web access and permission gating (search + external curl through an SSRF-guarded proxy, Auto/Ask/Custom approval modes with per-command matrix), fix desktop server-mode generation 401 (routes now use the desktop-aware session), connections split into AI + search sections, collapsible model-picker groups
expand anonymous usage analytics (init in all modes so server/desktop report, ~35 new privacy-scrubbed events, event registry drives the consent disclosure), rework the disclosure dialog