diff --git a/CHANGELOG.md b/CHANGELOG.md
index 894acb7..a191ee7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,18 @@
+## v1.0.1 (2026-05-05)
+
+## What's Changed
+
+- ci: drop develop-FF gate from release dispatches; require main by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/200
+- Preprod Release by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/201
+- chore: update agent CHANGELOG.md for agent/v1.0.0 by @github-actions[bot] in https://github.com/rado0x54/ShellWatch/pull/202
+- docs: align README and docs/ with current code by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/203
+- docs: refactor README — logo, tagline, requirements, dev/prod flow by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/204
+- chore: self-host Geist fonts; drop Google Fonts dependency by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/206
+- ci: bump homebrew-tap formula on agent release by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/205
+- Preprod Release by @rado0x54 in https://github.com/rado0x54/ShellWatch/pull/207
+
+**Full Changelog**: https://github.com/rado0x54/ShellWatch/compare/v1.0.0...v1.0.1
+
 ## v1.0.0 (2026-05-03)
 
 ## What's Changed
diff --git a/README.md b/README.md
index 5e94bcc..6fe9693 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ ShellWatch is a Human-in-the-Loop platform for agent-driven SSH. Passkey-first a
 
 - **Passkey-only auth** — WebAuthn for UI login, agent enrollment, and SSH authentication via OpenSSH's [`webauthn-sk-ecdsa-sha2-nistp256@openssh.com`](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f) signature algorithm
 - **End-to-end SSH-agent proxy** — local `ssh`/`scp`/`git` reach a passkey via ShellWatch with explicit browser approval per signature
-- **Agent forwarding into sessions** — your passkey-backed SSH agent is forwarded into every ShellWatch session, so you can hop to additional hosts and enable SSH-agent-based PAM integration
+- **Agent forwarding into sessions** — your passkey-backed SSH agent is forwarded into ShellWatch sessions (per-endpoint toggle), so you can hop to additional hosts and enable SSH-agent-based PAM integration
 - **PAM integration** — pair with [`pam-ssh-agent-webauthn`](https://github.com/rado0x54/pam-ssh-agent-webauthn) to gate `sudo` (or any PAM-aware step) behind a passkey approval surfaced through ShellWatch
 - **Human-in-the-loop for agents** — MCP agents request, humans approve; sensitive actions can require per-action consent
 - **Realtime notifications** — sign requests arrive as Web Push and in-UI toasts
@@ -38,6 +38,14 @@ ShellWatch is a Human-in-the-Loop platform for agent-driven SSH. Passkey-first a
   PubkeyAcceptedAlgorithms=+webauthn-sk-ecdsa-sha2-nistp256@openssh.com
   ```
 
+  One-liner to append it and reload `sshd`:
+
+  ```bash
+  echo 'PubkeyAcceptedAlgorithms=+webauthn-sk-ecdsa-sha2-nistp256@openssh.com' \
+    | sudo tee -a /etc/ssh/sshd_config
+  sudo systemctl reload ssh   # or: sudo systemctl reload sshd
+  ```
+
 - **Client (`ssh`):** OpenSSH **10.3+** — only when using the [SSH agent proxy](#ssh-agent-proxy). The PAM-from-inside-a-session path uses our [PAM module](https://github.com/rado0x54/pam-ssh-agent-webauthn) talking to `$SSH_AUTH_SOCK` directly, and plain ShellWatch sessions opened from the UI or MCP have no client-side OpenSSH requirement.
 
 ## Quick start
diff --git a/client/src/app.css b/client/src/app.css
index 142caf9..7e683a8 100644
--- a/client/src/app.css
+++ b/client/src/app.css
@@ -326,6 +326,13 @@ pre,
   background: var(--warning, var(--secondary));
 }
 
+.badge-demo {
+  color: var(--accent);
+}
+.badge-demo::before {
+  background: var(--accent);
+}
+
 /* ------------------------------------------------------------------
  * Status dots — small 6px squares, colored, glow when live
  * ------------------------------------------------------------------ */
diff --git a/client/src/lib/components/ServerSetupGuide.svelte b/client/src/lib/components/ServerSetupGuide.svelte
new file mode 100644
index 0000000..84b6154
--- /dev/null
+++ b/client/src/lib/components/ServerSetupGuide.svelte
@@ -0,0 +1,187 @@
+<!-- SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 -->
+<!--
+  Walks a user through the two-line server-side setup for ShellWatch passkey
+  auth. Reused by:
+    - the "Add Your Own Endpoint" wizard (passes the freshly-registered passkey
+      so the authorized_keys command is fully copy-pastable)
+    - the /settings/setup help tab (no passkey context; renders an instructional
+      placeholder + a link to /settings/passkeys)
+-->
+<script lang="ts">
+  import Wordmark from "./Wordmark.svelte";
+
+  interface Props {
+    /**
+     * Optional passkey to inline into the second copy-block. When omitted, the
+     * second block shows a placeholder and a hint to grab the entry from
+     * Settings → Passkeys.
+     */
+    passkey?: { authorizedKeysEntry: string | null; label: string } | null;
+    /** Account name used to scope the authorized_keys comment. Defaults to "user". */
+    accountName?: string;
+  }
+
+  let { passkey = null, accountName = "user" }: Props = $props();
+
+  // Single source for the sshd line — referenced from both the visible code
+  // block and the clipboard handler so they can't drift. Mirrors the value
+  // computed server-side in src/webauthn/ssh-key-format.ts; if that changes
+  // (additional algorithms, multi-line config), surface it through the
+  // register response and consume it here instead.
+  const SSHD_CONFIG_LINE = "PubkeyAcceptedAlgorithms=+webauthn-sk-ecdsa-sha2-nistp256@openssh.com";
+  const SSHD_CONFIG_ONE_LINER = `echo '${SSHD_CONFIG_LINE}' | sudo tee -a /etc/ssh/sshd_config`;
+
+  function sshComment(label: string): string {
+    const sanitize = (s: string) =>
+      s
+        .toLowerCase()
+        .replace(/[^a-z0-9]/g, "_")
+        .replace(/_+/g, "_")
+        .replace(/^_|_$/g, "");
+    const host = sanitize(window.location.hostname);
+    const name = sanitize(accountName.trim() || "user");
+    const key = sanitize(label);
+    return `${host}-${name}-${key}`;
+  }
+
+  const sshLine = $derived(
+    passkey?.authorizedKeysEntry
+      ? `${passkey.authorizedKeysEntry} ${sshComment(passkey.label)}`
+      : null,
+  );
+
+  const sshOneLiner = $derived(sshLine ? `echo '${sshLine}' >> ~/.ssh/authorized_keys` : null);
+
+  async function copyToClipboard(text: string, btn: HTMLButtonElement) {
+    const original = btn.innerHTML;
+    try {
+      await navigator.clipboard.writeText(text);
+      btn.innerHTML = "&#10003; Copied";
+    } catch {
+      // Insecure context (HTTP non-localhost) or denied permission — surface
+      // the failure instead of flashing a false-positive "Copied" state.
+      btn.innerHTML = "Copy failed";
+    }
+    setTimeout(() => {
+      btn.innerHTML = original;
+    }, 1500);
+  }
+</script>
+
+<p class="description">
+  Two one-time steps on each server you want to reach. Requires
+  <strong>OpenSSH 8.4+</strong>.
+</p>
+
+<div class="code-block">
+  <span class="code-label"
+    >1. Enable WebAuthn keys in <code>/etc/ssh/sshd_config</code> (reload sshd after)</span
+  >
+  <code class="code-content">{SSHD_CONFIG_ONE_LINER}</code>
+  <button
+    type="button"
+    class="btn-copy"
+    onclick={(e) => copyToClipboard(SSHD_CONFIG_ONE_LINER, e.currentTarget as HTMLButtonElement)}
+    >Copy</button
+  >
+</div>
+
+{#if sshOneLiner && sshLine}
+  <div class="code-block">
+    <span class="code-label">2. Add this passkey to <code>~/.ssh/authorized_keys</code></span>
+    <code class="code-content">{sshOneLiner}</code>
+    <button
+      type="button"
+      class="btn-copy"
+      onclick={(e) => copyToClipboard(sshOneLiner!, e.currentTarget as HTMLButtonElement)}
+      >Copy</button
+    >
+  </div>
+{:else if passkey}
+  <p class="hint">
+    This authenticator does not expose an SSH-compatible public key. You can still use it for <Wordmark
+    /> login. To enable SSH, register a different passkey from Settings.
+  </p>
+{:else}
+  <div class="code-block">
+    <span class="code-label">2. Add a passkey to <code>~/.ssh/authorized_keys</code> (example)</span
+    >
+    <code class="code-content placeholder">
+      echo 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com
+      AAAAK3dlYmF1dGhuLXNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBExample…=
+      example_com-alice-yubikey5' &gt;&gt; ~/.ssh/authorized_keys
+    </code>
+  </div>
+  <p class="hint">
+    Replace the key body and comment with your own — copy the exact one-liner for a specific passkey
+    from <strong>Settings → Passkeys</strong>.
+  </p>
+{/if}
+
+<style>
+  .description,
+  .hint {
+    color: var(--text-muted);
+    font-size: 0.85rem;
+    margin-bottom: 0.75rem;
+    line-height: 1.55;
+  }
+
+  .hint {
+    font-size: 0.78rem;
+  }
+
+  .code-block {
+    position: relative;
+    background: var(--bg-primary);
+    border: 1px solid var(--border);
+    border-radius: 6px;
+    padding: 0.6rem 0.75rem;
+    margin-bottom: 0.75rem;
+    text-align: left;
+  }
+
+  .code-label {
+    display: block;
+    font-size: 0.65rem;
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+    color: var(--text-muted);
+    margin-bottom: 0.35rem;
+  }
+
+  .code-content {
+    display: block;
+    font-size: 0.75rem;
+    word-break: break-all;
+    padding-right: 3.5rem; /* leave room for the absolute Copy button */
+  }
+
+  .code-content.placeholder {
+    color: var(--text-muted);
+    font-style: italic;
+  }
+
+  .btn-copy {
+    position: absolute;
+    top: 0.4rem;
+    right: 0.4rem;
+    padding: 0.25rem 0.5rem;
+    background: var(--bg-secondary);
+    color: var(--text-primary);
+    border: 1px solid var(--border);
+    border-radius: 4px;
+    font-size: 0.7rem;
+    cursor: pointer;
+  }
+
+  .btn-copy:hover {
+    background: var(--border);
+  }
+
+  @media (max-width: 640px) {
+    .code-content {
+      font-size: 0.7rem;
+    }
+  }
+</style>
diff --git a/client/src/lib/components/Sidebar.svelte b/client/src/lib/components/Sidebar.svelte
index 1979dfd..d1b23e4 100644
--- a/client/src/lib/components/Sidebar.svelte
+++ b/client/src/lib/components/Sidebar.svelte
@@ -1,5 +1,6 @@
 <!-- SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 -->
 <script lang="ts">
+  import { onDestroy } from "svelte";
   import { goto } from "$app/navigation";
   import { resolve } from "$app/paths";
   import { page } from "$app/state";
@@ -60,8 +61,89 @@
     await goto(resolve(path));
     onMobileClose?.();
   }
+
+  let accountMenuOpen = $state(false);
+  // Tracks which input modality opened the account row. Hover-expanded rows
+  // collapse instantly on mouseleave; click-expanded rows linger for 3s so the
+  // user can move the cursor to the Sign-out button without it disappearing.
+  let expandSource: "click" | "hover" | null = $state(null);
+  let collapseTimer: ReturnType<typeof setTimeout> | null = null;
+
+  const CLICK_AUTO_COLLAPSE_MS = 3000;
+  const HOVER_AUTO_COLLAPSE_MS = 500;
+
+  function clearCollapseTimer() {
+    if (collapseTimer !== null) {
+      clearTimeout(collapseTimer);
+      collapseTimer = null;
+    }
+  }
+
+  function collapseNow() {
+    clearCollapseTimer();
+    accountMenuOpen = false;
+    expandSource = null;
+  }
+
+  function expandAsHover() {
+    // Don't override a click-expanded row.
+    if (accountMenuOpen && expandSource === "click") return;
+    // Cancel any pending hover-collapse timer — covers re-entry during grace.
+    clearCollapseTimer();
+    accountMenuOpen = true;
+    expandSource = "hover";
+  }
+
+  function expandAsClick() {
+    clearCollapseTimer();
+    accountMenuOpen = true;
+    expandSource = "click";
+    collapseTimer = setTimeout(collapseNow, CLICK_AUTO_COLLAPSE_MS);
+  }
+
+  function handleAccountClick() {
+    if (accountMenuOpen && expandSource === "click") {
+      collapseNow();
+    } else {
+      expandAsClick();
+    }
+  }
+
+  function handleFooterMouseEnter() {
+    // Re-entering the row during the hover-collapse grace period cancels it,
+    // even if cursor lands on the name or logout button rather than the icon.
+    if (accountMenuOpen && expandSource === "hover") {
+      clearCollapseTimer();
+    }
+  }
+
+  function handleFooterMouseLeave() {
+    if (accountMenuOpen && expandSource === "hover") {
+      clearCollapseTimer();
+      collapseTimer = setTimeout(collapseNow, HOVER_AUTO_COLLAPSE_MS);
+    }
+  }
+
+  function handleAccountKeydown(e: KeyboardEvent) {
+    if (e.key === "Escape" && accountMenuOpen) {
+      collapseNow();
+    }
+  }
+
+  async function handleLogout() {
+    collapseNow();
+    await logout();
+  }
+
+  onDestroy(clearCollapseTimer);
 </script>
 
+<!--
+  Keydown handler is only wired while the menu is open, so Escape pressed
+  inside an xterm session (or anywhere else) can't surprise-close it.
+-->
+<svelte:window onkeydown={accountMenuOpen ? handleAccountKeydown : null} />
+
 <nav class="sidebar">
   <div class="sidebar-brand">
     <img class="sidebar-logo" src="/logo.svg" alt="" />
@@ -76,6 +158,9 @@
           <div class="endpoint-item">
             <div class="endpoint-info">
               <span class="endpoint-label" title={formatEndpointAddress(ep)}>{ep.label}</span>
+              {#if ep.isDemo}
+                <span class="badge badge-demo" title="Operator-curated demo endpoint">demo</span>
+              {/if}
             </div>
             <button type="button" class="btn btn-primary" onclick={() => handleConnect(ep.id)}
               >Connect</button
@@ -193,17 +278,6 @@
   </div>
 
   <div class="sidebar-footer">
-    {#if $account}
-      <div class="account-info">
-        <Identicon uuid={$account.id} size={36} />
-        <div class="account-details">
-          <span class="account-name">{$account.name}</span>
-          {#if $account.isAdmin}
-            <span class="badge badge-admin">admin</span>
-          {/if}
-        </div>
-      </div>
-    {/if}
     <button
       type="button"
       class="btn-nav"
@@ -238,7 +312,111 @@
         Admin
       </button>
     {/if}
-    <button type="button" class="btn-nav btn-logout" onclick={logout}> Sign Out </button>
+    <!-- svelte-ignore a11y_no_static_element_interactions -->
+    <div
+      class="footer-row"
+      onmouseenter={handleFooterMouseEnter}
+      onmouseleave={handleFooterMouseLeave}
+    >
+      {#if $account}
+        <button
+          type="button"
+          class="account-trigger"
+          onclick={handleAccountClick}
+          onmouseenter={expandAsHover}
+          aria-expanded={accountMenuOpen}
+          aria-label={accountMenuOpen
+            ? `Collapse account details for ${$account.name}`
+            : `Expand account details for ${$account.name}`}
+        >
+          <Identicon uuid={$account.id} size={36} />
+        </button>
+
+        {#if accountMenuOpen}
+          <div class="account-details">
+            <span class="account-name">{$account.name}</span>
+            {#if $account.isAdmin}
+              <span class="badge badge-admin">admin</span>
+            {/if}
+          </div>
+          <button
+            type="button"
+            class="icon-btn icon-btn-danger"
+            onclick={handleLogout}
+            title="Sign out"
+            aria-label="Sign out"
+          >
+            <svg
+              width="18"
+              height="18"
+              viewBox="0 0 24 24"
+              aria-hidden="true"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="2"
+              stroke-linecap="round"
+              stroke-linejoin="round"
+            >
+              <path d="M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4" />
+              <path d="m16 17 5-5-5-5" />
+              <path d="M21 12H9" />
+            </svg>
+          </button>
+        {:else}
+          <div class="footer-resources" role="group" aria-label="Resources">
+            <a
+              class="icon-btn"
+              href="https://docs.shellwatch.ai"
+              target="_blank"
+              rel="noopener noreferrer"
+              title="Documentation"
+              aria-label="Documentation"
+            >
+              <svg
+                width="18"
+                height="18"
+                viewBox="0 0 24 24"
+                aria-hidden="true"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2"
+                stroke-linecap="round"
+                stroke-linejoin="round"
+              >
+                <path
+                  d="M12 7v14m4-9h2m-2-4h2M3 18a1 1 0 0 1-1-1V4a1 1 0 0 1 1-1h5a4 4 0 0 1 4 4a4 4 0 0 1 4-4h5a1 1 0 0 1 1 1v13a1 1 0 0 1-1 1h-6a3 3 0 0 0-3 3a3 3 0 0 0-3-3zm3-6h2M6 8h2"
+                />
+              </svg>
+            </a>
+            <a
+              class="icon-btn"
+              href="https://github.com/rado0x54/ShellWatch"
+              target="_blank"
+              rel="noopener noreferrer"
+              title="GitHub"
+              aria-label="GitHub"
+            >
+              <svg
+                width="18"
+                height="18"
+                viewBox="0 0 24 24"
+                aria-hidden="true"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2"
+                stroke-linecap="round"
+                stroke-linejoin="round"
+              >
+                <path
+                  d="M15 22v-4a4.8 4.8 0 0 0-1-3.5c3 0 6-2 6-5.5c.08-1.25-.27-2.48-1-3.5c.28-1.15.28-2.35 0-3.5c0 0-1 0-3 1.5c-2.64-.5-5.36-.5-8 0C6 2 5 2 5 2c-.3 1.15-.3 2.35 0 3.5A5.4 5.4 0 0 0 4 9c0 3.5 3 5.5 6 5.5c-.39.49-.68 1.05-.85 1.65S8.93 17.38 9 18v4"
+                />
+                <path d="M9 18c-4.51 2-5-2-7-2" />
+              </svg>
+            </a>
+          </div>
+        {/if}
+      {/if}
+    </div>
   </div>
 </nav>
 
@@ -330,6 +508,15 @@
     white-space: nowrap;
   }
 
+  /* Reuse the global signal-chip convention (.badge + .badge-demo) below the
+     label rather than inline, so a long label still fits the full sidebar
+     width before ellipsizing. align-self pins the chip to the left edge of
+     the column; margin-left/0 drops the global .badge inline-spacing default. */
+  .endpoint-info :global(.badge) {
+    margin-left: 0;
+    align-self: flex-start;
+  }
+
   .endpoint-item > :global(.btn) {
     flex-shrink: 0;
   }
@@ -464,21 +651,6 @@
     box-shadow: 0 0 12px rgba(105, 246, 184, 0.6);
   }
 
-  .account-info {
-    display: flex;
-    align-items: center;
-    gap: var(--space-3);
-    padding: var(--space-3) 0;
-    margin-bottom: var(--space-2);
-  }
-
-  .account-details {
-    display: flex;
-    flex-direction: column;
-    gap: 0.15rem;
-    min-width: 0;
-  }
-
   .account-name {
     font-size: var(--body-md);
     font-weight: 600;
@@ -498,6 +670,7 @@
     letter-spacing: 0.04em;
     color: var(--primary);
     font-weight: 500;
+    align-self: flex-start;
   }
 
   .badge-admin::before {
@@ -508,11 +681,81 @@
     display: inline-block;
   }
 
-  .btn-logout:hover {
-    color: var(--error);
+  .footer-row {
+    display: flex;
+    align-items: center;
+    gap: var(--space-3);
+    margin-top: var(--space-3);
+    padding-top: var(--space-4);
+    border-top: 1px solid var(--outline-variant);
+  }
+
+  .account-trigger {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    padding: 2px;
+    background: transparent;
+    border: none;
+    cursor: pointer;
+    transition: filter 0.15s;
+    flex-shrink: 0;
+  }
+
+  .account-trigger:hover {
+    filter: brightness(1.15);
+  }
+
+  .account-trigger:focus-visible {
+    outline: 2px solid var(--primary);
+    outline-offset: 2px;
+  }
+
+  .account-details {
+    display: flex;
+    flex-direction: column;
+    gap: 0.15rem;
+    min-width: 0;
+    flex: 1;
+  }
+
+  .footer-resources {
+    display: flex;
+    align-items: center;
+    gap: var(--space-1);
+    margin-left: auto;
+  }
+
+  .icon-btn {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    width: 36px;
+    height: 36px;
+    background: transparent;
+    border: none;
+    color: var(--on-surface-variant);
+    cursor: pointer;
+    text-decoration: none;
+    transition:
+      color 0.15s,
+      background 0.15s;
+  }
+
+  .icon-btn:hover {
+    color: var(--on-surface);
     background: var(--surface-container);
   }
 
+  .icon-btn:focus-visible {
+    outline: 2px solid var(--primary);
+    outline-offset: -2px;
+  }
+
+  .icon-btn-danger:hover {
+    color: var(--error);
+  }
+
   @media (max-width: 768px) {
     .sidebar {
       width: 100%;
diff --git a/client/src/lib/stores/account.ts b/client/src/lib/stores/account.ts
index 2636afa..1f3d96b 100644
--- a/client/src/lib/stores/account.ts
+++ b/client/src/lib/stores/account.ts
@@ -5,7 +5,9 @@ export interface AccountData {
   id: string;
   name: string;
   isAdmin: boolean;
-  agentForward: boolean;
+  showDemoEndpoints: boolean;
+  /** True when the operator has at least one demoEndpoints entry in config. */
+  demoEndpointsAvailable: boolean;
 }
 
 export const account = writable<AccountData | null>(null);
@@ -37,15 +39,15 @@ export async function updateAccountName(name: string): Promise<void> {
   await fetchAccount();
 }
 
-export async function updateAgentForward(agentForward: boolean): Promise<void> {
+export async function updateShowDemoEndpoints(showDemoEndpoints: boolean): Promise<void> {
   const res = await fetch("/api/auth/me", {
     method: "PUT",
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ agentForward }),
+    body: JSON.stringify({ showDemoEndpoints }),
   });
   if (!res.ok) {
     const err = await res.json();
-    throw new Error(err.error || "Failed to update agent forwarding");
+    throw new Error(err.error || "Failed to update demo endpoint visibility");
   }
   await fetchAccount();
 }
diff --git a/client/src/lib/stores/endpoints.ts b/client/src/lib/stores/endpoints.ts
index 6b0479a..7a4ec92 100644
--- a/client/src/lib/stores/endpoints.ts
+++ b/client/src/lib/stores/endpoints.ts
@@ -18,7 +18,10 @@ export interface Endpoint {
   port: number;
   username: string;
   userVerification: UserVerification;
+  agentForward: boolean;
   description: string | null;
+  /** True if this is a virtual demo endpoint (read-only, from operator config). */
+  isDemo: boolean;
 }
 
 export const endpoints = writable<Endpoint[]>([]);
@@ -35,6 +38,7 @@ export async function createEndpoint(body: {
   port: number;
   username: string;
   userVerification?: UserVerification;
+  agentForward?: boolean;
   description?: string | null;
 }): Promise<void> {
   const res = await fetch("/api/endpoints", {
diff --git a/client/src/lib/utils/endpoint-address.ts b/client/src/lib/utils/endpoint-address.ts
index 28c4eaa..fdb0dcc 100644
--- a/client/src/lib/utils/endpoint-address.ts
+++ b/client/src/lib/utils/endpoint-address.ts
@@ -58,10 +58,13 @@ function parsePort(s: string): number {
 }
 
 /**
- * Format an endpoint address, omitting defaults.
+ * Format an endpoint address. The username is always rendered so the display
+ * is unambiguous when the endpoint was created without a `user@` prefix and
+ * picked up the `shellwatch` default — surfacing the default explicitly
+ * matches what sshd actually sees on the wire. The port is still omitted
+ * when it's the SSH default (22).
  */
 export function formatEndpointAddress(ep: EndpointAddress): string {
-  const userPart = ep.username !== DEFAULT_USERNAME ? `${ep.username}@` : "";
   const portPart = ep.port !== DEFAULT_PORT ? `:${ep.port}` : "";
-  return `${userPart}${ep.host}${portPart}`;
+  return `${ep.username}@${ep.host}${portPart}`;
 }
diff --git a/client/src/routes/admin/general/+page.svelte b/client/src/routes/admin/general/+page.svelte
index f4fd03b..5e1aeb7 100644
--- a/client/src/routes/admin/general/+page.svelte
+++ b/client/src/routes/admin/general/+page.svelte
@@ -13,6 +13,7 @@
   interface SeedEndpoint {
     label: string;
     address: string;
+    agentForward: boolean;
     passkeyCredentialRef?: string;
   }
 
@@ -53,6 +54,10 @@
       for (const ep of endpoints) {
         lines.push(`  - label: ${yamlStr(ep.label)}`);
         lines.push(`    address: ${yamlStr(ep.address)}`);
+        // Only emit when off — default is true, keep YAML clean.
+        if (!ep.agentForward) {
+          lines.push("    agentForward: false");
+        }
         if (ep.passkeyCredentialRef) {
           lines.push(`    passkeyCredentialRef: ${yamlStr(ep.passkeyCredentialRef)}`);
         }
diff --git a/client/src/routes/observer/+page.svelte b/client/src/routes/observer/+page.svelte
index 255c8ef..551e700 100644
--- a/client/src/routes/observer/+page.svelte
+++ b/client/src/routes/observer/+page.svelte
@@ -157,6 +157,16 @@
         <div class="observer-cell-terminal" use:openTerminalInCell={obs}></div>
       </div>
     {/each}
+    {#if $sessions.length === 0}
+      <div class="observer-empty">
+        <h2>No active sessions</h2>
+        <p>
+          Observer Mode shows a live read-only grid of every open session in your account &mdash;
+          UI, MCP agent, and SSH-agent proxy connections all appear here side by side.
+        </p>
+        <p>Open a session from the sidebar or have an agent start one, and it will show up here.</p>
+      </div>
+    {/if}
   </div>
 </div>
 
@@ -242,4 +252,31 @@
     height: 100%;
     padding: 2px;
   }
+
+  .observer-empty {
+    grid-column: 1 / -1;
+    grid-row: 1 / -1;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    gap: var(--space-3);
+    padding: var(--space-6);
+    text-align: center;
+    color: var(--on-surface-variant);
+  }
+
+  .observer-empty h2 {
+    font-family: var(--font-display);
+    font-size: var(--title-md);
+    font-weight: 600;
+    letter-spacing: -0.01em;
+    color: var(--on-surface);
+  }
+
+  .observer-empty p {
+    max-width: 56ch;
+    line-height: 1.55;
+    font-size: var(--body-md);
+  }
 </style>
diff --git a/client/src/routes/register/+page.svelte b/client/src/routes/register/+page.svelte
index 2a1eec0..2618e73 100644
--- a/client/src/routes/register/+page.svelte
+++ b/client/src/routes/register/+page.svelte
@@ -5,9 +5,6 @@
   import { resolve } from "$app/paths";
   import { get } from "svelte/store";
   import { selfRegistrationEnabled } from "$lib/stores/connection.js";
-  import { createEndpoint, endpoints, fetchEndpoints } from "$lib/stores/endpoints.js";
-  import { formatEndpointAddress, parseEndpointAddress } from "$lib/utils/endpoint-address.js";
-  import { generateApiKey } from "$lib/stores/keys.js";
   import {
     pushEnabled,
     pushLoading,
@@ -20,23 +17,15 @@
   import { credentials, fetchCredentials, registerAccount } from "$lib/stores/webauthn.js";
   import Wordmark from "$lib/components/Wordmark.svelte";
 
-  type StepId =
-    | "welcome"
-    | "passkey"
-    | "server-setup"
-    | "endpoints"
-    | "mcp"
-    | "notifications"
-    | "advanced";
+  // The technical-setup steps (SSH server, endpoints, MCP key, advanced links)
+  // live in Settings → Setup now. Onboarding is a 3-step minimum-friction path
+  // that ends with the user landing in the app and seeing demo endpoints.
+  type StepId = "welcome" | "passkey" | "notifications";
 
   const stepOrder: { id: StepId; label: string }[] = [
     { id: "welcome", label: "Welcome" },
     { id: "passkey", label: "Passkey" },
-    { id: "server-setup", label: "Server" },
-    { id: "endpoints", label: "Endpoints" },
-    { id: "mcp", label: "MCP" },
     { id: "notifications", label: "Notify" },
-    { id: "advanced", label: "Done" },
   ];
 
   let isAdminSetup = $state(false);
@@ -91,10 +80,9 @@
       const result = await registerAccount(accountName.trim());
       registeredCredentialId = result.credentialId;
       status = "";
-      // Pull the freshly-stored credential row so we can show its
-      // authorized_keys entry on the server-setup step. Also pre-fetch
-      // endpoints so admin's seeded entries appear when they reach that step.
-      await Promise.all([fetchCredentials(), fetchEndpoints()]);
+      // Pull the freshly-stored credential row so the confirmation copy can
+      // surface its label.
+      await fetchCredentials();
       next();
     } catch (err) {
       error = (err as Error).message;
@@ -103,127 +91,10 @@
     loading = false;
   }
 
-  // --- Server setup step ---
-  // registerAccount returns the WebAuthn credentialId (base64url), not the
-  // row UUID — so match on credentialId, not the row's `id` field.
   const registeredCred = $derived(
     $credentials.find((c) => c.credentialId === registeredCredentialId) ?? null,
   );
 
-  function sshComment(label: string): string {
-    const sanitize = (s: string) =>
-      s
-        .toLowerCase()
-        .replace(/[^a-z0-9]/g, "_")
-        .replace(/_+/g, "_")
-        .replace(/^_|_$/g, "");
-    const host = sanitize(window.location.hostname);
-    const name = sanitize(accountName.trim() || "user");
-    const key = sanitize(label);
-    return `${host}-${name}-${key}`;
-  }
-
-  const sshLine = $derived(
-    registeredCred?.authorizedKeysEntry
-      ? `${registeredCred.authorizedKeysEntry} ${sshComment(registeredCred.label)}`
-      : null,
-  );
-
-  const sshOneLiner = $derived(sshLine ? `echo '${sshLine}' >> ~/.ssh/authorized_keys` : null);
-
-  // Single source for the sshd line — referenced from both the visible code
-  // block and the clipboard handler so they can't drift. Mirrors the value
-  // computed server-side in src/webauthn/ssh-key-format.ts; if that changes
-  // (additional algorithms, multi-line config), surface it through the
-  // register response and consume it here instead.
-  const SSHD_CONFIG_LINE = "PubkeyAcceptedAlgorithms=+webauthn-sk-ecdsa-sha2-nistp256@openssh.com";
-
-  async function copyToClipboard(text: string, btn: HTMLButtonElement) {
-    const original = btn.innerHTML;
-    try {
-      await navigator.clipboard.writeText(text);
-      btn.innerHTML = "&#10003; Copied";
-    } catch {
-      // Insecure context (HTTP non-localhost) or denied permission — surface
-      // the failure instead of flashing a false-positive "Copied" state.
-      btn.innerHTML = "Copy failed";
-    }
-    setTimeout(() => {
-      btn.innerHTML = original;
-    }, 1500);
-  }
-
-  // --- Endpoints step ---
-  let epLabel = $state("");
-  let epAddress = $state("");
-
-  async function handleAddEndpoint() {
-    if (!epLabel || !epAddress) {
-      error = "Label and Address are required";
-      return;
-    }
-    let parsed;
-    try {
-      parsed = parseEndpointAddress(epAddress);
-    } catch (err) {
-      error = (err as Error).message;
-      return;
-    }
-    loading = true;
-    error = "";
-    try {
-      await createEndpoint({
-        label: epLabel,
-        host: parsed.host,
-        port: parsed.port,
-        username: parsed.username,
-      });
-      epLabel = "";
-      epAddress = "";
-    } catch (err) {
-      error = (err as Error).message;
-    }
-    loading = false;
-  }
-
-  // --- MCP step ---
-  let apiKeyLabel = $state("");
-  let generatedKey = $state("");
-  let showApiKeyForm = $state(false);
-
-  const mcpUrl = $derived(`${window.location.origin}/mcp`);
-
-  // Sample config for non-OAuth MCP clients (HTTP-streaming with bearer auth).
-  // Inline the generated key directly so the user can copy the whole snippet
-  // and paste it into their MCP client without further substitution.
-  const mcpSampleConfig = $derived(
-    `{
-  "mcpServers": {
-    "shellwatch": {
-      "type": "http",
-      "url": "${mcpUrl}",
-      "headers": { "Authorization": "Bearer ${generatedKey || "<YOUR_API_KEY>"}" }
-    }
-  }
-}`,
-  );
-
-  async function handleGenerateApiKey() {
-    if (!apiKeyLabel) {
-      error = "Label is required";
-      return;
-    }
-    loading = true;
-    error = "";
-    try {
-      generatedKey = await generateApiKey(apiKeyLabel, ["mcp"]);
-      apiKeyLabel = "";
-    } catch (err) {
-      error = (err as Error).message;
-    }
-    loading = false;
-  }
-
   // --- Notifications step ---
   // Only probe the SW + push manager once. Re-firing on each back/forward
   // visit is harmless but wasteful — the user can't toggle from elsewhere
@@ -344,160 +215,6 @@
           </button>
         </div>
       {/if}
-    {:else if currentStep === "server-setup"}
-      <h1>Use this passkey for SSH</h1>
-      <p class="description">
-        Two one-time steps on each server you want to reach. Requires
-        <strong>OpenSSH 8.4+</strong>.
-      </p>
-
-      {#if sshOneLiner && sshLine}
-        <div class="code-block">
-          <span class="code-label"
-            >1. Enable WebAuthn keys in <code>/etc/ssh/sshd_config</code> (reload sshd after)</span
-          >
-          <code class="code-content">{SSHD_CONFIG_LINE}</code>
-          <button
-            type="button"
-            class="btn-copy"
-            onclick={(e) => copyToClipboard(SSHD_CONFIG_LINE, e.currentTarget as HTMLButtonElement)}
-            >Copy</button
-          >
-        </div>
-
-        <div class="code-block">
-          <span class="code-label">2. Add this passkey to <code>~/.ssh/authorized_keys</code></span>
-          <code class="code-content">{sshOneLiner}</code>
-          <button
-            type="button"
-            class="btn-copy"
-            onclick={(e) => copyToClipboard(sshOneLiner!, e.currentTarget as HTMLButtonElement)}
-            >Copy</button
-          >
-        </div>
-      {:else}
-        <p class="hint">
-          This authenticator does not expose an SSH-compatible public key. You can still use it for <Wordmark
-          /> login. To enable SSH, register a different passkey from Settings.
-        </p>
-      {/if}
-
-      <div class="nav-row">
-        <button type="button" class="btn-secondary" onclick={back}>Back</button>
-        <button type="button" class="btn-primary" onclick={next}>Continue</button>
-      </div>
-    {:else if currentStep === "endpoints"}
-      <h1>Add SSH Endpoints</h1>
-      <p class="description">
-        Configure the remote servers you want to manage. You can always add more later.
-      </p>
-
-      {#if $endpoints.length > 0}
-        <div class="endpoint-list">
-          {#each $endpoints as ep (ep.id)}
-            <div class="endpoint-item">
-              <span class="endpoint-label">{ep.label}</span>
-              <span class="endpoint-detail">{formatEndpointAddress(ep)}</span>
-            </div>
-          {/each}
-        </div>
-      {/if}
-
-      <div class="form-row">
-        <input type="text" class="input" bind:value={epLabel} placeholder="Label" />
-        <input type="text" class="input" bind:value={epAddress} placeholder="user@host:port" />
-      </div>
-      <div class="btn-row">
-        <button type="button" class="btn-secondary" disabled={loading} onclick={handleAddEndpoint}>
-          Add Endpoint
-        </button>
-      </div>
-      <div class="nav-row">
-        <button type="button" class="btn-secondary" onclick={back}>Back</button>
-        <button type="button" class="btn-primary" onclick={next}>
-          {$endpoints.length > 0 ? "Continue" : "Skip"}
-        </button>
-      </div>
-    {:else if currentStep === "mcp"}
-      <h1>Connect AI agents</h1>
-      <p class="description">
-        Agents talk to <Wordmark /> via the Model Context Protocol. There are two ways to wire one up.
-      </p>
-
-      <div class="mcp-card">
-        <div class="mcp-card-head">
-          <span class="badge-recommended">Recommended</span>
-          <strong>OAuth-capable agents</strong>
-        </div>
-        <p class="hint">
-          Point your agent at this URL. The MCP client (Claude Desktop, Cursor, etc.) redirects
-          through <Wordmark />'s OAuth flow — you approve with a passkey, and <Wordmark /> mints a scoped
-          API key on the fly and injects it into the agent's session. No manual key handling.
-        </p>
-        <div class="code-block">
-          <code class="code-content">{mcpUrl}</code>
-          <button
-            type="button"
-            class="btn-copy"
-            onclick={(e) => copyToClipboard(mcpUrl, e.currentTarget as HTMLButtonElement)}
-            >Copy</button
-          >
-        </div>
-      </div>
-
-      {#if generatedKey}
-        <!-- Success block lives outside <details> so collapsing can't hide a key
-             that's shown only once. -->
-        <div class="code-block code-block-success">
-          <span class="code-label">API Key — copy now, shown only once</span>
-          <code class="code-content">{generatedKey}</code>
-          <button
-            type="button"
-            class="btn-copy"
-            onclick={(e) => copyToClipboard(generatedKey, e.currentTarget as HTMLButtonElement)}
-            >Copy</button
-          >
-        </div>
-        <div class="code-block">
-          <span class="code-label">Sample agent config</span>
-          <pre class="code-content code-pre">{mcpSampleConfig}</pre>
-          <button
-            type="button"
-            class="btn-copy"
-            onclick={(e) => copyToClipboard(mcpSampleConfig, e.currentTarget as HTMLButtonElement)}
-            >Copy</button
-          >
-        </div>
-      {:else}
-        <details class="extra" bind:open={showApiKeyForm}>
-          <summary>Use a static API key instead</summary>
-          <p class="hint">
-            For non-OAuth agents, generate a key with <code>mcp</code> scope and configure your client
-            with a bearer header.
-          </p>
-          <div class="form-row">
-            <input
-              type="text"
-              class="input"
-              bind:value={apiKeyLabel}
-              placeholder="Agent name (e.g. claude-laptop)"
-            />
-            <button
-              type="button"
-              class="btn-secondary"
-              disabled={loading}
-              onclick={handleGenerateApiKey}
-            >
-              Generate
-            </button>
-          </div>
-        </details>
-      {/if}
-
-      <div class="nav-row">
-        <button type="button" class="btn-secondary" onclick={back}>Back</button>
-        <button type="button" class="btn-primary" onclick={next}>Continue</button>
-      </div>
     {:else if currentStep === "notifications"}
       <h1>Stay in the loop</h1>
       <p class="description">
@@ -543,46 +260,6 @@
         </p>
       {/if}
 
-      <div class="nav-row">
-        <button type="button" class="btn-secondary" onclick={back}>Back</button>
-        <button type="button" class="btn-primary" onclick={next}>Continue</button>
-      </div>
-    {:else if currentStep === "advanced"}
-      <h1>What's next</h1>
-      <p class="description">A few <Wordmark /> features worth knowing about.</p>
-
-      <div class="advanced-list">
-        <div class="advanced-item">
-          <strong><code>shellwatch-agent</code></strong>
-          <p>
-            A local SSH agent that brokers signing through <Wordmark />. Run
-            <code>ssh user@host</code> from your terminal — your passkey unlocks the connection, no private
-            key on disk.
-          </p>
-        </div>
-        <div class="advanced-item">
-          <strong><code>pam-ssh-agent-webauthn</code></strong>
-          <p>
-            PAM module that gates remote actions (e.g. <code>sudo</code>) on a passkey signature
-            brokered through <Wordmark />. Source at
-            <a
-              href="https://github.com/rado0x54/pam-ssh-agent-webauthn"
-              target="_blank"
-              rel="noopener noreferrer">github.com/rado0x54/pam-ssh-agent-webauthn</a
-            >.
-          </p>
-        </div>
-        <div class="advanced-item">
-          <strong>Docs &amp; guides</strong>
-          <p>
-            Setup walkthroughs and reference live at
-            <a href="https://docs.shellwatch.ai" target="_blank" rel="noopener noreferrer"
-              >docs.shellwatch.ai</a
-            >.
-          </p>
-        </div>
-      </div>
-
       <div class="nav-row">
         <button type="button" class="btn-secondary" onclick={back}>Back</button>
         <button type="button" class="btn-primary" onclick={finish}>Open ShellWatch</button>
@@ -716,24 +393,6 @@
     margin-bottom: 0.75rem;
   }
 
-  .form-row {
-    display: flex;
-    gap: 0.5rem;
-    margin-bottom: 0.75rem;
-  }
-
-  .form-row .input {
-    flex: 1;
-    min-width: 0;
-    margin-bottom: 0;
-  }
-
-  .btn-row {
-    display: flex;
-    gap: 0.5rem;
-    justify-content: center;
-  }
-
   /* Footer nav row: Back on the left, Continue / primary on the right. */
   .nav-row {
     display: flex;
@@ -794,138 +453,6 @@
     cursor: default;
   }
 
-  .endpoint-list {
-    margin-bottom: 0.75rem;
-    text-align: left;
-  }
-
-  .endpoint-item {
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-    padding: 0.5rem 0.75rem;
-    background: var(--bg-primary);
-    border: 1px solid var(--border);
-    border-radius: 6px;
-    margin-bottom: 0.375rem;
-  }
-
-  .endpoint-label {
-    font-weight: 600;
-    font-size: 0.8rem;
-  }
-
-  .endpoint-detail {
-    font-size: 0.75rem;
-    color: var(--text-muted);
-  }
-
-  /* Reusable code-block surface used across server-setup, MCP, etc. */
-  .code-block {
-    position: relative;
-    background: var(--bg-primary);
-    border: 1px solid var(--border);
-    border-radius: 6px;
-    padding: 0.6rem 0.75rem;
-    margin-bottom: 0.75rem;
-    text-align: left;
-  }
-
-  .code-block-success {
-    border-color: var(--green, #4ade80);
-  }
-
-  .code-label {
-    display: block;
-    font-size: 0.65rem;
-    text-transform: uppercase;
-    letter-spacing: 0.05em;
-    color: var(--text-muted);
-    margin-bottom: 0.35rem;
-  }
-
-  .code-content {
-    display: block;
-    font-size: 0.75rem;
-    word-break: break-all;
-    padding-right: 3.5rem; /* leave room for the absolute Copy button */
-  }
-
-  .code-pre {
-    white-space: pre-wrap;
-    margin: 0;
-  }
-
-  .code-block-success .code-content {
-    color: var(--green, #4ade80);
-  }
-
-  .btn-copy {
-    position: absolute;
-    top: 0.4rem;
-    right: 0.4rem;
-    padding: 0.25rem 0.5rem;
-    background: var(--bg-secondary);
-    color: var(--text-primary);
-    border: 1px solid var(--border);
-    border-radius: 4px;
-    font-size: 0.7rem;
-    cursor: pointer;
-  }
-
-  .btn-copy:hover {
-    background: var(--border);
-  }
-
-  details.extra {
-    text-align: left;
-    margin-bottom: 0.75rem;
-    border: 1px solid var(--border);
-    border-radius: 6px;
-    padding: 0.5rem 0.75rem;
-    background: var(--bg-primary);
-  }
-
-  details.extra summary {
-    cursor: pointer;
-    font-size: 0.78rem;
-    font-weight: 500;
-    color: var(--text-primary);
-  }
-
-  details.extra[open] summary {
-    margin-bottom: 0.5rem;
-  }
-
-  /* MCP step */
-  .mcp-card {
-    text-align: left;
-    background: var(--bg-primary);
-    border: 1px solid var(--border);
-    border-radius: 8px;
-    padding: 0.75rem;
-    margin-bottom: 0.75rem;
-  }
-
-  .mcp-card-head {
-    display: flex;
-    align-items: center;
-    gap: 0.5rem;
-    margin-bottom: 0.4rem;
-    font-size: 0.9rem;
-  }
-
-  .badge-recommended {
-    font-size: 0.6rem;
-    font-weight: 600;
-    text-transform: uppercase;
-    letter-spacing: 0.05em;
-    color: var(--accent);
-    border: 1px solid var(--accent);
-    border-radius: 4px;
-    padding: 0.1rem 0.4rem;
-  }
-
   /* Notifications step */
   .toggle-row {
     display: flex;
@@ -986,36 +513,6 @@
     margin-bottom: 0.75rem;
   }
 
-  /* Advanced step */
-  .advanced-list {
-    text-align: left;
-    margin-bottom: 0.75rem;
-  }
-
-  .advanced-item {
-    border: 1px solid var(--border);
-    border-radius: 6px;
-    padding: 0.6rem 0.75rem;
-    background: var(--bg-primary);
-    margin-bottom: 0.5rem;
-  }
-
-  .advanced-item p {
-    margin: 0.25rem 0 0;
-    font-size: 0.78rem;
-    color: var(--text-muted);
-    line-height: 1.5;
-  }
-
-  .advanced-item a {
-    color: var(--accent);
-    text-decoration: none;
-  }
-
-  .advanced-item a:hover {
-    text-decoration: underline;
-  }
-
   .error {
     color: var(--red);
     font-size: 0.85rem;
@@ -1058,27 +555,5 @@
     .hint {
       font-size: 0.76rem;
     }
-
-    .form-row {
-      flex-direction: column;
-    }
-
-    .btn-row {
-      flex-direction: column;
-    }
-
-    .btn-row .btn-secondary {
-      width: 100%;
-    }
-
-    .endpoint-item {
-      flex-direction: column;
-      align-items: flex-start;
-      gap: 0.15rem;
-    }
-
-    .code-content {
-      font-size: 0.7rem;
-    }
   }
 </style>
diff --git a/client/src/routes/settings/+layout.svelte b/client/src/routes/settings/+layout.svelte
index 3869843..7ef8aac 100644
--- a/client/src/routes/settings/+layout.svelte
+++ b/client/src/routes/settings/+layout.svelte
@@ -1,17 +1,40 @@
 <!-- SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 -->
 <script lang="ts">
+  import { onMount } from "svelte";
   import SectionTabs from "$lib/components/SectionTabs.svelte";
+  import { account, fetchAccount } from "$lib/stores/account.js";
+  import { fetchSshKeys, sshKeys } from "$lib/stores/keys.js";
 
   let { children } = $props();
 
   type Pathname = import("$app/types").Pathname;
-  const tabs: { path: Pathname; label: string }[] = [
+
+  onMount(async () => {
+    await fetchAccount();
+    // SSH keys are admin-only (the API rejects non-admin requests). Only fetch
+    // them when admin so we can conditionally surface the SSH Keys tab.
+    if ($account?.isAdmin) {
+      await fetchSshKeys();
+    }
+  });
+
+  // Admin-only tab. Only visible when there's actually a file-based SSH key
+  // registered; non-admins never see it.
+  const showSshKeysTab = $derived(
+    $account?.isAdmin === true && $sshKeys.some((k) => k.type === "file"),
+  );
+
+  const tabs = $derived<{ path: Pathname; label: string }[]>([
     { path: "/settings/general", label: "General" },
     { path: "/settings/endpoints", label: "Endpoints" },
-    { path: "/settings/keys", label: "Keys" },
+    { path: "/settings/keys", label: "Passkeys" },
+    ...(showSshKeysTab
+      ? [{ path: "/settings/ssh-keys" as Pathname, label: "Other SSH Keys" }]
+      : []),
     { path: "/settings/api-keys", label: "API Keys" },
     { path: "/settings/notifications", label: "Notifications" },
-  ];
+    { path: "/settings/setup", label: "Setup" },
+  ]);
 </script>
 
 <div class="settings-page">
diff --git a/client/src/routes/settings/api-keys/+page.svelte b/client/src/routes/settings/api-keys/+page.svelte
index 6337e98..a421a86 100644
--- a/client/src/routes/settings/api-keys/+page.svelte
+++ b/client/src/routes/settings/api-keys/+page.svelte
@@ -12,6 +12,10 @@
   let label = $state("");
   let scopeMcp = $state(true);
   let scopeAgent = $state(false);
+  let generating = $state(false);
+  // Two-stage flow: open the form modal, fill in label + scopes + Generate,
+  // then the key-display modal opens with the freshly-minted key (shown once).
+  let formModalOpen = $state(false);
   let showKeyModal = $state(false);
   let generatedKey = $state("");
   let revokeTarget = $state<{ id: string; label: string } | null>(null);
@@ -21,8 +25,24 @@
     fetchApiKeys();
   });
 
+  function openGenerateModal() {
+    label = "";
+    scopeMcp = true;
+    scopeAgent = false;
+    formModalOpen = true;
+  }
+
+  function closeGenerateModal() {
+    if (generating) return;
+    formModalOpen = false;
+  }
+
   async function handleGenerate() {
-    if (!label.trim()) return;
+    if (generating) return;
+    if (!label.trim()) {
+      toastError("Label is required");
+      return;
+    }
     const scopes: string[] = [];
     if (scopeMcp) scopes.push("mcp");
     if (scopeAgent) scopes.push("agent");
@@ -30,14 +50,15 @@
       toastError("Select at least one scope");
       return;
     }
+    generating = true;
     try {
       generatedKey = await generateApiKey(label.trim(), scopes);
+      formModalOpen = false;
       showKeyModal = true;
-      label = "";
-      scopeMcp = true;
-      scopeAgent = false;
     } catch (err) {
       toastError(errorMessage(err));
+    } finally {
+      generating = false;
     }
   }
 
@@ -68,7 +89,7 @@
     btn.textContent = "Copied!";
   }
 
-  function handleCloseModal() {
+  function handleCloseKeyModal() {
     showKeyModal = false;
     generatedKey = "";
   }
@@ -104,30 +125,10 @@
     {/each}
   </SettingsList>
 
-  <div class="settings-form">
-    <h3>Generate API Key</h3>
-    <div class="form-row">
-      <input
-        type="text"
-        placeholder="Label (e.g., Claude Agent)"
-        bind:value={label}
-        style="flex: 1"
-      />
-      <button type="button" class="btn btn-primary" onclick={handleGenerate}>Generate</button>
-    </div>
-    <h4 class="scope-heading">Scopes</h4>
-    <div class="scope-row">
-      <label class="scope-option">
-        <input type="checkbox" bind:checked={scopeMcp} />
-        <span>mcp</span>
-        <span class="scope-hint">— MCP server access</span>
-      </label>
-      <label class="scope-option">
-        <input type="checkbox" bind:checked={scopeAgent} />
-        <span>agent</span>
-        <span class="scope-hint">— SSH agent socket forwarding</span>
-      </label>
-    </div>
+  <div class="register-section">
+    <button type="button" class="btn btn-primary" onclick={openGenerateModal}>
+      Generate API Key
+    </button>
   </div>
 
   {#if revokeTarget}
@@ -145,8 +146,56 @@
     </ConfirmDialog>
   {/if}
 
+  {#if formModalOpen}
+    <Modal
+      title="Generate API Key"
+      onClose={closeGenerateModal}
+      onSubmit={handleGenerate}
+      width="480px"
+    >
+      <div class="field">
+        <label for="apikey-label">Label</label>
+        <input
+          id="apikey-label"
+          type="text"
+          placeholder="e.g. Claude Agent"
+          bind:value={label}
+          disabled={generating}
+        />
+      </div>
+
+      <div class="field">
+        <span class="field-label">Scopes</span>
+        <label class="scope-option">
+          <input type="checkbox" bind:checked={scopeMcp} disabled={generating} />
+          <span>mcp</span>
+          <span class="scope-hint">— MCP server access</span>
+        </label>
+        <label class="scope-option">
+          <input type="checkbox" bind:checked={scopeAgent} disabled={generating} />
+          <span>agent</span>
+          <span class="scope-hint">— SSH agent socket forwarding</span>
+        </label>
+      </div>
+
+      {#snippet actions()}
+        <button
+          type="button"
+          class="btn btn-secondary"
+          onclick={closeGenerateModal}
+          disabled={generating}
+        >
+          Cancel
+        </button>
+        <button type="submit" class="btn btn-primary" disabled={generating}>
+          {generating ? "Generating…" : "Generate"}
+        </button>
+      {/snippet}
+    </Modal>
+  {/if}
+
   {#if showKeyModal}
-    <Modal title="API Key Created" onClose={handleCloseModal}>
+    <Modal title="API Key Created" onClose={handleCloseKeyModal}>
       <p class="modal-desc">Copy this key now — it will not be shown again.</p>
       <pre class="code-block key-value">{generatedKey}</pre>
       {#snippet actions()}
@@ -155,7 +204,7 @@
           class="btn btn-primary"
           onclick={(e) => handleCopy(e.currentTarget as HTMLButtonElement)}>Copy</button
         >
-        <button type="button" class="btn btn-secondary" onclick={handleCloseModal}>Done</button>
+        <button type="button" class="btn btn-secondary" onclick={handleCloseKeyModal}>Done</button>
       {/snippet}
     </Modal>
   {/if}
@@ -194,6 +243,14 @@
     margin: 0 var(--space-2);
   }
 
+  .register-section {
+    margin-top: var(--space-5);
+    display: flex;
+    align-items: center;
+    gap: var(--space-3);
+    flex-wrap: wrap;
+  }
+
   .modal-desc {
     color: var(--text-muted);
     font-size: 0.85rem;
@@ -205,18 +262,20 @@
     cursor: text;
   }
 
-  .scope-heading {
-    margin: 0.75rem 0 0.25rem;
-    font-size: 0.8rem;
-    font-weight: 600;
-    color: var(--text-muted);
+  .field {
+    display: flex;
+    flex-direction: column;
+    gap: 0.3rem;
+    margin-top: 0.85rem;
   }
 
-  .scope-row {
-    display: flex;
-    gap: 1.5rem;
-    margin-top: 0.5rem;
-    font-size: 0.85rem;
+  .field label,
+  .field .field-label {
+    font-size: 0.75rem;
+    font-weight: 600;
+    color: var(--text-muted);
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
   }
 
   .scope-option {
@@ -224,6 +283,12 @@
     align-items: center;
     gap: 0.4rem;
     cursor: pointer;
+    font-size: 0.85rem;
+    font-weight: 400;
+    color: var(--on-surface);
+    text-transform: none;
+    letter-spacing: 0;
+    margin-top: 0.35rem;
   }
 
   .scope-hint {
diff --git a/client/src/routes/settings/endpoints/+page.svelte b/client/src/routes/settings/endpoints/+page.svelte
index 7dad21d..d2a3a7b 100644
--- a/client/src/routes/settings/endpoints/+page.svelte
+++ b/client/src/routes/settings/endpoints/+page.svelte
@@ -3,6 +3,7 @@
   import { onMount } from "svelte";
   import Modal from "$lib/components/Modal.svelte";
   import ConfirmDialog from "$lib/components/ConfirmDialog.svelte";
+  import ServerSetupGuide from "$lib/components/ServerSetupGuide.svelte";
   import {
     createEndpoint,
     deleteEndpoint,
@@ -14,34 +15,120 @@
     type Endpoint,
     type UserVerification,
   } from "$lib/stores/endpoints.js";
+  import { account, fetchAccount, updateShowDemoEndpoints } from "$lib/stores/account.js";
+  import { credentials, fetchCredentials } from "$lib/stores/webauthn.js";
   import { toastError } from "$lib/stores/toasts.js";
   import { errorMessage } from "$lib/utils/error-message.js";
   import { formatEndpointAddress, parseEndpointAddress } from "$lib/utils/endpoint-address.js";
-  import Wordmark from "$lib/components/Wordmark.svelte";
   import SettingsList from "$lib/components/SettingsList.svelte";
   import SettingsRow from "$lib/components/SettingsRow.svelte";
 
-  type ModalMode = { kind: "create" } | { kind: "edit"; id: string };
+  // The wizard kinds prefix the form with a Server-Setup primer. Triggered
+  // automatically when the user clicks Add Endpoint while they have no own
+  // endpoints yet — the button label itself is static.
+  type ModalMode =
+    | { kind: "create" }
+    | { kind: "edit"; id: string }
+    | { kind: "wizard-server" }
+    | { kind: "wizard-form" };
 
   let modal = $state<ModalMode | null>(null);
   let saving = $state(false);
   let formLabel = $state("");
   let formAddress = $state("");
   let formUserVerification = $state<UserVerification>("required");
+  let formAgentForward = $state(true);
   let formDescription = $state("");
   let deleteTarget = $state<Endpoint | null>(null);
   let deleting = $state(false);
+  let togglingDemo = $state(false);
+  // Tracks whether the Address field has been blurred. Used to surface the
+  // "user defaults to shellwatch" hint only after the user finishes editing —
+  // we don't want it nagging mid-typing.
+  let addressBlurred = $state(false);
+
+  // The default-user affordance fires when the user blurred away from a
+  // non-empty address that has no `user@` prefix. The actual prefix is shown
+  // as a gray adornment next to the input; the value in the input stays as
+  // whatever the user typed (parseEndpointAddress applies the default).
+  const showDefaultUserHint = $derived(
+    addressBlurred && formAddress.length > 0 && !formAddress.includes("@"),
+  );
+
+  // Split the merged endpoint list so we can render demos in their own
+  // section below the user's own endpoints. The server only returns demo
+  // entries when account.showDemoEndpoints is on, so this filter is empty
+  // when the toggle is off.
+  const regularEndpoints = $derived($endpoints.filter((ep) => !ep.isDemo));
+  const demoEndpoints = $derived($endpoints.filter((ep) => ep.isDemo));
+
+  // First active passkey that's convertible to SSH — used by the wizard's
+  // Server-Setup step so the authorized_keys command is fully copy-pastable.
+  const wizardPasskey = $derived(
+    $credentials.find((c) => c.state === "active" && c.authorizedKeysEntry !== null) ?? null,
+  );
+
+  // The form modal is the same shape for create / wizard-form / edit. Only the
+  // Back button (wizard) vs Cancel (everywhere else) and the submit handler's
+  // create-vs-update branch differ.
+  const isFormModal = $derived(
+    modal?.kind === "create" || modal?.kind === "edit" || modal?.kind === "wizard-form",
+  );
+
+  function modalTitle(m: ModalMode): string {
+    switch (m.kind) {
+      case "create":
+      case "wizard-form":
+        return "Add Endpoint";
+      case "edit":
+        return "Edit Endpoint";
+      case "wizard-server":
+        return "Set up your SSH server";
+    }
+  }
 
   onMount(() => {
     fetchEndpoints();
+    fetchAccount();
+    fetchCredentials();
   });
 
-  function openCreate() {
-    modal = { kind: "create" };
+  async function handleToggleDemo() {
+    if (togglingDemo || !$account) return;
+    togglingDemo = true;
+    try {
+      await updateShowDemoEndpoints(!$account.showDemoEndpoints);
+      await fetchEndpoints();
+    } catch (err) {
+      toastError(errorMessage(err));
+    } finally {
+      togglingDemo = false;
+    }
+  }
+
+  function resetForm() {
     formLabel = "";
     formAddress = "";
     formUserVerification = "required";
+    formAgentForward = true;
     formDescription = "";
+    addressBlurred = false;
+  }
+
+  // Single entry point from the Add Endpoint button. When the user has no own
+  // endpoints yet we lead with the SSH-server setup primer; otherwise we drop
+  // straight into the form — the button label stays the same either way.
+  function openAdd() {
+    resetForm();
+    modal = regularEndpoints.length === 0 ? { kind: "wizard-server" } : { kind: "create" };
+  }
+
+  function continueWizard() {
+    modal = { kind: "wizard-form" };
+  }
+
+  function wizardBack() {
+    modal = { kind: "wizard-server" };
   }
 
   function openEdit(ep: Endpoint) {
@@ -49,7 +136,9 @@
     formLabel = ep.label;
     formAddress = formatEndpointAddress(ep);
     formUserVerification = ep.userVerification;
+    formAgentForward = ep.agentForward;
     formDescription = ep.description ?? "";
+    addressBlurred = false;
   }
 
   function closeModal() {
@@ -73,22 +162,25 @@
     const description = formDescription.trim() ? formDescription.trim() : null;
     saving = true;
     try {
-      if (modal.kind === "create") {
-        await createEndpoint({
+      if (modal.kind === "edit") {
+        await updateEndpoint(modal.id, {
           label: formLabel.trim(),
           host: parsed.host,
           port: parsed.port,
           username: parsed.username,
           userVerification: formUserVerification,
+          agentForward: formAgentForward,
           description,
         });
       } else {
-        await updateEndpoint(modal.id, {
+        // create or wizard-form — both POST a new endpoint
+        await createEndpoint({
           label: formLabel.trim(),
           host: parsed.host,
           port: parsed.port,
           username: parsed.username,
           userVerification: formUserVerification,
+          agentForward: formAgentForward,
           description,
         });
       }
@@ -124,17 +216,17 @@
 </script>
 
 <section>
-  <div class="header">
-    <h2>SSH Endpoints</h2>
-    <button type="button" class="btn btn-primary" onclick={openCreate}>Add Endpoint</button>
-  </div>
+  <h2>SSH Endpoints</h2>
 
-  <SettingsList empty={$endpoints.length === 0} emptyText="No endpoints configured">
-    {#each $endpoints as ep (ep.id)}
+  <SettingsList empty={regularEndpoints.length === 0} emptyText="No endpoints configured">
+    {#each regularEndpoints as ep (ep.id)}
       <SettingsRow detail={ep.description ?? null} detailLabel="Description">
         {#snippet primary()}
           <span class="row-label">{ep.label}</span>
-          <span class="badge badge-available">{ep.userVerification}</span>
+          <span class="badge badge-available">UV: {ep.userVerification}</span>
+          <span class="badge" class:badge-available={ep.agentForward}>
+            forward: {ep.agentForward ? "on" : "off"}
+          </span>
         {/snippet}
         {#snippet secondary()}{formatEndpointAddress(ep)}{/snippet}
         {#snippet actions()}
@@ -147,36 +239,49 @@
     {/each}
   </SettingsList>
 
-  <div class="hint-block">
-    <p class="hint">
-      <strong>User Verification</strong> controls the WebAuthn <code>userVerification</code> option
-      used for passkey sign ceremonies to this endpoint. Defaults to <code>required</code> (PIN / biometric
-      always enforced). Relax only if a specific authenticator can't provide UV.
-    </p>
-    <p class="hint">
-      This is a <em>client-side</em> setting — <Wordmark /> requests UV from the authenticator and rejects
-      responses without it when set to <code>required</code>, but the authoritative gate is the
-      <strong>OpenSSH server</strong>. To make UV load-bearing, configure the target host to require
-      it:
-    </p>
-    <ul class="hint">
-      <li>
-        <strong>Globally</strong> in <code>sshd_config</code>:
-        <code>PubkeyAuthOptions verify-required</code>
-      </li>
-      <li>
-        <strong>Per-key</strong> in <code>~/.ssh/authorized_keys</code> on the server:
-        <code>verify-required sk-ecdsa-sha2-nistp256@openssh.com AAAA... user@host</code>
-      </li>
-    </ul>
-    <p class="hint">
-      Either source enables enforcement; <code>sshd</code> rejects signatures without the UV bit (<code
-        >SSH_SK_USER_VERIFICATION_REQD</code
-      >, <code>0x04</code>) set, logging
-      <code>user verification requirement not met</code>. See the project README for details.
-    </p>
+  <div class="register-section">
+    <button type="button" class="btn btn-primary" onclick={openAdd}>Add Endpoint</button>
   </div>
 
+  {#if $account?.demoEndpointsAvailable}
+    <div class="demo-section-header">
+      <h3 class="demo-section-label">Demo Endpoints</h3>
+      <button
+        type="button"
+        class="toggle"
+        class:active={$account.showDemoEndpoints}
+        onclick={handleToggleDemo}
+        disabled={togglingDemo}
+        aria-label="Show demo endpoints"
+        role="switch"
+        aria-checked={$account.showDemoEndpoints}
+      >
+        <span class="toggle-knob"></span>
+      </button>
+      <span class="toggle-label">Show</span>
+    </div>
+
+    {#if $account.showDemoEndpoints}
+      <SettingsList
+        empty={demoEndpoints.length === 0}
+        emptyText="No demo endpoints configured by the operator"
+      >
+        {#each demoEndpoints as ep (ep.id)}
+          <SettingsRow detail={ep.description ?? null} detailLabel="Description">
+            {#snippet primary()}
+              <span class="row-label">{ep.label}</span>
+              <span class="badge badge-available">UV: {ep.userVerification}</span>
+              <span class="badge" class:badge-available={ep.agentForward}>
+                forward: {ep.agentForward ? "on" : "off"}
+              </span>
+            {/snippet}
+            {#snippet secondary()}{formatEndpointAddress(ep)}{/snippet}
+          </SettingsRow>
+        {/each}
+      </SettingsList>
+    {/if}
+  {/if}
+
   {#if deleteTarget}
     <ConfirmDialog
       title="Delete endpoint?"
@@ -192,13 +297,29 @@
     </ConfirmDialog>
   {/if}
 
-  {#if modal}
-    <Modal
-      title={modal.kind === "create" ? "Add Endpoint" : "Edit Endpoint"}
-      onClose={closeModal}
-      onSubmit={handleSave}
-      width="520px"
-    >
+  {#if modal && modal.kind === "wizard-server"}
+    <Modal title={modalTitle(modal)} onClose={closeModal} width="520px">
+      <p class="wizard-step-hint">Step 1 of 2 · Server setup</p>
+      <p class="modal-desc">
+        Before adding your first endpoint, set up the remote server to accept your <strong
+          >ShellWatch</strong
+        > passkey credential.
+      </p>
+      <ServerSetupGuide passkey={wizardPasskey} accountName={$account?.name} />
+
+      {#snippet actions()}
+        <button type="button" class="btn btn-secondary" onclick={closeModal}>Cancel</button>
+        <button type="button" class="btn btn-primary" onclick={continueWizard}>Continue</button>
+      {/snippet}
+    </Modal>
+  {/if}
+
+  {#if modal && isFormModal}
+    <Modal title={modalTitle(modal)} onClose={closeModal} onSubmit={handleSave} width="520px">
+      {#if modal.kind === "wizard-form"}
+        <p class="wizard-step-hint">Step 2 of 2 · Endpoint details</p>
+      {/if}
+
       <div class="field">
         <label for="ep-label">Label</label>
         <input id="ep-label" type="text" placeholder="My server" bind:value={formLabel} />
@@ -206,7 +327,24 @@
 
       <div class="field">
         <label for="ep-address">Address</label>
-        <input id="ep-address" type="text" placeholder="user@host:port" bind:value={formAddress} />
+        <div class="address-input-wrap" class:has-default-user={showDefaultUserHint}>
+          {#if showDefaultUserHint}
+            <span class="default-user-prefix">shellwatch@</span>
+          {/if}
+          <input
+            id="ep-address"
+            type="text"
+            placeholder="user@host:port"
+            bind:value={formAddress}
+            onfocus={() => (addressBlurred = false)}
+            onblur={() => (addressBlurred = true)}
+          />
+        </div>
+        {#if showDefaultUserHint}
+          <span class="address-warning"
+            >User defaults to <code>shellwatch</code> if not specified.</span
+          >
+        {/if}
       </div>
 
       <div class="field">
@@ -232,12 +370,40 @@
         <div class="char-count">{formDescription.length} / {ENDPOINT_DESCRIPTION_MAX_LENGTH}</div>
       </div>
 
+      <div class="field">
+        <label for="ep-agent-forward">SSH Agent Forwarding</label>
+        <div class="toggle-row">
+          <button
+            type="button"
+            id="ep-agent-forward"
+            class="toggle"
+            class:active={formAgentForward}
+            onclick={() => (formAgentForward = !formAgentForward)}
+            aria-label="SSH Agent Forwarding"
+            role="switch"
+            aria-checked={formAgentForward}
+          >
+            <span class="toggle-knob"></span>
+          </button>
+          <span class="toggle-label">{formAgentForward ? "Enabled" : "Disabled"}</span>
+        </div>
+        <span class="field-help">
+          Forward SSH keys to this host so onward tools (ssh, git) can authenticate.
+        </span>
+      </div>
+
       {#snippet actions()}
-        <button type="button" class="btn btn-secondary" onclick={closeModal} disabled={saving}>
-          Cancel
-        </button>
+        {#if modal?.kind === "wizard-form"}
+          <button type="button" class="btn btn-secondary" onclick={wizardBack} disabled={saving}>
+            Back
+          </button>
+        {:else}
+          <button type="button" class="btn btn-secondary" onclick={closeModal} disabled={saving}>
+            Cancel
+          </button>
+        {/if}
         <button type="submit" class="btn btn-primary" disabled={saving}>
-          {saving ? "Saving…" : modal?.kind === "create" ? "Add" : "Save"}
+          {saving ? "Saving…" : modal?.kind === "edit" ? "Save" : "Add"}
         </button>
       {/snippet}
     </Modal>
@@ -253,11 +419,33 @@
     letter-spacing: 0.05em;
   }
 
-  .header {
+  .register-section {
+    margin-top: var(--space-5);
     display: flex;
     align-items: center;
-    justify-content: space-between;
+    gap: var(--space-3);
+    flex-wrap: wrap;
+  }
+
+  /* Demo Endpoints section: headline + toggle clustered on the left so it
+     matches the rest of the settings pages where actions live left-aligned. */
+  .demo-section-header {
+    display: flex;
+    align-items: center;
+    gap: 0.6rem;
+    margin-top: var(--space-6);
     margin-bottom: 0.75rem;
+    padding-top: var(--space-4);
+    border-top: 1px solid var(--border);
+  }
+
+  .demo-section-label {
+    margin: 0;
+    font-size: 0.75rem;
+    font-weight: 600;
+    color: var(--text-muted);
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
   }
 
   .row-label {
@@ -270,20 +458,58 @@
     max-width: 100%;
   }
 
-  .hint-block {
-    margin-top: var(--space-6);
+  .wizard-step-hint {
+    font-size: 0.65rem;
+    text-transform: uppercase;
+    letter-spacing: 0.08em;
+    color: var(--text-muted);
+    margin: 0 0 0.75rem;
   }
 
-  .hint {
-    font-size: 0.8rem;
+  /* Address input with an optional gray "shellwatch@" prefix adornment shown
+     after blur when the user didn't supply a custom username. The wrapper
+     mimics the input's chrome so the prefix + input look like one field. */
+  .address-input-wrap {
+    display: flex;
+    align-items: stretch;
+    width: 100%;
+  }
+
+  .address-input-wrap.has-default-user {
+    border: 1px solid var(--outline-variant);
+    border-radius: 6px;
+    background-color: var(--surface-container);
+    overflow: hidden;
+  }
+
+  .address-input-wrap.has-default-user input {
+    border: none;
+    background: transparent;
+    padding-left: 0;
+  }
+
+  .default-user-prefix {
+    display: inline-flex;
+    align-items: center;
+    padding: 0.5rem 0 0.5rem 0.625rem;
     color: var(--text-muted);
-    line-height: 1.5;
+    font-family: var(--font-mono, monospace);
+    font-size: var(--body-md);
+    user-select: none;
+    pointer-events: none;
   }
 
-  .hint code {
+  .address-warning {
+    display: block;
+    margin-top: 0.35rem;
+    font-size: 0.75rem;
+    color: var(--warning, var(--secondary, #f59e0b));
+    line-height: 1.4;
+  }
+
+  .address-warning code {
     font-family: var(--font-mono);
     font-size: 0.85em;
-    color: var(--primary);
   }
 
   .field {
@@ -308,6 +534,60 @@
     color: var(--text-muted);
   }
 
+  .field-help {
+    display: block;
+    margin-top: 0.4rem;
+    font-size: 0.75rem;
+    color: var(--text-muted);
+    line-height: 1.5;
+  }
+
+  .toggle-row {
+    display: flex;
+    align-items: center;
+    gap: 0.75rem;
+  }
+
+  .toggle {
+    position: relative;
+    width: 40px;
+    height: 22px;
+    border-radius: 11px;
+    border: 1px solid var(--border);
+    background: var(--bg-primary);
+    cursor: pointer;
+    padding: 0;
+    transition: background-color 0.2s;
+  }
+
+  .toggle.active {
+    background: var(--green, #4ade80);
+    border-color: var(--green, #4ade80);
+  }
+
+  .toggle-knob {
+    position: absolute;
+    top: 2px;
+    left: 2px;
+    width: 16px;
+    height: 16px;
+    border-radius: 50%;
+    background: var(--text-muted);
+    transition:
+      transform 0.2s,
+      background-color 0.2s;
+  }
+
+  .toggle.active .toggle-knob {
+    transform: translateX(18px);
+    background: white;
+  }
+
+  .toggle-label {
+    font-size: 0.85rem;
+    color: var(--text-primary);
+  }
+
   .field textarea {
     resize: vertical;
     min-height: 4rem;
diff --git a/client/src/routes/settings/general/+page.svelte b/client/src/routes/settings/general/+page.svelte
index 5870bb0..78f3486 100644
--- a/client/src/routes/settings/general/+page.svelte
+++ b/client/src/routes/settings/general/+page.svelte
@@ -2,12 +2,7 @@
 <script lang="ts">
   import { onMount } from "svelte";
   import Identicon from "$lib/components/Identicon.svelte";
-  import {
-    account,
-    fetchAccount,
-    updateAccountName,
-    updateAgentForward,
-  } from "$lib/stores/account.js";
+  import { account, fetchAccount, updateAccountName } from "$lib/stores/account.js";
   import { buildInfo } from "$lib/stores/build-info.js";
 
   function formatBuiltAt(value: string | null): string {
@@ -19,8 +14,6 @@
   let nameInput = $state("");
   let saving = $state(false);
   let message = $state("");
-  let agentForwardSaving = $state(false);
-  let agentForwardMessage = $state("");
 
   onMount(async () => {
     await fetchAccount();
@@ -45,20 +38,6 @@
     }
     saving = false;
   }
-
-  async function handleAgentForwardToggle() {
-    if (!$account) return;
-    agentForwardSaving = true;
-    agentForwardMessage = "";
-    try {
-      await updateAgentForward(!$account.agentForward);
-      agentForwardMessage = "Saved";
-      setTimeout(() => (agentForwardMessage = ""), 2000);
-    } catch (err) {
-      agentForwardMessage = (err as Error).message;
-    }
-    agentForwardSaving = false;
-  }
 </script>
 
 <section>
@@ -87,36 +66,6 @@
         {/if}
       </div>
 
-      <div class="field">
-        <label for="agent-forward">SSH Agent Forwarding</label>
-        <div class="toggle-row">
-          <button
-            type="button"
-            id="agent-forward"
-            class="toggle"
-            class:active={$account.agentForward}
-            disabled={agentForwardSaving}
-            onclick={handleAgentForwardToggle}
-            aria-label="SSH Agent Forwarding"
-            role="switch"
-            aria-checked={$account.agentForward}
-          >
-            <span class="toggle-knob"></span>
-          </button>
-          <span class="toggle-label">
-            {$account.agentForward ? "Enabled" : "Disabled"}
-          </span>
-        </div>
-        <span class="field-hint">
-          Forward SSH keys to remote hosts so programs like ssh and git can authenticate onward.
-        </span>
-        {#if agentForwardMessage}
-          <span class="message" class:success={agentForwardMessage === "Saved"}
-            >{agentForwardMessage}</span
-          >
-        {/if}
-      </div>
-
       <div class="field">
         <span class="field-label">Version</span>
         <div class="version-row">
@@ -221,57 +170,4 @@
   .message.success {
     color: var(--green, #4ade80);
   }
-
-  .toggle-row {
-    display: flex;
-    align-items: center;
-    gap: 0.75rem;
-  }
-
-  .toggle {
-    position: relative;
-    width: 40px;
-    height: 22px;
-    border-radius: 11px;
-    border: 1px solid var(--border);
-    background: var(--bg-primary);
-    cursor: pointer;
-    padding: 0;
-    transition: background-color 0.2s;
-  }
-
-  .toggle.active {
-    background: var(--green, #4ade80);
-    border-color: var(--green, #4ade80);
-  }
-
-  .toggle-knob {
-    position: absolute;
-    top: 2px;
-    left: 2px;
-    width: 16px;
-    height: 16px;
-    border-radius: 50%;
-    background: var(--text-muted);
-    transition:
-      transform 0.2s,
-      background-color 0.2s;
-  }
-
-  .toggle.active .toggle-knob {
-    transform: translateX(18px);
-    background: white;
-  }
-
-  .toggle-label {
-    font-size: 0.85rem;
-    color: var(--text-primary);
-  }
-
-  .field-hint {
-    display: block;
-    font-size: 0.75rem;
-    color: var(--text-muted);
-    margin-top: 0.375rem;
-  }
 </style>
diff --git a/client/src/routes/settings/keys/+page.svelte b/client/src/routes/settings/keys/+page.svelte
index 49ae400..39897d2 100644
--- a/client/src/routes/settings/keys/+page.svelte
+++ b/client/src/routes/settings/keys/+page.svelte
@@ -1,7 +1,6 @@
 <script lang="ts">
   import { onMount } from "svelte";
   import { account } from "$lib/stores/account.js";
-  import { fetchSshKeys, sshKeys } from "$lib/stores/keys.js";
   import { toastError } from "$lib/stores/toasts.js";
   import { errorMessage } from "$lib/utils/error-message.js";
   import {
@@ -24,11 +23,7 @@
   let registering = $state(false);
   let inviting = $state(false);
   let showAddModal = $state(false);
-  let revokeTarget = $state<
-    | { kind: "passkey"; id: string; label: string }
-    | { kind: "file"; id: string; label: string }
-    | null
-  >(null);
+  let revokeTarget = $state<{ id: string; label: string } | null>(null);
   // Single source of truth for the active invite slot for this account. Used
   // both for the on-page indicator (with live countdown) and as the prefilled
   // value when the user opens the Add-Passkey modal.
@@ -43,7 +38,6 @@
 
   onMount(async () => {
     fetchCredentials();
-    fetchSshKeys();
     try {
       activeInvite = await fetchActiveInvite();
     } catch (err) {
@@ -203,11 +197,7 @@
         return;
       }
     }
-    revokeTarget = { kind: "passkey", id, label: target.label };
-  }
-
-  function openRevokeFileKey(id: string, label: string) {
-    revokeTarget = { kind: "file", id, label };
+    revokeTarget = { id, label: target.label };
   }
 
   function closeRevokeDialog() {
@@ -251,31 +241,9 @@
     }
   }
 
-  async function handleRevokeFileKey(id: string): Promise<boolean> {
-    revoking = true;
-    try {
-      const base = (window as unknown as { __BASE_PATH__?: string }).__BASE_PATH__ ?? "";
-      const res = await fetch(`${base}/api/keys/${id}`, { method: "DELETE" });
-      if (!res.ok) {
-        const err = await res.json();
-        toastError(err.error || "Failed to revoke");
-        return false;
-      }
-      await fetchSshKeys();
-      return true;
-    } catch (err) {
-      toastError(errorMessage(err));
-      return false;
-    } finally {
-      revoking = false;
-    }
-  }
-
   async function handleRevokeConfirm() {
     if (!revokeTarget) return;
-    const t = revokeTarget;
-    const ok =
-      t.kind === "passkey" ? await handleRevokePasskey(t.id) : await handleRevokeFileKey(t.id);
+    const ok = await handleRevokePasskey(revokeTarget.id);
     if (ok) revokeTarget = null;
   }
 
@@ -329,9 +297,6 @@
     if (!iso) return "Never";
     return iso.slice(0, 10);
   }
-
-  const hasAuthorizedKeys = $derived($credentials.some((pk) => pk.authorizedKeysEntry));
-  const fileKeys = $derived($sshKeys.filter((k) => k.type === "file"));
 </script>
 
 <section>
@@ -515,79 +480,19 @@
   {/if}
 
   {#if revokeTarget}
-    {@const target = revokeTarget}
     <ConfirmDialog
-      title={target.kind === "passkey" ? "Revoke passkey?" : "Revoke SSH key?"}
+      title="Revoke passkey?"
       confirmLabel="Revoke"
       onConfirm={handleRevokeConfirm}
       onCancel={closeRevokeDialog}
       processing={revoking}
     >
       <p class="modal-desc">
-        Revoke <strong>{target.label}</strong>? This is permanent and cannot be undone.
-        {#if target.kind === "passkey"}
-          You'll be asked to verify with another passkey first.
-        {/if}
+        Revoke <strong>{revokeTarget.label}</strong>? This is permanent and cannot be undone. You'll
+        be asked to verify with another passkey first.
       </p>
     </ConfirmDialog>
   {/if}
-
-  {#if hasAuthorizedKeys}
-    <div class="settings-info">
-      <h3>SSH Server Setup</h3>
-      <p>Add this line to <code>/etc/ssh/sshd_config</code> on your remote server:</p>
-      <pre
-        class="code-block">PubkeyAcceptedAlgorithms=+webauthn-sk-ecdsa-sha2-nistp256@openssh.com</pre>
-      <p>Then add the passkey's SSH public key to <code>~/.ssh/authorized_keys</code>.</p>
-    </div>
-  {/if}
-
-  <!-- File-based SSH Keys (admin only) -->
-  {#if $account?.isAdmin && fileKeys.length > 0}
-    <h2 class="section-divider">File-Based SSH Keys</h2>
-    <SettingsList>
-      {#each fileKeys as k (k.id)}
-        <SettingsRow>
-          {#snippet primary()}
-            <span class="row-label" class:revoked={k.revoked}>{k.label}</span>
-            {#if k.revoked}
-              <span class="badge badge-unavailable">revoked</span>
-            {:else if !k.available}
-              <span class="badge badge-unavailable">unavailable</span>
-            {:else}
-              <span class="badge badge-available">available</span>
-            {/if}
-            <span class="meta-mono">{k.algorithm}</span>
-          {/snippet}
-          {#snippet secondary()}
-            <span title={k.fingerprint ?? ""}>{shortFingerprint(k.fingerprint)}</span>
-            <span class="row-dot">·</span>created {formatDate(k.createdAt)}
-            <span class="row-dot">·</span>last used {formatDate(k.lastUsedAt)}
-          {/snippet}
-          {#snippet actions()}
-            {#if k.authorizedKeysEntry && !k.revoked}
-              <button
-                type="button"
-                class="btn btn-secondary"
-                title="Copy SSH public key"
-                onclick={(e) =>
-                  copyKey(k.authorizedKeysEntry!, e.currentTarget as HTMLButtonElement)}
-                >Copy SSH PubKey</button
-              >
-            {/if}
-            {#if !k.revoked}
-              <button
-                type="button"
-                class="btn btn-secondary"
-                disabled={revoking}
-                onclick={() => openRevokeFileKey(k.id, k.label)}>Revoke</button
-              >
-            {/if}
-          {/snippet}
-        </SettingsRow>
-      {/each}
-    </SettingsList>
-  {/if}
 </section>
 
 <style>
@@ -600,10 +505,6 @@
     letter-spacing: 0.05em;
   }
 
-  .section-divider {
-    margin-top: 2rem;
-  }
-
   .row-label {
     font-weight: 600;
     font-size: var(--body-md);
diff --git a/client/src/routes/settings/setup/+page.svelte b/client/src/routes/settings/setup/+page.svelte
new file mode 100644
index 0000000..06e7189
--- /dev/null
+++ b/client/src/routes/settings/setup/+page.svelte
@@ -0,0 +1,367 @@
+<!-- SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 -->
+<!--
+  Setup reference page — collapsible sections, one per ShellWatch integration
+  surface. Each card explains what the piece is and the minimum steps to wire
+  it up; the actual config flows live elsewhere (Settings → Endpoints, etc.).
+-->
+<script lang="ts">
+  import Wordmark from "$lib/components/Wordmark.svelte";
+  import ServerSetupGuide from "$lib/components/ServerSetupGuide.svelte";
+
+  import { onMount } from "svelte";
+
+  const DOCS_URL = "https://docs.shellwatch.ai";
+  const PAM_REPO_URL = "https://github.com/rado0x54/pam-ssh-agent-webauthn";
+
+  // The MCP endpoint lives at the same origin the user is browsing — render
+  // the actual URL so it's copy-pastable. window.location is only available
+  // client-side; default to a placeholder so SSR doesn't trip over it.
+  let mcpUrl = $state("/mcp");
+  onMount(() => {
+    mcpUrl = `${window.location.origin}/mcp`;
+  });
+  // Agent binaries are published as their own release stream tagged
+  // `agent/vX.Y.Z` (separate from the main ShellWatch `vX.Y.Z` releases).
+  // GitHub's release search has no tag-prefix qualifier, so we filter by name
+  // — every agent release names itself "ShellWatch Agent <version>".
+  const AGENT_RELEASES_URL =
+    "https://github.com/rado0x54/ShellWatch/releases?q=%22ShellWatch+Agent%22&expanded=true";
+</script>
+
+<section class="setup-page">
+  <details class="setup-card">
+    <summary>SSH Server Setup</summary>
+    <div class="setup-body">
+      <p class="hint">
+        Configure each remote host you want to manage so OpenSSH accepts the WebAuthn-anchored
+        credential <Wordmark /> carries on the user's passkey. Requires
+        <strong>OpenSSH 8.4+</strong>.
+      </p>
+      <ServerSetupGuide />
+    </div>
+  </details>
+
+  <details class="setup-card">
+    <summary>Endpoint Setup</summary>
+    <div class="setup-body">
+      <p class="hint">
+        An <strong>endpoint</strong> is a remote host <Wordmark /> can broker sessions to. Each entry
+        carries a label, address, and a few policy controls that govern how passkey ceremonies and agent
+        forwarding work for sessions to that host.
+      </p>
+      <ol class="steps">
+        <li>
+          Go to <strong>Settings → Endpoints</strong> and click <em>Add Endpoint</em>.
+        </li>
+        <li>
+          Fill in the fields (see reference below) and save. The endpoint shows up in your sidebar
+          immediately; click <em>Connect</em> to open a session.
+        </li>
+      </ol>
+
+      <h4>Field Reference</h4>
+
+      <p class="hint">
+        <strong>Label</strong> — A short, human-readable name. Shown in the sidebar, audit log, and
+        anywhere this endpoint is referenced. Use whatever distinguishes it for you (<em
+          >"prod-db-1"</em
+        >, <em>"staging-bastion"</em>, <em>"my-vps"</em>).
+      </p>
+
+      <p class="hint">
+        <strong>Address</strong> — Standard SSH target in the form <code>[user@]host[:port]</code>.
+        If the user is omitted, <code>shellwatch</code> is assumed (and rendered as a gray prefix
+        with a warning on blur). The port defaults to <code>22</code>.
+      </p>
+
+      <p class="hint">
+        <strong>Description</strong> — Optional free-form text (up to 1000 chars).
+        <em>Especially important for MCP-driven sessions:</em>
+        this string is surfaced to AI agents alongside the endpoint in the
+        <code>list_endpoints</code>
+        tool response, so it's how the agent learns the
+        <em>context</em> of a server. Treat it as a one-paragraph operator brief — e.g.
+        <em
+          >"Production database host, runs Postgres 15. /srv/data holds nightly dumps; do not touch
+          /etc/postgresql without a maintenance window."</em
+        > A well-written description is the difference between an agent making a sensible decision and
+        one acting blind.
+      </p>
+
+      <p class="hint">
+        <strong>User Verification</strong> — Controls the WebAuthn <code>userVerification</code>
+        option on every passkey ceremony to this endpoint. Default
+        <code>required</code> (PIN / biometric always enforced). See the deep-dive below.
+      </p>
+
+      <p class="hint">
+        <strong>SSH Agent Forwarding</strong> — When on, <Wordmark /> requests SSH-agent forwarding on
+        the session so the user's broker socket is forwarded into the remote host. Required for onward
+        auth — using <code>ssh</code> / <code>git</code> from the remote host, and for the
+        <Wordmark /> PAM module to gate <code>sudo</code>. Default
+        <em>on</em>; turn off only when the target sshd disallows forwarding (returns
+        <code>request forwarding denied</code> at handshake).
+      </p>
+
+      <h4>User Verification (deep-dive)</h4>
+      <p class="hint">
+        UV is <em>client-side</em> by default — <Wordmark /> requests it from the authenticator and rejects
+        responses missing the bit, but the authoritative gate is the
+        <strong>OpenSSH server</strong>. To make UV load-bearing, the target sshd must also enforce
+        it:
+      </p>
+      <ul class="steps">
+        <li>
+          <strong>Globally</strong> in <code>sshd_config</code>:
+          <code>PubkeyAuthOptions verify-required</code>
+        </li>
+        <li>
+          <strong>Per-key</strong> in <code>~/.ssh/authorized_keys</code>:
+          <code>verify-required sk-ecdsa-sha2-nistp256@openssh.com AAAA…</code>
+        </li>
+      </ul>
+      <p class="hint">
+        Either source makes sshd reject signatures without the UV bit (<code
+          >SSH_SK_USER_VERIFICATION_REQD</code
+        >, <code>0x04</code>), logging
+        <code>user verification requirement not met</code>.
+      </p>
+    </div>
+  </details>
+
+  <details class="setup-card">
+    <summary>MCP Client Setup</summary>
+    <div class="setup-body">
+      <p class="hint">
+        Agents (Claude Desktop, Cursor, etc.) talk to <Wordmark /> via the Model Context Protocol at
+        <code>/mcp</code>. <Wordmark /> exposes session-broker tools to the agent; any session it opens
+        shows up in your audit log just like a UI-driven one.
+      </p>
+      <h4>OAuth (recommended)</h4>
+      <ol class="steps">
+        <li>
+          Point your MCP client at <code>{mcpUrl}</code>.
+        </li>
+        <li>
+          The client redirects through <Wordmark />'s OAuth flow on first use; approve with a
+          passkey.
+        </li>
+        <li>
+          <Wordmark /> mints a scoped API key on the fly and injects it into the agent's session — no
+          manual key handling, key rotates per session.
+        </li>
+      </ol>
+
+      <h4>Direct (no-OAuth clients)</h4>
+      <ol class="steps">
+        <li>
+          Go to <strong>Settings → API Keys</strong> and click <em>Generate API Key</em>.
+        </li>
+        <li>
+          Give it a label and enable the <code>mcp</code> scope.
+        </li>
+        <li>
+          Configure your client to send the key as an HTTP
+          <code>Authorization: Bearer &lt;KEY&gt;</code> header against <code>{mcpUrl}</code>.
+        </li>
+      </ol>
+    </div>
+  </details>
+
+  <details class="setup-card">
+    <summary>ShellWatch Agent Setup</summary>
+    <div class="setup-body">
+      <p class="hint">
+        <code>shellwatch-agent</code> is a thin local SSH agent that runs on your workstation and
+        brokers every <code>SSH_AGENTC_SIGN_REQUEST</code> through <Wordmark />. With it running,
+        ordinary <code>ssh</code>, <code>git</code>, <code>scp</code>, and friends prompt your
+        passkey via <Wordmark /> instead of needing a private key on disk. Requires
+        <strong>OpenSSH 10.3+</strong> on the client — earlier versions silently drop webauthn-sk signatures
+        when forwarded through an agent.
+      </p>
+      <ol class="steps">
+        <li>
+          Install <code>shellwatch-agent</code> from
+          <a href={AGENT_RELEASES_URL} target="_blank" rel="noopener noreferrer">GitHub Releases</a> (binary
+          releases for macOS / Linux).
+        </li>
+        <li>
+          Generate an API key with the <code>agent</code> scope in
+          <strong>Settings → API Keys</strong> and hand it to the agent at install time.
+        </li>
+        <li>
+          Export <code>SSH_AUTH_SOCK</code> to point at the agent's socket (the installer prints the exact
+          line for your shell).
+        </li>
+        <li>
+          Run <code>ssh user@host</code>. <Wordmark /> intercepts the signing request and prompts your
+          passkey; the signature is forwarded to sshd as a normal SSH agent response.
+        </li>
+      </ol>
+    </div>
+  </details>
+
+  <details class="setup-card">
+    <summary>ShellWatch PAM Setup</summary>
+    <div class="setup-body">
+      <p class="hint">
+        <code>pam-ssh-agent-webauthn</code> is a PAM module that gates privileged actions on the
+        remote host — <code>sudo</code>, <code>su</code>, console login, anything PAM authenticates
+        — on a fresh passkey signature brokered through <Wordmark />.
+      </p>
+      <ol class="steps">
+        <li>
+          Build the module on the remote host from
+          <a href={PAM_REPO_URL} target="_blank" rel="noopener noreferrer"
+            >github.com/rado0x54/pam-ssh-agent-webauthn</a
+          > (Go binary, single static dependency).
+        </li>
+        <li>
+          Drop it into your PAM config — typically <code>/etc/pam.d/sudo</code> — as
+          <code>auth required pam_ssh_agent_webauthn.so</code>.
+        </li>
+        <li>
+          The endpoint must be reached with <strong>SSH agent forwarding enabled</strong> so
+          <code>SSH_AUTH_SOCK</code> is forwarded into the session — the PAM module reads from that
+          socket. Toggle it per endpoint in <Wordmark /> under
+          <strong>Settings → Endpoints</strong>; it's <em>on</em> by default for new endpoints.
+        </li>
+        <li>
+          Try <code>sudo &lt;cmd&gt;</code>: instead of a password prompt the user gets a passkey
+          ceremony in <Wordmark />.
+        </li>
+      </ol>
+    </div>
+  </details>
+
+  <p class="docs-footer">
+    Full setup walkthroughs and reference at
+    <a href={DOCS_URL} target="_blank" rel="noopener noreferrer">docs.shellwatch.ai</a>.
+  </p>
+</section>
+
+<style>
+  .setup-page {
+    display: flex;
+    flex-direction: column;
+    gap: 0.75rem;
+  }
+
+  .setup-card {
+    border: 1px solid var(--border);
+    border-radius: 8px;
+    background: var(--bg-primary);
+    overflow: hidden;
+  }
+
+  .setup-card > summary {
+    list-style: none;
+    cursor: pointer;
+    padding: 0.85rem 1rem;
+    font-size: 0.95rem;
+    font-weight: 600;
+    color: var(--on-surface);
+    display: flex;
+    align-items: center;
+    gap: 0.6rem;
+    user-select: none;
+    transition: background-color 0.15s;
+  }
+
+  .setup-card > summary::-webkit-details-marker {
+    display: none;
+  }
+
+  .setup-card > summary::before {
+    content: "▸";
+    font-size: 0.75rem;
+    color: var(--text-muted);
+    transition: transform 0.15s;
+    width: 0.75rem;
+    text-align: center;
+  }
+
+  .setup-card[open] > summary::before {
+    transform: rotate(90deg);
+  }
+
+  .setup-card > summary:hover {
+    background: color-mix(in srgb, var(--on-surface) 4%, transparent);
+  }
+
+  .setup-card[open] > summary {
+    border-bottom: 1px solid var(--border);
+  }
+
+  .setup-body {
+    padding: 0.85rem 1rem 1rem;
+  }
+
+  .setup-body h4 {
+    font-size: 0.7rem;
+    font-weight: 600;
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+    color: var(--text-muted);
+    margin: 1.25rem 0 0.5rem;
+  }
+
+  .setup-body h4:first-of-type {
+    margin-top: 1rem;
+  }
+
+  .hint {
+    font-size: 0.85rem;
+    color: var(--text-muted);
+    line-height: 1.55;
+    margin: 0 0 0.75rem;
+  }
+
+  .hint code,
+  .steps code {
+    font-family: var(--font-mono);
+    font-size: 0.85em;
+    color: var(--primary);
+  }
+
+  .steps a {
+    color: var(--accent);
+    text-decoration: none;
+  }
+
+  .steps a:hover {
+    text-decoration: underline;
+  }
+
+  .steps {
+    margin: 0 0 0.75rem;
+    padding-left: 1.5rem;
+    font-size: 0.85rem;
+    color: var(--text-muted);
+    line-height: 1.6;
+  }
+
+  .steps li {
+    margin-bottom: 0.4rem;
+  }
+
+  .steps li:last-child {
+    margin-bottom: 0;
+  }
+
+  .docs-footer {
+    margin-top: 0.5rem;
+    font-size: 0.8rem;
+    color: var(--text-muted);
+    text-align: center;
+  }
+
+  .docs-footer a {
+    color: var(--accent);
+    text-decoration: none;
+  }
+
+  .docs-footer a:hover {
+    text-decoration: underline;
+  }
+</style>
diff --git a/client/src/routes/settings/ssh-keys/+page.svelte b/client/src/routes/settings/ssh-keys/+page.svelte
new file mode 100644
index 0000000..f40b75b
--- /dev/null
+++ b/client/src/routes/settings/ssh-keys/+page.svelte
@@ -0,0 +1,178 @@
+<!-- SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 -->
+<!--
+  Admin-only view of file-based SSH keys discovered in the configured key
+  directory. Lifted out of /settings/keys when that page was renamed to
+  "Passkeys" — file keys are an admin concern that doesn't belong next to
+  per-user passkey management.
+-->
+<script lang="ts">
+  import { onMount } from "svelte";
+  import ConfirmDialog from "$lib/components/ConfirmDialog.svelte";
+  import SettingsList from "$lib/components/SettingsList.svelte";
+  import SettingsRow from "$lib/components/SettingsRow.svelte";
+  import { fetchSshKeys, sshKeys } from "$lib/stores/keys.js";
+  import { toastError } from "$lib/stores/toasts.js";
+  import { errorMessage } from "$lib/utils/error-message.js";
+
+  let revoking = $state(false);
+  let revokeTarget = $state<{ id: string; label: string } | null>(null);
+
+  onMount(() => {
+    fetchSshKeys();
+  });
+
+  const fileKeys = $derived($sshKeys.filter((k) => k.type === "file"));
+
+  function copyKey(key: string, btn: HTMLButtonElement) {
+    navigator.clipboard.writeText(key);
+    const original = btn.innerHTML;
+    btn.innerHTML = "&#10003;";
+    setTimeout(() => {
+      btn.innerHTML = original;
+    }, 1500);
+  }
+
+  function shortFingerprint(fp: string | null): string {
+    if (!fp) return "—";
+    return fp.length > 20 ? `${fp.slice(0, 20)}...` : fp;
+  }
+
+  function formatDate(iso: string | null): string {
+    if (!iso) return "Never";
+    return iso.slice(0, 10);
+  }
+
+  function openRevoke(id: string, label: string) {
+    revokeTarget = { id, label };
+  }
+
+  function closeRevoke() {
+    if (revoking) return;
+    revokeTarget = null;
+  }
+
+  async function handleRevoke() {
+    if (!revokeTarget) return;
+    revoking = true;
+    try {
+      const base = (window as unknown as { __BASE_PATH__?: string }).__BASE_PATH__ ?? "";
+      const res = await fetch(`${base}/api/keys/${revokeTarget.id}`, { method: "DELETE" });
+      if (!res.ok) {
+        const err = await res.json();
+        toastError(err.error || "Failed to revoke");
+        return;
+      }
+      await fetchSshKeys();
+      revokeTarget = null;
+    } catch (err) {
+      toastError(errorMessage(err));
+    } finally {
+      revoking = false;
+    }
+  }
+</script>
+
+<section>
+  <h2>File-Based SSH Keys</h2>
+
+  <SettingsList empty={fileKeys.length === 0} emptyText="No file-based SSH keys discovered">
+    {#each fileKeys as k (k.id)}
+      <SettingsRow>
+        {#snippet primary()}
+          <span class="row-label" class:revoked={k.revoked}>{k.label}</span>
+          {#if k.revoked}
+            <span class="badge badge-unavailable">revoked</span>
+          {:else if !k.available}
+            <span class="badge badge-unavailable">unavailable</span>
+          {:else}
+            <span class="badge badge-available">available</span>
+          {/if}
+          <span class="meta-mono">{k.algorithm}</span>
+        {/snippet}
+        {#snippet secondary()}
+          <span title={k.fingerprint ?? ""}>{shortFingerprint(k.fingerprint)}</span>
+          <span class="row-dot">·</span>created {formatDate(k.createdAt)}
+          <span class="row-dot">·</span>last used {formatDate(k.lastUsedAt)}
+        {/snippet}
+        {#snippet actions()}
+          {#if k.authorizedKeysEntry && !k.revoked}
+            <button
+              type="button"
+              class="btn btn-secondary"
+              title="Copy SSH public key"
+              onclick={(e) => copyKey(k.authorizedKeysEntry!, e.currentTarget as HTMLButtonElement)}
+              >Copy SSH PubKey</button
+            >
+          {/if}
+          {#if !k.revoked}
+            <button
+              type="button"
+              class="btn btn-secondary"
+              disabled={revoking}
+              onclick={() => openRevoke(k.id, k.label)}>Revoke</button
+            >
+          {/if}
+        {/snippet}
+      </SettingsRow>
+    {/each}
+  </SettingsList>
+
+  {#if revokeTarget}
+    <ConfirmDialog
+      title="Revoke SSH key?"
+      confirmLabel="Revoke"
+      onConfirm={handleRevoke}
+      onCancel={closeRevoke}
+      processing={revoking}
+    >
+      <p class="modal-desc">
+        Revoke <strong>{revokeTarget.label}</strong>? This is permanent and cannot be undone.
+      </p>
+    </ConfirmDialog>
+  {/if}
+</section>
+
+<style>
+  h2 {
+    font-size: 0.75rem;
+    font-weight: 600;
+    margin-bottom: 0.75rem;
+    color: var(--text-muted);
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+  }
+
+  .row-label {
+    font-weight: 600;
+    font-size: var(--body-md);
+    color: var(--on-surface);
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    max-width: 100%;
+  }
+
+  .row-label.revoked {
+    opacity: 0.5;
+  }
+
+  .meta-mono {
+    font-family: var(--font-mono);
+    font-size: var(--label-sm);
+    color: var(--on-surface-variant);
+    text-transform: uppercase;
+    letter-spacing: 0.04em;
+  }
+
+  .row-dot {
+    color: var(--on-surface-faint);
+    margin: 0 var(--space-2);
+  }
+
+  .modal-desc {
+    color: var(--text-muted);
+    font-size: 0.85rem;
+    margin: 0 0 var(--space-3);
+    line-height: 1.5;
+  }
+</style>
diff --git a/config.sample.yaml b/config.sample.yaml
index 28f2584..cd52ac8 100644
--- a/config.sample.yaml
+++ b/config.sample.yaml
@@ -40,12 +40,35 @@ keyDirectory: ./keys
 
 # Optional: seed endpoints for the admin account on first run (keys are assigned via UI)
 # Format: [user@]host[:port] — defaults: user=shellwatch, port=22
+# agentForward defaults to true; set to false for hosts that disallow forwarding.
+# description is optional free-form context (max 1000 chars) surfaced to MCP
+# agents via the shellwatch_manage_endpoints list/read tool.
 # seedAdminEndpoints:
 #   - label: Dev Box
 #     address: ubuntu@dev.example.com
+#     description: "Personal dev sandbox. /srv/app holds the staging copy."
 #
 #   - label: Staging
 #     address: deploy@staging.example.com:2222
+#     agentForward: false
+
+# Optional: virtual demo endpoints merged into every account's endpoint list.
+# Same shape as seedAdminEndpoints (including description). Never copied into
+# the database — config is the source of truth. Each account has a "Show demo
+# endpoints" toggle on the Endpoints page (default on); set demoEndpoints to
+# [] or omit to disable. Pairs with the rado0x54/shellwatch-demo-server
+# container — see issue #211.
+# demoEndpoints:
+#   - label: "Demo: Sudoku"
+#     address: sw-sudoku@ssh.shellwatch.ai
+#     description: "Terminal sudoku (nudoku). ForceCommand-pinned; no shell."
+#   - label: "Demo: 2048"
+#     address: sw-2048@ssh.shellwatch.ai
+#     description: "Terminal 2048. ForceCommand-pinned; no shell."
+#   - label: "Demo: Snake"
+#     address: sw-snake@ssh.shellwatch.ai
+#   - label: "Demo: Matrix"
+#     address: sw-matrix@ssh.shellwatch.ai
 
 # Security settings
 security:
diff --git a/design/shellwatch_wordmark-dark.svg b/design/shellwatch_wordmark-dark.svg
index e970a09..bdd6916 100644
--- a/design/shellwatch_wordmark-dark.svg
+++ b/design/shellwatch_wordmark-dark.svg
@@ -1,12 +1,12 @@
 <!-- SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 -->
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 720 140" role="img" aria-label="ShellWatch">
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 820 140" role="img" aria-label="ShellWatch">
   <title>ShellWatch</title>
-  <text x="0" y="108"
+  <text x="10" y="108"
         font-family="Geist, 'Inter', 'Helvetica Neue', Helvetica, Arial, system-ui, sans-serif"
         font-weight="600"
         font-size="120"
         letter-spacing="-1.2"
-        textLength="720"
+        textLength="800"
         lengthAdjust="spacingAndGlyphs">
     <tspan fill="#12a26f">SHELL</tspan><tspan fill="#f0efea">WATCH</tspan>
   </text>
diff --git a/design/shellwatch_wordmark-light.svg b/design/shellwatch_wordmark-light.svg
index ae13a15..ef26503 100644
--- a/design/shellwatch_wordmark-light.svg
+++ b/design/shellwatch_wordmark-light.svg
@@ -1,12 +1,12 @@
 <!-- SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0 -->
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 720 140" role="img" aria-label="ShellWatch">
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 820 140" role="img" aria-label="ShellWatch">
   <title>ShellWatch</title>
-  <text x="0" y="108"
+  <text x="10" y="108"
         font-family="Geist, 'Inter', 'Helvetica Neue', Helvetica, Arial, system-ui, sans-serif"
         font-weight="600"
         font-size="120"
         letter-spacing="-1.2"
-        textLength="720"
+        textLength="800"
         lengthAdjust="spacingAndGlyphs">
     <tspan fill="#12a26f">SHELL</tspan><tspan fill="#1f1f1f">WATCH</tspan>
   </text>
diff --git a/drizzle/0007_endpoint_agent_forward.sql b/drizzle/0007_endpoint_agent_forward.sql
new file mode 100644
index 0000000..42104d9
--- /dev/null
+++ b/drizzle/0007_endpoint_agent_forward.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `endpoints` ADD `agent_forward` integer DEFAULT true NOT NULL;--> statement-breakpoint
+ALTER TABLE `accounts` DROP COLUMN `agent_forward`;
\ No newline at end of file
diff --git a/drizzle/0008_account_show_demo_endpoints.sql b/drizzle/0008_account_show_demo_endpoints.sql
new file mode 100644
index 0000000..a1da434
--- /dev/null
+++ b/drizzle/0008_account_show_demo_endpoints.sql
@@ -0,0 +1 @@
+ALTER TABLE `accounts` ADD `show_demo_endpoints` integer DEFAULT true NOT NULL;
\ No newline at end of file
diff --git a/drizzle/meta/0007_snapshot.json b/drizzle/meta/0007_snapshot.json
new file mode 100644
index 0000000..72eee5a
--- /dev/null
+++ b/drizzle/meta/0007_snapshot.json
@@ -0,0 +1,973 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "833d8ef2-d304-4fca-a662-6c996f63b68d",
+  "prevId": "3ef48364-48b4-4c51-8686-c11af4722eb9",
+  "tables": {
+    "accounts": {
+      "name": "accounts",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "max_sessions": {
+          "name": "max_sessions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 5
+        },
+        "last_used_at": {
+          "name": "last_used_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "admin_account": {
+      "name": "admin_account",
+      "columns": {
+        "singleton": {
+          "name": "singleton",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 1
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "admin_account_account_id_accounts_id_fk": {
+          "name": "admin_account_account_id_accounts_id_fk",
+          "tableFrom": "admin_account",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {
+        "single_row": {
+          "name": "single_row",
+          "value": "\"admin_account\".\"singleton\" = 1"
+        }
+      }
+    },
+    "api_keys": {
+      "name": "api_keys",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "key_hash": {
+          "name": "key_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "key_prefix": {
+          "name": "key_prefix",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "scopes": {
+          "name": "scopes",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "endpoints": {
+          "name": "endpoints",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "api_keys_key_hash_unique": {
+          "name": "api_keys_key_hash_unique",
+          "columns": ["key_hash"],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "api_keys_account_id_accounts_id_fk": {
+          "name": "api_keys_account_id_accounts_id_fk",
+          "tableFrom": "api_keys",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "audit_session_lifecycle": {
+      "name": "audit_session_lifecycle",
+      "columns": {
+        "session_id": {
+          "name": "session_id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "endpoint_id": {
+          "name": "endpoint_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "source": {
+          "name": "source",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "closed_at": {
+          "name": "closed_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "duration_ms": {
+          "name": "duration_ms",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "source_ip": {
+          "name": "source_ip",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_reason": {
+          "name": "mcp_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_client_name": {
+          "name": "mcp_client_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_client_version": {
+          "name": "mcp_client_version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "api_key_label": {
+          "name": "api_key_label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "api_key_prefix": {
+          "name": "api_key_prefix",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_hostname": {
+          "name": "client_hostname",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_os": {
+          "name": "client_os",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_version": {
+          "name": "client_version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "close_reason": {
+          "name": "close_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "audit_session_lifecycle_account_created_idx": {
+          "name": "audit_session_lifecycle_account_created_idx",
+          "columns": ["account_id", "created_at", "session_id"],
+          "isUnique": false
+        },
+        "audit_session_lifecycle_account_endpoint_created_idx": {
+          "name": "audit_session_lifecycle_account_endpoint_created_idx",
+          "columns": ["account_id", "endpoint_id", "created_at", "session_id"],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {
+        "audit_session_lifecycle_account_id_accounts_id_fk": {
+          "name": "audit_session_lifecycle_account_id_accounts_id_fk",
+          "tableFrom": "audit_session_lifecycle",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {
+        "audit_session_lifecycle_status_chk": {
+          "name": "audit_session_lifecycle_status_chk",
+          "value": "\"audit_session_lifecycle\".\"status\" IN ('open','closed','error')"
+        },
+        "audit_session_lifecycle_source_chk": {
+          "name": "audit_session_lifecycle_source_chk",
+          "value": "\"audit_session_lifecycle\".\"source\" IN ('ui','mcp','ssh')"
+        }
+      }
+    },
+    "audit_signing_requests": {
+      "name": "audit_signing_requests",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "source": {
+          "name": "source",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "resolved_at": {
+          "name": "resolved_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "outcome": {
+          "name": "outcome",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "latency_ms": {
+          "name": "latency_ms",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "source_ip": {
+          "name": "source_ip",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "endpoint_label": {
+          "name": "endpoint_label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "endpoint_address": {
+          "name": "endpoint_address",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "session_id": {
+          "name": "session_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_reason": {
+          "name": "mcp_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_client_name": {
+          "name": "mcp_client_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_client_version": {
+          "name": "mcp_client_version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "api_key_label": {
+          "name": "api_key_label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "api_key_prefix": {
+          "name": "api_key_prefix",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_hostname": {
+          "name": "client_hostname",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_os": {
+          "name": "client_os",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_version": {
+          "name": "client_version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "credential_id": {
+          "name": "credential_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "passkey_label": {
+          "name": "passkey_label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "user_verification": {
+          "name": "user_verification",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "key_label": {
+          "name": "key_label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "key_fingerprint": {
+          "name": "key_fingerprint",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "cancel_reason": {
+          "name": "cancel_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "audit_signing_requests_account_created_idx": {
+          "name": "audit_signing_requests_account_created_idx",
+          "columns": ["account_id", "created_at", "id"],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {
+        "audit_signing_requests_account_id_accounts_id_fk": {
+          "name": "audit_signing_requests_account_id_accounts_id_fk",
+          "tableFrom": "audit_signing_requests",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {
+        "audit_signing_requests_type_chk": {
+          "name": "audit_signing_requests_type_chk",
+          "value": "\"audit_signing_requests\".\"type\" IN ('webauthn-sign','key-approve')"
+        },
+        "audit_signing_requests_source_chk": {
+          "name": "audit_signing_requests_source_chk",
+          "value": "\"audit_signing_requests\".\"source\" IN ('endpoint-auth','agent-forwarding','agent-proxy')"
+        },
+        "audit_signing_requests_outcome_chk": {
+          "name": "audit_signing_requests_outcome_chk",
+          "value": "\"audit_signing_requests\".\"outcome\" IS NULL OR \"audit_signing_requests\".\"outcome\" IN ('approved','denied','expired','cancelled')"
+        }
+      }
+    },
+    "endpoints": {
+      "name": "endpoints",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "host": {
+          "name": "host",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "port": {
+          "name": "port",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 22
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "user_verification": {
+          "name": "user_verification",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'required'"
+        },
+        "agent_forward": {
+          "name": "agent_forward",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "endpoints_account_id_accounts_id_fk": {
+          "name": "endpoints_account_id_accounts_id_fk",
+          "tableFrom": "endpoints",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "push_subscriptions": {
+      "name": "push_subscriptions",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "endpoint": {
+          "name": "endpoint",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "p256dh": {
+          "name": "p256dh",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "auth": {
+          "name": "auth",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "push_subscriptions_endpoint_unique": {
+          "name": "push_subscriptions_endpoint_unique",
+          "columns": ["endpoint"],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "push_subscriptions_account_id_accounts_id_fk": {
+          "name": "push_subscriptions_account_id_accounts_id_fk",
+          "tableFrom": "push_subscriptions",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "ssh_keys": {
+      "name": "ssh_keys",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'file'"
+        },
+        "public_key": {
+          "name": "public_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "fingerprint": {
+          "name": "fingerprint",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "last_used_at": {
+          "name": "last_used_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "ssh_keys_fingerprint_unique": {
+          "name": "ssh_keys_fingerprint_unique",
+          "columns": ["fingerprint"],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "webauthn_credentials": {
+      "name": "webauthn_credentials",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "credential_id": {
+          "name": "credential_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "public_key": {
+          "name": "public_key",
+          "type": "blob",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "counter": {
+          "name": "counter",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "transports": {
+          "name": "transports",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "public_key_openssh": {
+          "name": "public_key_openssh",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "revoked": {
+          "name": "revoked",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "state": {
+          "name": "state",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'active'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "last_used_at": {
+          "name": "last_used_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "webauthn_credentials_credential_id_unique": {
+          "name": "webauthn_credentials_credential_id_unique",
+          "columns": ["credential_id"],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "webauthn_credentials_account_id_accounts_id_fk": {
+          "name": "webauthn_credentials_account_id_accounts_id_fk",
+          "tableFrom": "webauthn_credentials",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
diff --git a/drizzle/meta/0008_snapshot.json b/drizzle/meta/0008_snapshot.json
new file mode 100644
index 0000000..9593351
--- /dev/null
+++ b/drizzle/meta/0008_snapshot.json
@@ -0,0 +1,981 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "51088beb-e89a-4425-a71a-9509a1c5483a",
+  "prevId": "833d8ef2-d304-4fca-a662-6c996f63b68d",
+  "tables": {
+    "accounts": {
+      "name": "accounts",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "max_sessions": {
+          "name": "max_sessions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 5
+        },
+        "show_demo_endpoints": {
+          "name": "show_demo_endpoints",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "last_used_at": {
+          "name": "last_used_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "admin_account": {
+      "name": "admin_account",
+      "columns": {
+        "singleton": {
+          "name": "singleton",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 1
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "admin_account_account_id_accounts_id_fk": {
+          "name": "admin_account_account_id_accounts_id_fk",
+          "tableFrom": "admin_account",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {
+        "single_row": {
+          "name": "single_row",
+          "value": "\"admin_account\".\"singleton\" = 1"
+        }
+      }
+    },
+    "api_keys": {
+      "name": "api_keys",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "key_hash": {
+          "name": "key_hash",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "key_prefix": {
+          "name": "key_prefix",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "scopes": {
+          "name": "scopes",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "endpoints": {
+          "name": "endpoints",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "api_keys_key_hash_unique": {
+          "name": "api_keys_key_hash_unique",
+          "columns": ["key_hash"],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "api_keys_account_id_accounts_id_fk": {
+          "name": "api_keys_account_id_accounts_id_fk",
+          "tableFrom": "api_keys",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "audit_session_lifecycle": {
+      "name": "audit_session_lifecycle",
+      "columns": {
+        "session_id": {
+          "name": "session_id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "endpoint_id": {
+          "name": "endpoint_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "source": {
+          "name": "source",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "closed_at": {
+          "name": "closed_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "duration_ms": {
+          "name": "duration_ms",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "source_ip": {
+          "name": "source_ip",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_reason": {
+          "name": "mcp_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_client_name": {
+          "name": "mcp_client_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_client_version": {
+          "name": "mcp_client_version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "api_key_label": {
+          "name": "api_key_label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "api_key_prefix": {
+          "name": "api_key_prefix",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_hostname": {
+          "name": "client_hostname",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_os": {
+          "name": "client_os",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_version": {
+          "name": "client_version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "close_reason": {
+          "name": "close_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "audit_session_lifecycle_account_created_idx": {
+          "name": "audit_session_lifecycle_account_created_idx",
+          "columns": ["account_id", "created_at", "session_id"],
+          "isUnique": false
+        },
+        "audit_session_lifecycle_account_endpoint_created_idx": {
+          "name": "audit_session_lifecycle_account_endpoint_created_idx",
+          "columns": ["account_id", "endpoint_id", "created_at", "session_id"],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {
+        "audit_session_lifecycle_account_id_accounts_id_fk": {
+          "name": "audit_session_lifecycle_account_id_accounts_id_fk",
+          "tableFrom": "audit_session_lifecycle",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {
+        "audit_session_lifecycle_status_chk": {
+          "name": "audit_session_lifecycle_status_chk",
+          "value": "\"audit_session_lifecycle\".\"status\" IN ('open','closed','error')"
+        },
+        "audit_session_lifecycle_source_chk": {
+          "name": "audit_session_lifecycle_source_chk",
+          "value": "\"audit_session_lifecycle\".\"source\" IN ('ui','mcp','ssh')"
+        }
+      }
+    },
+    "audit_signing_requests": {
+      "name": "audit_signing_requests",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "source": {
+          "name": "source",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "resolved_at": {
+          "name": "resolved_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "outcome": {
+          "name": "outcome",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "latency_ms": {
+          "name": "latency_ms",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "source_ip": {
+          "name": "source_ip",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "endpoint_label": {
+          "name": "endpoint_label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "endpoint_address": {
+          "name": "endpoint_address",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "session_id": {
+          "name": "session_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_reason": {
+          "name": "mcp_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_client_name": {
+          "name": "mcp_client_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "mcp_client_version": {
+          "name": "mcp_client_version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "api_key_label": {
+          "name": "api_key_label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "api_key_prefix": {
+          "name": "api_key_prefix",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_hostname": {
+          "name": "client_hostname",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_os": {
+          "name": "client_os",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "client_version": {
+          "name": "client_version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "credential_id": {
+          "name": "credential_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "passkey_label": {
+          "name": "passkey_label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "user_verification": {
+          "name": "user_verification",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "key_label": {
+          "name": "key_label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "key_fingerprint": {
+          "name": "key_fingerprint",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "cancel_reason": {
+          "name": "cancel_reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "audit_signing_requests_account_created_idx": {
+          "name": "audit_signing_requests_account_created_idx",
+          "columns": ["account_id", "created_at", "id"],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {
+        "audit_signing_requests_account_id_accounts_id_fk": {
+          "name": "audit_signing_requests_account_id_accounts_id_fk",
+          "tableFrom": "audit_signing_requests",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {
+        "audit_signing_requests_type_chk": {
+          "name": "audit_signing_requests_type_chk",
+          "value": "\"audit_signing_requests\".\"type\" IN ('webauthn-sign','key-approve')"
+        },
+        "audit_signing_requests_source_chk": {
+          "name": "audit_signing_requests_source_chk",
+          "value": "\"audit_signing_requests\".\"source\" IN ('endpoint-auth','agent-forwarding','agent-proxy')"
+        },
+        "audit_signing_requests_outcome_chk": {
+          "name": "audit_signing_requests_outcome_chk",
+          "value": "\"audit_signing_requests\".\"outcome\" IS NULL OR \"audit_signing_requests\".\"outcome\" IN ('approved','denied','expired','cancelled')"
+        }
+      }
+    },
+    "endpoints": {
+      "name": "endpoints",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "host": {
+          "name": "host",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "port": {
+          "name": "port",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 22
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "user_verification": {
+          "name": "user_verification",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'required'"
+        },
+        "agent_forward": {
+          "name": "agent_forward",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "endpoints_account_id_accounts_id_fk": {
+          "name": "endpoints_account_id_accounts_id_fk",
+          "tableFrom": "endpoints",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "push_subscriptions": {
+      "name": "push_subscriptions",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "endpoint": {
+          "name": "endpoint",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "p256dh": {
+          "name": "p256dh",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "auth": {
+          "name": "auth",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "push_subscriptions_endpoint_unique": {
+          "name": "push_subscriptions_endpoint_unique",
+          "columns": ["endpoint"],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "push_subscriptions_account_id_accounts_id_fk": {
+          "name": "push_subscriptions_account_id_accounts_id_fk",
+          "tableFrom": "push_subscriptions",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "ssh_keys": {
+      "name": "ssh_keys",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'file'"
+        },
+        "public_key": {
+          "name": "public_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "fingerprint": {
+          "name": "fingerprint",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "last_used_at": {
+          "name": "last_used_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "ssh_keys_fingerprint_unique": {
+          "name": "ssh_keys_fingerprint_unique",
+          "columns": ["fingerprint"],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "webauthn_credentials": {
+      "name": "webauthn_credentials",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "account_id": {
+          "name": "account_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "credential_id": {
+          "name": "credential_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "public_key": {
+          "name": "public_key",
+          "type": "blob",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "counter": {
+          "name": "counter",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "transports": {
+          "name": "transports",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "label": {
+          "name": "label",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "public_key_openssh": {
+          "name": "public_key_openssh",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "revoked": {
+          "name": "revoked",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "state": {
+          "name": "state",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'active'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "last_used_at": {
+          "name": "last_used_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "webauthn_credentials_credential_id_unique": {
+          "name": "webauthn_credentials_credential_id_unique",
+          "columns": ["credential_id"],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "webauthn_credentials_account_id_accounts_id_fk": {
+          "name": "webauthn_credentials_account_id_accounts_id_fk",
+          "tableFrom": "webauthn_credentials",
+          "tableTo": "accounts",
+          "columnsFrom": ["account_id"],
+          "columnsTo": ["id"],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
diff --git a/drizzle/meta/_journal.json b/drizzle/meta/_journal.json
index 61bfff8..3ed77e2 100644
--- a/drizzle/meta/_journal.json
+++ b/drizzle/meta/_journal.json
@@ -50,6 +50,20 @@
       "when": 1777783781140,
       "tag": "0006_audit_signing_requests",
       "breakpoints": true
+    },
+    {
+      "idx": 7,
+      "version": "6",
+      "when": 1779047498048,
+      "tag": "0007_endpoint_agent_forward",
+      "breakpoints": true
+    },
+    {
+      "idx": 8,
+      "version": "6",
+      "when": 1779052745016,
+      "tag": "0008_account_show_demo_endpoints",
+      "breakpoints": true
     }
   ]
 }
diff --git a/src/agent/agent-session.test.ts b/src/agent/agent-session.test.ts
index 3fbd637..cbfd9ba 100644
--- a/src/agent/agent-session.test.ts
+++ b/src/agent/agent-session.test.ts
@@ -1,10 +1,18 @@
 // SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0
 import { EventEmitter } from "node:events";
 import { describe, expect, it, vi } from "vitest";
+import { StubAccountRepository } from "../db/repositories/account-repo.js";
 import { InMemoryEndpointRepository } from "../db/repositories/endpoint-repo.js";
+import { createDemoEndpointsService } from "../demo-endpoints/index.js";
 import type { TerminalManager } from "../terminal/terminal-manager.js";
 import { AgentSession } from "./agent-session.js";
 
+// Demo-aware deps that mirror the production wiring but with empty demo
+// config / a no-op account repo. Tests that need the merged list with
+// actual demos should pass their own service instead.
+const EMPTY_DEMO = createDemoEndpointsService([]);
+const NO_OP_ACCOUNT = new StubAccountRepository();
+
 function createMockTerminalManager() {
   const emitter = new EventEmitter();
   return Object.assign(emitter, {
@@ -45,6 +53,8 @@ describe("AgentSession.listEndpoints", () => {
     ]);
     const session = new AgentSession({
       endpointRepo,
+      demoEndpoints: EMPTY_DEMO,
+      accountRepo: NO_OP_ACCOUNT,
       terminalManager: createMockTerminalManager(),
       source: "mcp",
       accountId: "account-alice",
@@ -75,6 +85,8 @@ describe("AgentSession.createSession", () => {
     const terminalManager = createMockTerminalManager();
     const session = new AgentSession({
       endpointRepo,
+      demoEndpoints: EMPTY_DEMO,
+      accountRepo: NO_OP_ACCOUNT,
       terminalManager,
       source: "mcp",
       accountId: "account-bob",
@@ -109,6 +121,8 @@ describe("AgentSession.createSession", () => {
     });
     const session = new AgentSession({
       endpointRepo,
+      demoEndpoints: EMPTY_DEMO,
+      accountRepo: NO_OP_ACCOUNT,
       terminalManager,
       source: "mcp",
       accountId: "account-alice",
diff --git a/src/agent/agent-session.ts b/src/agent/agent-session.ts
index 109f3f2..5068375 100644
--- a/src/agent/agent-session.ts
+++ b/src/agent/agent-session.ts
@@ -1,5 +1,8 @@
 // SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0
+import type { AccountRepository } from "../db/repositories/account-repo.js";
 import type { EndpointRepository } from "../db/repositories/endpoint-repo.js";
+import type { DemoEndpointsService } from "../demo-endpoints/index.js";
+import { isDemoEndpointId } from "../demo-endpoints/index.js";
 import type { EndpointAuthTrigger } from "../pending-action/types.js";
 import type { OutputReadResult, TerminalManager, TerminalSession } from "../terminal/index.js";
 import { resolveKeys } from "../terminal/keys.js";
@@ -9,6 +12,16 @@ export type AgentSource = "mcp" | "ssh";
 
 export interface AgentSessionOptions {
   endpointRepo: EndpointRepository;
+  /**
+   * Service that materializes the operator-configured demo endpoints. Merged
+   * into the agent's endpoint listing when the account's showDemoEndpoints
+   * toggle is on; opens are accepted on `demo:*` ids regardless of the toggle
+   * (matches the UI flow — visibility hides them, but the connect path stays
+   * usable for callers that already know the id).
+   */
+  demoEndpoints: DemoEndpointsService;
+  /** Used to read the account's `showDemoEndpoints` toggle at list time. */
+  accountRepo: AccountRepository;
   terminalManager: TerminalManager;
   source: AgentSource;
   /**
@@ -38,6 +51,8 @@ export class AgentSession {
   private mcpClientVersion?: string;
 
   private readonly endpointRepo: EndpointRepository;
+  private readonly demoEndpoints: DemoEndpointsService;
+  private readonly accountRepo: AccountRepository;
   private readonly terminalManager: TerminalManager;
   private readonly source: AgentSource;
   private readonly accountId: string;
@@ -48,6 +63,8 @@ export class AgentSession {
 
   constructor(opts: AgentSessionOptions) {
     this.endpointRepo = opts.endpointRepo;
+    this.demoEndpoints = opts.demoEndpoints;
+    this.accountRepo = opts.accountRepo;
     this.terminalManager = opts.terminalManager;
     this.source = opts.source;
     this.accountId = opts.accountId;
@@ -83,8 +100,12 @@ export class AgentSession {
       description: string | null;
     }[]
   > {
-    const endpoints = await this.endpointRepo.findAllForAccount(this.accountId);
-    return endpoints.map(({ id, label, host, port, username, description }) => ({
+    const own = await this.endpointRepo.findAllForAccount(this.accountId);
+    const account = await this.accountRepo.findById(this.accountId);
+    const merged = account?.showDemoEndpoints
+      ? [...own, ...this.demoEndpoints.list(this.accountId)]
+      : own;
+    return merged.map(({ id, label, host, port, username, description }) => ({
       id,
       label,
       host,
@@ -101,7 +122,12 @@ export class AgentSession {
     // could pass any endpoint UUID and trigger a WebAuthn approval prompt on
     // the owning account with attacker-chosen reason text — and, if approved,
     // drive the resulting session via send_keys / read_output.
-    const endpoint = await this.endpointRepo.findByIdForAccount(endpointId, this.accountId);
+    //
+    // Demo endpoints aren't account-scoped (they're a global config set), so
+    // route them through the synthesizer instead of the per-account repo.
+    const endpoint = isDemoEndpointId(endpointId)
+      ? this.demoEndpoints.findById(endpointId, this.accountId)
+      : await this.endpointRepo.findByIdForAccount(endpointId, this.accountId);
     if (!endpoint) {
       throw new Error(`Unknown endpoint: ${endpointId}`);
     }
diff --git a/src/config/index.ts b/src/config/index.ts
index 96b8b9c..4c82f58 100644
--- a/src/config/index.ts
+++ b/src/config/index.ts
@@ -3,6 +3,8 @@ export { loadConfig } from "./loader.js";
 export {
   type Config,
   ConfigSchema,
+  type DemoEndpoint,
+  DemoEndpointSchema,
   type SeedEndpoint,
   SeedEndpointSchema,
   securityFieldDefaults,
diff --git a/src/config/loader.test.ts b/src/config/loader.test.ts
index e7360ca..53bb145 100644
--- a/src/config/loader.test.ts
+++ b/src/config/loader.test.ts
@@ -128,6 +128,31 @@ seedAdminEndpoints:
     expect(() => loadConfig(configPath)).toThrow("Invalid config");
   });
 
+  it("defaults agentForward to true on seed endpoints", () => {
+    const dir = createTempDir();
+    const configPath = writeConfig(
+      dir,
+      `
+server:
+  externalUrl: http://localhost:3000
+security:
+  rpId: localhost
+  trustedWebauthnOrigins:
+    - http://localhost
+seedAdminEndpoints:
+  - label: Default
+    address: host.example.com
+  - label: NoForward
+    address: locked.example.com
+    agentForward: false
+`,
+    );
+
+    const config = loadConfig(configPath);
+    expect(config.seedAdminEndpoints[0].agentForward).toBe(true);
+    expect(config.seedAdminEndpoints[1].agentForward).toBe(false);
+  });
+
   it("loads multiple endpoints with different address formats", () => {
     const dir = createTempDir();
     const configPath = writeConfig(
diff --git a/src/config/schema.ts b/src/config/schema.ts
index 755591e..a0758d0 100644
--- a/src/config/schema.ts
+++ b/src/config/schema.ts
@@ -8,8 +8,26 @@ export const SeedEndpointSchema = z.object({
     .string()
     .min(1)
     .transform((addr) => parseEndpointAddress(addr)),
+  /**
+   * Whether to enable SSH agent forwarding on sessions to this endpoint.
+   * Defaults to true — opt out per endpoint when the host disallows forwarding.
+   */
+  agentForward: z.boolean().default(true),
+  /**
+   * Optional free-form context. Surfaced to MCP agents via the
+   * `shellwatch_manage_endpoints` list/read tool — the canonical place to
+   * tell an agent what a given host is for. Bounded to the same 1000-char
+   * cap the REST API enforces on user-created endpoints.
+   */
+  description: z.string().max(1000).optional(),
 });
 
+// demoEndpoints uses the same shape as seedAdminEndpoints — they're virtual,
+// global endpoints merged into every account's endpoint list (toggle on the
+// account row). See src/demo-endpoints/. Key delivery is a separate concern,
+// not modeled per-endpoint.
+export const DemoEndpointSchema = SeedEndpointSchema;
+
 /** Field-level defaults for optional security settings (rpId and trustedWebauthnOrigins are required) */
 export const rateLimitDefaults = {
   selfRegister: { max: 5, windowMinutes: 15 },
@@ -156,6 +174,12 @@ export const ConfigSchema = z.object({
   seedAdminEndpoints: z.array(SeedEndpointSchema).default([]),
   seedAdminApiKey: z.string().optional(),
   seedAdminPasskeys: z.array(SeedAdminPasskeySchema).default([]),
+  /**
+   * Virtual demo endpoints merged into every account's endpoint list when the
+   * account's showDemoEndpoints toggle is on. Same shape as seedAdminEndpoints
+   * but never copied into the endpoints table — config is the source of truth.
+   */
+  demoEndpoints: z.array(DemoEndpointSchema).default([]),
   server: ServerSchema,
   security: SecuritySchema,
   notifications: NotificationsSchema.default(notificationDefaults),
@@ -164,4 +188,5 @@ export const ConfigSchema = z.object({
 });
 
 export type SeedEndpoint = z.infer<typeof SeedEndpointSchema>;
+export type DemoEndpoint = z.infer<typeof DemoEndpointSchema>;
 export type Config = z.infer<typeof ConfigSchema>;
diff --git a/src/db/repositories/account-repo.ts b/src/db/repositories/account-repo.ts
index ba2eea1..f4f1b14 100644
--- a/src/db/repositories/account-repo.ts
+++ b/src/db/repositories/account-repo.ts
@@ -9,7 +9,7 @@ export interface AccountInfo {
   isAdmin: boolean;
   enabled: boolean;
   maxSessions: number;
-  agentForward: boolean;
+  showDemoEndpoints: boolean;
   lastUsedAt: string | null;
   createdAt: string;
   updatedAt: string;
@@ -20,7 +20,7 @@ export interface AccountRepository {
   findAll(): Promise<AccountInfo[]>;
   update(
     id: string,
-    data: Partial<Pick<AccountInfo, "name" | "enabled" | "maxSessions" | "agentForward">>,
+    data: Partial<Pick<AccountInfo, "name" | "enabled" | "maxSessions" | "showDemoEndpoints">>,
   ): Promise<void>;
   /** Mark account as active. Writes are batched — call flushLastUsed() to persist. */
   touchLastUsed(id: string): void;
@@ -82,7 +82,7 @@ export class DrizzleAccountRepository implements AccountRepository {
 
   async update(
     id: string,
-    data: Partial<Pick<AccountInfo, "name" | "enabled" | "maxSessions" | "agentForward">>,
+    data: Partial<Pick<AccountInfo, "name" | "enabled" | "maxSessions" | "showDemoEndpoints">>,
   ): Promise<void> {
     this.db
       .update(accounts)
diff --git a/src/db/repositories/endpoint-repo.ts b/src/db/repositories/endpoint-repo.ts
index 30ebceb..8752605 100644
--- a/src/db/repositories/endpoint-repo.ts
+++ b/src/db/repositories/endpoint-repo.ts
@@ -27,6 +27,7 @@ export interface EndpointInfo {
   port: number;
   username: string;
   userVerification: UserVerification;
+  agentForward: boolean;
   description: string | null;
 }
 
@@ -45,6 +46,7 @@ export interface EndpointRepository {
     port: number;
     username: string;
     userVerification?: UserVerification;
+    agentForward?: boolean;
     description?: string | null;
   }): Promise<void>;
   update(
@@ -56,6 +58,7 @@ export interface EndpointRepository {
       port: number;
       username: string;
       userVerification: UserVerification;
+      agentForward: boolean;
       description: string | null;
     }>,
   ): Promise<void>;
@@ -70,6 +73,7 @@ const ENDPOINT_COLUMNS = {
   port: endpoints.port,
   username: endpoints.username,
   userVerification: endpoints.userVerification,
+  agentForward: endpoints.agentForward,
   description: endpoints.description,
 } as const;
 
@@ -101,6 +105,7 @@ export class DrizzleEndpointRepository implements EndpointRepository {
     port: number;
     username: string;
     userVerification?: UserVerification;
+    agentForward?: boolean;
     description?: string | null;
   }): Promise<void> {
     const now = new Date().toISOString();
@@ -109,6 +114,7 @@ export class DrizzleEndpointRepository implements EndpointRepository {
       .values({
         ...data,
         userVerification: data.userVerification ?? "required",
+        agentForward: data.agentForward ?? true,
         description: data.description ?? null,
         enabled: true,
         createdAt: now,
@@ -126,6 +132,7 @@ export class DrizzleEndpointRepository implements EndpointRepository {
       port: number;
       username: string;
       userVerification: UserVerification;
+      agentForward: boolean;
       description: string | null;
     }>,
   ): Promise<void> {
@@ -150,9 +157,10 @@ export class InMemoryEndpointRepository implements EndpointRepository {
 
   constructor(
     initialEndpoints: Array<
-      Omit<EndpointInfo, "accountId" | "userVerification" | "description"> & {
+      Omit<EndpointInfo, "accountId" | "userVerification" | "agentForward" | "description"> & {
         accountId?: string;
         userVerification?: UserVerification;
+        agentForward?: boolean;
         description?: string | null;
       }
     > = [],
@@ -162,6 +170,7 @@ export class InMemoryEndpointRepository implements EndpointRepository {
       ...e,
       accountId: e.accountId ?? this.defaultAccountId,
       userVerification: e.userVerification ?? "required",
+      agentForward: e.agentForward ?? true,
       description: e.description ?? null,
     }));
   }
@@ -182,11 +191,13 @@ export class InMemoryEndpointRepository implements EndpointRepository {
     port: number;
     username: string;
     userVerification?: UserVerification;
+    agentForward?: boolean;
     description?: string | null;
   }): Promise<void> {
     this.store.push({
       ...data,
       userVerification: data.userVerification ?? "required",
+      agentForward: data.agentForward ?? true,
       description: data.description ?? null,
     });
   }
@@ -200,6 +211,7 @@ export class InMemoryEndpointRepository implements EndpointRepository {
       port: number;
       username: string;
       userVerification: UserVerification;
+      agentForward: boolean;
       description: string | null;
     }>,
   ): Promise<void> {
diff --git a/src/db/schema.ts b/src/db/schema.ts
index b6158b1..cc3fe36 100644
--- a/src/db/schema.ts
+++ b/src/db/schema.ts
@@ -10,7 +10,11 @@ export const accounts = sqliteTable("accounts", {
 
   enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
   maxSessions: integer("max_sessions").notNull().default(5),
-  agentForward: integer("agent_forward", { mode: "boolean" }).notNull().default(false),
+  // Whether the operator-configured demoEndpoints are merged into this
+  // account's endpoint list. Default true; user can hide them from the
+  // Endpoints page. Demo endpoints are never copied into the `endpoints`
+  // table — config is the source of truth. See src/demo-endpoints/.
+  showDemoEndpoints: integer("show_demo_endpoints", { mode: "boolean" }).notNull().default(true),
   lastUsedAt: text("last_used_at"),
   createdAt: text("created_at").notNull(),
   updatedAt: text("updated_at").notNull(),
@@ -87,6 +91,13 @@ export const endpoints = sqliteTable("endpoints", {
    * host / authenticator can't provide UV.
    */
   userVerification: text("user_verification").notNull().default("required"),
+  /**
+   * Whether to enable SSH agent forwarding when opening a session to this
+   * endpoint. Defaults to enabled — some hosts disallow forwarding (e.g.
+   * AllowAgentForwarding no in sshd_config) and the user can disable it
+   * per-endpoint to avoid a forwarding-channel-rejected handshake.
+   */
+  agentForward: integer("agent_forward", { mode: "boolean" }).notNull().default(true),
   /**
    * Optional free-form description (max 1000 chars). Surfaced to MCP agents in
    * the per-endpoint instructions so they have context about what runs on the
diff --git a/src/db/seed.ts b/src/db/seed.ts
index ab9f519..310a829 100644
--- a/src/db/seed.ts
+++ b/src/db/seed.ts
@@ -105,6 +105,8 @@ export function seedFromConfig(db: ShellWatchDB, config: Config): SeedResult {
           host: ep.address.host,
           port: ep.address.port,
           username: ep.address.username,
+          agentForward: ep.agentForward,
+          description: ep.description ?? null,
           enabled: true,
           createdAt: now,
           updatedAt: now,
diff --git a/src/demo-endpoints/index.test.ts b/src/demo-endpoints/index.test.ts
new file mode 100644
index 0000000..c523f6b
--- /dev/null
+++ b/src/demo-endpoints/index.test.ts
@@ -0,0 +1,96 @@
+// SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0
+import { describe, expect, it } from "vitest";
+import { ConfigSchema } from "../config/index.js";
+import { DEMO_ENDPOINT_ID_PREFIX, createDemoEndpointsService, isDemoEndpointId } from "./index.js";
+
+function buildConfig(yaml: { demoEndpoints?: unknown }) {
+  return ConfigSchema.parse({
+    server: { externalUrl: "http://localhost:3000" },
+    security: {
+      rpId: "localhost",
+      trustedWebauthnOrigins: ["http://localhost:3000"],
+    },
+    ...yaml,
+  });
+}
+
+describe("isDemoEndpointId", () => {
+  it("matches the demo prefix", () => {
+    expect(isDemoEndpointId(`${DEMO_ENDPOINT_ID_PREFIX}abc123`)).toBe(true);
+    expect(isDemoEndpointId("not-a-demo-id")).toBe(false);
+    expect(isDemoEndpointId("")).toBe(false);
+  });
+});
+
+describe("createDemoEndpointsService", () => {
+  it("returns an empty list when config has no demo endpoints", () => {
+    const cfg = buildConfig({});
+    const svc = createDemoEndpointsService(cfg.demoEndpoints);
+    expect(svc.list("acc1")).toEqual([]);
+    expect(svc.isEmpty()).toBe(true);
+  });
+
+  it("synthesizes endpoints with stable demo: ids and accountId set", () => {
+    const cfg = buildConfig({
+      demoEndpoints: [
+        { label: "Demo: Sudoku", address: "sw-sudoku@ssh.shellwatch.ai" },
+        { label: "Demo: 2048", address: "sw-2048@ssh.shellwatch.ai" },
+      ],
+    });
+    const svc = createDemoEndpointsService(cfg.demoEndpoints);
+    const list = svc.list("acc-42");
+    expect(list).toHaveLength(2);
+    for (const e of list) {
+      expect(e.id.startsWith(DEMO_ENDPOINT_ID_PREFIX)).toBe(true);
+      expect(e.accountId).toBe("acc-42");
+      expect(e.userVerification).toBe("required");
+      expect(e.description).toBeNull();
+    }
+    // Different addresses produce distinct ids.
+    expect(list[0].id).not.toBe(list[1].id);
+  });
+
+  it("preserves the agentForward flag from config", () => {
+    const cfg = buildConfig({
+      demoEndpoints: [
+        { label: "demo-on", address: "alice@host-a" },
+        { label: "demo-off", address: "bob@host-b", agentForward: false },
+      ],
+    });
+    const svc = createDemoEndpointsService(cfg.demoEndpoints);
+    const list = svc.list("acc1");
+    expect(list[0].agentForward).toBe(true);
+    expect(list[1].agentForward).toBe(false);
+  });
+
+  it("findById resolves a known demo id, scoped to the requesting account", () => {
+    const cfg = buildConfig({
+      demoEndpoints: [{ label: "Demo: Snake", address: "sw-snake@ssh.shellwatch.ai" }],
+    });
+    const svc = createDemoEndpointsService(cfg.demoEndpoints);
+    const [synthesized] = svc.list("acc1");
+    const found = svc.findById(synthesized.id, "acc-99");
+    expect(found).not.toBeNull();
+    expect(found!.accountId).toBe("acc-99");
+    expect(found!.host).toBe("ssh.shellwatch.ai");
+    expect(found!.username).toBe("sw-snake");
+  });
+
+  it("findById returns null for unknown or non-demo ids", () => {
+    const cfg = buildConfig({
+      demoEndpoints: [{ label: "Demo: Snake", address: "sw-snake@ssh.shellwatch.ai" }],
+    });
+    const svc = createDemoEndpointsService(cfg.demoEndpoints);
+    expect(svc.findById("some-uuid", "acc1")).toBeNull();
+    expect(svc.findById(`${DEMO_ENDPOINT_ID_PREFIX}deadbeef`, "acc1")).toBeNull();
+  });
+
+  it("produces a stable id across reconstructions with the same config", () => {
+    const cfg = buildConfig({
+      demoEndpoints: [{ label: "Demo: Sudoku", address: "sw-sudoku@ssh.shellwatch.ai" }],
+    });
+    const a = createDemoEndpointsService(cfg.demoEndpoints).list("acc1")[0].id;
+    const b = createDemoEndpointsService(cfg.demoEndpoints).list("acc1")[0].id;
+    expect(a).toBe(b);
+  });
+});
diff --git a/src/demo-endpoints/index.ts b/src/demo-endpoints/index.ts
new file mode 100644
index 0000000..1366ace
Binary files /dev/null and b/src/demo-endpoints/index.ts differ
diff --git a/src/mcp/http-transport.test.ts b/src/mcp/http-transport.test.ts
index f739f25..93c961a 100644
--- a/src/mcp/http-transport.test.ts
+++ b/src/mcp/http-transport.test.ts
@@ -5,6 +5,7 @@ import { describe, expect, it, vi } from "vitest";
 import { InMemoryEndpointRepository } from "../db/repositories/endpoint-repo.js";
 import { InMemorySshKeyRepository } from "../db/repositories/key-repo.js";
 import { StubAccountRepository } from "../db/repositories/account-repo.js";
+import { createDemoEndpointsService } from "../demo-endpoints/index.js";
 import { AccountLifecycle } from "../server/account-lifecycle.js";
 import { makeTestConfig } from "../test/helpers/test-config.js";
 import type { TerminalManager } from "../terminal/terminal-manager.js";
@@ -50,6 +51,7 @@ async function buildTestApp(opts: { stubAuth?: boolean } = {}) {
     config: makeTestConfig(),
     terminalManager: createMockTerminalManager(),
     endpointRepo: new InMemoryEndpointRepository([]),
+    demoEndpoints: createDemoEndpointsService([]),
     keyRepo: new InMemorySshKeyRepository([]),
     accountRepo: new StubAccountRepository(),
     accountLifecycle,
diff --git a/src/mcp/http-transport.ts b/src/mcp/http-transport.ts
index 30542e6..1392f59 100644
--- a/src/mcp/http-transport.ts
+++ b/src/mcp/http-transport.ts
@@ -5,6 +5,7 @@ import type { FastifyInstance, FastifyReply } from "fastify";
 import { AgentSession } from "../agent/index.js";
 import type { Config } from "../config/index.js";
 import type { AccountRepository, EndpointRepository, SshKeyRepository } from "../db/index.js";
+import type { DemoEndpointsService } from "../demo-endpoints/index.js";
 import type { TerminalManager } from "../terminal/index.js";
 import type { AccountLifecycle } from "../server/account-lifecycle.js";
 import { attachMcpNotifications } from "./notifications.js";
@@ -15,14 +16,23 @@ export interface McpHttpTransportOptions {
   config: Config;
   terminalManager: TerminalManager;
   endpointRepo: EndpointRepository;
+  demoEndpoints: DemoEndpointsService;
   keyRepo: SshKeyRepository;
   accountRepo: AccountRepository;
   accountLifecycle: AccountLifecycle;
 }
 
 export async function registerMcpHttpTransport(opts: McpHttpTransportOptions) {
-  const { app, config, terminalManager, endpointRepo, keyRepo, accountRepo, accountLifecycle } =
-    opts;
+  const {
+    app,
+    config,
+    terminalManager,
+    endpointRepo,
+    demoEndpoints,
+    keyRepo,
+    accountRepo,
+    accountLifecycle,
+  } = opts;
   interface ManagedTransport {
     transport: StreamableHTTPServerTransport;
     agentSession: AgentSession;
@@ -106,6 +116,8 @@ export async function registerMcpHttpTransport(opts: McpHttpTransportOptions) {
 
       const agentSession = new AgentSession({
         endpointRepo,
+        demoEndpoints,
+        accountRepo,
         terminalManager,
         source: "mcp",
         accountId,
@@ -114,7 +126,14 @@ export async function registerMcpHttpTransport(opts: McpHttpTransportOptions) {
         apiKeyLabel: request.apiKey?.label,
         apiKeyPrefix: request.apiKey?.keyPrefix,
       });
-      const mcpServer = await createMcpServer(agentSession, endpointRepo, keyRepo, accountId);
+      const mcpServer = await createMcpServer({
+        agentSession,
+        endpointRepo,
+        demoEndpoints,
+        accountRepo,
+        keyRepo,
+        accountId,
+      });
 
       await mcpServer.connect(transport);
 
diff --git a/src/mcp/server.test.ts b/src/mcp/server.test.ts
index cd80b51..2ff6492 100644
--- a/src/mcp/server.test.ts
+++ b/src/mcp/server.test.ts
@@ -4,8 +4,10 @@ import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { InMemoryTransport } from "@modelcontextprotocol/sdk/inMemory.js";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import { AgentSession } from "../agent/index.js";
+import { StubAccountRepository } from "../db/repositories/account-repo.js";
 import { InMemoryEndpointRepository } from "../db/repositories/endpoint-repo.js";
 import { InMemorySshKeyRepository } from "../db/repositories/key-repo.js";
+import { createDemoEndpointsService } from "../demo-endpoints/index.js";
 import type { TerminalManager } from "../terminal/terminal-manager.js";
 import type { TerminalSession } from "../terminal/types.js";
 import { createMcpServer } from "./server.js";
@@ -58,16 +60,31 @@ const mockSession: TerminalSession = {
   source: "mcp",
 };
 
+// Demo-aware MCP wiring is exercised in dedicated tests — for the general
+// MCP-server tool suite we hand it empty demos + a stub account repo so the
+// merge logic is effectively a no-op (showDemoEndpoints is unset).
+const EMPTY_DEMO = createDemoEndpointsService([]);
+const NO_OP_ACCOUNT = new StubAccountRepository();
+
 async function setupClient(terminalManager: TerminalManager) {
   const endpointRepo = new InMemoryEndpointRepository(testEndpoints);
   const keyRepo = new InMemorySshKeyRepository(testKeys);
   const agentSession = new AgentSession({
     endpointRepo,
+    demoEndpoints: EMPTY_DEMO,
+    accountRepo: NO_OP_ACCOUNT,
     terminalManager,
     source: "mcp",
     accountId: testAccountId,
   });
-  const mcpServer = await createMcpServer(agentSession, endpointRepo, keyRepo, testAccountId);
+  const mcpServer = await createMcpServer({
+    agentSession,
+    endpointRepo,
+    demoEndpoints: EMPTY_DEMO,
+    accountRepo: NO_OP_ACCOUNT,
+    keyRepo,
+    accountId: testAccountId,
+  });
   const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();
   await mcpServer.connect(serverTransport);
   const client = new Client({ name: "test-client", version: "1.0.0" });
@@ -97,6 +114,150 @@ describe("MCP Server Tools", () => {
     });
   });
 
+  // Demo-endpoint visibility/mutation behavior via MCP. Locks in the contract
+  // that the toggle controls listing only, mutations are refused, and the
+  // synthesized ids are resolvable via read regardless of toggle state.
+  describe("shellwatch_manage_endpoints (demo endpoints)", () => {
+    async function setupDemoClient(opts: { showDemoEndpoints: boolean }) {
+      const endpointRepo = new InMemoryEndpointRepository(testEndpoints);
+      const keyRepo = new InMemorySshKeyRepository(testKeys);
+      const demoEndpoints = createDemoEndpointsService([
+        {
+          label: "Demo: 2048",
+          address: { host: "ssh.example.com", port: 22, username: "sw-2048" },
+          agentForward: false,
+        },
+      ]);
+      const now = new Date().toISOString();
+      const accountRepo: typeof NO_OP_ACCOUNT = {
+        async findById() {
+          return {
+            id: testAccountId,
+            name: "test",
+            isAdmin: false,
+            enabled: true,
+            maxSessions: 5,
+            showDemoEndpoints: opts.showDemoEndpoints,
+            lastUsedAt: null,
+            createdAt: now,
+            updatedAt: now,
+          };
+        },
+        async findAll() {
+          return [];
+        },
+        async update() {},
+        touchLastUsed() {},
+        flushLastUsed() {},
+        getAdminAccountId() {
+          return null;
+        },
+        setAdmin() {},
+        isAdmin() {
+          return false;
+        },
+        destroy() {},
+      };
+      const agentSession = new AgentSession({
+        endpointRepo,
+        demoEndpoints,
+        accountRepo,
+        terminalManager: mockManager,
+        source: "mcp",
+        accountId: testAccountId,
+      });
+      const mcpServer = await createMcpServer({
+        agentSession,
+        endpointRepo,
+        demoEndpoints,
+        accountRepo,
+        keyRepo,
+        accountId: testAccountId,
+      });
+      const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();
+      await mcpServer.connect(serverTransport);
+      const client = new Client({ name: "test-client", version: "1.0.0" });
+      await client.connect(clientTransport);
+      const demoId = demoEndpoints.list(testAccountId)[0].id;
+      return { client, demoId };
+    }
+
+    it("merges demo endpoints into list when the toggle is on", async () => {
+      const { client, demoId } = await setupDemoClient({ showDemoEndpoints: true });
+      const result = await client.callTool({
+        name: "shellwatch_manage_endpoints",
+        arguments: { action: "list" },
+      });
+      const content = (result.content as { type: string; text: string }[])[0].text;
+      const parsed = JSON.parse(content);
+      const ids = (parsed.endpoints as { id: string }[]).map((e) => e.id);
+      expect(ids).toContain("dev-box");
+      expect(ids).toContain(demoId);
+    });
+
+    it("omits demo endpoints from list when the toggle is off", async () => {
+      const { client } = await setupDemoClient({ showDemoEndpoints: false });
+      const result = await client.callTool({
+        name: "shellwatch_manage_endpoints",
+        arguments: { action: "list" },
+      });
+      const content = (result.content as { type: string; text: string }[])[0].text;
+      const parsed = JSON.parse(content);
+      const ids = (parsed.endpoints as { id: string }[]).map((e) => e.id);
+      expect(ids).toEqual(["dev-box"]);
+    });
+
+    it("read resolves demo:* ids regardless of the toggle state", async () => {
+      const { client, demoId } = await setupDemoClient({ showDemoEndpoints: false });
+      const result = await client.callTool({
+        name: "shellwatch_manage_endpoints",
+        arguments: { action: "read", id: demoId },
+      });
+      expect(result.isError).toBeUndefined();
+      const content = (result.content as { type: string; text: string }[])[0].text;
+      const parsed = JSON.parse(content);
+      expect(parsed.id).toBe(demoId);
+      expect(parsed.host).toBe("ssh.example.com");
+    });
+
+    it("rejects update on demo:* ids", async () => {
+      const { client, demoId } = await setupDemoClient({ showDemoEndpoints: true });
+      const result = await client.callTool({
+        name: "shellwatch_manage_endpoints",
+        arguments: { action: "update", id: demoId, data: { label: "x" } },
+      });
+      expect(result.isError).toBe(true);
+      const text = (result.content as { type: string; text: string }[])[0].text;
+      expect(text).toMatch(/read-only/i);
+    });
+
+    it("rejects delete on demo:* ids", async () => {
+      const { client, demoId } = await setupDemoClient({ showDemoEndpoints: true });
+      const result = await client.callTool({
+        name: "shellwatch_manage_endpoints",
+        arguments: { action: "delete", id: demoId },
+      });
+      expect(result.isError).toBe(true);
+      const text = (result.content as { type: string; text: string }[])[0].text;
+      expect(text).toMatch(/read-only/i);
+    });
+
+    it("rejects create with a demo:* id", async () => {
+      const { client } = await setupDemoClient({ showDemoEndpoints: true });
+      const result = await client.callTool({
+        name: "shellwatch_manage_endpoints",
+        arguments: {
+          action: "create",
+          id: "demo:fakehash",
+          data: { label: "x", host: "h", username: "u" },
+        },
+      });
+      expect(result.isError).toBe(true);
+      const text = (result.content as { type: string; text: string }[])[0].text;
+      expect(text).toMatch(/read-only/i);
+    });
+  });
+
   describe("shellwatch_manage_keys", () => {
     it("lists keys", async () => {
       const client = await setupClient(mockManager);
@@ -152,11 +313,20 @@ describe("MCP Server Tools", () => {
       const keyRepo = new InMemorySshKeyRepository(testKeys);
       const agentSession = new AgentSession({
         endpointRepo,
+        demoEndpoints: EMPTY_DEMO,
+        accountRepo: NO_OP_ACCOUNT,
         terminalManager: mockManager,
         source: "mcp",
         accountId: testAccountId,
       });
-      const mcpServer = await createMcpServer(agentSession, endpointRepo, keyRepo, testAccountId);
+      const mcpServer = await createMcpServer({
+        agentSession,
+        endpointRepo,
+        demoEndpoints: EMPTY_DEMO,
+        accountRepo: NO_OP_ACCOUNT,
+        keyRepo,
+        accountId: testAccountId,
+      });
       const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();
       await mcpServer.connect(serverTransport);
       const client = new Client({ name: "evil\nclient\x00", version: "9.9.9" });
diff --git a/src/mcp/server.ts b/src/mcp/server.ts
index f562475..0898471 100644
--- a/src/mcp/server.ts
+++ b/src/mcp/server.ts
@@ -1,19 +1,26 @@
 // SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import type { AgentSession } from "../agent/index.js";
+import type { AccountRepository } from "../db/repositories/account-repo.js";
 import type { EndpointRepository } from "../db/repositories/endpoint-repo.js";
 import type { SshKeyRepository } from "../db/repositories/key-repo.js";
+import type { DemoEndpointsService } from "../demo-endpoints/index.js";
 import { buildInfo } from "../server/buildInfo.js";
 import { registerEndpointTools } from "./tools/endpoints.js";
 import { registerKeyTools } from "./tools/keys.js";
 import { registerSessionTools } from "./tools/sessions.js";
 
-export async function createMcpServer(
-  agentSession: AgentSession,
-  endpointRepo: EndpointRepository,
-  keyRepo: SshKeyRepository,
-  accountId: string,
-): Promise<McpServer> {
+export interface CreateMcpServerParams {
+  agentSession: AgentSession;
+  endpointRepo: EndpointRepository;
+  demoEndpoints: DemoEndpointsService;
+  accountRepo: AccountRepository;
+  keyRepo: SshKeyRepository;
+  accountId: string;
+}
+
+export async function createMcpServer(params: CreateMcpServerParams): Promise<McpServer> {
+  const { agentSession, endpointRepo, demoEndpoints, accountRepo, keyRepo, accountId } = params;
   const endpoints = await agentSession.listEndpoints();
   const endpointList = endpoints
     .map((s) => {
@@ -82,7 +89,7 @@ export async function createMcpServer(
   };
 
   registerSessionTools(mcpServer, agentSession);
-  registerEndpointTools(mcpServer, endpointRepo, accountId);
+  registerEndpointTools(mcpServer, { endpointRepo, demoEndpoints, accountRepo, accountId });
   registerKeyTools(mcpServer, keyRepo);
 
   return mcpServer;
diff --git a/src/mcp/tools/endpoints.ts b/src/mcp/tools/endpoints.ts
index aac20ad..103e5dc 100644
--- a/src/mcp/tools/endpoints.ts
+++ b/src/mcp/tools/endpoints.ts
@@ -1,16 +1,27 @@
 // SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0
 import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { z } from "zod";
+import type { AccountRepository } from "../../db/repositories/account-repo.js";
 import {
   ENDPOINT_DESCRIPTION_MAX_LENGTH,
   type EndpointRepository,
 } from "../../db/repositories/endpoint-repo.js";
+import type { DemoEndpointsService } from "../../demo-endpoints/index.js";
+import { isDemoEndpointId } from "../../demo-endpoints/index.js";
+
+export interface EndpointToolDeps {
+  endpointRepo: EndpointRepository;
+  demoEndpoints: DemoEndpointsService;
+  accountRepo: AccountRepository;
+  accountId: string;
+}
+
+const DEMO_READ_ONLY_ERROR =
+  "Demo endpoints are read-only operator-configured entries. Pick one of the account's own endpoints instead.";
+
+export function registerEndpointTools(mcpServer: McpServer, deps: EndpointToolDeps) {
+  const { endpointRepo, demoEndpoints, accountRepo, accountId } = deps;
 
-export function registerEndpointTools(
-  mcpServer: McpServer,
-  endpointRepo: EndpointRepository,
-  accountId: string,
-) {
   mcpServer.tool(
     "shellwatch_manage_endpoints",
     "Manage SSH endpoints. Actions: list, read, create, update, delete.",
@@ -39,8 +50,12 @@ export function registerEndpointTools(
       try {
         switch (action) {
           case "list": {
-            const all = await endpointRepo.findAllForAccount(accountId);
-            const result = all.map(({ id, label, host, port, username, description }) => ({
+            const own = await endpointRepo.findAllForAccount(accountId);
+            const account = await accountRepo.findById(accountId);
+            const merged = account?.showDemoEndpoints
+              ? [...own, ...demoEndpoints.list(accountId)]
+              : own;
+            const result = merged.map(({ id, label, host, port, username, description }) => ({
               id,
               label,
               host,
@@ -54,7 +69,12 @@ export function registerEndpointTools(
           }
           case "read": {
             if (!id) return { isError: true, content: [{ type: "text", text: "id is required" }] };
-            const ep = await endpointRepo.findByIdForAccount(id, accountId);
+            // Demo endpoints live outside the per-account table — resolve them
+            // via the synthesizer regardless of toggle state so an agent that
+            // already knows the id can still inspect it.
+            const ep = isDemoEndpointId(id)
+              ? demoEndpoints.findById(id, accountId)
+              : await endpointRepo.findByIdForAccount(id, accountId);
             if (!ep)
               return {
                 isError: true,
@@ -71,6 +91,9 @@ export function registerEndpointTools(
                 ],
               };
             }
+            if (isDemoEndpointId(id)) {
+              return { isError: true, content: [{ type: "text", text: DEMO_READ_ONLY_ERROR }] };
+            }
             await endpointRepo.create({
               id,
               accountId,
@@ -88,11 +111,17 @@ export function registerEndpointTools(
                 isError: true,
                 content: [{ type: "text", text: "id and data are required" }],
               };
+            if (isDemoEndpointId(id)) {
+              return { isError: true, content: [{ type: "text", text: DEMO_READ_ONLY_ERROR }] };
+            }
             await endpointRepo.update(id, accountId, data);
             return { content: [{ type: "text", text: JSON.stringify({ status: "updated", id }) }] };
           }
           case "delete": {
             if (!id) return { isError: true, content: [{ type: "text", text: "id is required" }] };
+            if (isDemoEndpointId(id)) {
+              return { isError: true, content: [{ type: "text", text: DEMO_READ_ONLY_ERROR }] };
+            }
             await endpointRepo.delete(id, accountId);
             return { content: [{ type: "text", text: JSON.stringify({ status: "deleted", id }) }] };
           }
diff --git a/src/server/app.ts b/src/server/app.ts
index 5659c1c..2c09a44 100644
--- a/src/server/app.ts
+++ b/src/server/app.ts
@@ -19,6 +19,7 @@ import type {
 import type { ApiKeyAuthRepository } from "../db/repositories/api-key-repo.js";
 import type { SessionLifecycleRepository, SigningRequestsRepository } from "../audit/index.js";
 import { registerAgentProxyRoute } from "../agent-socket/index.js";
+import { createDemoEndpointsService } from "../demo-endpoints/index.js";
 import { registerMcpHttpTransport } from "../mcp/http-transport.js";
 import type { PendingActionStore } from "../pending-action/index.js";
 import type { WebSocketChannel } from "../pending-action/index.js";
@@ -168,10 +169,15 @@ export async function buildApp(params: BuildAppParams) {
     }
   });
 
+  // Virtual demo-endpoints: synthesized from config.demoEndpoints, merged into
+  // each account's endpoint list when accounts.show_demo_endpoints is true.
+  // Never copied into the endpoints table — config is the source of truth.
+  const demoEndpoints = createDemoEndpointsService(config.demoEndpoints);
+
   // --- REST API routes ---
-  registerAccountRoutes({ app, accountRepo, db, accountLifecycle });
+  registerAccountRoutes({ app, accountRepo, demoEndpoints, db, accountLifecycle });
   registerSshKeyRoutes({ app, keyRepo, accountRepo, keyAvailability });
-  registerEndpointRoutes({ app, endpointRepo, accountRepo, terminalManager });
+  registerEndpointRoutes({ app, endpointRepo, accountRepo, demoEndpoints, terminalManager });
 
   const wsHandler = registerWebSocket({ app, terminalManager });
   for (const ext of wsExtensions) wsHandler.addExtension(ext);
@@ -180,6 +186,7 @@ export async function buildApp(params: BuildAppParams) {
     app,
     endpointRepo,
     accountRepo,
+    demoEndpoints,
     terminalManager,
   });
 
@@ -214,6 +221,7 @@ export async function buildApp(params: BuildAppParams) {
     config,
     terminalManager,
     endpointRepo,
+    demoEndpoints,
     keyRepo,
     accountRepo,
     accountLifecycle,
diff --git a/src/server/routes/accounts.test.ts b/src/server/routes/accounts.test.ts
index 051f2e3..3860cd1 100644
--- a/src/server/routes/accounts.test.ts
+++ b/src/server/routes/accounts.test.ts
@@ -2,6 +2,8 @@
 import Fastify from "fastify";
 import { describe, expect, it, vi } from "vitest";
 import type { AccountInfo, AccountRepository } from "../../db/index.js";
+import type { DemoEndpoint } from "../../config/schema.js";
+import { createDemoEndpointsService } from "../../demo-endpoints/index.js";
 import { AccountLifecycle } from "../account-lifecycle.js";
 import { registerAccountRoutes } from "./accounts.js";
 
@@ -16,7 +18,7 @@ function stubAccount(id: string, isAdmin: boolean): AccountInfo {
     isAdmin,
     enabled: true,
     maxSessions: 5,
-    agentForward: false,
+    showDemoEndpoints: true,
     lastUsedAt: null,
     createdAt: now,
     updatedAt: now,
@@ -46,7 +48,10 @@ function fakeRepo(opts: { adminId: string }): AccountRepository {
   };
 }
 
-async function buildApp(callerAccountId: string) {
+async function buildApp(
+  callerAccountId: string,
+  opts: { demoEndpoints?: readonly DemoEndpoint[] } = {},
+) {
   const app = Fastify({ logger: false });
   const accountRepo = fakeRepo({ adminId: ADMIN_ID });
   const accountLifecycle = new AccountLifecycle();
@@ -54,7 +59,13 @@ async function buildApp(callerAccountId: string) {
   app.addHook("onRequest", async (request) => {
     request.accountId = callerAccountId;
   });
-  registerAccountRoutes({ app, accountRepo, accountLifecycle, db: null });
+  registerAccountRoutes({
+    app,
+    accountRepo,
+    demoEndpoints: createDemoEndpointsService(opts.demoEndpoints ?? []),
+    accountLifecycle,
+    db: null,
+  });
   return { app, accountLifecycle };
 }
 
@@ -96,3 +107,35 @@ describe("DELETE /api/accounts/:id lifecycle emit", () => {
     await app.close();
   });
 });
+
+describe("GET /api/auth/me — demoEndpointsAvailable", () => {
+  it("returns false when no demoEndpoints are configured", async () => {
+    const { app } = await buildApp(ADMIN_ID, { demoEndpoints: [] });
+
+    const res = await app.inject({ method: "GET", url: "/api/auth/me" });
+
+    expect(res.statusCode).toBe(200);
+    const body = res.json() as { demoEndpointsAvailable: boolean };
+    expect(body.demoEndpointsAvailable).toBe(false);
+    await app.close();
+  });
+
+  it("returns true when at least one demoEndpoint is configured", async () => {
+    const { app } = await buildApp(ADMIN_ID, {
+      demoEndpoints: [
+        {
+          label: "Demo: 2048",
+          address: { host: "ssh.example.com", port: 22, username: "sw-2048" },
+          agentForward: false,
+        },
+      ],
+    });
+
+    const res = await app.inject({ method: "GET", url: "/api/auth/me" });
+
+    expect(res.statusCode).toBe(200);
+    const body = res.json() as { demoEndpointsAvailable: boolean };
+    expect(body.demoEndpointsAvailable).toBe(true);
+    await app.close();
+  });
+});
diff --git a/src/server/routes/accounts.ts b/src/server/routes/accounts.ts
index 817e5e8..44c8c1f 100644
--- a/src/server/routes/accounts.ts
+++ b/src/server/routes/accounts.ts
@@ -10,18 +10,20 @@ import {
   endpoints as endpointsTable,
   webauthnCredentials,
 } from "../../db/schema.js";
+import type { DemoEndpointsService } from "../../demo-endpoints/index.js";
 import { formatEndpointAddress } from "../../utils/endpoint-address.js";
 import type { AccountLifecycle } from "../account-lifecycle.js";
 
 export interface AccountRoutesParams {
   app: FastifyInstance;
   accountRepo: AccountRepository;
+  demoEndpoints: DemoEndpointsService;
   db?: ShellWatchDB | null;
   accountLifecycle: AccountLifecycle;
 }
 
 export function registerAccountRoutes(params: AccountRoutesParams) {
-  const { app, accountRepo, db = null, accountLifecycle } = params;
+  const { app, accountRepo, demoEndpoints, db = null, accountLifecycle } = params;
 
   // --- Auth: current account ---
   app.get("/api/auth/me", async (request, reply) => {
@@ -34,16 +36,26 @@ export function registerAccountRoutes(params: AccountRoutesParams) {
       id: account.id,
       name: account.name,
       isAdmin: account.isAdmin,
-      agentForward: account.agentForward,
+      // showDemoEndpoints is a per-account *visibility* preference, not an
+      // authorization gate. The `demo:*` virtual ids stay resolvable on the
+      // connect path regardless of this flag — operator-curated demo entries
+      // aren't sensitive, the demo container's ForceCommand pinning is the
+      // load-bearing control. Toggling this off only hides demos from
+      // /api/endpoints listings (UI + MCP).
+      showDemoEndpoints: account.showDemoEndpoints,
+      // Whether the *operator* configured any demoEndpoints at all. The UI
+      // hides the entire Demo Endpoints section + toggle when this is false,
+      // so vanilla deployments don't show an inert control.
+      demoEndpointsAvailable: !demoEndpoints.isEmpty(),
     };
   });
 
-  app.put<{ Body: { name?: string; agentForward?: boolean } }>(
+  app.put<{ Body: { name?: string; showDemoEndpoints?: boolean } }>(
     "/api/auth/me",
     async (request, reply) => {
       const accountId = request.accountId;
-      const { name, agentForward } = request.body;
-      const updates: Partial<{ name: string; agentForward: boolean }> = {};
+      const { name, showDemoEndpoints } = request.body;
+      const updates: Partial<{ name: string; showDemoEndpoints: boolean }> = {};
       if (name !== undefined) {
         const trimmed = name.trim();
         if (!trimmed) {
@@ -52,8 +64,13 @@ export function registerAccountRoutes(params: AccountRoutesParams) {
         }
         updates.name = trimmed;
       }
-      if (agentForward !== undefined) {
-        updates.agentForward = agentForward;
+      if (showDemoEndpoints !== undefined) {
+        if (typeof showDemoEndpoints !== "boolean") {
+          reply.status(400);
+          return { error: "showDemoEndpoints must be a boolean" };
+        }
+        // Visibility flag only; see the GET handler for the auth-gate caveat.
+        updates.showDemoEndpoints = showDemoEndpoints;
       }
       if (Object.keys(updates).length > 0) {
         await accountRepo.update(accountId, updates);
@@ -77,7 +94,6 @@ export function registerAccountRoutes(params: AccountRoutesParams) {
         isAdmin: a.isAdmin,
         enabled: a.enabled,
         maxSessions: a.maxSessions,
-        agentForward: a.agentForward,
         lastUsedAt: a.lastUsedAt,
         createdAt: a.createdAt,
       })),
@@ -162,6 +178,7 @@ export function registerAccountRoutes(params: AccountRoutesParams) {
         host: endpointsTable.host,
         port: endpointsTable.port,
         username: endpointsTable.username,
+        agentForward: endpointsTable.agentForward,
       })
       .from(endpointsTable)
       .where(eq(endpointsTable.accountId, adminId))
@@ -185,6 +202,12 @@ export function registerAccountRoutes(params: AccountRoutesParams) {
       };
     });
 
+    // formatEndpointAddress always emits a `user@` prefix, even when the user
+    // is the default `shellwatch` — surfaces the wire-level identity to the
+    // operator. Round-trips identically through parseEndpointAddress, so an
+    // exported config re-imports cleanly. Side effect worth noting: re-exports
+    // of configs that previously omitted the default user will diff against
+    // their old form (now explicit `shellwatch@…`).
     const seedEndpoints = eps.map((ep) => ({
       label: ep.label,
       address: formatEndpointAddress({
@@ -192,6 +215,7 @@ export function registerAccountRoutes(params: AccountRoutesParams) {
         host: ep.host,
         port: ep.port,
       }),
+      agentForward: ep.agentForward,
     }));
 
     return { passkeys: seedPasskeys, endpoints: seedEndpoints };
diff --git a/src/server/routes/endpoints.ts b/src/server/routes/endpoints.ts
index 6c21059..f820f9b 100644
--- a/src/server/routes/endpoints.ts
+++ b/src/server/routes/endpoints.ts
@@ -8,6 +8,8 @@ import {
   USER_VERIFICATION_VALUES,
   type UserVerification,
 } from "../../db/repositories/endpoint-repo.js";
+import type { DemoEndpointsService } from "../../demo-endpoints/index.js";
+import { isDemoEndpointId } from "../../demo-endpoints/index.js";
 import type { TerminalManager } from "../../terminal/index.js";
 
 function normalizeDescription(value: unknown): { ok: true; value: string | null } | { ok: false } {
@@ -22,24 +24,46 @@ export interface EndpointRoutesParams {
   app: FastifyInstance;
   endpointRepo: EndpointRepository;
   accountRepo: AccountRepository;
+  demoEndpoints: DemoEndpointsService;
   terminalManager: TerminalManager;
 }
 
 export function registerEndpointRoutes(params: EndpointRoutesParams) {
-  const { app, endpointRepo, terminalManager } = params;
+  const { app, endpointRepo, accountRepo, demoEndpoints, terminalManager } = params;
 
   app.get("/api/endpoints", async (request) => {
-    const all = await endpointRepo.findAllForAccount(request.accountId);
+    const own = await endpointRepo.findAllForAccount(request.accountId);
+    const account = await accountRepo.findById(request.accountId);
+    const merged = [
+      ...own.map((e) => ({ ...e, isDemo: false as const })),
+      ...(account?.showDemoEndpoints
+        ? demoEndpoints.list(request.accountId).map((e) => ({ ...e, isDemo: true as const }))
+        : []),
+    ];
     return {
-      endpoints: all.map(({ id, label, host, port, username, userVerification, description }) => ({
-        id,
-        label,
-        host,
-        port,
-        username,
-        userVerification,
-        description,
-      })),
+      endpoints: merged.map(
+        ({
+          id,
+          label,
+          host,
+          port,
+          username,
+          userVerification,
+          agentForward,
+          description,
+          isDemo,
+        }) => ({
+          id,
+          label,
+          host,
+          port,
+          username,
+          userVerification,
+          agentForward,
+          description,
+          isDemo,
+        }),
+      ),
     };
   });
 
@@ -50,6 +74,7 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) {
       port?: number;
       username?: string;
       userVerification?: string;
+      agentForward?: boolean;
       description?: string | null;
     };
   }>("/api/endpoints", async (request, reply) => {
@@ -61,6 +86,13 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) {
           error: `userVerification must be one of: ${USER_VERIFICATION_VALUES.join(", ")}`,
         };
       }
+      if (
+        request.body.agentForward !== undefined &&
+        typeof request.body.agentForward !== "boolean"
+      ) {
+        reply.status(400);
+        return { error: "agentForward must be a boolean" };
+      }
       const desc = normalizeDescription(request.body.description);
       if (!desc.ok) {
         reply.status(400);
@@ -77,6 +109,7 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) {
         port: request.body.port ?? 22,
         username: request.body.username ?? "shellwatch",
         userVerification: uv as UserVerification | undefined,
+        agentForward: request.body.agentForward,
         description: desc.value,
       });
       return { status: "created", id };
@@ -95,10 +128,15 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) {
       port?: number;
       username?: string;
       userVerification?: string;
+      agentForward?: boolean;
       description?: string | null;
     };
   }>("/api/endpoints/:id", async (request, reply) => {
     try {
+      if (isDemoEndpointId(request.params.id)) {
+        reply.status(400);
+        return { error: "Demo endpoints are read-only — toggle visibility instead" };
+      }
       const body = request.body;
       if (body.userVerification !== undefined && !isUserVerification(body.userVerification)) {
         reply.status(400);
@@ -106,6 +144,10 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) {
           error: `userVerification must be one of: ${USER_VERIFICATION_VALUES.join(", ")}`,
         };
       }
+      if (body.agentForward !== undefined && typeof body.agentForward !== "boolean") {
+        reply.status(400);
+        return { error: "agentForward must be a boolean" };
+      }
       const descriptionPatch: Partial<{ description: string | null }> = {};
       if (body.description !== undefined) {
         const desc = normalizeDescription(body.description);
@@ -132,6 +174,10 @@ export function registerEndpointRoutes(params: EndpointRoutesParams) {
 
   app.delete<{ Params: { id: string } }>("/api/endpoints/:id", async (request, reply) => {
     try {
+      if (isDemoEndpointId(request.params.id)) {
+        reply.status(400);
+        return { error: "Demo endpoints are read-only — toggle visibility instead" };
+      }
       const activeSessions = terminalManager
         .listSessions()
         .filter((s) => s.endpointId === request.params.id);
diff --git a/src/server/routes/sessions.ts b/src/server/routes/sessions.ts
index f4f906b..1572684 100644
--- a/src/server/routes/sessions.ts
+++ b/src/server/routes/sessions.ts
@@ -1,17 +1,20 @@
 // SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0
 import type { FastifyInstance } from "fastify";
 import type { AccountRepository, EndpointRepository } from "../../db/index.js";
+import type { DemoEndpointsService } from "../../demo-endpoints/index.js";
+import { isDemoEndpointId } from "../../demo-endpoints/index.js";
 import type { TerminalManager } from "../../terminal/index.js";
 
 export interface SessionRoutesParams {
   app: FastifyInstance;
   endpointRepo: EndpointRepository;
   accountRepo: AccountRepository;
+  demoEndpoints: DemoEndpointsService;
   terminalManager: TerminalManager;
 }
 
 export function registerSessionRoutes(params: SessionRoutesParams) {
-  const { app, endpointRepo, accountRepo, terminalManager } = params;
+  const { app, endpointRepo, accountRepo, demoEndpoints, terminalManager } = params;
 
   app.post<{ Body: { endpointId: string } }>("/api/sessions", async (request, reply) => {
     try {
@@ -30,7 +33,16 @@ export function registerSessionRoutes(params: SessionRoutesParams) {
       }
 
       const { endpointId } = request.body;
-      const endpoint = await endpointRepo.findByIdForAccount(endpointId, request.accountId);
+      // Demo endpoints are virtual (config-only). Connect deliberately
+      // bypasses the per-account `showDemoEndpoints` toggle — the toggle is a
+      // *visibility* preference, not an authorization gate. Demo entries are
+      // global, operator-curated, and not sensitive; the demo container's
+      // ForceCommand pinning is the real control. Hiding them from the list
+      // shouldn't break a session a caller has already chosen to open (e.g.
+      // when re-using a bookmarked URL with the demo id).
+      const endpoint = isDemoEndpointId(endpointId)
+        ? demoEndpoints.findById(endpointId, request.accountId)
+        : await endpointRepo.findByIdForAccount(endpointId, request.accountId);
       if (!endpoint) {
         reply.status(404);
         return { error: "Endpoint not found" };
diff --git a/src/terminal/terminal-manager.test.ts b/src/terminal/terminal-manager.test.ts
index 65572ae..7f98433 100644
--- a/src/terminal/terminal-manager.test.ts
+++ b/src/terminal/terminal-manager.test.ts
@@ -22,6 +22,7 @@ const testEndpoint: EndpointInfo = {
   port: 22,
   username: "testuser",
   userVerification: "required",
+  agentForward: true,
   description: null,
 };
 
diff --git a/src/test/helpers/app-server.ts b/src/test/helpers/app-server.ts
index afed877..fb90729 100644
--- a/src/test/helpers/app-server.ts
+++ b/src/test/helpers/app-server.ts
@@ -104,6 +104,7 @@ export async function startTestApp(
       {
         label: "Test Server",
         address: { username: "testuser", host: sshServer.host, port: sshServer.port },
+        agentForward: true,
       },
     ],
     security: { cookieSecret: testCookieSecret },
diff --git a/src/test/helpers/test-config.ts b/src/test/helpers/test-config.ts
index 1888100..35332f0 100644
--- a/src/test/helpers/test-config.ts
+++ b/src/test/helpers/test-config.ts
@@ -5,6 +5,7 @@ const defaults: Config = {
   keyDirectory: "/tmp",
   seedAdminEndpoints: [],
   seedAdminPasskeys: [],
+  demoEndpoints: [],
   server: { ...serverDefaults, externalUrl: "http://localhost:3000" },
   security: {
     ...securityFieldDefaults,
diff --git a/src/test/integration/agent-forward.test.ts b/src/test/integration/agent-forward.test.ts
index 493c32e..b75e7a1 100644
--- a/src/test/integration/agent-forward.test.ts
+++ b/src/test/integration/agent-forward.test.ts
@@ -60,6 +60,7 @@ describe("SSH Agent Forwarding", () => {
         host: sshServer.host,
         port: sshServer.port,
         username: "testuser",
+        agentForward,
       },
     ]);
     const keyRepo = new InMemorySshKeyRepository([
@@ -69,7 +70,6 @@ describe("SSH Agent Forwarding", () => {
 
     const factory = new SshTransportFactory(keyRepo, keyProvider, {
       rpId: "localhost",
-      getAgentForward: async () => agentForward,
       isAdmin: () => true,
       createAgent: ({ fileKeys, agentForward: fwd }) => {
         const fileKeyEntries = fileKeys
diff --git a/src/test/integration/demo-endpoints-flow.test.ts b/src/test/integration/demo-endpoints-flow.test.ts
new file mode 100644
index 0000000..12b8e66
--- /dev/null
+++ b/src/test/integration/demo-endpoints-flow.test.ts
@@ -0,0 +1,250 @@
+// SPDX-License-Identifier: LicenseRef-FSL-1.1-Apache-2.0
+/**
+ * Integration tests for the virtual demo-endpoint plumbing.
+ *
+ * Covers the REST surface end-to-end:
+ *   - GET /api/endpoints merges / excludes demo entries based on the account's
+ *     showDemoEndpoints toggle.
+ *   - PUT and DELETE /api/endpoints/:id reject `demo:*` virtual ids with 400.
+ *   - POST /api/sessions resolves `demo:*` ids regardless of the toggle state
+ *     (visibility hides them, but the connect path stays usable).
+ *
+ * Per-test Fastify rig — mirrors passkey-invite-flow.test.ts's approach so the
+ * tests don't drag in the full buildApp() stack for an isolated surface.
+ */
+import Fastify, { type FastifyInstance } from "fastify";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import type { AccountInfo, AccountRepository } from "../../db/repositories/account-repo.js";
+import { InMemoryEndpointRepository } from "../../db/repositories/endpoint-repo.js";
+import {
+  createDemoEndpointsService,
+  type DemoEndpointsService,
+} from "../../demo-endpoints/index.js";
+import { registerEndpointRoutes } from "../../server/routes/endpoints.js";
+import { registerSessionRoutes } from "../../server/routes/sessions.js";
+import type { TerminalManager } from "../../terminal/index.js";
+
+const ACCOUNT_ID = "acct-test";
+
+function buildAccountRepo(initial: Partial<AccountInfo> = {}): AccountRepository {
+  const now = new Date().toISOString();
+  const state: AccountInfo = {
+    id: ACCOUNT_ID,
+    name: "Test",
+    isAdmin: false,
+    enabled: true,
+    maxSessions: 5,
+    showDemoEndpoints: true,
+    lastUsedAt: null,
+    createdAt: now,
+    updatedAt: now,
+    ...initial,
+  };
+  return {
+    async findById(id: string) {
+      return id === ACCOUNT_ID ? state : null;
+    },
+    async findAll() {
+      return [state];
+    },
+    async update(_id, data) {
+      Object.assign(state, data);
+    },
+    touchLastUsed() {},
+    flushLastUsed() {},
+    getAdminAccountId() {
+      return null;
+    },
+    setAdmin() {},
+    isAdmin() {
+      return false;
+    },
+    destroy() {},
+  };
+}
+
+function buildTerminalManager(): TerminalManager {
+  // Only the surfaces the routes under test actually touch — listSessions for
+  // the delete-while-active check on real endpoints, and create() for the
+  // session-open path. Everything else throws if reached so a test that
+  // accidentally exercises an unmocked surface fails loudly rather than
+  // hanging on a stub call.
+  const created: { sessionId: string; endpointId: string; accountId: string }[] = [];
+  const manager = {
+    listSessions: vi.fn().mockReturnValue([]),
+    create: vi.fn().mockImplementation(async (endpoint, accountId) => {
+      const sessionId = `sess-${created.length + 1}`;
+      created.push({ sessionId, endpointId: endpoint.id, accountId });
+      return {
+        sessionId,
+        endpointId: endpoint.id,
+        accountId,
+        status: "open",
+        createdAt: new Date(),
+        lastActivityAt: new Date(),
+        source: "ui",
+      };
+    }),
+  } as unknown as TerminalManager;
+  return manager;
+}
+
+interface Rig {
+  app: FastifyInstance;
+  endpointRepo: InMemoryEndpointRepository;
+  demoEndpoints: DemoEndpointsService;
+  accountRepo: AccountRepository;
+  terminalManager: TerminalManager;
+  demoEndpointId: string;
+}
+
+const DEMO_LABEL = "Demo: 2048";
+const DEMO_HOST = "ssh.example.com";
+const DEMO_PORT = 22;
+const DEMO_USER = "sw-2048";
+
+async function buildRig(opts: { showDemoEndpoints?: boolean } = {}): Promise<Rig> {
+  const accountRepo = buildAccountRepo({
+    showDemoEndpoints: opts.showDemoEndpoints ?? true,
+  });
+  const demoEndpoints = createDemoEndpointsService([
+    {
+      label: DEMO_LABEL,
+      address: { host: DEMO_HOST, port: DEMO_PORT, username: DEMO_USER },
+      agentForward: false,
+    },
+  ]);
+  const endpointRepo = new InMemoryEndpointRepository([
+    {
+      id: "real-ep",
+      accountId: ACCOUNT_ID,
+      label: "Real Server",
+      host: "real.example.com",
+      port: 22,
+      username: "ubuntu",
+    },
+  ]);
+  const terminalManager = buildTerminalManager();
+
+  const app = Fastify({ logger: false });
+  app.decorateRequest("accountId", "");
+  app.addHook("onRequest", async (request) => {
+    request.accountId = ACCOUNT_ID;
+  });
+  registerEndpointRoutes({ app, endpointRepo, accountRepo, demoEndpoints, terminalManager });
+  registerSessionRoutes({ app, endpointRepo, accountRepo, demoEndpoints, terminalManager });
+  await app.ready();
+
+  // Compute the demo id the same way the service does so we don't reach into
+  // its internals to fetch it.
+  const list = demoEndpoints.list(ACCOUNT_ID);
+  const demoEndpointId = list[0].id;
+
+  return { app, endpointRepo, demoEndpoints, accountRepo, terminalManager, demoEndpointId };
+}
+
+describe("GET /api/endpoints — demo merge", () => {
+  let rig: Rig;
+  afterEach(async () => {
+    await rig.app.close();
+  });
+
+  it("includes demo entries when showDemoEndpoints is on", async () => {
+    rig = await buildRig({ showDemoEndpoints: true });
+    const res = await rig.app.inject({ method: "GET", url: "/api/endpoints" });
+    expect(res.statusCode).toBe(200);
+    const body = res.json() as { endpoints: { id: string; isDemo: boolean }[] };
+    const ids = body.endpoints.map((e) => e.id);
+    expect(ids).toContain("real-ep");
+    expect(ids).toContain(rig.demoEndpointId);
+    const demoRow = body.endpoints.find((e) => e.id === rig.demoEndpointId)!;
+    expect(demoRow.isDemo).toBe(true);
+  });
+
+  it("omits demo entries when showDemoEndpoints is off", async () => {
+    rig = await buildRig({ showDemoEndpoints: false });
+    const res = await rig.app.inject({ method: "GET", url: "/api/endpoints" });
+    expect(res.statusCode).toBe(200);
+    const body = res.json() as { endpoints: { id: string }[] };
+    const ids = body.endpoints.map((e) => e.id);
+    expect(ids).toContain("real-ep");
+    expect(ids.some((id) => id.startsWith("demo:"))).toBe(false);
+  });
+});
+
+describe("mutation rejection on demo: ids", () => {
+  let rig: Rig;
+  beforeEach(async () => {
+    rig = await buildRig();
+  });
+  afterEach(async () => {
+    await rig.app.close();
+  });
+
+  it("PUT /api/endpoints/:id refuses a demo: id", async () => {
+    const res = await rig.app.inject({
+      method: "PUT",
+      url: `/api/endpoints/${encodeURIComponent(rig.demoEndpointId)}`,
+      payload: { label: "Should not stick" },
+    });
+    expect(res.statusCode).toBe(400);
+    const body = res.json() as { error: string };
+    expect(body.error).toMatch(/read-only/i);
+  });
+
+  it("DELETE /api/endpoints/:id refuses a demo: id", async () => {
+    const res = await rig.app.inject({
+      method: "DELETE",
+      url: `/api/endpoints/${encodeURIComponent(rig.demoEndpointId)}`,
+    });
+    expect(res.statusCode).toBe(400);
+    const body = res.json() as { error: string };
+    expect(body.error).toMatch(/read-only/i);
+  });
+});
+
+describe("POST /api/sessions — demo endpoint opens regardless of toggle", () => {
+  let rig: Rig;
+  afterEach(async () => {
+    await rig.app.close();
+  });
+
+  it("opens a session against a demo: id when the toggle is on", async () => {
+    rig = await buildRig({ showDemoEndpoints: true });
+    const res = await rig.app.inject({
+      method: "POST",
+      url: "/api/sessions",
+      payload: { endpointId: rig.demoEndpointId },
+    });
+    expect(res.statusCode).toBe(200);
+    const create = rig.terminalManager.create as unknown as ReturnType<typeof vi.fn>;
+    expect(create).toHaveBeenCalledTimes(1);
+    const passed = create.mock.calls[0][0];
+    expect(passed.host).toBe(DEMO_HOST);
+    expect(passed.username).toBe(DEMO_USER);
+  });
+
+  it("opens a session against a demo: id even when the toggle is off (visibility-only)", async () => {
+    rig = await buildRig({ showDemoEndpoints: false });
+    const res = await rig.app.inject({
+      method: "POST",
+      url: "/api/sessions",
+      payload: { endpointId: rig.demoEndpointId },
+    });
+    expect(res.statusCode).toBe(200);
+    const create = rig.terminalManager.create as unknown as ReturnType<typeof vi.fn>;
+    expect(create).toHaveBeenCalledTimes(1);
+    const passed = create.mock.calls[0][0];
+    expect(passed.host).toBe(DEMO_HOST);
+  });
+
+  it("404s for an unknown demo id", async () => {
+    rig = await buildRig({ showDemoEndpoints: true });
+    const res = await rig.app.inject({
+      method: "POST",
+      url: "/api/sessions",
+      payload: { endpointId: "demo:doesnotexist" },
+    });
+    expect(res.statusCode).toBe(404);
+  });
+});
diff --git a/src/test/integration/error-scenarios.test.ts b/src/test/integration/error-scenarios.test.ts
index 31f542d..9b49793 100644
--- a/src/test/integration/error-scenarios.test.ts
+++ b/src/test/integration/error-scenarios.test.ts
@@ -129,6 +129,7 @@ describe("Error Scenarios", () => {
           {
             label: "No Key",
             address: { username: "test", host: "localhost", port: 22 },
+            agentForward: true,
           },
         ],
         security: { cookieSecret: testSecret },
diff --git a/src/transport/create-factory.ts b/src/transport/create-factory.ts
index b0a54f3..46bf807 100644
--- a/src/transport/create-factory.ts
+++ b/src/transport/create-factory.ts
@@ -43,11 +43,6 @@ export function createSshTransportFactoryFromConfig(
     findCredentialsForAccount: (accountId) => findCredentialsForAccount(db, accountId),
     isAdmin: (accountId) => accountRepo.isAdmin(accountId),
 
-    getAgentForward: async (accountId) => {
-      const account = await accountRepo.findById(accountId);
-      return account?.agentForward ?? false;
-    },
-
     createAgent: ({
       endpoint,
       fileKeys,
diff --git a/src/transport/ssh-transport-factory.test.ts b/src/transport/ssh-transport-factory.test.ts
index 786bab1..c6517cb 100644
--- a/src/transport/ssh-transport-factory.test.ts
+++ b/src/transport/ssh-transport-factory.test.ts
@@ -24,6 +24,7 @@ const testEndpoint: EndpointInfo = {
   username: "user",
   accountId: "account-1",
   userVerification: "required",
+  agentForward: false,
   description: null,
 };
 
@@ -211,7 +212,7 @@ describe("SshTransportFactory", () => {
     expect(cleanup).toHaveBeenCalledOnce();
   });
 
-  it("passes agentForward=true when account has it enabled", async () => {
+  it("passes agentForward=true when the endpoint has it enabled", async () => {
     const mockTransport = createMockTransport();
     const mockAgent = { sign: vi.fn() } as never;
     mockConnectSshWithAgent.mockResolvedValue(mockTransport);
@@ -226,12 +227,11 @@ describe("SshTransportFactory", () => {
         createAgent,
         findCredentialsForAccount: () => [testCredential],
         isAdmin: () => false,
-        getAgentForward: async () => true,
       },
     );
 
     await factory.create({
-      endpoint: testEndpoint,
+      endpoint: { ...testEndpoint, agentForward: true },
       sessionId: "sess_test",
       trigger: { kind: "ui", sourceIp: "127.0.0.1" },
     });
diff --git a/src/transport/ssh-transport-factory.ts b/src/transport/ssh-transport-factory.ts
index 679a569..5a4eafc 100644
--- a/src/transport/ssh-transport-factory.ts
+++ b/src/transport/ssh-transport-factory.ts
@@ -43,8 +43,6 @@ export interface SshTransportFactoryOptions {
   createAgent: AgentFactory;
   findCredentialsForAccount?: CredentialsForAccountLookup;
   isAdmin?: AdminCheck;
-  /** Look up whether agent forwarding is enabled for a given account */
-  getAgentForward?: (accountId: string) => Promise<boolean>;
 }
 
 /**
@@ -63,7 +61,7 @@ export class SshTransportFactory {
   async create(params: TransportFactoryParams): Promise<TerminalTransport> {
     const { endpoint, sessionId, trigger } = params;
 
-    const agentForward = (await this.options.getAgentForward?.(endpoint.accountId)) ?? false;
+    const agentForward = endpoint.agentForward;
     const isAdmin = this.options.isAdmin?.(endpoint.accountId) ?? false;
 
     // Gather file keys (admin only)
diff --git a/src/utils/endpoint-address.test.ts b/src/utils/endpoint-address.test.ts
index 58df346..97a5495 100644
--- a/src/utils/endpoint-address.test.ts
+++ b/src/utils/endpoint-address.test.ts
@@ -77,25 +77,25 @@ describe("parseEndpointAddress", () => {
 });
 
 describe("formatEndpointAddress", () => {
-  it("omits defaults", () => {
+  it("always renders the username, even when it's the default", () => {
     expect(formatEndpointAddress({ username: "shellwatch", host: "example.com", port: 22 })).toBe(
-      "example.com",
+      "shellwatch@example.com",
     );
   });
 
-  it("includes non-default username", () => {
+  it("renders a non-default username", () => {
     expect(formatEndpointAddress({ username: "deploy", host: "example.com", port: 22 })).toBe(
       "deploy@example.com",
     );
   });
 
-  it("includes non-default port", () => {
+  it("omits the default port (22)", () => {
     expect(formatEndpointAddress({ username: "shellwatch", host: "example.com", port: 2222 })).toBe(
-      "example.com:2222",
+      "shellwatch@example.com:2222",
     );
   });
 
-  it("includes both non-defaults", () => {
+  it("renders user + non-default port", () => {
     expect(
       formatEndpointAddress({ username: "deploy", host: "dev.example.com", port: 62222 }),
     ).toBe("deploy@dev.example.com:62222");
diff --git a/src/utils/endpoint-address.ts b/src/utils/endpoint-address.ts
index 4c3f8ef..3cc3002 100644
--- a/src/utils/endpoint-address.ts
+++ b/src/utils/endpoint-address.ts
@@ -82,12 +82,13 @@ function parsePort(portStr: string, original: string): number {
 }
 
 /**
- * Format an endpoint address, omitting defaults.
- * - username omitted if "shellwatch"
- * - port omitted if 22
+ * Format an endpoint address. The username is always rendered so the display
+ * is unambiguous when the endpoint was created without a `user@` prefix and
+ * picked up the `shellwatch` default — surfacing the default explicitly
+ * matches what sshd actually sees on the wire. The port is still omitted
+ * when it's the SSH default (22).
  */
 export function formatEndpointAddress(ep: EndpointAddress): string {
-  const userPart = ep.username !== DEFAULT_USERNAME ? `${ep.username}@` : "";
   const portPart = ep.port !== DEFAULT_PORT ? `:${ep.port}` : "";
-  return `${userPart}${ep.host}${portPart}`;
+  return `${ep.username}@${ep.host}${portPart}`;
 }