {
+            return Err(format!(
+                "restore chunk exceeds expected size: end {end} > {expected_size}"
+            ));
+        }
+        self.write_index(|conn| {
+            conn.execute(
+                "INSERT OR REPLACE INTO database_restore_chunks
+             (database_id, offset_bytes, end_bytes, bytes)
+             VALUES (?1, ?2, ?3, ?4)",
+                params![
+                    database_id,
+                    i64::try_from(offset).map_err(|error| error.to_string())?,
+                    i64::try_from(end).map_err(|error| error.to_string())?,
+                    bytes.to_vec()
+                ],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
         })
     }
 
-    pub fn outgoing_links(
+    pub fn finalize_database_restore(
         &self,
+        database_id: &str,
         caller: &str,
-        request: OutgoingLinksRequest,
-    ) -> Result<Vec<LinkEdge>, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.outgoing_links(request)
-        })
+        now: i64,
+    ) -> Result<DatabaseMeta, String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        let meta = self.database_meta_with_statuses(database_id, &[DatabaseStatus::Restoring])?;
+        let expected_size = self.restore_size_bytes(database_id)?;
+        let chunks = self.read_index(|conn| load_restore_chunks(conn, database_id))?;
+        if !restore_chunks_cover_expected_size(&chunks, expected_size)? {
+            return Err(format!(
+                "restore chunks are incomplete for expected size {expected_size} bytes"
+            ));
+        }
+        let expected_hash = self.restore_snapshot_hash(database_id)?;
+        let mut hasher = Sha256::new();
+        let mut checksum = FNV1A64_OFFSET;
+        for chunk in &chunks {
+            hasher.update(&chunk.bytes);
+            checksum = fnv1a64_update(checksum, &chunk.bytes);
+        }
+        let actual_hash = hasher.finalize().to_vec();
+        if actual_hash != expected_hash {
+            return Err("snapshot_hash does not match restored database bytes".to_string());
+        }
+        self.import_database_bytes(&meta, expected_size, checksum, &chunks)?;
+        self.database_store(&meta)?.run_fs_migrations()?;
+        self.write_index(|tx| {
+            tx.execute(
+                "DELETE FROM database_restore_chunks WHERE database_id = ?1",
+                params![database_id],
+            )
+            .map_err(|error| error.to_string())?;
+            tx.execute(
+                "DELETE FROM database_restore_sessions WHERE database_id = ?1",
+                params![database_id],
+            )
+            .map_err(|error| error.to_string())?;
+            tx.execute(
+                "UPDATE databases
+             SET status = 'active',
+                 logical_size_bytes = ?2,
+                 restore_size_bytes = NULL,
+                 updated_at_ms = ?3
+             WHERE database_id = ?1",
+                params![
+                    database_id,
+                    i64::try_from(expected_size).map_err(|error| error.to_string())?,
+                    now
+                ],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
+        })?;
+        self.database_meta(database_id)
     }
 
-    pub fn graph_links(
+    pub fn grant_database_access(
         &self,
+        database_id: &str,
         caller: &str,
-        request: GraphLinksRequest,
-    ) -> Result<Vec<LinkEdge>, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.graph_links(request)
+        principal: &str,
+        role: DatabaseRole,
+        now: i64,
+    ) -> Result<(), String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        if caller == principal && role != DatabaseRole::Owner {
+            return Err("owner cannot downgrade own access".to_string());
+        }
+        self.write_index(|conn| {
+            if !database_member_exists(conn, database_id, principal)? {
+                let member_count = database_member_count_for_conn(conn, database_id)?;
+                if member_count >= MAX_DATABASE_MEMBERS_PER_DATABASE {
+                    return Err("too many database members".to_string());
+                }
+            }
+            conn.execute(
+                "INSERT INTO database_members (database_id, principal, role, created_at_ms)
+             VALUES (?1, ?2, ?3, ?4)
+             ON CONFLICT(database_id, principal)
+             DO UPDATE SET role = excluded.role",
+                params![database_id, principal, role_to_db(role), now],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
         })
     }
 
-    pub fn graph_neighborhood(
+    pub fn rename_database(
         &self,
+        database_id: &str,
         caller: &str,
-        request: GraphNeighborhoodRequest,
-    ) -> Result<Vec<LinkEdge>, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.graph_neighborhood(request)
+        name: &str,
+        now: i64,
+    ) -> Result<(), String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        self.database_meta(database_id)?;
+        let name = normalize_database_name(name)?;
+        self.write_index(|conn| {
+            conn.execute(
+                "UPDATE databases
+                 SET name = ?2,
+                     updated_at_ms = ?3
+                 WHERE database_id = ?1",
+                params![database_id, name, now],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
         })
     }
 
-    pub fn read_node_context(
+    pub fn revoke_database_access(
         &self,
+        database_id: &str,
         caller: &str,
-        request: NodeContextRequest,
-    ) -> Result<Option<NodeContext>, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.read_node_context(request)
+        principal: &str,
+    ) -> Result<(), String> {
+        self.require_role(database_id, caller, RequiredRole::Owner)?;
+        self.database_meta(database_id)?;
+        if caller == principal {
+            return Err("owner cannot revoke own access".to_string());
+        }
+        self.write_index(|conn| {
+            conn.execute(
+                "DELETE FROM database_members WHERE database_id = ?1 AND principal = ?2",
+                params![database_id, principal],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
         })
     }
 
-    pub fn query_context(
+    pub fn list_database_members(
         &self,
+        database_id: &str,
         caller: &str,
-        request: QueryContextRequest,
-    ) -> Result<QueryContext, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.query_context(request)
+    ) -> Result<Vec<DatabaseMember>, String> {
+        self.database_meta(database_id)?;
+        self.read_index(|conn| {
+            let caller_role = load_member_role(conn, database_id, caller)?
+                .ok_or_else(|| format!("principal has no access to database: {database_id}"))?;
+            if caller_role != DatabaseRole::Owner
+                && !(caller == ANONYMOUS_PRINCIPAL
+                    && role_allows(caller_role, RequiredRole::Reader))
+            {
+                return Err(format!(
+                    "principal lacks required database role: {database_id}"
+                ));
+            }
+            let mut stmt = conn
+                .prepare(
+                    "SELECT database_id, principal, role, created_at_ms
+             FROM database_members
+             WHERE database_id = ?1
+             ORDER BY principal ASC",
+                )
+                .map_err(|error| error.to_string())?;
+            crate::sqlite::query_map(&mut stmt, params![database_id], |row| {
+                Ok(DatabaseMember {
+                    database_id: crate::sqlite::row_get(row, 0)?,
+                    principal: crate::sqlite::row_get(row, 1)?,
+                    role: role_from_db(&crate::sqlite::row_get::<String>(row, 2)?)?,
+                    created_at_ms: crate::sqlite::row_get(row, 3)?,
+                })
+            })
+            .map_err(|error| error.to_string())
         })
     }
 
-    pub fn source_evidence(
+    pub fn status(&self, database_id: &str, caller: &str) -> Result<Status, String> {
+        self.with_database_store(database_id, caller, RequiredRole::Reader, |store| {
+            store.status()
+        })
+    }
+
+    pub fn read_node(
         &self,
+        database_id: &str,
         caller: &str,
-        request: SourceEvidenceRequest,
-    ) -> Result<SourceEvidence, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.source_evidence(request)
-        })
+        path: &str,
+    ) -> Result<Option<Node>, String> {
+        self.with_market_read_database_store(database_id, caller, |store| store.read_node(path))
     }
 
-    pub fn multi_edit_node(
+    pub fn authorize_url_ingest_trigger_session(
         &self,
         caller: &str,
-        request: MultiEditNodeRequest,
+        request: UrlIngestTriggerSessionRequest,
         now: i64,
-    ) -> Result<MultiEditNodeResult, String> {
-        let database_id = request.database_id.clone();
-        let result =
-            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
-                store.multi_edit_node(request, now)
-            });
-        if result.is_ok() {
-            let _ = self.refresh_logical_size(&database_id);
+    ) -> Result<(), String> {
+        validate_url_ingest_trigger_session_request(&request)?;
+        if caller == "2vxsx-fae" {
+            return Err("anonymous caller not allowed".to_string());
         }
-        result
+        self.require_role(&request.database_id, caller, RequiredRole::Writer)?;
+        self.require_role(
+            &request.database_id,
+            DEFAULT_LLM_WRITER_PRINCIPAL,
+            RequiredRole::Writer,
+        )
+        .map_err(|error| format!("LLM writer principal lacks writer access: {error}"))?;
+        self.write_index(|conn| {
+            purge_expired_url_ingest_trigger_sessions(conn, now)?;
+            conn.execute(
+                "INSERT INTO url_ingest_trigger_sessions
+             (database_id, session_nonce, principal, expires_at_ms, created_at_ms,
+              refreshed_at_ms)
+             VALUES (?1, ?2, ?3, ?4, ?5, ?5)
+             ON CONFLICT(database_id, session_nonce) DO UPDATE SET
+               principal = excluded.principal,
+               expires_at_ms = excluded.expires_at_ms,
+               refreshed_at_ms = excluded.refreshed_at_ms",
+                params![
+                    request.database_id,
+                    request.session_nonce,
+                    caller,
+                    now + URL_INGEST_TRIGGER_SESSION_TTL_MS,
+                    now
+                ],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
+        })
     }
 
-    pub fn search_nodes(
+    pub fn check_url_ingest_trigger_session(
+        &self,
+        request: UrlIngestTriggerSessionCheckRequest,
+        now: i64,
+    ) -> Result<(), String> {
+        validate_url_ingest_trigger_session_check_request(&request)?;
+        self.require_role(
+            &request.database_id,
+            DEFAULT_LLM_WRITER_PRINCIPAL,
+            RequiredRole::Writer,
+        )
+        .map_err(|error| format!("LLM writer principal lacks writer access: {error}"))?;
+        let principal: String = self.read_index(|conn| {
+            conn.query_row(
+                "SELECT principal FROM url_ingest_trigger_sessions
+                 WHERE database_id = ?1
+                   AND session_nonce = ?2
+                   AND expires_at_ms >= ?3",
+                params![request.database_id, request.session_nonce, now],
+                |row| crate::sqlite::row_get(row, 0),
+            )
+            .optional()
+            .map_err(|error| error.to_string())?
+            .ok_or_else(|| "url ingest trigger session is missing or expired".to_string())
+        })?;
+        let node = self
+            .read_node(&request.database_id, &principal, &request.request_path)?
+            .ok_or_else(|| format!("url ingest request not found: {}", request.request_path))?;
+        validate_url_ingest_request_node(&node, &principal)?;
+        self.require_database_write_cycles_available(&request.database_id)
+    }
+
+    pub fn authorize_ops_answer_session(
         &self,
         caller: &str,
-        request: SearchNodesRequest,
-    ) -> Result<Vec<SearchNodeHit>, String> {
-        let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.search_nodes(request)
+        request: OpsAnswerSessionRequest,
+        now: i64,
+    ) -> Result<(), String> {
+        validate_ops_answer_session_request(&request)?;
+        if caller == "2vxsx-fae" {
+            return Err("anonymous caller not allowed".to_string());
+        }
+        self.require_role(&request.database_id, caller, RequiredRole::Reader)?;
+        self.write_index(|conn| {
+            purge_expired_ops_answer_sessions(conn, now)?;
+            conn.execute(
+                "INSERT INTO ops_answer_sessions
+             (database_id, session_nonce, principal, expires_at_ms, created_at_ms,
+              refreshed_at_ms)
+             VALUES (?1, ?2, ?3, ?4, ?5, ?5)
+             ON CONFLICT(database_id, session_nonce) DO UPDATE SET
+               principal = excluded.principal,
+               expires_at_ms = excluded.expires_at_ms,
+               refreshed_at_ms = excluded.refreshed_at_ms",
+                params![
+                    request.database_id,
+                    request.session_nonce,
+                    caller,
+                    now + OPS_ANSWER_SESSION_TTL_MS,
+                    now
+                ],
+            )
+            .map_err(|error| error.to_string())?;
+            Ok(())
         })
     }
 
-    pub fn search_node_paths(
+    pub fn check_ops_answer_session(
+        &self,
+        request: OpsAnswerSessionCheckRequest,
+        now: i64,
+    ) -> Result<OpsAnswerSessionCheckResult, String> {
+        validate_ops_answer_session_check_request(&request)?;
+        let principal: String = self.read_index(|conn| {
+            conn.query_row(
+                "SELECT principal FROM ops_answer_sessions
+                 WHERE database_id = ?1
+                   AND session_nonce = ?2
+                   AND expires_at_ms >= ?3",
+                params![request.database_id, request.session_nonce, now],
+                |row| crate::sqlite::row_get(row, 0),
+            )
+            .optional()
+            .map_err(|error| error.to_string())?
+            .ok_or_else(|| "ops answer session is missing or expired".to_string())
+        })?;
+        self.require_role(&request.database_id, &principal, RequiredRole::Reader)?;
+        self.require_database_write_cycles_available(&request.database_id)?;
+        Ok(OpsAnswerSessionCheckResult { principal })
+    }
+
+    pub fn check_source_run_session(
+        &self,
+        request: SourceRunSessionCheckRequest,
+        now: i64,
+    ) -> Result<(), String> {
+        validate_source_run_session_check_request(&request)?;
+        self.require_role(
+            &request.database_id,
+            DEFAULT_LLM_WRITER_PRINCIPAL,
+            RequiredRole::Writer,
+        )
+        .map_err(|error| format!("LLM writer principal lacks writer access: {error}"))?;
+        let principal: String = self.read_index(|conn| {
+            conn.query_row(
+                "SELECT principal FROM source_run_sessions
+                 WHERE database_id = ?1
+                   AND source_path = ?2
+                   AND source_etag = ?3
+                   AND session_nonce = ?4
+                   AND expires_at_ms >= ?5",
+                params![
+                    request.database_id,
+                    request.source_path,
+                    request.source_etag,
+                    request.session_nonce,
+                    now
+                ],
+                |row| crate::sqlite::row_get(row, 0),
+            )
+            .optional()
+            .map_err(|error| error.to_string())?
+            .ok_or_else(|| "source run session is missing or expired".to_string())
+        })?;
+        self.require_role(&request.database_id, &principal, RequiredRole::Writer)?;
+        let source = self
+            .read_node(&request.database_id, &principal, &request.source_path)?
+            .ok_or_else(|| format!("source node not found: {}", request.source_path))?;
+        if source.kind != NodeKind::Source {
+            return Err("source run session target is not a source node".to_string());
+        }
+        if source.etag != request.source_etag {
+            return Err("source run session source etag is stale".to_string());
+        }
+        self.require_database_write_cycles_available(&request.database_id)?;
+        Ok(())
+    }
+
+    pub fn list_nodes(
         &self,
         caller: &str,
-        request: SearchNodePathsRequest,
-    ) -> Result<Vec<SearchNodeHit>, String> {
+        request: ListNodesRequest,
+    ) -> Result<Vec<NodeEntry>, String> {
         let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.search_node_paths(request)
+        self.with_market_read_database_store(&database_id, caller, |store| {
+            store.list_nodes(request)
         })
     }
 
-    pub fn export_fs_snapshot(
+    pub fn list_children(
         &self,
         caller: &str,
-        request: ExportSnapshotRequest,
-    ) -> Result<ExportSnapshotResponse, String> {
+        request: ListChildrenRequest,
+    ) -> Result<Vec<ChildNode>, String> {
         let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.export_snapshot(request)
+        self.with_market_read_database_store(&database_id, caller, |store| {
+            store.list_children(request)
         })
     }
 
-    pub fn fetch_fs_updates(
+    pub fn write_node(
         &self,
         caller: &str,
-        request: FetchUpdatesRequest,
-    ) -> Result<FetchUpdatesResponse, String> {
+        request: WriteNodeRequest,
+        now: i64,
+    ) -> Result<WriteNodeResult, String> {
+        validate_source_path_for_kind(&request.path, &request.kind)?;
         let database_id = request.database_id.clone();
-        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
-            store.fetch_updates(request)
+        let result =
+            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
+                store.write_node(request, now)
+            });
+        if result.is_ok() {
+            let _ = self.refresh_logical_size(&database_id);
+        }
+        result
+    }
+
+    pub fn write_source_for_generation(
+        &self,
+        caller: &str,
+        request: WriteSourceForGenerationRequest,
+        now: i64,
+    ) -> Result<WriteSourceForGenerationResult, String> {
+        if caller == ANONYMOUS_PRINCIPAL {
+            return Err("anonymous caller not allowed".to_string());
+        }
+        validate_source_for_generation_request(&request)?;
+        self.require_role(&request.database_id, caller, RequiredRole::Writer)?;
+        self.require_role(
+            &request.database_id,
+            DEFAULT_LLM_WRITER_PRINCIPAL,
+            RequiredRole::Writer,
+        )
+        .map_err(|error| format!("LLM writer principal lacks writer access: {error}"))?;
+
+        let database_id = request.database_id.clone();
+        let session_nonce = request.session_nonce.clone();
+        let path = request.path.clone();
+        let write_request = WriteNodeRequest {
+            database_id: request.database_id,
+            path: request.path,
+            kind: NodeKind::Source,
+            content: request.content,
+            metadata_json: request.metadata_json,
+            expected_etag: request.expected_etag,
+        };
+        let write =
+            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
+                store.write_node(write_request, now)
+            })?;
+        let _ = self.write_source_run_session(
+            &database_id,
+            &path,
+            &write.node.etag,
+            &session_nonce,
+            caller,
+            now,
+        );
+        let _ = self.refresh_logical_size(&database_id);
+        Ok(WriteSourceForGenerationResult {
+            write,
+            session_nonce,
         })
     }
 
-    fn with_database_store<T>(
+    pub fn write_nodes(
         &self,
-        database_id: &str,
         caller: &str,
-        required_role: RequiredRole,
-        f: impl FnOnce(&FsStore) -> Result<T, String>,
-    ) -> Result<T, String> {
-        self.require_role(database_id, caller, required_role)?;
-        let meta = self.database_meta(database_id)?;
-        let store = self.database_store(&meta)?;
-        f(&store)
+        request: WriteNodesRequest,
+        now: i64,
+    ) -> Result<Vec<WriteNodeResult>, String> {
+        for node in &request.nodes {
+            validate_source_path_for_kind(&node.path, &node.kind)?;
+        }
+        let database_id = request.database_id.clone();
+        let result =
+            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
+                store.write_nodes(request, now)
+            });
+        if result.is_ok() {
+            let _ = self.refresh_logical_size(&database_id);
+        }
+        result
     }
 
-    pub fn require_database_role(
+    pub fn delete_node(
         &self,
-        database_id: &str,
         caller: &str,
-        required_role: RequiredRole,
-    ) -> Result<(), String> {
-        self.require_role(database_id, caller, required_role)
+        request: DeleteNodeRequest,
+        now: i64,
+    ) -> Result<DeleteNodeResult, String> {
+        let database_id = request.database_id.clone();
+        let result =
+            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
+                store.delete_node(request, now)
+            });
+        if result.is_ok() {
+            let _ = self.refresh_logical_size(&database_id);
+        }
+        result
     }
 
-    fn require_role(
+    pub fn append_node(
         &self,
-        database_id: &str,
         caller: &str,
-        required_role: RequiredRole,
-    ) -> Result<(), String> {
-        let role = self.read_index(|conn| {
-            load_database_status(conn, database_id)?;
-            load_member_role(conn, database_id, caller)?
-                .ok_or_else(|| format!("principal has no access to database: {database_id}"))
-        })?;
-        if role_allows(role, required_role) {
-            Ok(())
-        } else {
-            Err(format!(
-                "principal lacks required database role: {database_id}"
-            ))
+        request: AppendNodeRequest,
+        now: i64,
+    ) -> Result<WriteNodeResult, String> {
+        let database_id = request.database_id.clone();
+        let result =
+            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
+                let kind = store
+                    .read_node(&request.path)?
+                    .map(|node| node.kind)
+                    .or_else(|| request.kind.clone())
+                    .unwrap_or(NodeKind::File);
+                validate_source_path_for_kind(&request.path, &kind)?;
+                store.append_node(request, now)
+            });
+        if result.is_ok() {
+            let _ = self.refresh_logical_size(&database_id);
         }
+        result
     }
 
-    fn database_meta(&self, database_id: &str) -> Result<DatabaseMeta, String> {
-        self.read_index(|conn| {
-            load_database(conn, database_id)?.ok_or_else(|| database_meta_error(conn, database_id))
-        })
+    pub fn edit_node(
+        &self,
+        caller: &str,
+        request: EditNodeRequest,
+        now: i64,
+    ) -> Result<EditNodeResult, String> {
+        let database_id = request.database_id.clone();
+        let result =
+            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
+                store.edit_node(request, now)
+            });
+        if result.is_ok() {
+            let _ = self.refresh_logical_size(&database_id);
+        }
+        result
     }
 
-    fn database_meta_allowing_restoring(&self, database_id: &str) -> Result<DatabaseMeta, String> {
-        self.database_meta_with_statuses(
-            database_id,
-            &[
-                DatabaseStatus::Pending,
-                DatabaseStatus::Active,
-                DatabaseStatus::Restoring,
-            ],
-        )
+    pub fn mkdir_node(
+        &self,
+        caller: &str,
+        request: MkdirNodeRequest,
+        now: i64,
+    ) -> Result<MkdirNodeResult, String> {
+        let database_id = request.database_id.clone();
+        let result =
+            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
+                store.mkdir_node(request, now)
+            });
+        if result.is_ok() {
+            let _ = self.refresh_logical_size(&database_id);
+        }
+        result
     }
 
-    fn database_meta_with_statuses(
+    pub fn move_node(
         &self,
-        database_id: &str,
-        statuses: &[DatabaseStatus],
-    ) -> Result<DatabaseMeta, String> {
-        self.read_index(|conn| {
-            load_database_with_statuses(conn, database_id, statuses)?
-                .ok_or_else(|| database_meta_error(conn, database_id))
+        caller: &str,
+        request: MoveNodeRequest,
+        now: i64,
+    ) -> Result<MoveNodeResult, String> {
+        let database_id = request.database_id.clone();
+        let result =
+            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
+                if let Some(node) = store.read_node(&request.from_path)? {
+                    validate_source_path_for_kind(&request.to_path, &node.kind)?;
+                }
+                store.move_node(request, now)
+            });
+        if result.is_ok() {
+            let _ = self.refresh_logical_size(&database_id);
+        }
+        result
+    }
+
+    pub fn glob_nodes(
+        &self,
+        caller: &str,
+        request: GlobNodesRequest,
+    ) -> Result<Vec<GlobNodeHit>, String> {
+        let database_id = request.database_id.clone();
+        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
+            store.glob_nodes(request)
         })
     }
 
-    fn database_restore_rollback(
+    pub fn incoming_links(
         &self,
-        database_id: &str,
-    ) -> Result<DatabaseRestoreRollback, String> {
-        self.read_index(|conn| {
-            conn.query_row(
-                "SELECT database_id, status, active_mount_id, snapshot_hash, archived_at_ms,
-                    restore_size_bytes
-	             FROM databases
-	             WHERE database_id = ?1",
-                params![database_id],
-                |row| {
-                    let active_mount_id: Option<i64> = crate::sqlite::row_get(row, 2)?;
-                    let restore_size_bytes: Option<i64> = crate::sqlite::row_get(row, 5)?;
-                    Ok(DatabaseRestoreRollback {
-                        database_id: crate::sqlite::row_get(row, 0)?,
-                        status: status_from_db(&crate::sqlite::row_get::<String>(row, 1)?)?,
-                        active_mount_id: active_mount_id.map(mount_id_from_db).transpose()?,
-                        snapshot_hash: crate::sqlite::row_get(row, 3)?,
-                        archived_at_ms: crate::sqlite::row_get(row, 4)?,
-                        restore_size_bytes: restore_size_bytes.map(|size| size.max(0) as u64),
-                    })
-                },
-            )
-            .optional()
-            .map_err(|error| error.to_string())?
-            .ok_or_else(|| format!("database not found: {database_id}"))
+        caller: &str,
+        request: IncomingLinksRequest,
+    ) -> Result<Vec<LinkEdge>, String> {
+        let database_id = request.database_id.clone();
+        self.with_market_read_database_store(&database_id, caller, |store| {
+            store.incoming_links(request)
         })
     }
 
-    fn database_restore_session(
+    pub fn outgoing_links(
         &self,
-        database_id: &str,
-    ) -> Result<DatabaseRestoreRollback, String> {
-        self.read_index(|conn| {
-            conn.query_row(
-                "SELECT database_id, status, active_mount_id, snapshot_hash, archived_at_ms,
-                    restore_size_bytes
+        caller: &str,
+        request: OutgoingLinksRequest,
+    ) -> Result<Vec<LinkEdge>, String> {
+        let database_id = request.database_id.clone();
+        self.with_market_read_database_store(&database_id, caller, |store| {
+            store.outgoing_links(request)
+        })
+    }
+
+    pub fn graph_links(
+        &self,
+        caller: &str,
+        request: GraphLinksRequest,
+    ) -> Result<Vec<LinkEdge>, String> {
+        let database_id = request.database_id.clone();
+        self.with_market_read_database_store(&database_id, caller, |store| {
+            store.graph_links(request)
+        })
+    }
+
+    pub fn graph_neighborhood(
+        &self,
+        caller: &str,
+        request: GraphNeighborhoodRequest,
+    ) -> Result<Vec<LinkEdge>, String> {
+        let database_id = request.database_id.clone();
+        self.with_market_read_database_store(&database_id, caller, |store| {
+            store.graph_neighborhood(request)
+        })
+    }
+
+    pub fn read_node_context(
+        &self,
+        caller: &str,
+        request: NodeContextRequest,
+    ) -> Result<Option<NodeContext>, String> {
+        let database_id = request.database_id.clone();
+        self.with_market_read_database_store(&database_id, caller, |store| {
+            store.read_node_context(request)
+        })
+    }
+
+    pub fn query_context(
+        &self,
+        caller: &str,
+        request: QueryContextRequest,
+    ) -> Result<QueryContext, String> {
+        let database_id = request.database_id.clone();
+        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
+            store.query_context(request)
+        })
+    }
+
+    pub fn source_evidence(
+        &self,
+        caller: &str,
+        request: SourceEvidenceRequest,
+    ) -> Result<SourceEvidence, String> {
+        let database_id = request.database_id.clone();
+        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
+            store.source_evidence(request)
+        })
+    }
+
+    pub fn multi_edit_node(
+        &self,
+        caller: &str,
+        request: MultiEditNodeRequest,
+        now: i64,
+    ) -> Result<MultiEditNodeResult, String> {
+        let database_id = request.database_id.clone();
+        let result =
+            self.with_database_store(&database_id, caller, RequiredRole::Writer, |store| {
+                store.multi_edit_node(request, now)
+            });
+        if result.is_ok() {
+            let _ = self.refresh_logical_size(&database_id);
+        }
+        result
+    }
+
+    pub fn search_nodes(
+        &self,
+        caller: &str,
+        request: SearchNodesRequest,
+    ) -> Result<Vec<SearchNodeHit>, String> {
+        let database_id = request.database_id.clone();
+        self.with_market_read_database_store(&database_id, caller, |store| {
+            store.search_nodes(request)
+        })
+    }
+
+    pub fn search_node_paths(
+        &self,
+        caller: &str,
+        request: SearchNodePathsRequest,
+    ) -> Result<Vec<SearchNodeHit>, String> {
+        let database_id = request.database_id.clone();
+        self.with_market_read_database_store(&database_id, caller, |store| {
+            store.search_node_paths(request)
+        })
+    }
+
+    pub fn export_fs_snapshot(
+        &self,
+        caller: &str,
+        request: ExportSnapshotRequest,
+    ) -> Result<ExportSnapshotResponse, String> {
+        let database_id = request.database_id.clone();
+        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
+            store.export_snapshot(request)
+        })
+    }
+
+    pub fn fetch_fs_updates(
+        &self,
+        caller: &str,
+        request: FetchUpdatesRequest,
+    ) -> Result<FetchUpdatesResponse, String> {
+        let database_id = request.database_id.clone();
+        self.with_database_store(&database_id, caller, RequiredRole::Reader, |store| {
+            store.fetch_updates(request)
+        })
+    }
+
+    fn with_database_store<T>(
+        &self,
+        database_id: &str,
+        caller: &str,
+        required_role: RequiredRole,
+        f: impl FnOnce(&FsStore) -> Result<T, String>,
+    ) -> Result<T, String> {
+        self.require_role(database_id, caller, required_role)?;
+        let meta = self.database_meta(database_id)?;
+        let store = self.database_store(&meta)?;
+        f(&store)
+    }
+
+    fn with_market_read_database_store<T>(
+        &self,
+        database_id: &str,
+        caller: &str,
+        f: impl FnOnce(&FsStore) -> Result<T, String>,
+    ) -> Result<T, String> {
+        self.require_market_read_access(database_id, caller)?;
+        let meta = self.database_meta(database_id)?;
+        let store = self.database_store(&meta)?;
+        f(&store)
+    }
+
+    pub fn require_database_role(
+        &self,
+        database_id: &str,
+        caller: &str,
+        required_role: RequiredRole,
+    ) -> Result<(), String> {
+        self.require_role(database_id, caller, required_role)
+    }
+
+    fn require_role(
+        &self,
+        database_id: &str,
+        caller: &str,
+        required_role: RequiredRole,
+    ) -> Result<(), String> {
+        let role = self.read_index(|conn| {
+            load_database_status(conn, database_id)?;
+            load_member_role(conn, database_id, caller)?
+                .ok_or_else(|| format!("principal has no access to database: {database_id}"))
+        })?;
+        if role_allows(role, required_role) {
+            Ok(())
+        } else {
+            Err(format!(
+                "principal lacks required database role: {database_id}"
+            ))
+        }
+    }
+
+    fn require_market_read_access(&self, database_id: &str, caller: &str) -> Result<(), String> {
+        self.read_index(|conn| {
+            load_database_status(conn, database_id)?;
+            if let Some(role) = load_member_role(conn, database_id, caller)?
+                && role_allows(role, RequiredRole::Reader)
+            {
+                return Ok(());
+            }
+            if has_active_market_entitlement(conn, database_id, caller)? {
+                return Ok(());
+            }
+            Err(format!(
+                "principal has no access to database: {database_id}"
+            ))
+        })
+    }
+
+    fn database_meta(&self, database_id: &str) -> Result<DatabaseMeta, String> {
+        self.read_index(|conn| {
+            load_database(conn, database_id)?.ok_or_else(|| database_meta_error(conn, database_id))
+        })
+    }
+
+    fn database_meta_allowing_restoring(&self, database_id: &str) -> Result<DatabaseMeta, String> {
+        self.database_meta_with_statuses(
+            database_id,
+            &[
+                DatabaseStatus::Pending,
+                DatabaseStatus::Active,
+                DatabaseStatus::Restoring,
+            ],
+        )
+    }
+
+    fn database_meta_with_statuses(
+        &self,
+        database_id: &str,
+        statuses: &[DatabaseStatus],
+    ) -> Result<DatabaseMeta, String> {
+        self.read_index(|conn| {
+            load_database_with_statuses(conn, database_id, statuses)?
+                .ok_or_else(|| database_meta_error(conn, database_id))
+        })
+    }
+
+    fn database_restore_rollback(
+        &self,
+        database_id: &str,
+    ) -> Result<DatabaseRestoreRollback, String> {
+        self.read_index(|conn| {
+            conn.query_row(
+                "SELECT database_id, status, active_mount_id, snapshot_hash, archived_at_ms,
+                    restore_size_bytes
+	             FROM databases
+	             WHERE database_id = ?1",
+                params![database_id],
+                |row| {
+                    let active_mount_id: Option<i64> = crate::sqlite::row_get(row, 2)?;
+                    let restore_size_bytes: Option<i64> = crate::sqlite::row_get(row, 5)?;
+                    Ok(DatabaseRestoreRollback {
+                        database_id: crate::sqlite::row_get(row, 0)?,
+                        status: status_from_db(&crate::sqlite::row_get::<String>(row, 1)?)?,
+                        active_mount_id: active_mount_id.map(mount_id_from_db).transpose()?,
+                        snapshot_hash: crate::sqlite::row_get(row, 3)?,
+                        archived_at_ms: crate::sqlite::row_get(row, 4)?,
+                        restore_size_bytes: restore_size_bytes.map(|size| size.max(0) as u64),
+                    })
+                },
+            )
+            .optional()
+            .map_err(|error| error.to_string())?
+            .ok_or_else(|| format!("database not found: {database_id}"))
+        })
+    }
+
+    fn database_restore_session(
+        &self,
+        database_id: &str,
+    ) -> Result<DatabaseRestoreRollback, String> {
+        self.read_index(|conn| {
+            conn.query_row(
+                "SELECT database_id, status, active_mount_id, snapshot_hash, archived_at_ms,
+                    restore_size_bytes
 	             FROM database_restore_sessions
 	             WHERE database_id = ?1",
                 params![database_id],
@@ -2634,6 +3638,9 @@ fn run_index_migrations_in_tx_for_upgrade(
 
 enum IndexSchemaState {
     Latest,
+    MarketplacePreviewUpgrade,
+    KinicExternalBlockIndexesUpgrade,
+    MarketplaceCoreUpgrade,
     StorageBillingBatchUpgrade,
     Mainnet011,
 }
@@ -2644,8 +3651,26 @@ fn ensure_existing_index_schema_is_latest(
 ) -> Result<(), String> {
     match classify_existing_index_schema_state(conn)? {
         IndexSchemaState::Latest => validate_index_schema(conn),
+        IndexSchemaState::MarketplacePreviewUpgrade => {
+            apply_marketplace_preview_index_migration(conn)?;
+            validate_index_schema(conn)
+        }
+        IndexSchemaState::KinicExternalBlockIndexesUpgrade => {
+            apply_kinic_external_block_indexes_migration(conn)?;
+            apply_marketplace_preview_index_migration(conn)?;
+            validate_index_schema(conn)
+        }
+        IndexSchemaState::MarketplaceCoreUpgrade => {
+            apply_marketplace_core_index_migration(conn)?;
+            apply_kinic_external_block_indexes_migration(conn)?;
+            apply_marketplace_preview_index_migration(conn)?;
+            validate_index_schema(conn)
+        }
         IndexSchemaState::StorageBillingBatchUpgrade => {
             apply_storage_billing_batch_index_migration(conn)?;
+            apply_marketplace_core_index_migration(conn)?;
+            apply_kinic_external_block_indexes_migration(conn)?;
+            apply_marketplace_preview_index_migration(conn)?;
             validate_index_schema(conn)
         }
         IndexSchemaState::Mainnet011 => {
@@ -2684,11 +3709,20 @@ fn classify_existing_index_schema_state(
             "unsupported partial billing index schema: table {table} already exists"
         ));
     }
-    if migration_applied_tx(conn, INDEX_SCHEMA_VERSION_STORAGE_BILLING_BATCH)? {
+    if migration_applied_tx(conn, INDEX_SCHEMA_VERSION_MARKETPLACE_PREVIEW)? {
         return Ok(IndexSchemaState::Latest);
     }
-    if migration_applied_tx(conn, INDEX_SCHEMA_VERSION_CYCLES_PENDING_LEDGER_BLOCK_INDEX)? {
-        return Ok(IndexSchemaState::StorageBillingBatchUpgrade);
+    if migration_applied_tx(conn, INDEX_SCHEMA_VERSION_KINIC_EXTERNAL_BLOCK_INDEXES)? {
+        return Ok(IndexSchemaState::MarketplacePreviewUpgrade);
+    }
+    if migration_applied_tx(conn, INDEX_SCHEMA_VERSION_MARKETPLACE_CORE)? {
+        return Ok(IndexSchemaState::KinicExternalBlockIndexesUpgrade);
+    }
+    if migration_applied_tx(conn, INDEX_SCHEMA_VERSION_STORAGE_BILLING_BATCH)? {
+        return Ok(IndexSchemaState::MarketplaceCoreUpgrade);
+    }
+    if migration_applied_tx(conn, INDEX_SCHEMA_VERSION_CYCLES_PENDING_LEDGER_BLOCK_INDEX)? {
+        return Ok(IndexSchemaState::StorageBillingBatchUpgrade);
     }
     if !migration_applied_tx(conn, INDEX_SCHEMA_VERSION_SOURCE_RUN_SESSIONS)? {
         return Err(format!(
@@ -2741,6 +3775,182 @@ fn apply_storage_billing_batch_index_migration(conn: &Transaction<'_>) -> Result
     Ok(())
 }
 
+fn apply_marketplace_core_index_migration(conn: &Transaction<'_>) -> Result<(), String> {
+    conn.execute_batch(
+        "
+        CREATE TABLE kinic_accounts (
+          principal TEXT PRIMARY KEY,
+          balance_e8s INTEGER NOT NULL,
+          created_at_ms INTEGER NOT NULL,
+          updated_at_ms INTEGER NOT NULL
+        );
+
+        CREATE TABLE kinic_ledger (
+          entry_id INTEGER PRIMARY KEY AUTOINCREMENT,
+          principal TEXT NOT NULL,
+          source TEXT NOT NULL,
+          kind TEXT NOT NULL,
+          amount_e8s INTEGER NOT NULL,
+          balance_after_e8s INTEGER NOT NULL,
+          counterparty TEXT,
+          listing_id TEXT,
+          order_id TEXT,
+          external_block_index INTEGER,
+          created_at_ms INTEGER NOT NULL
+        );
+
+        CREATE INDEX kinic_ledger_principal_idx
+          ON kinic_ledger(principal, entry_id);
+
+        CREATE TABLE kinic_pending_operations (
+          operation_id INTEGER PRIMARY KEY AUTOINCREMENT,
+          kind TEXT NOT NULL,
+          caller TEXT NOT NULL,
+          amount_e8s INTEGER NOT NULL,
+          from_owner TEXT,
+          from_subaccount BLOB,
+          to_owner TEXT,
+          to_subaccount BLOB,
+          ledger_fee_e8s INTEGER,
+          operation_status TEXT NOT NULL,
+          external_block_index INTEGER,
+          ledger_created_at_time_ns INTEGER,
+          created_at_ms INTEGER NOT NULL
+        );
+
+        CREATE INDEX kinic_pending_operations_caller_idx
+          ON kinic_pending_operations(caller, operation_id);
+
+        CREATE TABLE market_listings (
+          listing_id TEXT PRIMARY KEY,
+          seller_principal TEXT NOT NULL,
+          database_id TEXT NOT NULL,
+          title TEXT NOT NULL,
+          description TEXT NOT NULL,
+          llm_summary TEXT,
+          summary_snapshot_revision TEXT,
+          sample_excerpts_json TEXT NOT NULL,
+          tags_json TEXT NOT NULL,
+          price_e8s INTEGER NOT NULL,
+          status TEXT NOT NULL,
+          revision INTEGER NOT NULL,
+          purchase_count INTEGER NOT NULL,
+          report_count INTEGER NOT NULL,
+          created_at_ms INTEGER NOT NULL,
+          updated_at_ms INTEGER NOT NULL,
+          FOREIGN KEY (database_id) REFERENCES databases(database_id)
+        );
+
+        CREATE INDEX market_listings_status_idx
+          ON market_listings(status, listing_id);
+
+        CREATE INDEX market_listings_database_idx
+          ON market_listings(database_id);
+
+        CREATE TABLE market_orders (
+          order_id TEXT PRIMARY KEY,
+          listing_id TEXT NOT NULL,
+          database_id TEXT NOT NULL,
+          buyer_principal TEXT NOT NULL,
+          seller_principal TEXT NOT NULL,
+          price_e8s INTEGER NOT NULL,
+          listing_revision INTEGER NOT NULL,
+          created_at_ms INTEGER NOT NULL
+        );
+
+        CREATE INDEX market_orders_buyer_idx
+          ON market_orders(buyer_principal, order_id);
+
+        CREATE TABLE market_entitlements (
+          database_id TEXT NOT NULL,
+          buyer_principal TEXT NOT NULL,
+          listing_id TEXT NOT NULL,
+          order_id TEXT NOT NULL,
+          purchased_at_ms INTEGER NOT NULL,
+          status TEXT NOT NULL,
+          PRIMARY KEY (database_id, buyer_principal, listing_id),
+          FOREIGN KEY (database_id) REFERENCES databases(database_id)
+        );
+
+        CREATE UNIQUE INDEX market_entitlements_database_buyer_active_idx
+          ON market_entitlements(database_id, buyer_principal)
+          WHERE status = 'active';
+
+        CREATE INDEX market_entitlements_buyer_idx
+          ON market_entitlements(buyer_principal, database_id);
+        ",
+    )
+    .map_err(|error| error.to_string())?;
+    insert_schema_migration_now(conn, INDEX_SCHEMA_VERSION_MARKETPLACE_CORE)?;
+    Ok(())
+}
+
+fn apply_marketplace_preview_index_migration(conn: &Transaction<'_>) -> Result<(), String> {
+    conn.execute_batch(
+        "
+        CREATE TABLE market_listings_next (
+          listing_id TEXT PRIMARY KEY,
+          seller_principal TEXT NOT NULL,
+          database_id TEXT NOT NULL,
+          title TEXT NOT NULL,
+          description TEXT NOT NULL,
+          llm_summary TEXT,
+          summary_snapshot_revision TEXT,
+          sample_excerpts_json TEXT NOT NULL,
+          tags_json TEXT NOT NULL,
+          price_e8s INTEGER NOT NULL,
+          status TEXT NOT NULL,
+          revision INTEGER NOT NULL,
+          purchase_count INTEGER NOT NULL,
+          report_count INTEGER NOT NULL,
+          created_at_ms INTEGER NOT NULL,
+          updated_at_ms INTEGER NOT NULL,
+          FOREIGN KEY (database_id) REFERENCES databases(database_id)
+        );
+
+        INSERT INTO market_listings_next
+          (listing_id, seller_principal, database_id, title, description,
+           llm_summary, summary_snapshot_revision, sample_excerpts_json,
+           tags_json, price_e8s, status, revision, purchase_count, report_count,
+           created_at_ms, updated_at_ms)
+        SELECT listing_id, seller_principal, database_id, title, description,
+               llm_summary, summary_snapshot_revision, sample_excerpts_json,
+               tags_json, price_e8s, status, revision, purchase_count, report_count,
+               created_at_ms, updated_at_ms
+          FROM market_listings;
+
+        DROP TABLE market_listings;
+        ALTER TABLE market_listings_next RENAME TO market_listings;
+
+        CREATE INDEX market_listings_status_idx
+          ON market_listings(status, listing_id);
+
+        CREATE INDEX market_listings_database_idx
+          ON market_listings(database_id);
+        ",
+    )
+    .map_err(|error| error.to_string())?;
+    insert_schema_migration_now(conn, INDEX_SCHEMA_VERSION_MARKETPLACE_PREVIEW)?;
+    Ok(())
+}
+
+fn apply_kinic_external_block_indexes_migration(conn: &Transaction<'_>) -> Result<(), String> {
+    conn.execute_batch(
+        "
+        CREATE UNIQUE INDEX kinic_ledger_external_block_idx
+          ON kinic_ledger(external_block_index)
+          WHERE external_block_index IS NOT NULL;
+
+        CREATE UNIQUE INDEX kinic_pending_operations_external_block_kind_idx
+          ON kinic_pending_operations(external_block_index, kind)
+          WHERE external_block_index IS NOT NULL;
+        ",
+    )
+    .map_err(|error| error.to_string())?;
+    insert_schema_migration_now(conn, INDEX_SCHEMA_VERSION_KINIC_EXTERNAL_BLOCK_INDEXES)?;
+    Ok(())
+}
+
 fn create_schema_migrations(conn: &Transaction<'_>) -> Result<(), String> {
     conn.execute(
         "CREATE TABLE schema_migrations (version TEXT PRIMARY KEY, applied_at INTEGER NOT NULL)",
@@ -2867,6 +4077,9 @@ const INDEX_SCHEMA_VERSIONS: &[&str] = &[
     INDEX_SCHEMA_VERSION_DIRECT_CYCLES,
     INDEX_SCHEMA_VERSION_CYCLES_PENDING_LEDGER_BLOCK_INDEX,
     INDEX_SCHEMA_VERSION_STORAGE_BILLING_BATCH,
+    INDEX_SCHEMA_VERSION_MARKETPLACE_CORE,
+    INDEX_SCHEMA_VERSION_KINIC_EXTERNAL_BLOCK_INDEXES,
+    INDEX_SCHEMA_VERSION_MARKETPLACE_PREVIEW,
 ];
 
 const INDEX_SCHEMA_TABLES_WITHOUT_MIGRATIONS: &[&str] = &[
@@ -2883,6 +4096,12 @@ const INDEX_SCHEMA_TABLES_WITHOUT_MIGRATIONS: &[&str] = &[
     "database_cycle_pending_operations",
     "cycles_billing_config",
     "storage_billing_state",
+    "kinic_accounts",
+    "kinic_ledger",
+    "kinic_pending_operations",
+    "market_listings",
+    "market_orders",
+    "market_entitlements",
 ];
 
 const POST_011_INDEX_SCHEMA_VERSIONS: &[&str] = &[
@@ -2901,6 +4120,9 @@ const POST_011_INDEX_SCHEMA_VERSIONS: &[&str] = &[
     INDEX_SCHEMA_VERSION_DIRECT_CYCLES,
     INDEX_SCHEMA_VERSION_CYCLES_PENDING_LEDGER_BLOCK_INDEX,
     INDEX_SCHEMA_VERSION_STORAGE_BILLING_BATCH,
+    INDEX_SCHEMA_VERSION_MARKETPLACE_CORE,
+    INDEX_SCHEMA_VERSION_KINIC_EXTERNAL_BLOCK_INDEXES,
+    INDEX_SCHEMA_VERSION_MARKETPLACE_PREVIEW,
 ];
 
 const POST_011_INDEX_SCHEMA_TABLES: &[&str] = &[
@@ -2909,6 +4131,12 @@ const POST_011_INDEX_SCHEMA_TABLES: &[&str] = &[
     "database_cycle_pending_operations",
     "cycles_billing_config",
     "storage_billing_state",
+    "kinic_accounts",
+    "kinic_ledger",
+    "kinic_pending_operations",
+    "market_listings",
+    "market_orders",
+    "market_entitlements",
 ];
 
 fn validate_pre_billing_index_schema(conn: &Transaction<'_>) -> Result<(), String> {
@@ -3028,6 +4256,20 @@ fn validate_pre_billing_index_schema(conn: &Transaction<'_>) -> Result<(), Strin
             return Err(format!("unsupported index schema: missing index {index}"));
         }
     }
+    if tx_sqlite_master_entry_exists(conn, "table", "market_seller_allowlist")? {
+        return Err("unsupported index schema: stale table market_seller_allowlist".to_string());
+    }
+    if index_column_exists(conn, "market_entitlements", "expires_at_ms")? {
+        return Err(
+            "unsupported index schema: stale column market_entitlements.expires_at_ms".to_string(),
+        );
+    }
+    if index_column_exists(conn, "market_listings", "sample_questions_json")? {
+        return Err(
+            "unsupported index schema: stale column market_listings.sample_questions_json"
+                .to_string(),
+        );
+    }
     Ok(())
 }
 
@@ -3042,6 +4284,12 @@ fn validate_index_schema(conn: &Transaction<'_>) -> Result<(), String> {
         "database_cycle_pending_operations",
         "cycles_billing_config",
         "storage_billing_state",
+        "kinic_accounts",
+        "kinic_ledger",
+        "kinic_pending_operations",
+        "market_listings",
+        "market_orders",
+        "market_entitlements",
     ] {
         if !tx_sqlite_master_entry_exists(conn, "table", table)? {
             return Err(format!("unsupported index schema: missing table {table}"));
@@ -3122,6 +4370,89 @@ fn validate_index_schema(conn: &Transaction<'_>) -> Result<(), String> {
             "storage_billing_state",
             &["key", "cursor_mount_id", "billing_now_ms", "updated_at_ms"][..],
         ),
+        (
+            "kinic_accounts",
+            &["principal", "balance_e8s", "created_at_ms", "updated_at_ms"][..],
+        ),
+        (
+            "kinic_ledger",
+            &[
+                "entry_id",
+                "principal",
+                "source",
+                "kind",
+                "amount_e8s",
+                "balance_after_e8s",
+                "counterparty",
+                "listing_id",
+                "order_id",
+                "external_block_index",
+                "created_at_ms",
+            ][..],
+        ),
+        (
+            "kinic_pending_operations",
+            &[
+                "operation_id",
+                "kind",
+                "caller",
+                "amount_e8s",
+                "from_owner",
+                "from_subaccount",
+                "to_owner",
+                "to_subaccount",
+                "ledger_fee_e8s",
+                "operation_status",
+                "external_block_index",
+                "ledger_created_at_time_ns",
+                "created_at_ms",
+            ][..],
+        ),
+        (
+            "market_listings",
+            &[
+                "listing_id",
+                "seller_principal",
+                "database_id",
+                "title",
+                "description",
+                "llm_summary",
+                "summary_snapshot_revision",
+                "sample_excerpts_json",
+                "tags_json",
+                "price_e8s",
+                "status",
+                "revision",
+                "purchase_count",
+                "report_count",
+                "created_at_ms",
+                "updated_at_ms",
+            ][..],
+        ),
+        (
+            "market_orders",
+            &[
+                "order_id",
+                "listing_id",
+                "database_id",
+                "buyer_principal",
+                "seller_principal",
+                "price_e8s",
+                "listing_revision",
+                "created_at_ms",
+            ][..],
+        ),
+        (
+            "market_entitlements",
+            &[
+                "database_id",
+                "buyer_principal",
+                "listing_id",
+                "order_id",
+                "purchased_at_ms",
+                "status",
+            ][..],
+        ),
     ] {
         for column in columns {
             if !index_column_exists(conn, table, column)? {
@@ -3136,6 +4467,15 @@ fn validate_index_schema(conn: &Transaction<'_>) -> Result<(), String> {
         "database_restore_chunks_database_id_idx",
         "database_cycle_ledger_database_idx",
         "database_cycle_pending_operations_database_idx",
+        "kinic_ledger_principal_idx",
+        "kinic_ledger_external_block_idx",
+        "kinic_pending_operations_caller_idx",
+        "kinic_pending_operations_external_block_kind_idx",
+        "market_listings_status_idx",
+        "market_listings_database_idx",
+        "market_orders_buyer_idx",
+        "market_entitlements_database_buyer_active_idx",
+        "market_entitlements_buyer_idx",
     ] {
         if !tx_sqlite_master_entry_exists(conn, "index", index)? {
             return Err(format!("unsupported index schema: missing index {index}"));
@@ -3438,6 +4778,8 @@ fn delete_database_index_rows(conn: &Connection, database_id: &str) -> Result<()
         "database_cycle_pending_operations",
         "database_cycle_ledger",
         "database_cycle_accounts",
+        "market_entitlements",
+        "market_listings",
         "database_members",
         "database_restore_chunks",
         "database_restore_sessions",
@@ -3577,144 +4919,417 @@ fn update_database_cycles_balance(
          WHERE database_id = ?1",
         &values,
     )
-    .map_err(|error| error.to_string())?;
-    Ok(())
+    .map_err(|error| error.to_string())?;
+    Ok(())
+}
+
+fn load_storage_cycle_account(
+    conn: &Connection,
+    database_id: &str,
+) -> Result<StorageCycleAccount, String> {
+    conn.query_row(
+        "SELECT balance_cycles, suspended_at_ms, storage_charged_at_ms
+         FROM database_cycle_accounts
+         WHERE database_id = ?1",
+        params![database_id],
+        |row| {
+            Ok(StorageCycleAccount {
+                balance_cycles: crate::sqlite::row_get(row, 0)?,
+                suspended_at_ms: crate::sqlite::row_get(row, 1)?,
+                storage_charged_at_ms: crate::sqlite::row_get(row, 2)?,
+            })
+        },
+    )
+    .optional()
+    .map_err(|error| error.to_string())?
+    .ok_or_else(|| format!("database cycles account not found: {database_id}"))
+}
+
+fn update_database_storage_account(
+    conn: &Transaction<'_>,
+    database_id: &str,
+    balance_cycles: i64,
+    suspended_at_ms: Option<i64>,
+    storage_charged_at_ms: i64,
+    now: i64,
+) -> Result<(), String> {
+    let values = vec![
+        crate::sqlite::text_value(database_id),
+        crate::sqlite::integer_value(balance_cycles),
+        crate::sqlite::nullable_integer_value(suspended_at_ms),
+        crate::sqlite::integer_value(storage_charged_at_ms),
+        crate::sqlite::integer_value(now),
+    ];
+    crate::sqlite::execute_values(
+        conn,
+        "UPDATE database_cycle_accounts
+         SET balance_cycles = ?2,
+             suspended_at_ms = ?3,
+             storage_charged_at_ms = ?4,
+             updated_at_ms = ?5
+         WHERE database_id = ?1",
+        &values,
+    )
+    .map_err(|error| error.to_string())?;
+    Ok(())
+}
+
+struct PendingCyclesOperation {
+    database_id: String,
+    kind: String,
+    caller: String,
+    cycles: i64,
+    payment_amount_e8s: i64,
+    operation_status: String,
+    ledger_block_index: Option<i64>,
+}
+
+struct DatabaseCyclesPendingPurchaseRaw {
+    operation_id: i64,
+    database_id: String,
+    caller: String,
+    status: String,
+    amount_cycles: i64,
+    payment_amount_e8s: i64,
+    ledger_block_index: Option<i64>,
+    created_at_ms: i64,
+}
+
+impl DatabaseCyclesPendingPurchaseRaw {
+    fn into_public(self) -> Result<DatabaseCyclesPendingPurchase, String> {
+        let amount_cycles = u64::try_from(self.amount_cycles).map_err(|error| error.to_string())?;
+        let payment_amount_e8s =
+            u64::try_from(self.payment_amount_e8s).map_err(|error| error.to_string())?;
+        let operation_id = u64::try_from(self.operation_id).map_err(|error| error.to_string())?;
+        let ledger_block_index = self
+            .ledger_block_index
+            .map(u64::try_from)
+            .transpose()
+            .map_err(|error| error.to_string())?;
+        Ok(DatabaseCyclesPendingPurchase {
+            operation_id,
+            database_id: self.database_id,
+            status: self.status.clone(),
+            amount_cycles,
+            payment_amount_e8s,
+            ledger_block_index,
+            created_at_ms: self.created_at_ms,
+            required_action: pending_cycles_required_action(&self.status).to_string(),
+        })
+    }
+}
+
+struct PendingCyclesLedgerDetails<'a> {
+    from_owner: &'a str,
+    from_subaccount: Option<&'a [u8]>,
+    to_owner: &'a str,
+    to_subaccount: Option<&'a [u8]>,
+    ledger_fee_e8s: i64,
+    ledger_created_at_time_ns: i64,
+}
+
+struct PendingCyclesOperationInsert<'a> {
+    database_id: &'a str,
+    kind: &'a str,
+    caller: &'a str,
+    cycles: i64,
+    payment_amount_e8s: i64,
+    ledger: PendingCyclesLedgerDetails<'a>,
+    operation_status: &'a str,
+    now: i64,
+}
+
+struct PendingCyclesOperationMatch<'a> {
+    operation_id: u64,
+    database_id: &'a str,
+    kind: &'a str,
+    caller: &'a str,
+    cycles: i64,
+}
+
+fn insert_pending_cycles_operation(
+    conn: &Transaction<'_>,
+    operation: PendingCyclesOperationInsert<'_>,
+) -> Result<u64, String> {
+    let values = vec![
+        crate::sqlite::text_value(operation.database_id),
+        crate::sqlite::text_value(operation.kind),
+        crate::sqlite::text_value(operation.caller),
+        crate::sqlite::integer_value(operation.cycles),
+        crate::sqlite::integer_value(operation.payment_amount_e8s),
+        crate::sqlite::text_value(operation.ledger.from_owner),
+        crate::sqlite::nullable_blob_value(operation.ledger.from_subaccount.map(Vec::from)),
+        crate::sqlite::text_value(operation.ledger.to_owner),
+        crate::sqlite::nullable_blob_value(operation.ledger.to_subaccount.map(Vec::from)),
+        crate::sqlite::integer_value(operation.ledger.ledger_fee_e8s),
+        crate::sqlite::integer_value(operation.ledger.ledger_created_at_time_ns),
+        crate::sqlite::text_value(operation.operation_status),
+        crate::sqlite::integer_value(operation.now),
+    ];
+    crate::sqlite::execute_values(
+        conn,
+        "INSERT INTO database_cycle_pending_operations
+         (database_id, kind, caller, cycles, payment_amount_e8s, from_owner, from_subaccount,
+          to_owner, to_subaccount, ledger_fee_e8s, ledger_created_at_time_ns, operation_status,
+          created_at_ms)
+         VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12, ?13)",
+        &values,
+    )
+    .map_err(|error| error.to_string())?;
+    let operation_id = crate::sqlite::last_insert_rowid(conn).map_err(|error| error.to_string())?;
+    u64::try_from(operation_id).map_err(|error| error.to_string())
+}
+
+fn load_pending_cycles_operation(
+    conn: &Connection,
+    operation_id: u64,
+) -> Result<PendingCyclesOperation, String> {
+    let operation_id = i64::try_from(operation_id).map_err(|error| error.to_string())?;
+    conn.query_row(
+        "SELECT database_id, kind, caller, cycles, payment_amount_e8s,
+                from_owner, from_subaccount, to_owner, to_subaccount,
+                ledger_fee_e8s, ledger_created_at_time_ns, operation_status, ledger_block_index
+         FROM database_cycle_pending_operations
+         WHERE operation_id = ?1",
+        params![operation_id],
+        map_pending_cycles_operation,
+    )
+    .optional()
+    .map_err(|error| error.to_string())?
+    .ok_or_else(|| "pending cycle operation not found".to_string())
+}
+
+fn require_pending_operation_status(
+    operation: &PendingCyclesOperation,
+    allowed: &[&str],
+    action: &str,
+) -> Result<(), String> {
+    if allowed
+        .iter()
+        .any(|status| operation.operation_status == *status)
+    {
+        return Ok(());
+    }
+    Err(format!(
+        "cannot {action}; cycle purchase operation is {}",
+        operation.operation_status
+    ))
+}
+
+fn load_required_pending_cycles_operation(
+    conn: &Transaction<'_>,
+    expected: PendingCyclesOperationMatch<'_>,
+) -> Result<PendingCyclesOperation, String> {
+    let operation = load_pending_cycles_operation(conn, expected.operation_id)?;
+    if operation.database_id != expected.database_id
+        || operation.kind != expected.kind
+        || operation.caller != expected.caller
+        || operation.cycles != expected.cycles
+    {
+        return Err("pending cycle operation mismatch".to_string());
+    }
+    Ok(operation)
+}
+
+fn delete_pending_cycles_operation(
+    conn: &Transaction<'_>,
+    operation_id: u64,
+) -> Result<(), String> {
+    let operation_id = i64::try_from(operation_id).map_err(|error| error.to_string())?;
+    conn.execute(
+        "DELETE FROM database_cycle_pending_operations WHERE operation_id = ?1",
+        params![operation_id],
+    )
+    .map_err(|error| error.to_string())?;
+    Ok(())
+}
+
+fn ensure_no_pending_cycles_purchase_for_caller(
+    conn: &Connection,
+    database_id: &str,
+    caller: &str,
+) -> Result<(), String> {
+    let count: i64 = conn
+        .query_row(
+            "SELECT COUNT(*)
+             FROM database_cycle_pending_operations
+             WHERE database_id = ?1
+               AND caller = ?2
+               AND kind = 'cycles_purchase'",
+            params![database_id, caller],
+            |row| crate::sqlite::row_get(row, 0),
+        )
+        .map_err(|error| error.to_string())?;
+    if count > 0 {
+        return Err("cycles purchase already pending for caller".to_string());
+    }
+    Ok(())
+}
+
+fn load_database_cycles_pending_purchase_statuses(
+    conn: &Connection,
+    database_id: &str,
+) -> Result<Vec<DatabaseCyclesPendingPurchaseRaw>, String> {
+    let mut stmt = conn
+        .prepare(
+            "SELECT operation_id, database_id, caller, operation_status, cycles,
+                    payment_amount_e8s, ledger_block_index, created_at_ms
+             FROM database_cycle_pending_operations
+             WHERE database_id = ?1 AND kind = 'cycles_purchase'
+             ORDER BY operation_id ASC",
+        )
+        .map_err(|error| error.to_string())?;
+    crate::sqlite::query_map(
+        &mut stmt,
+        params![database_id],
+        map_database_cycles_pending_purchase_raw,
+    )
+    .map_err(|error| error.to_string())
 }
 
-fn load_storage_cycle_account(
+fn first_database_cycles_pending_purchase_status(
     conn: &Connection,
     database_id: &str,
-) -> Result<StorageCycleAccount, String> {
+) -> Result<Option<DatabaseCyclesPendingPurchase>, String> {
     conn.query_row(
-        "SELECT balance_cycles, suspended_at_ms, storage_charged_at_ms
-         FROM database_cycle_accounts
-         WHERE database_id = ?1",
+        "SELECT operation_id, database_id, caller, operation_status, cycles,
+                payment_amount_e8s, ledger_block_index, created_at_ms
+         FROM database_cycle_pending_operations
+         WHERE database_id = ?1 AND kind = 'cycles_purchase'
+         ORDER BY operation_id ASC
+         LIMIT 1",
         params![database_id],
-        |row| {
-            Ok(StorageCycleAccount {
-                balance_cycles: crate::sqlite::row_get(row, 0)?,
-                suspended_at_ms: crate::sqlite::row_get(row, 1)?,
-                storage_charged_at_ms: crate::sqlite::row_get(row, 2)?,
-            })
-        },
+        map_database_cycles_pending_purchase_raw,
     )
     .optional()
     .map_err(|error| error.to_string())?
-    .ok_or_else(|| format!("database cycles account not found: {database_id}"))
+    .map(DatabaseCyclesPendingPurchaseRaw::into_public)
+    .transpose()
 }
 
-fn update_database_storage_account(
-    conn: &Transaction<'_>,
-    database_id: &str,
-    balance_cycles: i64,
-    suspended_at_ms: Option<i64>,
-    storage_charged_at_ms: i64,
-    now: i64,
-) -> Result<(), String> {
-    let values = vec![
-        crate::sqlite::text_value(database_id),
-        crate::sqlite::integer_value(balance_cycles),
-        crate::sqlite::nullable_integer_value(suspended_at_ms),
-        crate::sqlite::integer_value(storage_charged_at_ms),
-        crate::sqlite::integer_value(now),
-    ];
-    crate::sqlite::execute_values(
-        conn,
-        "UPDATE database_cycle_accounts
-         SET balance_cycles = ?2,
-             suspended_at_ms = ?3,
-             storage_charged_at_ms = ?4,
-             updated_at_ms = ?5
-         WHERE database_id = ?1",
-        &values,
-    )
-    .map_err(|error| error.to_string())?;
-    Ok(())
+fn map_database_cycles_pending_purchase_raw(
+    row: &crate::sqlite::Row<'_>,
+) -> crate::sqlite::Result<DatabaseCyclesPendingPurchaseRaw> {
+    Ok(DatabaseCyclesPendingPurchaseRaw {
+        operation_id: crate::sqlite::row_get(row, 0)?,
+        database_id: crate::sqlite::row_get(row, 1)?,
+        caller: crate::sqlite::row_get(row, 2)?,
+        status: crate::sqlite::row_get(row, 3)?,
+        amount_cycles: crate::sqlite::row_get(row, 4)?,
+        payment_amount_e8s: crate::sqlite::row_get(row, 5)?,
+        ledger_block_index: crate::sqlite::row_get(row, 6)?,
+        created_at_ms: crate::sqlite::row_get(row, 7)?,
+    })
 }
 
-struct PendingCyclesOperation {
-    database_id: String,
+fn pending_cycles_required_action(status: &str) -> &'static str {
+    match status {
+        CYCLES_OPERATION_STATUS_IN_FLIGHT => "wait_for_ledger_result",
+        CYCLES_OPERATION_STATUS_AMBIGUOUS | CYCLES_OPERATION_STATUS_COMPLETED => {
+            "billing_authority_review"
+        }
+        _ => "billing_authority_review",
+    }
+}
+
+fn map_pending_cycles_operation(
+    row: &crate::sqlite::Row<'_>,
+) -> crate::sqlite::Result<PendingCyclesOperation> {
+    Ok(PendingCyclesOperation {
+        database_id: crate::sqlite::row_get(row, 0)?,
+        kind: crate::sqlite::row_get(row, 1)?,
+        caller: crate::sqlite::row_get(row, 2)?,
+        cycles: crate::sqlite::row_get(row, 3)?,
+        payment_amount_e8s: crate::sqlite::row_get(row, 4)?,
+        operation_status: crate::sqlite::row_get(row, 11)?,
+        ledger_block_index: crate::sqlite::row_get(row, 12)?,
+    })
+}
+
+struct PendingKinicOperation {
     kind: String,
     caller: String,
-    cycles: i64,
-    payment_amount_e8s: i64,
+    amount_e8s: i64,
     operation_status: String,
-    ledger_block_index: Option<i64>,
+    external_block_index: Option<i64>,
 }
 
-struct DatabaseCyclesPendingPurchaseRaw {
+struct PendingKinicOperationInsert<'a> {
+    kind: &'a str,
+    caller: &'a str,
+    amount_e8s: i64,
+    ledger: PendingCyclesLedgerDetails<'a>,
+    operation_status: &'a str,
+    now: i64,
+}
+
+struct PendingKinicOperationMatch<'a> {
+    operation_id: u64,
+    kind: &'a str,
+    caller: &'a str,
+    amount_e8s: i64,
+}
+
+struct PendingKinicOperationRaw {
     operation_id: i64,
-    database_id: String,
+    kind: String,
     caller: String,
     status: String,
-    amount_cycles: i64,
-    payment_amount_e8s: i64,
-    ledger_block_index: Option<i64>,
+    amount_e8s: i64,
+    external_block_index: Option<i64>,
     created_at_ms: i64,
 }
 
-impl DatabaseCyclesPendingPurchaseRaw {
-    fn into_public(self) -> Result<DatabaseCyclesPendingPurchase, String> {
-        let amount_cycles = u64::try_from(self.amount_cycles).map_err(|error| error.to_string())?;
-        let payment_amount_e8s =
-            u64::try_from(self.payment_amount_e8s).map_err(|error| error.to_string())?;
+impl PendingKinicOperationRaw {
+    fn into_public(self) -> Result<KinicPendingOperation, String> {
         let operation_id = u64::try_from(self.operation_id).map_err(|error| error.to_string())?;
+        let amount_e8s = u64::try_from(self.amount_e8s).map_err(|error| error.to_string())?;
         let ledger_block_index = self
-            .ledger_block_index
+            .external_block_index
             .map(u64::try_from)
             .transpose()
             .map_err(|error| error.to_string())?;
-        Ok(DatabaseCyclesPendingPurchase {
+        Ok(KinicPendingOperation {
             operation_id,
-            database_id: self.database_id,
+            kind: self.kind,
+            caller: self.caller,
             status: self.status.clone(),
-            amount_cycles,
-            payment_amount_e8s,
+            amount_e8s,
             ledger_block_index,
             created_at_ms: self.created_at_ms,
-            required_action: pending_cycles_required_action(&self.status).to_string(),
+            required_action: pending_kinic_required_action(&self.status).to_string(),
         })
     }
 }
 
-struct PendingCyclesLedgerDetails<'a> {
-    from_owner: &'a str,
-    from_subaccount: Option<&'a [u8]>,
-    to_owner: &'a str,
-    to_subaccount: Option<&'a [u8]>,
-    ledger_fee_e8s: i64,
-    ledger_created_at_time_ns: i64,
-}
-
-struct PendingCyclesOperationInsert<'a> {
-    database_id: &'a str,
+struct KinicLedgerInsert<'a> {
+    principal: &'a str,
+    source: &'a str,
     kind: &'a str,
-    caller: &'a str,
-    cycles: i64,
-    payment_amount_e8s: i64,
-    ledger: PendingCyclesLedgerDetails<'a>,
-    operation_status: &'a str,
+    amount_e8s: i64,
+    balance_after_e8s: i64,
+    counterparty: Option<&'a str>,
+    listing_id: Option<&'a str>,
+    order_id: Option<&'a str>,
+    external_block_index: Option<i64>,
     now: i64,
 }
 
-struct PendingCyclesOperationMatch<'a> {
-    operation_id: u64,
-    database_id: &'a str,
-    kind: &'a str,
-    caller: &'a str,
-    cycles: i64,
+fn require_authenticated_principal(caller: &str) -> Result<(), String> {
+    if caller == ANONYMOUS_PRINCIPAL {
+        return Err("anonymous caller not allowed".to_string());
+    }
+    Ok(())
 }
 
-fn insert_pending_cycles_operation(
+fn insert_pending_kinic_operation(
     conn: &Transaction<'_>,
-    operation: PendingCyclesOperationInsert<'_>,
+    operation: PendingKinicOperationInsert<'_>,
 ) -> Result<u64, String> {
     let values = vec![
-        crate::sqlite::text_value(operation.database_id),
         crate::sqlite::text_value(operation.kind),
         crate::sqlite::text_value(operation.caller),
-        crate::sqlite::integer_value(operation.cycles),
-        crate::sqlite::integer_value(operation.payment_amount_e8s),
+        crate::sqlite::integer_value(operation.amount_e8s),
         crate::sqlite::text_value(operation.ledger.from_owner),
         crate::sqlite::nullable_blob_value(operation.ledger.from_subaccount.map(Vec::from)),
         crate::sqlite::text_value(operation.ledger.to_owner),
@@ -3726,11 +5341,11 @@ fn insert_pending_cycles_operation(
     ];
     crate::sqlite::execute_values(
         conn,
-        "INSERT INTO database_cycle_pending_operations
-         (database_id, kind, caller, cycles, payment_amount_e8s, from_owner, from_subaccount,
-          to_owner, to_subaccount, ledger_fee_e8s, ledger_created_at_time_ns, operation_status,
-          created_at_ms)
-         VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12, ?13)",
+        "INSERT INTO kinic_pending_operations
+         (kind, caller, amount_e8s, from_owner, from_subaccount, to_owner,
+          to_subaccount, ledger_fee_e8s, ledger_created_at_time_ns,
+          operation_status, created_at_ms)
+         VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11)",
         &values,
     )
     .map_err(|error| error.to_string())?;
@@ -3738,172 +5353,610 @@ fn insert_pending_cycles_operation(
     u64::try_from(operation_id).map_err(|error| error.to_string())
 }
 
-fn load_pending_cycles_operation(
-    conn: &Connection,
-    operation_id: u64,
-) -> Result<PendingCyclesOperation, String> {
-    let operation_id = i64::try_from(operation_id).map_err(|error| error.to_string())?;
+fn load_pending_kinic_operation(
+    conn: &Connection,
+    operation_id: u64,
+) -> Result<PendingKinicOperation, String> {
+    let operation_id = i64::try_from(operation_id).map_err(|error| error.to_string())?;
+    conn.query_row(
+        "SELECT kind, caller, amount_e8s, operation_status, external_block_index
+         FROM kinic_pending_operations
+         WHERE operation_id = ?1",
+        params![operation_id],
+        |row| {
+            Ok(PendingKinicOperation {
+                kind: crate::sqlite::row_get(row, 0)?,
+                caller: crate::sqlite::row_get(row, 1)?,
+                amount_e8s: crate::sqlite::row_get(row, 2)?,
+                operation_status: crate::sqlite::row_get(row, 3)?,
+                external_block_index: crate::sqlite::row_get(row, 4)?,
+            })
+        },
+    )
+    .optional()
+    .map_err(|error| error.to_string())?
+    .ok_or_else(|| "pending KINIC operation not found".to_string())
+}
+
+fn load_required_pending_kinic_operation(
+    conn: &Transaction<'_>,
+    expected: PendingKinicOperationMatch<'_>,
+) -> Result<PendingKinicOperation, String> {
+    let operation = load_pending_kinic_operation(conn, expected.operation_id)?;
+    if operation.kind != expected.kind
+        || operation.caller != expected.caller
+        || operation.amount_e8s != expected.amount_e8s
+    {
+        return Err("pending KINIC operation mismatch".to_string());
+    }
+    Ok(operation)
+}
+
+fn require_pending_kinic_operation_status(
+    operation: &PendingKinicOperation,
+    allowed: &[&str],
+    action: &str,
+) -> Result<(), String> {
+    if allowed
+        .iter()
+        .any(|status| operation.operation_status == *status)
+    {
+        return Ok(());
+    }
+    Err(format!(
+        "cannot {action}; KINIC operation is {}",
+        operation.operation_status
+    ))
+}
+
+fn delete_pending_kinic_operation(conn: &Transaction<'_>, operation_id: u64) -> Result<(), String> {
+    let operation_id = i64::try_from(operation_id).map_err(|error| error.to_string())?;
+    conn.execute(
+        "DELETE FROM kinic_pending_operations WHERE operation_id = ?1",
+        params![operation_id],
+    )
+    .map_err(|error| error.to_string())?;
+    Ok(())
+}
+
+fn ensure_no_pending_kinic_deposit_for_caller(
+    conn: &Connection,
+    caller: &str,
+) -> Result<(), String> {
+    let count: i64 = conn
+        .query_row(
+            "SELECT COUNT(*)
+             FROM kinic_pending_operations
+             WHERE caller = ?1
+               AND kind = ?2
+               AND operation_status IN (?3, ?4, ?5)",
+            params![
+                caller,
+                KINIC_PENDING_KIND_DEPOSIT,
+                KINIC_OPERATION_STATUS_IN_FLIGHT,
+                KINIC_OPERATION_STATUS_COMPLETED,
+                KINIC_OPERATION_STATUS_AMBIGUOUS
+            ],
+            |row| crate::sqlite::row_get(row, 0),
+        )
+        .map_err(|error| error.to_string())?;
+    if count > 0 {
+        return Err("KINIC deposit already pending for caller".to_string());
+    }
+    Ok(())
+}
+
+fn load_kinic_pending_operations(
+    conn: &Connection,
+    caller: &str,
+    show_all: bool,
+    cursor_operation_id: Option<u64>,
+    limit: u32,
+) -> Result<Vec<PendingKinicOperationRaw>, String> {
+    let cursor = cursor_operation_id
+        .map(i64::try_from)
+        .transpose()
+        .map_err(|_| "pending KINIC operation cursor is out of range".to_string())?
+        .unwrap_or(0);
+    let fetch_limit = i64::from(limit.saturating_add(1));
+    if show_all {
+        let mut stmt = conn
+            .prepare(
+                "SELECT operation_id, kind, caller, operation_status, amount_e8s,
+                        external_block_index, created_at_ms
+                 FROM kinic_pending_operations
+                 WHERE kind = ?1
+                   AND operation_id > ?2
+                 ORDER BY operation_id ASC
+                 LIMIT ?3",
+            )
+            .map_err(|error| error.to_string())?;
+        crate::sqlite::query_map(
+            &mut stmt,
+            params![KINIC_PENDING_KIND_DEPOSIT, cursor, fetch_limit],
+            map_pending_kinic_operation_raw,
+        )
+        .map_err(|error| error.to_string())
+    } else {
+        let mut stmt = conn
+            .prepare(
+                "SELECT operation_id, kind, caller, operation_status, amount_e8s,
+                        external_block_index, created_at_ms
+                 FROM kinic_pending_operations
+                 WHERE kind = ?1 AND caller = ?2
+                   AND operation_id > ?3
+                 ORDER BY operation_id ASC
+                 LIMIT ?4",
+            )
+            .map_err(|error| error.to_string())?;
+        crate::sqlite::query_map(
+            &mut stmt,
+            params![KINIC_PENDING_KIND_DEPOSIT, caller, cursor, fetch_limit],
+            map_pending_kinic_operation_raw,
+        )
+        .map_err(|error| error.to_string())
+    }
+}
+
+fn clamp_kinic_pending_operations_page_limit(limit: u32) -> u32 {
+    limit.clamp(1, MAX_KINIC_PENDING_OPERATIONS_PAGE_LIMIT)
+}
+
+fn map_pending_kinic_operation_raw(
+    row: &crate::sqlite::Row<'_>,
+) -> crate::sqlite::Result<PendingKinicOperationRaw> {
+    Ok(PendingKinicOperationRaw {
+        operation_id: crate::sqlite::row_get(row, 0)?,
+        kind: crate::sqlite::row_get(row, 1)?,
+        caller: crate::sqlite::row_get(row, 2)?,
+        status: crate::sqlite::row_get(row, 3)?,
+        amount_e8s: crate::sqlite::row_get(row, 4)?,
+        external_block_index: crate::sqlite::row_get(row, 5)?,
+        created_at_ms: crate::sqlite::row_get(row, 6)?,
+    })
+}
+
+fn pending_kinic_required_action(status: &str) -> &'static str {
+    match status {
+        KINIC_OPERATION_STATUS_IN_FLIGHT => "wait_for_ledger_result",
+        KINIC_OPERATION_STATUS_AMBIGUOUS | KINIC_OPERATION_STATUS_COMPLETED => {
+            "billing_authority_review"
+        }
+        _ => "billing_authority_review",
+    }
+}
+
+fn load_kinic_balance(conn: &Connection, principal: &str) -> Result<i64, String> {
     conn.query_row(
-        "SELECT database_id, kind, caller, cycles, payment_amount_e8s,
-                from_owner, from_subaccount, to_owner, to_subaccount,
-                ledger_fee_e8s, ledger_created_at_time_ns, operation_status, ledger_block_index
-         FROM database_cycle_pending_operations
-         WHERE operation_id = ?1",
-        params![operation_id],
-        map_pending_cycles_operation,
+        "SELECT balance_e8s FROM kinic_accounts WHERE principal = ?1",
+        params![principal],
+        |row| crate::sqlite::row_get(row, 0),
     )
     .optional()
-    .map_err(|error| error.to_string())?
-    .ok_or_else(|| "pending cycle operation not found".to_string())
-}
-
-fn require_pending_operation_status(
-    operation: &PendingCyclesOperation,
-    allowed: &[&str],
-    action: &str,
-) -> Result<(), String> {
-    if allowed
-        .iter()
-        .any(|status| operation.operation_status == *status)
-    {
-        return Ok(());
-    }
-    Err(format!(
-        "cannot {action}; cycle purchase operation is {}",
-        operation.operation_status
-    ))
+    .map_err(|error| error.to_string())
+    .map(|balance| balance.unwrap_or(0))
 }
 
-fn load_required_pending_cycles_operation(
+fn upsert_kinic_balance(
     conn: &Transaction<'_>,
-    expected: PendingCyclesOperationMatch<'_>,
-) -> Result<PendingCyclesOperation, String> {
-    let operation = load_pending_cycles_operation(conn, expected.operation_id)?;
-    if operation.database_id != expected.database_id
-        || operation.kind != expected.kind
-        || operation.caller != expected.caller
-        || operation.cycles != expected.cycles
-    {
-        return Err("pending cycle operation mismatch".to_string());
-    }
-    Ok(operation)
+    principal: &str,
+    balance_e8s: i64,
+    now: i64,
+) -> Result<(), String> {
+    conn.execute(
+        "INSERT INTO kinic_accounts (principal, balance_e8s, created_at_ms, updated_at_ms)
+         VALUES (?1, ?2, ?3, ?3)
+         ON CONFLICT(principal) DO UPDATE SET
+           balance_e8s = excluded.balance_e8s,
+           updated_at_ms = excluded.updated_at_ms",
+        params![principal, balance_e8s, now],
+    )
+    .map_err(|error| error.to_string())?;
+    Ok(())
 }
 
-fn delete_pending_cycles_operation(
-    conn: &Transaction<'_>,
-    operation_id: u64,
-) -> Result<(), String> {
-    let operation_id = i64::try_from(operation_id).map_err(|error| error.to_string())?;
+fn insert_kinic_ledger(conn: &Transaction<'_>, entry: KinicLedgerInsert<'_>) -> Result<(), String> {
     conn.execute(
-        "DELETE FROM database_cycle_pending_operations WHERE operation_id = ?1",
-        params![operation_id],
+        "INSERT INTO kinic_ledger
+         (principal, source, kind, amount_e8s, balance_after_e8s, counterparty,
+          listing_id, order_id, external_block_index, created_at_ms)
+         VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10)",
+        params![
+            entry.principal,
+            entry.source,
+            entry.kind,
+            entry.amount_e8s,
+            entry.balance_after_e8s,
+            crate::sqlite::nullable_text_value(entry.counterparty.map(str::to_string)),
+            crate::sqlite::nullable_text_value(entry.listing_id.map(str::to_string)),
+            crate::sqlite::nullable_text_value(entry.order_id.map(str::to_string)),
+            crate::sqlite::nullable_integer_value(entry.external_block_index),
+            entry.now
+        ],
     )
     .map_err(|error| error.to_string())?;
     Ok(())
 }
 
-fn ensure_no_pending_cycles_purchase_for_caller(
+fn require_market_seller_can_list(
     conn: &Connection,
+    seller: &str,
     database_id: &str,
+) -> Result<(), String> {
+    let status = load_database_status(conn, database_id)?;
+    if status != DatabaseStatus::Active {
+        return Err(format!(
+            "database is {}: {database_id}",
+            status_to_db(status)
+        ));
+    }
+    let role = load_member_role(conn, database_id, seller)?
+        .ok_or_else(|| format!("principal has no access to database: {database_id}"))?;
+    if role != DatabaseRole::Owner {
+        return Err("market seller must be database owner".to_string());
+    }
+    Ok(())
+}
+
+fn require_market_listing_seller_or_admin(
+    conn: &Connection,
     caller: &str,
+    listing: &MarketListing,
+) -> Result<(), String> {
+    let config = load_cycles_billing_config(conn)?;
+    if caller == listing.seller_principal || caller == config.billing_authority_id {
+        return Ok(());
+    }
+    Err("market listing seller or admin required".to_string())
+}
+
+fn require_market_listing_purchasable(
+    conn: &Connection,
+    listing: &MarketListing,
 ) -> Result<(), String> {
+    if listing.status != MarketListingStatus::Active {
+        return Err("market listing is not active".to_string());
+    }
+    require_market_seller_can_list(conn, &listing.seller_principal, &listing.database_id)
+}
+
+fn has_active_market_entitlement(
+    conn: &Connection,
+    database_id: &str,
+    caller: &str,
+) -> Result<bool, String> {
+    if caller == ANONYMOUS_PRINCIPAL {
+        return Ok(false);
+    }
     let count: i64 = conn
         .query_row(
             "SELECT COUNT(*)
-             FROM database_cycle_pending_operations
+             FROM market_entitlements
              WHERE database_id = ?1
-               AND caller = ?2
-               AND kind = 'cycles_purchase'",
-            params![database_id, caller],
+               AND buyer_principal = ?2
+               AND status = ?3",
+            params![database_id, caller, MARKET_ENTITLEMENT_STATUS_ACTIVE],
             |row| crate::sqlite::row_get(row, 0),
         )
         .map_err(|error| error.to_string())?;
-    if count > 0 {
-        return Err("cycles purchase already pending for caller".to_string());
-    }
-    Ok(())
+    Ok(count > 0)
 }
 
-fn load_database_cycles_pending_purchase_statuses(
+fn load_market_listing_by_id(
     conn: &Connection,
-    database_id: &str,
-) -> Result<Vec<DatabaseCyclesPendingPurchaseRaw>, String> {
-    let mut stmt = conn
-        .prepare(
-            "SELECT operation_id, database_id, caller, operation_status, cycles,
-                    payment_amount_e8s, ledger_block_index, created_at_ms
-             FROM database_cycle_pending_operations
-             WHERE database_id = ?1 AND kind = 'cycles_purchase'
-             ORDER BY operation_id ASC",
-        )
-        .map_err(|error| error.to_string())?;
-    crate::sqlite::query_map(
-        &mut stmt,
-        params![database_id],
-        map_database_cycles_pending_purchase_raw,
+    listing_id: &str,
+) -> Result<Option<MarketListing>, String> {
+    conn.query_row(
+        "SELECT listing_id, seller_principal, database_id, title, description,
+                llm_summary, summary_snapshot_revision, sample_excerpts_json,
+                tags_json, price_e8s, status, revision,
+                purchase_count, report_count, created_at_ms, updated_at_ms
+         FROM market_listings
+         WHERE listing_id = ?1",
+        params![listing_id],
+        map_market_listing,
     )
+    .optional()
     .map_err(|error| error.to_string())
 }
 
-fn first_database_cycles_pending_purchase_status(
+fn map_market_listing(row: &crate::sqlite::Row<'_>) -> crate::sqlite::Result<MarketListing> {
+    let price_e8s: i64 = crate::sqlite::row_get(row, 9)?;
+    let revision: i64 = crate::sqlite::row_get(row, 11)?;
+    let purchase_count: i64 = crate::sqlite::row_get(row, 12)?;
+    let report_count: i64 = crate::sqlite::row_get(row, 13)?;
+    Ok(MarketListing {
+        listing_id: crate::sqlite::row_get(row, 0)?,
+        seller_principal: crate::sqlite::row_get(row, 1)?,
+        database_id: crate::sqlite::row_get(row, 2)?,
+        title: crate::sqlite::row_get(row, 3)?,
+        description: crate::sqlite::row_get(row, 4)?,
+        llm_summary: crate::sqlite::row_get(row, 5)?,
+        summary_snapshot_revision: crate::sqlite::row_get(row, 6)?,
+        sample_excerpts_json: crate::sqlite::row_get(row, 7)?,
+        tags_json: crate::sqlite::row_get(row, 8)?,
+        price_e8s: u64::try_from(price_e8s)
+            .map_err(|_| crate::sqlite::integral_value_out_of_range(9, price_e8s))?,
+        status: market_listing_status_from_db(&crate::sqlite::row_get::<String>(row, 10)?)?,
+        revision: u64::try_from(revision)
+            .map_err(|_| crate::sqlite::integral_value_out_of_range(11, revision))?,
+        purchase_count: u64::try_from(purchase_count)
+            .map_err(|_| crate::sqlite::integral_value_out_of_range(12, purchase_count))?,
+        report_count: u64::try_from(report_count)
+            .map_err(|_| crate::sqlite::integral_value_out_of_range(13, report_count))?,
+        created_at_ms: crate::sqlite::row_get(row, 14)?,
+        updated_at_ms: crate::sqlite::row_get(row, 15)?,
+    })
+}
+
+fn load_market_order_by_id(
     conn: &Connection,
-    database_id: &str,
-) -> Result<Option<DatabaseCyclesPendingPurchase>, String> {
+    order_id: &str,
+) -> Result<Option<MarketOrder>, String> {
     conn.query_row(
-        "SELECT operation_id, database_id, caller, operation_status, cycles,
-                payment_amount_e8s, ledger_block_index, created_at_ms
-         FROM database_cycle_pending_operations
-         WHERE database_id = ?1 AND kind = 'cycles_purchase'
-         ORDER BY operation_id ASC
-         LIMIT 1",
-        params![database_id],
-        map_database_cycles_pending_purchase_raw,
+        "SELECT order_id, listing_id, database_id, buyer_principal, seller_principal,
+                price_e8s, listing_revision, created_at_ms
+         FROM market_orders
+         WHERE order_id = ?1",
+        params![order_id],
+        map_market_order,
     )
     .optional()
-    .map_err(|error| error.to_string())?
-    .map(DatabaseCyclesPendingPurchaseRaw::into_public)
-    .transpose()
+    .map_err(|error| error.to_string())
 }
 
-fn map_database_cycles_pending_purchase_raw(
-    row: &crate::sqlite::Row<'_>,
-) -> crate::sqlite::Result<DatabaseCyclesPendingPurchaseRaw> {
-    Ok(DatabaseCyclesPendingPurchaseRaw {
-        operation_id: crate::sqlite::row_get(row, 0)?,
-        database_id: crate::sqlite::row_get(row, 1)?,
-        caller: crate::sqlite::row_get(row, 2)?,
-        status: crate::sqlite::row_get(row, 3)?,
-        amount_cycles: crate::sqlite::row_get(row, 4)?,
-        payment_amount_e8s: crate::sqlite::row_get(row, 5)?,
-        ledger_block_index: crate::sqlite::row_get(row, 6)?,
+fn map_market_order(row: &crate::sqlite::Row<'_>) -> crate::sqlite::Result<MarketOrder> {
+    let price_e8s: i64 = crate::sqlite::row_get(row, 5)?;
+    let listing_revision: i64 = crate::sqlite::row_get(row, 6)?;
+    Ok(MarketOrder {
+        order_id: crate::sqlite::row_get(row, 0)?,
+        listing_id: crate::sqlite::row_get(row, 1)?,
+        database_id: crate::sqlite::row_get(row, 2)?,
+        buyer_principal: crate::sqlite::row_get(row, 3)?,
+        seller_principal: crate::sqlite::row_get(row, 4)?,
+        price_e8s: u64::try_from(price_e8s)
+            .map_err(|_| crate::sqlite::integral_value_out_of_range(5, price_e8s))?,
+        listing_revision: u64::try_from(listing_revision)
+            .map_err(|_| crate::sqlite::integral_value_out_of_range(6, listing_revision))?,
         created_at_ms: crate::sqlite::row_get(row, 7)?,
     })
 }
 
-fn pending_cycles_required_action(status: &str) -> &'static str {
-    match status {
-        CYCLES_OPERATION_STATUS_IN_FLIGHT => "wait_for_ledger_result",
-        CYCLES_OPERATION_STATUS_AMBIGUOUS | CYCLES_OPERATION_STATUS_COMPLETED => {
-            "billing_authority_review"
-        }
-        _ => "billing_authority_review",
+fn map_market_entitlement(
+    row: &crate::sqlite::Row<'_>,
+) -> crate::sqlite::Result<MarketEntitlement> {
+    Ok(MarketEntitlement {
+        database_id: crate::sqlite::row_get(row, 0)?,
+        buyer_principal: crate::sqlite::row_get(row, 1)?,
+        listing_id: crate::sqlite::row_get(row, 2)?,
+        order_id: crate::sqlite::row_get(row, 3)?,
+        purchased_at_ms: crate::sqlite::row_get(row, 4)?,
+        status: crate::sqlite::row_get(row, 5)?,
+    })
+}
+
+fn market_listing_status_from_db(value: &str) -> crate::sqlite::Result<MarketListingStatus> {
+    match value {
+        MARKET_LISTING_STATUS_DRAFT => Ok(MarketListingStatus::Draft),
+        MARKET_LISTING_STATUS_ACTIVE => Ok(MarketListingStatus::Active),
+        MARKET_LISTING_STATUS_PAUSED => Ok(MarketListingStatus::Paused),
+        _ => Err(crate::sqlite::invalid_query()),
     }
 }
 
-fn map_pending_cycles_operation(
-    row: &crate::sqlite::Row<'_>,
-) -> crate::sqlite::Result<PendingCyclesOperation> {
-    Ok(PendingCyclesOperation {
-        database_id: crate::sqlite::row_get(row, 0)?,
-        kind: crate::sqlite::row_get(row, 1)?,
-        caller: crate::sqlite::row_get(row, 2)?,
-        cycles: crate::sqlite::row_get(row, 3)?,
-        payment_amount_e8s: crate::sqlite::row_get(row, 4)?,
-        operation_status: crate::sqlite::row_get(row, 11)?,
-        ledger_block_index: crate::sqlite::row_get(row, 12)?,
+fn empty_market_listing_detail(listing: MarketListing) -> MarketListingDetail {
+    MarketListingDetail {
+        listing,
+        verified_stats: MarketListingVerifiedStats {
+            total_nodes: 0,
+            wiki_nodes: 0,
+            source_nodes: 0,
+            folder_nodes: 0,
+            markdown_chars: 0,
+            source_chars: 0,
+            link_edges: 0,
+            logical_size_bytes: 0,
+            last_content_updated_at_ms: None,
+        },
+        preview: MarketListingPreview {
+            top_level_paths: Vec::new(),
+            excerpts: Vec::new(),
+            category_graph: MarketCategoryGraph {
+                nodes: Vec::new(),
+                edges: Vec::new(),
+            },
+            preview_stale: true,
+        },
+    }
+}
+
+fn validate_market_create_listing_request(
+    request: &MarketCreateListingRequest,
+) -> Result<(), String> {
+    validate_database_id(&request.database_id)?;
+    validate_market_listing_metadata(MarketListingMetadataValidation {
+        title: &request.title,
+        description: &request.description,
+        llm_summary: request.llm_summary.as_deref(),
+        summary_snapshot_revision: request.summary_snapshot_revision.as_deref(),
+        sample_excerpts_json: &request.sample_excerpts_json,
+        tags_json: &request.tags_json,
+        price_e8s: request.price_e8s,
+    })
+}
+
+fn validate_market_update_listing_request(
+    request: &MarketUpdateListingRequest,
+) -> Result<(), String> {
+    validate_market_listing_metadata(MarketListingMetadataValidation {
+        title: &request.title,
+        description: &request.description,
+        llm_summary: request.llm_summary.as_deref(),
+        summary_snapshot_revision: request.summary_snapshot_revision.as_deref(),
+        sample_excerpts_json: &request.sample_excerpts_json,
+        tags_json: &request.tags_json,
+        price_e8s: request.price_e8s,
     })
 }
 
+struct MarketListingMetadataValidation<'a> {
+    title: &'a str,
+    description: &'a str,
+    llm_summary: Option<&'a str>,
+    summary_snapshot_revision: Option<&'a str>,
+    sample_excerpts_json: &'a str,
+    tags_json: &'a str,
+    price_e8s: u64,
+}
+
+fn validate_market_listing_metadata(
+    input: MarketListingMetadataValidation<'_>,
+) -> Result<(), String> {
+    if input.price_e8s == 0 {
+        return Err("market listing price must be positive".to_string());
+    }
+    amount_to_i64(input.price_e8s)?;
+    validate_market_text(
+        "market listing title",
+        input.title,
+        1,
+        MAX_MARKET_TITLE_CHARS,
+    )?;
+    validate_market_text(
+        "market listing description",
+        input.description,
+        1,
+        MAX_MARKET_DESCRIPTION_CHARS,
+    )?;
+    if let Some(summary) = input.llm_summary {
+        validate_market_text(
+            "market listing summary",
+            summary,
+            0,
+            MAX_MARKET_DESCRIPTION_CHARS,
+        )?;
+    }
+    if let Some(revision) = input.summary_snapshot_revision {
+        validate_market_text("market listing summary revision", revision, 0, 256)?;
+    }
+    validate_market_text(
+        "market listing sample excerpts",
+        input.sample_excerpts_json,
+        0,
+        MAX_MARKET_JSON_CHARS,
+    )?;
+    parse_market_preview_excerpts(input.sample_excerpts_json)?;
+    validate_market_text(
+        "market listing tags",
+        input.tags_json,
+        0,
+        MAX_MARKET_JSON_CHARS,
+    )
+}
+
+fn parse_market_preview_excerpts(value: &str) -> Result<Vec<MarketPreviewExcerpt>, String> {
+    let parsed = serde_json::from_str::<Value>(value)
+        .map_err(|error| format!("market listing sample excerpts JSON is invalid: {error}"))?;
+    let Value::Array(items) = parsed else {
+        return Err("market listing sample excerpts must be a JSON array".to_string());
+    };
+    if items.len() > MAX_MARKET_PREVIEW_EXCERPTS {
+        return Err(format!(
+            "market listing sample excerpts must have at most {MAX_MARKET_PREVIEW_EXCERPTS} items"
+        ));
+    }
+    let mut excerpts = Vec::with_capacity(items.len());
+    for item in items {
+        let Value::Object(object) = item else {
+            return Err("market listing sample excerpt must be an object".to_string());
+        };
+        let path = market_preview_string_field(&object, "path")?;
+        let etag = market_preview_string_field(&object, "etag")?;
+        let excerpt = market_preview_string_field(&object, "excerpt")?;
+        validate_source_path_for_kind(&path, &NodeKind::File)?;
+        if !path.starts_with("/Wiki/") {
+            return Err("market listing sample excerpt path must be under /Wiki".to_string());
+        }
+        validate_market_text("market listing sample excerpt etag", &etag, 1, 256)?;
+        validate_market_text(
+            "market listing sample excerpt",
+            &excerpt,
+            1,
+            MAX_MARKET_PREVIEW_EXCERPT_CHARS,
+        )?;
+        excerpts.push(MarketPreviewExcerpt {
+            path,
+            etag,
+            excerpt,
+        });
+    }
+    Ok(excerpts)
+}
+
+fn market_preview_string_field(
+    object: &serde_json::Map<String, Value>,
+    field: &str,
+) -> Result<String, String> {
+    object
+        .get(field)
+        .and_then(Value::as_str)
+        .map(ToString::to_string)
+        .ok_or_else(|| format!("market listing sample excerpt {field} is required"))
+}
+
+fn validate_market_text(
+    label: &str,
+    value: &str,
+    min_chars: usize,
+    max_chars: usize,
+) -> Result<(), String> {
+    let count = value.chars().count();
+    if count < min_chars || count > max_chars {
+        return Err(format!(
+            "{label} must be {min_chars}..{max_chars} characters"
+        ));
+    }
+    if value.chars().any(char::is_control) {
+        return Err(format!("{label} may not contain control characters"));
+    }
+    Ok(())
+}
+
+fn unique_market_id(
+    conn: &Connection,
+    table: &str,
+    column: &str,
+    prefix: &str,
+    caller: &str,
+    seed: &str,
+    now: i64,
+) -> Result<String, String> {
+    for attempt in 0..16_u32 {
+        let id = generated_market_id(prefix, caller, seed, now, attempt);
+        let sql = format!("SELECT COUNT(*) FROM {table} WHERE {column} = ?1");
+        let count: i64 = conn
+            .query_row(&sql, params![id], |row| crate::sqlite::row_get(row, 0))
+            .map_err(|error| error.to_string())?;
+        if count == 0 {
+            return Ok(id);
+        }
+    }
+    Err("failed to allocate market id".to_string())
+}
+
+fn generated_market_id(prefix: &str, caller: &str, seed: &str, now: i64, attempt: u32) -> String {
+    let mut hasher = Sha256::new();
+    hasher.update(prefix.as_bytes());
+    hasher.update(caller.as_bytes());
+    hasher.update(seed.as_bytes());
+    hasher.update(now.to_be_bytes());
+    hasher.update(attempt.to_be_bytes());
+    format!(
+        "{prefix}{}",
+        &base32_lower(&hasher.finalize())[..GENERATED_MARKET_ID_HASH_CHARS]
+    )
+}
+
 struct DatabaseLedgerInsert<'a> {
     database_id: &'a str,
     kind: &'a str,
@@ -5451,31 +7504,68 @@ fn load_database_summaries_for_caller(
     let mut stmt = conn
         .prepare(
             "SELECT d.database_id, d.name, d.status, m.role, d.logical_size_bytes,
-                COALESCE(b.balance_cycles, 0), b.suspended_at_ms,
-                d.archived_at_ms, d.deleted_at_ms
-         FROM databases d
-         INNER JOIN database_members m ON m.database_id = d.database_id
-         LEFT JOIN database_cycle_accounts b ON b.database_id = d.database_id
-         WHERE m.principal = ?1
-         ORDER BY d.database_id ASC",
+                    COALESCE(b.balance_cycles, 0), b.suspended_at_ms,
+                    d.archived_at_ms, d.deleted_at_ms,
+                    0 AS access_source_rank,
+                    CASE m.role
+                      WHEN 'owner' THEN 0
+                      WHEN 'writer' THEN 1
+                      ELSE 2
+                    END AS role_rank
+             FROM databases d
+             INNER JOIN database_members m ON m.database_id = d.database_id
+             LEFT JOIN database_cycle_accounts b ON b.database_id = d.database_id
+             WHERE m.principal = ?1
+             UNION ALL
+             SELECT d.database_id, d.name, d.status, 'reader' AS role, d.logical_size_bytes,
+                    COALESCE(b.balance_cycles, 0), b.suspended_at_ms,
+                    d.archived_at_ms, d.deleted_at_ms,
+                    1 AS access_source_rank,
+                    2 AS role_rank
+             FROM databases d
+             INNER JOIN market_entitlements e ON e.database_id = d.database_id
+             LEFT JOIN database_cycle_accounts b ON b.database_id = d.database_id
+             WHERE e.buyer_principal = ?2
+               AND e.status = ?3
+               AND d.status = ?4
+             ORDER BY 1 ASC, 10 ASC, 11 ASC",
         )
         .map_err(|error| error.to_string())?;
-    crate::sqlite::query_map(&mut stmt, params![caller], |row| {
-        let logical_size_bytes: i64 = crate::sqlite::row_get(row, 4)?;
-        let cycles_balance: i64 = crate::sqlite::row_get(row, 5)?;
-        Ok(DatabaseSummary {
-            database_id: crate::sqlite::row_get(row, 0)?,
-            name: crate::sqlite::row_get(row, 1)?,
-            status: status_from_db(&crate::sqlite::row_get::<String>(row, 2)?)?,
-            role: role_from_db(&crate::sqlite::row_get::<String>(row, 3)?)?,
-            logical_size_bytes: logical_size_bytes.max(0) as u64,
-            cycles_balance: Some(cycles_balance.max(0) as u64),
-            cycles_suspended_at_ms: crate::sqlite::row_get(row, 6)?,
-            archived_at_ms: crate::sqlite::row_get(row, 7)?,
-            deleted_at_ms: crate::sqlite::row_get(row, 8)?,
-        })
-    })
-    .map_err(|error| error.to_string())
+    let rows = crate::sqlite::query_map(
+        &mut stmt,
+        params![
+            caller,
+            caller,
+            MARKET_ENTITLEMENT_STATUS_ACTIVE,
+            status_to_db(DatabaseStatus::Active)
+        ],
+        |row| {
+            let logical_size_bytes: i64 = crate::sqlite::row_get(row, 4)?;
+            let cycles_balance: i64 = crate::sqlite::row_get(row, 5)?;
+            Ok(DatabaseSummary {
+                database_id: crate::sqlite::row_get(row, 0)?,
+                name: crate::sqlite::row_get(row, 1)?,
+                status: status_from_db(&crate::sqlite::row_get::<String>(row, 2)?)?,
+                role: role_from_db(&crate::sqlite::row_get::<String>(row, 3)?)?,
+                logical_size_bytes: logical_size_bytes.max(0) as u64,
+                cycles_balance: Some(cycles_balance.max(0) as u64),
+                cycles_suspended_at_ms: crate::sqlite::row_get(row, 6)?,
+                archived_at_ms: crate::sqlite::row_get(row, 7)?,
+                deleted_at_ms: crate::sqlite::row_get(row, 8)?,
+            })
+        },
+    )
+    .map_err(|error| error.to_string())?;
+    let mut summaries = Vec::new();
+    for row in rows {
+        if summaries
+            .last()
+            .is_none_or(|last: &DatabaseSummary| last.database_id != row.database_id)
+        {
+            summaries.push(row);
+        }
+    }
+    Ok(summaries)
 }
 
 fn map_database_meta_with_statuses(
diff --git a/crates/vfs_runtime/src/sqlite.rs b/crates/vfs_runtime/src/sqlite.rs
index bfa432f7..336443a0 100644
--- a/crates/vfs_runtime/src/sqlite.rs
+++ b/crates/vfs_runtime/src/sqlite.rs
@@ -222,6 +222,16 @@ pub(crate) fn text_value(value: impl Into<String>) -> types::Value {
     types::Value::Text(value.into())
 }
 
+#[cfg(target_arch = "wasm32")]
+pub(crate) fn nullable_text_value(value: Option<String>) -> types::Value {
+    value.map(types::Value::Text).unwrap_or(types::Value::Null)
+}
+
+#[cfg(not(target_arch = "wasm32"))]
+pub(crate) fn nullable_text_value(value: Option<String>) -> types::Value {
+    value.map(types::Value::Text).unwrap_or(types::Value::Null)
+}
+
 #[cfg(target_arch = "wasm32")]
 pub(crate) fn integer_value(value: i64) -> types::Value {
     types::Value::Integer(value)
diff --git a/crates/vfs_runtime/tests/database_service.rs b/crates/vfs_runtime/tests/database_service.rs
index b9864cda..234a0314 100644
--- a/crates/vfs_runtime/tests/database_service.rs
+++ b/crates/vfs_runtime/tests/database_service.rs
@@ -8,16 +8,18 @@ use sha2::{Digest, Sha256};
 use tempfile::tempdir;
 use vfs_runtime::{
     CyclesPendingLedgerDetailsInput, DEFAULT_LLM_WRITER_PRINCIPAL,
-    DatabaseCyclesPurchaseWithLedgerDetails, MAX_ARCHIVE_CHUNK_BYTES, MAX_DATABASE_SIZE_BYTES,
-    MAX_RESTORE_CHUNK_BYTES, VfsService, cycles_for_payment_amount_e8s,
+    DatabaseCyclesPurchaseWithLedgerDetails, KinicDepositWithLedgerDetails,
+    MAX_ARCHIVE_CHUNK_BYTES, MAX_DATABASE_SIZE_BYTES, MAX_RESTORE_CHUNK_BYTES, VfsService,
+    cycles_for_payment_amount_e8s,
 };
 use vfs_types::{
     AppendNodeRequest, CyclesBillingConfigUpdate, DatabaseRole, DatabaseStatus,
     DeleteDatabaseRequest, DeleteNodeRequest, EditNodeRequest, KINIC_LEDGER_FEE_E8S,
-    MkdirNodeRequest, MoveNodeRequest, NodeKind, OpsAnswerSessionCheckRequest,
-    OpsAnswerSessionRequest, SearchNodesRequest, SearchPreviewMode, SourceRunSessionCheckRequest,
-    UrlIngestTriggerSessionCheckRequest, UrlIngestTriggerSessionRequest, WriteNodeRequest,
-    WriteSourceForGenerationRequest,
+    KinicFundDatabaseCyclesRequest, KinicPendingOperationsPageRequest, MarketCreateListingRequest,
+    MarketPurchaseRequest, MkdirNodeRequest, MoveNodeRequest, NodeKind,
+    OpsAnswerSessionCheckRequest, OpsAnswerSessionRequest, SearchNodesRequest, SearchPreviewMode,
+    SourceRunSessionCheckRequest, UrlIngestTriggerSessionCheckRequest,
+    UrlIngestTriggerSessionRequest, WriteNodeRequest, WriteSourceForGenerationRequest,
 };
 
 fn service() -> VfsService {
@@ -40,6 +42,128 @@ fn delete_request(database_id: &str) -> DeleteDatabaseRequest {
     }
 }
 
+fn market_listing_request(database_id: &str, price_e8s: u64) -> MarketCreateListingRequest {
+    MarketCreateListingRequest {
+        database_id: database_id.to_string(),
+        title: "Team database".to_string(),
+        description: "Reusable team knowledge base".to_string(),
+        llm_summary: None,
+        summary_snapshot_revision: None,
+        sample_excerpts_json: "[]".to_string(),
+        tags_json: "[]".to_string(),
+        price_e8s,
+    }
+}
+
+fn excerpt_json(path: &str, etag: &str, excerpt: &str) -> String {
+    format!("[{}]", excerpt_object(path, etag, excerpt))
+}
+
+fn excerpt_object(path: &str, etag: &str, excerpt: &str) -> String {
+    format!(r#"{{"path":"{path}","etag":"{etag}","excerpt":"{excerpt}"}}"#)
+}
+
+fn credit_kinic_balance(
+    service: &VfsService,
+    caller: &str,
+    amount_e8s: u64,
+    block_index: u64,
+    now: i64,
+) {
+    let start = service
+        .begin_kinic_deposit_with_ledger_details(KinicDepositWithLedgerDetails {
+            caller,
+            amount_e8s,
+            ledger: CyclesPendingLedgerDetailsInput {
+                from_owner: caller,
+                from_subaccount: None,
+                to_owner: "canister",
+                to_subaccount: None,
+                ledger_fee_e8s: KINIC_LEDGER_FEE_E8S,
+                ledger_created_at_time_ns: u64::try_from(now).expect("now should fit u64"),
+            },
+            now,
+        })
+        .expect("deposit should begin");
+    service
+        .complete_kinic_deposit_ledger_transfer(start.operation_id, caller, amount_e8s, block_index)
+        .expect("ledger transfer should complete");
+    service
+        .apply_kinic_deposit(start.operation_id, caller, amount_e8s, now + 1)
+        .expect("deposit should credit balance");
+}
+
+fn kinic_fund_request(
+    database_id: &str,
+    payment_amount_e8s: u64,
+) -> KinicFundDatabaseCyclesRequest {
+    KinicFundDatabaseCyclesRequest {
+        database_id: database_id.to_string(),
+        payment_amount_e8s,
+        min_expected_cycles: 0,
+    }
+}
+
+fn database_status_text(root: &std::path::Path, database_id: &str) -> String {
+    let conn = Connection::open(root.join("index.sqlite3")).expect("index should open");
+    conn.query_row(
+        "SELECT status FROM databases WHERE database_id = ?1",
+        params![database_id],
+        |row| row.get(0),
+    )
+    .expect("database status should load")
+}
+
+fn database_cycle_ledger_row(
+    root: &std::path::Path,
+    database_id: &str,
+) -> (String, i64, Option<i64>, String, Option<i64>) {
+    let conn = Connection::open(root.join("index.sqlite3")).expect("index should open");
+    conn.query_row(
+        "SELECT kind, amount_cycles, payment_amount_e8s, method, ledger_block_index
+         FROM database_cycle_ledger
+         WHERE database_id = ?1
+         ORDER BY entry_id DESC
+         LIMIT 1",
+        params![database_id],
+        |row| {
+            Ok((
+                row.get(0)?,
+                row.get(1)?,
+                row.get(2)?,
+                row.get(3)?,
+                row.get(4)?,
+            ))
+        },
+    )
+    .expect("database cycle ledger row should load")
+}
+
+fn kinic_ledger_row(
+    root: &std::path::Path,
+    principal: &str,
+) -> (String, String, i64, i64, Option<String>) {
+    let conn = Connection::open(root.join("index.sqlite3")).expect("index should open");
+    conn.query_row(
+        "SELECT source, kind, amount_e8s, balance_after_e8s, counterparty
+         FROM kinic_ledger
+         WHERE principal = ?1
+         ORDER BY entry_id DESC
+         LIMIT 1",
+        params![principal],
+        |row| {
+            Ok((
+                row.get(0)?,
+                row.get(1)?,
+                row.get(2)?,
+                row.get(3)?,
+                row.get(4)?,
+            ))
+        },
+    )
+    .expect("KINIC ledger row should load")
+}
+
 #[test]
 fn mainnet_011_index_upgrades_to_latest() {
     let dir = tempdir().expect("tempdir should create");
@@ -137,6 +261,15 @@ fn mainnet_011_index_upgrades_to_latest() {
         schema_migration_count(&root, "database_index:020_cycles_billing_config_version"),
         1
     );
+    assert_eq!(
+        schema_migration_count(&root, "database_index:028_kinic_external_block_indexes"),
+        1
+    );
+    assert!(index_exists(&root, "kinic_ledger_external_block_idx"));
+    assert!(index_exists(
+        &root,
+        "kinic_pending_operations_external_block_kind_idx"
+    ));
     assert_eq!(cycles_billing_config_key_count(&root, "config_version"), 0);
 }
 
@@ -486,6 +619,20 @@ fn database_member_count(root: &std::path::Path, database_id: &str) -> i64 {
     .expect("member count should load")
 }
 
+fn market_row_count(root: &std::path::Path, table: &str, database_id: &str) -> i64 {
+    assert!(
+        ["market_listings", "market_orders", "market_entitlements"].contains(&table),
+        "test helper must only read marketplace tables"
+    );
+    let conn = Connection::open(root.join("index.sqlite3")).expect("index should open");
+    conn.query_row(
+        &format!("SELECT COUNT(*) FROM {table} WHERE database_id = ?1"),
+        params![database_id],
+        |row| row.get(0),
+    )
+    .expect("market row count should load")
+}
+
 fn database_cycles_balance(root: &std::path::Path, database_id: &str) -> i64 {
     let conn = Connection::open(root.join("index.sqlite3")).expect("index should open");
     conn.query_row(
@@ -592,6 +739,32 @@ fn schema_migration_count(root: &std::path::Path, version: &str) -> i64 {
     .expect("migration count should load")
 }
 
+fn index_exists(root: &std::path::Path, name: &str) -> bool {
+    let conn = Connection::open(root.join("index.sqlite3")).expect("index should open");
+    conn.query_row(
+        "SELECT 1 FROM sqlite_master WHERE type = 'index' AND name = ?1",
+        params![name],
+        |row| row.get::<_, i64>(0),
+    )
+    .optional()
+    .expect("index existence should load")
+    .is_some()
+}
+
+#[test]
+fn fresh_index_schema_contains_kinic_external_block_unique_indexes() {
+    let (_service, root) = service_with_root();
+    assert!(index_exists(&root, "kinic_ledger_external_block_idx"));
+    assert!(index_exists(
+        &root,
+        "kinic_pending_operations_external_block_kind_idx"
+    ));
+    assert_eq!(
+        schema_migration_count(&root, "database_index:028_kinic_external_block_indexes"),
+        1
+    );
+}
+
 fn mount_history_row(root: &std::path::Path, mount_id: u16) -> (String, String) {
     let conn = Connection::open(root.join("index.sqlite3")).expect("index should open");
     conn.query_row(
@@ -4186,3 +4359,1034 @@ fn move_node_validates_source_target_path() {
         )
         .expect("canonical source target should pass");
 }
+
+#[test]
+fn kinic_fund_database_cycles_moves_internal_balance_to_database_balance() {
+    let (service, root) = service_with_root();
+    service
+        .create_database("fund-db", "owner", 1)
+        .expect("database should create");
+    credit_kinic_balance(&service, "buyer", 1_000, 10, 2);
+    let config = service
+        .cycles_billing_config()
+        .expect("cycles billing config should load");
+    let expected_cycles =
+        cycles_for_payment_amount_e8s(250, &config).expect("cycles quote should compute");
+
+    let result = service
+        .kinic_fund_database_cycles("buyer", kinic_fund_request("fund-db", 250), 3)
+        .expect("internal balance funding should succeed");
+
+    assert_eq!(result.payment_amount_e8s, 250);
+    assert_eq!(result.amount_cycles, expected_cycles);
+    assert_eq!(result.database_balance_cycles, expected_cycles);
+    assert_eq!(result.kinic_balance_e8s, 750);
+    assert_eq!(
+        service
+            .kinic_get_balance("buyer")
+            .expect("buyer balance should load")
+            .balance_e8s,
+        750
+    );
+    assert_eq!(
+        database_cycles_balance(&root, "fund-db"),
+        expected_cycles as i64
+    );
+    assert_eq!(
+        kinic_ledger_row(&root, "buyer"),
+        (
+            "canister_internal".to_string(),
+            "fund_database_cycles".to_string(),
+            -250,
+            750,
+            Some("fund-db".to_string())
+        )
+    );
+    assert_eq!(
+        database_cycle_ledger_row(&root, "fund-db"),
+        (
+            "cycles_purchase".to_string(),
+            expected_cycles as i64,
+            Some(250),
+            "kinic_fund_database_cycles".to_string(),
+            None
+        )
+    );
+}
+
+#[test]
+fn kinic_deposit_external_block_indexes_reject_duplicate_pending_and_ledger_blocks() {
+    let service = service();
+    let first = service
+        .begin_kinic_deposit_with_ledger_details(KinicDepositWithLedgerDetails {
+            caller: "alice",
+            amount_e8s: 100,
+            ledger: CyclesPendingLedgerDetailsInput {
+                from_owner: "alice",
+                from_subaccount: None,
+                to_owner: "canister",
+                to_subaccount: None,
+                ledger_fee_e8s: KINIC_LEDGER_FEE_E8S,
+                ledger_created_at_time_ns: 1,
+            },
+            now: 1,
+        })
+        .expect("first deposit should begin");
+    service
+        .complete_kinic_deposit_ledger_transfer(first.operation_id, "alice", 100, 77)
+        .expect("first pending transfer should complete");
+    let second = service
+        .begin_kinic_deposit_with_ledger_details(KinicDepositWithLedgerDetails {
+            caller: "bob",
+            amount_e8s: 100,
+            ledger: CyclesPendingLedgerDetailsInput {
+                from_owner: "bob",
+                from_subaccount: None,
+                to_owner: "canister",
+                to_subaccount: None,
+                ledger_fee_e8s: KINIC_LEDGER_FEE_E8S,
+                ledger_created_at_time_ns: 2,
+            },
+            now: 2,
+        })
+        .expect("second deposit should begin");
+    let pending_duplicate = service
+        .complete_kinic_deposit_ledger_transfer(second.operation_id, "bob", 100, 77)
+        .expect_err("duplicate pending external block should reject");
+    assert!(pending_duplicate.contains("UNIQUE constraint failed"));
+
+    service
+        .apply_kinic_deposit(first.operation_id, "alice", 100, 3)
+        .expect("first deposit should apply");
+    let third = service
+        .begin_kinic_deposit_with_ledger_details(KinicDepositWithLedgerDetails {
+            caller: "carol",
+            amount_e8s: 100,
+            ledger: CyclesPendingLedgerDetailsInput {
+                from_owner: "carol",
+                from_subaccount: None,
+                to_owner: "canister",
+                to_subaccount: None,
+                ledger_fee_e8s: KINIC_LEDGER_FEE_E8S,
+                ledger_created_at_time_ns: 4,
+            },
+            now: 4,
+        })
+        .expect("third deposit should begin");
+    service
+        .complete_kinic_deposit_ledger_transfer(third.operation_id, "carol", 100, 77)
+        .expect("ledger duplicate is checked when applying after pending is deleted");
+    let ledger_duplicate = service
+        .apply_kinic_deposit(third.operation_id, "carol", 100, 5)
+        .expect_err("duplicate ledger external block should reject");
+    assert!(ledger_duplicate.contains("UNIQUE constraint failed"));
+    assert_eq!(
+        service
+            .kinic_get_balance("carol")
+            .expect("failed duplicate should not credit")
+            .balance_e8s,
+        0
+    );
+}
+
+#[test]
+fn kinic_list_pending_operations_paginates_and_clamps_limits() {
+    let service = service();
+    for index in 0..3 {
+        let caller = format!("caller-{index}");
+        service
+            .begin_kinic_deposit_with_ledger_details(KinicDepositWithLedgerDetails {
+                caller: &caller,
+                amount_e8s: 100 + index,
+                ledger: CyclesPendingLedgerDetailsInput {
+                    from_owner: &caller,
+                    from_subaccount: None,
+                    to_owner: "canister",
+                    to_subaccount: None,
+                    ledger_fee_e8s: KINIC_LEDGER_FEE_E8S,
+                    ledger_created_at_time_ns: index,
+                },
+                now: i64::try_from(index).expect("index should fit"),
+            })
+            .expect("deposit should begin");
+    }
+
+    let first = service
+        .kinic_list_pending_operations(
+            "rrkah-fqaaa-aaaaa-aaaaq-cai",
+            KinicPendingOperationsPageRequest {
+                cursor_operation_id: None,
+                limit: 2,
+            },
+        )
+        .expect("first page should load");
+    assert_eq!(first.operations.len(), 2);
+    assert_eq!(first.next_cursor_operation_id, Some(2));
+
+    let second = service
+        .kinic_list_pending_operations(
+            "rrkah-fqaaa-aaaaa-aaaaq-cai",
+            KinicPendingOperationsPageRequest {
+                cursor_operation_id: first.next_cursor_operation_id,
+                limit: 0,
+            },
+        )
+        .expect("zero limit should clamp to one");
+    assert_eq!(second.operations.len(), 1);
+    assert_eq!(second.operations[0].operation_id, 3);
+    assert_eq!(second.next_cursor_operation_id, None);
+}
+
+#[test]
+fn kinic_fund_database_cycles_can_activate_pending_database_after_mount_allocation() {
+    let (service, root) = service_with_root();
+    let pending = service
+        .reserve_pending_generated_database("Fund pending", "owner", 1)
+        .expect("pending database should reserve");
+    service
+        .activate_pending_database_for_cycles_purchase(&pending.database_id, 2)
+        .expect("pending activation should start")
+        .expect("pending activation should allocate mount");
+    credit_kinic_balance(&service, "owner", 1_000, 20, 3);
+
+    let result = service
+        .kinic_fund_database_cycles("owner", kinic_fund_request(&pending.database_id, 400), 4)
+        .expect("pending database funding should succeed");
+
+    assert!(result.amount_cycles > 0);
+    assert_eq!(result.kinic_balance_e8s, 600);
+    assert_eq!(database_status_text(&root, &pending.database_id), "active");
+}
+
+#[test]
+fn kinic_fund_database_cycles_rejects_invalid_payment_or_database_state() {
+    let (service, root) = service_with_root();
+    service
+        .create_database("fund-active", "owner", 1)
+        .expect("active database should create");
+    credit_kinic_balance(&service, "buyer", 100, 10, 2);
+
+    let insufficient = service
+        .kinic_fund_database_cycles("buyer", kinic_fund_request("fund-active", 101), 3)
+        .expect_err("insufficient KINIC balance should reject");
+    assert!(insufficient.contains("insufficient KINIC balance"));
+
+    let config = service
+        .cycles_billing_config()
+        .expect("cycles billing config should load");
+    let quoted = cycles_for_payment_amount_e8s(50, &config).expect("quote should compute");
+    let min_mismatch = service
+        .kinic_fund_database_cycles(
+            "buyer",
+            KinicFundDatabaseCyclesRequest {
+                database_id: "fund-active".to_string(),
+                payment_amount_e8s: 50,
+                min_expected_cycles: quoted + 1,
+            },
+            4,
+        )
+        .expect_err("quote mismatch should reject");
+    assert!(min_mismatch.contains("cycles purchase quote changed"));
+
+    let pending = service
+        .reserve_pending_generated_database("Unallocated", "owner", 5)
+        .expect("pending database should reserve");
+    let pending_error = service
+        .kinic_fund_database_cycles("buyer", kinic_fund_request(&pending.database_id, 50), 6)
+        .expect_err("unallocated pending database should reject");
+    assert!(pending_error.contains("pending database has no activation mount"));
+    assert_eq!(database_status_text(&root, &pending.database_id), "pending");
+    assert_eq!(database_cycles_balance(&root, &pending.database_id), 0);
+    assert_eq!(
+        service
+            .kinic_get_balance("buyer")
+            .expect("buyer balance should load")
+            .balance_e8s,
+        100
+    );
+
+    service
+        .create_database("fund-archive", "owner", 7)
+        .expect("archive database should create");
+    service
+        .begin_database_archive("fund-archive", "owner", 8)
+        .expect("archive should begin");
+    let archived = service
+        .kinic_fund_database_cycles("buyer", kinic_fund_request("fund-archive", 50), 9)
+        .expect_err("archiving database should reject");
+    assert!(archived.contains("database is archiving"));
+}
+
+#[test]
+fn market_purchase_moves_internal_balance_and_creates_entitlement() {
+    let service = service();
+    service
+        .create_database("market-db", "seller", 1)
+        .expect("database should create");
+    let listing = service
+        .market_create_listing("seller", market_listing_request("market-db", 250), 2)
+        .expect("listing should create");
+    assert!(!listing.listing_id.starts_with("listing_"));
+    let listing = service
+        .market_publish_listing("seller", &listing.listing_id, 3)
+        .expect("listing should publish");
+    credit_kinic_balance(&service, "buyer", 1_000, 10, 5);
+
+    let order = service
+        .market_purchase_access(
+            "buyer",
+            MarketPurchaseRequest {
+                listing_id: listing.listing_id.clone(),
+                price_e8s: listing.price_e8s,
+            },
+            6,
+        )
+        .expect("purchase should succeed");
+
+    assert_eq!(order.buyer_principal, "buyer");
+    assert_eq!(order.seller_principal, "seller");
+    assert_eq!(
+        service
+            .kinic_get_balance("buyer")
+            .expect("buyer balance should load")
+            .balance_e8s,
+        750
+    );
+    assert_eq!(
+        service
+            .kinic_get_balance("seller")
+            .expect("seller balance should load")
+            .balance_e8s,
+        250
+    );
+    assert_eq!(
+        service
+            .market_list_entitlements("buyer", None, 10)
+            .expect("entitlements should load")
+            .entitlements
+            .len(),
+        1
+    );
+    let second_listing = service
+        .market_create_listing("seller", market_listing_request("market-db", 300), 7)
+        .expect("second listing should create");
+    let second_listing = service
+        .market_publish_listing("seller", &second_listing.listing_id, 8)
+        .expect("second listing should publish");
+    assert!(
+        service
+            .market_purchase_access(
+                "buyer",
+                MarketPurchaseRequest {
+                    listing_id: second_listing.listing_id,
+                    price_e8s: second_listing.price_e8s,
+                },
+                9,
+            )
+            .is_err(),
+        "same buyer cannot repurchase the same database"
+    );
+}
+
+#[test]
+fn market_purchase_rejects_seller_self_purchase() {
+    let service = service();
+    service
+        .create_database("self-market", "seller", 1)
+        .expect("database should create");
+    let listing = service
+        .market_create_listing("seller", market_listing_request("self-market", 250), 2)
+        .expect("listing should create");
+    let listing = service
+        .market_publish_listing("seller", &listing.listing_id, 3)
+        .expect("listing should publish");
+    credit_kinic_balance(&service, "seller", 1_000, 10, 4);
+
+    let error = service
+        .market_purchase_access(
+            "seller",
+            MarketPurchaseRequest {
+                listing_id: listing.listing_id,
+                price_e8s: listing.price_e8s,
+            },
+            5,
+        )
+        .expect_err("seller must not buy their own listing");
+
+    assert!(error.contains("seller cannot purchase own listing"));
+    assert_eq!(
+        service
+            .kinic_get_balance("seller")
+            .expect("seller balance should load")
+            .balance_e8s,
+        1_000
+    );
+}
+
+#[test]
+fn market_purchase_rejects_insufficient_balance_existing_entitlement_and_price_mismatch() {
+    let service = service();
+    service
+        .create_database("reject-market", "seller", 1)
+        .expect("database should create");
+    let listing = service
+        .market_create_listing("seller", market_listing_request("reject-market", 100), 2)
+        .expect("listing should create");
+    let listing = service
+        .market_publish_listing("seller", &listing.listing_id, 3)
+        .expect("listing should publish");
+
+    let insufficient = service
+        .market_purchase_access(
+            "low-buyer",
+            MarketPurchaseRequest {
+                listing_id: listing.listing_id.clone(),
+                price_e8s: listing.price_e8s,
+            },
+            4,
+        )
+        .expect_err("insufficient balance should reject");
+    assert!(insufficient.contains("insufficient KINIC balance"));
+
+    credit_kinic_balance(&service, "buyer", 500, 10, 5);
+    let price_mismatch = service
+        .market_purchase_access(
+            "buyer",
+            MarketPurchaseRequest {
+                listing_id: listing.listing_id.clone(),
+                price_e8s: listing.price_e8s + 1,
+            },
+            6,
+        )
+        .expect_err("price mismatch should reject");
+    assert!(price_mismatch.contains("market listing price mismatch"));
+    assert_eq!(
+        service
+            .kinic_get_balance("buyer")
+            .expect("buyer balance should remain")
+            .balance_e8s,
+        500
+    );
+
+    service
+        .market_purchase_access(
+            "buyer",
+            MarketPurchaseRequest {
+                listing_id: listing.listing_id.clone(),
+                price_e8s: listing.price_e8s,
+            },
+            7,
+        )
+        .expect("first purchase should succeed");
+    let duplicate = service
+        .market_purchase_access(
+            "buyer",
+            MarketPurchaseRequest {
+                listing_id: listing.listing_id,
+                price_e8s: listing.price_e8s,
+            },
+            8,
+        )
+        .expect_err("existing entitlement should reject");
+    assert!(duplicate.contains("active entitlement already exists"));
+}
+
+#[test]
+fn market_listing_owner_policy_and_database_listing_query() {
+    let service = service();
+    service
+        .create_database("owner-market", "seller", 1)
+        .expect("database should create");
+    service
+        .grant_database_access("owner-market", "seller", "reader", DatabaseRole::Reader, 2)
+        .expect("reader should be granted");
+    assert!(
+        service
+            .market_create_listing("reader", market_listing_request("owner-market", 100), 3)
+            .is_err(),
+        "non-owner must not create listing"
+    );
+
+    let listing = service
+        .market_create_listing("seller", market_listing_request("owner-market", 100), 4)
+        .expect("owner should create listing");
+    assert!(
+        service
+            .market_list_database_listings("reader", "owner-market")
+            .is_err(),
+        "non-owner must not list database listings"
+    );
+    let listings = service
+        .market_list_database_listings("seller", "owner-market")
+        .expect("owner should list database listings");
+    assert_eq!(listings.len(), 1);
+    assert_eq!(listings[0].listing_id, listing.listing_id);
+}
+
+#[test]
+fn market_listing_detail_returns_verified_preview() {
+    let service = service();
+    service
+        .create_database("preview-market", "seller", 1)
+        .expect("database should create");
+    ensure_parent_folders(&service, "seller", "preview-market", "/Wiki/alpha/a.md", 2);
+    ensure_parent_folders(&service, "seller", "preview-market", "/Wiki/beta/b.md", 2);
+    ensure_parent_folders(
+        &service,
+        "seller",
+        "preview-market",
+        "/Sources/raw/web/source.md",
+        2,
+    );
+    let alpha = service
+        .write_node(
+            "seller",
+            WriteNodeRequest {
+                database_id: "preview-market".to_string(),
+                path: "/Wiki/alpha/a.md".to_string(),
+                kind: NodeKind::File,
+                content: "Alpha paid insight links to [beta](/Wiki/beta/b.md).".to_string(),
+                metadata_json: "{}".to_string(),
+                expected_etag: None,
+            },
+            2,
+        )
+        .expect("alpha node should write");
+    service
+        .write_node(
+            "seller",
+            WriteNodeRequest {
+                database_id: "preview-market".to_string(),
+                path: "/Wiki/beta/b.md".to_string(),
+                kind: NodeKind::File,
+                content: "Beta paid body".to_string(),
+                metadata_json: "{}".to_string(),
+                expected_etag: None,
+            },
+            3,
+        )
+        .expect("beta node should write");
+    service
+        .write_node(
+            "seller",
+            WriteNodeRequest {
+                database_id: "preview-market".to_string(),
+                path: "/Sources/raw/web/source.md".to_string(),
+                kind: NodeKind::Source,
+                content: "raw source body".to_string(),
+                metadata_json: "{}".to_string(),
+                expected_etag: None,
+            },
+            4,
+        )
+        .expect("source node should write");
+
+    let mut request = market_listing_request("preview-market", 100);
+    request.sample_excerpts_json =
+        excerpt_json("/Wiki/alpha/a.md", &alpha.node.etag, "paid insight links");
+    let listing = service
+        .market_create_listing("seller", request, 5)
+        .expect("listing should create");
+    let listing = service
+        .market_publish_listing("seller", &listing.listing_id, 6)
+        .expect("listing should publish");
+    let detail = service
+        .market_get_listing("2vxsx-fae", &listing.listing_id)
+        .expect("anonymous should read public listing preview");
+
+    assert_eq!(detail.listing.listing_id, listing.listing_id);
+    assert!(detail.verified_stats.total_nodes >= 5);
+    assert!(detail.verified_stats.wiki_nodes >= 4);
+    assert_eq!(detail.verified_stats.source_nodes, 1);
+    assert!(detail.verified_stats.folder_nodes >= 3);
+    assert!(detail.verified_stats.markdown_chars >= 64);
+    assert_eq!(detail.verified_stats.source_chars, 15);
+    assert_eq!(detail.verified_stats.link_edges, 1);
+    assert_eq!(detail.preview.excerpts.len(), 1);
+    assert_eq!(detail.preview.excerpts[0].excerpt, "paid insight links");
+    assert!(!detail.preview.preview_stale);
+    assert!(
+        detail
+            .preview
+            .top_level_paths
+            .contains(&"/Wiki/alpha".to_string())
+    );
+    assert!(
+        detail
+            .preview
+            .top_level_paths
+            .contains(&"/Wiki/beta".to_string())
+    );
+    assert!(
+        detail
+            .preview
+            .category_graph
+            .nodes
+            .iter()
+            .any(|node| node.category == "/Wiki/alpha")
+    );
+    assert!(
+        detail
+            .preview
+            .category_graph
+            .edges
+            .iter()
+            .any(|edge| edge.source_category == "/Wiki/alpha"
+                && edge.target_category == "/Wiki/beta"
+                && edge.link_count == 1)
+    );
+
+    service
+        .write_node(
+            "seller",
+            WriteNodeRequest {
+                database_id: "preview-market".to_string(),
+                path: "/Wiki/alpha/a.md".to_string(),
+                kind: NodeKind::File,
+                content: "Alpha body changed".to_string(),
+                metadata_json: "{}".to_string(),
+                expected_etag: Some(alpha.node.etag),
+            },
+            7,
+        )
+        .expect("alpha node should update");
+    let stale_detail = service
+        .market_get_listing("2vxsx-fae", &listing.listing_id)
+        .expect("anonymous should still read stale public listing preview");
+    assert!(stale_detail.preview.excerpts.is_empty());
+    assert!(stale_detail.preview.preview_stale);
+}
+
+#[test]
+fn market_listing_sample_excerpts_must_be_verified_wiki_substrings() {
+    let service = service();
+    service
+        .create_database("verified-excerpts", "seller", 1)
+        .expect("database should create");
+    ensure_parent_folders(
+        &service,
+        "seller",
+        "verified-excerpts",
+        "/Wiki/alpha/a.md",
+        2,
+    );
+    ensure_parent_folders(
+        &service,
+        "seller",
+        "verified-excerpts",
+        "/Sources/raw/web/source.md",
+        2,
+    );
+    let node = service
+        .write_node(
+            "seller",
+            WriteNodeRequest {
+                database_id: "verified-excerpts".to_string(),
+                path: "/Wiki/alpha/a.md".to_string(),
+                kind: NodeKind::File,
+                content: "Verified paid excerpt body".to_string(),
+                metadata_json: "{}".to_string(),
+                expected_etag: None,
+            },
+            2,
+        )
+        .expect("wiki node should write");
+    service
+        .write_node(
+            "seller",
+            WriteNodeRequest {
+                database_id: "verified-excerpts".to_string(),
+                path: "/Sources/raw/web/source.md".to_string(),
+                kind: NodeKind::Source,
+                content: "Verified paid excerpt body".to_string(),
+                metadata_json: "{}".to_string(),
+                expected_etag: None,
+            },
+            3,
+        )
+        .expect("source node should write");
+
+    for sample_excerpts_json in [
+        excerpt_json("/Wiki/alpha/a.md", "wrong-etag", "paid excerpt"),
+        excerpt_json("/Wiki/alpha/a.md", &node.node.etag, "missing text"),
+        excerpt_json(
+            "/Sources/raw/web/source.md",
+            &node.node.etag,
+            "paid excerpt",
+        ),
+        format!(
+            "[{},{},{},{},{},{}]",
+            excerpt_object("/Wiki/alpha/a.md", &node.node.etag, "paid excerpt"),
+            excerpt_object("/Wiki/alpha/a.md", &node.node.etag, "paid excerpt"),
+            excerpt_object("/Wiki/alpha/a.md", &node.node.etag, "paid excerpt"),
+            excerpt_object("/Wiki/alpha/a.md", &node.node.etag, "paid excerpt"),
+            excerpt_object("/Wiki/alpha/a.md", &node.node.etag, "paid excerpt"),
+            excerpt_object("/Wiki/alpha/a.md", &node.node.etag, "paid excerpt")
+        ),
+        excerpt_json("/Wiki/alpha/a.md", &node.node.etag, &"x".repeat(401)),
+    ] {
+        let mut request = market_listing_request("verified-excerpts", 100);
+        request.sample_excerpts_json = sample_excerpts_json;
+        assert!(
+            service.market_create_listing("seller", request, 4).is_err(),
+            "invalid sample excerpt must reject"
+        );
+    }
+}
+
+#[test]
+fn market_listing_leaves_public_surface_when_seller_loses_owner_role() {
+    let service = service();
+    service
+        .create_database("stale-owner-market", "seller", 1)
+        .expect("database should create");
+    let listing = service
+        .market_create_listing(
+            "seller",
+            market_listing_request("stale-owner-market", 100),
+            2,
+        )
+        .expect("listing should create");
+    let listing = service
+        .market_publish_listing("seller", &listing.listing_id, 3)
+        .expect("listing should publish");
+    service
+        .grant_database_access(
+            "stale-owner-market",
+            "seller",
+            "successor",
+            DatabaseRole::Owner,
+            4,
+        )
+        .expect("successor owner should be granted");
+    service
+        .revoke_database_access("stale-owner-market", "successor", "seller")
+        .expect("seller should lose owner access");
+    credit_kinic_balance(&service, "buyer", 100, 30, 5);
+
+    assert!(
+        service
+            .market_list_listings(None, 10)
+            .expect("public listings should load")
+            .listings
+            .is_empty(),
+        "seller without owner role must not stay in public marketplace"
+    );
+    assert!(
+        service
+            .market_get_listing("buyer", &listing.listing_id)
+            .expect_err("buyer should not read stale public listing")
+            .contains("seller or admin required")
+    );
+    assert!(
+        service
+            .market_preview_purchase("buyer", &listing.listing_id)
+            .expect_err("preview should reject stale seller")
+            .contains("principal has no access to database")
+    );
+    assert!(
+        service
+            .market_purchase_access(
+                "buyer",
+                MarketPurchaseRequest {
+                    listing_id: listing.listing_id.clone(),
+                    price_e8s: listing.price_e8s,
+                },
+                6,
+            )
+            .expect_err("purchase should reject stale seller")
+            .contains("principal has no access to database")
+    );
+    assert_eq!(
+        service
+            .kinic_get_balance("buyer")
+            .expect("buyer balance should remain")
+            .balance_e8s,
+        100
+    );
+    assert_eq!(
+        service
+            .kinic_get_balance("seller")
+            .expect("seller balance should remain")
+            .balance_e8s,
+        0
+    );
+
+    service
+        .market_get_listing("seller", &listing.listing_id)
+        .expect("original seller should still manage stale listing");
+    let paused = service
+        .market_pause_listing("seller", &listing.listing_id, 7)
+        .expect("original seller should pause stale listing");
+    assert_eq!(paused.listing_id, listing.listing_id);
+}
+
+#[test]
+fn market_listing_requires_active_database() {
+    let service = service();
+    let pending = service
+        .reserve_pending_generated_database("Pending market", "owner", 1)
+        .expect("pending database should reserve");
+    let pending_error = service
+        .market_create_listing(
+            "owner",
+            market_listing_request(&pending.database_id, 100),
+            2,
+        )
+        .expect_err("pending database listing should reject");
+    assert!(pending_error.contains("database is pending"));
+
+    service
+        .create_database("archive-market", "owner", 3)
+        .expect("database should create");
+    let listing = service
+        .market_create_listing("owner", market_listing_request("archive-market", 100), 4)
+        .expect("active database listing should create");
+    let listing = service
+        .market_publish_listing("owner", &listing.listing_id, 5)
+        .expect("active database listing should publish");
+    assert_eq!(
+        service
+            .market_list_listings(None, 10)
+            .expect("active listings should load")
+            .listings
+            .len(),
+        1
+    );
+
+    let archive = service
+        .begin_database_archive("archive-market", "owner", 6)
+        .expect("archive should begin");
+    assert!(
+        service
+            .market_list_listings(None, 10)
+            .expect("archiving listings should load")
+            .listings
+            .is_empty(),
+        "archiving database listing must leave public marketplace"
+    );
+    assert!(
+        service
+            .market_get_listing("buyer", &listing.listing_id)
+            .expect_err("buyer should not read non-active database listing")
+            .contains("seller or admin required")
+    );
+    service
+        .market_get_listing("owner", &listing.listing_id)
+        .expect("owner should still manage archived listing");
+
+    let bytes = read_archive_in_chunks(&service, "archive-market", archive.size_bytes, 17);
+    let snapshot_hash = sha256_bytes(&bytes);
+    service
+        .finalize_database_archive("archive-market", "owner", snapshot_hash.clone(), 7)
+        .expect("archive should finalize");
+    credit_kinic_balance(&service, "buyer", 100, 21, 8);
+    let preview_error = service
+        .market_preview_purchase("buyer", &listing.listing_id)
+        .expect_err("archived database preview should reject");
+    assert!(preview_error.contains("database is archived"));
+    let purchase_error = service
+        .market_purchase_access(
+            "buyer",
+            MarketPurchaseRequest {
+                listing_id: listing.listing_id.clone(),
+                price_e8s: listing.price_e8s,
+            },
+            9,
+        )
+        .expect_err("archived database purchase should reject");
+    assert!(purchase_error.contains("database is archived"));
+    assert_eq!(
+        service
+            .kinic_get_balance("buyer")
+            .expect("buyer balance should remain")
+            .balance_e8s,
+        100
+    );
+    assert_eq!(
+        service
+            .kinic_get_balance("owner")
+            .expect("seller balance should remain")
+            .balance_e8s,
+        0
+    );
+
+    service
+        .begin_database_restore(
+            "archive-market",
+            "owner",
+            snapshot_hash,
+            archive.size_bytes,
+            10,
+        )
+        .expect("restore should begin");
+    assert!(
+        service
+            .market_list_listings(None, 10)
+            .expect("restoring listings should load")
+            .listings
+            .is_empty(),
+        "restoring database listing must stay hidden"
+    );
+    service
+        .write_database_restore_chunk("archive-market", "owner", 0, &bytes)
+        .expect("restore chunk should write");
+    service
+        .finalize_database_restore("archive-market", "owner", 11)
+        .expect("restore should finalize");
+    assert_eq!(
+        service
+            .market_list_listings(None, 10)
+            .expect("restored listings should load")
+            .listings
+            .len(),
+        1
+    );
+    service
+        .market_purchase_access(
+            "buyer",
+            MarketPurchaseRequest {
+                listing_id: listing.listing_id,
+                price_e8s: listing.price_e8s,
+            },
+            12,
+        )
+        .expect("restored active database purchase should succeed");
+}
+
+#[test]
+fn delete_database_removes_marketplace_rows() {
+    let (service, root) = service_with_root();
+    service
+        .create_database("market-delete", "seller", 1)
+        .expect("database should create");
+    service
+        .write_node(
+            "seller",
+            WriteNodeRequest {
+                database_id: "market-delete".to_string(),
+                path: "/Wiki/private.md".to_string(),
+                kind: NodeKind::File,
+                content: "paid body".to_string(),
+                metadata_json: "{}".to_string(),
+                expected_etag: None,
+            },
+            2,
+        )
+        .expect("owner should write");
+    let listing = service
+        .market_create_listing("seller", market_listing_request("market-delete", 100), 3)
+        .expect("listing should create");
+    let listing = service
+        .market_publish_listing("seller", &listing.listing_id, 4)
+        .expect("listing should publish");
+    credit_kinic_balance(&service, "buyer", 100, 10, 5);
+    service
+        .market_purchase_access(
+            "buyer",
+            MarketPurchaseRequest {
+                listing_id: listing.listing_id,
+                price_e8s: listing.price_e8s,
+            },
+            6,
+        )
+        .expect("purchase should succeed");
+    service
+        .read_node("market-delete", "buyer", "/Wiki/private.md")
+        .expect("entitled buyer should read before delete");
+    assert_eq!(
+        market_row_count(&root, "market_listings", "market-delete"),
+        1
+    );
+    assert_eq!(market_row_count(&root, "market_orders", "market-delete"), 1);
+    assert_eq!(
+        market_row_count(&root, "market_entitlements", "market-delete"),
+        1
+    );
+
+    service
+        .delete_database(delete_request("market-delete"), "seller", 7)
+        .expect("delete should succeed");
+    assert_eq!(
+        market_row_count(&root, "market_listings", "market-delete"),
+        0
+    );
+    assert_eq!(market_row_count(&root, "market_orders", "market-delete"), 1);
+    assert_eq!(
+        market_row_count(&root, "market_entitlements", "market-delete"),
+        0
+    );
+    assert_eq!(
+        service
+            .market_list_orders("buyer", None, 10)
+            .expect("buyer order history should remain")
+            .orders
+            .len(),
+        1
+    );
+    let deleted_read = service
+        .read_node("market-delete", "buyer", "/Wiki/private.md")
+        .expect_err("deleted database should not remain readable");
+    assert!(deleted_read.contains("database not found"));
+}
+
+#[test]
+fn market_entitlement_allows_read_surface_but_not_export() {
+    let service = service();
+    service
+        .create_database("read-market", "seller", 1)
+        .expect("database should create");
+    service
+        .write_node(
+            "seller",
+            WriteNodeRequest {
+                database_id: "read-market".to_string(),
+                path: "/Wiki/private.md".to_string(),
+                kind: NodeKind::File,
+                content: "paid body".to_string(),
+                metadata_json: "{}".to_string(),
+                expected_etag: None,
+            },
+            2,
+        )
+        .expect("owner should write");
+    let listing = service
+        .market_create_listing("seller", market_listing_request("read-market", 100), 3)
+        .expect("listing should create");
+    let listing = service
+        .market_publish_listing("seller", &listing.listing_id, 4)
+        .expect("listing should publish");
+    credit_kinic_balance(&service, "buyer", 100, 20, 6);
+    service
+        .market_purchase_access(
+            "buyer",
+            MarketPurchaseRequest {
+                listing_id: listing.listing_id,
+                price_e8s: listing.price_e8s,
+            },
+            7,
+        )
+        .expect("purchase should succeed");
+
+    let node = service
+        .read_node("read-market", "buyer", "/Wiki/private.md")
+        .expect("entitled buyer should read")
+        .expect("node should exist");
+    assert_eq!(node.content, "paid body");
+    assert!(
+        service
+            .export_fs_snapshot(
+                "buyer",
+                vfs_types::ExportSnapshotRequest {
+                    database_id: "read-market".to_string(),
+                    prefix: None,
+                    limit: 10,
+                    cursor: None,
+                    snapshot_session_id: None,
+                    snapshot_revision: None,
+                },
+            )
+            .is_err(),
+        "entitlement must not allow export"
+    );
+}
diff --git a/crates/vfs_store/src/fs_store.rs b/crates/vfs_store/src/fs_store.rs
index 37b2ce17..754ed076 100644
--- a/crates/vfs_store/src/fs_store.rs
+++ b/crates/vfs_store/src/fs_store.rs
@@ -19,12 +19,13 @@ use vfs_types::{
     EditNodeResult, ExportSnapshotRequest, ExportSnapshotResponse, FetchUpdatesRequest,
     FetchUpdatesResponse, GlobNodeHit, GlobNodeType, GlobNodesRequest, GraphLinksRequest,
     GraphNeighborhoodRequest, IncomingLinksRequest, LinkEdge, ListChildrenRequest,
-    ListNodesRequest, MkdirNodeRequest, MkdirNodeResult, MoveNodeRequest, MoveNodeResult,
-    MultiEdit, MultiEditNodeRequest, MultiEditNodeResult, Node, NodeContext, NodeContextRequest,
-    NodeEntry, NodeEntryKind, NodeKind, OutgoingLinksRequest, QueryContext, QueryContextRequest,
-    SearchNodeHit, SearchNodePathsRequest, SearchNodesRequest, SearchPreviewMode, SourceEvidence,
-    SourceEvidenceRef, SourceEvidenceRequest, Status, WriteNodeItem, WriteNodeRequest,
-    WriteNodeResult, WriteNodesRequest,
+    ListNodesRequest, MarketCategoryGraph, MarketCategoryGraphEdge, MarketCategoryGraphNode,
+    MarketListingPreview, MarketListingVerifiedStats, MkdirNodeRequest, MkdirNodeResult,
+    MoveNodeRequest, MoveNodeResult, MultiEdit, MultiEditNodeRequest, MultiEditNodeResult, Node,
+    NodeContext, NodeContextRequest, NodeEntry, NodeEntryKind, NodeKind, OutgoingLinksRequest,
+    QueryContext, QueryContextRequest, SearchNodeHit, SearchNodePathsRequest, SearchNodesRequest,
+    SearchPreviewMode, SourceEvidence, SourceEvidenceRef, SourceEvidenceRequest, Status,
+    WriteNodeItem, WriteNodeRequest, WriteNodeResult, WriteNodesRequest,
 };
 
 use crate::{
@@ -168,6 +169,22 @@ impl FsStore {
         })
     }
 
+    pub fn marketplace_preview(
+        &self,
+    ) -> Result<(MarketListingVerifiedStats, MarketListingPreview), String> {
+        self.read_conn(|conn| {
+            let mut stats = load_marketplace_verified_stats(conn)?;
+            stats.logical_size_bytes = logical_size_bytes_for_conn(conn)?;
+            let preview = MarketListingPreview {
+                top_level_paths: load_marketplace_top_level_paths(conn)?,
+                excerpts: Vec::new(),
+                category_graph: load_marketplace_category_graph(conn)?,
+                preview_stale: false,
+            };
+            Ok((stats, preview))
+        })
+    }
+
     pub fn logical_size_bytes(&self) -> Result<u64, String> {
         #[cfg(not(target_arch = "wasm32"))]
         {
@@ -1437,6 +1454,181 @@ fn count_nodes(conn: &Connection, kind: &str) -> Result<u64, String> {
     u64::try_from(count).map_err(|error| error.to_string())
 }
 
+fn load_marketplace_verified_stats(
+    conn: &Connection,
+) -> Result<MarketListingVerifiedStats, String> {
+    let (
+        total_nodes,
+        wiki_nodes,
+        source_nodes,
+        folder_nodes,
+        markdown_chars,
+        source_chars,
+        last_content_updated_at_ms,
+    ) = conn
+        .query_row(
+            "SELECT COUNT(*),
+                    SUM(CASE WHEN path = '/Wiki' OR path LIKE '/Wiki/%' THEN 1 ELSE 0 END),
+                    SUM(CASE WHEN kind = 'source' THEN 1 ELSE 0 END),
+                    SUM(CASE WHEN kind = 'folder' THEN 1 ELSE 0 END),
+                    SUM(CASE WHEN kind = 'file' THEN length(content) ELSE 0 END),
+                    SUM(CASE WHEN kind = 'source' THEN length(content) ELSE 0 END),
+                    MAX(CASE WHEN kind IN ('file', 'source') THEN updated_at ELSE NULL END)
+             FROM fs_nodes",
+            params![],
+            |row| {
+                Ok((
+                    crate::sqlite::row_get::<i64>(row, 0)?,
+                    crate::sqlite::row_get::<Option<i64>>(row, 1)?,
+                    crate::sqlite::row_get::<Option<i64>>(row, 2)?,
+                    crate::sqlite::row_get::<Option<i64>>(row, 3)?,
+                    crate::sqlite::row_get::<Option<i64>>(row, 4)?,
+                    crate::sqlite::row_get::<Option<i64>>(row, 5)?,
+                    crate::sqlite::row_get::<Option<i64>>(row, 6)?,
+                ))
+            },
+        )
+        .map_err(|error| error.to_string())?;
+    let link_edges = conn
+        .query_row("SELECT COUNT(*) FROM fs_links", params![], |row| {
+            crate::sqlite::row_get::<i64>(row, 0)
+        })
+        .map_err(|error| error.to_string())?;
+    Ok(MarketListingVerifiedStats {
+        total_nodes: nonnegative_i64_to_u64(total_nodes)?,
+        wiki_nodes: nonnegative_i64_to_u64(wiki_nodes.unwrap_or(0))?,
+        source_nodes: nonnegative_i64_to_u64(source_nodes.unwrap_or(0))?,
+        folder_nodes: nonnegative_i64_to_u64(folder_nodes.unwrap_or(0))?,
+        markdown_chars: nonnegative_i64_to_u64(markdown_chars.unwrap_or(0))?,
+        source_chars: nonnegative_i64_to_u64(source_chars.unwrap_or(0))?,
+        link_edges: nonnegative_i64_to_u64(link_edges)?,
+        logical_size_bytes: 0,
+        last_content_updated_at_ms,
+    })
+}
+
+fn load_marketplace_top_level_paths(conn: &Connection) -> Result<Vec<String>, String> {
+    let mut stmt = conn
+        .prepare(
+            "SELECT child.path
+             FROM fs_nodes child
+             JOIN fs_nodes parent ON parent.id = child.parent_id
+             WHERE parent.path = '/Wiki'
+             ORDER BY CASE child.kind WHEN 'folder' THEN 0 WHEN 'file' THEN 1 ELSE 2 END,
+                      child.path ASC
+             LIMIT 12",
+        )
+        .map_err(|error| error.to_string())?;
+    crate::sqlite::query_map(&mut stmt, params![], |row| crate::sqlite::row_get(row, 0))
+        .map_err(|error| error.to_string())
+}
+
+fn load_marketplace_category_graph(conn: &Connection) -> Result<MarketCategoryGraph, String> {
+    let mut stmt = conn
+        .prepare(
+            "SELECT path
+             FROM fs_nodes
+             WHERE path = '/Wiki' OR path LIKE '/Wiki/%'
+             ORDER BY path ASC",
+        )
+        .map_err(|error| error.to_string())?;
+    let paths = crate::sqlite::query_map(&mut stmt, params![], |row| {
+        crate::sqlite::row_get::<String>(row, 0)
+    })
+    .map_err(|error| error.to_string())?;
+    let mut counts = BTreeMap::<String, u64>::new();
+    for path in paths {
+        if let Some(category) = marketplace_top_category(&path) {
+            *counts.entry(category).or_insert(0) += 1;
+        }
+    }
+    let mut nodes = counts
+        .into_iter()
+        .map(|(category, node_count)| MarketCategoryGraphNode {
+            category,
+            node_count,
+        })
+        .collect::<Vec<_>>();
+    nodes.sort_by(|left, right| {
+        right
+            .node_count
+            .cmp(&left.node_count)
+            .then_with(|| left.category.cmp(&right.category))
+    });
+    nodes.truncate(12);
+    let selected = nodes
+        .iter()
+        .map(|node| node.category.clone())
+        .collect::<BTreeSet<_>>();
+
+    let mut stmt = conn
+        .prepare(
+            "SELECT source_path, target_path
+             FROM fs_links
+             WHERE (source_path = '/Wiki' OR source_path LIKE '/Wiki/%')
+               AND (target_path = '/Wiki' OR target_path LIKE '/Wiki/%')",
+        )
+        .map_err(|error| error.to_string())?;
+    let edges = crate::sqlite::query_map(&mut stmt, params![], |row| {
+        Ok((
+            crate::sqlite::row_get::<String>(row, 0)?,
+            crate::sqlite::row_get::<String>(row, 1)?,
+        ))
+    })
+    .map_err(|error| error.to_string())?;
+    let mut edge_counts = BTreeMap::<(String, String), u64>::new();
+    for (source_path, target_path) in edges {
+        let Some(source_category) = marketplace_top_category(&source_path) else {
+            continue;
+        };
+        let Some(target_category) = marketplace_top_category(&target_path) else {
+            continue;
+        };
+        if source_category == target_category
+            || !selected.contains(&source_category)
+            || !selected.contains(&target_category)
+        {
+            continue;
+        }
+        *edge_counts
+            .entry((source_category, target_category))
+            .or_insert(0) += 1;
+    }
+    let mut edges = edge_counts
+        .into_iter()
+        .map(
+            |((source_category, target_category), link_count)| MarketCategoryGraphEdge {
+                source_category,
+                target_category,
+                link_count,
+            },
+        )
+        .collect::<Vec<_>>();
+    edges.sort_by(|left, right| {
+        right
+            .link_count
+            .cmp(&left.link_count)
+            .then_with(|| left.source_category.cmp(&right.source_category))
+            .then_with(|| left.target_category.cmp(&right.target_category))
+    });
+    edges.truncate(30);
+    Ok(MarketCategoryGraph { nodes, edges })
+}
+
+fn marketplace_top_category(path: &str) -> Option<String> {
+    let rest = path.strip_prefix("/Wiki/")?;
+    let segment = rest.split('/').next()?.trim();
+    if segment.is_empty() {
+        None
+    } else {
+        Some(format!("/Wiki/{segment}"))
+    }
+}
+
+fn nonnegative_i64_to_u64(value: i64) -> Result<u64, String> {
+    u64::try_from(value.max(0)).map_err(|error| error.to_string())
+}
+
 fn logical_size_bytes_for_conn(conn: &Connection) -> Result<u64, String> {
     let page_count = conn
         .query_row("PRAGMA page_count", params![], |row| {
diff --git a/crates/vfs_types/src/fs.rs b/crates/vfs_types/src/fs.rs
index c0dc0d3d..14b7dde1 100644
--- a/crates/vfs_types/src/fs.rs
+++ b/crates/vfs_types/src/fs.rs
@@ -127,6 +127,228 @@ pub struct DatabaseCyclesPendingPurchase {
     pub required_action: String,
 }
 
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct KinicBalance {
+    pub balance_e8s: u64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct KinicPendingOperation {
+    pub operation_id: u64,
+    pub kind: String,
+    pub caller: String,
+    pub status: String,
+    pub amount_e8s: u64,
+    pub ledger_block_index: Option<u64>,
+    pub created_at_ms: i64,
+    pub required_action: String,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct KinicPendingOperationsPageRequest {
+    pub cursor_operation_id: Option<u64>,
+    pub limit: u32,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct KinicPendingOperationsPage {
+    pub operations: Vec<KinicPendingOperation>,
+    pub next_cursor_operation_id: Option<u64>,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct KinicDepositRequest {
+    pub amount_e8s: u64,
+    pub expected_fee_e8s: u64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct KinicDepositResult {
+    pub block_index: u64,
+    pub amount_e8s: u64,
+    pub balance_e8s: u64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct KinicFundDatabaseCyclesRequest {
+    pub database_id: String,
+    pub payment_amount_e8s: u64,
+    pub min_expected_cycles: u64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct KinicFundDatabaseCyclesResult {
+    pub payment_amount_e8s: u64,
+    pub amount_cycles: u64,
+    pub database_balance_cycles: u64,
+    pub kinic_balance_e8s: u64,
+}
+
+#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+#[serde(rename_all = "snake_case")]
+pub enum MarketListingStatus {
+    #[serde(alias = "Draft")]
+    Draft,
+    #[serde(alias = "Active")]
+    Active,
+    #[serde(alias = "Paused")]
+    Paused,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketListing {
+    pub listing_id: String,
+    pub seller_principal: String,
+    pub database_id: String,
+    pub title: String,
+    pub description: String,
+    pub llm_summary: Option<String>,
+    pub summary_snapshot_revision: Option<String>,
+    pub sample_excerpts_json: String,
+    pub tags_json: String,
+    pub price_e8s: u64,
+    pub status: MarketListingStatus,
+    pub revision: u64,
+    pub purchase_count: u64,
+    pub report_count: u64,
+    pub created_at_ms: i64,
+    pub updated_at_ms: i64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketListingVerifiedStats {
+    pub total_nodes: u64,
+    pub wiki_nodes: u64,
+    pub source_nodes: u64,
+    pub folder_nodes: u64,
+    pub markdown_chars: u64,
+    pub source_chars: u64,
+    pub link_edges: u64,
+    pub logical_size_bytes: u64,
+    pub last_content_updated_at_ms: Option<i64>,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketPreviewExcerpt {
+    pub path: String,
+    pub etag: String,
+    pub excerpt: String,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketCategoryGraphNode {
+    pub category: String,
+    pub node_count: u64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketCategoryGraphEdge {
+    pub source_category: String,
+    pub target_category: String,
+    pub link_count: u64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketCategoryGraph {
+    pub nodes: Vec<MarketCategoryGraphNode>,
+    pub edges: Vec<MarketCategoryGraphEdge>,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketListingPreview {
+    pub top_level_paths: Vec<String>,
+    pub excerpts: Vec<MarketPreviewExcerpt>,
+    pub category_graph: MarketCategoryGraph,
+    pub preview_stale: bool,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketListingDetail {
+    pub listing: MarketListing,
+    pub verified_stats: MarketListingVerifiedStats,
+    pub preview: MarketListingPreview,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketListingPage {
+    pub listings: Vec<MarketListing>,
+    pub next_cursor: Option<String>,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketCreateListingRequest {
+    pub database_id: String,
+    pub title: String,
+    pub description: String,
+    pub llm_summary: Option<String>,
+    pub summary_snapshot_revision: Option<String>,
+    pub sample_excerpts_json: String,
+    pub tags_json: String,
+    pub price_e8s: u64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketUpdateListingRequest {
+    pub listing_id: String,
+    pub expected_revision: u64,
+    pub title: String,
+    pub description: String,
+    pub llm_summary: Option<String>,
+    pub summary_snapshot_revision: Option<String>,
+    pub sample_excerpts_json: String,
+    pub tags_json: String,
+    pub price_e8s: u64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketPurchaseRequest {
+    pub listing_id: String,
+    pub price_e8s: u64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketPurchasePreview {
+    pub listing_id: String,
+    pub database_id: String,
+    pub price_e8s: u64,
+    pub buyer_balance_e8s: u64,
+    pub already_entitled: bool,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketOrder {
+    pub order_id: String,
+    pub listing_id: String,
+    pub database_id: String,
+    pub buyer_principal: String,
+    pub seller_principal: String,
+    pub price_e8s: u64,
+    pub listing_revision: u64,
+    pub created_at_ms: i64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketOrderPage {
+    pub orders: Vec<MarketOrder>,
+    pub next_cursor: Option<String>,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketEntitlement {
+    pub database_id: String,
+    pub buyer_principal: String,
+    pub listing_id: String,
+    pub order_id: String,
+    pub purchased_at_ms: i64,
+    pub status: String,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
+pub struct MarketEntitlementPage {
+    pub entitlements: Vec<MarketEntitlement>,
+    pub next_cursor: Option<String>,
+}
+
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, CandidType)]
 pub struct StorageBillingBatchRequest {
     pub cursor_mount_id: Option<u16>,
diff --git a/extensions/wiki-clipper/scripts/check-candid-drift.mjs b/extensions/wiki-clipper/scripts/check-candid-drift.mjs
index 574e7dfd..c8ea1f71 100644
--- a/extensions/wiki-clipper/scripts/check-candid-drift.mjs
+++ b/extensions/wiki-clipper/scripts/check-candid-drift.mjs
@@ -190,10 +190,10 @@ function normalizeDidResult(value) {
   if (normalized === "Result_1") return "ResultUnit";
   if (normalized === "Result_9") return "ResultCyclesBillingConfig";
   if (normalized === "Result_4") return "ResultCreateDatabase";
-  if (normalized === "Result_16") return "ResultDatabases";
-  if (normalized === "Result_18") return "ResultMkdirNode";
-  if (normalized === "Result_24") return "ResultNode";
-  if (normalized === "Result_30") return "ResultWriteSourceForGeneration";
+  if (normalized === "Result_20") return "ResultDatabases";
+  if (normalized === "Result_31") return "ResultMkdirNode";
+  if (normalized === "Result_37") return "ResultNode";
+  if (normalized === "Result_43") return "ResultWriteSourceForGeneration";
   if (normalized === "Result") return "ResultWriteNode";
   return normalized;
 }
diff --git a/extensions/wiki-clipper/tests/settings.test.mjs b/extensions/wiki-clipper/tests/settings.test.mjs
index 7169479d..3b782e2e 100644
--- a/extensions/wiki-clipper/tests/settings.test.mjs
+++ b/extensions/wiki-clipper/tests/settings.test.mjs
@@ -18,7 +18,8 @@ import {
   AUTH_SESSION_TTL_NS,
   MAINNET_II_PROVIDER_URL,
   WIKI_CANISTER_DERIVATION_ORIGIN,
-  derivationOriginForLocation
+  derivationOriginForLocation,
+  identityProviderUrlForLocation
 } from "../../../shared/ii-auth/index.js";
 
 test("settings popup omits fixed runtime inputs", () => {
@@ -210,7 +211,14 @@ test("Internet Identity options use 29 day TTL and derivation origin", () => {
   assert.equal(AUTH_OPTIONS.createOptions.idleOptions.disableDefaultIdleCallback, true);
 });
 
-test("CLI login derivation origin uses local origin only for local development", () => {
+test("CLI login helpers use mainnet Internet Identity and canonical derivation origin", () => {
+  assert.equal(
+    identityProviderUrlForLocation({
+      hostname: "localhost",
+      origin: "http://localhost:4943"
+    }),
+    MAINNET_II_PROVIDER_URL
+  );
   assert.equal(
     derivationOriginForLocation({
       hostname: "wiki.kinic.xyz",
@@ -230,7 +238,7 @@ test("CLI login derivation origin uses local origin only for local development",
       hostname: "localhost",
       origin: "http://localhost:4943"
     }),
-    "http://localhost:4943"
+    WIKI_CANISTER_DERIVATION_ORIGIN
   );
 });
 
diff --git a/scripts/build-vfs-canister.sh b/scripts/build-vfs-canister.sh
index 7a41f899..22014e7e 100755
--- a/scripts/build-vfs-canister.sh
+++ b/scripts/build-vfs-canister.sh
@@ -16,6 +16,27 @@ OUTPUT_WASM="${INPUT_WASM}"
 # `icp deploy` sets this; standalone runs default to the repo artifact path.
 ICP_WASM_OUTPUT_PATH="${ICP_WASM_OUTPUT_PATH:-${OUTPUT_WASM}}"
 
+guard_local_ii_origins() {
+  if [[ "${KINIC_VFS_LOCAL_II_ORIGINS:-}" != "1" ]]; then
+    return
+  fi
+  case "${ICP_ENVIRONMENT:-}" in
+    local | local-wiki)
+      return
+      ;;
+    *)
+      echo "KINIC_VFS_LOCAL_II_ORIGINS=1 is only allowed for ICP_ENVIRONMENT=local or local-wiki" >&2
+      exit 1
+      ;;
+  esac
+}
+
+guard_local_ii_origins
+
+if [[ "${1:-}" == "--check-env-only" ]]; then
+  exit 0
+fi
+
 EXTRA_FEATURES=""
 case "${VFS_CANISTER_DIAGNOSTIC_PROFILE:-baseline}" in
   baseline)
diff --git a/scripts/candid-subset-check.mjs b/scripts/candid-subset-check.mjs
new file mode 100644
index 00000000..d9fefc88
--- /dev/null
+++ b/scripts/candid-subset-check.mjs
@@ -0,0 +1,233 @@
+// Where: scripts/candid-subset-check.mjs
+// What: Shared structural checks for hand-written Candid IDL subsets.
+// Why: Browser-side hand-written IDL should fail CI when crates/vfs_canister/vfs.did drifts.
+export function checkCandidSubset({ didSource, idlSource, expectedTypes, expectedMethods, didTypeAliases = {} }) {
+  const failures = [];
+  const didTypes = parseDidTypes(didSource);
+  const didMethods = parseDidMethods(didSource, didTypeAliases);
+  const idlTypes = parseIdlTypes(idlSource);
+  const idlMethods = parseIdlMethods(idlSource);
+
+  for (const [name, shape] of Object.entries(expectedTypes)) {
+    compareShape(failures, `vfs.did type ${name}`, didTypes[didTypeAliases[name] ?? name], shape);
+    compareShape(failures, `hand-written IDL type ${name}`, idlTypes[name], shape);
+  }
+
+  for (const [name, shape] of Object.entries(expectedMethods)) {
+    compareMethod(failures, `vfs.did method ${name}`, didMethods[name], shape, didTypeAliases);
+    compareMethod(failures, `hand-written IDL method ${name}`, idlMethods[name], shape, didTypeAliases);
+  }
+
+  return failures;
+}
+
+function parseDidTypes(source) {
+  const types = {};
+  for (const match of source.matchAll(/^type\s+(\w+)\s*=\s*(record|variant)\s*\{([^]*?)\};/gm)) {
+    const [, name, kind, body] = match;
+    types[name] = kind === "record" ? { kind, fields: parseDidFields(body) } : { kind, cases: parseDidFields(body) };
+  }
+  return types;
+}
+
+function parseDidFields(body) {
+  const fields = {};
+  for (const raw of body.split(";")) {
+    const line = raw.trim();
+    if (!line) continue;
+    const match = line.match(/^"?(\w+)"?\s*(?::\s*(.+))?$/);
+    if (!match) continue;
+    fields[match[1]] = normalizeShape(match[2] ?? "null");
+  }
+  return fields;
+}
+
+function parseDidMethods(source, didTypeAliases) {
+  const service = source.match(/service\s*:\s*\([^)]*\)\s*->\s*\{([^]*?)\n\}/m)?.[1] ?? "";
+  const methods = {};
+  for (const raw of service.split(";")) {
+    const line = raw.trim();
+    if (!line) continue;
+    const match = line.match(/^(\w+)\s*:\s*\(([^)]*)\)\s*->\s*\(([^)]*)\)(?:\s+(\w+))?$/);
+    if (!match) continue;
+    methods[match[1]] = {
+      input: splitShapes(match[2]),
+      output: normalizeResultAlias(match[3], didTypeAliases),
+      mode: match[4] ?? "update"
+    };
+  }
+  return methods;
+}
+
+function parseIdlTypes(source) {
+  const types = {};
+  for (const declaration of extractIdlConstDeclarations(source)) {
+    const match = declaration.initializer.match(/^idl\.(Record|Variant)\(\{([^]*)\}\)$/m);
+    if (!match) continue;
+    const [, rawKind, body] = match;
+    const kind = rawKind === "Record" ? "record" : "variant";
+    const fields = parseIdlFields(body);
+    types[declaration.name] = kind === "record" ? { kind, fields } : { kind, cases: fields };
+  }
+  return types;
+}
+
+function extractIdlConstDeclarations(source) {
+  const declarations = [];
+  const pattern = /const\s+(\w+)\s*=\s*/g;
+  let match;
+  while ((match = pattern.exec(source))) {
+    const name = match[1];
+    const start = match.index + match[0].length;
+    const end = findStatementEnd(source, start);
+    if (end === -1) continue;
+    declarations.push({ name, initializer: source.slice(start, end).trim() });
+    pattern.lastIndex = end + 1;
+  }
+  return declarations;
+}
+
+function parseIdlFields(body) {
+  const fields = {};
+  for (const raw of body.split(",")) {
+    const line = raw.trim();
+    if (!line) continue;
+    const match = line.match(/^(\w+):\s*(.+)$/);
+    if (!match) continue;
+    fields[match[1]] = normalizeIdlShape(match[2]);
+  }
+  return fields;
+}
+
+function parseIdlMethods(source) {
+  const service = source.match(/return\s+idl\.Service\(\{([^]*?)\n\s*\}\);/m)?.[1] ?? "";
+  const methods = {};
+  for (const match of service.matchAll(/^\s*(\w+):\s*idl\.Func\(\[\s*([^\]]*)\s*\],\s*\[\s*([^\]]+?)\s*\],\s*\[\s*(?:"(\w+)")?\s*\]\)/gm)) {
+    methods[match[1]] = {
+      input: splitIdlInputs(match[2]),
+      output: normalizeIdlShape(match[3]),
+      mode: match[4] ?? "update"
+    };
+  }
+  return methods;
+}
+
+function findStatementEnd(source, start) {
+  let depth = 0;
+  let inString = false;
+  for (let index = start; index < source.length; index += 1) {
+    const char = source[index];
+    const previous = source[index - 1];
+    if (char === "\"" && previous !== "\\") {
+      inString = !inString;
+    }
+    if (inString) continue;
+    if (char === "(" || char === "{" || char === "[") {
+      depth += 1;
+    } else if (char === ")" || char === "}" || char === "]") {
+      depth -= 1;
+    } else if (char === ";" && depth === 0) {
+      return index;
+    }
+  }
+  return -1;
+}
+
+function normalizeIdlShape(value) {
+  const normalized = value
+    .trim()
+    .replace(/^idl\./, "")
+    .replace(/^Text$/, "text")
+    .replace(/^Int16$/, "int16")
+    .replace(/^Int64$/, "int64")
+    .replace(/^Nat64$/, "nat64")
+    .replace(/^Nat32$/, "nat32")
+    .replace(/^Nat16$/, "nat16")
+    .replace(/^Nat8$/, "nat8")
+    .replace(/^Nat$/, "nat")
+    .replace(/^Float32$/, "float32")
+    .replace(/^Bool$/, "bool")
+    .replace(/^Principal$/, "principal")
+    .replace(/^Null$/, "null")
+    .replace(/^Opt\((.+)\)$/, (_, inner) => `opt ${normalizeIdlShape(inner)}`)
+    .replace(/^Vec\((.+)\)$/, (_, inner) => `vec ${normalizeIdlShape(inner)}`);
+  return normalizeBlobAlias(normalized);
+}
+
+function splitShapes(value) {
+  const trimmed = value.trim();
+  if (!trimmed) return [];
+  return trimmed.split(",").map((part) => normalizeShape(part));
+}
+
+function normalizeShape(value) {
+  return normalizeBlobAlias(value.trim().replace(/\s+/g, " "));
+}
+
+function splitIdlInputs(value) {
+  const trimmed = value.trim();
+  if (!trimmed) return [];
+  return trimmed.split(",").map((part) => normalizeIdlShape(part));
+}
+
+function normalizeBlobAlias(value) {
+  if (value === "vec nat8") return "blob";
+  if (value === "opt vec nat8") return "opt blob";
+  return value;
+}
+
+function normalizeResultAlias(value, didTypeAliases) {
+  const normalized = normalizeShape(value).replace(/,$/, "").trim();
+  const alias = Object.entries(didTypeAliases).find(([, didName]) => didName === normalized)?.[0];
+  if (alias) return alias;
+  if (normalized === "Result") return "ResultWriteNode";
+  return normalized;
+}
+
+function compareShape(failures, label, actual, expected) {
+  if (!actual) {
+    failures.push(`${label} missing`);
+    return;
+  }
+  if (actual.kind !== expected.kind) {
+    failures.push(`${label} kind mismatch: ${actual.kind} != ${expected.kind}`);
+    return;
+  }
+  compareMap(failures, label, actual.fields ?? actual.cases, expected.fields ?? expected.cases);
+}
+
+function compareMethod(failures, label, actual, expected, didTypeAliases) {
+  if (!actual) {
+    failures.push(`${label} missing`);
+    return;
+  }
+  const actualInput = actual.input.map((name) => canonicalTypeName(name, didTypeAliases));
+  const expectedInput = expected.input.map((name) => canonicalTypeName(name, didTypeAliases));
+  if (JSON.stringify(actualInput) !== JSON.stringify(expectedInput)) {
+    failures.push(`${label} input mismatch: ${actual.input.join(", ")} != ${expected.input.join(", ")}`);
+  }
+  if (actual.output !== expected.output) {
+    failures.push(`${label} output mismatch: ${actual.output} != ${expected.output}`);
+  }
+  if (actual.mode !== expected.mode) {
+    failures.push(`${label} mode mismatch: ${actual.mode} != ${expected.mode}`);
+  }
+}
+
+function canonicalTypeName(name, didTypeAliases) {
+  return didTypeAliases[name] ?? name;
+}
+
+function compareMap(failures, label, actual, expected) {
+  const actualKeys = Object.keys(actual).sort();
+  const expectedKeys = Object.keys(expected).sort();
+  if (JSON.stringify(actualKeys) !== JSON.stringify(expectedKeys)) {
+    failures.push(`${label} fields mismatch: ${actualKeys.join(", ")} != ${expectedKeys.join(", ")}`);
+    return;
+  }
+  for (const key of expectedKeys) {
+    if (actual[key] !== expected[key]) {
+      failures.push(`${label}.${key} mismatch: ${actual[key]} != ${expected[key]}`);
+    }
+  }
+}
diff --git a/scripts/check-build-vfs-canister-guard.mjs b/scripts/check-build-vfs-canister-guard.mjs
new file mode 100644
index 00000000..9f7bf9a7
--- /dev/null
+++ b/scripts/check-build-vfs-canister-guard.mjs
@@ -0,0 +1,32 @@
+// Where: scripts/check-build-vfs-canister-guard.mjs
+// What: Verify production builds reject local Internet Identity origins.
+// Why: A compile-time local II origin flag must not leak into mainnet artifacts.
+import assert from "node:assert/strict";
+import { spawnSync } from "node:child_process";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const root = dirname(dirname(fileURLToPath(import.meta.url)));
+const script = join(root, "scripts", "build-vfs-canister.sh");
+
+assert.equal(run({ KINIC_VFS_LOCAL_II_ORIGINS: "1", ICP_ENVIRONMENT: "ic" }).status, 1);
+assert.match(
+  run({ KINIC_VFS_LOCAL_II_ORIGINS: "1", ICP_ENVIRONMENT: "ic" }).stderr,
+  /only allowed for ICP_ENVIRONMENT=local or local-wiki/
+);
+assert.equal(run({ KINIC_VFS_LOCAL_II_ORIGINS: "1", ICP_ENVIRONMENT: "local-wiki" }).status, 0);
+assert.equal(run({ KINIC_VFS_LOCAL_II_ORIGINS: "1" }).status, 1);
+assert.equal(run({}).status, 0);
+
+console.log("Build VFS canister guard OK");
+
+function run(env) {
+  const cleanEnv = { ...process.env };
+  delete cleanEnv.KINIC_VFS_LOCAL_II_ORIGINS;
+  delete cleanEnv.ICP_ENVIRONMENT;
+  return spawnSync("bash", [script, "--check-env-only"], {
+    cwd: root,
+    env: { ...cleanEnv, ...env },
+    encoding: "utf8"
+  });
+}
diff --git a/scripts/local/deploy_wiki.sh b/scripts/local/deploy_wiki.sh
index 706d72e0..f576dab4 100755
--- a/scripts/local/deploy_wiki.sh
+++ b/scripts/local/deploy_wiki.sh
@@ -63,4 +63,6 @@ if [[ "${1:-}" == "--dry-run" ]]; then
 fi
 
 cd "${REPO_ROOT}"
+export ICP_ENVIRONMENT
+export KINIC_VFS_LOCAL_II_ORIGINS=1
 icp deploy wiki -e "${ICP_ENVIRONMENT}" --args-file "${ARGS_FILE}" "$@"
diff --git a/scripts/mainnet/deploy_wiki.sh b/scripts/mainnet/deploy_wiki.sh
index 224f522e..628e95df 100755
--- a/scripts/mainnet/deploy_wiki.sh
+++ b/scripts/mainnet/deploy_wiki.sh
@@ -49,4 +49,5 @@ if [[ "${1:-}" == "--dry-run" ]]; then
 fi
 
 cd "${REPO_ROOT}"
+unset KINIC_VFS_LOCAL_II_ORIGINS
 icp deploy wiki -e ic --args-file "${ARGS_FILE}" "$@"
diff --git a/scripts/setup-wikibrowser-ii-e2e.sh b/scripts/setup-wikibrowser-ii-e2e.sh
index 79e3ed36..88804fd3 100755
--- a/scripts/setup-wikibrowser-ii-e2e.sh
+++ b/scripts/setup-wikibrowser-ii-e2e.sh
@@ -19,6 +19,46 @@ II_BACKEND_INIT_ARGS='(opt record { captcha_config = opt record { max_unsolved_c
 
 mkdir -p "$ARTIFACT_DIR"
 
+current_identity_principal() {
+  icp identity principal
+}
+
+resolve_wiki_canister_id() {
+  if [ -f "$MAPPING_FILE" ]; then
+    node -e '
+      const fs = require("fs");
+      const [file] = process.argv.slice(1);
+      const ids = JSON.parse(fs.readFileSync(file, "utf8"));
+      if (typeof ids.wiki !== "string" || ids.wiki.trim() === "") process.exit(1);
+      process.stdout.write(ids.wiki);
+    ' "$MAPPING_FILE"
+    return
+  fi
+  return 1
+}
+
+canister_has_module() {
+  local canister_id="$1"
+  icp canister status "$canister_id" -e local-wiki --json \
+    | node -e '
+      const fs = require("fs");
+      const status = JSON.parse(fs.readFileSync(0, "utf8"));
+      process.exit(status.module_hash ? 0 : 1);
+    '
+}
+
+wiki_ledger_canister_id() {
+  icp canister call wiki get_cycles_billing_config '()' -e local-wiki -o candid 2>/dev/null \
+    | awk -F'"' '/kinic_ledger_canister_id/ { print $2; exit }'
+}
+
+deploy_wiki() {
+  ICP_ENVIRONMENT=local-wiki \
+    KINIC_LEDGER_CANISTER_ID="$KINIC_LEDGER_CANISTER_ID" \
+    BILLING_AUTHORITY_ID="$BILLING_AUTHORITY_ID" \
+    bash "$ROOT_DIR/scripts/local/deploy_wiki.sh" "$@"
+}
+
 ensure_canister_id() {
   local id_file="$1"
   if [ -s "$id_file" ]; then
@@ -31,6 +71,22 @@ ensure_canister_id() {
   icp canister create --detached -e local-wiki --quiet > "$id_file"
 }
 
+ensure_distinct_canister_id() {
+  local id_file="$1"
+  shift
+  ensure_canister_id "$id_file"
+  local canister_id
+  canister_id="$(tr -d '[:space:]' < "$id_file")"
+  local forbidden
+  for forbidden in "$@"; do
+    if [ -n "$forbidden" ] && [ "$canister_id" = "$forbidden" ]; then
+      echo "canister id $canister_id in $id_file conflicts with reserved local canister; creating a new detached canister" >&2
+      icp canister create --detached -e local-wiki --quiet > "$id_file"
+      return
+    fi
+  done
+}
+
 if [ ! -s "$BACKEND_WASM_GZ" ]; then
   curl -fsSL "$II_BACKEND_WASM_URL" -o "$BACKEND_WASM_GZ"
 fi
@@ -51,12 +107,38 @@ if [ ! -s "$BACKEND_CANISTER_ID_FILE" ] && [ -s "$LEGACY_CANISTER_ID_FILE" ]; th
   cp "$LEGACY_CANISTER_ID_FILE" "$BACKEND_CANISTER_ID_FILE"
 fi
 
-ensure_canister_id "$BACKEND_CANISTER_ID_FILE"
-ensure_canister_id "$FRONTEND_CANISTER_ID_FILE"
+if [ -z "${BILLING_AUTHORITY_ID:-}" ]; then
+  BILLING_AUTHORITY_ID="$(current_identity_principal)"
+fi
 
+LEDGER_SETUP_OUTPUT="$(ICP_ENVIRONMENT=local-wiki bash "$ROOT_DIR/scripts/local/setup_kinic_ledger.sh")"
+KINIC_LEDGER_CANISTER_ID="${LEDGER_SETUP_OUTPUT#KINIC_LEDGER_CANISTER_ID=}"
+export KINIC_LEDGER_CANISTER_ID
+export BILLING_AUTHORITY_ID
+
+if ! WIKI_CANISTER_ID="$(resolve_wiki_canister_id)"; then
+  echo "local wiki canister id not found; deploying wiki to local-wiki" >&2
+  deploy_wiki
+  WIKI_CANISTER_ID="$(resolve_wiki_canister_id)"
+elif canister_has_module "$WIKI_CANISTER_ID" >/dev/null 2>&1; then
+  CURRENT_LEDGER_CANISTER_ID="$(wiki_ledger_canister_id || true)"
+  if [ "$CURRENT_LEDGER_CANISTER_ID" != "$KINIC_LEDGER_CANISTER_ID" ]; then
+    echo "wiki ledger mismatch (${CURRENT_LEDGER_CANISTER_ID:-missing}); reinstalling wiki for $KINIC_LEDGER_CANISTER_ID" >&2
+    deploy_wiki --mode reinstall
+  else
+    deploy_wiki
+  fi
+else
+  echo "local wiki canister $WIKI_CANISTER_ID missing installed module; deploying wiki to local-wiki" >&2
+  deploy_wiki
+fi
+WIKI_CANISTER_ID="$(resolve_wiki_canister_id)"
+
+ensure_distinct_canister_id "$BACKEND_CANISTER_ID_FILE" "$KINIC_LEDGER_CANISTER_ID" "$WIKI_CANISTER_ID"
 II_BACKEND_CANISTER_ID="$(tr -d '[:space:]' < "$BACKEND_CANISTER_ID_FILE")"
+ensure_distinct_canister_id "$FRONTEND_CANISTER_ID_FILE" "$KINIC_LEDGER_CANISTER_ID" "$WIKI_CANISTER_ID" "$II_BACKEND_CANISTER_ID"
+
 II_FRONTEND_CANISTER_ID="$(tr -d '[:space:]' < "$FRONTEND_CANISTER_ID_FILE")"
-WIKI_CANISTER_ID="$(node -e 'const fs=require("fs"); const file=process.argv[1]; const ids=JSON.parse(fs.readFileSync(file,"utf8")); if(!ids.wiki) throw new Error("wiki canister id is missing"); process.stdout.write(ids.wiki);' "$MAPPING_FILE")"
 II_FRONTEND_INIT_ARGS="$(printf '(record { backend_canister_id = principal "%s"; backend_origin = "http://%s.raw.localhost:8011"; related_origins = null; fetch_root_key = opt true; analytics_config = null; dummy_auth = opt opt record { prompt_for_index = false }; dev_csp = opt true })' "$II_BACKEND_CANISTER_ID" "$II_BACKEND_CANISTER_ID")"
 
 if ! icp canister install "$II_BACKEND_CANISTER_ID" \
@@ -95,9 +177,12 @@ fi
 {
   printf 'NEXT_PUBLIC_WIKI_IC_HOST=http://127.0.0.1:8011\n'
   printf 'NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID=%s\n' "$WIKI_CANISTER_ID"
+  printf 'NEXT_PUBLIC_ENABLE_LOCAL_II_E2E=1\n'
   printf 'NEXT_PUBLIC_II_PROVIDER_URL=http://%s.raw.localhost:8011\n' "$II_FRONTEND_CANISTER_ID"
 } > "$ENV_FILE"
 
 printf 'Wrote %s\n' "$ENV_FILE"
 printf 'NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID=%s\n' "$WIKI_CANISTER_ID"
+printf 'NEXT_PUBLIC_ENABLE_LOCAL_II_E2E=1\n'
 printf 'NEXT_PUBLIC_II_PROVIDER_URL=http://%s.raw.localhost:8011\n' "$II_FRONTEND_CANISTER_ID"
+printf 'For manual localhost testing, run: cp wikibrowser/.env.e2e.local wikibrowser/.env.local && pnpm -C wikibrowser dev -p 3010\n'
diff --git a/shared/ii-auth/index.js b/shared/ii-auth/index.js
index 8cf0d399..ed0f24c0 100644
--- a/shared/ii-auth/index.js
+++ b/shared/ii-auth/index.js
@@ -22,19 +22,11 @@ export function authClientCreateOptions(idleTimeoutMs = AUTH_SESSION_TTL_MS) {
   };
 }
 
-export function identityProviderUrlForLocation(locationLike) {
-  const hostname = locationLike?.hostname ?? "";
-  if (hostname === "localhost" || hostname === "127.0.0.1" || hostname.endsWith(".localhost")) {
-    return `http://id.ai.localhost:${locationLike?.port || "8000"}`;
-  }
+export function identityProviderUrlForLocation() {
   return MAINNET_II_PROVIDER_URL;
 }
 
-export function derivationOriginForLocation(locationLike) {
-  const hostname = locationLike?.hostname ?? "";
-  if (hostname === "localhost" || hostname === "127.0.0.1" || hostname.endsWith(".localhost")) {
-    return locationLike.origin;
-  }
+export function derivationOriginForLocation() {
   return WIKI_CANISTER_DERIVATION_ORIGIN;
 }
 
diff --git a/skill-registry-web/README.md b/skill-registry-web/README.md
index 360dfdcb..d2ef3503 100644
--- a/skill-registry-web/README.md
+++ b/skill-registry-web/README.md
@@ -26,7 +26,6 @@ Required public environment:
 
 ```bash
 NEXT_PUBLIC_WIKI_IC_HOST=https://icp0.io
-NEXT_PUBLIC_II_PROVIDER_URL=https://id.ai
 NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID=xis3j-paaaa-aaaai-axumq-cai
 ```
 
diff --git a/skill-registry-web/lib/auth.ts b/skill-registry-web/lib/auth.ts
index 17b381f3..d49a72a1 100644
--- a/skill-registry-web/lib/auth.ts
+++ b/skill-registry-web/lib/auth.ts
@@ -4,6 +4,7 @@ const DELEGATION_DAYS = 29;
 const MILLISECONDS_PER_DAY = 24 * 60 * 60 * 1000;
 
 export const DELEGATION_TTL_NS = BigInt(DELEGATION_DAYS) * HOURS_PER_DAY * NANOSECONDS_PER_HOUR;
+export const MAINNET_II_PROVIDER_URL = "https://id.ai";
 export const DERIVATION_ORIGIN = "https://xis3j-paaaa-aaaai-axumq-cai.icp0.io";
 export const AUTH_CLIENT_CREATE_OPTIONS = {
   idleOptions: {
@@ -13,14 +14,7 @@ export const AUTH_CLIENT_CREATE_OPTIONS = {
 };
 
 export function identityProviderUrl(): string {
-  if (process.env.NEXT_PUBLIC_II_PROVIDER_URL) {
-    return process.env.NEXT_PUBLIC_II_PROVIDER_URL;
-  }
-  const host = window.location.hostname;
-  if (host === "localhost" || host === "127.0.0.1" || host.endsWith(".localhost")) {
-    return "http://id.ai.localhost:8000";
-  }
-  return "https://id.ai";
+  return MAINNET_II_PROVIDER_URL;
 }
 
 export function authLoginOptions() {
diff --git a/skill-registry-web/next.config.ts b/skill-registry-web/next.config.ts
index 3ecb638e..65c92d7f 100644
--- a/skill-registry-web/next.config.ts
+++ b/skill-registry-web/next.config.ts
@@ -4,7 +4,6 @@ const nextConfig: NextConfig = {
   allowedDevOrigins: ["127.0.0.1"],
   env: {
     NEXT_PUBLIC_WIKI_IC_HOST: process.env.NEXT_PUBLIC_WIKI_IC_HOST ?? "https://icp0.io",
-    NEXT_PUBLIC_II_PROVIDER_URL: process.env.NEXT_PUBLIC_II_PROVIDER_URL ?? "https://id.ai",
     NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID: process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? ""
   },
   reactStrictMode: true
diff --git a/skill-registry-web/scripts/check-skill-registry-web.mjs b/skill-registry-web/scripts/check-skill-registry-web.mjs
index 05833027..0637c83e 100644
--- a/skill-registry-web/scripts/check-skill-registry-web.mjs
+++ b/skill-registry-web/scripts/check-skill-registry-web.mjs
@@ -1,6 +1,8 @@
 import assert from "node:assert/strict";
 import { readFileSync } from "node:fs";
 import ts from "typescript";
+import { checkCandidSubset } from "../../scripts/candid-subset-check.mjs";
+import { didTypeAliases, expectedMethods, expectedTypes } from "../../wikibrowser/scripts/candid-shapes.mjs";
 
 const route = readFileSync(new URL("../app/skills/[databaseId]/page.tsx", import.meta.url), "utf8");
 const client = readFileSync(new URL("../app/skills/skill-registry-client.tsx", import.meta.url), "utf8");
@@ -15,6 +17,7 @@ const types = readFileSync(new URL("../lib/types.ts", import.meta.url), "utf8");
 const vfsClient = readFileSync(new URL("../lib/vfs-client.ts", import.meta.url), "utf8");
 const vfsIdl = readFileSync(new URL("../lib/vfs-idl.ts", import.meta.url), "utf8");
 const packageJson = JSON.parse(readFileSync(new URL("../package.json", import.meta.url), "utf8"));
+const did = readFileSync(new URL("../../crates/vfs_canister/vfs.did", import.meta.url), "utf8");
 
 assert.equal(packageJson.name, "kinic-skill-registry-web");
 assert.match(route, /<SkillRegistryClient databaseId=\{databaseId\} \/>/);
@@ -68,6 +71,16 @@ assert.match(vfsIdl, /Active: idl\.Null/);
 assert.match(vfsIdl, /status: DatabaseStatus/);
 assert.match(vfsIdl, /Deleted: idl\.Null/);
 assert.match(vfsIdl, /deleted_at_ms: idl\.Opt\(idl\.Int64\)/);
+assert.deepEqual(
+  checkCandidSubset({
+    didSource: did,
+    idlSource: vfsIdl,
+    expectedTypes: pickUsedExpectedTypes(vfsIdl),
+    expectedMethods: pickUsedExpectedMethods(vfsIdl),
+    didTypeAliases
+  }),
+  []
+);
 assert.match(vfsClient, /function normalizeDatabaseStatus/);
 assert.match(vfsClient, /"Active" in status/);
 assert.match(vfsClient, /"Pending" in status/);
@@ -129,6 +142,18 @@ assert.equal(
 
 console.log("Skill Registry web checks OK");
 
+function pickUsedExpectedTypes(source) {
+  return Object.fromEntries(
+    Object.entries(expectedTypes).filter(([name]) => new RegExp(`const\\s+${name}\\s*=`).test(source))
+  );
+}
+
+function pickUsedExpectedMethods(source) {
+  return Object.fromEntries(
+    Object.entries(expectedMethods).filter(([name]) => new RegExp(`${name}:\\s*idl\\.Func`).test(source))
+  );
+}
+
 async function importSkillRegistryPackageForTest(relativePath) {
   const sourcePath = new URL(relativePath, import.meta.url);
   const source = readFileSync(sourcePath, "utf8")
diff --git a/wikibrowser/README.md b/wikibrowser/README.md
index ce8fe0e2..7f58b0b2 100644
--- a/wikibrowser/README.md
+++ b/wikibrowser/README.md
@@ -24,17 +24,15 @@ DB_ID="$(cargo run -p kinic-vfs-cli --bin kinic-vfs-cli -- --canister-id <canist
 cargo run -p kinic-vfs-cli --bin kinic-vfs-cli -- --canister-id <canister-id> database grant "$DB_ID" 2vxsx-fae reader
 ```
 
-`database create <database-name>` creates a generated database ID and prints it on success. `NEXT_PUBLIC_WIKI_IC_HOST` controls the browser-side IC agent host. `NEXT_PUBLIC_II_PROVIDER_URL` overrides the Internet Identity frontend URL for local II. `NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID` selects the fixed wiki canister:
+`database create <database-name>` creates a generated database ID and prints it on success. `NEXT_PUBLIC_WIKI_IC_HOST` controls the browser-side IC agent host. Internet Identity uses the mainnet provider `https://id.ai` by default. `NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID` selects the fixed wiki canister:
 
 ```bash
 # local icp network
 NEXT_PUBLIC_WIKI_IC_HOST=http://127.0.0.1:8011
-NEXT_PUBLIC_II_PROVIDER_URL=http://id.ai.localhost:8011
 NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID=<local-wiki-canister-id>
 
 # mainnet / Cloudflare Workers
 NEXT_PUBLIC_WIKI_IC_HOST=https://icp0.io
-NEXT_PUBLIC_II_PROVIDER_URL=https://id.ai
 NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID=xis3j-paaaa-aaaai-axumq-cai
 ```
 
@@ -100,15 +98,25 @@ pnpm typecheck
 pnpm build
 ```
 
-Internet Identity E2E requires a local wiki canister and the E2E setup script. The script deploys the pinned Internet Identity backend/frontend dev canisters with dummy auth and writes `.env.e2e.local`. Override `II_RELEASE` only when intentionally updating the tested Internet Identity release.
+Internet Identity for `localhost` uses the local II canisters prepared by the E2E setup script. The script deploys the local wiki, KINIC ledger, and pinned Internet Identity backend/frontend dev canisters with dummy auth, then writes `.env.e2e.local` with `NEXT_PUBLIC_ENABLE_LOCAL_II_E2E=1`. Copy that file to `.env.local` for manual browser testing on `localhost`; restart the dev server after copying so Next picks up the new public env values. Mainnet II (`https://id.ai`) is reserved for production or preview origins, not `localhost`. Override `II_RELEASE` only when intentionally updating the tested Internet Identity release.
 
 ```bash
+cd ..
 icp network start -d -e local-wiki
-KINIC_LEDGER_CANISTER_ID=<local-ledger-or-test-principal> scripts/local/deploy_wiki.sh
+cd wikibrowser
 pnpm e2e:ii:setup
+cp .env.e2e.local .env.local
+pnpm dev -p 3010
+```
+
+Run E2E in another terminal from `wikibrowser/` while the dev server is running:
+
+```bash
 pnpm e2e:ii
 ```
 
+For production and preview deployments, leave `NEXT_PUBLIC_ENABLE_LOCAL_II_E2E` unset so auth uses `https://id.ai` with the production derivation origin. Do not add `localhost` or `127.0.0.1` to the production `ii-alternative-origins`; Internet Identity also rejects alternative-origin lists with more than 10 entries.
+
 The wiki canister constructor requires cycles billing config; use the deploy wrapper instead of no-arg `icp deploy`.
 
 `next-env.d.ts` is generated by Next and is intentionally ignored. `pnpm typecheck` runs `next typegen` before `tsc` so clean checkouts do not need to commit that file.
diff --git a/wikibrowser/app/app-header.tsx b/wikibrowser/app/app-header.tsx
index 936aee32..d4254141 100644
--- a/wikibrowser/app/app-header.tsx
+++ b/wikibrowser/app/app-header.tsx
@@ -3,8 +3,13 @@
 // Where: root wikibrowser layout.
 // What: renders the shared dashboard/cycles header with wallet and II controls.
 // Why: funding pages should keep the same wallet session and management shell.
+import Link from "next/link";
 import { usePathname } from "next/navigation";
+import { CircleAlert, X } from "lucide-react";
+import { useState } from "react";
 import { AdminHeader } from "@/components/admin-header";
+import { parseDepositAmount } from "@/lib/kinic-deposit";
+import { depositKinicBalanceWithIdentity } from "@/lib/kinic-wallet";
 import { formatTokenAmountFromE8s } from "@/lib/kinic-amount";
 import { AuthControls, WalletControls } from "./home-ui";
 import { connectedWalletPrincipal, useAppSession } from "./app-session-provider";
@@ -17,29 +22,52 @@ export function AppHeader() {
     authReady,
     connectWallet,
     disconnectWallet,
+    kinicBalance,
+    kinicBalanceError,
+    kinicBalanceLoading,
     login,
     logout,
     principal,
+    refreshKinicBalance,
     wallet,
     walletBalance,
     walletBalanceLoading,
     walletBusyProvider,
     walletControlsLocked
   } = useAppSession();
+  const [kinicModalOpen, setKinicModalOpen] = useState(false);
 
-  if (pathname !== "/dashboard" && pathname !== "/cycles") return null;
+  const isMarketplace = pathname === "/marketplace" || pathname.startsWith("/marketplace/");
+  if (pathname !== "/dashboard" && pathname !== "/cycles" && !isMarketplace) return null;
 
-  const title = pathname === "/cycles" ? "Database cycles purchase" : "Database dashboard";
+  const title = pathname === "/cycles" ? "Database cycles purchase" : isMarketplace ? "Kinic marketplace" : "Database dashboard";
   const connectedWalletLabel = wallet ? `${walletLabel(wallet.provider)} ${shortPrincipal(connectedWalletPrincipal(wallet))}` : null;
   const connectedWalletBalanceLabel = walletBalance ? formatTokenAmountFromE8s(walletBalance) : null;
+  const kinicBalanceLabel = kinicBalanceLoading
+    ? "Loading"
+    : kinicBalanceError
+      ? "Unavailable"
+      : principal && kinicBalance !== null
+        ? formatTokenAmountFromE8s(kinicBalance)
+        : "- KINIC";
 
   return (
     <div className="px-6 pt-8">
-      <section className="mx-auto max-w-6xl">
+      <section className={isMarketplace ? "max-w-none" : "mx-auto max-w-6xl"}>
         <AdminHeader
           title={title}
+          nav={<HeaderNav pathname={pathname} />}
           actions={
             <>
+              <button
+                aria-label="KINIC balance"
+                className="inline-flex min-h-10 items-center justify-center gap-2 rounded-lg border border-line bg-white px-3 py-2 text-sm font-medium text-ink hover:border-accent hover:text-accent disabled:cursor-not-allowed disabled:opacity-60"
+                disabled={authLoading}
+                type="button"
+                onClick={() => setKinicModalOpen(true)}
+              >
+                <span className="font-mono">{kinicBalanceLabel}</span>
+              </button>
               <WalletControls
                 busyProvider={walletBusyProvider}
                 connectedBalanceLabel={connectedWalletBalanceLabel}
@@ -66,6 +94,20 @@ export function AppHeader() {
             </>
           }
         />
+        {kinicModalOpen ? (
+          <KinicDepositModal
+            authClient={authClient}
+            authReady={authReady}
+            balance={kinicBalance}
+            balanceError={kinicBalanceError}
+            balanceLoading={kinicBalanceLoading}
+            canisterId={process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? ""}
+            login={login}
+            principal={principal}
+            refreshKinicBalance={refreshKinicBalance}
+            onClose={() => setKinicModalOpen(false)}
+          />
+        ) : null}
       </section>
     </div>
   );
@@ -75,6 +117,136 @@ function walletLabel(provider: "oisy" | "plug"): string {
   return provider === "oisy" ? "OISY" : "Plug";
 }
 
+function HeaderNav({ pathname }: { pathname: string }) {
+  return (
+    <nav className="flex flex-wrap gap-3 text-sm font-semibold">
+      {pathname !== "/dashboard" ? (
+        <Link className="text-accent no-underline hover:underline" href="/dashboard">
+          Dashboard
+        </Link>
+      ) : null}
+      {pathname !== "/marketplace" ? (
+        <Link className="text-accent no-underline hover:underline" href="/marketplace">
+          Marketplace
+        </Link>
+      ) : null}
+    </nav>
+  );
+}
+
+type KinicDepositModalProps = {
+  authClient: ReturnType<typeof useAppSession>["authClient"];
+  authReady: boolean;
+  balance: string | null;
+  balanceError: string | null;
+  balanceLoading: boolean;
+  canisterId: string;
+  login: () => Promise<void>;
+  principal: string | null;
+  refreshKinicBalance: () => Promise<void>;
+  onClose: () => void;
+};
+
+function KinicDepositModal({
+  authClient,
+  authReady,
+  balance,
+  balanceError,
+  balanceLoading,
+  canisterId,
+  login,
+  principal,
+  refreshKinicBalance,
+  onClose
+}: KinicDepositModalProps) {
+  const [amount, setAmount] = useState("1");
+  const [busy, setBusy] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [message, setMessage] = useState<string | null>(null);
+  const currentBalance = balanceLoading ? "Loading" : balance !== null ? formatTokenAmountFromE8s(balance) : "-";
+
+  async function deposit() {
+    if (!authClient || !principal) {
+      setError("Login with Internet Identity first");
+      return;
+    }
+    const amountE8s = parseDepositAmount(amount);
+    if (!amountE8s) {
+      setError("Enter an amount greater than 0 KINIC");
+      return;
+    }
+    setBusy(true);
+    setError(null);
+    setMessage(null);
+    try {
+      const result = await depositKinicBalanceWithIdentity({ canisterId, amountE8s: BigInt(amountE8s) }, authClient.getIdentity());
+      setMessage(`Deposit block ${result.depositBlockIndex}. Balance ${formatTokenAmountFromE8s(result.balanceE8s)}`);
+      await refreshKinicBalance();
+    } catch (cause) {
+      setError(cause instanceof Error ? cause.message : String(cause));
+    } finally {
+      setBusy(false);
+    }
+  }
+
+  return (
+    <div
+      className="fixed inset-0 z-50 grid place-items-center bg-black/35 px-4 py-6"
+      onMouseDown={(event) => {
+        if (event.target === event.currentTarget) onClose();
+      }}
+    >
+      <section className="grid w-full max-w-md gap-4 rounded-lg border border-line bg-white p-4 text-ink shadow-[0_18px_60px_#14142b33]">
+        <div className="flex items-start justify-between gap-3">
+          <div className="grid gap-1">
+            <h2 className="text-lg font-semibold">Deposit KINIC</h2>
+            <p className="break-all text-xs text-muted">{principal ?? (authReady ? "Internet Identity disconnected" : "Loading identity")}</p>
+          </div>
+          <button className="grid size-9 place-items-center rounded-lg hover:bg-paper" type="button" onClick={onClose}>
+            <X aria-label="Close" size={17} />
+          </button>
+        </div>
+
+        <div className="grid gap-1 rounded-lg border border-line p-3">
+          <p className="text-xs font-semibold uppercase text-muted">Balance</p>
+          <p className="font-mono text-2xl font-semibold">{currentBalance}</p>
+          {balanceError ? <p className="text-xs text-red-700">{balanceError}</p> : null}
+        </div>
+
+        <div className="flex flex-wrap gap-2">
+          <input
+            className="min-h-11 min-w-0 flex-1 rounded-lg border border-line px-3 py-2 font-mono text-sm outline-none focus:border-accent"
+            inputMode="decimal"
+            value={amount}
+            onChange={(event) => setAmount(event.target.value)}
+          />
+          <button
+            className="min-h-11 rounded-lg border border-action bg-action px-4 text-sm font-semibold text-white hover:bg-accent disabled:opacity-60"
+            disabled={!principal || busy}
+            type="button"
+            onClick={() => void deposit()}
+          >
+            Deposit
+          </button>
+          {!principal ? (
+            <button className="min-h-11 rounded-lg border border-line px-4 text-sm font-semibold hover:border-accent" disabled={!authReady} type="button" onClick={() => void login()}>
+              Login
+            </button>
+          ) : null}
+        </div>
+
+        {message ? <p className="rounded-lg border border-green-200 bg-green-50 px-3 py-2 text-sm text-green-800">{message}</p> : null}
+        {error ? (
+          <p className="inline-flex items-start gap-2 rounded-lg border border-red-200 bg-red-50 px-3 py-2 text-sm text-red-800">
+            <CircleAlert aria-hidden className="mt-0.5 shrink-0" size={16} />
+            <span>{error}</span>
+          </p>
+        ) : null}
+      </section>
+    </div>
+  );
+}
+
 function shortPrincipal(value: string): string {
   if (value.length <= 16) return value;
   return `${value.slice(0, 8)}...${value.slice(-5)}`;
diff --git a/wikibrowser/app/app-session-provider.tsx b/wikibrowser/app/app-session-provider.tsx
index e48879b2..544f06b2 100644
--- a/wikibrowser/app/app-session-provider.tsx
+++ b/wikibrowser/app/app-session-provider.tsx
@@ -6,7 +6,8 @@
 import { AuthClient } from "@icp-sdk/auth/client";
 import { createContext, useCallback, useContext, useEffect, useRef, useState, type ReactNode } from "react";
 import { AUTH_CLIENT_CREATE_OPTIONS, authLoginOptions } from "@/lib/auth";
-import { connectOisyWallet, connectPlugWallet, getConnectedWalletKinicBalance, type ConnectedKinicWallet } from "@/lib/cycles-wallet";
+import { connectOisyWallet, connectPlugWallet, getConnectedWalletKinicBalance, type ConnectedKinicWallet } from "@/lib/kinic-wallet";
+import { kinicGetBalance } from "@/lib/vfs-client";
 import type { HeaderWalletProvider } from "./home-ui";
 
 type AppSessionContext = {
@@ -15,6 +16,9 @@ type AppSessionContext = {
   authLoading: boolean;
   authReady: boolean;
   principal: string | null;
+  kinicBalance: string | null;
+  kinicBalanceError: string | null;
+  kinicBalanceLoading: boolean;
   wallet: ConnectedKinicWallet | null;
   walletBalance: string | null;
   walletBalanceError: string | null;
@@ -25,6 +29,7 @@ type AppSessionContext = {
   disconnectWallet: (provider: HeaderWalletProvider) => void;
   logout: () => Promise<void>;
   login: () => Promise<void>;
+  refreshKinicBalance: () => Promise<void>;
   refreshWalletBalance: (wallet: ConnectedKinicWallet) => Promise<void>;
   setWalletControlsLocked: (locked: boolean) => void;
 };
@@ -34,12 +39,16 @@ const AppSession = createContext<AppSessionContext | null>(null);
 
 export function AppSessionProvider({ children }: { children: ReactNode }) {
   const canisterId = process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? "";
+  const kinicBalanceSeqRef = useRef(0);
   const walletBalanceSeqRef = useRef(0);
   const [authClient, setAuthClient] = useState<AuthClient | null>(null);
   const [authError, setAuthError] = useState<string | null>(null);
   const [authLoading, setAuthLoading] = useState(true);
   const [authReady, setAuthReady] = useState(false);
   const [principal, setPrincipal] = useState<string | null>(null);
+  const [kinicBalance, setKinicBalance] = useState<string | null>(null);
+  const [kinicBalanceError, setKinicBalanceError] = useState<string | null>(null);
+  const [kinicBalanceLoading, setKinicBalanceLoading] = useState(false);
   const [wallet, setWallet] = useState<ConnectedKinicWallet | null>(() => readStoredWallet());
   const [walletBalance, setWalletBalance] = useState<string | null>(null);
   const [walletBalanceError, setWalletBalanceError] = useState<string | null>(null);
@@ -75,6 +84,36 @@ export function AppSessionProvider({ children }: { children: ReactNode }) {
     clearStoredWallet();
   }, [clearStoredWallet]);
 
+  const clearKinicBalance = useCallback(() => {
+    kinicBalanceSeqRef.current += 1;
+    setKinicBalance(null);
+    setKinicBalanceLoading(false);
+    setKinicBalanceError(null);
+  }, []);
+
+  const refreshKinicBalance = useCallback(async () => {
+    const balanceSeq = (kinicBalanceSeqRef.current += 1);
+    const isCurrentBalance = () => balanceSeq === kinicBalanceSeqRef.current;
+    if (!authClient || !principal) {
+      clearKinicBalance();
+      return;
+    }
+    setKinicBalanceLoading(true);
+    setKinicBalanceError(null);
+    try {
+      const balance = await kinicGetBalance(canisterId, authClient.getIdentity());
+      if (!isCurrentBalance()) return;
+      setKinicBalance(balance.balanceE8s);
+    } catch (cause) {
+      if (!isCurrentBalance()) return;
+      setKinicBalance(null);
+      setKinicBalanceError(`KINIC balance unavailable: ${errorMessage(cause)}`);
+    } finally {
+      if (!isCurrentBalance()) return;
+      setKinicBalanceLoading(false);
+    }
+  }, [authClient, canisterId, clearKinicBalance, principal]);
+
   const refreshWalletBalance = useCallback(
     async (nextWallet: ConnectedKinicWallet) => {
       const balanceSeq = (walletBalanceSeqRef.current += 1);
@@ -128,10 +167,15 @@ export function AppSessionProvider({ children }: { children: ReactNode }) {
     [clearWallet, wallet, walletBusyProvider, walletControlsLocked]
   );
 
-  const syncAuth = useCallback(async (client: AuthClient) => {
-    const authenticated = await client.isAuthenticated();
-    setPrincipal(authenticated ? client.getIdentity().getPrincipal().toText() : null);
-  }, []);
+  const syncAuth = useCallback(
+    async (client: AuthClient) => {
+      const authenticated = await client.isAuthenticated();
+      const nextPrincipal = authenticated ? client.getIdentity().getPrincipal().toText() : null;
+      setPrincipal(nextPrincipal);
+      if (!nextPrincipal) clearKinicBalance();
+    },
+    [clearKinicBalance]
+  );
 
   const login = useCallback(async () => {
     if (!authClient) return;
@@ -156,13 +200,14 @@ export function AppSessionProvider({ children }: { children: ReactNode }) {
     try {
       await authClient.logout();
       setPrincipal(null);
+      clearKinicBalance();
       clearWallet();
     } catch (cause) {
       setAuthError(errorMessage(cause));
     } finally {
       setAuthLoading(false);
     }
-  }, [authClient, clearWallet]);
+  }, [authClient, clearKinicBalance, clearWallet]);
 
   useEffect(() => {
     let cancelled = false;
@@ -188,6 +233,18 @@ export function AppSessionProvider({ children }: { children: ReactNode }) {
     };
   }, [syncAuth]);
 
+  useEffect(() => {
+    if (!authClient || !principal) return;
+    let cancelled = false;
+    queueMicrotask(() => {
+      if (cancelled) return;
+      void refreshKinicBalance();
+    });
+    return () => {
+      cancelled = true;
+    };
+  }, [authClient, principal, refreshKinicBalance]);
+
   useEffect(() => {
     if (!wallet) return;
     let cancelled = false;
@@ -208,6 +265,9 @@ export function AppSessionProvider({ children }: { children: ReactNode }) {
         authLoading,
         authReady,
         principal,
+        kinicBalance,
+        kinicBalanceError,
+        kinicBalanceLoading,
         wallet,
         walletBalance,
         walletBalanceError,
@@ -218,6 +278,7 @@ export function AppSessionProvider({ children }: { children: ReactNode }) {
         disconnectWallet,
         login,
         logout,
+        refreshKinicBalance,
         refreshWalletBalance,
         setWalletControlsLocked
       }}
diff --git a/wikibrowser/app/create-database-dialog.tsx b/wikibrowser/app/create-database-dialog.tsx
index f04d7340..e5fa07d2 100644
--- a/wikibrowser/app/create-database-dialog.tsx
+++ b/wikibrowser/app/create-database-dialog.tsx
@@ -35,7 +35,12 @@ export function CreateDatabaseDialog({
   }
 
   return (
-    <div className="fixed inset-0 z-50 flex items-center justify-center bg-ink/30 px-4">
+    <div
+      className="fixed inset-0 z-50 flex items-center justify-center bg-ink/30 px-4"
+      onMouseDown={(event) => {
+        if (!creating && event.target === event.currentTarget) onCancel();
+      }}
+    >
       <form aria-modal="true" className="w-full max-w-md rounded-lg border border-line bg-paper p-5 shadow-lg" role="dialog" onSubmit={submit}>
         <div className="flex items-start justify-between gap-3">
           <div>
diff --git a/wikibrowser/app/cycles/cycles-client.tsx b/wikibrowser/app/cycles/cycles-client.tsx
index 18c2ab11..7cee5450 100644
--- a/wikibrowser/app/cycles/cycles-client.tsx
+++ b/wikibrowser/app/cycles/cycles-client.tsx
@@ -7,13 +7,17 @@ import { useRouter } from "next/navigation";
 import { CheckCircle2, CircleAlert, Info, PlugZap, Wallet } from "lucide-react";
 import { useMemo, useState } from "react";
 import { useAppSession } from "@/app/app-session-provider";
+import { cyclesForPaymentAmountE8s } from "@/lib/cycles";
 import { parseKinicAmountE8sInput, parseCyclesTarget } from "@/lib/cycles-url";
-import { purchaseCyclesWithOisy, purchaseCyclesWithPlug } from "@/lib/cycles-wallet";
+import { purchaseCyclesWithOisy, purchaseCyclesWithPlug } from "@/lib/kinic-wallet";
 import { formatTokenAmountFromE8s } from "@/lib/kinic-amount";
+import { getCyclesBillingConfig, kinicFundDatabaseCycles } from "@/lib/vfs-client";
 import type { DatabaseStatus } from "@/lib/types";
 
 type CyclesStatus = "idle" | "running" | "success" | "error";
 type CyclesProvider = "oisy" | "plug";
+type FundingProvider = CyclesProvider | "ii";
+type PaymentSource = "wallet" | "kinic";
 
 type CyclesClientProps = {
   canisterId: string;
@@ -23,10 +27,11 @@ type CyclesClientProps = {
 
 export function CyclesClient({ canisterId, databaseId, databaseStatus }: CyclesClientProps) {
   const router = useRouter();
-  const { refreshWalletBalance, wallet, walletBalanceError, walletBusyProvider } = useAppSession();
+  const { authClient, authLoading, login, principal, refreshKinicBalance, refreshWalletBalance, wallet, walletBalanceError, walletBusyProvider } = useAppSession();
   const [status, setStatus] = useState<CyclesStatus>("idle");
   const [message, setMessage] = useState<string | null>(null);
   const [amount, setAmount] = useState("1");
+  const [paymentSource, setPaymentSource] = useState<PaymentSource>("wallet");
   const configuredCanisterId = process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? "";
   const parsedTarget = useMemo(() => {
     const params = new URLSearchParams();
@@ -43,15 +48,48 @@ export function CyclesClient({ canisterId, databaseId, databaseStatus }: CyclesC
   const amountError = typeof parsedAmount === "string" ? parsedAmount : null;
   const busy = status === "running" || walletBusyProvider !== null;
   const selectedProvider = wallet?.provider ?? null;
-  const purchaseDisabled = !selectedProvider || Boolean(error) || Boolean(amountError) || busy;
+  const kinicBalancePendingDisabled = paymentSource === "kinic" && databaseStatus === "pending";
+  const purchaseDisabled =
+    Boolean(error) ||
+    Boolean(amountError) ||
+    busy ||
+    (paymentSource === "wallet" ? !selectedProvider : authLoading || !authClient || kinicBalancePendingDisabled);
 
   async function purchase() {
-    if (!wallet || !selectedProvider) return;
     if (typeof parsedTarget === "string" || typeof parsedAmount !== "bigint" || error) return;
     setStatus("running");
     setMessage(null);
     try {
       const request = { canisterId, databaseId: parsedTarget.databaseId, paymentAmountE8s: parsedAmount };
+      if (paymentSource === "kinic") {
+        if (!authClient || !principal) {
+          await login();
+          setStatus("idle");
+          return;
+        }
+        const config = await getCyclesBillingConfig(canisterId);
+        const minExpectedCycles = cyclesForPaymentAmountE8s(parsedAmount, BigInt(config.cyclesPerKinic));
+        const result = await kinicFundDatabaseCycles(
+          canisterId,
+          authClient.getIdentity(),
+          parsedTarget.databaseId,
+          parsedAmount.toString(),
+          minExpectedCycles.toString()
+        );
+        setMessage(
+          `Internet Identity funded cycles ${result.amountCycles}; paid ${formatTokenAmountFromE8s(result.paymentAmountE8s)} from KINIC balance; database cycles balance ${result.databaseBalanceCycles}; KINIC balance ${formatTokenAmountFromE8s(result.kinicBalanceE8s)}`
+        );
+        await refreshKinicBalance();
+        setStatus("success");
+        router.replace(cyclesPurchaseSuccessHref({
+          cycles: result.amountCycles,
+          databaseId: parsedTarget.databaseId,
+          kinic: formatTokenAmountFromE8s(result.paymentAmountE8s),
+          provider: "ii"
+        }));
+        return;
+      }
+      if (!wallet || !selectedProvider) return;
       const result =
         wallet.provider === "oisy"
           ? await purchaseCyclesWithOisy(request, wallet.connection)
@@ -91,10 +129,30 @@ export function CyclesClient({ canisterId, databaseId, databaseStatus }: CyclesC
             />
             {amountError ? <span className="text-xs text-red-700">{amountError}</span> : null}
           </label>
+          <div className="grid gap-2">
+            <span className="text-xs font-semibold uppercase text-muted">Payment source</span>
+            <div className="grid grid-cols-2 rounded-lg border border-line bg-paper p-1 text-sm font-semibold">
+              <button
+                className={`min-h-10 rounded-md px-3 ${paymentSource === "wallet" ? "bg-white text-ink shadow-sm" : "text-muted hover:text-ink"}`}
+                type="button"
+                onClick={() => setPaymentSource("wallet")}
+              >
+                Wallet KINIC
+              </button>
+              <button
+                className={`min-h-10 rounded-md px-3 ${paymentSource === "kinic" ? "bg-white text-ink shadow-sm" : "text-muted hover:text-ink"}`}
+                disabled={databaseStatus === "pending"}
+                type="button"
+                onClick={() => setPaymentSource("kinic")}
+              >
+                KINIC balance
+              </button>
+            </div>
+          </div>
         </section>
 
         {databaseStatus === "pending" ? <Notice tone="info" text="A newly created database is pending, not active, until this first cycles purchase completes." /> : null}
-        <Notice tone="warning" text="Any authenticated wallet can purchase non-refundable cycles for this database." />
+        <Notice tone="warning" text="Any authenticated wallet can purchase non-refundable cycles for this database. Active databases can also use the Internet Identity KINIC balance." />
 
         <div className="grid gap-3">
           <button
@@ -104,12 +162,13 @@ export function CyclesClient({ canisterId, databaseId, databaseStatus }: CyclesC
             onClick={() => void purchase()}
           >
             {selectedProvider === "plug" ? <PlugZap aria-hidden size={18} /> : <Wallet aria-hidden size={18} />}
-            <span>{purchaseButtonLabel(selectedProvider, status)}</span>
+            <span>{purchaseButtonLabel(selectedProvider, status, paymentSource)}</span>
           </button>
         </div>
 
         {error ? <Notice tone="error" text={error} /> : null}
-        {walletBalanceError ? <Notice tone="error" text={walletBalanceError} /> : null}
+        {paymentSource === "wallet" && walletBalanceError ? <Notice tone="error" text={walletBalanceError} /> : null}
+        {paymentSource === "kinic" && !principal ? <Notice tone="info" text="Login with Internet Identity to use KINIC balance." /> : null}
         {status === "success" && message ? <Notice tone="success" text={message} /> : null}
         {status === "error" && message ? <Notice tone="error" text={message} /> : null}
       </section>
@@ -117,7 +176,10 @@ export function CyclesClient({ canisterId, databaseId, databaseStatus }: CyclesC
   );
 }
 
-function purchaseButtonLabel(selectedProvider: CyclesProvider | null, status: CyclesStatus): string {
+function purchaseButtonLabel(selectedProvider: CyclesProvider | null, status: CyclesStatus, paymentSource: PaymentSource): string {
+  if (paymentSource === "kinic") {
+    return status === "running" ? "Processing Internet Identity" : "Fund cycles from KINIC balance";
+  }
   if (status === "running") {
     if (selectedProvider === "oisy") return "Processing OISY";
     if (selectedProvider === "plug") return "Processing Plug";
@@ -136,7 +198,7 @@ function cyclesPurchaseSuccessHref({
   cycles: string;
   databaseId: string;
   kinic: string;
-  provider: CyclesProvider;
+  provider: FundingProvider;
 }): string {
   const params = new URLSearchParams();
   params.set("funding", "success");
diff --git a/wikibrowser/app/cycles/page.tsx b/wikibrowser/app/cycles/page.tsx
index 6bce19fe..7895425d 100644
--- a/wikibrowser/app/cycles/page.tsx
+++ b/wikibrowser/app/cycles/page.tsx
@@ -29,7 +29,7 @@ function first(value: string | string[] | undefined): string {
 }
 
 function parseDatabaseStatus(value: string): DatabaseStatus | null {
-  if (value === "pending" || value === "active" || value === "restoring" || value === "archiving" || value === "archived" || value === "deleted") {
+  if (value === "pending" || value === "active" || value === "restoring" || value === "archiving" || value === "archived") {
     return value;
   }
   return null;
diff --git a/wikibrowser/app/dashboard/dashboard-client.tsx b/wikibrowser/app/dashboard/dashboard-client.tsx
index 47877c6b..9e41ec07 100644
--- a/wikibrowser/app/dashboard/dashboard-client.tsx
+++ b/wikibrowser/app/dashboard/dashboard-client.tsx
@@ -9,7 +9,7 @@ import { AuthControls, CyclesHistoryPanel, DashboardTabs, OwnerPanel, PendingDat
 import { AdminHeader } from "@/components/admin-header";
 import { CycleBattery } from "@/components/cycle-battery";
 import { AUTH_CLIENT_CREATE_OPTIONS, authLoginOptions } from "@/lib/auth";
-import type { CyclesBillingConfig, DatabaseCycleEntry, DatabaseCyclesPendingPurchase, DatabaseMember, DatabaseRole, DatabaseSummary } from "@/lib/types";
+import type { CyclesBillingConfig, DatabaseCycleEntry, DatabaseCyclesPendingPurchase, DatabaseMember, DatabaseRole, DatabaseSummary, MarketCreateListingRequest, MarketListing, MarketUpdateListingRequest } from "@/lib/types";
 import {
   deleteDatabaseAuthenticated,
   getCyclesBillingConfig,
@@ -20,6 +20,12 @@ import {
   listDatabaseMembersPublic,
   listDatabasesAuthenticated,
   listDatabasesPublic,
+  marketCountActiveEntitlements,
+  marketCreateListing,
+  marketListDatabaseListings,
+  marketPauseListing,
+  marketPublishListing,
+  marketUpdateListing,
   renameDatabaseAuthenticated,
   revokeDatabaseAccessAuthenticated
 } from "@/lib/vfs-client";
@@ -56,6 +62,10 @@ export function DashboardDatabaseClient({ databaseId }: { databaseId: string })
   const [pendingPurchases, setPendingPurchases] = useState<DatabaseCyclesPendingPurchase[]>([]);
   const [pendingPurchasesError, setPendingPurchasesError] = useState<string | null>(null);
   const [pendingPurchasesLoading, setPendingPurchasesLoading] = useState(false);
+  const [marketListings, setMarketListings] = useState<MarketListing[]>([]);
+  const [marketError, setMarketError] = useState<string | null>(null);
+  const [activeEntitlementCount, setActiveEntitlementCount] = useState<string | null>(null);
+  const [marketBusy, setMarketBusy] = useState(false);
 
   const database = useMemo(() => databases.find((item) => item.databaseId === databaseId) ?? null, [databaseId, databases]);
   const isActiveDatabase = database?.status === "active";
@@ -87,6 +97,9 @@ export function DashboardDatabaseClient({ databaseId }: { databaseId: string })
         setDatabases([]);
         setCyclesBillingConfig(null);
         setMembers([]);
+        setMarketListings([]);
+        setMarketError(null);
+        setActiveEntitlementCount(null);
         setError(null);
         setWarning(null);
         setMemberError(null);
@@ -120,6 +133,9 @@ export function DashboardDatabaseClient({ databaseId }: { databaseId: string })
         setDatabases(nextDatabases);
         setCyclesBillingConfig(cyclesResult.status === "fulfilled" ? cyclesResult.value : null);
         setMembers([]);
+        setMarketListings([]);
+        setMarketError(null);
+        setActiveEntitlementCount(null);
         if (publicResult.status === "rejected") {
           setWarning(`Public database list unavailable: ${errorMessage(publicResult.reason)}`);
         }
@@ -128,13 +144,26 @@ export function DashboardDatabaseClient({ databaseId }: { databaseId: string })
         }
         if (identity && nextDatabase?.role === "owner") {
           if (nextDatabase.status === "active") {
-            try {
-              const nextMembers = await listDatabaseMembersAuthenticated(canisterId, identity, nextDatabaseId);
-              if (!isCurrentRefresh()) return;
-              setMembers(nextMembers);
-            } catch (cause) {
-              if (!isCurrentRefresh()) return;
-              setMemberError(errorMessage(cause));
+            const [membersResult, listingsResult, entitlementCountResult] = await Promise.allSettled([
+              listDatabaseMembersAuthenticated(canisterId, identity, nextDatabaseId),
+              marketListDatabaseListings(canisterId, identity, nextDatabaseId),
+              marketCountActiveEntitlements(canisterId, identity, nextDatabaseId)
+            ]);
+            if (!isCurrentRefresh()) return;
+            if (membersResult.status === "fulfilled") {
+              setMembers(membersResult.value);
+            } else {
+              setMemberError(errorMessage(membersResult.reason));
+            }
+            if (listingsResult.status === "fulfilled") {
+              setMarketListings(listingsResult.value);
+            } else {
+              setMarketError(errorMessage(listingsResult.reason));
+            }
+            if (entitlementCountResult.status === "fulfilled") {
+              setActiveEntitlementCount(entitlementCountResult.value);
+            } else {
+              setMarketError((current) => [current, errorMessage(entitlementCountResult.reason)].filter(Boolean).join("; "));
             }
           }
         } else if (nextDatabase?.publicReadable && nextDatabase.status === "active") {
@@ -260,6 +289,9 @@ export function DashboardDatabaseClient({ databaseId }: { databaseId: string })
     setDatabases([]);
     setCyclesBillingConfig(null);
     setMembers([]);
+    setMarketListings([]);
+    setMarketError(null);
+    setActiveEntitlementCount(null);
     setError(null);
     setWarning(null);
     setMemberError(null);
@@ -363,6 +395,70 @@ export function DashboardDatabaseClient({ databaseId }: { databaseId: string })
     }
   }
 
+  async function createMarketListing(request: MarketCreateListingRequest) {
+    if (!authClient || !databaseId) return;
+    setMarketBusy(true);
+    setActionMessage(null);
+    try {
+      await marketCreateListing(canisterId, authClient.getIdentity(), request);
+      setActionTone("info");
+      setActionMessage("Listing created.");
+      await refresh(authClient, databaseId);
+    } catch (cause) {
+      setMarketError(errorMessage(cause));
+    } finally {
+      setMarketBusy(false);
+    }
+  }
+
+  async function updateMarketListing(request: MarketUpdateListingRequest) {
+    if (!authClient || !databaseId) return;
+    setMarketBusy(true);
+    setActionMessage(null);
+    try {
+      await marketUpdateListing(canisterId, authClient.getIdentity(), request);
+      setActionTone("info");
+      setActionMessage("Listing updated.");
+      await refresh(authClient, databaseId);
+    } catch (cause) {
+      setMarketError(errorMessage(cause));
+    } finally {
+      setMarketBusy(false);
+    }
+  }
+
+  async function publishMarketListing(listingId: string) {
+    if (!authClient || !databaseId) return;
+    setMarketBusy(true);
+    setActionMessage(null);
+    try {
+      await marketPublishListing(canisterId, authClient.getIdentity(), listingId);
+      setActionTone("info");
+      setActionMessage("Listing published.");
+      await refresh(authClient, databaseId);
+    } catch (cause) {
+      setMarketError(errorMessage(cause));
+    } finally {
+      setMarketBusy(false);
+    }
+  }
+
+  async function pauseMarketListing(listingId: string) {
+    if (!authClient || !databaseId) return;
+    setMarketBusy(true);
+    setActionMessage(null);
+    try {
+      await marketPauseListing(canisterId, authClient.getIdentity(), listingId);
+      setActionTone("info");
+      setActionMessage("Listing paused.");
+      await refresh(authClient, databaseId);
+    } catch (cause) {
+      setMarketError(errorMessage(cause));
+    } finally {
+      setMarketBusy(false);
+    }
+  }
+
   return (
     <main className="min-h-screen px-6 py-8">
       <section className="mx-auto flex max-w-6xl flex-col gap-6">
@@ -430,11 +526,19 @@ export function DashboardDatabaseClient({ databaseId }: { databaseId: string })
               busyAction={busyAction}
               databaseId={databaseId}
               databaseName={database.name}
+              activeEntitlementCount={activeEntitlementCount}
+              marketBusy={marketBusy}
+              marketError={marketError}
+              marketListings={marketListings}
               members={members}
               principal={principal ?? "anonymous"}
+              onCreateListing={createMarketListing}
               onDelete={deleteDatabase}
               onGrant={grantAccess}
+              onPauseListing={pauseMarketListing}
+              onPublishListing={publishMarketListing}
               onRevoke={revokeAccess}
+              onUpdateListing={updateMarketListing}
             />
           ) : database.publicReadable ? (
             <ReadonlyMembersPanel memberError={memberError} members={members} principal={principal ?? "anonymous"} />
diff --git a/wikibrowser/app/dashboard/dashboard-home-client.tsx b/wikibrowser/app/dashboard/dashboard-home-client.tsx
index 661b445f..8109f108 100644
--- a/wikibrowser/app/dashboard/dashboard-home-client.tsx
+++ b/wikibrowser/app/dashboard/dashboard-home-client.tsx
@@ -9,13 +9,14 @@ import { CreateDatabaseDialog } from "../create-database-dialog";
 import { DatabaseBody, OfficialKinicWikiPanel, StatusPanel } from "../home-ui";
 import { KINIC_LEDGER_FEE_E8S } from "@/lib/cycles";
 import { parseKinicAmountE8sInput } from "@/lib/cycles-url";
-import { purchaseCyclesWithOisy, purchaseCyclesWithPlug } from "@/lib/cycles-wallet";
+import { purchaseCyclesWithOisy, purchaseCyclesWithPlug } from "@/lib/kinic-wallet";
 import { formatTokenAmountFromE8s } from "@/lib/kinic-amount";
 import type { CyclesBillingConfig, DatabaseSummary } from "@/lib/types";
 import { createDatabaseAuthenticated, getCyclesBillingConfig, listDatabasesAuthenticated, listDatabasesPublic } from "@/lib/vfs-client";
 import type { DatabaseRow } from "../home-ui";
 
 type LoadState = "idle" | "loading" | "ready" | "error";
+type FundingProvider = "oisy" | "plug" | "ii";
 
 const CREATE_DATABASE_PURCHASE_KINIC = "1";
 
@@ -150,13 +151,13 @@ export function DashboardHomeClient() {
       setCreateDialogOpen(false);
       setNewDatabaseName("");
       const paymentAmountE8s = createDatabasePurchaseAmountE8s();
-      setWalletMessage(`Database created pending. Requesting ${walletLabel(wallet.provider)} approval for ${formatTokenAmountFromE8s(paymentAmountE8s)}.`);
+      setWalletMessage(`Database created pending. Requesting ${fundingProviderLabel(wallet.provider)} approval for ${formatTokenAmountFromE8s(paymentAmountE8s)}.`);
       const purchaseResult =
         wallet.provider === "oisy"
           ? await purchaseCyclesWithOisy({ canisterId, databaseId: result.database_id, paymentAmountE8s }, wallet.connection)
           : await purchaseCyclesWithPlug({ canisterId, databaseId: result.database_id, paymentAmountE8s }, wallet.connection);
       setWalletMessage(
-        `${walletLabel(wallet.provider)} purchased cycles ${purchaseResult.purchasedCycles}; paid ${formatTokenAmountFromE8s(purchaseResult.paymentAmountE8s)}; database activation can complete.`
+        `${fundingProviderLabel(wallet.provider)} purchased cycles ${purchaseResult.purchasedCycles}; paid ${formatTokenAmountFromE8s(purchaseResult.paymentAmountE8s)}; database activation can complete.`
       );
       await refreshWalletBalance(wallet);
       await refreshDatabases(authClient);
@@ -282,8 +283,10 @@ function createDatabaseRequiredBalanceE8s(): bigint {
   return createDatabasePurchaseAmountE8s() + KINIC_LEDGER_FEE_E8S * 2n;
 }
 
-function walletLabel(provider: "oisy" | "plug"): string {
-  return provider === "oisy" ? "OISY" : "Plug";
+function fundingProviderLabel(provider: FundingProvider): string {
+  if (provider === "oisy") return "OISY";
+  if (provider === "plug") return "Plug";
+  return "Internet Identity";
 }
 
 function walletCanFundCreate(balanceE8s: string | null): boolean {
@@ -319,10 +322,15 @@ function dashboardFundingSuccessMessage(params: { get(name: string): string | nu
   const kinic = params.get("kinic") ?? "";
   const cycles = params.get("cycles") ?? "";
   if (!/^[a-zA-Z0-9_-]+$/.test(databaseId)) return null;
-  if (provider !== "oisy" && provider !== "plug") return null;
+  if (!isFundingProvider(provider)) return null;
   if (!/^(?:<0\.001|[0-9]+\.[0-9]{3}) KINIC$/.test(kinic)) return null;
   if (!/^(?:[0-9]+|[0-9]{1,3}(?:,[0-9]{3})+)$/.test(cycles)) return null;
-  return `${walletLabel(provider)} purchased ${cycles} cycles for ${databaseId}; paid ${kinic}.`;
+  const verb = provider === "ii" ? "funded" : "purchased";
+  return `${fundingProviderLabel(provider)} ${verb} ${cycles} cycles for ${databaseId}; paid ${kinic}.`;
+}
+
+function isFundingProvider(provider: string): provider is FundingProvider {
+  return provider === "oisy" || provider === "plug" || provider === "ii";
 }
 
 function errorMessage(cause: unknown): string {
diff --git a/wikibrowser/app/dashboard/dashboard-ui.tsx b/wikibrowser/app/dashboard/dashboard-ui.tsx
index 311369a0..7762c1cd 100644
--- a/wikibrowser/app/dashboard/dashboard-ui.tsx
+++ b/wikibrowser/app/dashboard/dashboard-ui.tsx
@@ -11,7 +11,7 @@ import { MemberTable } from "./member-table";
 import { formatRawCycles } from "@/lib/cycles";
 import { databaseCyclesView, databaseCyclesHref } from "@/lib/cycles-state";
 import { formatTokenAmountFromE8s } from "@/lib/kinic-amount";
-import type { CyclesBillingConfig, DatabaseCycleEntry, DatabaseCyclesPendingPurchase, DatabaseMember, DatabaseRole, DatabaseSummary } from "@/lib/types";
+import type { CyclesBillingConfig, DatabaseCycleEntry, DatabaseCyclesPendingPurchase, DatabaseMember, DatabaseRole, DatabaseSummary, MarketCreateListingRequest, MarketListing, MarketUpdateListingRequest } from "@/lib/types";
 import { isRoutableDatabaseId, publicDatabasePath, xShareDatabaseHref } from "@/lib/share-links";
 
 type PendingAclAction = {
@@ -55,7 +55,7 @@ export function SummaryPanel({
 }) {
   const routable = isRoutableDatabaseId(databaseId);
   const active = database?.status === "active";
-  const openHref = active && routable ? (publicReadable ? publicDatabasePath(databaseId) : `/${encodeURIComponent(databaseId)}/Wiki`) : null;
+  const openHref = active && routable ? publicDatabasePath(databaseId) : null;
   const cycles = databaseCyclesView(database, cyclesConfig);
   const purchaseHref = database ? databaseCyclesHref(database) : null;
   return (
@@ -97,7 +97,7 @@ export function PendingDatabasePanel(props: {
         <h2 className="text-lg font-semibold text-ink">Reserved database</h2>
         <p className="text-sm leading-6 text-muted">This database is reserved until the first cycle purchase completes. VFS, skills, and member management are available after activation.</p>
       </div>
-      <DatabaseDangerZone cyclesBalance="0" busy={props.busy} busyAction={props.busyAction} databaseId={props.databaseId} databaseName={props.databaseName} onDelete={props.onDelete} />
+      <DatabaseDangerZone activeEntitlementCount={null} cyclesBalance="0" busy={props.busy} busyAction={props.busyAction} databaseId={props.databaseId} databaseName={props.databaseName} onDelete={props.onDelete} />
     </section>
   );
 }
@@ -108,11 +108,19 @@ export function OwnerPanel(props: {
   busyAction: BusyAction | null;
   databaseId: string;
   databaseName: string;
+  activeEntitlementCount: string | null;
+  marketBusy: boolean;
+  marketError: string | null;
+  marketListings: MarketListing[];
   members: DatabaseMember[];
   principal: string;
+  onCreateListing: (request: MarketCreateListingRequest) => void;
   onDelete: () => Promise<string | null>;
   onGrant: (principalText: string, role: DatabaseRole) => void;
+  onPauseListing: (listingId: string) => void;
+  onPublishListing: (listingId: string) => void;
   onRevoke: (principalText: string) => void;
+  onUpdateListing: (request: MarketUpdateListingRequest) => void;
 }) {
   const [pendingAction, setPendingAction] = useState<PendingAclAction | null>(null);
   const publicMember = props.members.find((member) => member.principal === ANONYMOUS_PRINCIPAL);
@@ -242,7 +250,19 @@ export function OwnerPanel(props: {
       <GrantForm busy={props.busy} busyAction={props.busyAction} onGrant={requestGrant} />
       <MemberTable busy={props.busy} busyAction={props.busyAction} members={props.members} principal={props.principal} onRevoke={requestRevoke} onRoleChange={requestRoleChange} />
       {pendingAction ? <ConfirmAclDialog action={pendingAction} busy={props.busy} busyAction={props.busyAction} onCancel={() => setPendingAction(null)} onConfirm={confirmPendingAction} /> : null}
+      <MarketListingsPanel
+        busy={props.marketBusy}
+        databaseId={props.databaseId}
+        databaseName={props.databaseName}
+        error={props.marketError}
+        listings={props.marketListings}
+        onCreate={props.onCreateListing}
+        onPause={props.onPauseListing}
+        onPublish={props.onPublishListing}
+        onUpdate={props.onUpdateListing}
+      />
       <DatabaseDangerZone
+        activeEntitlementCount={props.activeEntitlementCount}
         cyclesBalance={props.cyclesBalance}
         busy={props.busy}
         busyAction={props.busyAction}
@@ -254,6 +274,144 @@ export function OwnerPanel(props: {
   );
 }
 
+function MarketListingsPanel(props: {
+  busy: boolean;
+  databaseId: string;
+  databaseName: string;
+  error: string | null;
+  listings: MarketListing[];
+  onCreate: (request: MarketCreateListingRequest) => void;
+  onPause: (listingId: string) => void;
+  onPublish: (listingId: string) => void;
+  onUpdate: (request: MarketUpdateListingRequest) => void;
+}) {
+  const [selectedListingId, setSelectedListingId] = useState("");
+  const [title, setTitle] = useState(props.databaseName);
+  const [description, setDescription] = useState("");
+  const [price, setPrice] = useState("1");
+  const [tags, setTags] = useState("");
+  const selected = props.listings.find((listing) => listing.listingId === selectedListingId) ?? null;
+  const priceE8s = parseKinicInput(price);
+  const submitDisabled = props.busy || !title.trim() || !description.trim() || !priceE8s;
+
+  function selectListing(listing: MarketListing) {
+    setSelectedListingId(listing.listingId);
+    setTitle(listing.title);
+    setDescription(listing.description);
+    setPrice(decimalFromE8s(listing.priceE8s));
+    setTags(tagsFromJson(listing.tagsJson));
+  }
+
+  function submit(event: FormEvent<HTMLFormElement>) {
+    event.preventDefault();
+    if (submitDisabled || !priceE8s) return;
+    const base = {
+      title: title.trim(),
+      description: description.trim(),
+      llmSummary: null,
+      summarySnapshotRevision: null,
+      sampleExcerptsJson: "[]",
+      tagsJson: tagsJsonFromInput(tags),
+      priceE8s
+    };
+    if (selected) {
+      props.onUpdate({
+        ...base,
+        listingId: selected.listingId,
+        expectedRevision: selected.revision
+      });
+    } else {
+      props.onCreate({
+        ...base,
+        databaseId: props.databaseId
+      });
+    }
+  }
+
+  return (
+    <div className="grid gap-4 border-t border-line px-4 py-4">
+      <div className="flex flex-wrap items-center justify-between gap-3">
+        <div>
+          <h3 className="text-sm font-semibold text-ink">Marketplace</h3>
+          <p className="mt-1 text-sm leading-6 text-muted">DB owner can sell paid reader access.</p>
+        </div>
+        <Link className="rounded-lg border border-line px-3 py-2 text-sm font-semibold text-accent no-underline hover:border-accent" href="/marketplace">
+          Marketplace
+        </Link>
+      </div>
+      {props.error ? <p className="rounded-lg border border-red-200 bg-red-50 px-3 py-2 text-sm text-red-900">{props.error}</p> : null}
+      {props.listings.length ? (
+        <div className="grid gap-2">
+          {props.listings.map((listing) => (
+            <div className="flex flex-wrap items-center justify-between gap-2 rounded-lg border border-line bg-white px-3 py-2 text-sm" key={listing.listingId}>
+              <div className="min-w-0">
+                <p className="truncate font-semibold text-ink">{listing.title}</p>
+                <p className="font-mono text-xs text-muted">
+                  {listing.status} / {formatTokenAmountFromE8s(listing.priceE8s)} / {listing.purchaseCount} purchases
+                </p>
+              </div>
+              <div className="flex flex-wrap gap-2">
+                <ActionButton disabled={props.busy} onClick={() => selectListing(listing)} variant="secondary">
+                  Edit
+                </ActionButton>
+                {listing.status === "Active" ? (
+                  <ActionButton disabled={props.busy} onClick={() => props.onPause(listing.listingId)} variant="secondary">
+                    Pause
+                  </ActionButton>
+                ) : (
+                  <ActionButton disabled={props.busy} onClick={() => props.onPublish(listing.listingId)} variant="primary">
+                    Publish
+                  </ActionButton>
+                )}
+              </div>
+            </div>
+          ))}
+        </div>
+      ) : null}
+      <form className="grid gap-3" onSubmit={submit}>
+        <div className="grid gap-3 md:grid-cols-2">
+          <label className="grid gap-1 text-sm">
+            <span className="text-xs uppercase text-muted">Title</span>
+            <input className="rounded-lg border border-line bg-white px-3 py-2 outline-none focus:border-accent" value={title} onChange={(event) => setTitle(event.target.value)} />
+          </label>
+          <label className="grid gap-1 text-sm">
+            <span className="text-xs uppercase text-muted">Price KINIC</span>
+            <input className="rounded-lg border border-line bg-white px-3 py-2 font-mono outline-none focus:border-accent" inputMode="decimal" value={price} onChange={(event) => setPrice(event.target.value)} />
+          </label>
+        </div>
+        <label className="grid gap-1 text-sm">
+          <span className="text-xs uppercase text-muted">Description</span>
+          <textarea className="min-h-24 rounded-lg border border-line bg-white px-3 py-2 outline-none focus:border-accent" value={description} onChange={(event) => setDescription(event.target.value)} />
+        </label>
+        <label className="grid gap-1 text-sm">
+          <span className="text-xs uppercase text-muted">Tags</span>
+          <input className="rounded-lg border border-line bg-white px-3 py-2 outline-none focus:border-accent" value={tags} onChange={(event) => setTags(event.target.value)} />
+        </label>
+        <div className="flex flex-wrap gap-2">
+          <ActionButton disabled={submitDisabled} loading={props.busy} loadingLabel="Saving..." type="submit" variant="primary">
+            {selected ? "Edit listing" : "Sell"}
+          </ActionButton>
+          {selected ? (
+            <ActionButton
+              disabled={props.busy}
+              onClick={() => {
+                setSelectedListingId("");
+                setTitle(props.databaseName);
+                setDescription("");
+                setPrice("1");
+                setTags("");
+              }}
+              variant="secondary"
+            >
+              New listing
+            </ActionButton>
+          ) : null}
+        </div>
+      </form>
+    </div>
+  );
+}
+
 export function RenameDatabaseDialog(props: {
   busy: boolean;
   busyAction: BusyAction | null;
@@ -272,7 +430,12 @@ export function RenameDatabaseDialog(props: {
     props.onSubmit(trimmed);
   }
   return (
-    <div className="fixed inset-0 z-50 flex items-center justify-center bg-ink/30 px-4">
+    <div
+      className="fixed inset-0 z-50 flex items-center justify-center bg-ink/30 px-4"
+      onMouseDown={(event) => {
+        if (!props.busy && event.target === event.currentTarget) props.onCancel();
+      }}
+    >
       <form className="w-full max-w-md rounded-lg border border-line bg-paper p-5 shadow-lg" onSubmit={submit}>
         <h3 className="text-lg font-semibold text-ink">Rename database</h3>
         <label className="mt-4 grid gap-1 text-sm">
@@ -511,7 +674,12 @@ function ConfirmAclDialog(props: { action: PendingAclAction; busy: boolean; busy
       ? isBusyGrant(props.busyAction, props.action.principalText, props.action.role)
       : isBusyRevoke(props.busyAction, props.action.principalText);
   return (
-    <div className="fixed inset-0 z-50 flex items-center justify-center bg-ink/30 px-4">
+    <div
+      className="fixed inset-0 z-50 flex items-center justify-center bg-ink/30 px-4"
+      onMouseDown={(event) => {
+        if (!props.busy && event.target === event.currentTarget) props.onCancel();
+      }}
+    >
       <div className="w-full max-w-md rounded-lg border border-line bg-paper p-5 shadow-lg">
         <h3 className="text-lg font-semibold text-ink">{props.action.title}</h3>
         <p className="mt-3 text-sm leading-6 text-muted">{props.action.message}</p>
@@ -580,6 +748,41 @@ function databaseStatusLabel(status: DatabaseSummary["status"] | undefined): str
   return labels[status];
 }
 
+function parseKinicInput(value: string): string | null {
+  const trimmed = value.trim();
+  if (!/^\d+(\.\d{0,8})?$/.test(trimmed)) return null;
+  const [whole, fraction = ""] = trimmed.split(".");
+  const e8s = `${whole}${fraction.padEnd(8, "0")}`.replace(/^0+(?=\d)/, "");
+  return BigInt(e8s) > 0n ? e8s : null;
+}
+
+function decimalFromE8s(value: string): string {
+  if (!/^\d+$/.test(value)) return "1";
+  const padded = value.padStart(9, "0");
+  const whole = padded.slice(0, -8).replace(/^0+(?=\d)/, "");
+  const fraction = padded.slice(-8).replace(/0+$/, "");
+  return fraction ? `${whole}.${fraction}` : whole;
+}
+
+function tagsJsonFromInput(value: string): string {
+  const tags = value
+    .split(",")
+    .map((tag) => tag.trim())
+    .filter((tag) => tag.length > 0);
+  return JSON.stringify(tags);
+}
+
+function tagsFromJson(value: string): string {
+  try {
+    const parsed: unknown = JSON.parse(value);
+    if (!Array.isArray(parsed)) return "";
+    const tags = parsed.filter((item): item is string => typeof item === "string");
+    return tags.join(", ");
+  } catch {
+    return "";
+  }
+}
+
 function formatBytes(value: string): string {
   const bytes = Number(value);
   if (!Number.isFinite(bytes) || bytes < 1024) return Number.isFinite(bytes) ? `${bytes} B` : value;
diff --git a/wikibrowser/app/dashboard/database-danger-zone.tsx b/wikibrowser/app/dashboard/database-danger-zone.tsx
index 93923114..dd7cb0b2 100644
--- a/wikibrowser/app/dashboard/database-danger-zone.tsx
+++ b/wikibrowser/app/dashboard/database-danger-zone.tsx
@@ -9,6 +9,7 @@ import type { BusyAction } from "./access-control";
 import { ActionButton } from "./action-button";
 
 export function DatabaseDangerZone(props: {
+  activeEntitlementCount: string | null;
   cyclesBalance: string;
   busy: boolean;
   busyAction: BusyAction | null;
@@ -43,6 +44,7 @@ export function DatabaseDangerZone(props: {
           <p className="mt-2 break-all font-mono text-xs text-red-900">
             {props.databaseName} / {props.databaseId}
           </p>
+          <DeleteEntitlementNotice count={props.activeEntitlementCount} />
           <DeleteCyclesNotice />
         </div>
         <div>
@@ -54,6 +56,7 @@ export function DatabaseDangerZone(props: {
       {deleteDialogOpen ? (
         <ConfirmDeleteDatabaseDialog
           busy={props.busy}
+          activeEntitlementCount={props.activeEntitlementCount}
           databaseId={props.databaseId}
           databaseName={props.databaseName}
           deleting={props.busyAction?.kind === "delete"}
@@ -67,6 +70,7 @@ export function DatabaseDangerZone(props: {
 }
 
 function ConfirmDeleteDatabaseDialog(props: {
+  activeEntitlementCount: string | null;
   busy: boolean;
   databaseId: string;
   databaseName: string;
@@ -78,12 +82,18 @@ function ConfirmDeleteDatabaseDialog(props: {
   const [typedDatabaseId, setTypedDatabaseId] = useState("");
   const deleteConfirmed = typedDatabaseId === props.databaseId;
   return (
-    <div className="fixed inset-0 z-50 flex items-center justify-center bg-ink/30 px-4">
+    <div
+      className="fixed inset-0 z-50 flex items-center justify-center bg-ink/30 px-4"
+      onMouseDown={(event) => {
+        if (!props.deleting && event.target === event.currentTarget) props.onCancel();
+      }}
+    >
       <div className="w-full max-w-md rounded-lg border border-line bg-paper p-5 shadow-lg">
         <h3 className="text-lg font-semibold text-ink">Delete database</h3>
         <p className="mt-3 text-sm leading-6 text-muted">
           Delete {props.databaseName}. This action is irreversible. Archive first if recovery is required.
         </p>
+        <DeleteEntitlementNotice count={props.activeEntitlementCount} />
         <p className="mt-3 break-all rounded-lg border border-line bg-white px-3 py-2 font-mono text-xs text-ink">{props.databaseId}</p>
         {props.deleteError ? (
           <p className="mt-3 rounded-lg border border-red-200 bg-red-50 px-3 py-2 text-sm leading-6 text-red-900" role="alert">
@@ -114,3 +124,8 @@ function ConfirmDeleteDatabaseDialog(props: {
 function DeleteCyclesNotice() {
   return <p className="mt-3 text-sm leading-6 text-red-900">Remaining cycles will be discarded.</p>;
 }
+
+function DeleteEntitlementNotice({ count }: { count: string | null }) {
+  if (!count || count === "0") return null;
+  return <p className="mt-3 text-sm leading-6 text-red-900">{count} active paid readers will lose marketplace access after deletion.</p>;
+}
diff --git a/wikibrowser/app/dashboard/[databaseId]/page.tsx b/wikibrowser/app/dashboard/project/[databaseId]/page.tsx
similarity index 73%
rename from wikibrowser/app/dashboard/[databaseId]/page.tsx
rename to wikibrowser/app/dashboard/project/[databaseId]/page.tsx
index 46255c71..dc49ea59 100644
--- a/wikibrowser/app/dashboard/[databaseId]/page.tsx
+++ b/wikibrowser/app/dashboard/project/[databaseId]/page.tsx
@@ -1,4 +1,4 @@
-import { DashboardDatabaseClient } from "../dashboard-client";
+import { DashboardDatabaseClient } from "@/app/dashboard/dashboard-client";
 
 export default async function DashboardDatabasePage({ params }: { params: Promise<{ databaseId: string }> }) {
   const { databaseId } = await params;
diff --git a/wikibrowser/app/[databaseId]/[[...segments]]/page.tsx b/wikibrowser/app/db/[databaseId]/[[...segments]]/page.tsx
similarity index 77%
rename from wikibrowser/app/[databaseId]/[[...segments]]/page.tsx
rename to wikibrowser/app/db/[databaseId]/[[...segments]]/page.tsx
index 7f820031..59af52c1 100644
--- a/wikibrowser/app/[databaseId]/[[...segments]]/page.tsx
+++ b/wikibrowser/app/db/[databaseId]/[[...segments]]/page.tsx
@@ -1,4 +1,4 @@
-// Where: wikibrowser/app/[databaseId]/[[...segments]]/page.tsx
+// Where: wikibrowser/app/db/[databaseId]/[[...segments]]/page.tsx
 // What: Leaf route marker for wiki node paths.
 // Why: The persistent WikiBrowser shell lives in the parent layout to avoid remounting on each child path change.
 
diff --git a/wikibrowser/app/[databaseId]/layout.tsx b/wikibrowser/app/db/[databaseId]/layout.tsx
similarity index 78%
rename from wikibrowser/app/[databaseId]/layout.tsx
rename to wikibrowser/app/db/[databaseId]/layout.tsx
index af48e335..2568c742 100644
--- a/wikibrowser/app/[databaseId]/layout.tsx
+++ b/wikibrowser/app/db/[databaseId]/layout.tsx
@@ -1,13 +1,12 @@
-// Where: wikibrowser/app/[databaseId]/layout.tsx
+// Where: wikibrowser/app/db/[databaseId]/layout.tsx
 // What: Persistent database browser shell for every node path in one database.
 // Why: App Router pages are route leaves; keeping WikiBrowser in a layout preserves Explorer state across child navigation.
 
 import type { Metadata } from "next";
-import { notFound } from "next/navigation";
 import { Suspense, type ReactNode } from "react";
 import { WikiBrowser } from "@/components/wiki-browser";
 import { databasePreviewDescription, databasePreviewTitle, loadDatabasePreview } from "@/lib/database-preview";
-import { isReservedDatabaseRouteSlug, publicDatabasePath } from "@/lib/share-links";
+import { databaseRouteBase, publicDatabasePath } from "@/lib/share-links";
 
 type WikiDatabaseLayoutProps = {
   children: ReactNode;
@@ -16,14 +15,12 @@ type WikiDatabaseLayoutProps = {
 
 export async function generateMetadata({ params }: { params: Promise<{ databaseId: string }> }): Promise<Metadata> {
   const { databaseId } = await params;
-  if (isReservedDatabaseRouteSlug(databaseId)) {
-    notFound();
-  }
   const canisterId = process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? "";
   const preview = await loadDatabasePreview(canisterId, databaseId);
   const title = databasePreviewTitle(preview.databaseName);
   const description = databasePreviewDescription(preview);
   const url = publicDatabasePath(preview.databaseId);
+  const routeBase = databaseRouteBase(preview.databaseId);
   const imageAlt = `${title} link preview`;
   return {
     title,
@@ -39,7 +36,7 @@ export async function generateMetadata({ params }: { params: Promise<{ databaseI
       url,
       images: [
         {
-          url: `/${encodeURIComponent(preview.databaseId)}/opengraph-image`,
+          url: `${routeBase}/opengraph-image`,
           width: 1200,
           height: 630,
           alt: imageAlt
@@ -52,7 +49,7 @@ export async function generateMetadata({ params }: { params: Promise<{ databaseI
       description,
       images: [
         {
-          url: `/${encodeURIComponent(preview.databaseId)}/twitter-image`,
+          url: `${routeBase}/twitter-image`,
           alt: imageAlt
         }
       ]
@@ -62,10 +59,7 @@ export async function generateMetadata({ params }: { params: Promise<{ databaseI
 
 export default async function WikiDatabaseLayout({ children, params }: WikiDatabaseLayoutProps) {
   void children;
-  const { databaseId } = await params;
-  if (isReservedDatabaseRouteSlug(databaseId)) {
-    notFound();
-  }
+  void params;
   return (
     <Suspense fallback={<div className="min-h-screen bg-canvas" />}>
       <WikiBrowser />
diff --git a/wikibrowser/app/[databaseId]/opengraph-image.tsx b/wikibrowser/app/db/[databaseId]/opengraph-image.tsx
similarity index 81%
rename from wikibrowser/app/[databaseId]/opengraph-image.tsx
rename to wikibrowser/app/db/[databaseId]/opengraph-image.tsx
index 87dae594..475658b9 100644
--- a/wikibrowser/app/[databaseId]/opengraph-image.tsx
+++ b/wikibrowser/app/db/[databaseId]/opengraph-image.tsx
@@ -2,10 +2,8 @@ import {
   LINK_PREVIEW_CONTENT_TYPE,
   LINK_PREVIEW_SIZE,
   renderLinkPreviewImage
-} from "../link-preview-image";
-import { notFound } from "next/navigation";
+} from "@/app/link-preview-image";
 import { databasePreviewDescription, loadDatabasePreview } from "@/lib/database-preview";
-import { isReservedDatabaseRouteSlug } from "@/lib/share-links";
 
 export const alt = "Kinic Wiki database link preview";
 export const size = LINK_PREVIEW_SIZE;
@@ -13,9 +11,6 @@ export const contentType = LINK_PREVIEW_CONTENT_TYPE;
 
 export default async function Image({ params }: { params: Promise<{ databaseId: string }> }) {
   const { databaseId } = await params;
-  if (isReservedDatabaseRouteSlug(databaseId)) {
-    notFound();
-  }
   const canisterId = process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? "";
   const preview = await loadDatabasePreview(canisterId, databaseId);
   return renderLinkPreviewImage({
diff --git a/wikibrowser/app/[databaseId]/twitter-image.tsx b/wikibrowser/app/db/[databaseId]/twitter-image.tsx
similarity index 81%
rename from wikibrowser/app/[databaseId]/twitter-image.tsx
rename to wikibrowser/app/db/[databaseId]/twitter-image.tsx
index 87dae594..475658b9 100644
--- a/wikibrowser/app/[databaseId]/twitter-image.tsx
+++ b/wikibrowser/app/db/[databaseId]/twitter-image.tsx
@@ -2,10 +2,8 @@ import {
   LINK_PREVIEW_CONTENT_TYPE,
   LINK_PREVIEW_SIZE,
   renderLinkPreviewImage
-} from "../link-preview-image";
-import { notFound } from "next/navigation";
+} from "@/app/link-preview-image";
 import { databasePreviewDescription, loadDatabasePreview } from "@/lib/database-preview";
-import { isReservedDatabaseRouteSlug } from "@/lib/share-links";
 
 export const alt = "Kinic Wiki database link preview";
 export const size = LINK_PREVIEW_SIZE;
@@ -13,9 +11,6 @@ export const contentType = LINK_PREVIEW_CONTENT_TYPE;
 
 export default async function Image({ params }: { params: Promise<{ databaseId: string }> }) {
   const { databaseId } = await params;
-  if (isReservedDatabaseRouteSlug(databaseId)) {
-    notFound();
-  }
   const canisterId = process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? "";
   const preview = await loadDatabasePreview(canisterId, databaseId);
   return renderLinkPreviewImage({
diff --git a/wikibrowser/app/globals.css b/wikibrowser/app/globals.css
index 6be80546..c7ff5aa8 100644
--- a/wikibrowser/app/globals.css
+++ b/wikibrowser/app/globals.css
@@ -129,3 +129,67 @@ code {
 .cm-scroller {
   line-height: 1.6;
 }
+
+
+
+@layer base {
+  :root {
+    --background: 0 0% 100%;
+    --foreground: 0 0% 0%;
+    --card: 0 0% 100%;
+    --card-foreground: 0 0% 0%;
+    --popover: 0 0% 100%;
+    --popover-foreground: 0 0% 0%;
+    --primary: 0 0% 0%;
+    --primary-foreground: 0 0% 100%;
+    --secondary: 0 0% 97.3%;
+    --secondary-foreground: 0 0% 0%;
+    --muted: 1 1% 38.4%;
+    --muted-foreground: 1 1% 38.4%;
+    --accent: 331 100% 57.5%;
+    --accent-foreground: 0 0% 100%;
+    --destructive: 0 72% 51%;
+    --destructive-foreground: 0 0% 100%;
+    --border: 0 0% 90.2%;
+    --input: 0 0% 90.2%;
+    --ring: 331 100% 57.5%;
+    --radius: 1rem;
+    --sidebar-background: 0 0% 97.3%;
+    --sidebar-foreground: 0 0% 0%;
+    --sidebar-primary: 0 0% 0%;
+    --sidebar-primary-foreground: 0 0% 100%;
+    --sidebar-accent: 331 100% 57.5%;
+    --sidebar-accent-foreground: 0 0% 100%;
+    --sidebar-border: 0 0% 90.2%;
+    --sidebar-ring: 331 100% 57.5%;
+  }
+  .dark {
+    --background: 0 0% 100%;
+    --foreground: 0 0% 0%;
+    --card: 0 0% 100%;
+    --card-foreground: 0 0% 0%;
+    --popover: 0 0% 100%;
+    --popover-foreground: 0 0% 0%;
+    --primary: 0 0% 0%;
+    --primary-foreground: 0 0% 100%;
+    --secondary: 0 0% 97.3%;
+    --secondary-foreground: 0 0% 0%;
+    --muted: 1 1% 38.4%;
+    --muted-foreground: 1 1% 38.4%;
+    --accent: 331 100% 57.5%;
+    --accent-foreground: 0 0% 100%;
+    --destructive: 0 72% 51%;
+    --destructive-foreground: 0 0% 100%;
+    --border: 0 0% 90.2%;
+    --input: 0 0% 90.2%;
+    --ring: 331 100% 57.5%;
+    --sidebar-background: 0 0% 97.3%;
+    --sidebar-foreground: 0 0% 0%;
+    --sidebar-primary: 0 0% 0%;
+    --sidebar-primary-foreground: 0 0% 100%;
+    --sidebar-accent: 331 100% 57.5%;
+    --sidebar-accent-foreground: 0 0% 100%;
+    --sidebar-border: 0 0% 90.2%;
+    --sidebar-ring: 331 100% 57.5%;
+  }
+}
diff --git a/wikibrowser/app/home-ui.tsx b/wikibrowser/app/home-ui.tsx
index 9f1151c0..ea4326fc 100644
--- a/wikibrowser/app/home-ui.tsx
+++ b/wikibrowser/app/home-ui.tsx
@@ -320,7 +320,7 @@ function DatabaseTableRow({ cyclesConfig, database, mode }: { cyclesConfig: Cycl
         </td>
       ) : null}
       <td className="px-4 py-3">
-        <DatabaseActionLink href={`/dashboard/${encodeURIComponent(database.databaseId)}`} icon={<Settings aria-hidden size={14} />} label="Manage" />
+        <DatabaseActionLink href={`/dashboard/project/${encodeURIComponent(database.databaseId)}`} icon={<Settings aria-hidden size={14} />} label="Manage" />
       </td>
     </tr>
   );
@@ -355,7 +355,7 @@ function DatabaseMobileCard({ cyclesConfig, database, mode }: { cyclesConfig: Cy
           <DatabaseActionLink href={databaseCyclesHref(database)} icon={<Wallet aria-hidden size={14} />} label="Top up" />
         ) : null}
         {active && database.publicReadable ? <ShareDatabaseLink database={database} /> : null}
-        <DatabaseActionLink href={`/dashboard/${encodeURIComponent(database.databaseId)}`} icon={<Settings aria-hidden size={14} />} label="Manage" />
+        <DatabaseActionLink href={`/dashboard/project/${encodeURIComponent(database.databaseId)}`} icon={<Settings aria-hidden size={14} />} label="Manage" />
       </div>
     </article>
   );
@@ -442,7 +442,7 @@ export function CreatedDatabasePanel({ databaseId, name }: { databaseId: string;
   return (
     <div className="rounded-lg border border-line bg-paper px-4 py-3 text-sm text-ink">
       Created <span className="font-semibold">{name}</span> <span className="font-mono text-xs text-muted">{databaseId}</span>.{" "}
-      <Link className="text-accent no-underline hover:underline" href={`/dashboard/${encodeURIComponent(databaseId)}`}>
+      <Link className="text-accent no-underline hover:underline" href={`/dashboard/project/${encodeURIComponent(databaseId)}`}>
         Manage reservation
       </Link>
     </div>
@@ -468,5 +468,5 @@ function isActiveRoutableDatabase(database: DatabaseRow): boolean {
 }
 
 function openDatabaseHref(database: DatabaseRow): string {
-  return `/${encodeURIComponent(database.databaseId)}/Wiki`;
+  return publicDatabasePath(database.databaseId);
 }
diff --git a/wikibrowser/app/layout.tsx b/wikibrowser/app/layout.tsx
index b52a1654..f1a21b5c 100644
--- a/wikibrowser/app/layout.tsx
+++ b/wikibrowser/app/layout.tsx
@@ -2,6 +2,7 @@ import type { Metadata } from "next";
 import "./globals.css";
 import { AppHeader } from "./app-header";
 import { AppSessionProvider } from "./app-session-provider";
+import { TooltipProvider } from "@/components/ui/tooltip";
 
 export const metadata: Metadata = {
   metadataBase: new URL("https://wiki.kinic.xyz"),
@@ -25,8 +26,10 @@ export default function RootLayout({ children }: { children: React.ReactNode })
     <html lang="en">
       <body>
         <AppSessionProvider>
-          <AppHeader />
-          {children}
+          <TooltipProvider delayDuration={120}>
+            <AppHeader />
+            {children}
+          </TooltipProvider>
         </AppSessionProvider>
       </body>
     </html>
diff --git a/wikibrowser/app/marketplace/[listingId]/listing-detail-client.tsx b/wikibrowser/app/marketplace/[listingId]/listing-detail-client.tsx
new file mode 100644
index 00000000..bdde6013
--- /dev/null
+++ b/wikibrowser/app/marketplace/[listingId]/listing-detail-client.tsx
@@ -0,0 +1,295 @@
+"use client";
+
+import Link from "next/link";
+import { CheckCircle2, CircleAlert, ShoppingCart } from "lucide-react";
+import { useCallback, useEffect, useMemo, useState } from "react";
+import { useAppSession } from "@/app/app-session-provider";
+import { formatTokenAmountFromE8s } from "@/lib/kinic-amount";
+import { hrefForPath } from "@/lib/paths";
+import { marketGetListing, marketPurchaseAccess } from "@/lib/vfs-client";
+import type { MarketCategoryGraph, MarketListingDetail, MarketListingVerifiedStats, MarketPreviewExcerpt } from "@/lib/types";
+
+type ListingDetailClientProps = {
+  canisterId: string;
+  listingId: string;
+};
+
+type ActionState = "idle" | "loading" | "success" | "error";
+
+export function ListingDetailClient({ canisterId, listingId }: ListingDetailClientProps) {
+  const { authClient, principal, refreshKinicBalance } = useAppSession();
+  const [detail, setDetail] = useState<MarketListingDetail | null>(null);
+  const [state, setState] = useState<ActionState>("loading");
+  const [purchaseState, setPurchaseState] = useState<ActionState>("idle");
+  const [message, setMessage] = useState<string | null>(null);
+
+  const listing = detail?.listing ?? null;
+  const tags = useMemo(() => parseJsonArray(listing?.tagsJson ?? "[]"), [listing]);
+
+  const load = useCallback(async () => {
+    setState("loading");
+    setMessage(null);
+    try {
+      const nextListing = await marketGetListing(canisterId, listingId);
+      setDetail(nextListing);
+      setState("idle");
+    } catch (cause) {
+      setMessage(cause instanceof Error ? cause.message : String(cause));
+      setState("error");
+    }
+  }, [canisterId, listingId]);
+
+  async function purchase() {
+    if (!authClient || !principal || !listing) {
+      setMessage("Login with Internet Identity first");
+      setPurchaseState("error");
+      return;
+    }
+    setPurchaseState("loading");
+    setMessage(null);
+    try {
+      const identity = authClient.getIdentity();
+      const order = await marketPurchaseAccess(canisterId, identity, listing.listingId, listing.priceE8s);
+      await refreshKinicBalance();
+      setMessage(`Order ${order.orderId}. KINIC balance updated. Access is ready.`);
+      setPurchaseState("success");
+    } catch (cause) {
+      setMessage(cause instanceof Error ? cause.message : String(cause));
+      setPurchaseState("error");
+    }
+  }
+
+  useEffect(() => {
+    const timer = window.setTimeout(() => {
+      void load();
+    }, 0);
+    return () => window.clearTimeout(timer);
+  }, [load]);
+
+  return (
+    <main className="min-w-0 text-ink">
+      <section className="grid max-w-5xl gap-5">
+        <Link className="text-sm font-semibold text-accent hover:underline" href="/marketplace">
+          Marketplace
+        </Link>
+
+        {listing && detail ? (
+          <>
+            <section className="grid gap-3">
+              <div className="flex flex-wrap items-start justify-between gap-3">
+                <div className="grid gap-2">
+                  <h1 className="text-2xl font-semibold">{listing.title}</h1>
+                  <p className="text-sm text-muted">{listing.description}</p>
+                </div>
+                <div className="rounded-lg border border-line px-3 py-2 text-right">
+                  <p className="font-mono text-lg font-semibold">{formatTokenAmountFromE8s(listing.priceE8s)}</p>
+                </div>
+              </div>
+              <div className="flex flex-wrap gap-2">
+                {tags.map((tag) => (
+                  <span className="rounded border border-line px-2 py-1 text-xs text-muted" key={tag}>
+                    {tag}
+                  </span>
+                ))}
+              </div>
+            </section>
+
+            {listing.llmSummary ? <p className="rounded-lg border border-line bg-paper p-3 text-sm">{listing.llmSummary}</p> : null}
+
+            <VerifiedStats stats={detail.verifiedStats} />
+            <ContentsSample paths={detail.preview.topLevelPaths} />
+            <RelationshipGraph graph={detail.preview.categoryGraph} />
+            <SampleExcerpts excerpts={detail.preview.excerpts} stale={detail.preview.previewStale} />
+
+            <section className="flex flex-wrap items-center gap-3">
+              <button
+                className="inline-flex min-h-11 items-center gap-2 rounded-lg border border-action bg-action px-4 py-2 text-sm font-semibold text-white hover:bg-accent disabled:opacity-60"
+                disabled={!principal || purchaseState === "loading" || purchaseState === "success"}
+                type="button"
+                onClick={() => void purchase()}
+              >
+                <ShoppingCart aria-hidden size={17} />
+                <span>{purchaseState === "success" ? "Purchased" : "Purchase access"}</span>
+              </button>
+              {!principal ? <span className="text-sm text-muted">Login with Internet Identity to purchase</span> : null}
+              {purchaseState === "success" ? (
+                <Link
+                  className="inline-flex min-h-11 items-center rounded-lg border border-line px-4 py-2 text-sm font-semibold text-accent no-underline hover:border-accent"
+                  href={hrefForPath(canisterId, listing.databaseId, "/Wiki")}
+                >
+                  Open database
+                </Link>
+              ) : null}
+            </section>
+          </>
+        ) : null}
+
+        {state === "loading" ? <p className="rounded-lg border border-line bg-paper px-3 py-2 text-sm">Loading</p> : null}
+        {message ? <Notice tone={state === "error" || purchaseState === "error" ? "error" : "success"} text={message} /> : null}
+      </section>
+    </main>
+  );
+}
+
+function VerifiedStats({ stats }: { stats: MarketListingVerifiedStats }) {
+  const items = [
+    ["Wiki nodes", stats.wikiNodes],
+    ["Source nodes", stats.sourceNodes],
+    ["Folders", stats.folderNodes],
+    ["Markdown chars", stats.markdownChars],
+    ["Source chars", stats.sourceChars],
+    ["Link edges", stats.linkEdges],
+    ["Logical size", formatBytes(stats.logicalSizeBytes)],
+    ["Last updated", formatDate(stats.lastContentUpdatedAtMs)]
+  ];
+  return (
+    <section className="grid gap-3 rounded-lg border border-line p-3">
+      <h2 className="text-sm font-semibold">Verified stats</h2>
+      <dl className="grid gap-2 sm:grid-cols-2">
+        {items.map(([label, value]) => (
+          <div className="flex min-h-9 items-center justify-between gap-3 border-b border-line/70 py-1 text-sm last:border-b-0 sm:last:border-b" key={label}>
+            <dt className="text-muted">{label}</dt>
+            <dd className="font-mono text-xs font-semibold text-ink">{value}</dd>
+          </div>
+        ))}
+      </dl>
+    </section>
+  );
+}
+
+function ContentsSample({ paths }: { paths: string[] }) {
+  return (
+    <section className="grid gap-2 rounded-lg border border-line p-3">
+      <h2 className="text-sm font-semibold">Contents sample</h2>
+      {paths.length ? (
+        <ul className="grid gap-2 text-sm text-muted">
+          {paths.map((path) => (
+            <li className="break-words font-mono text-xs" key={path}>
+              {path}
+            </li>
+          ))}
+        </ul>
+      ) : (
+        <p className="text-sm text-muted">No public contents sample.</p>
+      )}
+    </section>
+  );
+}
+
+function RelationshipGraph({ graph }: { graph: MarketCategoryGraph }) {
+  const positioned = useMemo(() => {
+    const centerX = 300;
+    const centerY = 170;
+    const radius = 115;
+    return graph.nodes.map((node, index) => {
+      const angle = graph.nodes.length <= 1 ? 0 : (Math.PI * 2 * index) / graph.nodes.length;
+      return {
+        ...node,
+        x: centerX + Math.cos(angle) * radius,
+        y: centerY + Math.sin(angle) * radius
+      };
+    });
+  }, [graph.nodes]);
+  const byCategory = useMemo(() => new Map(positioned.map((node) => [node.category, node])), [positioned]);
+  return (
+    <section className="grid gap-2 rounded-lg border border-line p-3">
+      <div className="flex flex-wrap items-center justify-between gap-2">
+        <h2 className="text-sm font-semibold">Relationship graph</h2>
+        <span className="font-mono text-xs text-muted">
+          {graph.nodes.length} categories / {graph.edges.length} edges
+        </span>
+      </div>
+      {graph.nodes.length ? (
+        <svg className="h-80 w-full rounded border border-line bg-paper" viewBox="0 0 600 340" role="img" aria-label="Marketplace relationship graph">
+          {graph.edges.map((edge) => {
+            const source = byCategory.get(edge.sourceCategory);
+            const target = byCategory.get(edge.targetCategory);
+            if (!source || !target) return null;
+            return (
+              <line
+                key={`${edge.sourceCategory}-${edge.targetCategory}`}
+                stroke="#b7b7b7"
+                strokeWidth={Math.min(5, 1 + Number(edge.linkCount))}
+                x1={source.x}
+                x2={target.x}
+                y1={source.y}
+                y2={target.y}
+              />
+            );
+          })}
+          {positioned.map((node) => (
+            <g key={node.category}>
+              <circle cx={node.x} cy={node.y} fill="#111111" r="12" />
+              <text className="fill-ink text-[11px]" x={node.x + 16} y={node.y + 4}>
+                {shortCategory(node.category)}
+              </text>
+            </g>
+          ))}
+        </svg>
+      ) : (
+        <p className="text-sm text-muted">No public relationship graph.</p>
+      )}
+    </section>
+  );
+}
+
+function SampleExcerpts({ excerpts, stale }: { excerpts: MarketPreviewExcerpt[]; stale: boolean }) {
+  return (
+    <section className="grid gap-2 rounded-lg border border-line p-3">
+      <div className="flex flex-wrap items-center justify-between gap-2">
+        <h2 className="text-sm font-semibold">Sample excerpts</h2>
+        {stale ? <span className="rounded border border-amber-200 bg-amber-50 px-2 py-1 text-xs text-amber-900">stale preview</span> : null}
+      </div>
+      {excerpts.length ? (
+        <ul className="grid gap-3">
+          {excerpts.map((item) => (
+            <li className="grid gap-1 border-b border-line pb-3 last:border-b-0 last:pb-0" key={`${item.path}-${item.etag}`}>
+              <p className="font-mono text-xs text-muted">{item.path}</p>
+              <p className="text-sm leading-6 text-ink">{item.excerpt}</p>
+            </li>
+          ))}
+        </ul>
+      ) : (
+        <p className="text-sm text-muted">No public excerpts.</p>
+      )}
+    </section>
+  );
+}
+
+function Notice({ tone, text }: { tone: "success" | "error"; text: string }) {
+  const Icon = tone === "success" ? CheckCircle2 : CircleAlert;
+  const className = tone === "success" ? "border-green-200 bg-green-50 text-green-800" : "border-red-200 bg-red-50 text-red-800";
+  return (
+    <p className={`inline-flex items-start gap-2 rounded-lg border px-3 py-2 text-sm ${className}`}>
+      <Icon aria-hidden className="mt-0.5 shrink-0" size={16} />
+      <span>{text}</span>
+    </p>
+  );
+}
+
+function parseJsonArray(value: string): string[] {
+  try {
+    const parsed: unknown = JSON.parse(value);
+    return Array.isArray(parsed) ? parsed.filter((item): item is string => typeof item === "string") : [];
+  } catch {
+    return [];
+  }
+}
+
+function formatBytes(value: string): string {
+  const bytes = Number(value);
+  if (!Number.isFinite(bytes)) return value;
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KiB`;
+  return `${(bytes / (1024 * 1024)).toFixed(1)} MiB`;
+}
+
+function formatDate(value: string | null): string {
+  if (!value) return "-";
+  const date = new Date(Number(value));
+  return Number.isNaN(date.getTime()) ? "-" : date.toLocaleDateString();
+}
+
+function shortCategory(path: string): string {
+  return path.split("/").filter(Boolean).slice(-1)[0] ?? path;
+}
diff --git a/wikibrowser/app/marketplace/[listingId]/page.tsx b/wikibrowser/app/marketplace/[listingId]/page.tsx
new file mode 100644
index 00000000..9f8ec5c9
--- /dev/null
+++ b/wikibrowser/app/marketplace/[listingId]/page.tsx
@@ -0,0 +1,11 @@
+import type { Metadata } from "next";
+import { ListingDetailClient } from "./listing-detail-client";
+
+export const metadata: Metadata = {
+  title: "Kinic Marketplace Listing"
+};
+
+export default async function ListingDetailPage({ params }: { params: Promise<{ listingId: string }> }) {
+  const { listingId } = await params;
+  return <ListingDetailClient canisterId={process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID || ""} listingId={listingId} />;
+}
diff --git a/wikibrowser/app/marketplace/layout.tsx b/wikibrowser/app/marketplace/layout.tsx
new file mode 100644
index 00000000..de493626
--- /dev/null
+++ b/wikibrowser/app/marketplace/layout.tsx
@@ -0,0 +1,347 @@
+"use client";
+
+// Where: marketplace route group.
+// What: dedicated navigation shell for marketplace browsing and listing detail pages.
+// Why: marketplace needs the premium sidebar, while database browsing keeps its original workspace shell.
+
+import type { ChangeEvent, FormEvent, ReactNode } from "react";
+import { Suspense } from "react";
+import Link from "next/link";
+import { usePathname, useRouter, useSearchParams } from "next/navigation";
+import { ArrowDownAZ, Clock3, LayoutDashboard, PanelLeft, Search, Sparkles, Terminal, TrendingUp } from "lucide-react";
+import { Separator } from "@/components/ui/separator";
+import { Input } from "@/components/ui/input";
+import { Sheet, SheetContent, SheetDescription, SheetHeader, SheetTitle, SheetTrigger } from "@/components/ui/sheet";
+
+const QUICK_FILTERS: { label: string; params: Record<string, string> }[] = [
+  {
+    label: "All listings",
+    params: {}
+  },
+  {
+    label: "Popular",
+    params: { sort: "popular" }
+  },
+  {
+    label: "Recent",
+    params: { sort: "recent" }
+  },
+  {
+    label: "Low price",
+    params: { sort: "price_low" }
+  },
+  {
+    label: "With excerpts",
+    params: { preview: "1" }
+  }
+];
+
+const SORT_ITEMS = [
+  {
+    value: "recent",
+    label: "Recent",
+    icon: Clock3
+  },
+  {
+    value: "popular",
+    label: "Popular",
+    icon: TrendingUp
+  },
+  {
+    value: "price_low",
+    label: "Low price",
+    icon: ArrowDownAZ
+  }
+] as const;
+
+const SECONDARY_LINKS = [
+  {
+    href: "/dashboard",
+    label: "Seller dashboard",
+    icon: LayoutDashboard
+  },
+  {
+    href: "/cli",
+    label: "CLI Guide",
+    icon: Terminal
+  }
+];
+
+export default function MarketplaceLayout({ children }: { children: ReactNode }) {
+  return (
+    <Suspense fallback={<MarketplaceShellFallback>{children}</MarketplaceShellFallback>}>
+      <MarketplaceShell>{children}</MarketplaceShell>
+    </Suspense>
+  );
+}
+
+function MarketplaceShell({ children }: { children: ReactNode }) {
+  const pathname = usePathname();
+  const router = useRouter();
+  const searchParams = useSearchParams();
+  const query = searchParams.get("q") ?? "";
+  const sort = searchParams.get("sort") ?? "";
+  const max = searchParams.get("max") ?? "";
+  const previewOnly = searchParams.get("preview") === "1";
+
+  function replaceParams(next: Record<string, string | null>) {
+    const params = new URLSearchParams(searchParams);
+    for (const [key, value] of Object.entries(next)) {
+      if (value === null || value === "") {
+        params.delete(key);
+      } else {
+        params.set(key, value);
+      }
+    }
+    const queryString = params.toString();
+    const targetPath = pathname.startsWith("/marketplace/") ? "/marketplace" : pathname;
+    router.replace(queryString ? `${targetPath}?${queryString}` : targetPath);
+  }
+
+  function runSearch(event: FormEvent<HTMLFormElement>) {
+    event.preventDefault();
+    const formData = new FormData(event.currentTarget);
+    const nextQuery = String(formData.get("q") ?? "").trim();
+    replaceParams({ q: nextQuery || null });
+  }
+
+  function updateMax(event: ChangeEvent<HTMLInputElement>) {
+    const normalized = normalizeKinicDecimalInput(event.target.value);
+    replaceParams({ max: normalized || null });
+  }
+
+  const controls = (
+    <MarketplaceBrowseControls
+      max={max}
+      previewOnly={previewOnly}
+      query={query}
+      sort={sort}
+      onMaxChange={updateMax}
+      onReplaceParams={replaceParams}
+      onSearch={runSearch}
+    />
+  );
+
+  return (
+    <section className="grid min-h-[calc(100vh-144px)] grid-cols-1 gap-0 bg-canvas text-ink lg:grid-cols-[320px_minmax(0,1fr)]">
+      <aside className="hidden border-r border-line bg-paper lg:flex lg:min-h-0 lg:flex-col" data-tid="marketplace-sidebar">
+        {controls}
+      </aside>
+      <main className="min-w-0 bg-canvas">
+        <div className="flex min-h-0 flex-col px-3 pb-8 pt-4 sm:px-6">
+          <div className="mb-3 flex items-center gap-2 lg:hidden">
+            <Sheet>
+              <SheetTrigger asChild>
+                <button className="grid h-10 w-10 place-items-center rounded-2xl border border-line bg-white text-ink shadow-[0_4px_10px_#14142b0a] hover:border-accent hover:bg-accent hover:text-white" type="button" aria-label="Open marketplace filters">
+                  <PanelLeft aria-hidden size={18} />
+                </button>
+              </SheetTrigger>
+              <SheetContent side="left" className="w-[320px] max-w-[85vw] bg-paper p-0">
+                <SheetHeader className="sr-only">
+                  <SheetTitle>Marketplace filters</SheetTitle>
+                  <SheetDescription>Filter and sort loaded marketplace listings.</SheetDescription>
+                </SheetHeader>
+                <div data-tid="marketplace-sidebar" className="flex h-full min-h-0 flex-col">
+                  {controls}
+                </div>
+              </SheetContent>
+            </Sheet>
+          </div>
+          {children}
+        </div>
+      </main>
+    </section>
+  );
+}
+
+function MarketplaceShellFallback({ children }: { children: ReactNode }) {
+  return (
+    <section className="grid min-h-[calc(100vh-144px)] grid-cols-1 gap-0 bg-canvas text-ink lg:grid-cols-[320px_minmax(0,1fr)]">
+      <aside className="hidden border-r border-line bg-paper lg:flex lg:min-h-0 lg:flex-col" data-tid="marketplace-sidebar">
+        <div className="flex min-h-0 flex-1 flex-col gap-3 overflow-auto pt-3">
+          <ControlGroup label="Browse marketplace">
+            <div className="grid gap-2 px-2">
+              <div className="h-10 rounded-xl border border-line bg-white" />
+            </div>
+          </ControlGroup>
+          <ControlGroup label="Quick filters">
+            <div className="grid gap-1 px-2">
+              <div className="h-9 rounded-xl bg-white" />
+              <div className="h-9 rounded-xl bg-white" />
+              <div className="h-9 rounded-xl bg-white" />
+            </div>
+          </ControlGroup>
+        </div>
+      </aside>
+      <main className="min-w-0 bg-canvas">
+        <div className="flex min-h-0 flex-col px-3 pb-8 pt-4 sm:px-6">{children}</div>
+      </main>
+    </section>
+  );
+}
+
+function MarketplaceBrowseControls({
+  max,
+  previewOnly,
+  query,
+  sort,
+  onMaxChange,
+  onReplaceParams,
+  onSearch
+}: {
+  max: string;
+  previewOnly: boolean;
+  query: string;
+  sort: string;
+  onMaxChange: (event: ChangeEvent<HTMLInputElement>) => void;
+  onReplaceParams: (next: Record<string, string | null>) => void;
+  onSearch: (event: FormEvent<HTMLFormElement>) => void;
+}) {
+  return (
+    <>
+      <div className="flex min-h-0 flex-1 flex-col gap-3 overflow-auto pt-3">
+        <ControlGroup label="Browse marketplace">
+          <form className="grid gap-2 px-2" onSubmit={onSearch}>
+            <label className="sr-only" htmlFor="market-search">Search marketplace</label>
+            <div className="flex min-h-10 items-center gap-2 rounded-xl border border-line bg-white px-3 focus-within:border-accent">
+              <Search aria-hidden className="shrink-0 text-muted" size={16} />
+              <input
+                id="market-search"
+                className="min-w-0 flex-1 bg-transparent py-2 text-sm outline-none"
+                name="q"
+                placeholder="Filter loaded listings"
+                defaultValue={query}
+              />
+            </div>
+          </form>
+        </ControlGroup>
+
+        <ControlGroup label="Quick filters">
+          <div className="grid gap-1 px-2">
+            {QUICK_FILTERS.map((filter) => {
+              const active = isQuickFilterActive(filter.params, { sort, previewOnly, query, max });
+              return (
+                <button
+                  className={`flex min-h-9 items-center justify-between rounded-xl px-3 text-left text-sm font-semibold transition-colors ${active ? "bg-accent text-white" : "text-muted hover:bg-accentSoft hover:text-accentText"}`}
+                  key={filter.label}
+                  type="button"
+                  onClick={() => {
+                    if (filter.label === "All listings") {
+                      onReplaceParams({ q: null, sort: null, max: null, preview: null });
+                    } else {
+                      onReplaceParams(filter.params);
+                    }
+                  }}
+                >
+                  <span>{filter.label}</span>
+                  {active ? <Sparkles aria-hidden size={14} /> : null}
+                </button>
+              );
+            })}
+          </div>
+        </ControlGroup>
+
+        <ControlGroup label="Sort loaded listings">
+          <div className="grid gap-1 px-2">
+            {SORT_ITEMS.map((item) => {
+              const Icon = item.icon;
+              const active = sort === item.value;
+              return (
+                <button
+                  className={`flex min-h-9 items-center gap-2 rounded-xl px-3 text-sm font-semibold transition-colors ${active ? "bg-accent text-white" : "text-muted hover:bg-accentSoft hover:text-accentText"}`}
+                  key={item.value}
+                  type="button"
+                  onClick={() => onReplaceParams({ sort: active ? null : item.value })}
+                >
+                  <Icon aria-hidden size={16} />
+                  <span>{item.label}</span>
+                </button>
+              );
+            })}
+          </div>
+        </ControlGroup>
+
+        <ControlGroup label="Price">
+          <div className="grid gap-2 px-2">
+            <label className="text-xs font-semibold text-muted" htmlFor="market-max-price">Max price</label>
+            <Input
+              id="market-max-price"
+              className="h-10 rounded-xl bg-white font-mono text-xs"
+              inputMode="decimal"
+              placeholder="0.5 KINIC"
+              value={max}
+              onChange={onMaxChange}
+            />
+          </div>
+        </ControlGroup>
+      </div>
+      <footer className="border-t border-line bg-white/80 p-3">
+        <div className="grid gap-1">
+          {SECONDARY_LINKS.map((item) => {
+            const Icon = item.icon;
+            return (
+              <MarketSidebarLink className="flex min-h-9 items-center gap-2 rounded-xl px-3 text-sm font-semibold text-muted hover:bg-accentSoft hover:text-accentText" href={item.href} key={item.href}>
+                <Icon aria-hidden size={16} />
+                <span>{item.label}</span>
+              </MarketSidebarLink>
+            );
+          })}
+        </div>
+        <Separator className="my-2 bg-line" />
+        <p className="px-2 font-mono text-[10px] uppercase text-muted">Filter loaded listings</p>
+      </footer>
+    </>
+  );
+}
+
+function ControlGroup({ children, label }: { children: ReactNode; label: string }) {
+  return (
+    <section className="grid gap-2">
+      <h2 className="px-4 text-xs font-medium text-muted">{label}</h2>
+      {children}
+    </section>
+  );
+}
+
+function isQuickFilterActive(
+  params: Record<string, string>,
+  current: { sort: string; previewOnly: boolean; query: string; max: string }
+): boolean {
+  if (Object.keys(params).length === 0) {
+    return !current.sort && !current.previewOnly && !current.query && !current.max;
+  }
+  if (params.sort) return current.sort === params.sort;
+  if (params.preview) return current.previewOnly;
+  return false;
+}
+
+function MarketSidebarLink({
+  children,
+  href,
+  className,
+  ...props
+}: {
+  children: ReactNode;
+  href: string;
+  className?: string;
+  "aria-current"?: "page";
+  "aria-label"?: string;
+}) {
+  return (
+    <Link
+      href={href}
+      className={className}
+      {...props}
+    >
+      {children}
+    </Link>
+  );
+}
+
+function normalizeKinicDecimalInput(value: string): string | null {
+  const normalized = value.replace(/[^\d.]/g, "");
+  const [whole = "", ...fractions] = normalized.split(".");
+  const fraction = fractions.join("").slice(0, 8);
+  if (!whole && !fraction) return null;
+  return fraction ? `${whole || "0"}.${fraction}` : whole;
+}
diff --git a/wikibrowser/app/marketplace/marketplace-client.tsx b/wikibrowser/app/marketplace/marketplace-client.tsx
new file mode 100644
index 00000000..6baab4ce
--- /dev/null
+++ b/wikibrowser/app/marketplace/marketplace-client.tsx
@@ -0,0 +1,175 @@
+"use client";
+
+import Link from "next/link";
+import { RefreshCw } from "lucide-react";
+import { useSearchParams } from "next/navigation";
+import { useCallback, useEffect, useMemo, useState } from "react";
+import { marketListListings } from "@/lib/vfs-client";
+import { formatTokenAmountFromE8s } from "@/lib/kinic-amount";
+import { marketListingPath } from "@/lib/marketplace-routes";
+import type { MarketListing } from "@/lib/types";
+
+type MarketplaceClientProps = {
+  canisterId: string;
+};
+
+type LoadState = "idle" | "loading" | "error";
+
+export function MarketplaceClient({ canisterId }: MarketplaceClientProps) {
+  const searchParams = useSearchParams();
+  const [listings, setListings] = useState<MarketListing[]>([]);
+  const [cursor, setCursor] = useState<string | null>(null);
+  const [state, setState] = useState<LoadState>("idle");
+  const [error, setError] = useState<string | null>(null);
+  const query = searchParams.get("q") ?? "";
+  const sort = parseMarketSort(searchParams.get("sort"));
+  const maxPriceE8s = parseKinicDecimalToE8s(searchParams.get("max"));
+  const previewOnly = searchParams.get("preview") === "1";
+
+  const filtered = useMemo(() => {
+    const needle = query.trim().toLowerCase();
+    const nextListings = listings.filter((listing) => {
+      if (needle && !`${listing.title}\n${listing.description}\n${listing.tagsJson}`.toLowerCase().includes(needle)) {
+        return false;
+      }
+      if (maxPriceE8s !== null && parseBigIntOrZero(listing.priceE8s) > maxPriceE8s) {
+        return false;
+      }
+      if (previewOnly && !hasListingPreview(listing)) {
+        return false;
+      }
+      return true;
+    });
+    return [...nextListings].sort((left, right) => compareListings(left, right, sort));
+  }, [listings, maxPriceE8s, previewOnly, query, sort]);
+
+  const load = useCallback(async (nextCursor: string | null, append: boolean) => {
+    if (!canisterId) {
+      setError("NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID is not configured");
+      setState("error");
+      return;
+    }
+    setState("loading");
+    setError(null);
+    try {
+      const page = await marketListListings(canisterId, nextCursor, 24);
+      setListings((current) => (append ? [...current, ...page.listings] : page.listings));
+      setCursor(page.nextCursor);
+      setState("idle");
+    } catch (cause) {
+      setError(cause instanceof Error ? cause.message : String(cause));
+      setState("error");
+    }
+  }, [canisterId]);
+
+  useEffect(() => {
+    const timer = window.setTimeout(() => {
+      void load(null, false);
+    }, 0);
+    return () => window.clearTimeout(timer);
+  }, [load]);
+
+  return (
+    <main className="min-w-0 text-ink">
+      <section className="flex max-w-none flex-col gap-5">
+        <div className="flex flex-wrap items-center justify-between gap-3">
+          <div>
+            <h1 className="text-2xl font-semibold">Marketplace</h1>
+            <p className="text-sm text-muted">
+              {filtered.length} matching loaded listings from {listings.length} loaded
+              {cursor ? " shown from loaded pages" : ""}
+            </p>
+          </div>
+          <button className="grid size-10 place-items-center rounded-xl border border-line bg-white hover:border-accent hover:text-accent" type="button" onClick={() => void load(null, false)}>
+            <RefreshCw aria-label="Refresh listings" size={17} />
+          </button>
+        </div>
+
+        {error ? <p className="rounded-lg border border-red-200 bg-red-50 px-3 py-2 text-sm text-red-800">{error}</p> : null}
+
+        <section className="grid gap-3 md:grid-cols-2 xl:grid-cols-3">
+          {filtered.map((listing) => (
+            <Link
+              className="grid min-h-48 gap-3 rounded-lg border border-line bg-white p-4 shadow-[0_8px_24px_#14142b0a] hover:border-accent"
+              href={marketListingPath(listing.listingId)}
+              key={listing.listingId}
+            >
+              <div className="grid gap-1">
+                <h2 className="line-clamp-2 text-base font-semibold">{listing.title}</h2>
+                <p className="line-clamp-3 text-sm text-muted">{listing.description}</p>
+              </div>
+              <div className="mt-auto flex items-center justify-between gap-3 text-sm">
+                <span className="font-mono font-semibold">{formatTokenAmountFromE8s(listing.priceE8s)}</span>
+                <span className="text-muted">{listing.purchaseCount} sold</span>
+              </div>
+            </Link>
+          ))}
+        </section>
+
+        {cursor ? (
+          <button
+            className="mx-auto min-h-11 rounded-lg border border-line px-4 text-sm font-semibold hover:border-accent disabled:opacity-60"
+            disabled={state === "loading"}
+            type="button"
+            onClick={() => void load(cursor, true)}
+          >
+            Load more
+          </button>
+        ) : null}
+      </section>
+    </main>
+  );
+}
+
+type MarketSort = "recent" | "popular" | "price_low";
+
+function parseMarketSort(value: string | null): MarketSort {
+  if (value === "popular" || value === "price_low") return value;
+  return "recent";
+}
+
+function compareListings(left: MarketListing, right: MarketListing, sort: MarketSort): number {
+  if (sort === "popular") {
+    return compareBigIntDesc(parseBigIntOrZero(left.purchaseCount), parseBigIntOrZero(right.purchaseCount));
+  }
+  if (sort === "price_low") {
+    return compareBigIntAsc(parseBigIntOrZero(left.priceE8s), parseBigIntOrZero(right.priceE8s));
+  }
+  return compareBigIntDesc(parseBigIntOrZero(left.updatedAtMs || left.createdAtMs), parseBigIntOrZero(right.updatedAtMs || right.createdAtMs));
+}
+
+function compareBigIntAsc(left: bigint, right: bigint): number {
+  if (left < right) return -1;
+  if (left > right) return 1;
+  return 0;
+}
+
+function compareBigIntDesc(left: bigint, right: bigint): number {
+  return compareBigIntAsc(right, left);
+}
+
+function parseKinicDecimalToE8s(value: string | null): bigint | null {
+  if (!value) return null;
+  const trimmed = value.trim();
+  if (!/^\d+(?:\.\d{1,8})?$/.test(trimmed)) return null;
+  const [whole, fraction = ""] = trimmed.split(".");
+  return BigInt(whole) * 100_000_000n + BigInt(fraction.padEnd(8, "0"));
+}
+
+function parseBigIntOrZero(value: string): bigint {
+  try {
+    return BigInt(value);
+  } catch {
+    return 0n;
+  }
+}
+
+function hasListingPreview(listing: MarketListing): boolean {
+  if (listing.llmSummary) return true;
+  try {
+    const parsed: unknown = JSON.parse(listing.sampleExcerptsJson);
+    return Array.isArray(parsed) && parsed.length > 0;
+  } catch {
+    return false;
+  }
+}
diff --git a/wikibrowser/app/marketplace/page.tsx b/wikibrowser/app/marketplace/page.tsx
new file mode 100644
index 00000000..a833ce76
--- /dev/null
+++ b/wikibrowser/app/marketplace/page.tsx
@@ -0,0 +1,37 @@
+import type { Metadata } from "next";
+import { Suspense } from "react";
+import { MarketplaceClient } from "./marketplace-client";
+
+export const metadata: Metadata = {
+  title: "Kinic Marketplace",
+  description: "Browse paid Kinic Wiki database access listings."
+};
+
+export default function MarketplacePage() {
+  return (
+    <Suspense fallback={<MarketplaceLoadingState />}>
+      <MarketplaceClient canisterId={process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID || ""} />
+    </Suspense>
+  );
+}
+
+function MarketplaceLoadingState() {
+  return (
+    <main className="min-w-0 text-ink">
+      <section className="flex max-w-none flex-col gap-5">
+        <div className="flex flex-wrap items-center justify-between gap-3">
+          <div className="grid gap-2">
+            <div className="h-8 w-40 rounded-lg bg-white" />
+            <div className="h-4 w-56 rounded-lg bg-white" />
+          </div>
+          <div className="size-10 rounded-xl border border-line bg-white" />
+        </div>
+        <section className="grid gap-3 md:grid-cols-2 xl:grid-cols-3">
+          <div className="min-h-48 rounded-lg border border-line bg-white" />
+          <div className="min-h-48 rounded-lg border border-line bg-white" />
+          <div className="min-h-48 rounded-lg border border-line bg-white" />
+        </section>
+      </section>
+    </main>
+  );
+}
diff --git a/wikibrowser/app/page.tsx b/wikibrowser/app/page.tsx
index 3914b2cd..7d272e3d 100644
--- a/wikibrowser/app/page.tsx
+++ b/wikibrowser/app/page.tsx
@@ -2,6 +2,7 @@ import type { Metadata } from "next";
 import Image from "next/image";
 import Link from "next/link";
 import { BookOpen, Database, Search, ShieldCheck, TerminalSquare, Wrench } from "lucide-react";
+import { publicDatabasePath } from "@/lib/share-links";
 import heroImage from "./home-hero.png";
 
 export const metadata: Metadata = {
@@ -41,7 +42,7 @@ const companionSurfaces = [
   {
     title: "Official wiki",
     body: "Open the public Kinic Wiki example in the wiki browser to inspect how /Wiki and /Sources are organized.",
-    href: "/db_kva4v2twg6jv/Wiki",
+    href: publicDatabasePath("db_kva4v2twg6jv"),
     label: "Open Official Wiki",
     icon: BookOpen
   },
diff --git a/wikibrowser/app/skills/skill-registry-client.tsx b/wikibrowser/app/skills/skill-registry-client.tsx
index 5a86d462..57a331f3 100644
--- a/wikibrowser/app/skills/skill-registry-client.tsx
+++ b/wikibrowser/app/skills/skill-registry-client.tsx
@@ -11,6 +11,7 @@ import { EmptyState, SkillCard, StatusPanel, SummaryStrip } from "@/app/skills/s
 import { AdminHeader } from "@/components/admin-header";
 import { AUTH_CLIENT_CREATE_OPTIONS, authLoginOptions } from "@/lib/auth";
 import { databaseCyclesDisabledReason, databaseCanWrite } from "@/lib/cycles-state";
+import { hrefForPath } from "@/lib/paths";
 import { filterSkills, loadSkillCatalog, summarizeSkills, type CatalogSkill, type StatusFilter } from "@/lib/skill-registry-catalog";
 import { loadSkillCatalogDetails } from "@/lib/skill-registry-details";
 import { applyProposalDiff, previewApplyProposalDiff, type ProposalDiffPreview } from "@/lib/skill-registry-diff";
@@ -215,7 +216,7 @@ export function SkillRegistryClient({ databaseId }: { databaseId: string }) {
         <AdminHeader
           title="Skill Registry"
           nav={
-            <Link className="text-accent no-underline hover:underline" href={`/${encodeURIComponent(databaseId)}/Wiki`}>
+            <Link className="text-accent no-underline hover:underline" href={hrefForPath(canisterId, databaseId, "/Wiki")}>
               Wiki
             </Link>
           }
diff --git a/wikibrowser/components.json b/wikibrowser/components.json
new file mode 100644
index 00000000..639cbe5e
--- /dev/null
+++ b/wikibrowser/components.json
@@ -0,0 +1,21 @@
+{
+  "$schema": "https://ui.shadcn.com/schema.json",
+  "style": "new-york",
+  "rsc": true,
+  "tsx": true,
+  "tailwind": {
+    "config": "tailwind.config.ts",
+    "css": "app/globals.css",
+    "baseColor": "neutral",
+    "cssVariables": true,
+    "prefix": ""
+  },
+  "aliases": {
+    "components": "@/components",
+    "utils": "@/lib/utils",
+    "ui": "@/components/ui",
+    "lib": "@/lib",
+    "hooks": "@/hooks"
+  },
+  "iconLibrary": "lucide"
+}
diff --git a/wikibrowser/components/document-pane.tsx b/wikibrowser/components/document-pane.tsx
index c23e12a0..860996fa 100644
--- a/wikibrowser/components/document-pane.tsx
+++ b/wikibrowser/components/document-pane.tsx
@@ -59,10 +59,10 @@ export function DocumentHeader({
     }
   }
   return (
-    <div className="flex min-h-[52px] flex-wrap items-center justify-between gap-2 border-b border-line bg-paper/80 px-5 py-3">
+    <div className="flex min-h-[60px] flex-wrap items-center justify-between gap-2 border-b border-line bg-white px-5 py-3">
       <div className="flex min-w-0 max-w-full items-center gap-2">
         <DocumentHeaderPath canisterId={canisterId} databaseId={databaseId} path={path} />
-        <div className="flex h-10 shrink-0 rounded-xl border border-line bg-white p-1 text-xs">
+        <div className="flex h-10 shrink-0 rounded-2xl border border-line bg-white p-1 text-xs shadow-[0_4px_10px_#14142b0a]">
           <button
             aria-label="Copy path"
             className="inline-flex size-8 items-center justify-center rounded-lg text-muted hover:bg-paper hover:text-ink"
@@ -75,13 +75,13 @@ export function DocumentHeader({
         </div>
       </div>
       <div className="flex min-w-0 flex-wrap items-center gap-2">
-        <div className="flex rounded-xl border border-line bg-white p-1 text-sm">
+        <div className="flex rounded-2xl border border-line bg-white p-1 text-sm shadow-[0_4px_10px_#14142b0a]">
           <ViewButton active={view === "preview"} label="Preview" onClick={() => onViewChange("preview")} />
           <ViewButton active={view === "raw"} label="Raw" onClick={() => onViewChange("raw")} />
           {!isDirectory || canEditDirectory ? <ViewButton active={view === "edit"} label="Edit" onClick={() => onViewChange("edit")} /> : null}
         </div>
         {rawContent !== null ? (
-          <div className="flex h-10 rounded-xl border border-line bg-white p-1 text-xs">
+          <div className="flex h-10 rounded-2xl border border-line bg-white p-1 text-xs shadow-[0_4px_10px_#14142b0a]">
             <button
               aria-label="Copy raw"
               className="inline-flex size-8 items-center justify-center rounded-lg text-muted hover:bg-paper hover:text-ink"
@@ -116,10 +116,10 @@ function DocumentHeaderPath({
 }) {
   const segments = path.split("/").filter(Boolean);
   if (segments.length === 0) {
-    return <div className="flex h-10 w-fit min-w-0 max-w-full items-center rounded-xl border border-line bg-white px-3 font-mono text-xs font-medium text-ink">/</div>;
+    return <div className="flex h-10 w-fit min-w-0 max-w-full items-center rounded-2xl border border-line bg-white px-3 font-mono text-xs font-medium text-ink shadow-[0_4px_10px_#14142b0a]">/</div>;
   }
   return (
-    <nav className="flex h-10 w-fit min-w-0 max-w-full items-center gap-1 overflow-x-auto rounded-xl border border-line bg-white px-3 font-mono text-xs" aria-label="Current wiki path">
+    <nav className="flex h-10 w-fit min-w-0 max-w-full items-center gap-1 overflow-x-auto rounded-2xl border border-line bg-white px-3 font-mono text-xs shadow-[0_4px_10px_#14142b0a]" aria-label="Current wiki path">
       {segments.map((segment, index) => {
         const crumbPath = `/${segments.slice(0, index + 1).join("/")}`;
         const last = index === segments.length - 1;
@@ -784,7 +784,7 @@ function ViewButton({ active, label, onClick }: { active: boolean; label: string
   return (
     <button
       type="button"
-      className={`rounded-lg px-3 py-1.5 ${active ? "bg-accent text-white" : "text-muted"}`}
+      className={`rounded-xl px-3 py-1.5 ${active ? "bg-accent text-white" : "text-muted hover:bg-accentSoft hover:text-accentText"}`}
       onClick={onClick}
     >
       {label}
diff --git a/wikibrowser/components/explorer-tree.tsx b/wikibrowser/components/explorer-tree.tsx
index 6a057e51..0d0b36c9 100644
--- a/wikibrowser/components/explorer-tree.tsx
+++ b/wikibrowser/components/explorer-tree.tsx
@@ -154,8 +154,8 @@ function TreeNode({
   return (
     <div>
       <div
-        className={`flex items-center gap-1 rounded-lg px-2 py-1.5 text-sm ${
-          selected ? "bg-accentSoft text-accentText" : "text-ink hover:bg-white"
+        className={`flex items-center gap-1 rounded-xl px-2 py-1.5 text-sm ${
+          selected ? "bg-accentSoft font-semibold text-accentText" : "text-ink hover:bg-paper hover:text-accentText"
         }`}
         style={{ paddingLeft: `${8 + depth * 16}px` }}
       >
@@ -189,7 +189,7 @@ function TreeNode({
 function Toggle({ expanded, setExpanded }: { expanded: boolean; setExpanded: (value: boolean) => void }) {
   return (
     <button
-      className="rounded p-0.5 text-muted hover:bg-canvas"
+      className="rounded-lg p-0.5 text-muted hover:bg-accentSoft hover:text-accentText"
       type="button"
       onClick={() => setExpanded(!expanded)}
       aria-label={expanded ? "Collapse directory" : "Expand directory"}
diff --git a/wikibrowser/components/panel.tsx b/wikibrowser/components/panel.tsx
index 210477d1..d5d47c47 100644
--- a/wikibrowser/components/panel.tsx
+++ b/wikibrowser/components/panel.tsx
@@ -12,9 +12,9 @@ export function PanelHeader({
   actions?: ReactNode;
 }) {
   return (
-    <div className="flex items-center justify-between gap-2 border-b border-line px-4 py-3">
+    <div className="flex items-center justify-between gap-2 border-b border-line bg-white px-4 py-3">
       <div className="flex min-w-0 items-center gap-2">
-        <span className="shrink-0 text-accent">{icon}</span>
+        <span className="inline-flex h-8 w-8 shrink-0 items-center justify-center rounded-xl bg-accentSoft text-accentText">{icon}</span>
         <div className="min-w-0">
           <h2 className="truncate text-sm font-semibold">{title}</h2>
           {subtitle ? <p className="truncate text-xs text-muted">{subtitle}</p> : null}
@@ -35,7 +35,7 @@ export function InspectorCard({
   children: ReactNode;
 }) {
   return (
-    <section className="rounded-xl border border-line bg-white p-4">
+    <section className="rounded-2xl border border-line bg-white p-4 shadow-[0_4px_10px_#14142b0a]">
       <h3 className="mb-3 flex items-center gap-2 text-sm font-semibold">
         <span className="text-accent">{icon}</span>
         {title}
diff --git a/wikibrowser/components/ui/badge.tsx b/wikibrowser/components/ui/badge.tsx
new file mode 100644
index 00000000..e87d62bf
--- /dev/null
+++ b/wikibrowser/components/ui/badge.tsx
@@ -0,0 +1,36 @@
+import * as React from "react"
+import { cva, type VariantProps } from "class-variance-authority"
+
+import { cn } from "@/lib/utils"
+
+const badgeVariants = cva(
+  "inline-flex items-center rounded-md border px-2.5 py-0.5 text-xs font-semibold transition-colors focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2",
+  {
+    variants: {
+      variant: {
+        default:
+          "border-transparent bg-primary text-primary-foreground shadow hover:bg-primary/80",
+        secondary:
+          "border-transparent bg-secondary text-secondary-foreground hover:bg-secondary/80",
+        destructive:
+          "border-transparent bg-destructive text-destructive-foreground shadow hover:bg-destructive/80",
+        outline: "text-foreground",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+    },
+  }
+)
+
+export interface BadgeProps
+  extends React.HTMLAttributes<HTMLDivElement>,
+    VariantProps<typeof badgeVariants> {}
+
+function Badge({ className, variant, ...props }: BadgeProps) {
+  return (
+    <div className={cn(badgeVariants({ variant }), className)} {...props} />
+  )
+}
+
+export { Badge, badgeVariants }
diff --git a/wikibrowser/components/ui/button.tsx b/wikibrowser/components/ui/button.tsx
new file mode 100644
index 00000000..65d4fcd9
--- /dev/null
+++ b/wikibrowser/components/ui/button.tsx
@@ -0,0 +1,57 @@
+import * as React from "react"
+import { Slot } from "@radix-ui/react-slot"
+import { cva, type VariantProps } from "class-variance-authority"
+
+import { cn } from "@/lib/utils"
+
+const buttonVariants = cva(
+  "inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-colors focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg]:size-4 [&_svg]:shrink-0",
+  {
+    variants: {
+      variant: {
+        default:
+          "bg-primary text-primary-foreground shadow hover:bg-primary/90",
+        destructive:
+          "bg-destructive text-destructive-foreground shadow-sm hover:bg-destructive/90",
+        outline:
+          "border border-input bg-background shadow-sm hover:bg-accent hover:text-accent-foreground",
+        secondary:
+          "bg-secondary text-secondary-foreground shadow-sm hover:bg-secondary/80",
+        ghost: "hover:bg-accent hover:text-accent-foreground",
+        link: "text-primary underline-offset-4 hover:underline",
+      },
+      size: {
+        default: "h-9 px-4 py-2",
+        sm: "h-8 rounded-md px-3 text-xs",
+        lg: "h-10 rounded-md px-8",
+        icon: "h-9 w-9",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+      size: "default",
+    },
+  }
+)
+
+export interface ButtonProps
+  extends React.ButtonHTMLAttributes<HTMLButtonElement>,
+    VariantProps<typeof buttonVariants> {
+  asChild?: boolean
+}
+
+const Button = React.forwardRef<HTMLButtonElement, ButtonProps>(
+  ({ className, variant, size, asChild = false, ...props }, ref) => {
+    const Comp = asChild ? Slot : "button"
+    return (
+      <Comp
+        className={cn(buttonVariants({ variant, size, className }))}
+        ref={ref}
+        {...props}
+      />
+    )
+  }
+)
+Button.displayName = "Button"
+
+export { Button, buttonVariants }
diff --git a/wikibrowser/components/ui/card.tsx b/wikibrowser/components/ui/card.tsx
new file mode 100644
index 00000000..cabfbfc5
--- /dev/null
+++ b/wikibrowser/components/ui/card.tsx
@@ -0,0 +1,76 @@
+import * as React from "react"
+
+import { cn } from "@/lib/utils"
+
+const Card = React.forwardRef<
+  HTMLDivElement,
+  React.HTMLAttributes<HTMLDivElement>
+>(({ className, ...props }, ref) => (
+  <div
+    ref={ref}
+    className={cn(
+      "rounded-xl border bg-card text-card-foreground shadow",
+      className
+    )}
+    {...props}
+  />
+))
+Card.displayName = "Card"
+
+const CardHeader = React.forwardRef<
+  HTMLDivElement,
+  React.HTMLAttributes<HTMLDivElement>
+>(({ className, ...props }, ref) => (
+  <div
+    ref={ref}
+    className={cn("flex flex-col space-y-1.5 p-6", className)}
+    {...props}
+  />
+))
+CardHeader.displayName = "CardHeader"
+
+const CardTitle = React.forwardRef<
+  HTMLDivElement,
+  React.HTMLAttributes<HTMLDivElement>
+>(({ className, ...props }, ref) => (
+  <div
+    ref={ref}
+    className={cn("font-semibold leading-none tracking-tight", className)}
+    {...props}
+  />
+))
+CardTitle.displayName = "CardTitle"
+
+const CardDescription = React.forwardRef<
+  HTMLDivElement,
+  React.HTMLAttributes<HTMLDivElement>
+>(({ className, ...props }, ref) => (
+  <div
+    ref={ref}
+    className={cn("text-sm text-muted-foreground", className)}
+    {...props}
+  />
+))
+CardDescription.displayName = "CardDescription"
+
+const CardContent = React.forwardRef<
+  HTMLDivElement,
+  React.HTMLAttributes<HTMLDivElement>
+>(({ className, ...props }, ref) => (
+  <div ref={ref} className={cn("p-6 pt-0", className)} {...props} />
+))
+CardContent.displayName = "CardContent"
+
+const CardFooter = React.forwardRef<
+  HTMLDivElement,
+  React.HTMLAttributes<HTMLDivElement>
+>(({ className, ...props }, ref) => (
+  <div
+    ref={ref}
+    className={cn("flex items-center p-6 pt-0", className)}
+    {...props}
+  />
+))
+CardFooter.displayName = "CardFooter"
+
+export { Card, CardHeader, CardFooter, CardTitle, CardDescription, CardContent }
diff --git a/wikibrowser/components/ui/input.tsx b/wikibrowser/components/ui/input.tsx
new file mode 100644
index 00000000..69b64fb2
--- /dev/null
+++ b/wikibrowser/components/ui/input.tsx
@@ -0,0 +1,22 @@
+import * as React from "react"
+
+import { cn } from "@/lib/utils"
+
+const Input = React.forwardRef<HTMLInputElement, React.ComponentProps<"input">>(
+  ({ className, type, ...props }, ref) => {
+    return (
+      <input
+        type={type}
+        className={cn(
+          "flex h-9 w-full rounded-md border border-input bg-transparent px-3 py-1 text-base shadow-sm transition-colors file:border-0 file:bg-transparent file:text-sm file:font-medium file:text-foreground placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:cursor-not-allowed disabled:opacity-50 md:text-sm",
+          className
+        )}
+        ref={ref}
+        {...props}
+      />
+    )
+  }
+)
+Input.displayName = "Input"
+
+export { Input }
diff --git a/wikibrowser/components/ui/scroll-area.tsx b/wikibrowser/components/ui/scroll-area.tsx
new file mode 100644
index 00000000..0b4a48d8
--- /dev/null
+++ b/wikibrowser/components/ui/scroll-area.tsx
@@ -0,0 +1,48 @@
+"use client"
+
+import * as React from "react"
+import * as ScrollAreaPrimitive from "@radix-ui/react-scroll-area"
+
+import { cn } from "@/lib/utils"
+
+const ScrollArea = React.forwardRef<
+  React.ElementRef<typeof ScrollAreaPrimitive.Root>,
+  React.ComponentPropsWithoutRef<typeof ScrollAreaPrimitive.Root>
+>(({ className, children, ...props }, ref) => (
+  <ScrollAreaPrimitive.Root
+    ref={ref}
+    className={cn("relative overflow-hidden", className)}
+    {...props}
+  >
+    <ScrollAreaPrimitive.Viewport className="h-full w-full rounded-[inherit]">
+      {children}
+    </ScrollAreaPrimitive.Viewport>
+    <ScrollBar />
+    <ScrollAreaPrimitive.Corner />
+  </ScrollAreaPrimitive.Root>
+))
+ScrollArea.displayName = ScrollAreaPrimitive.Root.displayName
+
+const ScrollBar = React.forwardRef<
+  React.ElementRef<typeof ScrollAreaPrimitive.ScrollAreaScrollbar>,
+  React.ComponentPropsWithoutRef<typeof ScrollAreaPrimitive.ScrollAreaScrollbar>
+>(({ className, orientation = "vertical", ...props }, ref) => (
+  <ScrollAreaPrimitive.ScrollAreaScrollbar
+    ref={ref}
+    orientation={orientation}
+    className={cn(
+      "flex touch-none select-none transition-colors",
+      orientation === "vertical" &&
+        "h-full w-2.5 border-l border-l-transparent p-[1px]",
+      orientation === "horizontal" &&
+        "h-2.5 flex-col border-t border-t-transparent p-[1px]",
+      className
+    )}
+    {...props}
+  >
+    <ScrollAreaPrimitive.ScrollAreaThumb className="relative flex-1 rounded-full bg-border" />
+  </ScrollAreaPrimitive.ScrollAreaScrollbar>
+))
+ScrollBar.displayName = ScrollAreaPrimitive.ScrollAreaScrollbar.displayName
+
+export { ScrollArea, ScrollBar }
diff --git a/wikibrowser/components/ui/select.tsx b/wikibrowser/components/ui/select.tsx
new file mode 100644
index 00000000..6e637f7d
--- /dev/null
+++ b/wikibrowser/components/ui/select.tsx
@@ -0,0 +1,159 @@
+"use client"
+
+import * as React from "react"
+import * as SelectPrimitive from "@radix-ui/react-select"
+import { Check, ChevronDown, ChevronUp } from "lucide-react"
+
+import { cn } from "@/lib/utils"
+
+const Select = SelectPrimitive.Root
+
+const SelectGroup = SelectPrimitive.Group
+
+const SelectValue = SelectPrimitive.Value
+
+const SelectTrigger = React.forwardRef<
+  React.ElementRef<typeof SelectPrimitive.Trigger>,
+  React.ComponentPropsWithoutRef<typeof SelectPrimitive.Trigger>
+>(({ className, children, ...props }, ref) => (
+  <SelectPrimitive.Trigger
+    ref={ref}
+    className={cn(
+      "flex h-9 w-full items-center justify-between whitespace-nowrap rounded-md border border-input bg-transparent px-3 py-2 text-sm shadow-sm ring-offset-background data-[placeholder]:text-muted-foreground focus:outline-none focus:ring-1 focus:ring-ring disabled:cursor-not-allowed disabled:opacity-50 [&>span]:line-clamp-1",
+      className
+    )}
+    {...props}
+  >
+    {children}
+    <SelectPrimitive.Icon asChild>
+      <ChevronDown className="h-4 w-4 opacity-50" />
+    </SelectPrimitive.Icon>
+  </SelectPrimitive.Trigger>
+))
+SelectTrigger.displayName = SelectPrimitive.Trigger.displayName
+
+const SelectScrollUpButton = React.forwardRef<
+  React.ElementRef<typeof SelectPrimitive.ScrollUpButton>,
+  React.ComponentPropsWithoutRef<typeof SelectPrimitive.ScrollUpButton>
+>(({ className, ...props }, ref) => (
+  <SelectPrimitive.ScrollUpButton
+    ref={ref}
+    className={cn(
+      "flex cursor-default items-center justify-center py-1",
+      className
+    )}
+    {...props}
+  >
+    <ChevronUp className="h-4 w-4" />
+  </SelectPrimitive.ScrollUpButton>
+))
+SelectScrollUpButton.displayName = SelectPrimitive.ScrollUpButton.displayName
+
+const SelectScrollDownButton = React.forwardRef<
+  React.ElementRef<typeof SelectPrimitive.ScrollDownButton>,
+  React.ComponentPropsWithoutRef<typeof SelectPrimitive.ScrollDownButton>
+>(({ className, ...props }, ref) => (
+  <SelectPrimitive.ScrollDownButton
+    ref={ref}
+    className={cn(
+      "flex cursor-default items-center justify-center py-1",
+      className
+    )}
+    {...props}
+  >
+    <ChevronDown className="h-4 w-4" />
+  </SelectPrimitive.ScrollDownButton>
+))
+SelectScrollDownButton.displayName =
+  SelectPrimitive.ScrollDownButton.displayName
+
+const SelectContent = React.forwardRef<
+  React.ElementRef<typeof SelectPrimitive.Content>,
+  React.ComponentPropsWithoutRef<typeof SelectPrimitive.Content>
+>(({ className, children, position = "popper", ...props }, ref) => (
+  <SelectPrimitive.Portal>
+    <SelectPrimitive.Content
+      ref={ref}
+      className={cn(
+        "relative z-50 max-h-[--radix-select-content-available-height] min-w-[8rem] overflow-y-auto overflow-x-hidden rounded-md border bg-popover text-popover-foreground shadow-md data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 origin-[--radix-select-content-transform-origin]",
+        position === "popper" &&
+          "data-[side=bottom]:translate-y-1 data-[side=left]:-translate-x-1 data-[side=right]:translate-x-1 data-[side=top]:-translate-y-1",
+        className
+      )}
+      position={position}
+      {...props}
+    >
+      <SelectScrollUpButton />
+      <SelectPrimitive.Viewport
+        className={cn(
+          "p-1",
+          position === "popper" &&
+            "h-[var(--radix-select-trigger-height)] w-full min-w-[var(--radix-select-trigger-width)]"
+        )}
+      >
+        {children}
+      </SelectPrimitive.Viewport>
+      <SelectScrollDownButton />
+    </SelectPrimitive.Content>
+  </SelectPrimitive.Portal>
+))
+SelectContent.displayName = SelectPrimitive.Content.displayName
+
+const SelectLabel = React.forwardRef<
+  React.ElementRef<typeof SelectPrimitive.Label>,
+  React.ComponentPropsWithoutRef<typeof SelectPrimitive.Label>
+>(({ className, ...props }, ref) => (
+  <SelectPrimitive.Label
+    ref={ref}
+    className={cn("px-2 py-1.5 text-sm font-semibold", className)}
+    {...props}
+  />
+))
+SelectLabel.displayName = SelectPrimitive.Label.displayName
+
+const SelectItem = React.forwardRef<
+  React.ElementRef<typeof SelectPrimitive.Item>,
+  React.ComponentPropsWithoutRef<typeof SelectPrimitive.Item>
+>(({ className, children, ...props }, ref) => (
+  <SelectPrimitive.Item
+    ref={ref}
+    className={cn(
+      "relative flex w-full cursor-default select-none items-center rounded-sm py-1.5 pl-2 pr-8 text-sm outline-none focus:bg-accent focus:text-accent-foreground data-[disabled]:pointer-events-none data-[disabled]:opacity-50",
+      className
+    )}
+    {...props}
+  >
+    <span className="absolute right-2 flex h-3.5 w-3.5 items-center justify-center">
+      <SelectPrimitive.ItemIndicator>
+        <Check className="h-4 w-4" />
+      </SelectPrimitive.ItemIndicator>
+    </span>
+    <SelectPrimitive.ItemText>{children}</SelectPrimitive.ItemText>
+  </SelectPrimitive.Item>
+))
+SelectItem.displayName = SelectPrimitive.Item.displayName
+
+const SelectSeparator = React.forwardRef<
+  React.ElementRef<typeof SelectPrimitive.Separator>,
+  React.ComponentPropsWithoutRef<typeof SelectPrimitive.Separator>
+>(({ className, ...props }, ref) => (
+  <SelectPrimitive.Separator
+    ref={ref}
+    className={cn("-mx-1 my-1 h-px bg-muted", className)}
+    {...props}
+  />
+))
+SelectSeparator.displayName = SelectPrimitive.Separator.displayName
+
+export {
+  Select,
+  SelectGroup,
+  SelectValue,
+  SelectTrigger,
+  SelectContent,
+  SelectLabel,
+  SelectItem,
+  SelectSeparator,
+  SelectScrollUpButton,
+  SelectScrollDownButton,
+}
diff --git a/wikibrowser/components/ui/separator.tsx b/wikibrowser/components/ui/separator.tsx
new file mode 100644
index 00000000..12d81c4a
--- /dev/null
+++ b/wikibrowser/components/ui/separator.tsx
@@ -0,0 +1,31 @@
+"use client"
+
+import * as React from "react"
+import * as SeparatorPrimitive from "@radix-ui/react-separator"
+
+import { cn } from "@/lib/utils"
+
+const Separator = React.forwardRef<
+  React.ElementRef<typeof SeparatorPrimitive.Root>,
+  React.ComponentPropsWithoutRef<typeof SeparatorPrimitive.Root>
+>(
+  (
+    { className, orientation = "horizontal", decorative = true, ...props },
+    ref
+  ) => (
+    <SeparatorPrimitive.Root
+      ref={ref}
+      decorative={decorative}
+      orientation={orientation}
+      className={cn(
+        "shrink-0 bg-border",
+        orientation === "horizontal" ? "h-[1px] w-full" : "h-full w-[1px]",
+        className
+      )}
+      {...props}
+    />
+  )
+)
+Separator.displayName = SeparatorPrimitive.Root.displayName
+
+export { Separator }
diff --git a/wikibrowser/components/ui/sheet.tsx b/wikibrowser/components/ui/sheet.tsx
new file mode 100644
index 00000000..272cb721
--- /dev/null
+++ b/wikibrowser/components/ui/sheet.tsx
@@ -0,0 +1,140 @@
+"use client"
+
+import * as React from "react"
+import * as SheetPrimitive from "@radix-ui/react-dialog"
+import { cva, type VariantProps } from "class-variance-authority"
+import { X } from "lucide-react"
+
+import { cn } from "@/lib/utils"
+
+const Sheet = SheetPrimitive.Root
+
+const SheetTrigger = SheetPrimitive.Trigger
+
+const SheetClose = SheetPrimitive.Close
+
+const SheetPortal = SheetPrimitive.Portal
+
+const SheetOverlay = React.forwardRef<
+  React.ElementRef<typeof SheetPrimitive.Overlay>,
+  React.ComponentPropsWithoutRef<typeof SheetPrimitive.Overlay>
+>(({ className, ...props }, ref) => (
+  <SheetPrimitive.Overlay
+    className={cn(
+      "fixed inset-0 z-50 bg-black/80  data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0",
+      className
+    )}
+    {...props}
+    ref={ref}
+  />
+))
+SheetOverlay.displayName = SheetPrimitive.Overlay.displayName
+
+const sheetVariants = cva(
+  "fixed z-50 gap-4 bg-background p-6 shadow-lg transition ease-in-out data-[state=closed]:duration-300 data-[state=open]:duration-500 data-[state=open]:animate-in data-[state=closed]:animate-out",
+  {
+    variants: {
+      side: {
+        top: "inset-x-0 top-0 border-b data-[state=closed]:slide-out-to-top data-[state=open]:slide-in-from-top",
+        bottom:
+          "inset-x-0 bottom-0 border-t data-[state=closed]:slide-out-to-bottom data-[state=open]:slide-in-from-bottom",
+        left: "inset-y-0 left-0 h-full w-3/4 border-r data-[state=closed]:slide-out-to-left data-[state=open]:slide-in-from-left sm:max-w-sm",
+        right:
+          "inset-y-0 right-0 h-full w-3/4 border-l data-[state=closed]:slide-out-to-right data-[state=open]:slide-in-from-right sm:max-w-sm",
+      },
+    },
+    defaultVariants: {
+      side: "right",
+    },
+  }
+)
+
+interface SheetContentProps
+  extends React.ComponentPropsWithoutRef<typeof SheetPrimitive.Content>,
+    VariantProps<typeof sheetVariants> {}
+
+const SheetContent = React.forwardRef<
+  React.ElementRef<typeof SheetPrimitive.Content>,
+  SheetContentProps
+>(({ side = "right", className, children, ...props }, ref) => (
+  <SheetPortal>
+    <SheetOverlay />
+    <SheetPrimitive.Content
+      ref={ref}
+      className={cn(sheetVariants({ side }), className)}
+      {...props}
+    >
+      <SheetPrimitive.Close className="absolute right-4 top-4 rounded-sm opacity-70 ring-offset-background transition-opacity hover:opacity-100 focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2 disabled:pointer-events-none data-[state=open]:bg-secondary">
+        <X className="h-4 w-4" />
+        <span className="sr-only">Close</span>
+      </SheetPrimitive.Close>
+      {children}
+    </SheetPrimitive.Content>
+  </SheetPortal>
+))
+SheetContent.displayName = SheetPrimitive.Content.displayName
+
+const SheetHeader = ({
+  className,
+  ...props
+}: React.HTMLAttributes<HTMLDivElement>) => (
+  <div
+    className={cn(
+      "flex flex-col space-y-2 text-center sm:text-left",
+      className
+    )}
+    {...props}
+  />
+)
+SheetHeader.displayName = "SheetHeader"
+
+const SheetFooter = ({
+  className,
+  ...props
+}: React.HTMLAttributes<HTMLDivElement>) => (
+  <div
+    className={cn(
+      "flex flex-col-reverse sm:flex-row sm:justify-end sm:space-x-2",
+      className
+    )}
+    {...props}
+  />
+)
+SheetFooter.displayName = "SheetFooter"
+
+const SheetTitle = React.forwardRef<
+  React.ElementRef<typeof SheetPrimitive.Title>,
+  React.ComponentPropsWithoutRef<typeof SheetPrimitive.Title>
+>(({ className, ...props }, ref) => (
+  <SheetPrimitive.Title
+    ref={ref}
+    className={cn("text-lg font-semibold text-foreground", className)}
+    {...props}
+  />
+))
+SheetTitle.displayName = SheetPrimitive.Title.displayName
+
+const SheetDescription = React.forwardRef<
+  React.ElementRef<typeof SheetPrimitive.Description>,
+  React.ComponentPropsWithoutRef<typeof SheetPrimitive.Description>
+>(({ className, ...props }, ref) => (
+  <SheetPrimitive.Description
+    ref={ref}
+    className={cn("text-sm text-muted-foreground", className)}
+    {...props}
+  />
+))
+SheetDescription.displayName = SheetPrimitive.Description.displayName
+
+export {
+  Sheet,
+  SheetPortal,
+  SheetOverlay,
+  SheetTrigger,
+  SheetClose,
+  SheetContent,
+  SheetHeader,
+  SheetFooter,
+  SheetTitle,
+  SheetDescription,
+}
diff --git a/wikibrowser/components/ui/sidebar.tsx b/wikibrowser/components/ui/sidebar.tsx
new file mode 100644
index 00000000..215e5359
--- /dev/null
+++ b/wikibrowser/components/ui/sidebar.tsx
@@ -0,0 +1,770 @@
+"use client"
+
+import * as React from "react"
+import { Slot } from "@radix-ui/react-slot"
+import { cva, type VariantProps } from "class-variance-authority"
+import { PanelLeft } from "lucide-react"
+
+import { useIsMobile } from "@/hooks/use-mobile"
+import { cn } from "@/lib/utils"
+import { Button } from "@/components/ui/button"
+import { Input } from "@/components/ui/input"
+import { Separator } from "@/components/ui/separator"
+import {
+  Sheet,
+  SheetContent,
+  SheetDescription,
+  SheetHeader,
+  SheetTitle,
+} from "@/components/ui/sheet"
+import { Skeleton } from "@/components/ui/skeleton"
+import {
+  Tooltip,
+  TooltipContent,
+  TooltipProvider,
+  TooltipTrigger,
+} from "@/components/ui/tooltip"
+
+const SIDEBAR_COOKIE_NAME = "sidebar_state"
+const SIDEBAR_COOKIE_MAX_AGE = 60 * 60 * 24 * 7
+const SIDEBAR_WIDTH = "20rem"
+const SIDEBAR_WIDTH_MOBILE = "20rem"
+const SIDEBAR_WIDTH_ICON = "4.5rem"
+const SIDEBAR_KEYBOARD_SHORTCUT = "b"
+
+type SidebarContextProps = {
+  state: "expanded" | "collapsed"
+  open: boolean
+  setOpen: (open: boolean) => void
+  openMobile: boolean
+  setOpenMobile: (open: boolean) => void
+  isMobile: boolean
+  toggleSidebar: () => void
+}
+
+const SidebarContext = React.createContext<SidebarContextProps | null>(null)
+
+function useSidebar() {
+  const context = React.useContext(SidebarContext)
+  if (!context) {
+    throw new Error("useSidebar must be used within a SidebarProvider.")
+  }
+
+  return context
+}
+
+const SidebarProvider = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"div"> & {
+    defaultOpen?: boolean
+    open?: boolean
+    onOpenChange?: (open: boolean) => void
+  }
+>(
+  (
+    {
+      defaultOpen = true,
+      open: openProp,
+      onOpenChange: setOpenProp,
+      className,
+      style,
+      children,
+      ...props
+    },
+    ref
+  ) => {
+    const isMobile = useIsMobile()
+    const [openMobile, setOpenMobile] = React.useState(false)
+
+    // This is the internal state of the sidebar.
+    // We use openProp and setOpenProp for control from outside the component.
+    const [_open, _setOpen] = React.useState(defaultOpen)
+    const open = openProp ?? _open
+    const setOpen = React.useCallback(
+      (value: boolean | ((value: boolean) => boolean)) => {
+        const openState = typeof value === "function" ? value(open) : value
+        if (setOpenProp) {
+          setOpenProp(openState)
+        } else {
+          _setOpen(openState)
+        }
+
+        // This sets the cookie to keep the sidebar state.
+        document.cookie = `${SIDEBAR_COOKIE_NAME}=${openState}; path=/; max-age=${SIDEBAR_COOKIE_MAX_AGE}`
+      },
+      [setOpenProp, open]
+    )
+
+    // Helper to toggle the sidebar.
+    const toggleSidebar = React.useCallback(() => {
+      return isMobile
+        ? setOpenMobile((open) => !open)
+        : setOpen((open) => !open)
+    }, [isMobile, setOpen, setOpenMobile])
+
+    // Adds a keyboard shortcut to toggle the sidebar.
+    React.useEffect(() => {
+      const handleKeyDown = (event: KeyboardEvent) => {
+        if (
+          event.key === SIDEBAR_KEYBOARD_SHORTCUT &&
+          (event.metaKey || event.ctrlKey)
+        ) {
+          event.preventDefault()
+          toggleSidebar()
+        }
+      }
+
+      window.addEventListener("keydown", handleKeyDown)
+      return () => window.removeEventListener("keydown", handleKeyDown)
+    }, [toggleSidebar])
+
+    // We add a state so that we can do data-state="expanded" or "collapsed".
+    // This makes it easier to style the sidebar with Tailwind classes.
+    const state = open ? "expanded" : "collapsed"
+
+    const contextValue = React.useMemo<SidebarContextProps>(
+      () => ({
+        state,
+        open,
+        setOpen,
+        isMobile,
+        openMobile,
+        setOpenMobile,
+        toggleSidebar,
+      }),
+      [state, open, setOpen, isMobile, openMobile, setOpenMobile, toggleSidebar]
+    )
+
+    return (
+      <SidebarContext.Provider value={contextValue}>
+        <TooltipProvider delayDuration={0}>
+          <div
+            style={
+              {
+                "--sidebar-width": SIDEBAR_WIDTH,
+                "--sidebar-width-icon": SIDEBAR_WIDTH_ICON,
+                ...style,
+              } as React.CSSProperties
+            }
+            className={cn(
+              "group/sidebar-wrapper flex min-h-svh w-full has-[[data-variant=inset]]:bg-sidebar",
+              className
+            )}
+            ref={ref}
+            {...props}
+          >
+            {children}
+          </div>
+        </TooltipProvider>
+      </SidebarContext.Provider>
+    )
+  }
+)
+SidebarProvider.displayName = "SidebarProvider"
+
+const Sidebar = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"div"> & {
+    side?: "left" | "right"
+    variant?: "sidebar" | "floating" | "inset"
+    collapsible?: "offcanvas" | "icon" | "none"
+  }
+>(
+  (
+    {
+      side = "left",
+      variant = "sidebar",
+      collapsible = "offcanvas",
+      className,
+      children,
+      ...props
+    },
+    ref
+  ) => {
+    const { isMobile, state, openMobile, setOpenMobile } = useSidebar()
+
+    if (collapsible === "none") {
+      return (
+        <div
+          className={cn(
+            "flex h-full w-[--sidebar-width] flex-col bg-sidebar text-sidebar-foreground",
+            className
+          )}
+          ref={ref}
+          {...props}
+        >
+          {children}
+        </div>
+      )
+    }
+
+    if (isMobile) {
+      return (
+        <Sheet open={openMobile} onOpenChange={setOpenMobile} {...props}>
+          <SheetContent
+            data-sidebar="sidebar"
+            data-mobile="true"
+            className="w-[--sidebar-width] bg-sidebar p-0 text-sidebar-foreground [&>button]:hidden"
+            style={
+              {
+                "--sidebar-width": SIDEBAR_WIDTH_MOBILE,
+              } as React.CSSProperties
+            }
+            side={side}
+          >
+            <SheetHeader className="sr-only">
+              <SheetTitle>Sidebar</SheetTitle>
+              <SheetDescription>Displays the mobile sidebar.</SheetDescription>
+            </SheetHeader>
+            <div className="flex h-full w-full flex-col">{children}</div>
+          </SheetContent>
+        </Sheet>
+      )
+    }
+
+    return (
+      <div
+        ref={ref}
+        className="group peer hidden text-sidebar-foreground md:block"
+        data-state={state}
+        data-collapsible={state === "collapsed" ? collapsible : ""}
+        data-variant={variant}
+        data-side={side}
+      >
+        {/* This is what handles the sidebar gap on desktop */}
+        <div
+          className={cn(
+            "relative w-[--sidebar-width] bg-transparent transition-[width] duration-200 ease-linear",
+            "group-data-[collapsible=offcanvas]:w-0",
+            "group-data-[side=right]:rotate-180",
+            variant === "floating" || variant === "inset"
+              ? "group-data-[collapsible=icon]:w-[calc(var(--sidebar-width-icon)_+_theme(spacing.4))]"
+              : "group-data-[collapsible=icon]:w-[--sidebar-width-icon]"
+          )}
+        />
+        <div
+          className={cn(
+            "fixed inset-y-0 z-10 hidden h-svh w-[--sidebar-width] transition-[left,right,width] duration-200 ease-linear md:flex",
+            side === "left"
+              ? "left-0 group-data-[collapsible=offcanvas]:left-[calc(var(--sidebar-width)*-1)]"
+              : "right-0 group-data-[collapsible=offcanvas]:right-[calc(var(--sidebar-width)*-1)]",
+            // Adjust the padding for floating and inset variants.
+            variant === "floating" || variant === "inset"
+              ? "p-2 group-data-[collapsible=icon]:w-[calc(var(--sidebar-width-icon)_+_theme(spacing.4)_+2px)]"
+              : "group-data-[collapsible=icon]:w-[--sidebar-width-icon] group-data-[side=left]:border-r group-data-[side=right]:border-l",
+            className
+          )}
+          {...props}
+        >
+          <div
+            data-sidebar="sidebar"
+            className="flex h-full w-full flex-col bg-sidebar group-data-[variant=floating]:rounded-lg group-data-[variant=floating]:border group-data-[variant=floating]:border-sidebar-border group-data-[variant=floating]:shadow"
+          >
+            {children}
+          </div>
+        </div>
+      </div>
+    )
+  }
+)
+Sidebar.displayName = "Sidebar"
+
+const SidebarTrigger = React.forwardRef<
+  React.ElementRef<typeof Button>,
+  React.ComponentProps<typeof Button>
+>(({ className, onClick, ...props }, ref) => {
+  const { toggleSidebar } = useSidebar()
+
+  return (
+    <Button
+      ref={ref}
+      data-sidebar="trigger"
+      variant="ghost"
+      size="icon"
+      className={cn("h-7 w-7", className)}
+      onClick={(event) => {
+        onClick?.(event)
+        toggleSidebar()
+      }}
+      {...props}
+    >
+      <PanelLeft />
+      <span className="sr-only">Toggle Sidebar</span>
+    </Button>
+  )
+})
+SidebarTrigger.displayName = "SidebarTrigger"
+
+const SidebarRail = React.forwardRef<
+  HTMLButtonElement,
+  React.ComponentProps<"button">
+>(({ className, ...props }, ref) => {
+  const { toggleSidebar } = useSidebar()
+
+  return (
+    <button
+      ref={ref}
+      data-sidebar="rail"
+      aria-label="Toggle Sidebar"
+      tabIndex={-1}
+      onClick={toggleSidebar}
+      title="Toggle Sidebar"
+      className={cn(
+        "absolute inset-y-0 z-20 hidden w-4 -translate-x-1/2 transition-all ease-linear after:absolute after:inset-y-0 after:left-1/2 after:w-[2px] hover:after:bg-sidebar-border group-data-[side=left]:-right-4 group-data-[side=right]:left-0 sm:flex",
+        "[[data-side=left]_&]:cursor-w-resize [[data-side=right]_&]:cursor-e-resize",
+        "[[data-side=left][data-state=collapsed]_&]:cursor-e-resize [[data-side=right][data-state=collapsed]_&]:cursor-w-resize",
+        "group-data-[collapsible=offcanvas]:translate-x-0 group-data-[collapsible=offcanvas]:after:left-full group-data-[collapsible=offcanvas]:hover:bg-sidebar",
+        "[[data-side=left][data-collapsible=offcanvas]_&]:-right-2",
+        "[[data-side=right][data-collapsible=offcanvas]_&]:-left-2",
+        className
+      )}
+      {...props}
+    />
+  )
+})
+SidebarRail.displayName = "SidebarRail"
+
+const SidebarInset = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"main">
+>(({ className, ...props }, ref) => {
+  return (
+    <main
+      ref={ref}
+      className={cn(
+        "relative flex w-full flex-1 flex-col bg-background",
+        "md:peer-data-[variant=inset]:m-2 md:peer-data-[state=collapsed]:peer-data-[variant=inset]:ml-2 md:peer-data-[variant=inset]:ml-0 md:peer-data-[variant=inset]:rounded-xl md:peer-data-[variant=inset]:shadow",
+        className
+      )}
+      {...props}
+    />
+  )
+})
+SidebarInset.displayName = "SidebarInset"
+
+const SidebarInput = React.forwardRef<
+  React.ElementRef<typeof Input>,
+  React.ComponentProps<typeof Input>
+>(({ className, ...props }, ref) => {
+  return (
+    <Input
+      ref={ref}
+      data-sidebar="input"
+      className={cn(
+        "h-8 w-full bg-background shadow-none focus-visible:ring-2 focus-visible:ring-sidebar-ring",
+        className
+      )}
+      {...props}
+    />
+  )
+})
+SidebarInput.displayName = "SidebarInput"
+
+const SidebarHeader = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"div">
+>(({ className, ...props }, ref) => {
+  return (
+    <div
+      ref={ref}
+      data-sidebar="header"
+      className={cn("flex flex-col gap-2 p-2", className)}
+      {...props}
+    />
+  )
+})
+SidebarHeader.displayName = "SidebarHeader"
+
+const SidebarFooter = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"div">
+>(({ className, ...props }, ref) => {
+  return (
+    <div
+      ref={ref}
+      data-sidebar="footer"
+      className={cn("flex flex-col gap-2 p-2", className)}
+      {...props}
+    />
+  )
+})
+SidebarFooter.displayName = "SidebarFooter"
+
+const SidebarSeparator = React.forwardRef<
+  React.ElementRef<typeof Separator>,
+  React.ComponentProps<typeof Separator>
+>(({ className, ...props }, ref) => {
+  return (
+    <Separator
+      ref={ref}
+      data-sidebar="separator"
+      className={cn("mx-2 w-auto bg-sidebar-border", className)}
+      {...props}
+    />
+  )
+})
+SidebarSeparator.displayName = "SidebarSeparator"
+
+const SidebarContent = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"div">
+>(({ className, ...props }, ref) => {
+  return (
+    <div
+      ref={ref}
+      data-sidebar="content"
+      className={cn(
+        "flex min-h-0 flex-1 flex-col gap-2 overflow-auto group-data-[collapsible=icon]:overflow-hidden",
+        className
+      )}
+      {...props}
+    />
+  )
+})
+SidebarContent.displayName = "SidebarContent"
+
+const SidebarGroup = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"div">
+>(({ className, ...props }, ref) => {
+  return (
+    <div
+      ref={ref}
+      data-sidebar="group"
+      className={cn("relative flex w-full min-w-0 flex-col p-2", className)}
+      {...props}
+    />
+  )
+})
+SidebarGroup.displayName = "SidebarGroup"
+
+const SidebarGroupLabel = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"div"> & { asChild?: boolean }
+>(({ className, asChild = false, ...props }, ref) => {
+  const Comp = asChild ? Slot : "div"
+
+  return (
+    <Comp
+      ref={ref}
+      data-sidebar="group-label"
+      className={cn(
+        "flex h-8 shrink-0 items-center rounded-md px-2 text-xs font-medium text-sidebar-foreground/70 outline-none ring-sidebar-ring transition-[margin,opacity] duration-200 ease-linear focus-visible:ring-2 [&>svg]:size-4 [&>svg]:shrink-0",
+        "group-data-[collapsible=icon]:-mt-8 group-data-[collapsible=icon]:opacity-0",
+        className
+      )}
+      {...props}
+    />
+  )
+})
+SidebarGroupLabel.displayName = "SidebarGroupLabel"
+
+const SidebarGroupAction = React.forwardRef<
+  HTMLButtonElement,
+  React.ComponentProps<"button"> & { asChild?: boolean }
+>(({ className, asChild = false, ...props }, ref) => {
+  const Comp = asChild ? Slot : "button"
+
+  return (
+    <Comp
+      ref={ref}
+      data-sidebar="group-action"
+      className={cn(
+        "absolute right-3 top-3.5 flex aspect-square w-5 items-center justify-center rounded-md p-0 text-sidebar-foreground outline-none ring-sidebar-ring transition-transform hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:ring-2 [&>svg]:size-4 [&>svg]:shrink-0",
+        // Increases the hit area of the button on mobile.
+        "after:absolute after:-inset-2 after:md:hidden",
+        "group-data-[collapsible=icon]:hidden",
+        className
+      )}
+      {...props}
+    />
+  )
+})
+SidebarGroupAction.displayName = "SidebarGroupAction"
+
+const SidebarGroupContent = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"div">
+>(({ className, ...props }, ref) => (
+  <div
+    ref={ref}
+    data-sidebar="group-content"
+    className={cn("w-full text-sm", className)}
+    {...props}
+  />
+))
+SidebarGroupContent.displayName = "SidebarGroupContent"
+
+const SidebarMenu = React.forwardRef<
+  HTMLUListElement,
+  React.ComponentProps<"ul">
+>(({ className, ...props }, ref) => (
+  <ul
+    ref={ref}
+    data-sidebar="menu"
+    className={cn("flex w-full min-w-0 flex-col gap-1", className)}
+    {...props}
+  />
+))
+SidebarMenu.displayName = "SidebarMenu"
+
+const SidebarMenuItem = React.forwardRef<
+  HTMLLIElement,
+  React.ComponentProps<"li">
+>(({ className, ...props }, ref) => (
+  <li
+    ref={ref}
+    data-sidebar="menu-item"
+    className={cn("group/menu-item relative", className)}
+    {...props}
+  />
+))
+SidebarMenuItem.displayName = "SidebarMenuItem"
+
+const sidebarMenuButtonVariants = cva(
+  "peer/menu-button flex w-full items-center gap-2 overflow-hidden rounded-md p-2 text-left text-sm outline-none ring-sidebar-ring transition-[width,height,padding] hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:ring-2 active:bg-sidebar-accent active:text-sidebar-accent-foreground disabled:pointer-events-none disabled:opacity-50 group-has-[[data-sidebar=menu-action]]/menu-item:pr-8 aria-disabled:pointer-events-none aria-disabled:opacity-50 data-[active=true]:bg-sidebar-accent data-[active=true]:font-medium data-[active=true]:text-sidebar-accent-foreground data-[state=open]:hover:bg-sidebar-accent data-[state=open]:hover:text-sidebar-accent-foreground group-data-[collapsible=icon]:!size-8 group-data-[collapsible=icon]:!p-2 [&>span:last-child]:truncate [&>svg]:size-4 [&>svg]:shrink-0",
+  {
+    variants: {
+      variant: {
+        default: "hover:bg-sidebar-accent hover:text-sidebar-accent-foreground",
+        outline:
+          "bg-background shadow-[0_0_0_1px_hsl(var(--sidebar-border))] hover:bg-sidebar-accent hover:text-sidebar-accent-foreground hover:shadow-[0_0_0_1px_hsl(var(--sidebar-accent))]",
+      },
+      size: {
+        default: "h-8 text-sm",
+        sm: "h-7 text-xs",
+        lg: "h-12 text-sm group-data-[collapsible=icon]:!p-0",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+      size: "default",
+    },
+  }
+)
+
+const SidebarMenuButton = React.forwardRef<
+  HTMLButtonElement,
+  React.ComponentProps<"button"> & {
+    asChild?: boolean
+    isActive?: boolean
+    tooltip?: string | React.ComponentProps<typeof TooltipContent>
+  } & VariantProps<typeof sidebarMenuButtonVariants>
+>(
+  (
+    {
+      asChild = false,
+      isActive = false,
+      variant = "default",
+      size = "default",
+      tooltip,
+      className,
+      ...props
+    },
+    ref
+  ) => {
+    const Comp = asChild ? Slot : "button"
+    const { isMobile, state } = useSidebar()
+
+    const button = (
+      <Comp
+        ref={ref}
+        data-sidebar="menu-button"
+        data-size={size}
+        data-active={isActive}
+        className={cn(sidebarMenuButtonVariants({ variant, size }), className)}
+        {...props}
+      />
+    )
+
+    if (!tooltip) {
+      return button
+    }
+
+    if (typeof tooltip === "string") {
+      tooltip = {
+        children: tooltip,
+      }
+    }
+
+    return (
+      <Tooltip>
+        <TooltipTrigger asChild>{button}</TooltipTrigger>
+        <TooltipContent
+          side="right"
+          align="center"
+          hidden={state !== "collapsed" || isMobile}
+          {...tooltip}
+        />
+      </Tooltip>
+    )
+  }
+)
+SidebarMenuButton.displayName = "SidebarMenuButton"
+
+const SidebarMenuAction = React.forwardRef<
+  HTMLButtonElement,
+  React.ComponentProps<"button"> & {
+    asChild?: boolean
+    showOnHover?: boolean
+  }
+>(({ className, asChild = false, showOnHover = false, ...props }, ref) => {
+  const Comp = asChild ? Slot : "button"
+
+  return (
+    <Comp
+      ref={ref}
+      data-sidebar="menu-action"
+      className={cn(
+        "absolute right-1 top-1.5 flex aspect-square w-5 items-center justify-center rounded-md p-0 text-sidebar-foreground outline-none ring-sidebar-ring transition-transform hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:ring-2 peer-hover/menu-button:text-sidebar-accent-foreground [&>svg]:size-4 [&>svg]:shrink-0",
+        // Increases the hit area of the button on mobile.
+        "after:absolute after:-inset-2 after:md:hidden",
+        "peer-data-[size=sm]/menu-button:top-1",
+        "peer-data-[size=default]/menu-button:top-1.5",
+        "peer-data-[size=lg]/menu-button:top-2.5",
+        "group-data-[collapsible=icon]:hidden",
+        showOnHover &&
+          "group-focus-within/menu-item:opacity-100 group-hover/menu-item:opacity-100 data-[state=open]:opacity-100 peer-data-[active=true]/menu-button:text-sidebar-accent-foreground md:opacity-0",
+        className
+      )}
+      {...props}
+    />
+  )
+})
+SidebarMenuAction.displayName = "SidebarMenuAction"
+
+const SidebarMenuBadge = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"div">
+>(({ className, ...props }, ref) => (
+  <div
+    ref={ref}
+    data-sidebar="menu-badge"
+    className={cn(
+      "pointer-events-none absolute right-1 flex h-5 min-w-5 select-none items-center justify-center rounded-md px-1 text-xs font-medium tabular-nums text-sidebar-foreground",
+      "peer-hover/menu-button:text-sidebar-accent-foreground peer-data-[active=true]/menu-button:text-sidebar-accent-foreground",
+      "peer-data-[size=sm]/menu-button:top-1",
+      "peer-data-[size=default]/menu-button:top-1.5",
+      "peer-data-[size=lg]/menu-button:top-2.5",
+      "group-data-[collapsible=icon]:hidden",
+      className
+    )}
+    {...props}
+  />
+))
+SidebarMenuBadge.displayName = "SidebarMenuBadge"
+
+const SidebarMenuSkeleton = React.forwardRef<
+  HTMLDivElement,
+  React.ComponentProps<"div"> & {
+    showIcon?: boolean
+  }
+>(({ className, showIcon = false, ...props }, ref) => {
+  const width = "70%"
+
+  return (
+    <div
+      ref={ref}
+      data-sidebar="menu-skeleton"
+      className={cn("flex h-8 items-center gap-2 rounded-md px-2", className)}
+      {...props}
+    >
+      {showIcon && (
+        <Skeleton
+          className="size-4 rounded-md"
+          data-sidebar="menu-skeleton-icon"
+        />
+      )}
+      <Skeleton
+        className="h-4 max-w-[--skeleton-width] flex-1"
+        data-sidebar="menu-skeleton-text"
+        style={
+          {
+            "--skeleton-width": width,
+          } as React.CSSProperties
+        }
+      />
+    </div>
+  )
+})
+SidebarMenuSkeleton.displayName = "SidebarMenuSkeleton"
+
+const SidebarMenuSub = React.forwardRef<
+  HTMLUListElement,
+  React.ComponentProps<"ul">
+>(({ className, ...props }, ref) => (
+  <ul
+    ref={ref}
+    data-sidebar="menu-sub"
+    className={cn(
+      "mx-3.5 flex min-w-0 translate-x-px flex-col gap-1 border-l border-sidebar-border px-2.5 py-0.5",
+      "group-data-[collapsible=icon]:hidden",
+      className
+    )}
+    {...props}
+  />
+))
+SidebarMenuSub.displayName = "SidebarMenuSub"
+
+const SidebarMenuSubItem = React.forwardRef<
+  HTMLLIElement,
+  React.ComponentProps<"li">
+>(({ ...props }, ref) => <li ref={ref} {...props} />)
+SidebarMenuSubItem.displayName = "SidebarMenuSubItem"
+
+const SidebarMenuSubButton = React.forwardRef<
+  HTMLAnchorElement,
+  React.ComponentProps<"a"> & {
+    asChild?: boolean
+    size?: "sm" | "md"
+    isActive?: boolean
+  }
+>(({ asChild = false, size = "md", isActive, className, ...props }, ref) => {
+  const Comp = asChild ? Slot : "a"
+
+  return (
+    <Comp
+      ref={ref}
+      data-sidebar="menu-sub-button"
+      data-size={size}
+      data-active={isActive}
+      className={cn(
+        "flex h-7 min-w-0 -translate-x-px items-center gap-2 overflow-hidden rounded-md px-2 text-sidebar-foreground outline-none ring-sidebar-ring hover:bg-sidebar-accent hover:text-sidebar-accent-foreground focus-visible:ring-2 active:bg-sidebar-accent active:text-sidebar-accent-foreground disabled:pointer-events-none disabled:opacity-50 aria-disabled:pointer-events-none aria-disabled:opacity-50 [&>span:last-child]:truncate [&>svg]:size-4 [&>svg]:shrink-0 [&>svg]:text-sidebar-accent-foreground",
+        "data-[active=true]:bg-sidebar-accent data-[active=true]:text-sidebar-accent-foreground",
+        size === "sm" && "text-xs",
+        size === "md" && "text-sm",
+        "group-data-[collapsible=icon]:hidden",
+        className
+      )}
+      {...props}
+    />
+  )
+})
+SidebarMenuSubButton.displayName = "SidebarMenuSubButton"
+
+export {
+  Sidebar,
+  SidebarContent,
+  SidebarFooter,
+  SidebarGroup,
+  SidebarGroupAction,
+  SidebarGroupContent,
+  SidebarGroupLabel,
+  SidebarHeader,
+  SidebarInput,
+  SidebarInset,
+  SidebarMenu,
+  SidebarMenuAction,
+  SidebarMenuBadge,
+  SidebarMenuButton,
+  SidebarMenuItem,
+  SidebarMenuSkeleton,
+  SidebarMenuSub,
+  SidebarMenuSubButton,
+  SidebarMenuSubItem,
+  SidebarProvider,
+  SidebarRail,
+  SidebarSeparator,
+  SidebarTrigger,
+  useSidebar,
+}
diff --git a/wikibrowser/components/ui/skeleton.tsx b/wikibrowser/components/ui/skeleton.tsx
new file mode 100644
index 00000000..d7e45f7b
--- /dev/null
+++ b/wikibrowser/components/ui/skeleton.tsx
@@ -0,0 +1,15 @@
+import { cn } from "@/lib/utils"
+
+function Skeleton({
+  className,
+  ...props
+}: React.HTMLAttributes<HTMLDivElement>) {
+  return (
+    <div
+      className={cn("animate-pulse rounded-md bg-primary/10", className)}
+      {...props}
+    />
+  )
+}
+
+export { Skeleton }
diff --git a/wikibrowser/components/ui/tabs.tsx b/wikibrowser/components/ui/tabs.tsx
new file mode 100644
index 00000000..0f4caebb
--- /dev/null
+++ b/wikibrowser/components/ui/tabs.tsx
@@ -0,0 +1,55 @@
+"use client"
+
+import * as React from "react"
+import * as TabsPrimitive from "@radix-ui/react-tabs"
+
+import { cn } from "@/lib/utils"
+
+const Tabs = TabsPrimitive.Root
+
+const TabsList = React.forwardRef<
+  React.ElementRef<typeof TabsPrimitive.List>,
+  React.ComponentPropsWithoutRef<typeof TabsPrimitive.List>
+>(({ className, ...props }, ref) => (
+  <TabsPrimitive.List
+    ref={ref}
+    className={cn(
+      "inline-flex h-9 items-center justify-center rounded-lg bg-muted p-1 text-muted-foreground",
+      className
+    )}
+    {...props}
+  />
+))
+TabsList.displayName = TabsPrimitive.List.displayName
+
+const TabsTrigger = React.forwardRef<
+  React.ElementRef<typeof TabsPrimitive.Trigger>,
+  React.ComponentPropsWithoutRef<typeof TabsPrimitive.Trigger>
+>(({ className, ...props }, ref) => (
+  <TabsPrimitive.Trigger
+    ref={ref}
+    className={cn(
+      "inline-flex items-center justify-center whitespace-nowrap rounded-md px-3 py-1 text-sm font-medium ring-offset-background transition-all focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50 data-[state=active]:bg-background data-[state=active]:text-foreground data-[state=active]:shadow",
+      className
+    )}
+    {...props}
+  />
+))
+TabsTrigger.displayName = TabsPrimitive.Trigger.displayName
+
+const TabsContent = React.forwardRef<
+  React.ElementRef<typeof TabsPrimitive.Content>,
+  React.ComponentPropsWithoutRef<typeof TabsPrimitive.Content>
+>(({ className, ...props }, ref) => (
+  <TabsPrimitive.Content
+    ref={ref}
+    className={cn(
+      "mt-2 ring-offset-background focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2",
+      className
+    )}
+    {...props}
+  />
+))
+TabsContent.displayName = TabsPrimitive.Content.displayName
+
+export { Tabs, TabsList, TabsTrigger, TabsContent }
diff --git a/wikibrowser/components/ui/tooltip.tsx b/wikibrowser/components/ui/tooltip.tsx
new file mode 100644
index 00000000..28e19183
--- /dev/null
+++ b/wikibrowser/components/ui/tooltip.tsx
@@ -0,0 +1,32 @@
+"use client"
+
+import * as React from "react"
+import * as TooltipPrimitive from "@radix-ui/react-tooltip"
+
+import { cn } from "@/lib/utils"
+
+const TooltipProvider = TooltipPrimitive.Provider
+
+const Tooltip = TooltipPrimitive.Root
+
+const TooltipTrigger = TooltipPrimitive.Trigger
+
+const TooltipContent = React.forwardRef<
+  React.ElementRef<typeof TooltipPrimitive.Content>,
+  React.ComponentPropsWithoutRef<typeof TooltipPrimitive.Content>
+>(({ className, sideOffset = 4, ...props }, ref) => (
+  <TooltipPrimitive.Portal>
+    <TooltipPrimitive.Content
+      ref={ref}
+      sideOffset={sideOffset}
+      className={cn(
+        "z-50 overflow-hidden rounded-md bg-primary px-3 py-1.5 text-xs text-primary-foreground animate-in fade-in-0 zoom-in-95 data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=closed]:zoom-out-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 origin-[--radix-tooltip-content-transform-origin]",
+        className
+      )}
+      {...props}
+    />
+  </TooltipPrimitive.Portal>
+))
+TooltipContent.displayName = TooltipPrimitive.Content.displayName
+
+export { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider }
diff --git a/wikibrowser/components/wiki-browser.tsx b/wikibrowser/components/wiki-browser.tsx
index 15e6bd27..55a387cf 100644
--- a/wikibrowser/components/wiki-browser.tsx
+++ b/wikibrowser/components/wiki-browser.tsx
@@ -2,7 +2,7 @@
 
 import { AuthClient } from "@icp-sdk/auth/client";
 import type { Identity } from "@icp-sdk/core/agent";
-import type { ChangeEvent, FormEvent } from "react";
+import type { ChangeEvent, FormEvent, ReactNode } from "react";
 import { useCallback, useEffect, useMemo, useRef, useState } from "react";
 import dynamic from "next/dynamic";
 import Image from "next/image";
@@ -16,12 +16,14 @@ import { Inspector } from "@/components/inspector";
 import { IngestPanel } from "@/components/ingest-panel";
 import { QueryPanel } from "@/components/query-panel";
 import { PanelHeader } from "@/components/panel";
+import { Button } from "@/components/ui/button";
+import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip";
 import { AUTH_CLIENT_CREATE_OPTIONS, authLoginOptions } from "@/lib/auth";
 import { databaseCyclesDisabledReason, databaseCyclesHref, databaseCyclesView, formatCycles } from "@/lib/cycles-state";
 import { readBrowserNodeCache } from "@/lib/browser-node-cache";
 import { hrefForDatabaseSwitch, hrefForGraph, hrefForHelp, hrefForPath, hrefForSearch, parentPath } from "@/lib/paths";
 import { nodeRequestKey } from "@/lib/request-keys";
-import { xShareDatabaseHref } from "@/lib/share-links";
+import { databaseRouteBase, xShareDatabaseHref } from "@/lib/share-links";
 import type { CyclesBillingConfig, ChildNode, DatabaseRole, DatabaseSummary, NodeContext, WikiNode } from "@/lib/types";
 import { getCyclesBillingConfig, listDatabasesAuthenticated, listDatabasesPublic } from "@/lib/vfs-client";
 import { folderIndexPath, isReservedFolderIndexName, visibleChildren } from "@/lib/folder-index";
@@ -905,60 +907,90 @@ function ExplorerHeaderActions({
 }) {
   return (
     <div className="flex items-center gap-1">
-      <button
-        type="button"
-        className="rounded-md p-1 text-muted hover:bg-accentSoft hover:text-accentText disabled:cursor-not-allowed disabled:opacity-40"
+      <ExplorerActionButton
         onClick={onNewFile}
         disabled={fileDisabled}
         title={fileTitle}
         aria-label="New Markdown file"
       >
         <FilePlus size={15} />
-      </button>
-      <button
-        type="button"
-        className="rounded-md p-1 text-muted hover:bg-accentSoft hover:text-accentText disabled:cursor-not-allowed disabled:opacity-40"
+      </ExplorerActionButton>
+      <ExplorerActionButton
         onClick={onNewFolder}
         disabled={folderDisabled}
         title={folderTitle}
         aria-label="New folder"
       >
         <FolderPlus size={15} />
-      </button>
-      <button
-        type="button"
-        className="rounded-md p-1 text-muted hover:bg-accentSoft hover:text-accentText disabled:cursor-not-allowed disabled:opacity-40"
+      </ExplorerActionButton>
+      <ExplorerActionButton
         onClick={onRename}
         disabled={renameDisabled}
         title={renameTitle}
         aria-label="Rename selected node"
       >
         <Pencil size={15} />
-      </button>
-      <button
-        type="button"
-        className="rounded-md p-1 text-muted hover:bg-accentSoft hover:text-accentText disabled:cursor-not-allowed disabled:opacity-40"
+      </ExplorerActionButton>
+      <ExplorerActionButton
         onClick={onMove}
         disabled={moveDisabled}
         title={moveTitle}
         aria-label="Move selected node"
       >
         <MoveRight size={15} />
-      </button>
-      <button
-        type="button"
-        className="rounded-md p-1 text-muted hover:bg-red-50 hover:text-red-700 disabled:cursor-not-allowed disabled:opacity-40"
+      </ExplorerActionButton>
+      <ExplorerActionButton
         onClick={onDelete}
         disabled={deleteDisabled}
         title={deleteTitle}
         aria-label="Delete selected Markdown file"
+        danger
       >
         <Trash2 size={15} />
-      </button>
+      </ExplorerActionButton>
     </div>
   );
 }
 
+function ExplorerActionButton({
+  children,
+  danger = false,
+  disabled,
+  title,
+  onClick,
+  "aria-label": ariaLabel
+}: {
+  children: ReactNode;
+  danger?: boolean;
+  disabled: boolean;
+  title: string;
+  onClick: () => void;
+  "aria-label": string;
+}) {
+  return (
+    <Tooltip>
+      <TooltipTrigger asChild>
+        <span className="inline-flex">
+          <Button
+            type="button"
+            variant="ghost"
+            size="icon"
+            className={`h-8 w-8 rounded-xl text-muted disabled:cursor-not-allowed disabled:opacity-40 ${danger ? "hover:bg-red-50 hover:text-red-700" : "hover:bg-accentSoft hover:text-accentText"}`}
+            onClick={onClick}
+            disabled={disabled}
+            aria-label={ariaLabel}
+          >
+            {children}
+          </Button>
+        </span>
+      </TooltipTrigger>
+      <TooltipContent side="bottom">
+        <p>{title}</p>
+      </TooltipContent>
+    </Tooltip>
+  );
+}
+
 function ExplorerCreateForm({
   mode,
   directoryPath,
@@ -1299,21 +1331,20 @@ function TopBar({
   }
 
   return (
-    <header className="grid min-h-[52px] grid-cols-[minmax(0,1fr)_auto] gap-2 border-b border-line bg-paper/80 px-3 py-2 backdrop-blur lg:grid-cols-[auto_minmax(280px,720px)_auto] lg:items-center lg:gap-4">
+    <header className="grid min-h-[64px] grid-cols-[minmax(0,1fr)_auto] gap-2 border-b border-line bg-white/90 px-3 py-3 backdrop-blur lg:grid-cols-[auto_minmax(280px,720px)_auto] lg:items-center lg:gap-3">
       <div className="flex min-w-0 flex-wrap items-center gap-2">
         <button
-          type="button"
           className={`inline-flex items-center justify-center rounded-lg border p-2 lg:hidden ${mobileSidebarOpen ? "border-accent bg-accent text-white" : "border-line bg-white text-ink hover:border-accent hover:bg-accentSoft"}`}
-          aria-controls="wiki-mobile-sidebar"
+          type="button"
           aria-expanded={mobileSidebarOpen}
-          aria-label="Toggle Explorer tabs"
-          data-tid="mobile-sidebar-toggle"
+          aria-controls="wiki-mobile-sidebar"
+          aria-label="Toggle workspace panel"
           onClick={onMobileSidebarToggle}
         >
           <Menu size={18} aria-hidden />
         </button>
         <Link
-          className="inline-flex items-center gap-2 rounded-lg border border-line bg-white px-2.5 py-1.5 text-sm font-semibold leading-tight text-ink no-underline hover:border-accent"
+          className="inline-flex items-center gap-2 rounded-2xl border border-line bg-white px-3 py-2 text-sm font-semibold leading-tight text-ink no-underline shadow-[0_4px_10px_#14142b0a] hover:border-accent hover:text-accent"
           href="/dashboard"
           aria-label="Back to database dashboard"
         >
@@ -1326,7 +1357,7 @@ function TopBar({
           </label>
           <select
             id="database-switcher"
-            className="w-[132px] rounded-lg border border-line bg-white px-2 py-1.5 font-mono text-xs text-ink outline-none sm:w-[180px]"
+            className="h-10 w-[132px] rounded-2xl border border-line bg-white px-3 py-2 font-mono text-xs text-ink shadow-[0_4px_10px_#14142b0a] outline-none focus:border-accent sm:w-[180px]"
             value={databaseId}
             onChange={switchDatabase}
             aria-label="Switch database"
@@ -1347,7 +1378,7 @@ function TopBar({
         {publicReadable ? (
           <a
             aria-label={`Share ${currentDatabaseName} on X`}
-            className={`${HEADER_ICON_LINK_CLASS} border-line bg-white text-ink hover:border-accent hover:bg-accentSoft`}
+            className={`${HEADER_ICON_LINK_CLASS} rounded-2xl border-line bg-white text-ink shadow-[0_4px_10px_#14142b0a] hover:border-accent hover:bg-accent hover:text-white`}
             href={xShareDatabaseHref({ databaseId, databaseName: currentDatabaseName })}
             rel="noreferrer"
             target="_blank"
@@ -1358,7 +1389,7 @@ function TopBar({
           </a>
         ) : null}
         <Link
-          className={`${HEADER_ICON_LINK_CLASS} ${isHelpPage ? "border-accent bg-accent text-white" : "border-line bg-white text-ink hover:border-accent hover:bg-accentSoft"}`}
+          className={`${HEADER_ICON_LINK_CLASS} rounded-2xl lg:hidden ${isHelpPage ? "border-accent bg-accent text-white" : "border-line bg-white text-ink shadow-[0_4px_10px_#14142b0a] hover:border-accent hover:bg-accent hover:text-white"}`}
           href={isHelpPage ? hrefForPath(canisterId, databaseId, "/Wiki") : hrefForHelp(canisterId, databaseId)}
           aria-label="Help"
           title={isHelpPage ? "Close help" : "Help"}
@@ -1367,7 +1398,7 @@ function TopBar({
           <span className="sr-only sm:not-sr-only">Help</span>
         </Link>
         <Link
-          className={`${HEADER_ICON_LINK_CLASS} ${isGraphPage ? "border-accent bg-accent text-white" : "border-line bg-white text-ink hover:border-accent hover:bg-accentSoft"}`}
+          className={`${HEADER_ICON_LINK_CLASS} rounded-2xl lg:hidden ${isGraphPage ? "border-accent bg-accent text-white" : "border-line bg-white text-ink shadow-[0_4px_10px_#14142b0a] hover:border-accent hover:bg-accent hover:text-white"}`}
           href={graphHref}
           aria-label="Graph"
           title={isGraphPage ? "Close graph" : "Graph"}
@@ -1377,11 +1408,11 @@ function TopBar({
         </Link>
         <DatabaseCyclesBadge cycles={cycles} database={currentDatabase} />
         {principal ? (
-          <button className="ml-auto rounded-lg border border-line bg-white px-3 py-2 text-sm text-ink lg:ml-0" type="button" onClick={onLogout}>
+          <Button className="ml-auto rounded-2xl border-line bg-white text-ink shadow-[0_4px_10px_#14142b0a] hover:border-accent hover:bg-accent hover:text-white lg:ml-0" variant="outline" type="button" onClick={onLogout}>
             Logout
-          </button>
+          </Button>
         ) : (
-          <button
+          <Button
             className="ml-auto rounded-2xl border border-action bg-action px-3 py-2 text-sm font-bold text-white hover:-translate-y-[3px] hover:border-accent hover:bg-accent disabled:cursor-not-allowed disabled:translate-y-0 disabled:opacity-60 lg:ml-0"
             data-tid="header-login-button"
             disabled={!authReady}
@@ -1389,7 +1420,7 @@ function TopBar({
             onClick={onLogin}
           >
             Login
-          </button>
+          </Button>
         )}
       </div>
     </header>
@@ -1510,8 +1541,8 @@ function HeaderSearch({
   }
 
   return (
-    <form className="flex min-w-0 flex-1 basis-full items-center gap-1.5 rounded-xl border border-line bg-white px-2 py-1.5 text-sm sm:basis-[360px] sm:gap-2 lg:max-w-[720px]" onSubmit={submitSearch}>
-      <div className="flex shrink-0 rounded-lg border border-line bg-paper p-1 text-xs">
+    <form className="flex min-w-0 flex-1 basis-full items-center gap-1.5 rounded-[20px] border border-line bg-white px-2 py-1.5 text-sm shadow-[0_4px_10px_#14142b0a] sm:basis-[360px] sm:gap-2 lg:max-w-[560px]" onSubmit={submitSearch}>
+      <div className="flex shrink-0 rounded-2xl border border-line bg-paper p-1 text-xs">
         <SearchKindButton active={kind === "path"} label="Path" onClick={() => setDraft({ key: draftKey, text, kind: "path" })} />
         <SearchKindButton active={kind === "full"} label="Full text" onClick={() => setDraft({ key: draftKey, text, kind: "full" })} />
       </div>
@@ -1523,10 +1554,10 @@ function HeaderSearch({
         placeholder="Search wiki"
         aria-label="Search wiki"
       />
-      <button className="inline-flex shrink-0 items-center justify-center gap-1 rounded-2xl bg-action px-2.5 py-1.5 font-bold text-white hover:-translate-y-[3px] hover:bg-accent sm:px-3" type="submit">
+      <Button className="inline-flex shrink-0 items-center justify-center gap-1 rounded-2xl bg-action px-2.5 py-1.5 font-bold text-white hover:-translate-y-[3px] hover:bg-accent sm:px-3" type="submit">
         <Search size={15} aria-hidden />
         <span className="sr-only sm:not-sr-only">Search</span>
-      </button>
+      </Button>
     </form>
   );
 }
@@ -1535,7 +1566,7 @@ function SearchKindButton({ active, label, onClick }: { active: boolean; label:
   return (
     <button
       type="button"
-      className={`rounded-md px-2 py-1 ${active ? "bg-white text-accentText shadow-sm" : "text-muted hover:text-accentText"}`}
+      className={`rounded-xl px-2 py-1 ${active ? "bg-white text-accentText shadow-sm" : "text-muted hover:text-accentText"}`}
       onClick={onClick}
     >
       {label}
@@ -1555,13 +1586,13 @@ function ModeTabs({
   tab: ModeTab;
 }) {
   return (
-    <nav className="border-b border-line px-3 py-2" aria-label="Left sidebar mode">
-      <div className="grid grid-cols-3 gap-1 rounded-xl border border-line bg-white p-1 text-center text-xs">
+    <nav className="border-b border-line bg-white px-3 py-2" aria-label="Left sidebar mode">
+      <div className="grid grid-cols-3 gap-1 rounded-2xl border border-line bg-paper p-1 text-center text-xs">
         {SIDEBAR_TABS.map((value) => (
           <Link
             key={value}
             href={hrefForPath(canisterId, databaseId, selectedPath, undefined, value)}
-            className={`rounded-lg px-1.5 py-1.5 no-underline ${tab === value ? "bg-accent text-white" : "text-muted hover:bg-accentSoft hover:text-accentText"}`}
+            className={`rounded-xl px-1.5 py-1.5 no-underline ${tab === value ? "bg-accent text-white" : "text-muted hover:bg-white hover:text-accentText"}`}
           >
             {tabLabel(value)}
           </Link>
@@ -1667,33 +1698,36 @@ function validateCanisterText(canisterId: string): string | null {
 
 function parseWikiRoute(pathname: string): { databaseId: string | null; nodePath: string } {
   const segments = pathname.split("/").filter(Boolean);
-  if (!segments[0]) {
+  if (segments[0] !== "db" || !segments[1]) {
     return { databaseId: null, nodePath: "/Wiki" };
   }
   const path = segments
-    .slice(1)
+    .slice(2)
     .filter(Boolean)
     .map(decodePathSegment)
     .join("/");
   return {
-    databaseId: decodePathSegment(segments[0]),
+    databaseId: decodePathSegment(segments[1]),
     nodePath: path ? `/${path}` : "/Wiki",
   };
 }
 
 function isBrowserSearchPathname(canisterId: string, databaseId: string, pathname: string): boolean {
   void canisterId;
-  return pathname === `/${encodeURIComponent(databaseId)}/search`;
+  if (!databaseId) return false;
+  return pathname === `${databaseRouteBase(databaseId)}/search`;
 }
 
 function isBrowserGraphPathname(canisterId: string, databaseId: string, pathname: string): boolean {
   void canisterId;
-  return pathname === `/${encodeURIComponent(databaseId)}/graph`;
+  if (!databaseId) return false;
+  return pathname === `${databaseRouteBase(databaseId)}/graph`;
 }
 
 function isBrowserHelpPathname(canisterId: string, databaseId: string, pathname: string): boolean {
   void canisterId;
-  return pathname === `/${encodeURIComponent(databaseId)}/help`;
+  if (!databaseId) return false;
+  return pathname === `${databaseRouteBase(databaseId)}/help`;
 }
 
 function decodePathSegment(segment: string): string {
diff --git a/wikibrowser/e2e/ii-authenticated-read.spec.ts b/wikibrowser/e2e/ii-authenticated-read.spec.ts
index c2ee94fb..28dd31d1 100644
--- a/wikibrowser/e2e/ii-authenticated-read.spec.ts
+++ b/wikibrowser/e2e/ii-authenticated-read.spec.ts
@@ -27,7 +27,7 @@ testWithII("reads a private database after Internet Identity login", async ({ pa
 
   const principal = extractPrincipal(await page.locator("body").innerText());
   const databaseId = await seedPrivateDatabase(principal);
-  const privateHref = `/${encodeURIComponent(databaseId)}${E2E_PATH}`;
+  const privateHref = `/db/${encodeURIComponent(databaseId)}${E2E_PATH}`;
 
   const anonymousContext = await browser.newContext();
   const anonymousPage = await anonymousContext.newPage();
@@ -40,11 +40,11 @@ testWithII("reads a private database after Internet Identity login", async ({ pa
   await expect(page.getByRole("heading", { name: E2E_TITLE })).toBeVisible();
   await expect(page.getByText(E2E_TOKEN)).toBeVisible();
 
-  await page.goto(`/${encodeURIComponent(databaseId)}/search?q=${encodeURIComponent(E2E_TOKEN)}&kind=full`);
+  await page.goto(`/db/${encodeURIComponent(databaseId)}/search?q=${encodeURIComponent(E2E_TOKEN)}&kind=full`);
   await expect(page.getByText("principal has no access")).toHaveCount(0);
   await expect(page.getByText(E2E_TOKEN)).toBeVisible();
 
-  await page.goto(`/${encodeURIComponent(databaseId)}/graph?center=${encodeURIComponent(E2E_PATH)}&depth=1`);
+  await page.goto(`/db/${encodeURIComponent(databaseId)}/graph?center=${encodeURIComponent(E2E_PATH)}&depth=1`);
   await expect(page.getByText("principal has no access")).toHaveCount(0);
   await expect(page.getByText("Local link graph")).toBeVisible();
 });
diff --git a/wikibrowser/hooks/use-mobile.tsx b/wikibrowser/hooks/use-mobile.tsx
new file mode 100644
index 00000000..e5e760ec
--- /dev/null
+++ b/wikibrowser/hooks/use-mobile.tsx
@@ -0,0 +1,18 @@
+import * as React from "react"
+
+const MOBILE_BREAKPOINT = 768
+
+export function useIsMobile() {
+  const [isMobile, setIsMobile] = React.useState(() => typeof window !== "undefined" && window.innerWidth < MOBILE_BREAKPOINT)
+
+  React.useEffect(() => {
+    const mql = window.matchMedia(`(max-width: ${MOBILE_BREAKPOINT - 1}px)`)
+    const onChange = () => {
+      setIsMobile(window.innerWidth < MOBILE_BREAKPOINT)
+    }
+    mql.addEventListener("change", onChange)
+    return () => mql.removeEventListener("change", onChange)
+  }, [])
+
+  return isMobile
+}
diff --git a/wikibrowser/lib/auth.ts b/wikibrowser/lib/auth.ts
index 17b381f3..479de993 100644
--- a/wikibrowser/lib/auth.ts
+++ b/wikibrowser/lib/auth.ts
@@ -2,8 +2,11 @@ const HOURS_PER_DAY = BigInt(24);
 const NANOSECONDS_PER_HOUR = BigInt(3_600_000_000_000);
 const DELEGATION_DAYS = 29;
 const MILLISECONDS_PER_DAY = 24 * 60 * 60 * 1000;
+const DEFAULT_LOCAL_WIKI_IC_HOST = "http://127.0.0.1:8011";
+const CANISTER_ID_PATTERN = /^[a-z0-9-]+$/;
 
 export const DELEGATION_TTL_NS = BigInt(DELEGATION_DAYS) * HOURS_PER_DAY * NANOSECONDS_PER_HOUR;
+export const MAINNET_II_PROVIDER_URL = "https://id.ai";
 export const DERIVATION_ORIGIN = "https://xis3j-paaaa-aaaai-axumq-cai.icp0.io";
 export const AUTH_CLIENT_CREATE_OPTIONS = {
   idleOptions: {
@@ -12,21 +15,66 @@ export const AUTH_CLIENT_CREATE_OPTIONS = {
   }
 };
 
+type LocationLike = {
+  hostname: string;
+  origin: string;
+};
+
+function currentLocation(): LocationLike | null {
+  if (typeof window === "undefined") {
+    return null;
+  }
+  return window.location;
+}
+
+function isLocalHostname(hostname: string): boolean {
+  return hostname === "localhost" || hostname === "127.0.0.1" || hostname.endsWith(".localhost");
+}
+
+function localHttpUrl(value: string): URL | null {
+  let url: URL;
+  try {
+    url = new URL(value);
+  } catch {
+    return null;
+  }
+  if (url.protocol !== "http:" || !isLocalHostname(url.hostname)) {
+    return null;
+  }
+  return url;
+}
+
+function localIiE2eEnabled(): boolean {
+  return process.env.NEXT_PUBLIC_ENABLE_LOCAL_II_E2E === "1";
+}
+
 export function identityProviderUrl(): string {
-  if (process.env.NEXT_PUBLIC_II_PROVIDER_URL) {
+  if (localIiE2eEnabled() && process.env.NEXT_PUBLIC_II_PROVIDER_URL) {
     return process.env.NEXT_PUBLIC_II_PROVIDER_URL;
   }
-  const host = window.location.hostname;
-  if (host === "localhost" || host === "127.0.0.1" || host.endsWith(".localhost")) {
-    return "http://id.ai.localhost:8000";
+  return MAINNET_II_PROVIDER_URL;
+}
+
+export function derivationOriginUrl(locationLike: LocationLike | null = currentLocation()): string {
+  if (!localIiE2eEnabled() || !locationLike || !isLocalHostname(locationLike.hostname)) {
+    return DERIVATION_ORIGIN;
+  }
+  const canisterId = process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? "";
+  if (!CANISTER_ID_PATTERN.test(canisterId)) {
+    return DERIVATION_ORIGIN;
+  }
+  const wikiHost = process.env.NEXT_PUBLIC_WIKI_IC_HOST || DEFAULT_LOCAL_WIKI_IC_HOST;
+  const wikiUrl = localHttpUrl(wikiHost);
+  if (!wikiUrl) {
+    return DERIVATION_ORIGIN;
   }
-  return "https://id.ai";
+  return `http://${canisterId}.localhost:${wikiUrl.port || "80"}`;
 }
 
 export function authLoginOptions() {
   return {
     identityProvider: identityProviderUrl(),
-    derivationOrigin: DERIVATION_ORIGIN,
+    derivationOrigin: derivationOriginUrl(),
     maxTimeToLive: DELEGATION_TTL_NS
   };
 }
diff --git a/wikibrowser/lib/cycles-state.ts b/wikibrowser/lib/cycles-state.ts
index ffc456eb..6bc030a7 100644
--- a/wikibrowser/lib/cycles-state.ts
+++ b/wikibrowser/lib/cycles-state.ts
@@ -125,6 +125,7 @@ export function formatCycles(value: bigint): string {
 }
 
 function databaseStatusLabel(status: DatabaseSummary["status"]): string {
+  if (status === "active") return "Active";
   if (status === "restoring") return "Restoring";
   if (status === "archiving") return "Archiving";
   if (status === "archived") return "Archived";
diff --git a/wikibrowser/lib/cycles.ts b/wikibrowser/lib/cycles.ts
index 4b2ef5ab..30f86c26 100644
--- a/wikibrowser/lib/cycles.ts
+++ b/wikibrowser/lib/cycles.ts
@@ -10,6 +10,13 @@ export function kinicBaseUnitsPerToken(): bigint {
   return 10n ** BigInt(KINIC_DECIMALS);
 }
 
+export function cyclesForPaymentAmountE8s(amountE8s: bigint, cyclesPerKinic: bigint): bigint {
+  const cycles = (amountE8s * cyclesPerKinic) / kinicBaseUnitsPerToken();
+  if (cycles <= 0n) throw new Error("KINIC amount is too small for a cycles purchase");
+  if (cycles > MAX_CANISTER_I64) throw new Error("cycles purchase amount exceeds canister limit");
+  return cycles;
+}
+
 const MILLION = 1_000_000n;
 const BILLION = 1_000_000_000n;
 const TRILLION = 1_000_000_000_000n;
diff --git a/wikibrowser/lib/kinic-deposit.ts b/wikibrowser/lib/kinic-deposit.ts
new file mode 100644
index 00000000..64028229
--- /dev/null
+++ b/wikibrowser/lib/kinic-deposit.ts
@@ -0,0 +1,11 @@
+// Where: shared KINIC deposit input helpers.
+// What: parses decimal KINIC input into ledger e8s.
+// Why: header deposit modal and marketplace checks must enforce the same positive amount rule.
+export function parseDepositAmount(value: string): string | null {
+  const trimmed = value.trim();
+  if (!/^\d+(\.\d{0,8})?$/.test(trimmed)) return null;
+  const [whole, fraction = ""] = trimmed.split(".");
+  const e8s = `${whole}${fraction.padEnd(8, "0")}`.replace(/^0+(?=\d)/, "");
+  if (BigInt(e8s) <= 0n) return null;
+  return e8s;
+}
diff --git a/wikibrowser/lib/cycles-wallet.ts b/wikibrowser/lib/kinic-wallet.ts
similarity index 57%
rename from wikibrowser/lib/cycles-wallet.ts
rename to wikibrowser/lib/kinic-wallet.ts
index a208e05d..695868c2 100644
--- a/wikibrowser/lib/cycles-wallet.ts
+++ b/wikibrowser/lib/kinic-wallet.ts
@@ -1,15 +1,16 @@
 import { IcrcWallet } from "@dfinity/oisy-wallet-signer/icrc-wallet";
 import { base64ToUint8Array, uint8ArrayToBase64 } from "@dfinity/utils";
 import type { ApproveParams } from "@icp-sdk/canisters/ledger/icrc";
-import { Actor, AnonymousIdentity, Cbor, Certificate, HttpAgent, lookupResultToBuffer, requestIdOf } from "@icp-sdk/core/agent";
+import { Actor, AnonymousIdentity, Cbor, Certificate, HttpAgent, lookupResultToBuffer, requestIdOf, type Identity } from "@icp-sdk/core/agent";
 import { IDL } from "@icp-sdk/core/candid";
 import { Principal } from "@icp-sdk/core/principal";
-import { getCyclesBillingConfig, type DatabaseCyclesPurchaseRequest } from "@/lib/vfs-client";
+import { getCyclesBillingConfig, kinicDepositBalance, type DatabaseCyclesPurchaseRequest } from "@/lib/vfs-client";
 import { idlFactory } from "@/lib/vfs-idl";
-import { formatRawCycles, KINIC_LEDGER_FEE_E8S, MAX_CANISTER_I64, MAX_LEDGER_U64, kinicBaseUnitsPerToken } from "@/lib/cycles";
+import { cyclesForPaymentAmountE8s, formatRawCycles, KINIC_LEDGER_FEE_E8S, MAX_CANISTER_I64, MAX_LEDGER_U64 } from "@/lib/cycles";
 import { formatTokenAmountFromE8s } from "@/lib/kinic-amount";
 
 type WalletProvider = "oisy" | "plug";
+type KinicDepositProvider = WalletProvider | "ii";
 
 type CyclesPurchaseRequest = {
   canisterId: string;
@@ -28,7 +29,50 @@ type CyclesPurchaseResult = {
   balanceCycles: string | null;
 };
 
-export class CyclesPurchaseAfterApproveError extends Error {
+type KinicDepositRequest = {
+  canisterId: string;
+  amountE8s: bigint;
+};
+
+type KinicDepositResult = {
+  provider: KinicDepositProvider;
+  approveBlockIndex: string | null;
+  approvedAllowanceE8s: string;
+  amountE8s: string;
+  transferFeeE8s: string;
+  depositBlockIndex: string;
+  balanceE8s: string;
+};
+
+type MarketPurchaseRequest = {
+  canisterId: string;
+  listingId: string;
+  priceE8s: bigint;
+};
+
+type MarketPurchaseResult = {
+  provider: WalletProvider;
+  orderId: string;
+  listingId: string;
+  databaseId: string;
+  buyerPrincipal: string;
+  sellerPrincipal: string;
+  priceE8s: string;
+  listingRevision: string;
+  createdAtMs: string;
+};
+
+type KinicDepositCanisterRequest = {
+  amount_e8s: bigint;
+  expected_fee_e8s: bigint;
+};
+
+type MarketPurchaseCanisterRequest = {
+  listing_id: string;
+  price_e8s: bigint;
+};
+
+export class KinicAfterApproveError extends Error {
   approveBlockIndex: string | null;
   causeMessage: string;
 
@@ -37,18 +81,16 @@ export class CyclesPurchaseAfterApproveError extends Error {
       input.expiresAt === null
         ? "approval remains without expiry"
         : `approval remains until ${new Date(Number(input.expiresAt / 1_000_000n)).toISOString()}`;
-    super(`cycles purchase failed after approval; ${approvalText}: ${input.causeMessage}`);
-    this.name = "CyclesPurchaseAfterApproveError";
+    super(`KINIC canister call failed after approval; ${approvalText}: ${input.causeMessage}`);
+    this.name = "KinicAfterApproveError";
     this.approveBlockIndex = input.approveBlockIndex;
     this.causeMessage = input.causeMessage;
   }
 }
 
-type PreparedCyclesPurchase = {
+type PreparedKinicAllowance = {
   kinicLedgerCanisterId: string;
-  purchaseRequest: DatabaseCyclesPurchaseRequest;
   transferFeeE8s: bigint;
-  paymentAmountE8s: bigint;
   approvedAllowanceE8s: bigint;
   currentAllowance: LedgerAllowance;
   approvalExpiresAt: bigint | null;
@@ -56,6 +98,16 @@ type PreparedCyclesPurchase = {
   expiresAt: bigint;
 };
 
+type PreparedCyclesPurchase = PreparedKinicAllowance & {
+  purchaseRequest: DatabaseCyclesPurchaseRequest;
+  paymentAmountE8s: bigint;
+};
+
+type PreparedKinicDeposit = PreparedKinicAllowance & {
+  depositRequest: KinicDepositCanisterRequest;
+  amountE8s: bigint;
+};
+
 type IcrcCallCanisterRequestParams = {
   canisterId: string;
   sender: string;
@@ -85,6 +137,19 @@ type PlugWallet = {
 
 type PlugVfsActor = {
   purchase_database_cycles: (request: DatabaseCyclesPurchaseRequest) => Promise<{ Ok: { block_index: bigint; amount_cycles: bigint; balance_cycles: bigint } } | { Err: string }>;
+  kinic_deposit_balance: (request: KinicDepositCanisterRequest) => Promise<{ Ok: { block_index: bigint; amount_e8s: bigint; balance_e8s: bigint } } | { Err: string }>;
+  market_purchase_access: (request: MarketPurchaseCanisterRequest) => Promise<{ Ok: RawMarketOrder } | { Err: string }>;
+};
+
+type RawMarketOrder = {
+  order_id: string;
+  listing_id: string;
+  database_id: string;
+  buyer_principal: string;
+  seller_principal: string;
+  price_e8s: bigint;
+  listing_revision: bigint;
+  created_at_ms: bigint;
 };
 
 type LedgerActor = {
@@ -144,26 +209,26 @@ const CALL_TIMEOUT_MS = 120_000;
 const APPROVE_EXPIRES_IN_MS = 30 * 60 * 1000;
 type ActorInterfaceFactory = Parameters<typeof Actor.createActor>[0];
 
-type CyclesPurchaseIcrcWalletOptions = {
+type KinicIcrcWalletOptions = {
   origin: string;
   popup: Window;
   onDisconnect?: () => void;
   host?: string;
 };
 
-class CyclesPurchaseIcrcWallet extends IcrcWallet {
-  constructor(options: CyclesPurchaseIcrcWalletOptions) {
+class KinicIcrcWallet extends IcrcWallet {
+  constructor(options: KinicIcrcWalletOptions) {
     super(options);
   }
 
-  static override async connect({ onDisconnect, host, ...rest }: CyclesPurchaseWalletConnectOptions): Promise<CyclesPurchaseIcrcWallet> {
-    return CyclesPurchaseIcrcWallet.connectSigner({
+  static override async connect({ onDisconnect, host, ...rest }: CyclesPurchaseWalletConnectOptions): Promise<KinicIcrcWallet> {
+    return KinicIcrcWallet.connectSigner({
       options: rest,
-      init: (params) => new CyclesPurchaseIcrcWallet({ ...params, onDisconnect, host })
+      init: (params) => new KinicIcrcWallet({ ...params, onDisconnect, host })
     });
   }
 
-  async callCyclesPurchase(params: IcrcCallCanisterRequestParams): Promise<IcrcCallCanisterResult> {
+  async callCanister(params: IcrcCallCanisterRequestParams): Promise<IcrcCallCanisterResult> {
     return this.call({
       params,
       options: { timeoutInMilliseconds: CALL_TIMEOUT_MS }
@@ -171,14 +236,14 @@ class CyclesPurchaseIcrcWallet extends IcrcWallet {
   }
 }
 
-function openOisyWallet(): Promise<CyclesPurchaseIcrcWallet> {
-  return CyclesPurchaseIcrcWallet.connect({
+function openOisyWallet(): Promise<KinicIcrcWallet> {
+  return KinicIcrcWallet.connect({
     url: process.env.NEXT_PUBLIC_OISY_SIGNER_URL ?? DEFAULT_OISY_SIGNER_URL,
     host: process.env.NEXT_PUBLIC_WIKI_IC_HOST ?? "https://icp0.io"
   });
 }
 
-async function safeDisconnectOisyWallet(wallet: CyclesPurchaseIcrcWallet): Promise<void> {
+async function safeDisconnectOisyWallet(wallet: KinicIcrcWallet): Promise<void> {
   try {
     await wallet.disconnect();
   } catch {
@@ -235,7 +300,7 @@ export async function purchaseCyclesWithOisy(request: CyclesPurchaseRequest, con
       });
       approveBlockIndex = approvedBlockIndex.toString();
     }
-    const purchase = await purchaseAfterApprove(
+    const purchase = await callAfterApprove(
       () => oisyCallCyclesPurchase(wallet, connection.owner, request.canisterId, prepared.purchaseRequest),
       { approveBlockIndex, expiresAt: prepared.approvalExpiresAt }
     );
@@ -282,7 +347,7 @@ export async function purchaseCyclesWithPlug(request: CyclesPurchaseRequest, con
     canisterId: request.canisterId,
     interfaceFactory: idlFactory
   });
-  const purchase = await purchaseAfterApprove(async () => {
+  const purchase = await callAfterApprove(async () => {
     const result = await vfsActor.purchase_database_cycles(prepared.purchaseRequest);
     if ("Err" in result) throw new Error(result.Err);
     return result.Ok;
@@ -299,6 +364,155 @@ export async function purchaseCyclesWithPlug(request: CyclesPurchaseRequest, con
   };
 }
 
+export async function depositKinicBalanceWithOisy(request: KinicDepositRequest, connection: ConnectedOisyWallet): Promise<KinicDepositResult> {
+  const prepared = await prepareKinicDeposit(request, connection.owner);
+  const wallet = await openOisyWallet();
+  try {
+    const accounts = await wallet.accounts();
+    const account = accounts[0];
+    if (!account) throw new Error("OISY account not found");
+    if (account.owner !== connection.owner) throw new Error("OISY owner changed; connect OISY again");
+    let approveBlockIndex: string | null = null;
+    if (prepared.approvalRequired) {
+      const approvedBlockIndex = await wallet.approve({
+        owner: connection.owner,
+        ledgerCanisterId: prepared.kinicLedgerCanisterId,
+        params: approveParams(request.canisterId, prepared.approvedAllowanceE8s, prepared.currentAllowance.allowance, prepared.expiresAt),
+        options: { timeoutInMilliseconds: CALL_TIMEOUT_MS }
+      });
+      approveBlockIndex = approvedBlockIndex.toString();
+    }
+    const deposit = await callAfterApprove(
+      () => oisyCallKinicDeposit(wallet, connection.owner, request.canisterId, prepared.depositRequest),
+      { approveBlockIndex, expiresAt: prepared.approvalExpiresAt }
+    );
+    return {
+      provider: "oisy",
+      approveBlockIndex,
+      approvedAllowanceE8s: prepared.approvedAllowanceE8s.toString(),
+      amountE8s: prepared.amountE8s.toString(),
+      transferFeeE8s: prepared.transferFeeE8s.toString(),
+      depositBlockIndex: deposit.blockIndex,
+      balanceE8s: deposit.balanceE8s
+    };
+  } finally {
+    await safeDisconnectOisyWallet(wallet);
+  }
+}
+
+export async function depositKinicBalanceWithPlug(request: KinicDepositRequest, connection: ConnectedPlugWallet): Promise<KinicDepositResult> {
+  const prepared = await prepareKinicDeposit(request, connection.principal);
+  const plug = window.ic?.plug;
+  if (!plug) throw new Error("Plug wallet extension not found");
+  const connected = await plug.requestConnect({
+    whitelist: [request.canisterId, prepared.kinicLedgerCanisterId],
+    host: process.env.NEXT_PUBLIC_WIKI_IC_HOST ?? "https://icp0.io"
+  });
+  if (!connected) throw new Error("Plug connection rejected");
+  const principal = await plug.agent?.getPrincipal();
+  if (!principal) throw new Error("Plug principal is not available");
+  if (principal.toText() !== connection.principal) throw new Error("Plug principal changed; connect Plug again");
+  let approveBlockIndex: string | null = null;
+  if (prepared.approvalRequired) {
+    const ledgerActor = await plug.createActor<PlugLedgerActor>({
+      canisterId: prepared.kinicLedgerCanisterId,
+      interfaceFactory: ledgerIdlFactory
+    });
+    const approve = await ledgerActor.icrc2_approve(
+      rawApproveArgs(request.canisterId, prepared.approvedAllowanceE8s, prepared.currentAllowance.allowance, prepared.expiresAt)
+    );
+    if ("Err" in approve) throw new Error(`ledger approve failed: ${formatLedgerApproveError(approve.Err)}`);
+    approveBlockIndex = approve.Ok.toString();
+  }
+  const vfsActor = await plug.createActor<PlugVfsActor>({
+    canisterId: request.canisterId,
+    interfaceFactory: idlFactory
+  });
+  const deposit = await callAfterApprove(async () => {
+    const result = await vfsActor.kinic_deposit_balance(prepared.depositRequest);
+    if ("Err" in result) throw new Error(result.Err);
+    return result.Ok;
+  }, { approveBlockIndex, expiresAt: prepared.approvalExpiresAt });
+  return {
+    provider: "plug",
+    approveBlockIndex,
+    approvedAllowanceE8s: prepared.approvedAllowanceE8s.toString(),
+    amountE8s: prepared.amountE8s.toString(),
+    transferFeeE8s: prepared.transferFeeE8s.toString(),
+    depositBlockIndex: deposit.block_index.toString(),
+    balanceE8s: deposit.balance_e8s.toString()
+  };
+}
+
+export async function depositKinicBalanceWithIdentity(request: KinicDepositRequest, identity: Identity): Promise<KinicDepositResult> {
+  const owner = identity.getPrincipal().toText();
+  const prepared = await prepareKinicDeposit(request, owner);
+  const host = process.env.NEXT_PUBLIC_WIKI_IC_HOST ?? "https://icp0.io";
+  const agent = HttpAgent.createSync({ identity, host });
+  if (agent.isLocal()) await agent.fetchRootKey();
+  let approveBlockIndex: string | null = null;
+  if (prepared.approvalRequired) {
+    const ledgerActor = Actor.createActor<LedgerActor>(ledgerIdlFactory, {
+      agent,
+      canisterId: Principal.fromText(prepared.kinicLedgerCanisterId)
+    });
+    const approve = await ledgerActor.icrc2_approve(
+      rawApproveArgs(request.canisterId, prepared.approvedAllowanceE8s, prepared.currentAllowance.allowance, prepared.expiresAt)
+    );
+    if ("Err" in approve) throw new Error(`ledger approve failed: ${formatLedgerApproveError(approve.Err)}`);
+    approveBlockIndex = approve.Ok.toString();
+  }
+  const deposit = await callAfterApprove(
+    () => kinicDepositBalance(request.canisterId, identity, prepared.amountE8s.toString(), prepared.transferFeeE8s.toString()),
+    { approveBlockIndex, expiresAt: prepared.approvalExpiresAt }
+  );
+  return {
+    provider: "ii",
+    approveBlockIndex,
+    approvedAllowanceE8s: prepared.approvedAllowanceE8s.toString(),
+    amountE8s: prepared.amountE8s.toString(),
+    transferFeeE8s: prepared.transferFeeE8s.toString(),
+    depositBlockIndex: deposit.blockIndex,
+    balanceE8s: deposit.balanceE8s
+  };
+}
+
+export async function purchaseMarketAccessWithOisy(request: MarketPurchaseRequest, connection: ConnectedOisyWallet): Promise<MarketPurchaseResult> {
+  assertConfiguredCyclesCanister(request.canisterId);
+  const wallet = await openOisyWallet();
+  try {
+    const accounts = await wallet.accounts();
+    const account = accounts[0];
+    if (!account) throw new Error("OISY account not found");
+    if (account.owner !== connection.owner) throw new Error("OISY owner changed; connect OISY again");
+    const order = await oisyCallMarketPurchase(wallet, connection.owner, request.canisterId, rawMarketPurchaseRequest(request));
+    return normalizeMarketOrder(order, "oisy");
+  } finally {
+    await safeDisconnectOisyWallet(wallet);
+  }
+}
+
+export async function purchaseMarketAccessWithPlug(request: MarketPurchaseRequest, connection: ConnectedPlugWallet): Promise<MarketPurchaseResult> {
+  assertConfiguredCyclesCanister(request.canisterId);
+  const plug = window.ic?.plug;
+  if (!plug) throw new Error("Plug wallet extension not found");
+  const connected = await plug.requestConnect({
+    whitelist: [request.canisterId],
+    host: process.env.NEXT_PUBLIC_WIKI_IC_HOST ?? "https://icp0.io"
+  });
+  if (!connected) throw new Error("Plug connection rejected");
+  const principal = await plug.agent?.getPrincipal();
+  if (!principal) throw new Error("Plug principal is not available");
+  if (principal.toText() !== connection.principal) throw new Error("Plug principal changed; connect Plug again");
+  const vfsActor = await plug.createActor<PlugVfsActor>({
+    canisterId: request.canisterId,
+    interfaceFactory: idlFactory
+  });
+  const result = await vfsActor.market_purchase_access(rawMarketPurchaseRequest(request));
+  if ("Err" in result) throw new Error(result.Err);
+  return normalizeMarketOrder(result.Ok, "plug");
+}
+
 function approveParams(canisterId: string, allowanceE8s: bigint, expectedAllowanceE8s: bigint, expiresAt: bigint): ApproveParams {
   return {
     spender: { owner: Principal.fromText(canisterId), subaccount: [] },
@@ -323,25 +537,45 @@ function rawApproveArgs(canisterId: string, allowanceE8s: bigint, expectedAllowa
 }
 
 async function prepareCyclesPurchase(request: CyclesPurchaseRequest, payer: string): Promise<PreparedCyclesPurchase> {
-  assertConfiguredCyclesCanister(request.canisterId);
-  const config = await getCyclesBillingConfig(request.canisterId);
-  const transferFeeE8s = KINIC_LEDGER_FEE_E8S;
   const paymentAmountE8s = request.paymentAmountE8s;
-  assertCanisterPaymentAmountE8s(paymentAmountE8s);
+  const allowance = await prepareKinicAllowance(request.canisterId, payer, paymentAmountE8s);
+  const config = await getCyclesBillingConfig(request.canisterId);
   const minExpectedCycles = cyclesForPaymentAmountE8s(paymentAmountE8s, BigInt(config.cyclesPerKinic));
-  const approvedAllowanceE8s = allowanceForCyclesPurchase(paymentAmountE8s, transferFeeE8s);
-  const expiresAt = approveExpiresAt();
-  const currentAllowance = await getLedgerAllowance(config.kinicLedgerCanisterId, payer, request.canisterId);
-  const approvalRequired = !allowanceIsUsable(currentAllowance, approvedAllowanceE8s, nowNs());
   return {
-    kinicLedgerCanisterId: config.kinicLedgerCanisterId,
+    ...allowance,
     purchaseRequest: {
       database_id: request.databaseId,
       payment_amount_e8s: paymentAmountE8s,
       min_expected_cycles: minExpectedCycles,
     },
+    paymentAmountE8s
+  };
+}
+
+async function prepareKinicDeposit(request: KinicDepositRequest, payer: string): Promise<PreparedKinicDeposit> {
+  const allowance = await prepareKinicAllowance(request.canisterId, payer, request.amountE8s);
+  return {
+    ...allowance,
+    depositRequest: {
+      amount_e8s: request.amountE8s,
+      expected_fee_e8s: allowance.transferFeeE8s
+    },
+    amountE8s: request.amountE8s
+  };
+}
+
+async function prepareKinicAllowance(canisterId: string, payer: string, amountE8s: bigint): Promise<PreparedKinicAllowance> {
+  assertConfiguredCyclesCanister(canisterId);
+  assertCanisterPaymentAmountE8s(amountE8s);
+  const config = await getCyclesBillingConfig(canisterId);
+  const transferFeeE8s = KINIC_LEDGER_FEE_E8S;
+  const approvedAllowanceE8s = allowanceForKinicTransfer(amountE8s, transferFeeE8s);
+  const expiresAt = approveExpiresAt();
+  const currentAllowance = await getLedgerAllowance(config.kinicLedgerCanisterId, payer, canisterId);
+  const approvalRequired = !allowanceIsUsable(currentAllowance, approvedAllowanceE8s, nowNs());
+  return {
+    kinicLedgerCanisterId: config.kinicLedgerCanisterId,
     transferFeeE8s,
-    paymentAmountE8s,
     approvedAllowanceE8s,
     currentAllowance,
     approvalExpiresAt: approvalRequired ? expiresAt : allowanceExpiresAt(currentAllowance),
@@ -350,19 +584,12 @@ async function prepareCyclesPurchase(request: CyclesPurchaseRequest, payer: stri
   };
 }
 
-function allowanceForCyclesPurchase(amountE8s: bigint, transferFeeE8s: bigint): bigint {
+function allowanceForKinicTransfer(amountE8s: bigint, transferFeeE8s: bigint): bigint {
   const allowance = amountE8s + transferFeeE8s;
   if (allowance > MAX_LEDGER_U64) throw new Error("approved allowance exceeds u64::MAX");
   return allowance;
 }
 
-function cyclesForPaymentAmountE8s(amountE8s: bigint, cyclesPerKinic: bigint): bigint {
-  const cycles = (amountE8s * cyclesPerKinic) / kinicBaseUnitsPerToken();
-  if (cycles <= 0n) throw new Error("KINIC amount is too small for a cycles purchase");
-  if (cycles > MAX_CANISTER_I64) throw new Error("cycles purchase amount exceeds canister limit");
-  return cycles;
-}
-
 function assertCanisterPaymentAmountE8s(amountE8s: bigint): void {
   if (amountE8s <= 0n) throw new Error("KINIC amount must be positive");
   if (amountE8s > MAX_CANISTER_I64) throw new Error("KINIC amount e8s exceeds canister limit");
@@ -432,13 +659,13 @@ function connectedWalletPrincipal(wallet: ConnectedKinicWallet): string {
 }
 
 async function oisyCallCyclesPurchase(
-  wallet: CyclesPurchaseIcrcWallet,
+  wallet: KinicIcrcWallet,
   owner: string,
   canisterId: string,
   request: DatabaseCyclesPurchaseRequest
 ): Promise<{ blockIndex: string; amountCycles: string; balanceCycles: string }> {
   const arg = encodeCyclesPurchaseArgs(request);
-  const result = await wallet.callCyclesPurchase({
+  const result = await wallet.callCanister({
     canisterId,
     sender: owner,
     method: "purchase_database_cycles",
@@ -453,11 +680,55 @@ async function oisyCallCyclesPurchase(
   });
 }
 
-async function purchaseAfterApprove<T>(run: () => Promise<T>, context: { approveBlockIndex: string | null; expiresAt: bigint | null }): Promise<T> {
+async function oisyCallKinicDeposit(
+  wallet: KinicIcrcWallet,
+  owner: string,
+  canisterId: string,
+  request: KinicDepositCanisterRequest
+): Promise<{ blockIndex: string; amountE8s: string; balanceE8s: string }> {
+  const arg = encodeKinicDepositArgs(request);
+  const result = await wallet.callCanister({
+    canisterId,
+    sender: owner,
+    method: "kinic_deposit_balance",
+    arg
+  });
+  return decodeOisyKinicDepositResult({
+    canisterId,
+    sender: owner,
+    method: "kinic_deposit_balance",
+    arg,
+    result
+  });
+}
+
+async function oisyCallMarketPurchase(
+  wallet: KinicIcrcWallet,
+  owner: string,
+  canisterId: string,
+  request: MarketPurchaseCanisterRequest
+): Promise<RawMarketOrder> {
+  const arg = encodeMarketPurchaseArgs(request);
+  const result = await wallet.callCanister({
+    canisterId,
+    sender: owner,
+    method: "market_purchase_access",
+    arg
+  });
+  return decodeOisyMarketPurchaseResult({
+    canisterId,
+    sender: owner,
+    method: "market_purchase_access",
+    arg,
+    result
+  });
+}
+
+async function callAfterApprove<T>(run: () => Promise<T>, context: { approveBlockIndex: string | null; expiresAt: bigint | null }): Promise<T> {
   try {
     return await run();
   } catch (cause) {
-    throw new CyclesPurchaseAfterApproveError({
+    throw new KinicAfterApproveError({
       approveBlockIndex: context.approveBlockIndex,
       causeMessage: errorMessage(cause),
       expiresAt: context.expiresAt
@@ -483,6 +754,22 @@ function encodeCyclesPurchaseArgs(request: DatabaseCyclesPurchaseRequest): strin
   return uint8ArrayToBase64(IDL.encode([PurchaseRequest], [request]));
 }
 
+function encodeKinicDepositArgs(request: KinicDepositCanisterRequest): string {
+  const DepositRequest = IDL.Record({
+    amount_e8s: IDL.Nat64,
+    expected_fee_e8s: IDL.Nat64
+  });
+  return uint8ArrayToBase64(IDL.encode([DepositRequest], [request]));
+}
+
+function encodeMarketPurchaseArgs(request: MarketPurchaseCanisterRequest): string {
+  const PurchaseRequest = IDL.Record({
+    listing_id: IDL.Text,
+    price_e8s: IDL.Nat64
+  });
+  return uint8ArrayToBase64(IDL.encode([PurchaseRequest], [request]));
+}
+
 async function decodeOisyCyclesPurchaseResult({
   canisterId,
   sender,
@@ -496,6 +783,57 @@ async function decodeOisyCyclesPurchaseResult({
   arg: string;
   result: IcrcCallCanisterResult;
 }): Promise<{ blockIndex: string; amountCycles: string; balanceCycles: string }> {
+  const reply = await decodeOisyCanisterReply({ canisterId, sender, method, arg, result });
+  return decodePurchaseResult(reply);
+}
+
+async function decodeOisyKinicDepositResult({
+  canisterId,
+  sender,
+  method,
+  arg,
+  result
+}: {
+  canisterId: string;
+  sender: string;
+  method: string;
+  arg: string;
+  result: IcrcCallCanisterResult;
+}): Promise<{ blockIndex: string; amountE8s: string; balanceE8s: string }> {
+  const reply = await decodeOisyCanisterReply({ canisterId, sender, method, arg, result });
+  return decodeKinicDepositResult(reply);
+}
+
+async function decodeOisyMarketPurchaseResult({
+  canisterId,
+  sender,
+  method,
+  arg,
+  result
+}: {
+  canisterId: string;
+  sender: string;
+  method: string;
+  arg: string;
+  result: IcrcCallCanisterResult;
+}): Promise<RawMarketOrder> {
+  const reply = await decodeOisyCanisterReply({ canisterId, sender, method, arg, result });
+  return decodeMarketPurchaseResult(reply);
+}
+
+async function decodeOisyCanisterReply({
+  canisterId,
+  sender,
+  method,
+  arg,
+  result
+}: {
+  canisterId: string;
+  sender: string;
+  method: string;
+  arg: string;
+  result: IcrcCallCanisterResult;
+}): Promise<Uint8Array> {
   const contentMap = Cbor.decode<Record<string, unknown>>(base64ToUint8Array(result.contentMap));
   const responseMethod = contentMap.method_name;
   if (typeof responseMethod !== "string" || responseMethod !== method) throw new Error("wallet response method mismatch");
@@ -521,7 +859,7 @@ async function decodeOisyCyclesPurchaseResult({
   });
   const reply = lookupResultToBuffer(certificate.lookup_path([new TextEncoder().encode("request_status"), requestId, "reply"]));
   if (!reply) throw new Error("wallet response reply unavailable");
-  return decodePurchaseResult(reply);
+  return reply;
 }
 
 function decodePurchaseResult(reply: Uint8Array): { blockIndex: string; amountCycles: string; balanceCycles: string } {
@@ -553,6 +891,85 @@ function purchaseResultType() {
   });
 }
 
+function decodeKinicDepositResult(reply: Uint8Array): { blockIndex: string; amountE8s: string; balanceE8s: string } {
+  const [decoded] = IDL.decode([kinicDepositResultType()], reply);
+  if (!isObject(decoded)) throw new Error("wallet response result mismatch");
+  if (hasOwn(decoded, "Err")) {
+    const error = Reflect.get(decoded, "Err");
+    throw new Error(typeof error === "string" ? error : "KINIC deposit failed");
+  }
+  const ok = Reflect.get(decoded, "Ok");
+  if (!isObject(ok)) throw new Error("wallet response result mismatch");
+  const blockIndex = Reflect.get(ok, "block_index");
+  const amountE8s = Reflect.get(ok, "amount_e8s");
+  const balanceE8s = Reflect.get(ok, "balance_e8s");
+  if (typeof blockIndex !== "bigint" || typeof amountE8s !== "bigint" || typeof balanceE8s !== "bigint") {
+    throw new Error("wallet response result mismatch");
+  }
+  return {
+    blockIndex: blockIndex.toString(),
+    amountE8s: amountE8s.toString(),
+    balanceE8s: balanceE8s.toString()
+  };
+}
+
+function kinicDepositResultType() {
+  return IDL.Variant({
+    Ok: IDL.Record({ block_index: IDL.Nat64, amount_e8s: IDL.Nat64, balance_e8s: IDL.Nat64 }),
+    Err: IDL.Text
+  });
+}
+
+function decodeMarketPurchaseResult(reply: Uint8Array): RawMarketOrder {
+  const [decoded] = IDL.decode([marketPurchaseResultType()], reply);
+  if (!isObject(decoded)) throw new Error("wallet response result mismatch");
+  if (hasOwn(decoded, "Err")) {
+    const error = Reflect.get(decoded, "Err");
+    throw new Error(typeof error === "string" ? error : "market purchase failed");
+  }
+  const ok = Reflect.get(decoded, "Ok");
+  if (!isRawMarketOrder(ok)) throw new Error("wallet response result mismatch");
+  return ok;
+}
+
+function marketPurchaseResultType() {
+  const MarketOrder = IDL.Record({
+    order_id: IDL.Text,
+    listing_id: IDL.Text,
+    database_id: IDL.Text,
+    buyer_principal: IDL.Text,
+    seller_principal: IDL.Text,
+    price_e8s: IDL.Nat64,
+    listing_revision: IDL.Nat64,
+    created_at_ms: IDL.Int64
+  });
+  return IDL.Variant({
+    Ok: MarketOrder,
+    Err: IDL.Text
+  });
+}
+
+function rawMarketPurchaseRequest(request: MarketPurchaseRequest): MarketPurchaseCanisterRequest {
+  return {
+    listing_id: request.listingId,
+    price_e8s: request.priceE8s
+  };
+}
+
+function normalizeMarketOrder(raw: RawMarketOrder, provider: WalletProvider): MarketPurchaseResult {
+  return {
+    provider,
+    orderId: raw.order_id,
+    listingId: raw.listing_id,
+    databaseId: raw.database_id,
+    buyerPrincipal: raw.buyer_principal,
+    sellerPrincipal: raw.seller_principal,
+    priceE8s: raw.price_e8s.toString(),
+    listingRevision: raw.listing_revision.toString(),
+    createdAtMs: raw.created_at_ms.toString()
+  };
+}
+
 function formatLedgerApproveError(error: unknown): string {
   const known = formatKnownLedgerApproveError(error);
   return known ?? safeJsonWithBigInts(error);
@@ -631,6 +1048,20 @@ function hasOwn(value: object, key: PropertyKey): boolean {
   return Object.prototype.hasOwnProperty.call(value, key);
 }
 
+function isRawMarketOrder(value: unknown): value is RawMarketOrder {
+  if (!isObject(value)) return false;
+  return (
+    typeof Reflect.get(value, "order_id") === "string" &&
+    typeof Reflect.get(value, "listing_id") === "string" &&
+    typeof Reflect.get(value, "database_id") === "string" &&
+    typeof Reflect.get(value, "buyer_principal") === "string" &&
+    typeof Reflect.get(value, "seller_principal") === "string" &&
+    typeof Reflect.get(value, "price_e8s") === "bigint" &&
+    typeof Reflect.get(value, "listing_revision") === "bigint" &&
+    typeof Reflect.get(value, "created_at_ms") === "bigint"
+  );
+}
+
 function sameBytes(left: Uint8Array, right: Uint8Array): boolean {
   return left.length === right.length && left.every((byte, index) => byte === right[index]);
 }
diff --git a/wikibrowser/lib/marketplace-routes.ts b/wikibrowser/lib/marketplace-routes.ts
new file mode 100644
index 00000000..da49e5fd
--- /dev/null
+++ b/wikibrowser/lib/marketplace-routes.ts
@@ -0,0 +1,7 @@
+// Where: wikibrowser/lib/marketplace-routes.ts
+// What: builds marketplace detail routes from public canister listing IDs.
+// Why: marketplace listing IDs are canonical across canister APIs and URLs.
+
+export function marketListingPath(listingId: string): string {
+  return `/marketplace/${listingId}`;
+}
diff --git a/wikibrowser/lib/paths.ts b/wikibrowser/lib/paths.ts
index fb3fead0..4a48361e 100644
--- a/wikibrowser/lib/paths.ts
+++ b/wikibrowser/lib/paths.ts
@@ -1,3 +1,5 @@
+import { databaseRouteBase } from "./share-links";
+
 export function pathFromSegments(segments: string[]): string {
   if (segments.length === 0) {
     return "/Wiki";
@@ -35,7 +37,7 @@ export function hrefForPath(
     params.set("kind", searchKind);
   }
   const queryString = params.size > 0 ? `?${params.toString()}` : "";
-  return `/${encodeURIComponent(databaseId)}/${suffix}${queryString}`;
+  return `${databaseRouteBase(databaseId)}/${suffix}${queryString}`;
 }
 
 export function hrefForSearch(canisterId: string, databaseId: string, searchQuery: string, searchKind: string): string {
@@ -48,7 +50,7 @@ export function hrefForSearch(canisterId: string, databaseId: string, searchQuer
     params.set("kind", searchKind);
   }
   const queryString = params.size > 0 ? `?${params.toString()}` : "";
-  return `/${encodeURIComponent(databaseId)}/search${queryString}`;
+  return `${databaseRouteBase(databaseId)}/search${queryString}`;
 }
 
 export function hrefForGraph(canisterId: string, databaseId: string, centerPath?: string | null, depth?: number): string {
@@ -61,14 +63,14 @@ export function hrefForGraph(canisterId: string, databaseId: string, centerPath?
     params.set("depth", String(depth));
   }
   const queryString = params.size > 0 ? `?${params.toString()}` : "";
-  return `/${encodeURIComponent(databaseId)}/graph${queryString}`;
+  return `${databaseRouteBase(databaseId)}/graph${queryString}`;
 }
 
 export function hrefForHelp(canisterId: string, databaseId: string): string {
   void canisterId;
   const params = new URLSearchParams();
   const queryString = params.size > 0 ? `?${params.toString()}` : "";
-  return `/${encodeURIComponent(databaseId)}/help${queryString}`;
+  return `${databaseRouteBase(databaseId)}/help${queryString}`;
 }
 
 export function hrefForDatabaseSwitch(
diff --git a/wikibrowser/lib/share-links.ts b/wikibrowser/lib/share-links.ts
index 6acb01ff..a0e9b00c 100644
--- a/wikibrowser/lib/share-links.ts
+++ b/wikibrowser/lib/share-links.ts
@@ -1,22 +1,23 @@
 // Where: shared browser link helpers.
 // What: Build public database URLs and X share intents.
-// Why: Keep share links encoded consistently and avoid static route collisions.
+// Why: Keep database ids under /db so app routes never compete with database slugs.
 
 const X_TWEET_INTENT_URL = "https://twitter.com/intent/tweet";
 const PUBLIC_WIKI_ORIGIN = "https://wiki.kinic.xyz";
-const RESERVED_DATABASE_ROUTE_SLUGS = new Set(["_next", "api", "cli", "dashboard", "skills"]);
-
-export function isReservedDatabaseRouteSlug(databaseId: string): boolean {
-  return RESERVED_DATABASE_ROUTE_SLUGS.has(databaseId.trim().toLowerCase());
-}
+const PUBLIC_DATABASE_ROUTE_PREFIX = "/db";
 
 export function isRoutableDatabaseId(databaseId: string): boolean {
-  return databaseId.trim().length > 0 && !isReservedDatabaseRouteSlug(databaseId);
+  return databaseId.trim().length > 0;
 }
 
 export function publicDatabasePath(databaseId: string): string {
   assertPublicDatabaseId(databaseId);
-  return `/${encodeURIComponent(databaseId)}/Wiki`;
+  return `${databaseRouteBase(databaseId)}/Wiki`;
+}
+
+export function databaseRouteBase(databaseId: string): string {
+  assertPublicDatabaseId(databaseId);
+  return `${PUBLIC_DATABASE_ROUTE_PREFIX}/${encodeURIComponent(databaseId)}`;
 }
 
 export function publicDatabaseUrl(databaseId: string, origin = PUBLIC_WIKI_ORIGIN): string {
@@ -40,6 +41,6 @@ export function xShareDatabaseHref({
 
 function assertPublicDatabaseId(databaseId: string): void {
   if (!isRoutableDatabaseId(databaseId)) {
-    throw new Error(`reserved database route slug: ${databaseId}`);
+    throw new Error(`invalid database id: ${databaseId}`);
   }
 }
diff --git a/wikibrowser/lib/types.ts b/wikibrowser/lib/types.ts
index 0bafd825..9cec7362 100644
--- a/wikibrowser/lib/types.ts
+++ b/wikibrowser/lib/types.ts
@@ -173,6 +173,166 @@ export type DatabaseCyclesPendingPurchase = {
   requiredAction: string;
 };
 
+export type KinicBalance = {
+  balanceE8s: string;
+};
+
+export type KinicPendingOperation = {
+  operationId: string;
+  kind: string;
+  caller: string;
+  status: string;
+  amountE8s: string;
+  ledgerBlockIndex: string | null;
+  createdAtMs: string;
+  requiredAction: string;
+};
+
+export type KinicPendingOperationsPage = {
+  operations: KinicPendingOperation[];
+  nextCursorOperationId: string | null;
+};
+
+export type MarketListingStatus = "Draft" | "Active" | "Paused";
+
+export type MarketListing = {
+  listingId: string;
+  sellerPrincipal: string;
+  databaseId: string;
+  title: string;
+  description: string;
+  llmSummary: string | null;
+  summarySnapshotRevision: string | null;
+  sampleExcerptsJson: string;
+  tagsJson: string;
+  priceE8s: string;
+  status: MarketListingStatus;
+  revision: string;
+  purchaseCount: string;
+  reportCount: string;
+  createdAtMs: string;
+  updatedAtMs: string;
+};
+
+export type MarketListingVerifiedStats = {
+  totalNodes: string;
+  wikiNodes: string;
+  sourceNodes: string;
+  folderNodes: string;
+  markdownChars: string;
+  sourceChars: string;
+  linkEdges: string;
+  logicalSizeBytes: string;
+  lastContentUpdatedAtMs: string | null;
+};
+
+export type MarketPreviewExcerpt = {
+  path: string;
+  etag: string;
+  excerpt: string;
+};
+
+export type MarketCategoryGraphNode = {
+  category: string;
+  nodeCount: string;
+};
+
+export type MarketCategoryGraphEdge = {
+  sourceCategory: string;
+  targetCategory: string;
+  linkCount: string;
+};
+
+export type MarketCategoryGraph = {
+  nodes: MarketCategoryGraphNode[];
+  edges: MarketCategoryGraphEdge[];
+};
+
+export type MarketListingPreview = {
+  topLevelPaths: string[];
+  excerpts: MarketPreviewExcerpt[];
+  categoryGraph: MarketCategoryGraph;
+  previewStale: boolean;
+};
+
+export type MarketListingDetail = {
+  listing: MarketListing;
+  verifiedStats: MarketListingVerifiedStats;
+  preview: MarketListingPreview;
+};
+
+export type MarketListingPage = {
+  listings: MarketListing[];
+  nextCursor: string | null;
+};
+
+export type MarketCreateListingRequest = {
+  databaseId: string;
+  title: string;
+  description: string;
+  llmSummary: string | null;
+  summarySnapshotRevision: string | null;
+  sampleExcerptsJson: string;
+  tagsJson: string;
+  priceE8s: string;
+};
+
+export type MarketUpdateListingRequest = Omit<MarketCreateListingRequest, "databaseId"> & {
+  listingId: string;
+  expectedRevision: string;
+};
+
+export type KinicDepositResult = {
+  blockIndex: string;
+  amountE8s: string;
+  balanceE8s: string;
+};
+
+export type KinicFundDatabaseCyclesResult = {
+  paymentAmountE8s: string;
+  amountCycles: string;
+  databaseBalanceCycles: string;
+  kinicBalanceE8s: string;
+};
+
+export type MarketPurchasePreview = {
+  listingId: string;
+  databaseId: string;
+  priceE8s: string;
+  buyerBalanceE8s: string;
+  alreadyEntitled: boolean;
+};
+
+export type MarketOrder = {
+  orderId: string;
+  listingId: string;
+  databaseId: string;
+  buyerPrincipal: string;
+  sellerPrincipal: string;
+  priceE8s: string;
+  listingRevision: string;
+  createdAtMs: string;
+};
+
+export type MarketOrderPage = {
+  orders: MarketOrder[];
+  nextCursor: string | null;
+};
+
+export type MarketEntitlement = {
+  databaseId: string;
+  buyerPrincipal: string;
+  listingId: string;
+  orderId: string;
+  purchasedAtMs: string;
+  status: string;
+};
+
+export type MarketEntitlementPage = {
+  entitlements: MarketEntitlement[];
+  nextCursor: string | null;
+};
+
 export type DatabaseMember = {
   databaseId: string;
   principal: string;
diff --git a/wikibrowser/lib/utils.ts b/wikibrowser/lib/utils.ts
new file mode 100644
index 00000000..a5ef1935
--- /dev/null
+++ b/wikibrowser/lib/utils.ts
@@ -0,0 +1,6 @@
+import { clsx, type ClassValue } from "clsx";
+import { twMerge } from "tailwind-merge";
+
+export function cn(...inputs: ClassValue[]) {
+  return twMerge(clsx(inputs));
+}
diff --git a/wikibrowser/lib/vfs-client.ts b/wikibrowser/lib/vfs-client.ts
index c14cc725..3e8284fc 100644
--- a/wikibrowser/lib/vfs-client.ts
+++ b/wikibrowser/lib/vfs-client.ts
@@ -19,6 +19,21 @@ import type {
   DatabaseStatus,
   DatabaseSummary,
   LinkEdge,
+  KinicBalance,
+  KinicFundDatabaseCyclesResult,
+  KinicPendingOperation,
+  KinicPendingOperationsPage,
+  MarketCreateListingRequest,
+  KinicDepositResult,
+  MarketEntitlementPage,
+  MarketListing,
+  MarketListingDetail,
+  MarketListingPage,
+  MarketListingStatus,
+  MarketOrder,
+  MarketOrderPage,
+  MarketPurchasePreview,
+  MarketUpdateListingRequest,
   MkdirNodeRequest,
   MkdirNodeResult,
   MoveNodeRequest,
@@ -115,6 +130,187 @@ type RawDatabaseCyclesPendingPurchase = {
   required_action: string;
 };
 
+type RawKinicBalance = {
+  balance_e8s: bigint;
+};
+
+type RawKinicPendingOperation = {
+  operation_id: bigint;
+  kind: string;
+  caller: string;
+  status: string;
+  amount_e8s: bigint;
+  ledger_block_index: [] | [bigint];
+  created_at_ms: bigint;
+  required_action: string;
+};
+
+type RawKinicPendingOperationsPageRequest = {
+  cursor_operation_id: [] | [bigint];
+  limit: number;
+};
+
+type RawKinicPendingOperationsPage = {
+  operations: RawKinicPendingOperation[];
+  next_cursor_operation_id: [] | [bigint];
+};
+
+type RawMarketListingStatus = Variant;
+
+type RawMarketListing = {
+  listing_id: string;
+  seller_principal: string;
+  database_id: string;
+  title: string;
+  description: string;
+  llm_summary: [] | [string];
+  summary_snapshot_revision: [] | [string];
+  sample_excerpts_json: string;
+  tags_json: string;
+  price_e8s: bigint;
+  status: RawMarketListingStatus;
+  revision: bigint;
+  purchase_count: bigint;
+  report_count: bigint;
+  created_at_ms: bigint;
+  updated_at_ms: bigint;
+};
+
+type RawMarketListingVerifiedStats = {
+  total_nodes: bigint;
+  wiki_nodes: bigint;
+  source_nodes: bigint;
+  folder_nodes: bigint;
+  markdown_chars: bigint;
+  source_chars: bigint;
+  link_edges: bigint;
+  logical_size_bytes: bigint;
+  last_content_updated_at_ms: [] | [bigint];
+};
+
+type RawMarketPreviewExcerpt = {
+  path: string;
+  etag: string;
+  excerpt: string;
+};
+
+type RawMarketCategoryGraphNode = {
+  category: string;
+  node_count: bigint;
+};
+
+type RawMarketCategoryGraphEdge = {
+  source_category: string;
+  target_category: string;
+  link_count: bigint;
+};
+
+type RawMarketCategoryGraph = {
+  nodes: RawMarketCategoryGraphNode[];
+  edges: RawMarketCategoryGraphEdge[];
+};
+
+type RawMarketListingPreview = {
+  top_level_paths: string[];
+  excerpts: RawMarketPreviewExcerpt[];
+  category_graph: RawMarketCategoryGraph;
+  preview_stale: boolean;
+};
+
+type RawMarketListingDetail = {
+  listing: RawMarketListing;
+  verified_stats: RawMarketListingVerifiedStats;
+  preview: RawMarketListingPreview;
+};
+
+type RawMarketListingPage = {
+  listings: RawMarketListing[];
+  next_cursor: [] | [string];
+};
+
+type RawMarketCreateListingRequest = {
+  database_id: string;
+  title: string;
+  description: string;
+  llm_summary: [] | [string];
+  summary_snapshot_revision: [] | [string];
+  sample_excerpts_json: string;
+  tags_json: string;
+  price_e8s: bigint;
+};
+
+type RawMarketUpdateListingRequest = Omit<RawMarketCreateListingRequest, "database_id"> & {
+  listing_id: string;
+  expected_revision: bigint;
+};
+
+type RawKinicDepositRequest = {
+  amount_e8s: bigint;
+  expected_fee_e8s: bigint;
+};
+
+type RawKinicDepositResult = {
+  block_index: bigint;
+  amount_e8s: bigint;
+  balance_e8s: bigint;
+};
+
+type RawKinicFundDatabaseCyclesRequest = {
+  database_id: string;
+  payment_amount_e8s: bigint;
+  min_expected_cycles: bigint;
+};
+
+type RawKinicFundDatabaseCyclesResult = {
+  payment_amount_e8s: bigint;
+  amount_cycles: bigint;
+  database_balance_cycles: bigint;
+  kinic_balance_e8s: bigint;
+};
+
+type RawMarketPurchasePreview = {
+  listing_id: string;
+  database_id: string;
+  price_e8s: bigint;
+  buyer_balance_e8s: bigint;
+  already_entitled: boolean;
+};
+
+type RawMarketPurchaseRequest = {
+  listing_id: string;
+  price_e8s: bigint;
+};
+
+type RawMarketOrder = {
+  order_id: string;
+  listing_id: string;
+  database_id: string;
+  buyer_principal: string;
+  seller_principal: string;
+  price_e8s: bigint;
+  listing_revision: bigint;
+  created_at_ms: bigint;
+};
+
+type RawMarketOrderPage = {
+  orders: RawMarketOrder[];
+  next_cursor: [] | [string];
+};
+
+type RawMarketEntitlement = {
+  database_id: string;
+  buyer_principal: string;
+  listing_id: string;
+  order_id: string;
+  purchased_at_ms: bigint;
+  status: string;
+};
+
+type RawMarketEntitlementPage = {
+  entitlements: RawMarketEntitlement[];
+  next_cursor: [] | [string];
+};
+
 type RawDeleteDatabaseRequest = {
   database_id: string;
 };
@@ -284,6 +480,22 @@ type VfsActor = {
   grant_database_access: (databaseId: string, principal: string, role: Variant) => Promise<{ Ok: null } | { Err: string }>;
   list_database_cycle_entries: (databaseId: string, cursor: [] | [bigint], limit: number) => Promise<{ Ok: RawDatabaseCycleEntryPage } | { Err: string }>;
   list_database_cycles_pending_purchases: (databaseId: string) => Promise<{ Ok: RawDatabaseCyclesPendingPurchase[] } | { Err: string }>;
+  market_count_active_entitlements: (databaseId: string) => Promise<{ Ok: bigint } | { Err: string }>;
+  market_create_listing: (request: RawMarketCreateListingRequest) => Promise<{ Ok: RawMarketListing } | { Err: string }>;
+  kinic_deposit_balance: (request: RawKinicDepositRequest) => Promise<{ Ok: RawKinicDepositResult } | { Err: string }>;
+  kinic_fund_database_cycles: (request: RawKinicFundDatabaseCyclesRequest) => Promise<{ Ok: RawKinicFundDatabaseCyclesResult } | { Err: string }>;
+  kinic_get_balance: () => Promise<{ Ok: RawKinicBalance } | { Err: string }>;
+  market_get_listing: (listingId: string) => Promise<{ Ok: RawMarketListingDetail } | { Err: string }>;
+  market_list_database_listings: (databaseId: string) => Promise<{ Ok: RawMarketListing[] } | { Err: string }>;
+  market_list_entitlements: (cursor: [] | [string], limit: number) => Promise<{ Ok: RawMarketEntitlementPage } | { Err: string }>;
+  market_list_listings: (cursor: [] | [string], limit: number) => Promise<{ Ok: RawMarketListingPage } | { Err: string }>;
+  market_list_orders: (cursor: [] | [string], limit: number) => Promise<{ Ok: RawMarketOrderPage } | { Err: string }>;
+  kinic_list_pending_operations: (request: RawKinicPendingOperationsPageRequest) => Promise<{ Ok: RawKinicPendingOperationsPage } | { Err: string }>;
+  market_pause_listing: (listingId: string) => Promise<{ Ok: RawMarketListing } | { Err: string }>;
+  market_preview_purchase: (listingId: string) => Promise<{ Ok: RawMarketPurchasePreview } | { Err: string }>;
+  market_publish_listing: (listingId: string) => Promise<{ Ok: RawMarketListing } | { Err: string }>;
+  market_purchase_access: (request: RawMarketPurchaseRequest) => Promise<{ Ok: RawMarketOrder } | { Err: string }>;
+  market_update_listing: (request: RawMarketUpdateListingRequest) => Promise<{ Ok: RawMarketListing } | { Err: string }>;
   mkdir_node: (request: RawMkdirNodeRequest) => Promise<{ Ok: RawMkdirNodeResult } | { Err: string }>;
   move_node: (request: RawMoveNodeRequest) => Promise<{ Ok: RawMoveNodeResult } | { Err: string }>;
   list_databases: () => Promise<{ Ok: RawDatabaseSummary[] } | { Err: string }>;
@@ -505,6 +717,224 @@ export async function listDatabaseCyclesPendingPurchasesAuthenticated(
   });
 }
 
+export async function kinicGetBalance(canisterId: string, identity: Identity): Promise<KinicBalance> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.kinic_get_balance();
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeKinicBalance(result.Ok);
+  });
+}
+
+export async function kinicDepositBalance(
+  canisterId: string,
+  identity: Identity,
+  amountE8s: string,
+  expectedFeeE8s: string
+): Promise<KinicDepositResult> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.kinic_deposit_balance({
+      amount_e8s: BigInt(amountE8s),
+      expected_fee_e8s: BigInt(expectedFeeE8s)
+    });
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeKinicDepositResult(result.Ok);
+  });
+}
+
+export async function kinicFundDatabaseCycles(
+  canisterId: string,
+  identity: Identity,
+  databaseId: string,
+  paymentAmountE8s: string,
+  minExpectedCycles: string
+): Promise<KinicFundDatabaseCyclesResult> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.kinic_fund_database_cycles({
+      database_id: databaseId,
+      payment_amount_e8s: BigInt(paymentAmountE8s),
+      min_expected_cycles: BigInt(minExpectedCycles)
+    });
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeKinicFundDatabaseCyclesResult(result.Ok);
+  });
+}
+
+export async function kinicListPendingOperations(
+  canisterId: string,
+  identity: Identity,
+  cursorOperationId: string | null,
+  limit: number
+): Promise<KinicPendingOperationsPage> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.kinic_list_pending_operations({
+      cursor_operation_id: rawDatabaseCycleCursor(cursorOperationId),
+      limit
+    });
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeKinicPendingOperationsPage(result.Ok);
+  });
+}
+
+export async function marketListListings(canisterId: string, cursor: string | null, limit: number): Promise<MarketListingPage> {
+  return callVfs(async () => {
+    const actor = await createVfsActor(canisterId);
+    const result = await actor.market_list_listings(rawTextCursor(cursor), limit);
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeMarketListingPage(result.Ok);
+  });
+}
+
+export async function marketGetListing(canisterId: string, listingId: string, identity?: Identity): Promise<MarketListingDetail> {
+  return callVfs(async () => {
+    const actor = await createReadActor(canisterId, identity);
+    const result = await actor.market_get_listing(listingId);
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeMarketListingDetail(result.Ok);
+  });
+}
+
+export async function marketListDatabaseListings(canisterId: string, identity: Identity, databaseId: string): Promise<MarketListing[]> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.market_list_database_listings(databaseId);
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return result.Ok.map(normalizeMarketListing);
+  });
+}
+
+export async function marketPreviewPurchase(canisterId: string, identity: Identity, listingId: string): Promise<MarketPurchasePreview> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.market_preview_purchase(listingId);
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeMarketPurchasePreview(result.Ok);
+  });
+}
+
+export async function marketPurchaseAccess(
+  canisterId: string,
+  identity: Identity,
+  listingId: string,
+  priceE8s: string
+): Promise<MarketOrder> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.market_purchase_access({
+      listing_id: listingId,
+      price_e8s: BigInt(priceE8s)
+    });
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeMarketOrder(result.Ok);
+  });
+}
+
+export async function marketListEntitlements(canisterId: string, identity: Identity, cursor: string | null, limit: number): Promise<MarketEntitlementPage> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.market_list_entitlements(rawTextCursor(cursor), limit);
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeMarketEntitlementPage(result.Ok);
+  });
+}
+
+export async function marketListOrders(canisterId: string, identity: Identity, cursor: string | null, limit: number): Promise<MarketOrderPage> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.market_list_orders(rawTextCursor(cursor), limit);
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeMarketOrderPage(result.Ok);
+  });
+}
+
+export async function marketCreateListing(
+  canisterId: string,
+  identity: Identity,
+  request: MarketCreateListingRequest
+): Promise<MarketListing> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.market_create_listing(rawMarketCreateListingRequest(request));
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeMarketListing(result.Ok);
+  });
+}
+
+export async function marketUpdateListing(
+  canisterId: string,
+  identity: Identity,
+  request: MarketUpdateListingRequest
+): Promise<MarketListing> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.market_update_listing(rawMarketUpdateListingRequest(request));
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeMarketListing(result.Ok);
+  });
+}
+
+export async function marketPublishListing(canisterId: string, identity: Identity, listingId: string): Promise<MarketListing> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.market_publish_listing(listingId);
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeMarketListing(result.Ok);
+  });
+}
+
+export async function marketPauseListing(canisterId: string, identity: Identity, listingId: string): Promise<MarketListing> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.market_pause_listing(listingId);
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return normalizeMarketListing(result.Ok);
+  });
+}
+
+export async function marketCountActiveEntitlements(canisterId: string, identity: Identity, databaseId: string): Promise<string> {
+  return callVfs(async () => {
+    const actor = await createAuthenticatedActor(canisterId, identity);
+    const result = await actor.market_count_active_entitlements(databaseId);
+    if ("Err" in result) {
+      throwCanisterError(result.Err);
+    }
+    return result.Ok.toString();
+  });
+}
+
 export async function createDatabaseAuthenticated(canisterId: string, identity: Identity, name: string): Promise<RawCreateDatabaseResult> {
   return callVfs(async () => {
     const actor = await createAuthenticatedActor(canisterId, identity);
@@ -973,6 +1403,195 @@ function normalizeDatabaseCyclesPendingPurchase(raw: RawDatabaseCyclesPendingPur
   };
 }
 
+function normalizeKinicBalance(raw: RawKinicBalance): KinicBalance {
+  return {
+    balanceE8s: raw.balance_e8s.toString()
+  };
+}
+
+function normalizeKinicPendingOperation(raw: RawKinicPendingOperation): KinicPendingOperation {
+  return {
+    operationId: raw.operation_id.toString(),
+    kind: raw.kind,
+    caller: raw.caller,
+    status: raw.status,
+    amountE8s: raw.amount_e8s.toString(),
+    ledgerBlockIndex: raw.ledger_block_index[0]?.toString() ?? null,
+    createdAtMs: raw.created_at_ms.toString(),
+    requiredAction: raw.required_action
+  };
+}
+
+function normalizeKinicPendingOperationsPage(raw: RawKinicPendingOperationsPage): KinicPendingOperationsPage {
+  return {
+    operations: raw.operations.map(normalizeKinicPendingOperation),
+    nextCursorOperationId: raw.next_cursor_operation_id[0]?.toString() ?? null
+  };
+}
+
+function normalizeMarketListingPage(raw: RawMarketListingPage): MarketListingPage {
+  return {
+    listings: raw.listings.map(normalizeMarketListing),
+    nextCursor: raw.next_cursor[0] ?? null
+  };
+}
+
+function normalizeMarketListing(raw: RawMarketListing): MarketListing {
+  return {
+    listingId: raw.listing_id,
+    sellerPrincipal: raw.seller_principal,
+    databaseId: raw.database_id,
+    title: raw.title,
+    description: raw.description,
+    llmSummary: raw.llm_summary[0] ?? null,
+    summarySnapshotRevision: raw.summary_snapshot_revision[0] ?? null,
+    sampleExcerptsJson: raw.sample_excerpts_json,
+    tagsJson: raw.tags_json,
+    priceE8s: raw.price_e8s.toString(),
+    status: normalizeMarketListingStatus(raw.status),
+    revision: raw.revision.toString(),
+    purchaseCount: raw.purchase_count.toString(),
+    reportCount: raw.report_count.toString(),
+    createdAtMs: raw.created_at_ms.toString(),
+    updatedAtMs: raw.updated_at_ms.toString()
+  };
+}
+
+function normalizeMarketListingDetail(raw: RawMarketListingDetail): MarketListingDetail {
+  return {
+    listing: normalizeMarketListing(raw.listing),
+    verifiedStats: {
+      totalNodes: raw.verified_stats.total_nodes.toString(),
+      wikiNodes: raw.verified_stats.wiki_nodes.toString(),
+      sourceNodes: raw.verified_stats.source_nodes.toString(),
+      folderNodes: raw.verified_stats.folder_nodes.toString(),
+      markdownChars: raw.verified_stats.markdown_chars.toString(),
+      sourceChars: raw.verified_stats.source_chars.toString(),
+      linkEdges: raw.verified_stats.link_edges.toString(),
+      logicalSizeBytes: raw.verified_stats.logical_size_bytes.toString(),
+      lastContentUpdatedAtMs: raw.verified_stats.last_content_updated_at_ms[0]?.toString() ?? null
+    },
+    preview: {
+      topLevelPaths: raw.preview.top_level_paths,
+      excerpts: raw.preview.excerpts.map((excerpt) => ({
+        path: excerpt.path,
+        etag: excerpt.etag,
+        excerpt: excerpt.excerpt
+      })),
+      categoryGraph: {
+        nodes: raw.preview.category_graph.nodes.map((node) => ({
+          category: node.category,
+          nodeCount: node.node_count.toString()
+        })),
+        edges: raw.preview.category_graph.edges.map((edge) => ({
+          sourceCategory: edge.source_category,
+          targetCategory: edge.target_category,
+          linkCount: edge.link_count.toString()
+        }))
+      },
+      previewStale: raw.preview.preview_stale
+    }
+  };
+}
+
+function normalizeMarketListingStatus(status: RawMarketListingStatus): MarketListingStatus {
+  if ("Active" in status) return "Active";
+  if ("Paused" in status) return "Paused";
+  return "Draft";
+}
+
+function normalizeKinicDepositResult(raw: RawKinicDepositResult): KinicDepositResult {
+  return {
+    blockIndex: raw.block_index.toString(),
+    amountE8s: raw.amount_e8s.toString(),
+    balanceE8s: raw.balance_e8s.toString()
+  };
+}
+
+function normalizeKinicFundDatabaseCyclesResult(raw: RawKinicFundDatabaseCyclesResult): KinicFundDatabaseCyclesResult {
+  return {
+    paymentAmountE8s: raw.payment_amount_e8s.toString(),
+    amountCycles: raw.amount_cycles.toString(),
+    databaseBalanceCycles: raw.database_balance_cycles.toString(),
+    kinicBalanceE8s: raw.kinic_balance_e8s.toString()
+  };
+}
+
+function normalizeMarketPurchasePreview(raw: RawMarketPurchasePreview): MarketPurchasePreview {
+  return {
+    listingId: raw.listing_id,
+    databaseId: raw.database_id,
+    priceE8s: raw.price_e8s.toString(),
+    buyerBalanceE8s: raw.buyer_balance_e8s.toString(),
+    alreadyEntitled: raw.already_entitled
+  };
+}
+
+function normalizeMarketOrderPage(raw: RawMarketOrderPage): MarketOrderPage {
+  return {
+    orders: raw.orders.map(normalizeMarketOrder),
+    nextCursor: raw.next_cursor[0] ?? null
+  };
+}
+
+function normalizeMarketOrder(raw: RawMarketOrder): MarketOrder {
+  return {
+    orderId: raw.order_id,
+    listingId: raw.listing_id,
+    databaseId: raw.database_id,
+    buyerPrincipal: raw.buyer_principal,
+    sellerPrincipal: raw.seller_principal,
+    priceE8s: raw.price_e8s.toString(),
+    listingRevision: raw.listing_revision.toString(),
+    createdAtMs: raw.created_at_ms.toString()
+  };
+}
+
+function normalizeMarketEntitlementPage(raw: RawMarketEntitlementPage): MarketEntitlementPage {
+  return {
+    entitlements: raw.entitlements.map(normalizeMarketEntitlement),
+    nextCursor: raw.next_cursor[0] ?? null
+  };
+}
+
+function normalizeMarketEntitlement(raw: RawMarketEntitlement) {
+  return {
+    databaseId: raw.database_id,
+    buyerPrincipal: raw.buyer_principal,
+    listingId: raw.listing_id,
+    orderId: raw.order_id,
+    purchasedAtMs: raw.purchased_at_ms.toString(),
+    status: raw.status
+  };
+}
+
+function rawMarketCreateListingRequest(request: MarketCreateListingRequest): RawMarketCreateListingRequest {
+  return {
+    database_id: request.databaseId,
+    title: request.title,
+    description: request.description,
+    llm_summary: rawOptionalText(request.llmSummary),
+    summary_snapshot_revision: rawOptionalText(request.summarySnapshotRevision),
+    sample_excerpts_json: request.sampleExcerptsJson,
+    tags_json: request.tagsJson,
+    price_e8s: BigInt(request.priceE8s)
+  };
+}
+
+function rawMarketUpdateListingRequest(request: MarketUpdateListingRequest): RawMarketUpdateListingRequest {
+  return {
+    title: request.title,
+    description: request.description,
+    llm_summary: rawOptionalText(request.llmSummary),
+    summary_snapshot_revision: rawOptionalText(request.summarySnapshotRevision),
+    sample_excerpts_json: request.sampleExcerptsJson,
+    tags_json: request.tagsJson,
+    price_e8s: BigInt(request.priceE8s),
+    listing_id: request.listingId,
+    expected_revision: BigInt(request.expectedRevision)
+  };
+}
+
 function normalizeDatabaseMember(raw: RawDatabaseMember): DatabaseMember {
   return {
     databaseId: raw.database_id,
@@ -1083,6 +1702,14 @@ function rawDatabaseCycleCursor(cursor: string | null): [] | [bigint] {
   return [BigInt(cursor)];
 }
 
+function rawTextCursor(cursor: string | null): [] | [string] {
+  return cursor ? [cursor] : [];
+}
+
+function rawOptionalText(value: string | null): [] | [string] {
+  return value === null ? [] : [value];
+}
+
 function rawUrlIngestTriggerSessionRequest(request: UrlIngestTriggerSessionRequest): RawUrlIngestTriggerSessionRequest {
   return {
     database_id: request.databaseId,
diff --git a/wikibrowser/lib/vfs-idl.ts b/wikibrowser/lib/vfs-idl.ts
index 79b5e063..57499644 100644
--- a/wikibrowser/lib/vfs-idl.ts
+++ b/wikibrowser/lib/vfs-idl.ts
@@ -54,6 +54,140 @@ export const idlFactory: ActorInterfaceFactory = ({ IDL: idl }) => {
     payment_amount_e8s: idl.Nat64,
     min_expected_cycles: idl.Nat64
   });
+  const KinicBalance = idl.Record({ balance_e8s: idl.Nat64 });
+  const KinicPendingOperation = idl.Record({
+    status: idl.Text,
+    kind: idl.Text,
+    operation_id: idl.Nat64,
+    created_at_ms: idl.Int64,
+    amount_e8s: idl.Nat64,
+    required_action: idl.Text,
+    ledger_block_index: idl.Opt(idl.Nat64),
+    caller: idl.Text
+  });
+  const KinicPendingOperationsPageRequest = idl.Record({ cursor_operation_id: idl.Opt(idl.Nat64), limit: idl.Nat32 });
+  const KinicPendingOperationsPage = idl.Record({
+    operations: idl.Vec(KinicPendingOperation),
+    next_cursor_operation_id: idl.Opt(idl.Nat64)
+  });
+  const MarketCreateListingRequest = idl.Record({
+    llm_summary: idl.Opt(idl.Text),
+    title: idl.Text,
+    summary_snapshot_revision: idl.Opt(idl.Text),
+    description: idl.Text,
+    database_id: idl.Text,
+    price_e8s: idl.Nat64,
+    sample_excerpts_json: idl.Text,
+    tags_json: idl.Text
+  });
+  const KinicDepositRequest = idl.Record({ amount_e8s: idl.Nat64, expected_fee_e8s: idl.Nat64 });
+  const KinicDepositResult = idl.Record({ block_index: idl.Nat64, amount_e8s: idl.Nat64, balance_e8s: idl.Nat64 });
+  const KinicFundDatabaseCyclesRequest = idl.Record({
+    payment_amount_e8s: idl.Nat64,
+    database_id: idl.Text,
+    min_expected_cycles: idl.Nat64
+  });
+  const KinicFundDatabaseCyclesResult = idl.Record({
+    database_balance_cycles: idl.Nat64,
+    payment_amount_e8s: idl.Nat64,
+    kinic_balance_e8s: idl.Nat64,
+    amount_cycles: idl.Nat64
+  });
+  const MarketEntitlement = idl.Record({
+    status: idl.Text,
+    purchased_at_ms: idl.Int64,
+    database_id: idl.Text,
+    buyer_principal: idl.Text,
+    order_id: idl.Text,
+    listing_id: idl.Text
+  });
+  const MarketEntitlementPage = idl.Record({
+    next_cursor: idl.Opt(idl.Text),
+    entitlements: idl.Vec(MarketEntitlement)
+  });
+  const MarketListingStatus = idl.Variant({ Paused: idl.Null, Active: idl.Null, Draft: idl.Null });
+  const MarketListing = idl.Record({
+    status: MarketListingStatus,
+    llm_summary: idl.Opt(idl.Text),
+    title: idl.Text,
+    summary_snapshot_revision: idl.Opt(idl.Text),
+    report_count: idl.Nat64,
+    description: idl.Text,
+    updated_at_ms: idl.Int64,
+    created_at_ms: idl.Int64,
+    seller_principal: idl.Text,
+    purchase_count: idl.Nat64,
+    database_id: idl.Text,
+    listing_id: idl.Text,
+    price_e8s: idl.Nat64,
+    revision: idl.Nat64,
+    sample_excerpts_json: idl.Text,
+    tags_json: idl.Text
+  });
+  const MarketCategoryGraphEdge = idl.Record({
+    source_category: idl.Text,
+    target_category: idl.Text,
+    link_count: idl.Nat64
+  });
+  const MarketCategoryGraphNode = idl.Record({ node_count: idl.Nat64, category: idl.Text });
+  const MarketCategoryGraph = idl.Record({
+    nodes: idl.Vec(MarketCategoryGraphNode),
+    edges: idl.Vec(MarketCategoryGraphEdge)
+  });
+  const MarketListingPage = idl.Record({ listings: idl.Vec(MarketListing), next_cursor: idl.Opt(idl.Text) });
+  const MarketOrder = idl.Record({
+    created_at_ms: idl.Int64,
+    seller_principal: idl.Text,
+    database_id: idl.Text,
+    buyer_principal: idl.Text,
+    order_id: idl.Text,
+    listing_id: idl.Text,
+    price_e8s: idl.Nat64,
+    listing_revision: idl.Nat64
+  });
+  const MarketOrderPage = idl.Record({ orders: idl.Vec(MarketOrder), next_cursor: idl.Opt(idl.Text) });
+  const MarketPreviewExcerpt = idl.Record({ path: idl.Text, etag: idl.Text, excerpt: idl.Text });
+  const MarketListingPreview = idl.Record({
+    top_level_paths: idl.Vec(idl.Text),
+    excerpts: idl.Vec(MarketPreviewExcerpt),
+    category_graph: MarketCategoryGraph,
+    preview_stale: idl.Bool
+  });
+  const MarketListingVerifiedStats = idl.Record({
+    source_chars: idl.Nat64,
+    total_nodes: idl.Nat64,
+    logical_size_bytes: idl.Nat64,
+    link_edges: idl.Nat64,
+    wiki_nodes: idl.Nat64,
+    source_nodes: idl.Nat64,
+    markdown_chars: idl.Nat64,
+    last_content_updated_at_ms: idl.Opt(idl.Int64),
+    folder_nodes: idl.Nat64
+  });
+  const MarketListingDetail = idl.Record({
+    listing: MarketListing,
+    preview: MarketListingPreview,
+    verified_stats: MarketListingVerifiedStats
+  });
+  const MarketPurchasePreview = idl.Record({
+    already_entitled: idl.Bool,
+    buyer_balance_e8s: idl.Nat64,
+    database_id: idl.Text,
+    listing_id: idl.Text,
+    price_e8s: idl.Nat64
+  });
+  const MarketPurchaseRequest = idl.Record({ listing_id: idl.Text, price_e8s: idl.Nat64 });
+  const MarketUpdateListingRequest = idl.Record({
+    llm_summary: idl.Opt(idl.Text),
+    title: idl.Text,
+    summary_snapshot_revision: idl.Opt(idl.Text),
+    description: idl.Text,
+    listing_id: idl.Text,
+    price_e8s: idl.Nat64,
+    expected_revision: idl.Nat64,
+    sample_excerpts_json: idl.Text,
+    tags_json: idl.Text
+  });
   const Icrc21ConsentMessageMetadata = idl.Record({ utc_offset_minutes: idl.Opt(idl.Int16), language: idl.Text });
   const Icrc21DeviceSpec = idl.Variant({ GenericDisplay: idl.Null, FieldsDisplay: idl.Null });
   const Icrc21ConsentMessageSpec = idl.Record({
@@ -284,8 +418,21 @@ export const idlFactory: ActorInterfaceFactory = ({ IDL: idl }) => {
   const ResultCyclesPurchase = idl.Variant({ Ok: CyclesPurchaseResult, Err: idl.Text });
   const ResultCyclesEntries = idl.Variant({ Ok: DatabaseCycleEntryPage, Err: idl.Text });
   const ResultCyclesPendingPurchases = idl.Variant({ Ok: idl.Vec(DatabaseCyclesPendingPurchase), Err: idl.Text });
+  const ResultKinicBalance = idl.Variant({ Ok: KinicBalance, Err: idl.Text });
+  const ResultKinicPendingOperations = idl.Variant({ Ok: KinicPendingOperationsPage, Err: idl.Text });
+  const ResultKinicDeposit = idl.Variant({ Ok: KinicDepositResult, Err: idl.Text });
+  const ResultKinicFundDatabaseCycles = idl.Variant({ Ok: KinicFundDatabaseCyclesResult, Err: idl.Text });
+  const ResultMarketEntitlementPage = idl.Variant({ Ok: MarketEntitlementPage, Err: idl.Text });
+  const ResultMarketListing = idl.Variant({ Ok: MarketListing, Err: idl.Text });
+  const ResultMarketListingDetail = idl.Variant({ Ok: MarketListingDetail, Err: idl.Text });
+  const ResultMarketListings = idl.Variant({ Ok: idl.Vec(MarketListing), Err: idl.Text });
+  const ResultMarketListingPage = idl.Variant({ Ok: MarketListingPage, Err: idl.Text });
+  const ResultMarketOrder = idl.Variant({ Ok: MarketOrder, Err: idl.Text });
+  const ResultMarketOrderPage = idl.Variant({ Ok: MarketOrderPage, Err: idl.Text });
+  const ResultMarketPurchasePreview = idl.Variant({ Ok: MarketPurchasePreview, Err: idl.Text });
   const ResultDatabases = idl.Variant({ Ok: idl.Vec(DatabaseSummary), Err: idl.Text });
   const ResultMembers = idl.Variant({ Ok: idl.Vec(DatabaseMember), Err: idl.Text });
+  const ResultNat64 = idl.Variant({ Ok: idl.Nat64, Err: idl.Text });
   const WriteNodeResult = idl.Record({ created: idl.Bool, node: NodeMutationAck });
   const ResultWriteNode = idl.Variant({ Ok: WriteNodeResult, Err: idl.Text });
   const WriteSourceForGenerationResult = idl.Record({ session_nonce: idl.Text, write: WriteNodeResult });
@@ -322,6 +469,22 @@ export const idlFactory: ActorInterfaceFactory = ({ IDL: idl }) => {
     list_database_cycles_pending_purchases: idl.Func([idl.Text], [ResultCyclesPendingPurchases], ["query"]),
     list_databases: idl.Func([], [ResultDatabases], ["query"]),
     list_database_members: idl.Func([idl.Text], [ResultMembers], ["query"]),
+    market_count_active_entitlements: idl.Func([idl.Text], [ResultNat64], ["query"]),
+    market_create_listing: idl.Func([MarketCreateListingRequest], [ResultMarketListing], []),
+    kinic_deposit_balance: idl.Func([KinicDepositRequest], [ResultKinicDeposit], []),
+    kinic_fund_database_cycles: idl.Func([KinicFundDatabaseCyclesRequest], [ResultKinicFundDatabaseCycles], []),
+    kinic_get_balance: idl.Func([], [ResultKinicBalance], ["query"]),
+    market_get_listing: idl.Func([idl.Text], [ResultMarketListingDetail], ["query"]),
+    market_list_database_listings: idl.Func([idl.Text], [ResultMarketListings], ["query"]),
+    market_list_entitlements: idl.Func([idl.Opt(idl.Text), idl.Nat32], [ResultMarketEntitlementPage], ["query"]),
+    market_list_listings: idl.Func([idl.Opt(idl.Text), idl.Nat32], [ResultMarketListingPage], ["query"]),
+    market_list_orders: idl.Func([idl.Opt(idl.Text), idl.Nat32], [ResultMarketOrderPage], ["query"]),
+    kinic_list_pending_operations: idl.Func([KinicPendingOperationsPageRequest], [ResultKinicPendingOperations], ["query"]),
+    market_pause_listing: idl.Func([idl.Text], [ResultMarketListing], []),
+    market_preview_purchase: idl.Func([idl.Text], [ResultMarketPurchasePreview], ["query"]),
+    market_publish_listing: idl.Func([idl.Text], [ResultMarketListing], []),
+    market_purchase_access: idl.Func([MarketPurchaseRequest], [ResultMarketOrder], []),
+    market_update_listing: idl.Func([MarketUpdateListingRequest], [ResultMarketListing], []),
     memory_manifest: idl.Func([], [MemoryManifest], ["query"]),
     mkdir_node: idl.Func([MkdirNodeRequest], [ResultMkdirNode], []),
     move_node: idl.Func([MoveNodeRequest], [ResultMoveNode], []),
diff --git a/wikibrowser/next.config.ts b/wikibrowser/next.config.ts
index d1c528e5..9b786ca3 100644
--- a/wikibrowser/next.config.ts
+++ b/wikibrowser/next.config.ts
@@ -5,7 +5,6 @@ import type { NextConfig } from "next";
 
 type PublicVars = {
   NEXT_PUBLIC_WIKI_IC_HOST?: string;
-  NEXT_PUBLIC_II_PROVIDER_URL?: string;
   NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID?: string;
 };
 
@@ -21,7 +20,6 @@ const nextConfig: NextConfig = {
   allowedDevOrigins: ["127.0.0.1"],
   env: {
     NEXT_PUBLIC_WIKI_IC_HOST: process.env.NEXT_PUBLIC_WIKI_IC_HOST ?? wranglerVars.NEXT_PUBLIC_WIKI_IC_HOST ?? "https://icp0.io",
-    NEXT_PUBLIC_II_PROVIDER_URL: process.env.NEXT_PUBLIC_II_PROVIDER_URL ?? wranglerVars.NEXT_PUBLIC_II_PROVIDER_URL ?? "https://id.ai",
     NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID: process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? wranglerVars.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? ""
   },
   reactStrictMode: true
diff --git a/wikibrowser/package.json b/wikibrowser/package.json
index 686b0118..cac54cf7 100644
--- a/wikibrowser/package.json
+++ b/wikibrowser/package.json
@@ -11,7 +11,7 @@
     "smoke:errors": "node scripts/smoke-errors.mjs",
     "smoke:public": "node scripts/smoke-public.mjs",
     "generate:vfs-idl": "node scripts/generate-vfs-idl.mjs",
-    "test": "node scripts/generate-vfs-idl.mjs --check && node scripts/check-candid-drift.mjs && node scripts/check-paths.mjs && node scripts/check-ui-helpers.mjs && node scripts/check-api-errors.mjs && node scripts/check-auth.mjs && node scripts/check-smoke-url.mjs && node scripts/check-dashboard.mjs && node scripts/check-cycles.mjs && node scripts/check-cycles-wallet.mjs && node scripts/check-skill-registry.mjs && node scripts/check-url-security.mjs",
+    "test": "node scripts/generate-vfs-idl.mjs --check && node scripts/check-candid-drift.mjs && node scripts/check-paths.mjs && node scripts/check-ui-helpers.mjs && node scripts/check-api-errors.mjs && node scripts/check-auth.mjs && node scripts/check-smoke-url.mjs && node scripts/check-dashboard.mjs && node scripts/check-cycles.mjs && node scripts/check-cycles-wallet.mjs && node scripts/check-marketplace.mjs && node scripts/check-skill-registry.mjs && node scripts/check-url-security.mjs",
     "typecheck": "next typegen && node scripts/normalize-typegen-tsconfig.mjs && tsc --noEmit",
     "audit:moderate": "pnpm audit --audit-level moderate",
     "build:worker": "opennextjs-cloudflare build",
@@ -33,13 +33,23 @@
     "@icp-sdk/canisters": "^3.6.0",
     "@icp-sdk/core": "^5.4.0",
     "@opennextjs/cloudflare": "^1.19.8",
+    "@radix-ui/react-dialog": "1.1.16",
+    "@radix-ui/react-scroll-area": "1.2.11",
+    "@radix-ui/react-select": "2.3.0",
+    "@radix-ui/react-separator": "1.1.9",
+    "@radix-ui/react-slot": "1.2.5",
+    "@radix-ui/react-tabs": "1.1.14",
+    "@radix-ui/react-tooltip": "1.2.9",
     "@uiw/react-codemirror": "4.25.9",
+    "class-variance-authority": "0.7.1",
+    "clsx": "2.1.1",
     "lucide-react": "0.555.0",
     "next": "16.2.6",
     "react": "19.2.5",
     "react-dom": "19.2.5",
     "react-markdown": "10.1.0",
     "remark-gfm": "4.0.1",
+    "tailwind-merge": "3.6.0",
     "zod": "^4.3.6"
   },
   "devDependencies": {
@@ -53,6 +63,7 @@
     "eslint-config-next": "16.2.4",
     "postcss": "8.5.12",
     "tailwindcss": "3.4.18",
+    "tailwindcss-animate": "1.0.7",
     "typescript": "5.9.3",
     "wrangler": "^4.90.0"
   },
diff --git a/wikibrowser/playwright.config.ts b/wikibrowser/playwright.config.ts
index c6a66227..24c78c53 100644
--- a/wikibrowser/playwright.config.ts
+++ b/wikibrowser/playwright.config.ts
@@ -2,6 +2,7 @@ import { defineConfig, devices } from "@playwright/test";
 
 const port = Number(process.env.PORT ?? 3100);
 const baseURL = process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${port}`;
+const localIiProviderURL = process.env.NEXT_PUBLIC_II_PROVIDER_URL ?? "http://id.ai.localhost:8011";
 
 export default defineConfig({
   testDir: "./e2e",
@@ -22,7 +23,7 @@ export default defineConfig({
         ...devices["Desktop Chrome"],
         launchOptions: {
           args: [
-            "--unsafely-treat-insecure-origin-as-secure=http://id.ai.localhost:8011",
+            `--unsafely-treat-insecure-origin-as-secure=${localIiProviderURL}`,
             `--unsafely-treat-insecure-origin-as-secure=${baseURL}`
           ]
         }
@@ -30,7 +31,7 @@ export default defineConfig({
     }
   ],
   webServer: {
-    command: `NEXT_PUBLIC_WIKI_IC_HOST=${process.env.NEXT_PUBLIC_WIKI_IC_HOST ?? "http://127.0.0.1:8011"} NEXT_PUBLIC_II_PROVIDER_URL=${process.env.NEXT_PUBLIC_II_PROVIDER_URL ?? "http://id.ai.localhost:8011"} NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID=${process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? ""} pnpm dev --hostname 127.0.0.1 --port ${port}`,
+    command: `NEXT_PUBLIC_WIKI_IC_HOST=${process.env.NEXT_PUBLIC_WIKI_IC_HOST ?? "http://127.0.0.1:8011"} NEXT_PUBLIC_ENABLE_LOCAL_II_E2E=1 NEXT_PUBLIC_II_PROVIDER_URL=${localIiProviderURL} NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID=${process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID ?? ""} pnpm dev --hostname 127.0.0.1 --port ${port}`,
     url: baseURL,
     reuseExistingServer: false,
     timeout: 120_000
diff --git a/wikibrowser/pnpm-lock.yaml b/wikibrowser/pnpm-lock.yaml
index e64be21a..0e216837 100644
--- a/wikibrowser/pnpm-lock.yaml
+++ b/wikibrowser/pnpm-lock.yaml
@@ -4,6 +4,10 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+overrides:
+  postcss: 8.5.12
+  ws: 8.20.1
+
 importers:
 
   .:
@@ -38,9 +42,36 @@ importers:
       '@opennextjs/cloudflare':
         specifier: ^1.19.8
         version: 1.19.8(next@16.2.6(@babel/core@7.29.0)(@playwright/test@1.59.1)(react-dom@19.2.5(react@19.2.5))(react@19.2.5))(wrangler@4.90.0)
+      '@radix-ui/react-dialog':
+        specifier: 1.1.16
+        version: 1.1.16(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-scroll-area':
+        specifier: 1.2.11
+        version: 1.2.11(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-select':
+        specifier: 2.3.0
+        version: 2.3.0(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-separator':
+        specifier: 1.1.9
+        version: 1.1.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-slot':
+        specifier: 1.2.5
+        version: 1.2.5(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-tabs':
+        specifier: 1.1.14
+        version: 1.1.14(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-tooltip':
+        specifier: 1.2.9
+        version: 1.2.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
       '@uiw/react-codemirror':
         specifier: 4.25.9
         version: 4.25.9(@babel/runtime@7.29.2)(@codemirror/autocomplete@6.20.2)(@codemirror/language@6.12.3)(@codemirror/lint@6.9.6)(@codemirror/search@6.7.0)(@codemirror/state@6.6.0)(@codemirror/theme-one-dark@6.1.3)(@codemirror/view@6.42.1)(codemirror@6.0.2)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      class-variance-authority:
+        specifier: 0.7.1
+        version: 0.7.1
+      clsx:
+        specifier: 2.1.1
+        version: 2.1.1
       lucide-react:
         specifier: 0.555.0
         version: 0.555.0(react@19.2.5)
@@ -59,6 +90,9 @@ importers:
       remark-gfm:
         specifier: 4.0.1
         version: 4.0.1
+      tailwind-merge:
+        specifier: 3.6.0
+        version: 3.6.0
       zod:
         specifier: ^4.3.6
         version: 4.3.6
@@ -93,6 +127,9 @@ importers:
       tailwindcss:
         specifier: 3.4.18
         version: 3.4.18(yaml@2.8.4)
+      tailwindcss-animate:
+        specifier: 1.0.7
+        version: 1.0.7(tailwindcss@3.4.18(yaml@2.8.4))
       typescript:
         specifier: 5.9.3
         version: 5.9.3
@@ -970,6 +1007,21 @@ packages:
     resolution: {integrity: sha512-43/qtrDUokr7LJqoF2c3+RInu/t4zfrpYdoSDfYyhg52rwLV6TnOvdG4fXm7IkSB3wErkcmJS9iEhjVtOSEjjA==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
+  '@floating-ui/core@1.7.5':
+    resolution: {integrity: sha512-1Ih4WTWyw0+lKyFMcBHGbb5U5FtuHJuujoyyr5zTaWS5EYMeT6Jb2AuDeftsCsEuchO+mM2ij5+q9crhydzLhQ==}
+
+  '@floating-ui/dom@1.7.6':
+    resolution: {integrity: sha512-9gZSAI5XM36880PPMm//9dfiEngYoC6Am2izES1FF406YFsjvyBMmeJ2g4SAju3xWwtuynNRFL2s9hgxpLI5SQ==}
+
+  '@floating-ui/react-dom@2.1.8':
+    resolution: {integrity: sha512-cC52bHwM/n/CxS87FH0yWdngEZrjdtLW/qVruo68qg+prK7ZQ4YGdut2GyDVpoGeAYe/h899rVeOVm6Oi40k2A==}
+    peerDependencies:
+      react: '>=16.8.0'
+      react-dom: '>=16.8.0'
+
+  '@floating-ui/utils@0.2.11':
+    resolution: {integrity: sha512-RiB/yIh78pcIxl6lLMG0CgBXAZ2Y0eVHqMPYugu+9U0AeT6YBeiJpf7lbdJNIugFP5SIjwNRgo4DhR1Qxi26Gg==}
+
   '@humanfs/core@0.19.2':
     resolution: {integrity: sha512-UhXNm+CFMWcbChXywFwkmhqjs3PRCmcSa/hfBgLIb7oQ5HNb1wS0icWsGtSAUNgefHeI+eBrA8I1fxmbHsGdvA==}
     engines: {node: '>=18.18.0'}
@@ -1368,6 +1420,349 @@ packages:
   '@poppinss/exception@1.2.3':
     resolution: {integrity: sha512-dCED+QRChTVatE9ibtoaxc+WkdzOSjYTKi/+uacHWIsfodVfpsueo3+DKpgU5Px8qXjgmXkSvhXvSCz3fnP9lw==}
 
+  '@radix-ui/number@1.1.2':
+    resolution: {integrity: sha512-ceTwaxc4I5IOi97DgCotl3pqiyRGvffcc0oOsE2dQYaJOFIDsDt4VWG6xEbg1QePv9QWausCEIppud/tJ1wNig==}
+
+  '@radix-ui/primitive@1.1.4':
+    resolution: {integrity: sha512-7AdCK9PQyiljKoBDbN8OuctCbd/esdwZPQ8RtOE3SsyQtUpiPb+ND75q0jEhC1m1ecBI0MFNeLJvwIh9iKHRcQ==}
+
+  '@radix-ui/react-arrow@1.1.9':
+    resolution: {integrity: sha512-yqHW5WQ/cTpU/un7dqqIKNy2iRU8BC0JB78PEzTfCCYvZu1U6W9KwObAniMk9nhSfyotKPQTYaUD/HB0f5muig==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-collection@1.1.9':
+    resolution: {integrity: sha512-zuSVi7ziP7uQRqc+yGxsKJfNkdyHv3ZKDaHe0gzg4dRgws96TPKWIiz84tVHP4GEcEl8bC0mdt17NkcxaJHmaQ==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-compose-refs@1.1.3':
+    resolution: {integrity: sha512-rYOP8OMnuuPMQF1uhPVlGNcCDlkokKqGFE3JcxFViIkAXP7EvFWUliJAstrapypaBLJNHbZL6jGhbVDGTwmVhA==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-context@1.1.4':
+    resolution: {integrity: sha512-QwH4PO5urrbO+FaGd5Aglg+YJgWTyyuZ3g/6mKvsqraLkglDdckw9JafgL5McL5VEJ6EPNduPaT3ZE9BttDAqg==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-dialog@1.1.16':
+    resolution: {integrity: sha512-l9ok83YBclEZhbjgzt76Hw733e6cvRKPNgO6GJ/IETlufXG9p+fRu2wlvpImQvR6xdJ8h7J8J2DBvsPEiEsKMw==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-direction@1.1.2':
+    resolution: {integrity: sha512-C3vFhbyi4SW3PmbAi6Awpu4OzJtd0MxGurvSsYtr7p7nM8RNB3VAF3CUmnp2j50knpkrRcB7+ycVXzgLgF6yNA==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-dismissable-layer@1.1.12':
+    resolution: {integrity: sha512-MhoruH6xEzsbvOmo4TNgMfmtvRGyDZw4MDSdf4ybMHfezjqwzv6hyd4lsMzBp8K9Sn6sGzCF62x1I7BYUECXOg==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-focus-guards@1.1.4':
+    resolution: {integrity: sha512-cot/aB/mOm0IYVYTTmQcEEK1M48lZWi8FlYe5nDPQQ8NYZUlXEFgncJ9p2Kzer3RKSrY7cTTpEMLZKNo9QoP5Q==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-focus-scope@1.1.9':
+    resolution: {integrity: sha512-9Se8t+Zry+1rEOL7Y6l/4ANYU/TOtAtf8O2fKdwLltcaMcm6kOqYGbzO4tMFQ0bvzO920pRAoHpFZ4W85S3keQ==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-id@1.1.2':
+    resolution: {integrity: sha512-orBC88futVpqCmhX1p4cvquNHsELQ+w+vBJnuj3ftETI5bJb0bZn3Tqu3SWN2IOcPycTnMGnhwoermvISt72sA==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-popper@1.3.0':
+    resolution: {integrity: sha512-9PB589e1aWZbrlFUHdz6WiPCL+xLZHQFX7oibqG/6Q0SwOkxDyQX9W/cyPa+sAPPKuC8cpLCpRczE5a/1DiwVQ==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-portal@1.1.11':
+    resolution: {integrity: sha512-UEytdjgEh2tJGgD/gZK4FUx6t1rNIlM3U0DENhSrG7I75FGm1DnaDuVUWF1pWAWUwGmn1sCJ1VGHn8LhN1aTOw==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-presence@1.1.6':
+    resolution: {integrity: sha512-zdTk4PlUO0E18HnZ3wYbW0KkJJxWCdiNYp6g6X1PtONFhxVkg01vliTJAmwIszU6mHiyBOoW9P0rAugl5/hULQ==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-primitive@2.1.5':
+    resolution: {integrity: sha512-zifXeB8Y88qCYx8PLZ5oQb32KwZub+s925mMoZsBBq9KUQqWKkREubTfs6ASjRPPBe7Jt9O8OHH89+95VG+grA==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-roving-focus@1.1.12':
+    resolution: {integrity: sha512-FvgPt1bRmg8Xt2QpF7NUZW3dE0ZQHGm41dAdgT2J2GJPoIXz+9Em3NobAxf4fupcxhgHu03E5CRiU2MWvObXyg==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-scroll-area@1.2.11':
+    resolution: {integrity: sha512-DS39ziOgea75U/TrXKU2/oKp0be2jrDHnzFLvahg/0iNAT1Zq16e4Uw0WXwyXvsK+mG3BRyMb7A3NRZMDuEXtQ==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-select@2.3.0':
+    resolution: {integrity: sha512-mENc7WpJvJcW8hlMpzfFcHcEhTvYS5JMBmi9HVC1Q00uhBwML086MHYUV8QQdQv6lcu0Wg8dzd1RB8AFADcG/g==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-separator@1.1.9':
+    resolution: {integrity: sha512-gvgW+JV/Mbjj6darztTetnmElpQEzZrXpJvfj+dOxNAxiyHEAyUvEjjl4zxblvmjmKmi3jfPoy7ZdxzCuUBJSA==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-slot@1.2.5':
+    resolution: {integrity: sha512-rCMO3QsIVKv5JTY5CVbo2MvO77SpEqqYc8AvRE7OWqRDOIqAKjsp+DrmnY9uc8NPdxB5E2z47HTYGeE2+NTptg==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-tabs@1.1.14':
+    resolution: {integrity: sha512-D5jwp9JNuwDeCw3CYD2Fz+sSHo0droQjC8u75dJHe4aWr5q6yBiXZU+hurXnKudRgEpUkD5TsI6bjHPo5ThUxA==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-tooltip@1.2.9':
+    resolution: {integrity: sha512-u6F9MmTtBSLkiXNVDrtB/yPCZarM9smNswC24YYLV/M+bth6J3Gs3vlJezEoFwKZvPvxhCpUYdUnOsNG/0XOlA==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/react-use-callback-ref@1.1.2':
+    resolution: {integrity: sha512-xCso9j1/u8sEgP1RNHjFrXJLApL8LiqOkI1R4ywuN00rxWdYg4oQXuwKLS3i0j5NWLromUD27/4nlxj2UFVvIw==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-use-controllable-state@1.2.3':
+    resolution: {integrity: sha512-PLzC90MS+ReootmjC597dvopoelpZ8Q61HJkDXZSExitIq7PL55vHNnesAHwguHK0aPfBnpdNzQtv1uliaqQrA==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-use-effect-event@0.0.3':
+    resolution: {integrity: sha512-6c8ZqvPTWILEKnyVkP53EGRCcpnJiKTC21sS/6R1GF5xKyHJJWQEPfkqlcgUkdRQivd6tb23abUwe4ngWmY0JA==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-use-escape-keydown@1.1.2':
+    resolution: {integrity: sha512-2uVLvLjgO7NZCWw01/FdqRwmA42J0BcjPMUCA+koFEOAb+zjqIP7SiFz/7zWPrKnVmSqr76Omq2ALyCuX4dhLw==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-use-layout-effect@1.1.2':
+    resolution: {integrity: sha512-jrBWOxZITuGcnjRCM2t2U5ZPkCLxD+Ym6DjfssS5haTj2iiak/DOb64JeN6OdLfLgptb6/e2kKR+ZuTrGoZTPA==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-use-previous@1.1.2':
+    resolution: {integrity: sha512-IGBQPtRFdhN6MQ8dbegVmBq1LVZluya3F1jWY+puIcQC3MHctRwTDSBWCkL/3ZcnMJLTMJ++Z+ktmvg0F89iCw==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-use-rect@1.1.2':
+    resolution: {integrity: sha512-d8a+bBY/FxikNPlgJJoaBHZX+zKVbWHYJGTLnLvveQgFSTntkGdEKv3JDtHrMS0DNYpllz2nRsTLGLKYttbpmw==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-use-size@1.1.2':
+    resolution: {integrity: sha512-giWQp+4mxjBPt4KZ0MmyuykFNWfbDxKt4x+fPkRYmgRFJSbCZFzUglvMb/Kjn38tm10YP4ufiQZDx3zna4LU6w==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  '@radix-ui/react-visually-hidden@1.2.5':
+    resolution: {integrity: sha512-tPcHNI3FajdDBFpl/Ez1m2WL0ufJqBKyHxMDBvKitopamK36WwBGOMicuMEZKkM5Wce41QxUyv6BsiqfrWBiGg==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
+  '@radix-ui/rect@1.1.2':
+    resolution: {integrity: sha512-xnXE7wG13PI+cxieVssYXlQJuYVRhH9NBoxt3KNwzghDIA69GMm7d4wXRouHIYjE+KvS6U/MsMO73NdS2MH9ZA==}
+
   '@rtsao/scc@1.1.0':
     resolution: {integrity: sha512-zt6OdqaDoOnJ1ZYsCYGt9YmWzDXl4vQdKTyJev62gFhRGKdx7mcT54V9KIjg+d2wi9EXsPvAPKe7i7WjfVWB8g==}
 
@@ -1901,6 +2296,10 @@ packages:
   argparse@2.0.1:
     resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==}
 
+  aria-hidden@1.2.6:
+    resolution: {integrity: sha512-ik3ZgC9dY/lYVVM++OISsaYDeg1tb0VtP5uL3ouh1koGOaUMDPpbFIei4JkFimWUFPn90sbMNMXQAIVOlnYKJA==}
+    engines: {node: '>=10'}
+
   aria-query@5.3.2:
     resolution: {integrity: sha512-COROpnaoap1E2F000S62r6A60uHZnmlvomhfyT2DlTcrY1OrBKn2UhH7qn5wTC9zMvD0AY7csdPSNwKP+7WiQw==}
     engines: {node: '>= 0.4'}
@@ -2100,6 +2499,9 @@ packages:
     resolution: {integrity: sha512-77PSwercCZU2Fc4sX94eF8k8Pxte6JAwL4/ICZLFjJLqegs7kCuAsqqj/70NQF6TvDpgFjkubQB2FW2ZZddvQg==}
     engines: {node: '>=8'}
 
+  class-variance-authority@0.7.1:
+    resolution: {integrity: sha512-Ka+9Trutv7G8M6WT6SeiRWz792K5qEqIGEGzXKhAE6xOWAY6pPH8U+9IY3oCMv6kqTmLsv7Xh/2w2RigkePMsg==}
+
   client-only@0.0.1:
     resolution: {integrity: sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA==}
 
@@ -2110,6 +2512,10 @@ packages:
   cloudflare@4.5.0:
     resolution: {integrity: sha512-fPcbPKx4zF45jBvQ0z7PCdgejVAPBBCZxwqk1k7krQNfpM07Cfj97/Q6wBzvYqlWXx/zt1S9+m8vnfCe06umbQ==}
 
+  clsx@2.1.1:
+    resolution: {integrity: sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==}
+    engines: {node: '>=6'}
+
   codemirror@6.0.2:
     resolution: {integrity: sha512-VhydHotNW5w1UGK0Qj96BwSk/Zqbp9WbnyK2W/eVMv4QyF41INRGpjUhFJY7/uDNuudSc33a/PKr4iDqRduvHw==}
 
@@ -2245,6 +2651,9 @@ packages:
     resolution: {integrity: sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==}
     engines: {node: '>=8'}
 
+  detect-node-es@1.1.0:
+    resolution: {integrity: sha512-ypdmJU/TbBby2Dxibuv7ZLW3Bs1QEmM7nHjEANfohJLvE0XVujisn1qPJcZxg+qDucsr+bP6fLD1rPS3AhJ7EQ==}
+
   devlop@1.1.0:
     resolution: {integrity: sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==}
 
@@ -2632,6 +3041,10 @@ packages:
     resolution: {integrity: sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==}
     engines: {node: '>= 0.4'}
 
+  get-nonce@1.0.1:
+    resolution: {integrity: sha512-FJhYRoDaiatfEkUK8HKlicmu/3SGFD51q3itKDGoSTysQJBnfOcxU5GxnhE1E6soB76MbT0MBtnKJuXyAx+96Q==}
+    engines: {node: '>=6'}
+
   get-proto@1.0.1:
     resolution: {integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==}
     engines: {node: '>= 0.4'}
@@ -3499,10 +3912,6 @@ packages:
   postcss-value-parser@4.2.0:
     resolution: {integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==}
 
-  postcss@8.4.31:
-    resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==}
-    engines: {node: ^10 || ^12 || >=14}
-
   postcss@8.5.12:
     resolution: {integrity: sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==}
     engines: {node: ^10 || ^12 || >=14}
@@ -3561,6 +3970,36 @@ packages:
       '@types/react': '>=18'
       react: '>=18'
 
+  react-remove-scroll-bar@2.3.8:
+    resolution: {integrity: sha512-9r+yi9+mgU33AKcj6IbT9oRCO78WriSj6t/cF8DWBZJ9aOGPOTEDvdUDz1FwKim7QXWwmHqtdHnRJfhAxEG46Q==}
+    engines: {node: '>=10'}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  react-remove-scroll@2.7.2:
+    resolution: {integrity: sha512-Iqb9NjCCTt6Hf+vOdNIZGdTiH1QSqr27H/Ek9sv/a97gfueI/5h1s3yRi1nngzMUaOOToin5dI1dXKdXiF+u0Q==}
+    engines: {node: '>=10'}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  react-style-singleton@2.2.3:
+    resolution: {integrity: sha512-b6jSvxvVnyptAiLjbkWLE/lOnR4lfTtDAl+eUC7RZy+QQWc6wRzIV2CE6xBuMmDxc2qIihtDCZD5NPOFl7fRBQ==}
+    engines: {node: '>=10'}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
   react@19.2.5:
     resolution: {integrity: sha512-llUJLzz1zTUBrskt2pwZgLq59AemifIftw4aB7JxOqf1HY2FDaGDxgwpAPVzHU1kdWabH7FauP4i1oEeer2WCA==}
     engines: {node: '>=0.10.0'}
@@ -3822,6 +4261,14 @@ packages:
     resolution: {integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==}
     engines: {node: '>= 0.4'}
 
+  tailwind-merge@3.6.0:
+    resolution: {integrity: sha512-uxL7qAVQriqRQPAyK3pj66VqskWqoZ37PW94jwOTwNfq/z9oyu1V+eqrZqtR2+fCiXdYOZe/Modt8GtvqNzu+w==}
+
+  tailwindcss-animate@1.0.7:
+    resolution: {integrity: sha512-bl6mpH3T7I3UFxuvDEXLxy/VuFxBk5bbzplh7tXI68mwMokNYd1t9qPBHlnyTwfa4JGC4zP516I1hYYtQ/vspA==}
+    peerDependencies:
+      tailwindcss: '>=3.0.0 || insiders'
+
   tailwindcss@3.4.18:
     resolution: {integrity: sha512-6A2rnmW5xZMdw11LYjhcI5846rt9pbLSabY5XPxo+XWdxwZaFEn47Go4NzFiHu9sNNmr/kXivP1vStfvMaK1GQ==}
     engines: {node: '>=14.0.0'}
@@ -3968,6 +4415,26 @@ packages:
   urlpattern-polyfill@10.1.0:
     resolution: {integrity: sha512-IGjKp/o0NL3Bso1PymYURCJxMPNAf/ILOpendP9f5B6e1rTJgdgiOvgfoT8VxCAdY+Wisb9uhGaJJf3yZ2V9nw==}
 
+  use-callback-ref@1.3.3:
+    resolution: {integrity: sha512-jQL3lRnocaFtu3V00JToYz/4QkNWswxijDaCVNZRiRTO3HQDLsdu1ZtmIUvV4yPp+rvWm5j0y0TG/S61cuijTg==}
+    engines: {node: '>=10'}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
+  use-sidecar@1.1.3:
+    resolution: {integrity: sha512-Fedw0aZvkhynoPYlA5WXrMCAMm+nSWdZt6lzJQ7Ok8S6Q+VsHmHpRWndVRJ8Be0ZbkfPc5LRYH+5XrzXcEeLRQ==}
+    engines: {node: '>=10'}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
   util-deprecate@1.0.2:
     resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}
 
@@ -5471,6 +5938,23 @@ snapshots:
       '@eslint/core': 0.17.0
       levn: 0.4.1
 
+  '@floating-ui/core@1.7.5':
+    dependencies:
+      '@floating-ui/utils': 0.2.11
+
+  '@floating-ui/dom@1.7.6':
+    dependencies:
+      '@floating-ui/core': 1.7.5
+      '@floating-ui/utils': 0.2.11
+
+  '@floating-ui/react-dom@2.1.8(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@floating-ui/dom': 1.7.6
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+
+  '@floating-ui/utils@0.2.11': {}
+
   '@humanfs/core@0.19.2':
     dependencies:
       '@humanfs/types': 0.15.0
@@ -5867,6 +6351,335 @@ snapshots:
 
   '@poppinss/exception@1.2.3': {}
 
+  '@radix-ui/number@1.1.2': {}
+
+  '@radix-ui/primitive@1.1.4': {}
+
+  '@radix-ui/react-arrow@1.1.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-collection@1.1.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-compose-refs': 1.1.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-context': 1.1.4(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-slot': 1.2.5(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-compose-refs@1.1.3(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-context@1.1.4(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-dialog@1.1.16(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/primitive': 1.1.4
+      '@radix-ui/react-compose-refs': 1.1.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-context': 1.1.4(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-dismissable-layer': 1.1.12(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-focus-guards': 1.1.4(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-focus-scope': 1.1.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-id': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-portal': 1.1.11(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-presence': 1.1.6(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-slot': 1.2.5(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-controllable-state': 1.2.3(@types/react@19.2.7)(react@19.2.5)
+      aria-hidden: 1.2.6
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+      react-remove-scroll: 2.7.2(@types/react@19.2.7)(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-direction@1.1.2(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-dismissable-layer@1.1.12(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/primitive': 1.1.4
+      '@radix-ui/react-compose-refs': 1.1.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-use-callback-ref': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-escape-keydown': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-focus-guards@1.1.4(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-focus-scope@1.1.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-compose-refs': 1.1.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-use-callback-ref': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-id@1.1.2(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-use-layout-effect': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-popper@1.3.0(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@floating-ui/react-dom': 2.1.8(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-arrow': 1.1.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-compose-refs': 1.1.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-context': 1.1.4(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-use-callback-ref': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-layout-effect': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-rect': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-size': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/rect': 1.1.2
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-portal@1.1.11(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-use-layout-effect': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-presence@1.1.6(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-use-layout-effect': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-primitive@2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-slot': 1.2.5(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-roving-focus@1.1.12(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/primitive': 1.1.4
+      '@radix-ui/react-collection': 1.1.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-compose-refs': 1.1.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-context': 1.1.4(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-direction': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-id': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-use-callback-ref': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-controllable-state': 1.2.3(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-scroll-area@1.2.11(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/number': 1.1.2
+      '@radix-ui/primitive': 1.1.4
+      '@radix-ui/react-compose-refs': 1.1.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-context': 1.1.4(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-direction': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-presence': 1.1.6(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-use-callback-ref': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-layout-effect': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-select@2.3.0(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/number': 1.1.2
+      '@radix-ui/primitive': 1.1.4
+      '@radix-ui/react-collection': 1.1.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-compose-refs': 1.1.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-context': 1.1.4(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-direction': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-dismissable-layer': 1.1.12(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-focus-guards': 1.1.4(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-focus-scope': 1.1.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-id': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-popper': 1.3.0(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-portal': 1.1.11(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-presence': 1.1.6(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-slot': 1.2.5(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-callback-ref': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-controllable-state': 1.2.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-layout-effect': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-previous': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-visually-hidden': 1.2.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      aria-hidden: 1.2.6
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+      react-remove-scroll: 2.7.2(@types/react@19.2.7)(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-separator@1.1.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-slot@1.2.5(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-compose-refs': 1.1.3(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-tabs@1.1.14(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/primitive': 1.1.4
+      '@radix-ui/react-context': 1.1.4(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-direction': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-id': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-presence': 1.1.6(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-roving-focus': 1.1.12(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-use-controllable-state': 1.2.3(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-tooltip@1.2.9(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/primitive': 1.1.4
+      '@radix-ui/react-compose-refs': 1.1.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-context': 1.1.4(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-dismissable-layer': 1.1.12(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-id': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-popper': 1.3.0(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-portal': 1.1.11(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-presence': 1.1.6(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@radix-ui/react-slot': 1.2.5(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-controllable-state': 1.2.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-visually-hidden': 1.2.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/react-use-callback-ref@1.1.2(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-use-controllable-state@1.2.3(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-use-effect-event': 0.0.3(@types/react@19.2.7)(react@19.2.5)
+      '@radix-ui/react-use-layout-effect': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-use-effect-event@0.0.3(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-use-layout-effect': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-use-escape-keydown@1.1.2(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-use-callback-ref': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-use-layout-effect@1.1.2(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-use-previous@1.1.2(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-use-rect@1.1.2(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      '@radix-ui/rect': 1.1.2
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-use-size@1.1.2(@types/react@19.2.7)(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-use-layout-effect': 1.1.2(@types/react@19.2.7)(react@19.2.5)
+      react: 19.2.5
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  '@radix-ui/react-visually-hidden@1.2.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+    dependencies:
+      '@radix-ui/react-primitive': 2.1.5(@types/react-dom@19.2.3(@types/react@19.2.7))(@types/react@19.2.7)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      react: 19.2.5
+      react-dom: 19.2.5(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+      '@types/react-dom': 19.2.3(@types/react@19.2.7)
+
+  '@radix-ui/rect@1.1.2': {}
+
   '@rtsao/scc@1.1.0': {}
 
   '@scure/base@1.2.6': {}
@@ -6507,6 +7320,10 @@ snapshots:
 
   argparse@2.0.1: {}
 
+  aria-hidden@1.2.6:
+    dependencies:
+      tslib: 2.8.1
+
   aria-query@5.3.2: {}
 
   array-buffer-byte-length@1.0.2:
@@ -6729,6 +7546,10 @@ snapshots:
 
   ci-info@4.4.0: {}
 
+  class-variance-authority@0.7.1:
+    dependencies:
+      clsx: 2.1.1
+
   client-only@0.0.1: {}
 
   cliui@9.0.1:
@@ -6749,6 +7570,8 @@ snapshots:
     transitivePeerDependencies:
       - encoding
 
+  clsx@2.1.1: {}
+
   codemirror@6.0.2:
     dependencies:
       '@codemirror/autocomplete': 6.20.2
@@ -6862,6 +7685,8 @@ snapshots:
 
   detect-libc@2.1.2: {}
 
+  detect-node-es@1.1.0: {}
+
   devlop@1.1.0:
     dependencies:
       dequal: 2.0.3
@@ -7479,6 +8304,8 @@ snapshots:
       hasown: 2.0.3
       math-intrinsics: 1.1.0
 
+  get-nonce@1.0.1: {}
+
   get-proto@1.0.1:
     dependencies:
       dunder-proto: 1.0.1
@@ -8512,12 +9339,6 @@ snapshots:
 
   postcss-value-parser@4.2.0: {}
 
-  postcss@8.4.31:
-    dependencies:
-      nanoid: 3.3.12
-      picocolors: 1.1.1
-      source-map-js: 1.2.1
-
   postcss@8.5.12:
     dependencies:
       nanoid: 3.3.12
@@ -8587,6 +9408,33 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  react-remove-scroll-bar@2.3.8(@types/react@19.2.7)(react@19.2.5):
+    dependencies:
+      react: 19.2.5
+      react-style-singleton: 2.2.3(@types/react@19.2.7)(react@19.2.5)
+      tslib: 2.8.1
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  react-remove-scroll@2.7.2(@types/react@19.2.7)(react@19.2.5):
+    dependencies:
+      react: 19.2.5
+      react-remove-scroll-bar: 2.3.8(@types/react@19.2.7)(react@19.2.5)
+      react-style-singleton: 2.2.3(@types/react@19.2.7)(react@19.2.5)
+      tslib: 2.8.1
+      use-callback-ref: 1.3.3(@types/react@19.2.7)(react@19.2.5)
+      use-sidecar: 1.1.3(@types/react@19.2.7)(react@19.2.5)
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  react-style-singleton@2.2.3(@types/react@19.2.7)(react@19.2.5):
+    dependencies:
+      get-nonce: 1.0.1
+      react: 19.2.5
+      tslib: 2.8.1
+    optionalDependencies:
+      '@types/react': 19.2.7
+
   react@19.2.5: {}
 
   read-cache@1.0.0:
@@ -8964,6 +9812,12 @@ snapshots:
 
   supports-preserve-symlinks-flag@1.0.0: {}
 
+  tailwind-merge@3.6.0: {}
+
+  tailwindcss-animate@1.0.7(tailwindcss@3.4.18(yaml@2.8.4)):
+    dependencies:
+      tailwindcss: 3.4.18(yaml@2.8.4)
+
   tailwindcss@3.4.18(yaml@2.8.4):
     dependencies:
       '@alloc/quick-lru': 5.2.0
@@ -9185,6 +10039,21 @@ snapshots:
 
   urlpattern-polyfill@10.1.0: {}
 
+  use-callback-ref@1.3.3(@types/react@19.2.7)(react@19.2.5):
+    dependencies:
+      react: 19.2.5
+      tslib: 2.8.1
+    optionalDependencies:
+      '@types/react': 19.2.7
+
+  use-sidecar@1.1.3(@types/react@19.2.7)(react@19.2.5):
+    dependencies:
+      detect-node-es: 1.1.0
+      react: 19.2.5
+      tslib: 2.8.1
+    optionalDependencies:
+      '@types/react': 19.2.7
+
   util-deprecate@1.0.2: {}
 
   vary@1.1.2: {}
diff --git a/wikibrowser/pnpm-workspace.yaml b/wikibrowser/pnpm-workspace.yaml
index c0ec4775..6dc30b12 100644
--- a/wikibrowser/pnpm-workspace.yaml
+++ b/wikibrowser/pnpm-workspace.yaml
@@ -6,3 +6,9 @@ allowBuilds:
   unrs-resolver@1.11.1: true
   workerd: true
   workerd@1.20260507.1: true
+minimumReleaseAgeExclude:
+  - postcss@8.5.10
+  - ws@8.20.1
+overrides:
+  postcss: 8.5.12
+  ws: 8.20.1
diff --git a/wikibrowser/scripts/candid-shapes.mjs b/wikibrowser/scripts/candid-shapes.mjs
index 5280d10f..91714cc4 100644
--- a/wikibrowser/scripts/candid-shapes.mjs
+++ b/wikibrowser/scripts/candid-shapes.mjs
@@ -57,6 +57,205 @@ export const expectedTypes = {
       min_expected_cycles: "nat64"
     }
   },
+  KinicBalance: { kind: "record", fields: { balance_e8s: "nat64" } },
+  KinicPendingOperation: {
+    kind: "record",
+    fields: {
+      status: "text",
+      kind: "text",
+      operation_id: "nat64",
+      created_at_ms: "int64",
+      amount_e8s: "nat64",
+      required_action: "text",
+      ledger_block_index: "opt nat64",
+      caller: "text"
+    }
+  },
+  KinicPendingOperationsPageRequest: {
+    kind: "record",
+    fields: { cursor_operation_id: "opt nat64", limit: "nat32" }
+  },
+  KinicPendingOperationsPage: {
+    kind: "record",
+    fields: {
+      operations: "vec KinicPendingOperation",
+      next_cursor_operation_id: "opt nat64"
+    }
+  },
+  MarketCreateListingRequest: {
+    kind: "record",
+    fields: {
+      llm_summary: "opt text",
+      title: "text",
+      summary_snapshot_revision: "opt text",
+      description: "text",
+      database_id: "text",
+      price_e8s: "nat64",
+      sample_excerpts_json: "text",
+      tags_json: "text"
+    }
+  },
+  KinicDepositRequest: {
+    kind: "record",
+    fields: { amount_e8s: "nat64", expected_fee_e8s: "nat64" }
+  },
+  KinicDepositResult: {
+    kind: "record",
+    fields: { block_index: "nat64", amount_e8s: "nat64", balance_e8s: "nat64" }
+  },
+  KinicFundDatabaseCyclesRequest: {
+    kind: "record",
+    fields: {
+      payment_amount_e8s: "nat64",
+      database_id: "text",
+      min_expected_cycles: "nat64"
+    }
+  },
+  KinicFundDatabaseCyclesResult: {
+    kind: "record",
+    fields: {
+      database_balance_cycles: "nat64",
+      payment_amount_e8s: "nat64",
+      kinic_balance_e8s: "nat64",
+      amount_cycles: "nat64"
+    }
+  },
+  MarketEntitlement: {
+    kind: "record",
+    fields: {
+      status: "text",
+      purchased_at_ms: "int64",
+      database_id: "text",
+      buyer_principal: "text",
+      order_id: "text",
+      listing_id: "text"
+    }
+  },
+  MarketEntitlementPage: {
+    kind: "record",
+    fields: { next_cursor: "opt text", entitlements: "vec MarketEntitlement" }
+  },
+  MarketListing: {
+    kind: "record",
+    fields: {
+      status: "MarketListingStatus",
+      llm_summary: "opt text",
+      title: "text",
+      summary_snapshot_revision: "opt text",
+      report_count: "nat64",
+      description: "text",
+      updated_at_ms: "int64",
+      created_at_ms: "int64",
+      seller_principal: "text",
+      purchase_count: "nat64",
+      database_id: "text",
+      listing_id: "text",
+      price_e8s: "nat64",
+      revision: "nat64",
+      sample_excerpts_json: "text",
+      tags_json: "text"
+    }
+  },
+  MarketCategoryGraph: {
+    kind: "record",
+    fields: { nodes: "vec MarketCategoryGraphNode", edges: "vec MarketCategoryGraphEdge" }
+  },
+  MarketCategoryGraphEdge: {
+    kind: "record",
+    fields: { source_category: "text", target_category: "text", link_count: "nat64" }
+  },
+  MarketCategoryGraphNode: {
+    kind: "record",
+    fields: { node_count: "nat64", category: "text" }
+  },
+  MarketListingDetail: {
+    kind: "record",
+    fields: {
+      listing: "MarketListing",
+      preview: "MarketListingPreview",
+      verified_stats: "MarketListingVerifiedStats"
+    }
+  },
+  MarketListingPage: {
+    kind: "record",
+    fields: { listings: "vec MarketListing", next_cursor: "opt text" }
+  },
+  MarketListingPreview: {
+    kind: "record",
+    fields: {
+      top_level_paths: "vec text",
+      excerpts: "vec MarketPreviewExcerpt",
+      category_graph: "MarketCategoryGraph",
+      preview_stale: "bool"
+    }
+  },
+  MarketListingStatus: {
+    kind: "variant",
+    cases: { Paused: "null", Active: "null", Draft: "null" }
+  },
+  MarketListingVerifiedStats: {
+    kind: "record",
+    fields: {
+      source_chars: "nat64",
+      total_nodes: "nat64",
+      logical_size_bytes: "nat64",
+      link_edges: "nat64",
+      wiki_nodes: "nat64",
+      source_nodes: "nat64",
+      markdown_chars: "nat64",
+      last_content_updated_at_ms: "opt int64",
+      folder_nodes: "nat64"
+    }
+  },
+  MarketOrder: {
+    kind: "record",
+    fields: {
+      created_at_ms: "int64",
+      seller_principal: "text",
+      database_id: "text",
+      buyer_principal: "text",
+      order_id: "text",
+      listing_id: "text",
+      price_e8s: "nat64",
+      listing_revision: "nat64"
+    }
+  },
+  MarketOrderPage: {
+    kind: "record",
+    fields: { orders: "vec MarketOrder", next_cursor: "opt text" }
+  },
+  MarketPurchasePreview: {
+    kind: "record",
+    fields: {
+      already_entitled: "bool",
+      buyer_balance_e8s: "nat64",
+      database_id: "text",
+      listing_id: "text",
+      price_e8s: "nat64"
+    }
+  },
+  MarketPurchaseRequest: {
+    kind: "record",
+    fields: { listing_id: "text", price_e8s: "nat64" }
+  },
+  MarketPreviewExcerpt: {
+    kind: "record",
+    fields: { path: "text", etag: "text", excerpt: "text" }
+  },
+  MarketUpdateListingRequest: {
+    kind: "record",
+    fields: {
+      llm_summary: "opt text",
+      title: "text",
+      summary_snapshot_revision: "opt text",
+      description: "text",
+      listing_id: "text",
+      price_e8s: "nat64",
+      expected_revision: "nat64",
+      sample_excerpts_json: "text",
+      tags_json: "text"
+    }
+  },
   Icrc21ConsentMessageMetadata: {
     kind: "record",
     fields: { utc_offset_minutes: "opt int16", language: "text" }
@@ -331,9 +530,22 @@ export const expectedTypes = {
   ResultCyclesPurchase: { kind: "variant", cases: { Ok: "CyclesPurchaseResult", Err: "text" } },
   ResultCyclesEntries: { kind: "variant", cases: { Ok: "DatabaseCycleEntryPage", Err: "text" } },
   ResultCyclesPendingPurchases: { kind: "variant", cases: { Ok: "vec DatabaseCyclesPendingPurchase", Err: "text" } },
+  ResultKinicBalance: { kind: "variant", cases: { Ok: "KinicBalance", Err: "text" } },
+  ResultKinicPendingOperations: { kind: "variant", cases: { Ok: "KinicPendingOperationsPage", Err: "text" } },
+  ResultKinicDeposit: { kind: "variant", cases: { Ok: "KinicDepositResult", Err: "text" } },
+  ResultKinicFundDatabaseCycles: { kind: "variant", cases: { Ok: "KinicFundDatabaseCyclesResult", Err: "text" } },
+  ResultMarketEntitlementPage: { kind: "variant", cases: { Ok: "MarketEntitlementPage", Err: "text" } },
+  ResultMarketListing: { kind: "variant", cases: { Ok: "MarketListing", Err: "text" } },
+  ResultMarketListingDetail: { kind: "variant", cases: { Ok: "MarketListingDetail", Err: "text" } },
+  ResultMarketListings: { kind: "variant", cases: { Ok: "vec MarketListing", Err: "text" } },
+  ResultMarketListingPage: { kind: "variant", cases: { Ok: "MarketListingPage", Err: "text" } },
+  ResultMarketOrder: { kind: "variant", cases: { Ok: "MarketOrder", Err: "text" } },
+  ResultMarketOrderPage: { kind: "variant", cases: { Ok: "MarketOrderPage", Err: "text" } },
+  ResultMarketPurchasePreview: { kind: "variant", cases: { Ok: "MarketPurchasePreview", Err: "text" } },
   ResultCreateDatabase: { kind: "variant", cases: { Ok: "CreateDatabaseResult", Err: "text" } },
   ResultDatabases: { kind: "variant", cases: { Ok: "vec DatabaseSummary", Err: "text" } },
   ResultMembers: { kind: "variant", cases: { Ok: "vec DatabaseMember", Err: "text" } },
+  ResultNat64: { kind: "variant", cases: { Ok: "nat64", Err: "text" } },
   ResultUnit: { kind: "variant", cases: { Ok: "null", Err: "text" } },
   ResultWriteNode: { kind: "variant", cases: { Ok: "WriteNodeResult", Err: "text" } },
   ResultDeleteNode: { kind: "variant", cases: { Ok: "DeleteNodeResult", Err: "text" } },
@@ -433,28 +645,41 @@ export const didTypeAliases = {
   OpsAnswerSessionCheckRequest: "OpsAnswerSessionRequest",
   RenameDatabaseRequest: "CreateDatabaseResult",
   UrlIngestTriggerSessionRequest: "OpsAnswerSessionRequest",
-  ResultChildren: "Result_12",
+  ResultChildren: "Result_16",
   ResultCyclesBillingConfig: "Result_9",
-  ResultCyclesPurchase: "Result_20",
-  ResultCyclesEntries: "Result_13",
-  ResultCyclesPendingPurchases: "Result_14",
+  ResultCyclesPurchase: "Result_33",
+  ResultCyclesEntries: "Result_17",
+  ResultCyclesPendingPurchases: "Result_18",
+  ResultKinicBalance: "Result_14",
+  ResultKinicPendingOperations: "Result_15",
+  ResultKinicDeposit: "Result_12",
+  ResultKinicFundDatabaseCycles: "Result_13",
+  ResultMarketEntitlementPage: "Result_26",
+  ResultMarketListing: "Result_23",
+  ResultMarketListingDetail: "Result_24",
+  ResultMarketListings: "Result_25",
+  ResultMarketListingPage: "Result_27",
+  ResultMarketOrder: "Result_30",
+  ResultMarketOrderPage: "Result_28",
+  ResultMarketPurchasePreview: "Result_29",
   ResultCreateDatabase: "Result_4",
-  ResultDatabases: "Result_16",
+  ResultDatabases: "Result_20",
   ResultDeleteNode: "Result_5",
-  ResultMkdirNode: "Result_18",
-  ResultMoveNode: "Result_19",
-  ResultMembers: "Result_15",
+  ResultMkdirNode: "Result_31",
+  ResultMoveNode: "Result_32",
+  ResultMembers: "Result_19",
+  ResultNat64: "Result_22",
   ResultUnit: "Result_1",
   ResultWriteNode: "Result",
   ResultLinks: "Result_11",
-  ResultNode: "Result_24",
-  ResultNodeContext: "Result_25",
-  ResultQueryContext: "Result_21",
-  ResultSearch: "Result_26",
-  ResultStorageBillingBatch: "Result_27",
-  ResultSourceEvidence: "Result_28",
+  ResultNode: "Result_37",
+  ResultNodeContext: "Result_38",
+  ResultQueryContext: "Result_34",
+  ResultSearch: "Result_39",
+  ResultStorageBillingBatch: "Result_40",
+  ResultSourceEvidence: "Result_41",
   ResultOpsAnswerSessionCheck: "Result_3",
-  ResultWriteSourceForGeneration: "Result_30"
+  ResultWriteSourceForGeneration: "Result_43"
 };
 
 export const expectedMethods = {
@@ -481,6 +706,22 @@ export const expectedMethods = {
   list_database_cycles_pending_purchases: { input: ["text"], output: "ResultCyclesPendingPurchases", mode: "query" },
   list_databases: { input: [], output: "ResultDatabases", mode: "query" },
   list_database_members: { input: ["text"], output: "ResultMembers", mode: "query" },
+  market_count_active_entitlements: { input: ["text"], output: "ResultNat64", mode: "query" },
+  market_create_listing: { input: ["MarketCreateListingRequest"], output: "ResultMarketListing", mode: "update" },
+  kinic_deposit_balance: { input: ["KinicDepositRequest"], output: "ResultKinicDeposit", mode: "update" },
+  kinic_fund_database_cycles: { input: ["KinicFundDatabaseCyclesRequest"], output: "ResultKinicFundDatabaseCycles", mode: "update" },
+  kinic_get_balance: { input: [], output: "ResultKinicBalance", mode: "query" },
+  market_get_listing: { input: ["text"], output: "ResultMarketListingDetail", mode: "query" },
+  market_list_database_listings: { input: ["text"], output: "ResultMarketListings", mode: "query" },
+  market_list_entitlements: { input: ["opt text", "nat32"], output: "ResultMarketEntitlementPage", mode: "query" },
+  market_list_listings: { input: ["opt text", "nat32"], output: "ResultMarketListingPage", mode: "query" },
+  market_list_orders: { input: ["opt text", "nat32"], output: "ResultMarketOrderPage", mode: "query" },
+  kinic_list_pending_operations: { input: ["KinicPendingOperationsPageRequest"], output: "ResultKinicPendingOperations", mode: "query" },
+  market_pause_listing: { input: ["text"], output: "ResultMarketListing", mode: "update" },
+  market_preview_purchase: { input: ["text"], output: "ResultMarketPurchasePreview", mode: "query" },
+  market_publish_listing: { input: ["text"], output: "ResultMarketListing", mode: "update" },
+  market_purchase_access: { input: ["MarketPurchaseRequest"], output: "ResultMarketOrder", mode: "update" },
+  market_update_listing: { input: ["MarketUpdateListingRequest"], output: "ResultMarketListing", mode: "update" },
   memory_manifest: { input: [], output: "MemoryManifest", mode: "query" },
   mkdir_node: { input: ["MkdirNodeRequest"], output: "ResultMkdirNode", mode: "update" },
   move_node: { input: ["MoveNodeRequest"], output: "ResultMoveNode", mode: "update" },
diff --git a/wikibrowser/scripts/check-auth.mjs b/wikibrowser/scripts/check-auth.mjs
index a00a746c..43addde8 100644
--- a/wikibrowser/scripts/check-auth.mjs
+++ b/wikibrowser/scripts/check-auth.mjs
@@ -2,12 +2,57 @@ import assert from "node:assert/strict";
 import { readFileSync } from "node:fs";
 import ts from "typescript";
 
-const { AUTH_CLIENT_CREATE_OPTIONS, DELEGATION_TTL_NS, DERIVATION_ORIGIN } = await importTs("../lib/auth.ts");
+const {
+  AUTH_CLIENT_CREATE_OPTIONS,
+  DELEGATION_TTL_NS,
+  DERIVATION_ORIGIN,
+  MAINNET_II_PROVIDER_URL,
+  identityProviderUrl,
+  derivationOriginUrl
+} = await importTs("../lib/auth.ts");
 
 assert.equal(DELEGATION_TTL_NS, 29n * 24n * 3_600_000_000_000n);
 assert.equal(AUTH_CLIENT_CREATE_OPTIONS.idleOptions.idleTimeout, 29 * 24 * 60 * 60 * 1000);
 assert.equal(AUTH_CLIENT_CREATE_OPTIONS.idleOptions.disableDefaultIdleCallback, true);
+assert.equal(identityProviderUrl(), MAINNET_II_PROVIDER_URL);
 assert.equal(DERIVATION_ORIGIN, "https://xis3j-paaaa-aaaai-axumq-cai.icp0.io");
+assert.equal(derivationOriginUrl({ hostname: "wiki.kinic.xyz", origin: "https://wiki.kinic.xyz" }), DERIVATION_ORIGIN);
+
+const originalWikiHost = process.env.NEXT_PUBLIC_WIKI_IC_HOST;
+const originalCanisterId = process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID;
+const originalIiProviderUrl = process.env.NEXT_PUBLIC_II_PROVIDER_URL;
+const originalLocalIiE2e = process.env.NEXT_PUBLIC_ENABLE_LOCAL_II_E2E;
+process.env.NEXT_PUBLIC_II_PROVIDER_URL = "http://id.ai.localhost:8011";
+assert.equal(identityProviderUrl(), MAINNET_II_PROVIDER_URL);
+process.env.NEXT_PUBLIC_WIKI_IC_HOST = "http://127.0.0.1:8011";
+process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID = "tz2ag-zx777-77776-aaabq-cai";
+assert.equal(
+  derivationOriginUrl({ hostname: "127.0.0.1", origin: "http://127.0.0.1:3100" }),
+  DERIVATION_ORIGIN
+);
+process.env.NEXT_PUBLIC_ENABLE_LOCAL_II_E2E = "1";
+assert.equal(identityProviderUrl(), "http://id.ai.localhost:8011");
+assert.equal(
+  derivationOriginUrl({ hostname: "127.0.0.1", origin: "http://127.0.0.1:3100" }),
+  "http://tz2ag-zx777-77776-aaabq-cai.localhost:8011"
+);
+assert.equal(
+  derivationOriginUrl({ hostname: "localhost", origin: "http://localhost:3100" }),
+  "http://tz2ag-zx777-77776-aaabq-cai.localhost:8011"
+);
+assert.equal(
+  derivationOriginUrl({ hostname: "localhost", origin: "http://localhost:3010" }),
+  "http://tz2ag-zx777-77776-aaabq-cai.localhost:8011"
+);
+process.env.NEXT_PUBLIC_WIKI_IC_HOST = "https://icp0.io";
+assert.equal(
+  derivationOriginUrl({ hostname: "127.0.0.1", origin: "http://127.0.0.1:3100" }),
+  DERIVATION_ORIGIN
+);
+restoreEnv("NEXT_PUBLIC_WIKI_IC_HOST", originalWikiHost);
+restoreEnv("NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID", originalCanisterId);
+restoreEnv("NEXT_PUBLIC_II_PROVIDER_URL", originalIiProviderUrl);
+restoreEnv("NEXT_PUBLIC_ENABLE_LOCAL_II_E2E", originalLocalIiE2e);
 
 console.log("Auth checks OK");
 
@@ -23,3 +68,11 @@ async function importTs(relativePath) {
   const moduleUrl = `data:text/javascript;base64,${Buffer.from(compiled).toString("base64")}`;
   return import(moduleUrl);
 }
+
+function restoreEnv(name, value) {
+  if (value === undefined) {
+    delete process.env[name];
+    return;
+  }
+  process.env[name] = value;
+}
diff --git a/wikibrowser/scripts/check-candid-drift.mjs b/wikibrowser/scripts/check-candid-drift.mjs
index dc39e84c..0ac9fd04 100644
--- a/wikibrowser/scripts/check-candid-drift.mjs
+++ b/wikibrowser/scripts/check-candid-drift.mjs
@@ -204,28 +204,8 @@ function normalizeBlobAlias(value) {
 
 function normalizeResultAlias(value) {
   const normalized = normalizeShape(value).replace(/,$/, "").trim();
-  if (normalized === "Result_10") return "ResultLinks";
-  if (normalized === "Result_11") return "ResultLinks";
-  if (normalized === "Result_12") return "ResultChildren";
-  if (normalized === "Result_13") return "ResultCyclesEntries";
-  if (normalized === "Result_14") return "ResultCyclesPendingPurchases";
-  if (normalized === "Result_15") return "ResultMembers";
-  if (normalized === "Result_16") return "ResultDatabases";
-  if (normalized === "Result_1") return "ResultUnit";
-  if (normalized === "Result_4") return "ResultCreateDatabase";
-  if (normalized === "Result_5") return "ResultDeleteNode";
-  if (normalized === "Result_18") return "ResultMkdirNode";
-  if (normalized === "Result_19") return "ResultMoveNode";
-  if (normalized === "Result_20") return "ResultCyclesPurchase";
-  if (normalized === "Result_21") return "ResultQueryContext";
-  if (normalized === "Result_24") return "ResultNode";
-  if (normalized === "Result_25") return "ResultNodeContext";
-  if (normalized === "Result_26") return "ResultSearch";
-  if (normalized === "Result_27") return "ResultStorageBillingBatch";
-  if (normalized === "Result_28") return "ResultSourceEvidence";
-  if (normalized === "Result_3") return "ResultOpsAnswerSessionCheck";
-  if (normalized === "Result_30") return "ResultWriteSourceForGeneration";
-  if (normalized === "Result_9") return "ResultCyclesBillingConfig";
+  const alias = Object.entries(didTypeAliases).find(([, didName]) => didName === normalized)?.[0];
+  if (alias) return alias;
   if (normalized === "Result") return "ResultWriteNode";
   return normalized;
 }
diff --git a/wikibrowser/scripts/check-cycles-wallet.mjs b/wikibrowser/scripts/check-cycles-wallet.mjs
index 45b0140d..c2fb1436 100644
--- a/wikibrowser/scripts/check-cycles-wallet.mjs
+++ b/wikibrowser/scripts/check-cycles-wallet.mjs
@@ -15,7 +15,13 @@ let lastConfigCanister = null;
 let ledgerAllowanceMock = { allowance: 0n, expires_at: [] };
 let approveCalls = 0;
 let purchaseCalls = 0;
+let kinicDepositCalls = 0;
+let marketPurchaseCalls = 0;
+let identityKinicDepositCalls = 0;
 let lastApproveArgs = null;
+let lastKinicDepositRequest = null;
+let lastMarketPurchaseRequest = null;
+let lastIdentityKinicDeposit = null;
 const ledgerActorMock = {
   icrc1_balance_of: async (account) => {
     lastBalanceAccount = account;
@@ -32,6 +38,27 @@ const vfsActorMock = {
   purchase_database_cycles: async () => {
     purchaseCalls += 1;
     return { Ok: { block_index: 7n, amount_cycles: 1000n, balance_cycles: 2000n } };
+  },
+  kinic_deposit_balance: async (request) => {
+    kinicDepositCalls += 1;
+    lastKinicDepositRequest = request;
+    return { Ok: { block_index: 9n, amount_e8s: request.amount_e8s, balance_e8s: 300_000_000n } };
+  },
+  market_purchase_access: async (request) => {
+    marketPurchaseCalls += 1;
+    lastMarketPurchaseRequest = request;
+    return {
+      Ok: {
+        order_id: "order_1",
+        listing_id: request.listing_id,
+        database_id: "db_market",
+        buyer_principal: "plug-principal",
+        seller_principal: "seller-principal",
+        price_e8s: request.price_e8s,
+        listing_revision: 2n,
+        created_at_ms: 123n
+      }
+    };
   }
 };
 const plugMock = {
@@ -41,7 +68,7 @@ const plugMock = {
 };
 
 const walletModule = loadTsModule(
-  "../lib/cycles-wallet.ts",
+  "../lib/kinic-wallet.ts",
   {
     "@dfinity/oisy-wallet-signer/icrc-wallet": { IcrcWallet: class {} },
     "@dfinity/utils": {
@@ -68,45 +95,51 @@ const walletModule = loadTsModule(
       getCyclesBillingConfig: async (canisterId) => {
         lastConfigCanister = canisterId;
         return { kinicLedgerCanisterId: "ledger", cyclesPerKinic: "1000" };
+      },
+      kinicDepositBalance: async (canisterId, identity, amountE8s, expectedFeeE8s) => {
+        identityKinicDepositCalls += 1;
+        lastIdentityKinicDeposit = {
+          canisterId,
+          principal: identity.getPrincipal().toText(),
+          amountE8s,
+          expectedFeeE8s
+        };
+        return { blockIndex: "19", amountE8s, balanceE8s: "400000000" };
       }
     },
     "@/lib/vfs-idl": { idlFactory: () => ({}) },
     "@/lib/cycles": {
+      cyclesForPaymentAmountE8s: (amountE8s, cyclesPerKinic) => (amountE8s * cyclesPerKinic) / 100_000_000n,
       formatRawCycles: (value) => value.toString(),
       KINIC_LEDGER_FEE_E8S: 100_000n,
       MAX_CANISTER_I64: 9_223_372_036_854_775_807n,
       MAX_LEDGER_U64: 18_446_744_073_709_551_615n,
-      kinicBaseUnitsPerToken: () => 100_000_000n
     },
     "@/lib/kinic-amount": { formatTokenAmountFromE8s }
   },
-  "Object.assign(exports, { __test: { allowanceForCyclesPurchase, assertCanisterPaymentAmountE8s, assertConfiguredCyclesCanister, cyclesForPaymentAmountE8s, purchaseAfterApprove, decodeOisyCyclesPurchaseResult, formatLedgerApproveError } });"
+  "Object.assign(exports, { __test: { allowanceForKinicTransfer, assertCanisterPaymentAmountE8s, assertConfiguredCyclesCanister, callAfterApprove, decodeOisyCyclesPurchaseResult, decodeOisyKinicDepositResult, decodeOisyMarketPurchaseResult, formatLedgerApproveError } });"
 );
 const walletTest = walletModule.__test;
 
-assert.equal(walletTest.allowanceForCyclesPurchase(100_000_000n, 100_000n), 100_100_000n);
+assert.equal(walletTest.allowanceForKinicTransfer(100_000_000n, 100_000n), 100_100_000n);
 assert.throws(() => walletTest.assertCanisterPaymentAmountE8s(9_223_372_036_854_775_808n), /KINIC amount e8s exceeds canister limit/);
-assert.throws(() => walletTest.allowanceForCyclesPurchase(18_446_744_073_709_551_615n, 1n), /approved allowance exceeds u64::MAX/);
-assert.throws(
-  () => walletTest.cyclesForPaymentAmountE8s(9_223_372_036_854_775_807n, 200_000_000n),
-  /cycles purchase amount exceeds canister limit/
-);
+assert.throws(() => walletTest.allowanceForKinicTransfer(18_446_744_073_709_551_615n, 1n), /approved allowance exceeds u64::MAX/);
 assert.throws(() => walletTest.assertConfiguredCyclesCanister("aaaaa-aa"), /NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID is not configured/);
 walletModule.__context.process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID = "aaaaa-aa";
 assert.throws(() => walletTest.assertConfiguredCyclesCanister("bbbbb-bb"), /VFS canister does not match NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID/);
 await assert.rejects(
-  () => walletTest.purchaseAfterApprove(async () => {
+  () => walletTest.callAfterApprove(async () => {
     throw new Error("purchase rejected");
   }, { approveBlockIndex: "11", expiresAt: 1_700_000_000_000_000_000n }),
-  /cycles purchase failed after approval; approval remains until .*purchase rejected/
+  /KINIC canister call failed after approval; approval remains until .*purchase rejected/
 );
 await assert.rejects(
-  () => walletTest.purchaseAfterApprove(async () => {
+  () => walletTest.callAfterApprove(async () => {
     throw new Error("purchase rejected");
   }, { approveBlockIndex: null, expiresAt: null }),
-  /cycles purchase failed after approval; approval remains without expiry: purchase rejected/
+  /KINIC canister call failed after approval; approval remains without expiry: purchase rejected/
 );
-await walletTest.purchaseAfterApprove(async () => "ok", { approveBlockIndex: "11", expiresAt: 1_700_000_000_000_000_000n });
+await walletTest.callAfterApprove(async () => "ok", { approveBlockIndex: "11", expiresAt: 1_700_000_000_000_000_000n });
 assert.equal(
   walletTest.formatLedgerApproveError({ InsufficientFunds: { balance: 100_000n } }),
   "InsufficientFunds: balance 0.001 KINIC"
@@ -191,6 +224,55 @@ await walletModule.purchaseCyclesWithPlug(
 );
 assert.equal(approveCalls, 1);
 
+ledgerAllowanceMock = { allowance: 0n, expires_at: [] };
+approveCalls = 0;
+kinicDepositCalls = 0;
+lastKinicDepositRequest = null;
+const kinicDeposit = await walletModule.depositKinicBalanceWithPlug(
+  { canisterId: "aaaaa-aa", amountE8s: 200_000_000n },
+  { principal: "plug-principal" }
+);
+assert.equal(kinicDeposit.approveBlockIndex, "1");
+assert.equal(kinicDeposit.depositBlockIndex, "9");
+assert.equal(kinicDepositCalls, 1);
+assert.equal(lastKinicDepositRequest.amount_e8s, 200_000_000n);
+assert.equal(lastKinicDepositRequest.expected_fee_e8s, 100_000n);
+
+ledgerAllowanceMock = { allowance: 0n, expires_at: [] };
+approveCalls = 0;
+identityKinicDepositCalls = 0;
+lastIdentityKinicDeposit = null;
+const identityDeposit = await walletModule.depositKinicBalanceWithIdentity(
+  { canisterId: "aaaaa-aa", amountE8s: 300_000_000n },
+  { getPrincipal: () => ({ toText: () => "ii-principal" }) }
+);
+assert.equal(identityDeposit.provider, "ii");
+assert.equal(identityDeposit.approveBlockIndex, "1");
+assert.equal(identityDeposit.depositBlockIndex, "19");
+assert.equal(identityDeposit.balanceE8s, "400000000");
+assert.equal(approveCalls, 1);
+assert.equal(identityKinicDepositCalls, 1);
+assert.equal(lastIdentityKinicDeposit.canisterId, "aaaaa-aa");
+assert.equal(lastIdentityKinicDeposit.principal, "ii-principal");
+assert.equal(lastIdentityKinicDeposit.amountE8s, "300000000");
+assert.equal(lastIdentityKinicDeposit.expectedFeeE8s, "100000");
+
+marketPurchaseCalls = 0;
+lastMarketPurchaseRequest = null;
+const marketPurchase = await walletModule.purchaseMarketAccessWithPlug(
+  { canisterId: "aaaaa-aa", listingId: "market1", priceE8s: 50_000_000n },
+  { principal: "plug-principal" }
+);
+assert.equal(marketPurchase.provider, "plug");
+assert.equal(marketPurchase.orderId, "order_1");
+assert.equal(marketPurchase.buyerPrincipal, "plug-principal");
+assert.equal(marketPurchase.priceE8s, "50000000");
+assert.equal(marketPurchase.listingRevision, "2");
+assert.equal(marketPurchaseCalls, 1);
+assert.equal(lastMarketPurchaseRequest.listing_id, "market1");
+assert.equal(lastMarketPurchaseRequest.price_e8s, 50_000_000n);
+assert.equal("expected_revision" in lastMarketPurchaseRequest, false);
+
 cborMock.decoded = { method_name: "write_node" };
 await assert.rejects(
   () => walletTest.decodeOisyCyclesPurchaseResult({
@@ -251,6 +333,18 @@ await assert.rejects(
   /wallet response sender mismatch/
 );
 
+cborMock.decoded = { method_name: "kinic_deposit_balance" };
+await assert.rejects(
+  () => walletTest.decodeOisyMarketPurchaseResult({
+    canisterId: "aaaaa-aa",
+    sender: "bytes:7",
+    method: "market_purchase_access",
+    arg: Buffer.from([1]).toString("base64"),
+    result: { contentMap: "unused", certificate: "unused" }
+  }),
+  /wallet response method mismatch/
+);
+
 const sessionModule = loadTsModule(
   "../app/app-session-provider.tsx",
   {
@@ -265,11 +359,12 @@ const sessionModule = loadTsModule(
     },
     "react/jsx-runtime": { jsx: () => null, jsxs: () => null },
     "@/lib/auth": { AUTH_CLIENT_CREATE_OPTIONS: {}, authLoginOptions: () => ({}) },
-    "@/lib/cycles-wallet": {
+    "@/lib/kinic-wallet": {
       connectOisyWallet: async () => ({ owner: "oisy-principal" }),
       connectPlugWallet: async () => ({ principal: "plug-principal" }),
       getConnectedWalletKinicBalance: async () => "123456789"
-    }
+    },
+    "@/lib/vfs-client": { kinicGetBalance: async () => ({ balanceE8s: "0" }) }
   },
   "Object.assign(exports, { __test: { readStoredWallet, safeSessionStorageGet, safeSessionStorageSet, safeSessionStorageRemove } });"
 );
diff --git a/wikibrowser/scripts/check-cycles.mjs b/wikibrowser/scripts/check-cycles.mjs
index 7b519608..3ab901a6 100644
--- a/wikibrowser/scripts/check-cycles.mjs
+++ b/wikibrowser/scripts/check-cycles.mjs
@@ -8,9 +8,11 @@ const ts = require("typescript");
 
 const page = readFileSync(new URL("../app/cycles/page.tsx", import.meta.url), "utf8");
 const client = readFileSync(new URL("../app/cycles/cycles-client.tsx", import.meta.url), "utf8");
+const dashboardHome = readFileSync(new URL("../app/dashboard/dashboard-home-client.tsx", import.meta.url), "utf8");
 const appHeader = readFileSync(new URL("../app/app-header.tsx", import.meta.url), "utf8");
 const appSession = readFileSync(new URL("../app/app-session-provider.tsx", import.meta.url), "utf8");
-const wallet = readFileSync(new URL("../lib/cycles-wallet.ts", import.meta.url), "utf8");
+const wallet = readFileSync(new URL("../lib/kinic-wallet.ts", import.meta.url), "utf8");
+const cycles = readFileSync(new URL("../lib/cycles.ts", import.meta.url), "utf8");
 const url = readFileSync(new URL("../lib/cycles-url.ts", import.meta.url), "utf8");
 const idl = readFileSync(new URL("../lib/vfs-idl.ts", import.meta.url), "utf8");
 const vfsClient = readFileSync(new URL("../lib/vfs-client.ts", import.meta.url), "utf8");
@@ -18,16 +20,39 @@ const connectOisy = sliceBetween(wallet, "export async function connectOisyWalle
 const connectPlug = sliceBetween(wallet, "export async function connectPlugWallet", "export async function getConnectedWalletKinicBalance");
 const walletBalance = sliceBetween(wallet, "export async function getConnectedWalletKinicBalance", "export async function purchaseCyclesWithOisy");
 const purchaseOisy = sliceBetween(wallet, "export async function purchaseCyclesWithOisy", "export async function purchaseCyclesWithPlug");
-const purchasePlug = sliceBetween(wallet, "export async function purchaseCyclesWithPlug", "function approveParams");
+const purchasePlug = sliceBetween(wallet, "export async function purchaseCyclesWithPlug", "export async function depositKinicBalanceWithOisy");
+const kinicDepositOisy = sliceBetween(wallet, "export async function depositKinicBalanceWithOisy", "export async function depositKinicBalanceWithPlug");
+const kinicDepositPlug = sliceBetween(wallet, "export async function depositKinicBalanceWithPlug", "export async function purchaseMarketAccessWithOisy");
+const marketPurchaseOisy = sliceBetween(wallet, "export async function purchaseMarketAccessWithOisy", "export async function purchaseMarketAccessWithPlug");
+const marketPurchasePlug = sliceBetween(wallet, "export async function purchaseMarketAccessWithPlug", "function approveParams");
+const kinicFundingClient = sliceBetween(client, 'if (paymentSource === "kinic")', "if (!wallet || !selectedProvider) return;");
 
 assert.match(page, /\/cycles/);
 assert.doesNotMatch(page, /canister_id \?\? params\.canisterId/);
 assert.doesNotMatch(page, /amount_e8s \?\? params\.amountE8s/);
 assert.doesNotMatch(page, /params\.kinic|initialKinic/);
 assert.match(page, /parseDatabaseStatus\(first\(params\.status\)\)/);
+assert.doesNotMatch(page, /value === "deleted"/);
 assert.match(client, /purchaseCyclesWithOisy/);
 assert.match(client, /purchaseCyclesWithPlug/);
+assert.match(client, /kinicFundDatabaseCycles/);
+assert.doesNotMatch(client, /fundDatabaseCyclesWithKinicBalanceAndOisy|fundDatabaseCyclesWithKinicBalanceAndPlug/);
+assert.match(client, /Payment source/);
+assert.match(client, /Wallet KINIC/);
+assert.match(client, /KINIC balance/);
 assert.match(client, /useAppSession/);
+assert.match(client, /authClient\.getIdentity\(\)/);
+assert.match(client, /Login with Internet Identity to use KINIC balance/);
+assert.match(kinicFundingClient, /getCyclesBillingConfig\(canisterId\)/);
+assert.match(kinicFundingClient, /cyclesForPaymentAmountE8s\(parsedAmount, BigInt\(config\.cyclesPerKinic\)\)/);
+assert.match(cycles, /export function cyclesForPaymentAmountE8s\(amountE8s: bigint, cyclesPerKinic: bigint\): bigint/);
+assert.match(cycles, /\(amountE8s \* cyclesPerKinic\) \/ kinicBaseUnitsPerToken\(\)/);
+assert.doesNotMatch(kinicFundingClient, /,\s*"0"\s*\)/);
+assert.match(vfsClient, /export async function kinicFundDatabaseCycles/);
+assert.match(dashboardHome, /type FundingProvider = "oisy" \| "plug" \| "ii"/);
+assert.match(dashboardHome, /provider === "ii" \? "funded" : "purchased"/);
+assert.match(dashboardHome, /Internet Identity/);
+assert.match(dashboardHome, /isFundingProvider/);
 assert.match(appHeader, /pathname !== "\/dashboard" && pathname !== "\/cycles"/);
 assert.match(appHeader, /Database cycles purchase/);
 assert.doesNotMatch(appHeader, /<Link[\s\S]*Database dashboard/);
@@ -54,7 +79,8 @@ assert.match(client, /params\.set\("database_id", databaseId\)/);
 assert.match(client, /params\.set\("provider", provider\)/);
 assert.match(client, /params\.set\("kinic", kinic\)/);
 assert.match(client, /params\.set\("cycles", cycles\)/);
-assert.match(client, /const purchaseDisabled = !selectedProvider \|\| Boolean\(error\) \|\| Boolean\(amountError\) \|\| busy/);
+assert.match(client, /paymentSource === "wallet" \? !selectedProvider : authLoading \|\| !authClient \|\| kinicBalancePendingDisabled/);
+assert.match(client, /disabled=\{databaseStatus === "pending"\}/);
 assert.doesNotMatch(client, /function WalletConnect/);
 assert.match(client, /onClick=\{\(\) => void purchase\(\)\}/);
 assert.doesNotMatch(client, /onCycles/);
@@ -63,16 +89,22 @@ assert.match(client, /parseCyclesTarget/);
 assert.doesNotMatch(client, /initialKinic/);
 assert.match(client, /useState\("1"\)/);
 assert.match(client, /KINIC/);
-assert.doesNotMatch(client, /Login with Internet Identity|Notify identity/);
+assert.doesNotMatch(client, /Notify identity/);
 assert.match(wallet, /export async function connectOisyWallet/);
 assert.match(wallet, /export async function connectPlugWallet/);
-assert.match(wallet, /class CyclesPurchaseIcrcWallet extends IcrcWallet/);
-assert.match(wallet, /async callCyclesPurchase\(params: IcrcCallCanisterRequestParams\)/);
+assert.match(wallet, /class KinicIcrcWallet extends IcrcWallet/);
+assert.match(wallet, /async callCanister\(params: IcrcCallCanisterRequestParams\)/);
 assert.match(wallet, /export async function purchaseCyclesWithOisy\(request: CyclesPurchaseRequest, connection: ConnectedOisyWallet\)/);
 assert.match(wallet, /export async function purchaseCyclesWithPlug\(request: CyclesPurchaseRequest, connection: ConnectedPlugWallet\)/);
+assert.match(wallet, /export async function depositKinicBalanceWithOisy\(request: KinicDepositRequest, connection: ConnectedOisyWallet\)/);
+assert.match(wallet, /export async function depositKinicBalanceWithPlug\(request: KinicDepositRequest, connection: ConnectedPlugWallet\)/);
+assert.doesNotMatch(wallet, /export async function fundDatabaseCyclesWithKinicBalanceAndOisy/);
+assert.doesNotMatch(wallet, /export async function fundDatabaseCyclesWithKinicBalanceAndPlug/);
+assert.match(wallet, /export async function purchaseMarketAccessWithOisy\(request: MarketPurchaseRequest, connection: ConnectedOisyWallet\)/);
+assert.match(wallet, /export async function purchaseMarketAccessWithPlug\(request: MarketPurchaseRequest, connection: ConnectedPlugWallet\)/);
 assert.match(connectOisy, /openOisyWallet\(\)/);
 assert.match(connectOisy, /wallet\.accounts\(\)/);
-assert.match(wallet, /async function safeDisconnectOisyWallet\(wallet: CyclesPurchaseIcrcWallet\): Promise<void>/);
+assert.match(wallet, /async function safeDisconnectOisyWallet\(wallet: KinicIcrcWallet\): Promise<void>/);
 assert.match(wallet, /Cleanup failures must not hide connect, approve, or purchase errors\./);
 assert.match(connectOisy, /safeDisconnectOisyWallet\(wallet\)/);
 assert.doesNotMatch(connectOisy, /getCyclesBillingConfig|previewDatabaseCyclesPurchase|whitelist/);
@@ -97,9 +129,9 @@ assert.doesNotMatch(wallet, /previewDatabaseCyclesPurchase/);
 assert.match(wallet, /KINIC_LEDGER_FEE_E8S/);
 assert.match(wallet, /MAX_CANISTER_I64/);
 assert.match(wallet, /MAX_LEDGER_U64/);
-assert.match(wallet, /function allowanceForCyclesPurchase\(amountE8s: bigint, transferFeeE8s: bigint\)/);
+assert.match(wallet, /function allowanceForKinicTransfer\(amountE8s: bigint, transferFeeE8s: bigint\)/);
 assert.match(wallet, /approved allowance exceeds u64::MAX/);
-assert.match(wallet, /cycles purchase amount exceeds canister limit/);
+assert.match(cycles, /cycles purchase amount exceeds canister limit/);
 assert.match(wallet, /KINIC amount e8s exceeds canister limit/);
 assert.doesNotMatch(wallet, /function paymentAmountE8sForCycles/);
 assert.match(wallet, /payment_amount_e8s: paymentAmountE8s/);
@@ -118,23 +150,37 @@ assert.match(wallet, /expected_allowance: \[expectedAllowanceE8s\]/);
 assert.match(wallet, /expires_at: \[expiresAt\]/);
 assert.match(wallet, /approveBlockIndex: string \| null/);
 assert.match(wallet, /APPROVE_EXPIRES_IN_MS = 30 \* 60 \* 1000/);
-assert.match(wallet, /assertConfiguredCyclesCanister\(request\.canisterId\)/);
+assert.match(wallet, /assertConfiguredCyclesCanister\(canisterId\)/);
 assert.match(purchaseOisy, /openOisyWallet\(\)/);
 assert.match(purchaseOisy, /account\.owner !== connection\.owner/);
 assert.match(purchaseOisy, /safeDisconnectOisyWallet\(wallet\)/);
-assert.match(purchaseOisy, /purchaseAfterApprove/);
+assert.match(purchaseOisy, /callAfterApprove/);
+assert.match(kinicDepositOisy, /callAfterApprove/);
 assert.match(wallet, /oisyCallCyclesPurchase\(wallet, connection\.owner, request\.canisterId, prepared\.purchaseRequest\)/);
+assert.match(wallet, /oisyCallKinicDeposit\(wallet, connection\.owner, request\.canisterId, prepared\.depositRequest\)/);
+assert.doesNotMatch(wallet, /oisyCallKinicFundDatabaseCycles/);
+assert.match(wallet, /oisyCallMarketPurchase\(wallet, connection\.owner, request\.canisterId, rawMarketPurchaseRequest\(request\)\)/);
 assert.match(wallet, /sender: owner/);
 assert.match(wallet, /wallet response sender mismatch/);
 assert.match(wallet, /contentMap|Certificate|requestIdOf/);
 assert.match(wallet, /purchase_database_cycles\(prepared\.purchaseRequest\)/);
+assert.match(kinicDepositPlug, /kinic_deposit_balance\(prepared\.depositRequest\)/);
+assert.match(marketPurchasePlug, /market_purchase_access\(rawMarketPurchaseRequest\(request\)\)/);
 assert.match(wallet, /encodeCyclesPurchaseArgs\(request: DatabaseCyclesPurchaseRequest\)/);
+assert.match(wallet, /encodeKinicDepositArgs\(request: KinicDepositCanisterRequest\)/);
+assert.doesNotMatch(wallet, /encodeKinicFundDatabaseCyclesArgs/);
+assert.match(wallet, /encodeMarketPurchaseArgs\(request: MarketPurchaseCanisterRequest\)/);
+assert.match(wallet, /method: "market_purchase_access"/);
+assert.doesNotMatch(wallet, /method: "kinic_fund_database_cycles"/);
 assert.match(wallet, /whitelist: \[request\.canisterId, prepared\.kinicLedgerCanisterId\]/);
+assert.match(marketPurchasePlug, /whitelist: \[request\.canisterId\]/);
+assert.doesNotMatch(marketPurchaseOisy, /approve\(/);
+assert.doesNotMatch(marketPurchasePlug, /icrc2_approve/);
 assert.match(wallet, /function defaultAccount\(owner: string\): LedgerAccount/);
 assert.match(wallet, /DEFAULT_OISY_SIGNER_URL/);
-assert.match(wallet, /cycles purchase failed after approval; \$\{approvalText\}/);
+assert.match(wallet, /KINIC canister call failed after approval; \$\{approvalText\}/);
 assert.match(wallet, /approval remains without expiry/);
-assert.match(wallet, /class CyclesPurchaseAfterApproveError extends Error/);
+assert.match(wallet, /class KinicAfterApproveError extends Error/);
 assert.match(client, /purchased cycles/);
 assert.match(client, /purchasedCycles/);
 assert.match(client, /approved allowance/);
@@ -177,6 +223,13 @@ const cyclesUrlModule = loadTsModule("../lib/cycles-url.ts", {
     kinicBaseUnitsPerToken: () => 100_000_000n
   }
 });
+const cyclesModule = loadTsModule("../lib/cycles.ts", {});
+assert.equal(cyclesModule.cyclesForPaymentAmountE8s(100_000_000n, 234_500_000_000n), 234_500_000_000n);
+assert.throws(() => cyclesModule.cyclesForPaymentAmountE8s(1n, 1n), /KINIC amount is too small for a cycles purchase/);
+assert.throws(
+  () => cyclesModule.cyclesForPaymentAmountE8s(9_223_372_036_854_775_807n, 200_000_000n),
+  /cycles purchase amount exceeds canister limit/
+);
 assert.equal(cyclesUrlModule.parseCyclesTarget(new URLSearchParams("database_id=db_ok-1")).databaseId, "db_ok-1");
 assert.equal(cyclesUrlModule.parseCyclesTarget(new URLSearchParams("databaseId=dbLegacy")).databaseId, "dbLegacy");
 assert.equal(cyclesUrlModule.parseCyclesTarget(new URLSearchParams()), "database_id is required");
@@ -193,8 +246,8 @@ const cyclesStateModule = loadTsModule("../lib/cycles-state.ts", {
   "@/lib/cycles": { formatCycles: (value) => value.toString() }
 });
 assert.equal(cyclesStateModule.databaseCyclesHref({ databaseId: "db_ok-1", status: "active" }), "/cycles?database_id=db_ok-1&status=active");
-assert.equal(cyclesStateModule.databaseCyclesView({ databaseId: "db_deleted", role: "owner", status: "deleted", cyclesBalance: "0", cyclesSuspendedAtMs: null }, { minUpdateCycles: "1" }).writeCyclesAvailable, false);
-assert.equal(cyclesStateModule.databaseCyclesView({ databaseId: "db_deleted", role: "owner", status: "deleted", cyclesBalance: "0", cyclesSuspendedAtMs: null }, { minUpdateCycles: "1" }).purchaseAvailable, false);
+assert.equal(cyclesStateModule.databaseCyclesView({ databaseId: "db_archived", role: "owner", status: "archived", cyclesBalance: "0", cyclesSuspendedAtMs: null }, { minUpdateCycles: "1" }).writeCyclesAvailable, false);
+assert.equal(cyclesStateModule.databaseCyclesView({ databaseId: "db_archived", role: "owner", status: "archived", cyclesBalance: "0", cyclesSuspendedAtMs: null }, { minUpdateCycles: "1" }).purchaseAvailable, false);
 
 const clientModule = loadTsModule(
   "../app/cycles/cycles-client.tsx",
@@ -216,6 +269,10 @@ const clientModule = loadTsModule(
     "react/jsx-runtime": { jsx: () => null, jsxs: () => null },
     "@/app/app-session-provider": {
       useAppSession: () => ({
+        authClient: { getIdentity: () => ({}) },
+        authLoading: false,
+        login: async () => undefined,
+        principal: "ii-principal",
         refreshWalletBalance: async () => undefined,
         wallet: null,
         walletBalanceError: null,
@@ -226,11 +283,25 @@ const clientModule = loadTsModule(
       parseKinicAmountE8sInput: () => 100n,
       parseCyclesTarget: () => ({ databaseId: "db_alpha" })
     },
-    "@/lib/cycles-wallet": {
+    "@/lib/kinic-wallet": {
       purchaseCyclesWithOisy: async () => ({}),
       purchaseCyclesWithPlug: async () => ({})
     },
-    "@/lib/kinic-amount": { formatTokenAmountFromE8s: (value) => String(value) }
+    "@/lib/kinic-amount": { formatTokenAmountFromE8s: (value) => String(value) },
+    "@/lib/cycles": {
+      cyclesForPaymentAmountE8s: (amountE8s, cyclesPerKinic) => (amountE8s * cyclesPerKinic) / 100_000_000n,
+      MAX_CANISTER_I64: 9_223_372_036_854_775_807n,
+      kinicBaseUnitsPerToken: () => 100_000_000n
+    },
+    "@/lib/vfs-client": {
+      getCyclesBillingConfig: async () => ({ cyclesPerKinic: "1000" }),
+      kinicFundDatabaseCycles: async () => ({
+        amountCycles: "1000",
+        databaseBalanceCycles: "1000",
+        kinicBalanceE8s: "0",
+        paymentAmountE8s: "100"
+      })
+    }
   }
 );
 
diff --git a/wikibrowser/scripts/check-dashboard.mjs b/wikibrowser/scripts/check-dashboard.mjs
index 36b5249a..49b63f3c 100644
--- a/wikibrowser/scripts/check-dashboard.mjs
+++ b/wikibrowser/scripts/check-dashboard.mjs
@@ -1,10 +1,15 @@
 import assert from "node:assert/strict";
 import { existsSync, readFileSync } from "node:fs";
+import { createRequire } from "node:module";
+import vm from "node:vm";
+
+const require = createRequire(import.meta.url);
+const ts = require("typescript");
 
 const dashboardClient = readFileSync(new URL("../app/dashboard/dashboard-client.tsx", import.meta.url), "utf8");
 const rootReadme = readFileSync(new URL("../../README.md", import.meta.url), "utf8");
 const dashboardIndex = readFileSync(new URL("../app/dashboard/page.tsx", import.meta.url), "utf8");
-const dashboardRoute = readFileSync(new URL("../app/dashboard/[databaseId]/page.tsx", import.meta.url), "utf8");
+const dashboardRoute = readFileSync(new URL("../app/dashboard/project/[databaseId]/page.tsx", import.meta.url), "utf8");
 const dashboardUi = readFileSync(new URL("../app/dashboard/dashboard-ui.tsx", import.meta.url), "utf8");
 const dashboardActionButton = readFileSync(new URL("../app/dashboard/action-button.tsx", import.meta.url), "utf8");
 const dashboardAccessControl = readFileSync(new URL("../app/dashboard/access-control.ts", import.meta.url), "utf8");
@@ -25,7 +30,7 @@ const homeHeroSection = homePage.slice(homePage.indexOf("<section"), homePage.in
 const dashboardHomeClient = readFileSync(new URL("../app/dashboard/dashboard-home-client.tsx", import.meta.url), "utf8");
 const cyclesState = readFileSync(new URL("../lib/cycles-state.ts", import.meta.url), "utf8");
 const apiErrors = readFileSync(new URL("../lib/api-errors.ts", import.meta.url), "utf8");
-const wikiLayout = readFileSync(new URL("../app/[databaseId]/layout.tsx", import.meta.url), "utf8");
+const wikiLayout = readFileSync(new URL("../app/db/[databaseId]/layout.tsx", import.meta.url), "utf8");
 const canisterEntrypoint = readFileSync(new URL("../../crates/vfs_canister/src/lib.rs", import.meta.url), "utf8");
 const ingestPanel = readFileSync(new URL("../components/ingest-panel.tsx", import.meta.url), "utf8");
 const ingestTriggerRoute = readFileSync(new URL("../app/api/url-ingest/trigger/route.ts", import.meta.url), "utf8");
@@ -33,11 +38,11 @@ const sourceRunRoute = readFileSync(new URL("../app/api/source/run/route.ts", im
 const nextConfig = readFileSync(new URL("../next.config.ts", import.meta.url), "utf8");
 const packageJson = JSON.parse(readFileSync(new URL("../package.json", import.meta.url), "utf8"));
 const urlIngest = readFileSync(new URL("../lib/url-ingest.ts", import.meta.url), "utf8");
-const wikiRoute = readFileSync(new URL("../app/[databaseId]/[[...segments]]/page.tsx", import.meta.url), "utf8");
+const wikiRoute = readFileSync(new URL("../app/db/[databaseId]/[[...segments]]/page.tsx", import.meta.url), "utf8");
 const wikiBrowser = readFileSync(new URL("../components/wiki-browser.tsx", import.meta.url), "utf8");
 const wranglerConfig = readFileSync(new URL("../wrangler.jsonc", import.meta.url), "utf8");
 
-assert.match(homeUi, /href=\{`\/dashboard\/\$\{encodeURIComponent\(database\.databaseId\)\}`\}/);
+assert.match(homeUi, /href=\{`\/dashboard\/project\/\$\{encodeURIComponent\(database\.databaseId\)\}`\}/);
 assert.match(adminHeader, /export function AdminHeader/);
 assert.match(adminHeader, /titleAction\?: ReactNode/);
 assert.match(adminHeader, /titleAction \? <div className="shrink-0">/);
@@ -47,12 +52,26 @@ assert.match(adminHeader, /Kinic Wiki/);
 assert.match(rootLayout, /<AppSessionProvider>/);
 assert.match(rootLayout, /<AppHeader \/>/);
 assert.match(appHeader, /usePathname/);
-assert.match(appHeader, /pathname !== "\/dashboard" && pathname !== "\/cycles"/);
-assert.match(appHeader, /title = pathname === "\/cycles" \? "Database cycles purchase" : "Database dashboard"/);
+assert.match(appHeader, /const isMarketplace = pathname === "\/marketplace" \|\| pathname\.startsWith\("\/marketplace\/"\)/);
+assert.doesNotMatch(appHeader, /isKinic/);
+assert.match(appHeader, /pathname !== "\/dashboard" && pathname !== "\/cycles" && !isMarketplace/);
+assert.match(appHeader, /title = pathname === "\/cycles" \? "Database cycles purchase" : isMarketplace \? "Kinic marketplace" : "Database dashboard"/);
 assert.match(appHeader, /Database dashboard/);
+assert.doesNotMatch(appHeader, /href="\/kinic\/wallet"/);
+assert.match(appHeader, /KinicDepositModal/);
+assert.match(appHeader, /depositKinicBalanceWithIdentity/);
+assert.match(appHeader, /parseDepositAmount/);
+assert.match(appHeader, /aria-label="KINIC balance"/);
+assert.match(appHeader, /: "- KINIC"/);
+assert.match(appHeader, /\? "Unavailable"/);
+assert.match(appHeader, /Deposit KINIC/);
+assert.match(appHeader, /event\.target === event\.currentTarget\) onClose\(\)/);
 assert.doesNotMatch(appHeader, /<Link[\s\S]*Database dashboard/);
 assert.match(appHeader, /<WalletControls/);
 assert.match(appHeader, /<AuthControls/);
+assert.match(appSession, /kinicGetBalance/);
+assert.match(appSession, /refreshKinicBalance/);
+assert.match(appSession, /kinicBalanceLoading/);
 assert.match(homePage, /Kinic Wiki is AI memory for agents/);
 assert.match(homePage, /<code[^>]*>kinic-vfs-cli<\/code> is the primary interface/);
 assert.match(homePage, /import heroImage from "\.\/home-hero\.png";/);
@@ -90,7 +109,7 @@ assert.doesNotMatch(dashboardHomeClient, /<AdminHeader/);
 assert.doesNotMatch(dashboardHomeClient, /href="\/cli"/);
 assert.match(homeUi, /href="\/cli"/);
 assert.match(rootReadme, /db_kva4v2twg6jv/);
-assert.match(rootReadme, /https:\/\/wiki\.kinic\.xyz\/db_kva4v2twg6jv\/Wiki/);
+assert.match(rootReadme, /https:\/\/wiki\.kinic\.xyz\/db\/db_kva4v2twg6jv\/Wiki/);
 assert.match(rootReadme, /Why Kinic Wiki/);
 assert.match(rootReadme, /Vector databases/);
 assert.match(rootReadme, /Chrome extension/);
@@ -126,10 +145,10 @@ assert.match(dashboardClient, /if \(await renameDatabase\(nextName\)\) \{/);
 assert.doesNotMatch(dashboardClient, /unknown database/);
 assert.doesNotMatch(dashboardClient, /useSearchParams/);
 assert.doesNotMatch(dashboardClient, /usePathname/);
+assert.match(dashboardUi, /!props\.busy && event\.target === event\.currentTarget\) props\.onCancel\(\)/);
 
 assert.match(wikiLayout, /<WikiBrowser \/>/);
-assert.match(wikiLayout, /isReservedDatabaseRouteSlug/);
-assert.match(wikiLayout, /notFound\(\)/);
+assert.doesNotMatch(wikiLayout, /isReservedDatabaseRouteSlug|notFound\(\)/);
 for (const origin of [
   "chrome-extension://jcfniiflikojmbfnaoamlbbddlikchaj",
   "chrome-extension://hbnicbmdodpmihmcnfgejcdgbfmemoci",
@@ -165,7 +184,7 @@ assert.equal(packageJson.scripts["e2e:ii"], "scripts/run-ii-e2e.sh");
 assert.equal(packageJson.scripts["e2e:ii:headed"], "scripts/run-ii-e2e.sh --headed");
 assert.equal(packageJson.scripts["e2e:ii:setup"], "../scripts/setup-wikibrowser-ii-e2e.sh");
 assert.match(nextConfig, /NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID/);
-assert.match(nextConfig, /NEXT_PUBLIC_II_PROVIDER_URL/);
+assert.doesNotMatch(nextConfig, /NEXT_PUBLIC_II_PROVIDER_URL/);
 assert.doesNotMatch(nextConfig, /NEXT_PUBLIC_KINIC_WIKI_GENERATOR_URL/);
 assert.match(dashboardHomeClient, /NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID/);
 assert.doesNotMatch(dashboardHomeClient, /createUrlIngestRequest/);
@@ -191,7 +210,71 @@ assert.match(dashboardHomeClient, /params\.get\("database_id"\)/);
 assert.match(dashboardHomeClient, /params\.get\("provider"\)/);
 assert.match(dashboardHomeClient, /params\.get\("kinic"\)/);
 assert.match(dashboardHomeClient, /params\.get\("cycles"\)/);
-assert.match(dashboardHomeClient, /\$\{walletLabel\(provider\)\} purchased \$\{cycles\} cycles for \$\{databaseId\}; paid \$\{kinic\}\./);
+assert.match(dashboardHomeClient, /type FundingProvider = "oisy" \| "plug" \| "ii"/);
+assert.match(dashboardHomeClient, /provider === "ii" \? "funded" : "purchased"/);
+assert.match(dashboardHomeClient, /\$\{fundingProviderLabel\(provider\)\} \$\{verb\} \$\{cycles\} cycles for \$\{databaseId\}; paid \$\{kinic\}\./);
+const dashboardHomeModule = loadTsModule(
+  "../app/dashboard/dashboard-home-client.tsx",
+  {
+    "lucide-react": { Plus: () => null },
+    "next/navigation": { useSearchParams: () => new URLSearchParams() },
+    "react": {
+      useCallback: (run) => run,
+      useEffect: () => undefined,
+      useRef: (initial) => ({ current: initial }),
+      useState: (initial) => [typeof initial === "function" ? initial() : initial, () => undefined]
+    },
+    "react/jsx-runtime": { jsx: () => null, jsxs: () => null },
+    "../app-session-provider": {
+      useAppSession: () => ({
+        authClient: null,
+        authError: null,
+        authReady: true,
+        principal: null,
+        refreshWalletBalance: async () => undefined,
+        setWalletControlsLocked: () => undefined,
+        wallet: null,
+        walletBalance: null,
+        walletBalanceError: null,
+        walletBalanceLoading: false,
+        walletBusyProvider: null
+      })
+    },
+    "../create-database-dialog": { CreateDatabaseDialog: () => null },
+    "../home-ui": { DatabaseBody: () => null, OfficialKinicWikiPanel: () => null, StatusPanel: () => null },
+    "@/lib/cycles": { KINIC_LEDGER_FEE_E8S: 100_000n },
+    "@/lib/cycles-url": { parseKinicAmountE8sInput: () => 100_000_000n },
+    "@/lib/kinic-wallet": {
+      purchaseCyclesWithOisy: async () => ({}),
+      purchaseCyclesWithPlug: async () => ({})
+    },
+    "@/lib/kinic-amount": { formatTokenAmountFromE8s: (value) => `${value} KINIC` },
+    "@/lib/vfs-client": {
+      createDatabaseAuthenticated: async () => ({ database_id: "db_ok-1" }),
+      getCyclesBillingConfig: async () => ({}),
+      listDatabasesAuthenticated: async () => [],
+      listDatabasesPublic: async () => []
+    }
+  },
+  "Object.assign(exports, { __test: { dashboardFundingSuccessMessage } });"
+);
+const dashboardFundingSuccessMessage = dashboardHomeModule.__test.dashboardFundingSuccessMessage;
+assert.equal(
+  dashboardFundingSuccessMessage(new URLSearchParams("funding=success&database_id=db_ok-1&provider=ii&kinic=1.000 KINIC&cycles=234,500,000,000")),
+  "Internet Identity funded 234,500,000,000 cycles for db_ok-1; paid 1.000 KINIC."
+);
+assert.equal(
+  dashboardFundingSuccessMessage(new URLSearchParams("funding=success&database_id=db_ok-1&provider=oisy&kinic=1.000 KINIC&cycles=234,500,000,000")),
+  "OISY purchased 234,500,000,000 cycles for db_ok-1; paid 1.000 KINIC."
+);
+assert.equal(
+  dashboardFundingSuccessMessage(new URLSearchParams("funding=success&database_id=db_ok-1&provider=plug&kinic=1.000 KINIC&cycles=234,500,000,000")),
+  "Plug purchased 234,500,000,000 cycles for db_ok-1; paid 1.000 KINIC."
+);
+assert.equal(
+  dashboardFundingSuccessMessage(new URLSearchParams("funding=success&database_id=db_ok-1&provider=bad&kinic=1.000 KINIC&cycles=234,500,000,000")),
+  null
+);
 assert.match(apiErrors, /wiki_api_version_mismatch/);
 assert.match(apiErrors, /Wiki VFS API response unavailable\./);
 assert.match(apiErrors, /CandidDecodeError\|Cannot find field hash\|subtype\|type mismatch\|variant, expected fields/);
@@ -288,6 +371,7 @@ assert.match(createDatabaseDialog, /role="dialog"/);
 assert.match(createDatabaseDialog, /aria-modal="true"/);
 assert.match(createDatabaseDialog, /id="database-name-input"/);
 assert.match(createDatabaseDialog, /disabled=\{createDisabled\}/);
+assert.match(createDatabaseDialog, /!creating && event\.target === event\.currentTarget\) onCancel\(\)/);
 assert.match(createDatabaseDialog, /requiredBalanceLabel: string/);
 assert.match(createDatabaseDialog, /Connect a wallet with at least \{requiredBalanceLabel\} before creating\./);
 assert.match(createDatabaseDialog, /New databases are created pending, not active, until the first purchase completes\./);
@@ -346,16 +430,16 @@ assert.doesNotMatch(homeUi, /formatCycleBalance\(balance\) \+ " cycles"/);
 assert.doesNotMatch(homeUi, /databaseCyclesView\(database, cyclesConfig\)\.summary/);
 assert.match(homeUi, /<Link className="font-semibold text-accent no-underline hover:underline" href=\{openDatabaseHref\(database\)\}>/);
 assert.doesNotMatch(homeUi, /<DatabaseActionLink href=\{openDatabaseHref\(database\)\} icon=\{<BookOpen aria-hidden size=\{14\} \/>} label="Open" \/>/);
-assert.match(homeUi, /\/dashboard\/\$\{encodeURIComponent\(database\.databaseId\)\}/);
+assert.match(homeUi, /\/dashboard\/project\/\$\{encodeURIComponent\(database\.databaseId\)\}/);
 assert.doesNotMatch(homeUi, /active && mode === "member" && database\.publicReadable/);
 assert.match(homeUi, /active && database\.publicReadable \? <ShareDatabaseLink database=\{database\} \/>/);
 assert.doesNotMatch(homeUi, /label="Registry"/);
 assert.match(homeUi, /label="Top up"/);
 assert.doesNotMatch(homeUi, /<DatabaseActionLink[^>\n]*label="Cycles"/);
-assert.match(homeUi, /href=\{`\/dashboard\/\$\{encodeURIComponent\(databaseId\)\}`\}/);
+assert.match(homeUi, /href=\{`\/dashboard\/project\/\$\{encodeURIComponent\(databaseId\)\}`\}/);
 assert.match(homeUi, /Manage reservation/);
 assert.doesNotMatch(homeUi, /read=anonymous/);
-assert.match(homeUi, /return `\/\$\{encodeURIComponent\(database\.databaseId\)\}\/Wiki`;/);
+assert.match(homeUi, /return publicDatabasePath\(database\.databaseId\);/);
 assert.match(wikiBrowser, /"ingest"/);
 assert.match(wikiBrowser, /<IngestPanel/);
 assert.match(wikiBrowser, /databaseCyclesError=\{currentDatabaseCycleReason\}/);
@@ -440,6 +524,7 @@ assert.doesNotMatch(dashboardDangerZone, /pendingOperationCount|hasPendingOperat
 assert.match(dashboardDangerZone, /typedDatabaseId === props\.databaseId/);
 assert.match(dashboardDangerZone, /const deleteDisabled = props\.busy/);
 assert.match(dashboardDangerZone, /disabled=\{props\.busy \|\| !deleteConfirmed\}/);
+assert.match(dashboardDangerZone, /!props\.deleting && event\.target === event\.currentTarget\) props\.onCancel\(\)/);
 assert.match(vfsIdl, /const DeleteDatabaseRequest = idl\.Record/);
 assert.match(vfsIdl, /delete_database: idl\.Func\(\[DeleteDatabaseRequest\], \[ResultUnit\], \[\]\)/);
 assert.doesNotMatch(dashboardHomeClient, /process\.env\.KINIC_WIKI_CANISTER_ID/);
@@ -451,6 +536,7 @@ assert.match(dashboardUi, /Disable public access/);
 assert.match(dashboardUi, /Grant owner access/);
 assert.match(dashboardUi, /Revoke owner access/);
 assert.match(dashboardUi, /ConfirmAclDialog/);
+assert.match(dashboardUi, /!props\.busy && event\.target === event\.currentTarget\) props\.onCancel\(\)/);
 assert.match(dashboardUi, /This will grant \$\{role\} access to principal/);
 assert.match(dashboardUi, /ActionButton/);
 assert.match(dashboardUi, /isRoutableDatabaseId/);
@@ -526,4 +612,31 @@ assert.doesNotMatch(dashboardHomeClient, /setCreatedDatabase/);
 assert.doesNotMatch(dashboardHomeClient, /setDatabases\(\[\]\);\n    setCreatedDatabaseId\(null\);\n    setError\(null\);\n    setWarning\(null\);\n    setLoadState\("idle"\);/);
 assert.match(dashboardClient, /refreshSeqRef\.current \+= 1;\n    cyclesHistorySeqRef\.current \+= 1;\n    await authClient\.logout/);
 
+function loadTsModule(relativePath, mocks, append = "") {
+  const source = readFileSync(new URL(relativePath, import.meta.url), "utf8");
+  const transpiled = ts.transpileModule(`${source}\n${append}`, {
+    compilerOptions: {
+      module: ts.ModuleKind.CommonJS,
+      target: ts.ScriptTarget.ES2022,
+      jsx: ts.JsxEmit.ReactJSX,
+      esModuleInterop: true
+    }
+  }).outputText;
+  const commonjsModule = { exports: {} };
+  const context = {
+    Date,
+    URLSearchParams,
+    console,
+    exports: commonjsModule.exports,
+    module: commonjsModule,
+    process: { env: {} },
+    require: (id) => {
+      if (Object.prototype.hasOwnProperty.call(mocks, id)) return mocks[id];
+      throw new Error(`unexpected module import: ${id}`);
+    }
+  };
+  vm.runInNewContext(transpiled, context, { filename: relativePath });
+  return Object.assign(commonjsModule.exports, { __context: context });
+}
+
 console.log("Dashboard checks OK");
diff --git a/wikibrowser/scripts/check-marketplace.mjs b/wikibrowser/scripts/check-marketplace.mjs
new file mode 100644
index 00000000..3ea66047
--- /dev/null
+++ b/wikibrowser/scripts/check-marketplace.mjs
@@ -0,0 +1,96 @@
+// Where: wikibrowser/scripts/check-marketplace.mjs
+// What: guards marketplace UI wiring with a small static and parser harness.
+// Why: marketplace balance ownership must stay II-principal scoped.
+import assert from "node:assert/strict";
+import { readFileSync } from "node:fs";
+import { createRequire } from "node:module";
+
+const require = createRequire(import.meta.url);
+const ts = require("typescript");
+
+const appHeader = readFileSync(new URL("../app/app-header.tsx", import.meta.url), "utf8");
+const listingDetail = readFileSync(new URL("../app/marketplace/[listingId]/listing-detail-client.tsx", import.meta.url), "utf8");
+const marketplaceLayout = readFileSync(new URL("../app/marketplace/layout.tsx", import.meta.url), "utf8");
+const marketplace = readFileSync(new URL("../app/marketplace/marketplace-client.tsx", import.meta.url), "utf8");
+const marketplaceSeed = readFileSync(new URL("../scripts/seed-marketplace-fixtures.mjs", import.meta.url), "utf8");
+const setupIiE2e = readFileSync(new URL("../../scripts/setup-wikibrowser-ii-e2e.sh", import.meta.url), "utf8");
+const kinicDeposit = await importTs("../lib/kinic-deposit.ts");
+const marketplaceRoutes = await importTs("../lib/marketplace-routes.ts");
+
+assert.match(appHeader, /depositKinicBalanceWithIdentity/);
+assert.match(appHeader, /authClient\.getIdentity\(\)/);
+assert.match(appHeader, /Login with Internet Identity first/);
+assert.match(appHeader, /Enter an amount greater than 0 KINIC/);
+assert.match(appHeader, /Deposit KINIC/);
+assert.match(appHeader, /aria-label="KINIC balance"/);
+assert.doesNotMatch(appHeader, /: "KINIC balance"/);
+assert.doesNotMatch(appHeader, /depositKinicBalanceWithOisy|depositKinicBalanceWithPlug/);
+assert.doesNotMatch(appHeader, /Connect OISY or Plug first/);
+
+assert.match(listingDetail, /marketPurchaseAccess/);
+assert.match(listingDetail, /marketPurchaseAccess\(canisterId, identity, listing\.listingId, listing\.priceE8s\)/);
+assert.match(listingDetail, /refreshKinicBalance/);
+assert.match(listingDetail, /hrefForPath\(canisterId, listing\.databaseId, "\/Wiki"\)/);
+assert.match(listingDetail, /Open database/);
+assert.match(listingDetail, /Verified stats/);
+assert.match(listingDetail, /Contents sample/);
+assert.match(listingDetail, /Relationship graph/);
+assert.match(listingDetail, /Sample excerpts/);
+assert.match(listingDetail, /Login with Internet Identity first/);
+assert.doesNotMatch(listingDetail, /Questions/);
+assert.doesNotMatch(listingDetail, /sampleQuestionsJson|sample_questions_json/);
+assert.doesNotMatch(listingDetail, /kinicGetBalance/);
+assert.doesNotMatch(listingDetail, /purchaseMarketAccessWithOisy|purchaseMarketAccessWithPlug|marketPreviewPurchase/);
+assert.doesNotMatch(listingDetail, /revision \{listing\.revision\}/);
+
+assert.match(marketplaceLayout, /data-tid="marketplace-sidebar"/);
+assert.match(marketplaceLayout, /Filter loaded listings/);
+assert.match(marketplaceLayout, /Sort loaded listings/);
+assert.match(marketplaceLayout, /Max price/);
+assert.match(marketplaceLayout, /inputMode="decimal"/);
+assert.match(marketplaceLayout, /normalizeKinicDecimalInput/);
+assert.doesNotMatch(marketplaceLayout, /top-36/);
+assert.doesNotMatch(marketplaceLayout, /SidebarProvider|SidebarInset|SidebarTrigger/);
+
+assert.match(marketplace, /matching loaded listings/);
+assert.match(marketplace, /parseKinicDecimalToE8s/);
+assert.match(marketplace, /marketListingPath\(listing\.listingId\)/);
+assert.doesNotMatch(marketplace, /parseOptionalBigInt/);
+assert.doesNotMatch(marketplace, /\/kinic\/wallet/);
+assert.doesNotMatch(marketplace, /href=\{`\/marketplace\/\$\{listing\.listingId\}`\}/);
+assert.doesNotMatch(marketplace, /placeholder="Search"/);
+
+assert.match(marketplaceSeed, /purchase_database_cycles/);
+assert.match(marketplaceSeed, /market_create_listing/);
+assert.match(marketplaceSeed, /market_publish_listing/);
+assert.match(marketplaceSeed, /--canister-id/);
+assert.match(marketplaceSeed, /DEFAULT_PAYMENT_E8S/);
+assert.match(marketplaceSeed, /DEFAULT_ALLOWANCE_E8S/);
+assert.match(marketplaceSeed, /icrc2_approve/);
+
+assert.match(setupIiE2e, /scripts\/local\/setup_kinic_ledger\.sh/);
+assert.match(setupIiE2e, /scripts\/local\/deploy_wiki\.sh/);
+assert.match(setupIiE2e, /wiki ledger mismatch/);
+assert.match(setupIiE2e, /conflicts with reserved local canister/);
+
+assert.equal(marketplaceRoutes.marketListingPath("ftjtrdothm6fauh"), "/marketplace/ftjtrdothm6fauh");
+
+assert.equal(kinicDeposit.parseDepositAmount("1"), "100000000");
+assert.equal(kinicDeposit.parseDepositAmount("0.00000001"), "1");
+assert.equal(kinicDeposit.parseDepositAmount("0"), null);
+assert.equal(kinicDeposit.parseDepositAmount("0.00000000"), null);
+assert.equal(kinicDeposit.parseDepositAmount("1.000000001"), null);
+
+console.log("Marketplace checks OK");
+
+async function importTs(relativePath) {
+  const source = readFileSync(new URL(relativePath, import.meta.url), "utf8");
+  const compiled = ts.transpileModule(source, {
+    compilerOptions: {
+      module: ts.ModuleKind.ES2022,
+      target: ts.ScriptTarget.ES2022
+    }
+  }).outputText;
+  const moduleUrl = `data:text/javascript;base64,${Buffer.from(compiled).toString("base64")}`;
+  return import(moduleUrl);
+}
diff --git a/wikibrowser/scripts/check-paths.mjs b/wikibrowser/scripts/check-paths.mjs
index 153f2a32..b6905b8a 100644
--- a/wikibrowser/scripts/check-paths.mjs
+++ b/wikibrowser/scripts/check-paths.mjs
@@ -4,7 +4,8 @@ import { pathToFileURL } from "node:url";
 import ts from "typescript";
 
 const sourcePath = new URL("../lib/paths.ts", import.meta.url);
-const source = readFileSync(sourcePath, "utf8");
+const shareLinksSource = readFileSync(new URL("../lib/share-links.ts", import.meta.url), "utf8");
+const source = `${shareLinksSource}\n${readFileSync(sourcePath, "utf8").replace('import { databaseRouteBase } from "./share-links";', "")}`;
 const browserSource = readFileSync(new URL("../components/wiki-browser.tsx", import.meta.url), "utf8");
 const compiled = ts.transpileModule(source, {
   compilerOptions: {
@@ -19,43 +20,43 @@ assert.equal(pathFromSegments([]), "/Wiki");
 assert.equal(pathFromSegments(["Wiki", "100%.md"]), "/Wiki/100%.md");
 assert.equal(
   hrefForPath("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/100%.md"),
-  "/alpha/Wiki/100%25.md"
+  "/db/alpha/Wiki/100%25.md"
 );
 assert.equal(
   hrefForPath("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/space name.md", "raw"),
-  "/alpha/Wiki/space%20name.md?view=raw"
+  "/db/alpha/Wiki/space%20name.md?view=raw"
 );
 assert.equal(
   hrefForPath("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/space name.md", "edit"),
-  "/alpha/Wiki/space%20name.md?view=edit"
+  "/db/alpha/Wiki/space%20name.md?view=edit"
 );
 assert.equal(
   hrefForPath("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki", undefined, "query"),
-  "/alpha/Wiki?tab=query"
+  "/db/alpha/Wiki?tab=query"
 );
 assert.equal(
   hrefForPath("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/conversations/日本語記事.md"),
-  "/alpha/Wiki/conversations/%E6%97%A5%E6%9C%AC%E8%AA%9E%E8%A8%98%E4%BA%8B.md"
+  "/db/alpha/Wiki/conversations/%E6%97%A5%E6%9C%AC%E8%AA%9E%E8%A8%98%E4%BA%8B.md"
 );
 assert.equal(
   hrefForSearch("t63gs-up777-77776-aaaba-cai", "alpha", "", "path"),
-  "/alpha/search?kind=path"
+  "/db/alpha/search?kind=path"
 );
 assert.equal(
   hrefForSearch("t63gs-up777-77776-aaaba-cai", "alpha", "alpha beta", "path"),
-  "/alpha/search?q=alpha+beta&kind=path"
+  "/db/alpha/search?q=alpha+beta&kind=path"
 );
 assert.equal(
   hrefForSearch("t63gs-up777-77776-aaaba-cai", "alpha", "alpha beta", "full"),
-  "/alpha/search?q=alpha+beta&kind=full"
+  "/db/alpha/search?q=alpha+beta&kind=full"
 );
 assert.equal(
   hrefForGraph("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/index.md", 2),
-  "/alpha/graph?center=%2FWiki%2Findex.md&depth=2"
+  "/db/alpha/graph?center=%2FWiki%2Findex.md&depth=2"
 );
 assert.equal(
   hrefForHelp("t63gs-up777-77776-aaaba-cai", "alpha"),
-  "/alpha/help"
+  "/db/alpha/help"
 );
 assert.equal(
   hrefForDatabaseSwitch("t63gs-up777-77776-aaaba-cai", "beta", {
@@ -65,7 +66,7 @@ assert.equal(
     searchKind: "full",
     graphDepth: 2
   }),
-  "/beta/Wiki"
+  "/db/beta/Wiki"
 );
 assert.equal(
   hrefForDatabaseSwitch("t63gs-up777-77776-aaaba-cai", "beta", {
@@ -75,7 +76,7 @@ assert.equal(
     searchKind: "full",
     graphDepth: 1
   }),
-  "/beta/search?q=alpha+beta&kind=full"
+  "/db/beta/search?q=alpha+beta&kind=full"
 );
 assert.equal(
   hrefForDatabaseSwitch("t63gs-up777-77776-aaaba-cai", "beta", {
@@ -85,7 +86,7 @@ assert.equal(
     searchKind: "path",
     graphDepth: 2
   }),
-  "/beta/graph?center=%2FWiki&depth=2"
+  "/db/beta/graph?center=%2FWiki&depth=2"
 );
 assert.equal(
   hrefForDatabaseSwitch("t63gs-up777-77776-aaaba-cai", "beta", {
@@ -96,46 +97,46 @@ assert.equal(
     searchKind: "path",
     graphDepth: 1
   }),
-  "/beta/help"
+  "/db/beta/help"
 );
 assert.equal(
   hrefForMarkdownLink("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/beam-full-reset/7/index.md", "facts.md"),
-  "/alpha/Wiki/beam-full-reset/7/facts.md"
+  "/db/alpha/Wiki/beam-full-reset/7/facts.md"
 );
 assert.equal(
   hrefForMarkdownLink("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/beam-full-reset/7/index.md", "facts.md?view=raw#evidence"),
-  "/alpha/Wiki/beam-full-reset/7/facts.md?view=raw#evidence"
+  "/db/alpha/Wiki/beam-full-reset/7/facts.md?view=raw#evidence"
 );
 assert.equal(
   hrefForMarkdownLink("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/beam-full-reset/7/index.md", "facts.md?view=raw&tab=query#evidence"),
-  "/alpha/Wiki/beam-full-reset/7/facts.md?view=raw&tab=query#evidence"
+  "/db/alpha/Wiki/beam-full-reset/7/facts.md?view=raw&tab=query#evidence"
 );
 assert.equal(
   hrefForMarkdownLink("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/beam-full-reset/7/index.md", "/Wiki/demo.md#evidence"),
-  "/alpha/Wiki/demo.md#evidence"
+  "/db/alpha/Wiki/demo.md#evidence"
 );
 assert.equal(
   hrefForMarkdownLink("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/index.md", "/Wiki/space name.md"),
-  "/alpha/Wiki/space%20name.md"
+  "/db/alpha/Wiki/space%20name.md"
 );
 assert.equal(
   hrefForMarkdownLink("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/index.md", "/Wiki/100%25.md"),
-  "/alpha/Wiki/100%25.md"
+  "/db/alpha/Wiki/100%25.md"
 );
 assert.equal(
   hrefForMarkdownLink("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/index.md", "/Wiki/a%23b.md"),
-  "/alpha/Wiki/a%23b.md"
+  "/db/alpha/Wiki/a%23b.md"
 );
 assert.equal(
   hrefForMarkdownLink("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/index.md", "/Wiki/a%3Fb.md"),
-  "/alpha/Wiki/a%3Fb.md"
+  "/db/alpha/Wiki/a%3Fb.md"
 );
 assert.equal(
   hrefForMarkdownLink("t63gs-up777-77776-aaaba-cai", "alpha", "/Wiki/demo/index.md", "https://example.com"),
   null
 );
 assert.match(browserSource, /NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID/);
-assert.match(browserSource, /pathname === `\/\$\{encodeURIComponent\(databaseId\)\}\/search`/);
-assert.match(browserSource, /pathname === `\/\$\{encodeURIComponent\(databaseId\)\}\/help`/);
+assert.match(browserSource, /pathname === `\$\{databaseRouteBase\(databaseId\)\}\/search`/);
+assert.match(browserSource, /pathname === `\$\{databaseRouteBase\(databaseId\)\}\/help`/);
 
 console.log(`Path helpers OK: ${pathToFileURL(sourcePath.pathname).pathname}`);
diff --git a/wikibrowser/scripts/check-skill-registry.mjs b/wikibrowser/scripts/check-skill-registry.mjs
index d90fdace..da4cfdc5 100644
--- a/wikibrowser/scripts/check-skill-registry.mjs
+++ b/wikibrowser/scripts/check-skill-registry.mjs
@@ -25,7 +25,7 @@ assert.match(client, /SkillRegistryClient/);
 assert.match(adminHeader, /export function AdminHeader/);
 assert.match(client, /<AdminHeader/);
 assert.doesNotMatch(client, /Database dashboard/);
-assert.match(client, /href=\{`\/\$\{encodeURIComponent\(databaseId\)\}\/Wiki`\}/);
+assert.match(client, /hrefForPath\(canisterId, databaseId, "\/Wiki"\)/);
 assert.doesNotMatch(client, /unknown database/);
 assert.match(client, /loadSkillCatalog/);
 assert.match(client, /updateSkillStatus/);
diff --git a/wikibrowser/scripts/check-smoke-url.mjs b/wikibrowser/scripts/check-smoke-url.mjs
index 2a322a4f..94507d90 100644
--- a/wikibrowser/scripts/check-smoke-url.mjs
+++ b/wikibrowser/scripts/check-smoke-url.mjs
@@ -3,22 +3,22 @@ import { parseSmokeTargetUrl } from "./smoke-ui.mjs";
 
 const databaseId = "db_k7p9x2mq4v8r";
 
-assert.deepEqual(parseSmokeTargetUrl(`http://localhost:3000/${databaseId}/Wiki/space%20name.md`), {
+assert.deepEqual(parseSmokeTargetUrl(`http://localhost:3000/db/${databaseId}/Wiki/space%20name.md`), {
   origin: "http://localhost:3000",
   databaseId,
   nodePath: "/Wiki/space name.md"
 });
-assert.deepEqual(parseSmokeTargetUrl(`http://localhost:3000/${databaseId}/Wiki/%E3%81%82.md`), {
+assert.deepEqual(parseSmokeTargetUrl(`http://localhost:3000/db/${databaseId}/Wiki/%E3%81%82.md`), {
   origin: "http://localhost:3000",
   databaseId,
   nodePath: "/Wiki/あ.md"
 });
-assert.deepEqual(parseSmokeTargetUrl(`http://localhost:3000/${databaseId}/Wiki/100%25.md`), {
+assert.deepEqual(parseSmokeTargetUrl(`http://localhost:3000/db/${databaseId}/Wiki/100%25.md`), {
   origin: "http://localhost:3000",
   databaseId,
   nodePath: "/Wiki/100%.md"
 });
-assert.deepEqual(parseSmokeTargetUrl(`http://localhost:3000/${databaseId}/Wiki/bad%.md`), {
+assert.deepEqual(parseSmokeTargetUrl(`http://localhost:3000/db/${databaseId}/Wiki/bad%.md`), {
   origin: "http://localhost:3000",
   databaseId,
   nodePath: "/Wiki/bad%.md"
diff --git a/wikibrowser/scripts/check-ui-helpers.mjs b/wikibrowser/scripts/check-ui-helpers.mjs
index e21a79b4..b6f3351e 100644
--- a/wikibrowser/scripts/check-ui-helpers.mjs
+++ b/wikibrowser/scripts/check-ui-helpers.mjs
@@ -12,19 +12,19 @@ const { splitMarkdownPreviewSections } = await importTs("../lib/markdown-section
 const { renderWikilinksAsMarkdown } = await importTs("../lib/markdown-wikilinks.ts");
 const { graphRequestKey, nodeRequestKey, searchRequestKey } = await importTs("../lib/request-keys.ts");
 const { hrefForMarkdownLink } = await importTs("../lib/paths.ts");
-const { isReservedDatabaseRouteSlug, isRoutableDatabaseId, publicDatabasePath, publicDatabaseUrl, xShareDatabaseHref } = await importTs("../lib/share-links.ts");
+const { isRoutableDatabaseId, publicDatabasePath, publicDatabaseUrl, xShareDatabaseHref } = await importTs("../lib/share-links.ts");
 const { canExpandChildNode, inferNoteRole, parseModeTab, readIdentityMode } = await importTs("../lib/wiki-helpers.ts");
 const { classifyQueryInput, queryAnswerSearchTerms } = await importTs("../lib/query-actions.ts");
 const explorerTreeSource = readFileSync(new URL("../components/explorer-tree.tsx", import.meta.url), "utf8");
 const documentPaneSource = readFileSync(new URL("../components/document-pane.tsx", import.meta.url), "utf8");
 const inspectorSource = readFileSync(new URL("../components/inspector.tsx", import.meta.url), "utf8");
 const layoutSource = readFileSync(new URL("../app/layout.tsx", import.meta.url), "utf8");
-const databaseLayoutSource = readFileSync(new URL("../app/[databaseId]/layout.tsx", import.meta.url), "utf8");
+const databaseLayoutSource = readFileSync(new URL("../app/db/[databaseId]/layout.tsx", import.meta.url), "utf8");
 const linkPreviewImageSource = readFileSync(new URL("../app/link-preview-image.tsx", import.meta.url), "utf8");
 const openGraphImageSource = readFileSync(new URL("../app/opengraph-image.tsx", import.meta.url), "utf8");
 const twitterImageSource = readFileSync(new URL("../app/twitter-image.tsx", import.meta.url), "utf8");
-const databaseOpenGraphImageSource = readFileSync(new URL("../app/[databaseId]/opengraph-image.tsx", import.meta.url), "utf8");
-const databaseTwitterImageSource = readFileSync(new URL("../app/[databaseId]/twitter-image.tsx", import.meta.url), "utf8");
+const databaseOpenGraphImageSource = readFileSync(new URL("../app/db/[databaseId]/opengraph-image.tsx", import.meta.url), "utf8");
+const databaseTwitterImageSource = readFileSync(new URL("../app/db/[databaseId]/twitter-image.tsx", import.meta.url), "utf8");
 const markdownEditDocumentSource = readFileSync(new URL("../components/markdown-edit-document.tsx", import.meta.url), "utf8");
 const markdownEditorSource = readFileSync(new URL("../components/markdown-editor.tsx", import.meta.url), "utf8");
 const panelSource = readFileSync(new URL("../components/panel.tsx", import.meta.url), "utf8");
@@ -113,12 +113,10 @@ assert.match(databaseLayoutSource, /databasePreviewTitle/);
 assert.match(databaseLayoutSource, /opengraph-image/);
 assert.match(databaseLayoutSource, /twitter-image/);
 assert.match(databaseOpenGraphImageSource, /Kinic Wiki database/);
-assert.match(databaseOpenGraphImageSource, /isReservedDatabaseRouteSlug/);
-assert.match(databaseOpenGraphImageSource, /notFound\(\)/);
+assert.doesNotMatch(databaseOpenGraphImageSource, /isReservedDatabaseRouteSlug|notFound\(\)/);
 assert.match(databaseOpenGraphImageSource, /preview\.databaseName/);
 assert.match(databaseTwitterImageSource, /Kinic Wiki database/);
-assert.match(databaseTwitterImageSource, /isReservedDatabaseRouteSlug/);
-assert.match(databaseTwitterImageSource, /notFound\(\)/);
+assert.doesNotMatch(databaseTwitterImageSource, /isReservedDatabaseRouteSlug|notFound\(\)/);
 assert.match(databaseTwitterImageSource, /preview\.databaseName/);
 assert.match(databasePreviewSource, /databasePreviewTitle/);
 assert.match(databasePreviewSource, /databasePreviewDescription/);
@@ -258,6 +256,7 @@ assert.deepEqual(queryAnswerSearchTerms("vetkeyについて教えて"), ["vetkey
 assert.deepEqual(queryAnswerSearchTerms("What does the wiki say about vetKey?"), ["vetKey"]);
 assert.equal(parseModeTab("legacy"), "explorer");
 assert.equal(readIdentityMode(true, true, true, true), "user");
+assert.equal(readIdentityMode(true, true, true, false), "user");
 assert.equal(readIdentityMode(true, false, true, true), "anonymous");
 assert.equal(readIdentityMode(true, false, false, true), "anonymous");
 assert.equal(readIdentityMode(true, false, false, false), "user");
@@ -362,19 +361,17 @@ assert.notEqual(
   graphRequestKey("aaaaa-aa", "alpha", "/Wiki/index.md", 1, "aaaaa-aa")
 );
 assert.notEqual(searchRequestKey("aaaaa-aa", "alpha", "path", "budget"), searchRequestKey("aaaaa-aa", "alpha", "path", "budget", "aaaaa-aa"));
-assert.equal(publicDatabasePath("alpha/db"), "/alpha%2Fdb/Wiki");
-assert.equal(publicDatabasePath("db_kva4v2twg6jv"), "/db_kva4v2twg6jv/Wiki");
-assert.equal(publicDatabaseUrl("alpha db"), "https://wiki.kinic.xyz/alpha%20db/Wiki");
-assert.equal(publicDatabaseUrl("alpha db", "http://127.0.0.1:3000"), "http://127.0.0.1:3000/alpha%20db/Wiki");
-assert.equal(isReservedDatabaseRouteSlug("cli"), true);
-assert.equal(isReservedDatabaseRouteSlug("CLI"), true);
-assert.equal(isReservedDatabaseRouteSlug("db_cli"), false);
+assert.equal(publicDatabasePath("alpha/db"), "/db/alpha%2Fdb/Wiki");
+assert.equal(publicDatabasePath("db_kva4v2twg6jv"), "/db/db_kva4v2twg6jv/Wiki");
+assert.equal(publicDatabaseUrl("alpha db"), "https://wiki.kinic.xyz/db/alpha%20db/Wiki");
+assert.equal(publicDatabaseUrl("alpha db", "http://127.0.0.1:3000"), "http://127.0.0.1:3000/db/alpha%20db/Wiki");
 assert.equal(isRoutableDatabaseId("db_xuwmtks27uik"), true);
-assert.equal(isRoutableDatabaseId("dashboard"), false);
-assert.throws(() => publicDatabasePath("cli"), /reserved database route slug: cli/);
+assert.equal(isRoutableDatabaseId("dashboard"), true);
+assert.equal(isRoutableDatabaseId(""), false);
+assert.throws(() => publicDatabasePath(""), /invalid database id/);
 assert.equal(
   xShareDatabaseHref({ databaseId: "alpha db", databaseName: "Research DB", origin: "https://wiki.kinic.xyz" }),
-  "https://twitter.com/intent/tweet?text=Kinic+Wiki%3A+Research+DB&url=https%3A%2F%2Fwiki.kinic.xyz%2Falpha%2520db%2FWiki"
+  "https://twitter.com/intent/tweet?text=Kinic+Wiki%3A+Research+DB&url=https%3A%2F%2Fwiki.kinic.xyz%2Fdb%2Falpha%2520db%2FWiki"
 );
 assert.equal(
   renderWikilinksAsMarkdown("[[/Sources/raw/a/a.md|opencode.ai/DESIGN.md]]"),
@@ -419,8 +416,8 @@ assert.equal(
 );
 assert.equal(renderWikilinksAsMarkdown("![[notes/alpha.md|Alpha]]"), "![[notes/alpha.md|Alpha]]");
 assert.equal(renderWikilinksAsMarkdown("[[notes/alpha.md|Alpha]]"), "[Alpha](<notes/alpha.md>)");
-assert.equal(hrefForMarkdownLink("aaaaa-aa", "db-1", "/Wiki/current.md", "/Wiki/foo.md"), "/db-1/Wiki/foo.md");
-assert.equal(hrefForMarkdownLink("aaaaa-aa", "db-1", "/Wiki/current.md", "/Sources/foo.md#top"), "/db-1/Sources/foo.md#top");
+assert.equal(hrefForMarkdownLink("aaaaa-aa", "db-1", "/Wiki/current.md", "/Wiki/foo.md"), "/db/db-1/Wiki/foo.md");
+assert.equal(hrefForMarkdownLink("aaaaa-aa", "db-1", "/Wiki/current.md", "/Sources/foo.md#top"), "/db/db-1/Sources/foo.md#top");
 assert.equal(hrefForMarkdownLink("aaaaa-aa", "db-1", "/Wiki/current.md", "/Wikipedia/foo.md"), null);
 assert.equal(hrefForMarkdownLink("aaaaa-aa", "db-1", "/Wiki/current.md", "/SourcesBackup/foo.md"), null);
 assert.equal(inferNoteRole("/Sources/raw/web/abc.md"), "raw_source");
@@ -479,7 +476,10 @@ function child(path, name, kind, hasChildren = kind === "directory") {
 
 async function importTs(relativePath) {
   const sourcePath = new URL(relativePath, import.meta.url);
-  const source = readFileSync(sourcePath, "utf8");
+  const rawSource = readFileSync(sourcePath, "utf8");
+  const source = relativePath === "../lib/paths.ts"
+    ? `${readFileSync(new URL("../lib/share-links.ts", import.meta.url), "utf8")}\n${rawSource.replace('import { databaseRouteBase } from "./share-links";', "")}`
+    : rawSource;
   const compiled = ts.transpileModule(source, {
     compilerOptions: {
       module: ts.ModuleKind.ES2022,
diff --git a/wikibrowser/scripts/generate-vfs-idl.mjs b/wikibrowser/scripts/generate-vfs-idl.mjs
index c3e91699..9a76c11f 100644
--- a/wikibrowser/scripts/generate-vfs-idl.mjs
+++ b/wikibrowser/scripts/generate-vfs-idl.mjs
@@ -18,6 +18,32 @@ const typeOrder = [
   "CyclesPurchaseResult",
   "DatabaseCyclesPendingPurchase",
   "DatabaseCyclesPurchaseRequest",
+  "KinicBalance",
+  "KinicPendingOperation",
+  "KinicPendingOperationsPageRequest",
+  "KinicPendingOperationsPage",
+  "MarketCreateListingRequest",
+  "KinicDepositRequest",
+  "KinicDepositResult",
+  "KinicFundDatabaseCyclesRequest",
+  "KinicFundDatabaseCyclesResult",
+  "MarketEntitlement",
+  "MarketEntitlementPage",
+  "MarketListingStatus",
+  "MarketListing",
+  "MarketCategoryGraphEdge",
+  "MarketCategoryGraphNode",
+  "MarketCategoryGraph",
+  "MarketListingPage",
+  "MarketOrder",
+  "MarketOrderPage",
+  "MarketPreviewExcerpt",
+  "MarketListingPreview",
+  "MarketListingVerifiedStats",
+  "MarketListingDetail",
+  "MarketPurchasePreview",
+  "MarketPurchaseRequest",
+  "MarketUpdateListingRequest",
   "Icrc21ConsentMessageMetadata",
   "Icrc21DeviceSpec",
   "Icrc21ConsentMessageSpec",
@@ -90,8 +116,21 @@ const typeOrder = [
   "ResultCyclesPurchase",
   "ResultCyclesEntries",
   "ResultCyclesPendingPurchases",
+  "ResultKinicBalance",
+  "ResultKinicPendingOperations",
+  "ResultKinicDeposit",
+  "ResultKinicFundDatabaseCycles",
+  "ResultMarketEntitlementPage",
+  "ResultMarketListing",
+  "ResultMarketListingDetail",
+  "ResultMarketListings",
+  "ResultMarketListingPage",
+  "ResultMarketOrder",
+  "ResultMarketOrderPage",
+  "ResultMarketPurchasePreview",
   "ResultDatabases",
   "ResultMembers",
+  "ResultNat64",
   "WriteNodeResult",
   "ResultWriteNode",
   "WriteSourceForGenerationResult",
@@ -128,6 +167,22 @@ const methodOrder = [
   "list_database_cycles_pending_purchases",
   "list_databases",
   "list_database_members",
+  "market_count_active_entitlements",
+  "market_create_listing",
+  "kinic_deposit_balance",
+  "kinic_fund_database_cycles",
+  "kinic_get_balance",
+  "market_get_listing",
+  "market_list_database_listings",
+  "market_list_entitlements",
+  "market_list_listings",
+  "market_list_orders",
+  "kinic_list_pending_operations",
+  "market_pause_listing",
+  "market_preview_purchase",
+  "market_publish_listing",
+  "market_purchase_access",
+  "market_update_listing",
   "memory_manifest",
   "mkdir_node",
   "move_node",
@@ -344,28 +399,8 @@ function normalizeBlobAlias(value) {
 
 function normalizeResultAlias(value) {
   const normalized = normalizeShape(value).replace(/,$/, "").trim();
-  if (normalized === "Result_10") return "ResultLinks";
-  if (normalized === "Result_11") return "ResultLinks";
-  if (normalized === "Result_12") return "ResultChildren";
-  if (normalized === "Result_13") return "ResultCyclesEntries";
-  if (normalized === "Result_14") return "ResultCyclesPendingPurchases";
-  if (normalized === "Result_15") return "ResultMembers";
-  if (normalized === "Result_16") return "ResultDatabases";
-  if (normalized === "Result_1") return "ResultUnit";
-  if (normalized === "Result_4") return "ResultCreateDatabase";
-  if (normalized === "Result_5") return "ResultDeleteNode";
-  if (normalized === "Result_18") return "ResultMkdirNode";
-  if (normalized === "Result_19") return "ResultMoveNode";
-  if (normalized === "Result_20") return "ResultCyclesPurchase";
-  if (normalized === "Result_21") return "ResultQueryContext";
-  if (normalized === "Result_24") return "ResultNode";
-  if (normalized === "Result_25") return "ResultNodeContext";
-  if (normalized === "Result_26") return "ResultSearch";
-  if (normalized === "Result_27") return "ResultStorageBillingBatch";
-  if (normalized === "Result_28") return "ResultSourceEvidence";
-  if (normalized === "Result_3") return "ResultOpsAnswerSessionCheck";
-  if (normalized === "Result_30") return "ResultWriteSourceForGeneration";
-  if (normalized === "Result_9") return "ResultCyclesBillingConfig";
+  const alias = Object.entries(didTypeAliases).find(([, didName]) => didName === normalized)?.[0];
+  if (alias) return alias;
   if (normalized === "Result") return "ResultWriteNode";
   return normalized;
 }
diff --git a/wikibrowser/scripts/seed-marketplace-fixtures.mjs b/wikibrowser/scripts/seed-marketplace-fixtures.mjs
new file mode 100644
index 00000000..1ba084cc
--- /dev/null
+++ b/wikibrowser/scripts/seed-marketplace-fixtures.mjs
@@ -0,0 +1,273 @@
+// Where: wikibrowser/scripts/seed-marketplace-fixtures.mjs
+// What: creates local marketplace fixture databases and publishes listings.
+// Why: marketplace UI needs repeatable local cards for browse/filter visual checks.
+import { spawnSync } from "node:child_process";
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+
+const DEFAULT_PAYMENT_E8S = "100_000_000";
+const DEFAULT_MIN_CYCLES = "1_000_000";
+const DEFAULT_ALLOWANCE_E8S = "400_000_000";
+
+const FIXTURES = [
+  {
+    name: "Market Seed: AI Research",
+    title: "AI Research Notes",
+    description: "Curated wiki notes for model evaluation, retrieval, and prompt ops.",
+    tags: ["ai", "research", "popular"],
+    priceE8s: "25_000_000",
+    summary: "Compact research notes with linked evidence and excerpts.",
+    excerpt: "Model evaluation notes with retrieval examples",
+    nodes: [
+      {
+        path: "/Wiki/AI Research.md",
+        content: "# AI Research\n\nModel evaluation notes with retrieval examples and [pricing context](/Wiki/Pricing.md)."
+      },
+      {
+        path: "/Wiki/Pricing.md",
+        content: "# Pricing\n\nLow price marketplace fixture for decimal max-price checks."
+      }
+    ]
+  },
+  {
+    name: "Market Seed: Product Playbook",
+    title: "Product Launch Playbook",
+    description: "Operational launch checklist with buyer onboarding and market examples.",
+    tags: ["product", "recent", "playbook"],
+    priceE8s: "50_000_000",
+    summary: "A launch playbook with docs, checklists, and handoff notes.",
+    excerpt: "Operational launch checklist with buyer onboarding",
+    nodes: [
+      {
+        path: "/Wiki/Launch Checklist.md",
+        content: "# Launch Checklist\n\nOperational launch checklist with buyer onboarding and [risk review](/Wiki/Risk Review.md)."
+      },
+      {
+        path: "/Wiki/Risk Review.md",
+        content: "# Risk Review\n\nRecent listing fixture for sort and filter checks."
+      }
+    ]
+  },
+  {
+    name: "Market Seed: Knowledge Graph",
+    title: "Knowledge Graph Template",
+    description: "Graph-oriented wiki seed with category edges and sample excerpts.",
+    tags: ["graph", "template", "excerpt"],
+    priceE8s: "100_000_000",
+    summary: "Template data for graph-heavy marketplace detail screens.",
+    excerpt: "Graph-oriented wiki seed with category edges",
+    nodes: [
+      {
+        path: "/Wiki/Graph Template.md",
+        content: "# Graph Template\n\nGraph-oriented wiki seed with category edges and [sample nodes](/Wiki/Sample Nodes.md)."
+      },
+      {
+        path: "/Wiki/Sample Nodes.md",
+        content: "# Sample Nodes\n\nExcerpt fixture for listing detail density checks."
+      }
+    ]
+  }
+];
+
+const options = parseArgs(process.argv.slice(2));
+const canister = options.canisterId ?? process.env.NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID;
+if (!canister) {
+  throw new Error("missing --canister-id or NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID");
+}
+const ledgerCanister = options.ledgerCanisterId ?? process.env.KINIC_LEDGER_CANISTER_ID ?? readWikiLedgerCanisterId();
+approveCyclesAllowance(ledgerCanister);
+
+for (const fixture of FIXTURES) {
+  const created = callOk("create_database", candidRecord({ name: candidText(fixture.name) }));
+  const databaseId = extractTextField(created, "database_id");
+  fundDatabase(databaseId);
+  callOk("mkdir_node", candidRecord({ database_id: candidText(databaseId), path: candidText("/Wiki") }));
+  const firstNode = writeNodes(databaseId, fixture);
+  const listing = callOk(
+    "market_create_listing",
+    candidRecord({
+      database_id: candidText(databaseId),
+      title: candidText(fixture.title),
+      description: candidText(fixture.description),
+      llm_summary: `opt ${candidText(fixture.summary)}`,
+      summary_snapshot_revision: "null",
+      sample_excerpts_json: candidText(JSON.stringify([{ path: firstNode.path, etag: firstNode.etag, excerpt: fixture.excerpt }])),
+      tags_json: candidText(JSON.stringify(fixture.tags)),
+      price_e8s: `${fixture.priceE8s} : nat64`
+    })
+  );
+  const listingId = extractTextField(listing, "listing_id");
+  const published = callOk("market_publish_listing", candidText(listingId));
+  console.log(`${listingId}\t${databaseId}\t${extractTextField(published, "title")}\t${extractNat64Field(published, "price_e8s")}`);
+}
+
+function fundDatabase(databaseId) {
+  callOk(
+    "purchase_database_cycles",
+    candidRecord({
+      database_id: candidText(databaseId),
+      payment_amount_e8s: `${options.paymentE8s} : nat64`,
+      min_expected_cycles: `${options.minCycles} : nat64`
+    })
+  );
+}
+
+function readWikiLedgerCanisterId() {
+  const config = callOk("get_cycles_billing_config", "");
+  return extractTextField(config, "kinic_ledger_canister_id");
+}
+
+function approveCyclesAllowance(ledgerCanisterId) {
+  callOk(
+    "icrc2_approve",
+    candidRecord({
+      spender: `record { owner = principal ${candidText(canister)}; subaccount = null }`,
+      amount: `${options.allowanceE8s} : nat`,
+      expected_allowance: "null",
+      expires_at: "null",
+      fee: "null",
+      memo: "null",
+      from_subaccount: "null",
+      created_at_time: "null"
+    }),
+    ledgerCanisterId
+  );
+}
+
+function writeNodes(databaseId, fixture) {
+  let firstNode = null;
+  for (const node of fixture.nodes) {
+    const result = callOk(
+      "write_node",
+      candidRecord({
+        database_id: candidText(databaseId),
+        path: candidText(node.path),
+        kind: "variant { File }",
+        content: candidText(node.content),
+        metadata_json: candidText("{}"),
+        expected_etag: "null"
+      })
+    );
+    const written = {
+      path: extractTextField(result, "path"),
+      etag: extractTextField(result, "etag")
+    };
+    if (firstNode === null) {
+      firstNode = written;
+    }
+  }
+  if (firstNode === null) {
+    throw new Error(`fixture ${fixture.title} did not write nodes`);
+  }
+  return firstNode;
+}
+
+function callOk(method, candidArgs, targetCanister = canister) {
+  const response = callCanister(targetCanister, method, candidArgs);
+  if (/variant\s*\{\s*Ok\s*=/.test(response.response_candid)) {
+    return response.response_candid;
+  }
+  if (/variant\s*\{\s*Err\s*=/.test(response.response_candid)) {
+    const error = extractErr(response.response_candid);
+    throw new Error(`${method} failed: ${error}`);
+  }
+  throw new Error(`${method} returned unexpected response: ${response.response_candid}`);
+}
+
+function callCanister(targetCanister, method, candidArgs) {
+  const tempDir = mkdtempSync(join(tmpdir(), "kinic-market-seed-"));
+  const argsPath = join(tempDir, `${method}.did`);
+  try {
+    writeFileSync(argsPath, `(${candidArgs})\n`, "utf8");
+    const result = spawnSync(
+      "icp",
+      ["canister", "call", targetCanister, method, "--args-file", argsPath, "-e", options.environment, "--json"],
+      { encoding: "utf8" }
+    );
+    if (result.status !== 0) {
+      throw new Error(`${method} command failed\n${result.stderr || result.stdout}`);
+    }
+    return JSON.parse(result.stdout);
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true });
+  }
+}
+
+function parseArgs(args) {
+  const parsed = {
+    environment: "local-wiki",
+    paymentE8s: DEFAULT_PAYMENT_E8S,
+    minCycles: DEFAULT_MIN_CYCLES,
+    allowanceE8s: DEFAULT_ALLOWANCE_E8S
+  };
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index];
+    if (arg === "--canister-id") {
+      parsed.canisterId = readArgValue(args, index, arg);
+      index += 1;
+    } else if (arg === "--environment") {
+      parsed.environment = readArgValue(args, index, arg);
+      index += 1;
+    } else if (arg === "--payment-e8s") {
+      parsed.paymentE8s = normalizeNat64(readArgValue(args, index, arg), arg);
+      index += 1;
+    } else if (arg === "--min-cycles") {
+      parsed.minCycles = normalizeNat64(readArgValue(args, index, arg), arg);
+      index += 1;
+    } else if (arg === "--allowance-e8s") {
+      parsed.allowanceE8s = normalizeNat64(readArgValue(args, index, arg), arg);
+      index += 1;
+    } else if (arg === "--ledger-canister-id") {
+      parsed.ledgerCanisterId = readArgValue(args, index, arg);
+      index += 1;
+    } else {
+      throw new Error(`unknown argument: ${arg}`);
+    }
+  }
+  return parsed;
+}
+
+function readArgValue(args, index, name) {
+  const value = args[index + 1];
+  if (!value || value.startsWith("--")) {
+    throw new Error(`${name} requires a value`);
+  }
+  return value;
+}
+
+function normalizeNat64(value, name) {
+  if (!/^\d(?:_?\d)*$/.test(value)) {
+    throw new Error(`${name} must be a nat64 decimal literal`);
+  }
+  return value;
+}
+
+function candidRecord(fields) {
+  return `record { ${Object.entries(fields).map(([key, value]) => `${key} = ${value}`).join("; ")} }`;
+}
+
+function candidText(value) {
+  return `"${value.replaceAll("\\", "\\\\").replaceAll("\"", "\\\"").replaceAll("\n", "\\n")}"`;
+}
+
+function extractTextField(candid, field) {
+  const match = new RegExp(`${field} = "([^"]*)"`).exec(candid);
+  if (!match) {
+    throw new Error(`missing ${field} in response: ${candid}`);
+  }
+  return match[1];
+}
+
+function extractNat64Field(candid, field) {
+  const match = new RegExp(`${field} = ([0-9_]+) : nat64`).exec(candid);
+  if (!match) {
+    throw new Error(`missing ${field} in response: ${candid}`);
+  }
+  return match[1];
+}
+
+function extractErr(candid) {
+  const match = /Err = "([\s\S]*)"\s*\}/.exec(candid);
+  return match ? match[1].replaceAll("\\\"", "\"") : candid;
+}
diff --git a/wikibrowser/scripts/smoke-errors.mjs b/wikibrowser/scripts/smoke-errors.mjs
index 4a6f066a..e3c50a79 100644
--- a/wikibrowser/scripts/smoke-errors.mjs
+++ b/wikibrowser/scripts/smoke-errors.mjs
@@ -6,7 +6,7 @@ const databaseId = readDatabaseId();
 const smokeWaitMs = 30_000;
 const pollMs = 500;
 
-run("open", [`${baseUrl}/${encodeURIComponent(databaseId)}/Wiki/does-not-exist.md`]);
+run("open", [`${baseUrl}/db/${encodeURIComponent(databaseId)}/Wiki/does-not-exist.md`]);
 assertSnapshotIncludes("No wiki node at this path");
 assertSnapshotIncludes("Search this path");
 
diff --git a/wikibrowser/scripts/smoke-mobile-layout.mjs b/wikibrowser/scripts/smoke-mobile-layout.mjs
index ffe477c9..fd8ed2bc 100644
--- a/wikibrowser/scripts/smoke-mobile-layout.mjs
+++ b/wikibrowser/scripts/smoke-mobile-layout.mjs
@@ -20,16 +20,16 @@ const browserRoutes = [
 ];
 
 runOptional("close", []);
-run("open", [`${baseUrl}/${encodeURIComponent(databaseId)}/Wiki`]);
+run("open", [`${baseUrl}/db/${encodeURIComponent(databaseId)}/Wiki`]);
 for (const [width, height] of viewports) {
   run("resize", [String(width), String(height)]);
   for (const route of browserRoutes) {
-    run("goto", [`${baseUrl}/${encodeURIComponent(databaseId)}${route}`]);
+    run("goto", [`${baseUrl}/db/${encodeURIComponent(databaseId)}${route}`]);
     run("eval", [wikiLayoutProbe(route)]);
   }
   run("goto", [`${baseUrl}/dashboard`]);
   run("eval", [dashboardLayoutProbe()]);
-  run("goto", [`${baseUrl}/dashboard/${encodeURIComponent(databaseId)}`]);
+  run("goto", [`${baseUrl}/dashboard/project/${encodeURIComponent(databaseId)}`]);
   run("eval", [genericLayoutProbe()]);
   run("goto", [`${baseUrl}/skills/${encodeURIComponent(databaseId)}`]);
   run("eval", [genericLayoutProbe()]);
diff --git a/wikibrowser/scripts/smoke-public.mjs b/wikibrowser/scripts/smoke-public.mjs
index 30ebc437..ae976102 100644
--- a/wikibrowser/scripts/smoke-public.mjs
+++ b/wikibrowser/scripts/smoke-public.mjs
@@ -3,7 +3,7 @@ import { spawnSync } from "node:child_process";
 const baseUrl = readRequiredArg("--base-url", "WIKI_BROWSER_PUBLIC_BASE_URL").replace(/\/$/, "");
 const databaseId = readRequiredArg("--database-id", "WIKI_BROWSER_PUBLIC_DATABASE_ID");
 const path = normalizePath(readRequiredArg("--path", "WIKI_BROWSER_PUBLIC_PATH"));
-const nodeUrl = `${baseUrl}/${encodeURIComponent(databaseId)}${path}`;
+const nodeUrl = `${baseUrl}/db/${encodeURIComponent(databaseId)}${path}`;
 
 runNodeScript("scripts/smoke-ui.mjs", ["--url", nodeUrl]);
 runNodeScript("scripts/smoke-errors.mjs", ["--base-url", baseUrl, "--database-id", databaseId]);
diff --git a/wikibrowser/scripts/smoke-ui.mjs b/wikibrowser/scripts/smoke-ui.mjs
index 07cfe63e..a4a228cd 100644
--- a/wikibrowser/scripts/smoke-ui.mjs
+++ b/wikibrowser/scripts/smoke-ui.mjs
@@ -54,9 +54,9 @@ async function main() {
 export function parseSmokeTargetUrl(url) {
   const targetUrl = new URL(url);
   const segments = targetUrl.pathname.split("/").filter(Boolean);
-  const databaseId = decodePathSegment(segments[0] ?? "");
+  const databaseId = segments[0] === "db" ? decodePathSegment(segments[1] ?? "") : "";
   const path = segments
-    .slice(1)
+    .slice(2)
     .filter(Boolean)
     .map(decodePathSegment)
     .join("/");
diff --git a/wikibrowser/tailwind.config.ts b/wikibrowser/tailwind.config.ts
index 76e91b84..d0c7c310 100644
--- a/wikibrowser/tailwind.config.ts
+++ b/wikibrowser/tailwind.config.ts
@@ -1,6 +1,8 @@
 import type { Config } from "tailwindcss";
+import animate from "tailwindcss-animate";
 
 const config: Config = {
+  darkMode: ["class"],
   content: ["./app/**/*.{ts,tsx}", "./components/**/*.{ts,tsx}", "./lib/**/*.{ts,tsx}"],
   theme: {
     extend: {
@@ -8,11 +10,8 @@ const config: Config = {
         paper: "#f8f8f8",
         canvas: "#ffffff",
         ink: "#000000",
-        muted: "#636161",
         line: "#e6e6e6",
         midLine: "#d0d0d0",
-        accent: "#ff2686",
-        accentHover: "#ff2686",
         accentSoft: "#ff81be26",
         accentLine: "#ffcde5",
         accentText: "#ff2686",
@@ -22,7 +21,53 @@ const config: Config = {
         kinicCyan: "#2d68ff",
         infoSoft: "#eaf4ff",
         infoLine: "#8fc3ff",
-        infoText: "#086cd9"
+        infoText: "#086cd9",
+        border: "hsl(var(--border))",
+        input: "hsl(var(--input))",
+        ring: "hsl(var(--ring))",
+        background: "hsl(var(--background))",
+        foreground: "hsl(var(--foreground))",
+        primary: {
+          DEFAULT: "hsl(var(--primary))",
+          foreground: "hsl(var(--primary-foreground))"
+        },
+        secondary: {
+          DEFAULT: "hsl(var(--secondary))",
+          foreground: "hsl(var(--secondary-foreground))"
+        },
+        destructive: {
+          DEFAULT: "hsl(var(--destructive))",
+          foreground: "hsl(var(--destructive-foreground))"
+        },
+        muted: {
+          DEFAULT: "hsl(var(--muted))",
+          foreground: "hsl(var(--muted-foreground))"
+        },
+        accent: "#ff2686",
+        "accent-foreground": "hsl(var(--accent-foreground))",
+        popover: {
+          DEFAULT: "hsl(var(--popover))",
+          foreground: "hsl(var(--popover-foreground))"
+        },
+        card: {
+          DEFAULT: "hsl(var(--card))",
+          foreground: "hsl(var(--card-foreground))"
+        },
+        sidebar: {
+          DEFAULT: "hsl(var(--sidebar-background))",
+          foreground: "hsl(var(--sidebar-foreground))",
+          primary: "hsl(var(--sidebar-primary))",
+          "primary-foreground": "hsl(var(--sidebar-primary-foreground))",
+          accent: "hsl(var(--sidebar-accent))",
+          "accent-foreground": "hsl(var(--sidebar-accent-foreground))",
+          border: "hsl(var(--sidebar-border))",
+          ring: "hsl(var(--sidebar-ring))"
+        }
+      },
+      borderRadius: {
+        lg: "var(--radius)",
+        md: "calc(var(--radius) - 4px)",
+        sm: "calc(var(--radius) - 8px)"
       },
       fontFamily: {
         sans: ["Aptos", "ui-sans-serif", "system-ui", "sans-serif"],
@@ -30,7 +75,7 @@ const config: Config = {
       }
     }
   },
-  plugins: []
+  plugins: [animate]
 };
 
 export default config;
diff --git a/wikibrowser/tsconfig.json b/wikibrowser/tsconfig.json
index 3099c541..0291d909 100644
--- a/wikibrowser/tsconfig.json
+++ b/wikibrowser/tsconfig.json
@@ -32,8 +32,7 @@
     "next-env.d.ts",
     "**/*.ts",
     "**/*.tsx",
-    ".next/types/**/*.ts",
-    ".next/dev/types/**/*.ts"
+    ".next/types/**/*.ts"
   ],
   "exclude": [
     "node_modules"
diff --git a/wikibrowser/wrangler.jsonc b/wikibrowser/wrangler.jsonc
index 55c317d8..0b84091a 100644
--- a/wikibrowser/wrangler.jsonc
+++ b/wikibrowser/wrangler.jsonc
@@ -6,7 +6,6 @@
   "compatibility_flags": ["nodejs_compat", "global_fetch_strictly_public"],
   "vars": {
     "NEXT_PUBLIC_WIKI_IC_HOST": "https://icp0.io",
-    "NEXT_PUBLIC_II_PROVIDER_URL": "https://id.ai",
     "NEXT_PUBLIC_KINIC_WIKI_CANISTER_ID": "xis3j-paaaa-aaaai-axumq-cai",
     "KINIC_WIKI_GENERATOR_URL": "https://wiki-generator.kinic.xyz"
   },
diff --git a/workers/wiki-generator/package.json b/workers/wiki-generator/package.json
index cfdbb9b1..1ffcb8df 100644
--- a/workers/wiki-generator/package.json
+++ b/workers/wiki-generator/package.json
@@ -7,7 +7,7 @@
     "cf-typegen": "wrangler types --env-interface Env worker-configuration.d.ts",
     "deploy": "wrangler deploy",
     "dev": "wrangler dev --test-scheduled",
-    "test": "tsc -p tsconfig.test.json && node --test .tmp-test/tests/*.test.js",
+    "test": "node scripts/check-candid-drift.mjs && tsc -p tsconfig.test.json && node --test .tmp-test/tests/*.test.js",
     "typecheck": "tsc --noEmit",
     "audit:moderate": "pnpm audit --audit-level moderate"
   },
diff --git a/workers/wiki-generator/scripts/check-candid-drift.mjs b/workers/wiki-generator/scripts/check-candid-drift.mjs
new file mode 100644
index 00000000..7a8b948d
--- /dev/null
+++ b/workers/wiki-generator/scripts/check-candid-drift.mjs
@@ -0,0 +1,161 @@
+// Where: workers/wiki-generator/scripts/check-candid-drift.mjs
+// What: Compare the generator Worker's hand-written VFS IDL subset with vfs.did.
+// Why: Worker canister calls use a local minimal IDL that must drift-fail in CI.
+import { readFileSync } from "node:fs";
+import { checkCandidSubset } from "../../../scripts/candid-subset-check.mjs";
+import { didTypeAliases as sharedAliases } from "../../../wikibrowser/scripts/candid-shapes.mjs";
+
+const did = readFileSync(new URL("../../../crates/vfs_canister/vfs.did", import.meta.url), "utf8");
+const idl = readFileSync(new URL("../src/vfs-idl.ts", import.meta.url), "utf8");
+
+const didTypeAliases = {
+  ...sharedAliases,
+  ResultExportSnapshot: "Result_7",
+  ResultFetchUpdates: "Result_8"
+};
+
+const expectedTypes = {
+  NodeKind: { kind: "variant", cases: { File: "null", Source: "null", Folder: "null" } },
+  Node: {
+    kind: "record",
+    fields: {
+      path: "text",
+      kind: "NodeKind",
+      content: "text",
+      created_at: "int64",
+      updated_at: "int64",
+      etag: "text",
+      metadata_json: "text"
+    }
+  },
+  NodeMutationAck: {
+    kind: "record",
+    fields: { updated_at: "int64", etag: "text", kind: "NodeKind", path: "text" }
+  },
+  SearchPreviewField: { kind: "variant", cases: { Path: "null", Content: "null" } },
+  SearchPreviewMode: { kind: "variant", cases: { Light: "null", ContentStart: "null", None: "null" } },
+  SearchPreview: {
+    kind: "record",
+    fields: {
+      field: "SearchPreviewField",
+      char_offset: "nat32",
+      match_reason: "text",
+      excerpt: "opt text"
+    }
+  },
+  SearchNodeHit: {
+    kind: "record",
+    fields: {
+      path: "text",
+      kind: "NodeKind",
+      snippet: "opt text",
+      preview: "opt SearchPreview",
+      score: "float32",
+      match_reasons: "vec text"
+    }
+  },
+  WriteNodeRequest: {
+    kind: "record",
+    fields: {
+      content: "text",
+      kind: "NodeKind",
+      path: "text",
+      expected_etag: "opt text",
+      metadata_json: "text",
+      database_id: "text"
+    }
+  },
+  MkdirNodeRequest: { kind: "record", fields: { path: "text", database_id: "text" } },
+  SearchNodesRequest: {
+    kind: "record",
+    fields: {
+      database_id: "text",
+      query_text: "text",
+      prefix: "opt text",
+      top_k: "nat32",
+      preview_mode: "opt SearchPreviewMode"
+    }
+  },
+  ExportSnapshotRequest: {
+    kind: "record",
+    fields: {
+      snapshot_revision: "opt text",
+      cursor: "opt text",
+      limit: "nat32",
+      database_id: "text",
+      prefix: "opt text",
+      snapshot_session_id: "opt text"
+    }
+  },
+  ExportSnapshotResponse: {
+    kind: "record",
+    fields: {
+      snapshot_revision: "text",
+      nodes: "vec Node",
+      next_cursor: "opt text",
+      snapshot_session_id: "opt text"
+    }
+  },
+  FetchUpdatesRequest: {
+    kind: "record",
+    fields: {
+      known_snapshot_revision: "text",
+      cursor: "opt text",
+      limit: "nat32",
+      database_id: "text",
+      prefix: "opt text",
+      target_snapshot_revision: "opt text"
+    }
+  },
+  FetchUpdatesResponse: {
+    kind: "record",
+    fields: {
+      removed_paths: "vec text",
+      snapshot_revision: "text",
+      changed_nodes: "vec Node",
+      next_cursor: "opt text"
+    }
+  },
+  UrlIngestTriggerSessionCheckRequest: {
+    kind: "record",
+    fields: { database_id: "text", request_path: "text", session_nonce: "text" }
+  },
+  SourceRunSessionCheckRequest: {
+    kind: "record",
+    fields: {
+      source_path: "text",
+      source_etag: "text",
+      session_nonce: "text",
+      database_id: "text"
+    }
+  },
+  WriteNodeResult: { kind: "record", fields: { created: "bool", node: "NodeMutationAck" } },
+  MkdirNodeResult: { kind: "record", fields: { created: "bool", path: "text" } },
+  ResultNode: { kind: "variant", cases: { Ok: "opt Node", Err: "text" } },
+  ResultSearch: { kind: "variant", cases: { Ok: "vec SearchNodeHit", Err: "text" } },
+  ResultWriteNode: { kind: "variant", cases: { Ok: "WriteNodeResult", Err: "text" } },
+  ResultMkdirNode: { kind: "variant", cases: { Ok: "MkdirNodeResult", Err: "text" } },
+  ResultExportSnapshot: { kind: "variant", cases: { Ok: "ExportSnapshotResponse", Err: "text" } },
+  ResultFetchUpdates: { kind: "variant", cases: { Ok: "FetchUpdatesResponse", Err: "text" } },
+  ResultUnit: { kind: "variant", cases: { Ok: "null", Err: "text" } }
+};
+
+const expectedMethods = {
+  check_database_write_cycles: { input: ["text"], output: "ResultUnit", mode: "query" },
+  check_source_run_session: { input: ["SourceRunSessionCheckRequest"], output: "ResultUnit", mode: "query" },
+  check_url_ingest_trigger_session: { input: ["UrlIngestTriggerSessionCheckRequest"], output: "ResultUnit", mode: "query" },
+  read_node: { input: ["text", "text"], output: "ResultNode", mode: "query" },
+  mkdir_node: { input: ["MkdirNodeRequest"], output: "ResultMkdirNode", mode: "update" },
+  write_node: { input: ["WriteNodeRequest"], output: "ResultWriteNode", mode: "update" },
+  search_nodes: { input: ["SearchNodesRequest"], output: "ResultSearch", mode: "query" },
+  export_snapshot: { input: ["ExportSnapshotRequest"], output: "ResultExportSnapshot", mode: "query" },
+  fetch_updates: { input: ["FetchUpdatesRequest"], output: "ResultFetchUpdates", mode: "query" }
+};
+
+const failures = checkCandidSubset({ didSource: did, idlSource: idl, expectedTypes, expectedMethods, didTypeAliases });
+if (failures.length > 0) {
+  console.error(failures.join("\n"));
+  process.exit(1);
+}
+
+console.log(`Wiki generator Candid subset OK: ${Object.keys(expectedMethods).join(", ")}`);