diff --git a/README.md b/README.md
index 7bebc35..1ed9892 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@
 
 **A sovereign, local-first compute fabric for trusted devices.**
 
-[![Tests](https://img.shields.io/badge/tests-185%20passing-00FF88?style=flat-square&labelColor=06090F)](./tests/test_sovereign_mesh.py)
+[![Tests](https://img.shields.io/badge/tests-187%20passing-00FF88?style=flat-square&labelColor=06090F)](./tests/test_sovereign_mesh.py)
 [![Release](https://img.shields.io/badge/release-v0.1.4-F6C177?style=flat-square&labelColor=06090F)](./README.md#current-status)
 [![Version](https://img.shields.io/badge/wire%20version-sovereign--mesh%2Fv1-00D4FF?style=flat-square&labelColor=06090F)](./docs/OCP_STATUS.md)
 [![Status](https://img.shields.io/badge/status-active%20development-C8A96E?style=flat-square&labelColor=06090F)](./docs/OCP_MASTER_PLAN.md)
@@ -131,7 +131,7 @@ Some devices are powerful. Some are private. Some are fragile. Some are approval
 | `server_control_page.py` | Extracted control-deck renderer for the advanced operator surface |
 | `server_http_handlers.py` | Grouped HTTP route handlers so `server.py` stays a thin transport host |
 | `docs/` | Protocol notes, status, and roadmap |
-| `tests/test_sovereign_mesh.py` | Regression suite — 185 tests |
+| `tests/test_sovereign_mesh.py` | Regression suite — 187 tests |
 
 **Key runtime concepts:**
 
@@ -282,7 +282,7 @@ python3 -m unittest tests.test_sovereign_mesh
 python3 server.py --help
 ```
 
-Current baseline: **185 tests passing.**
+Current baseline: **187 tests passing.**
 
 ---
 
@@ -296,7 +296,7 @@ Current baseline: **185 tests passing.**
 - Private artifact content fetches now require operator auth unless the artifact policy is public.
 - Runtime execution now defaults to explicit environment inheritance, with `inherit_env_allowlist` for deliberate host env pass-through.
 - The signed envelope implementation now uses dependency-free Ed25519 helpers under `ed25519-sha512-v1`.
-- The protocol-kernel refactor and mission-continuity/treaty foundation from v0.1.3 remain intact, with the full regression suite green at 185 tests.
+- The protocol-kernel refactor and mission-continuity/treaty foundation from v0.1.3 remain intact, with the full regression suite green at 187 tests.
 
 **Implemented in the current runtime**
 
diff --git a/docs/OCP_STATUS.md b/docs/OCP_STATUS.md
index 29fc76b..fa103a3 100644
--- a/docs/OCP_STATUS.md
+++ b/docs/OCP_STATUS.md
@@ -280,4 +280,4 @@ python3 -m unittest tests.test_sovereign_mesh
 ```
 
 Current standalone baseline:
-- `tests.test_sovereign_mesh`: 185 tests passing
+- `tests.test_sovereign_mesh`: 187 tests passing
diff --git a/mesh_autonomy/service.py b/mesh_autonomy/service.py
index 1f7e239..5aa8379 100644
--- a/mesh_autonomy/service.py
+++ b/mesh_autonomy/service.py
@@ -715,42 +715,42 @@ def activate(
             result["diagnostics"] = diagnostics
             self._action(
                 actions,
-                "diagnostics",
+                "setup_checked",
                 "ok",
                 diagnostics.get("share_advice") or "Checked local IPs and shareable URLs.",
                 details={"sharing_mode": diagnostics.get("sharing_mode"), "lan_urls": diagnostics.get("lan_urls") or []},
                 request_id=request_token,
             )
         except Exception as exc:
-            self._action(actions, "diagnostics", "warning", f"Connectivity diagnostics failed: {exc}", details={"error": str(exc)}, request_id=request_token)
+            self._action(actions, "fix_needed", "warning", f"Connectivity diagnostics failed: {exc}", details={"error": str(exc)}, request_id=request_token)
 
         try:
             scan = self.mesh.scan_local_peers(timeout=scan_timeout, limit=limit, trust_tier="trusted")
             result["scan"] = scan
             self._action(
                 actions,
-                "scan",
+                "peer_scan",
                 "ok",
                 f"Scanned nearby routes: {scan.get('reachable', scan.get('discovered', 0))} candidate(s) surfaced.",
                 details={"discovered": scan.get("discovered"), "errors": scan.get("errors")},
                 request_id=request_token,
             )
         except Exception as exc:
-            self._action(actions, "scan", "warning", f"Nearby scan could not complete: {exc}", details={"error": str(exc)}, request_id=request_token)
+            self._action(actions, "fix_needed", "warning", f"Nearby scan could not complete: {exc}", details={"error": str(exc)}, request_id=request_token)
 
         try:
             connected = self.mesh.connect_all_devices(timeout=timeout, scan_timeout=scan_timeout, limit=limit, trust_tier="trusted")
             result["connect"] = connected
             self._action(
                 actions,
-                "connect",
+                "setup_checked",
                 "ok",
                 connected.get("operator_summary") or f"Connected {connected.get('connected', 0)} peer(s).",
                 details={"connected": connected.get("connected"), "already_connected": connected.get("already_connected"), "errors": connected.get("errors")},
                 request_id=request_token,
             )
         except Exception as exc:
-            self._action(actions, "connect", "warning", f"Connect pass had trouble: {exc}", details={"error": str(exc)}, request_id=request_token)
+            self._action(actions, "fix_needed", "warning", f"Connect pass had trouble: {exc}", details={"error": str(exc)}, request_id=request_token)
 
         peer_rows = list(self.mesh.list_peers(limit=max(24, int(limit or 24) * 2)).get("peers") or [])
         peer_ids = [str(peer.get("peer_id") or "").strip() for peer in peer_rows if str(peer.get("peer_id") or "").strip()]
@@ -760,7 +760,7 @@ def activate(
             route_probes.append(probe)
             self._action(
                 actions,
-                "route_probe",
+                "route_verified" if int(probe.get("reachable") or 0) else "fix_needed",
                 "ok" if int(probe.get("reachable") or 0) else "warning",
                 probe.get("operator_summary") or f"Probed routes for {peer_id}.",
                 peer_id=peer_id,
@@ -787,21 +787,21 @@ def activate(
                 mission_status = str(mission.get("status") or proof.get("status") or "unknown")
                 self._action(
                     actions,
-                    "whole_mesh_proof",
+                    "proof_completed" if mission_status in {"completed", "planned", "accepted"} else "fix_needed",
                     "ok" if mission_status in {"completed", "planned", "accepted"} else "warning",
                     f"Whole-mesh proof launched with status {mission_status}.",
                     details={"mission_id": mission.get("id"), "mission_status": mission_status},
                     request_id=request_token,
                 )
                 if repair and self._proof_failed_due_transport(proof):
-                    self._action(actions, "route_repair", "running", "Proof hit a transport timeout; probing routes once before retry.", request_id=request_token)
+                    self._action(actions, "fix_needed", "running", "Proof hit a transport timeout; probing routes once before retry.", request_id=request_token)
                     result["repairs"] = self._repair_routes(peer_ids, timeout=timeout, request_id=request_token, actions=actions)
                     proof = self._run_whole_mesh_proof(include_local=True, limit=limit, request_id=f"{request_token}-proof-retry")
                     result["proof_retry"] = proof
                     retry_mission = dict(proof.get("mission") or {})
                     self._action(
                         actions,
-                        "whole_mesh_proof_retry",
+                        "proof_completed",
                         "ok",
                         f"Retried whole-mesh proof with status {retry_mission.get('status') or proof.get('status') or 'unknown'}.",
                         details={"mission_id": retry_mission.get("id"), "mission_status": retry_mission.get("status")},
@@ -809,7 +809,7 @@ def activate(
                     )
             except Exception as exc:
                 result["proof_error"] = str(exc)
-                self._action(actions, "whole_mesh_proof", "warning", f"Whole-mesh proof needs attention: {exc}", details={"error": str(exc)}, request_id=request_token)
+                self._action(actions, "fix_needed", "warning", f"Whole-mesh proof needs attention: {exc}", details={"error": str(exc)}, request_id=request_token)
 
         status, summary = self._activation_outcome(result, actions)
         run = self._record_run(
@@ -872,7 +872,7 @@ def _evaluate_and_enlist_helpers(
                 limit=max(1, int(max_enlist or 2)) * 3,
             )
         except Exception as exc:
-            self._action(actions, "helper_plan", "warning", f"Helper planning failed: {exc}", details={"error": str(exc)}, request_id=request_id)
+            self._action(actions, "fix_needed", "warning", f"Helper planning failed: {exc}", details={"error": str(exc)}, request_id=request_id)
             return {"status": "error", "error": str(exc), "plan": {}, "enlisted": [], "approvals": [], "skipped": []}
 
         enlisted = []
@@ -880,7 +880,7 @@ def _evaluate_and_enlist_helpers(
         skipped = []
         self._action(
             actions,
-            "helper_plan",
+            "helper_ready",
             "ok",
             f"Evaluated {plan.get('candidate_count', 0)} helper candidate(s).",
             details={"candidate_count": plan.get("candidate_count")},
@@ -928,14 +928,14 @@ def _evaluate_and_enlist_helpers(
             peer = self.mesh._row_to_peer(self.mesh._get_peer_row(peer_id)) or {}
             if not self._route_is_usable(peer):
                 skipped.append({"peer_id": peer_id, "reason": "route_not_usable"})
-                self._action(actions, "helper_skipped", "warning", f"Did not enlist {peer_id} because no fresh working route is proven.", peer_id=peer_id, request_id=request_id)
+                self._action(actions, "fix_needed", "warning", f"Did not enlist {peer_id} because no fresh working route is proven.", peer_id=peer_id, request_id=request_id)
                 continue
             trust = self._normalize_trust_tier(candidate.get("trust_tier") or "trusted")
             device_class = str(candidate.get("device_class") or "full").strip().lower()
             role = "gpu_helper" if dict(candidate.get("compute_profile") or {}).get("gpu_capable") else "helper"
             if str((candidate.get("enlistment") or {}).get("state") or "").strip().lower() == "enlisted":
                 skipped.append({"peer_id": peer_id, "reason": "already_enlisted"})
-                self._action(actions, "helper_reuse", "ok", f"{candidate.get('display_name') or peer_id} is already enlisted.", peer_id=peer_id, request_id=request_id)
+                self._action(actions, "helper_ready", "ok", f"{candidate.get('display_name') or peer_id} is already enlisted.", peer_id=peer_id, request_id=request_id)
                 continue
             if len(enlisted) >= max(0, int(max_enlist or 0)):
                 skipped.append({"peer_id": peer_id, "reason": "max_enlist_reached"})
@@ -944,10 +944,10 @@ def _evaluate_and_enlist_helpers(
                 try:
                     state = self.mesh.enlist_helper(peer_id, mode="on_demand", role=role, reason="autonomic_mesh_activation", source="autonomy")
                     enlisted.append({"peer_id": peer_id, "state": state})
-                    self._action(actions, "helper_enlisted", "ok", f"Enlisted {candidate.get('display_name') or peer_id} as a safe helper.", peer_id=peer_id, details={"role": role}, request_id=request_id)
+                    self._action(actions, "helper_ready", "ok", f"Enlisted {candidate.get('display_name') or peer_id} as a safe helper.", peer_id=peer_id, details={"role": role}, request_id=request_id)
                 except Exception as exc:
                     skipped.append({"peer_id": peer_id, "reason": str(exc)})
-                    self._action(actions, "helper_enlist_failed", "warning", f"Could not enlist {peer_id}: {exc}", peer_id=peer_id, details={"error": str(exc)}, request_id=request_id)
+                    self._action(actions, "fix_needed", "warning", f"Could not enlist {peer_id}: {exc}", peer_id=peer_id, details={"error": str(exc)}, request_id=request_id)
             elif trust == "partner":
                 approval = self.mesh.create_approval_request(
                     title=f"Allow {candidate.get('display_name') or peer_id} to help this mesh?",
@@ -973,10 +973,10 @@ def _evaluate_and_enlist_helpers(
                     },
                 )
                 approvals.append(approval)
-                self._action(actions, "helper_approval_requested", "approval_required", f"Asked before using partner peer {candidate.get('display_name') or peer_id}.", peer_id=peer_id, details={"approval": approval}, request_id=request_id)
+                self._action(actions, "helper_ready", "approval_required", f"Asked before using partner peer {candidate.get('display_name') or peer_id}.", peer_id=peer_id, details={"approval": approval}, request_id=request_id)
             else:
                 skipped.append({"peer_id": peer_id, "reason": f"trust_tier_{trust}_not_auto_enlisted"})
-                self._action(actions, "helper_skipped", "blocked", f"Did not auto-enlist {peer_id} because trust tier is {trust}.", peer_id=peer_id, request_id=request_id)
+                self._action(actions, "fix_needed", "blocked", f"Did not auto-enlist {peer_id} because trust tier is {trust}.", peer_id=peer_id, request_id=request_id)
         return {
             "status": "ok",
             "plan": plan,
diff --git a/mesh_protocol/conformance.py b/mesh_protocol/conformance.py
index c9b344b..c4b75d3 100644
--- a/mesh_protocol/conformance.py
+++ b/mesh_protocol/conformance.py
@@ -214,6 +214,21 @@ def build_protocol_conformance_snapshot() -> dict[str, Any]:
                     "healthy_routes": 1,
                     "operator_summary": "Mesh is strong.",
                 },
+                "setup": {
+                    "status": "strong",
+                    "label": "Mesh strong",
+                    "primary_action": "activate_mesh",
+                    "bind_mode": "lan",
+                    "phone_url": "http://192.168.1.10:8421/app",
+                    "token_status": "configured",
+                    "known_peer_count": 1,
+                    "healthy_route_count": 1,
+                    "route_count": 1,
+                    "latest_proof_status": "completed",
+                    "blocking_issue": "",
+                    "next_fix": "No fix needed. The current mesh proof completed.",
+                    "operator_summary": "Mesh is strong. Devices have proven routes and the latest proof completed.",
+                },
                 "autonomy": {"status": "ok", "mode": "assisted", "operator_summary": "Mesh is strong."},
                 "route_health": {
                     "status": "ok",
diff --git a/mesh_protocol/schemas.py b/mesh_protocol/schemas.py
index 87079bd..46c66a6 100644
--- a/mesh_protocol/schemas.py
+++ b/mesh_protocol/schemas.py
@@ -412,7 +412,7 @@
     "AppStatus": {
         "type": "object",
         "description": "Operator-facing compact status for the installable OCP app home.",
-        "required": ["status", "node", "app_urls", "mesh_quality", "next_actions"],
+        "required": ["status", "node", "app_urls", "mesh_quality", "setup", "next_actions"],
         "properties": {
             "status": {"type": "string"},
             "node": {"type": "object"},
@@ -440,6 +440,24 @@
                     "operator_summary": {"type": "string"},
                 },
             },
+            "setup": {
+                "type": "object",
+                "properties": {
+                    "status": {"type": "string"},
+                    "label": {"type": "string"},
+                    "primary_action": {"type": "string"},
+                    "bind_mode": {"type": "string"},
+                    "phone_url": {"type": "string"},
+                    "token_status": {"type": "string"},
+                    "known_peer_count": {"type": "integer"},
+                    "healthy_route_count": {"type": "integer"},
+                    "route_count": {"type": "integer"},
+                    "latest_proof_status": {"type": "string"},
+                    "blocking_issue": {"type": "string"},
+                    "next_fix": {"type": "string"},
+                    "operator_summary": {"type": "string"},
+                },
+            },
             "autonomy": {"type": "object"},
             "route_health": {"$ref": "#/schemas/RouteHealthList"},
             "latest_proof": {"type": "object"},
diff --git a/ocp_desktop/launcher.py b/ocp_desktop/launcher.py
index 67d7047..9a1bbc7 100644
--- a/ocp_desktop/launcher.py
+++ b/ocp_desktop/launcher.py
@@ -1,12 +1,12 @@
 from __future__ import annotations
 
 import argparse
+import json
 import os
 import secrets
 import subprocess
 import sys
 import urllib.error
-import urllib.parse
 import urllib.request
 import webbrowser
 from dataclasses import dataclass
@@ -87,14 +87,7 @@ def normalize_launcher_config(config: dict[str, Any]) -> dict[str, Any]:
 
 
 def operator_app_url(base_url: str, operator_token: str = "") -> str:
-    base = str(base_url or "").strip().rstrip("/")
-    if not base:
-        return ""
-    app_url = base if base.endswith("/app") else f"{base}/app"
-    token = str(operator_token or "").strip()
-    if not token:
-        return app_url
-    return f"{app_url}#ocp_operator_token={urllib.parse.quote(token, safe='')}"
+    return ocp_startup.operator_app_url(base_url, operator_token)
 
 
 def build_launch_plan(
@@ -140,6 +133,37 @@ def server_is_alive(plan: LaunchPlan, *, timeout: float = 0.75) -> bool:
         return False
 
 
+def fetch_app_status(plan: LaunchPlan, *, operator_token: str = "", timeout: float = 0.75) -> dict[str, Any]:
+    url = ocp_startup.build_open_url(plan.profile.host, plan.profile.port, "/mesh/app/status")
+    request = urllib.request.Request(url)
+    token = str(operator_token or "").strip()
+    if token:
+        request.add_header("X-OCP-Operator-Token", token)
+    try:
+        with urllib.request.urlopen(request, timeout=timeout) as response:
+            if response.status != 200:
+                return {}
+            return json.loads(response.read().decode("utf-8"))
+    except (OSError, urllib.error.URLError, json.JSONDecodeError):
+        return {}
+
+
+def launcher_status_message(payload: dict[str, Any]) -> str:
+    setup = dict((payload or {}).get("setup") or {})
+    status = str(setup.get("status") or "").strip().lower()
+    if status == "strong":
+        return "Mesh is strong. Latest proof completed."
+    if status == "proving":
+        return "OCP is proving the mesh now..."
+    if status == "ready":
+        return "OCP is ready for phone setup. Open the phone link below and press Activate Mesh."
+    if status == "local_only":
+        return "OCP is running local-only. Start Mesh Mode to use your phone or spare laptop."
+    if status == "needs_attention":
+        return "OCP needs attention: " + str(setup.get("next_fix") or setup.get("blocking_issue") or "open the app for details.")
+    return str(setup.get("operator_summary") or "OCP is running.")
+
+
 class OCPLauncherApp:
     def __init__(self, root, *, repo_root: Path, config_path: Path | None = None):
         import tkinter as tk
@@ -297,9 +321,12 @@ def _app_link(self, plan: LaunchPlan, base_url: str) -> str:
         token = self._operator_token_for_mode(plan.mode)
         return operator_app_url(base_url, token)
 
-    def _render_links(self, plan: LaunchPlan) -> None:
+    def _render_links(self, plan: LaunchPlan, *, phone_url: str = "") -> None:
         rows = [f"App: {self._app_link(plan, plan.app_url)}"]
-        if plan.share_urls:
+        if phone_url:
+            rows.append("Phone/LAN:")
+            rows.append(f"  {self._app_link(plan, phone_url)}")
+        elif plan.share_urls:
             rows.append("Phone/LAN:")
             rows.extend(f"  {self._app_link(plan, url)}" for url in plan.share_urls)
         else:
@@ -312,7 +339,14 @@ def _poll_status(self) -> None:
         plan = self.current_plan
         if plan and self.process and self.process.poll() is None:
             if server_is_alive(plan):
-                self.status.set(f"OCP is running. Open {plan.app_url} or use the phone link below.")
+                payload = fetch_app_status(plan, operator_token=str(self.config.get("operator_token") or ""))
+                if payload:
+                    self.status.set(launcher_status_message(payload))
+                    setup = dict(payload.get("setup") or {})
+                    app_urls = dict(payload.get("app_urls") or {})
+                    self._render_links(plan, phone_url=str(setup.get("phone_url") or app_urls.get("phone_url") or ""))
+                else:
+                    self.status.set(f"OCP is running. Open {plan.app_url} or use the phone link below.")
             else:
                 self.status.set("OCP is starting...")
         elif self.process and self.process.poll() is not None:
diff --git a/ocp_startup.py b/ocp_startup.py
index c7104e2..1de29be 100644
--- a/ocp_startup.py
+++ b/ocp_startup.py
@@ -7,6 +7,7 @@
 import sys
 import time
 import urllib.error
+import urllib.parse
 import urllib.request
 from dataclasses import asdict, dataclass
 from pathlib import Path
@@ -130,10 +131,34 @@ def build_open_url(host: str, port: int, path: str = "/") -> str:
     return f"http://{display_host_for_browser(host)}:{int(port)}{route}"
 
 
+def operator_app_url(base_url: str, operator_token: str = "", *, path: str = "/app") -> str:
+    base = str(base_url or "").strip().rstrip("/")
+    if not base:
+        return ""
+    route = str(path or "/app").strip() or "/app"
+    route = route if route.startswith("/") else f"/{route}"
+    url = base if base.endswith(route) else f"{base}{route}"
+    token = str(operator_token or "").strip()
+    if not token:
+        return url
+    return f"{url}#ocp_operator_token={urllib.parse.quote(token, safe='')}"
+
+
 def health_url(host: str, port: int) -> str:
     return build_open_url(host, port, "/mesh/manifest")
 
 
+def port_is_available(host: str, port: int) -> bool:
+    token = str(host or "").strip() or "127.0.0.1"
+    bind_host = "" if is_wildcard_host(token) else display_host_for_browser(token)
+    try:
+        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
+            sock.bind((bind_host, int(port)))
+        return True
+    except OSError:
+        return False
+
+
 def default_repo_state_dir(repo_root: Path) -> Path:
     return Path(repo_root) / ".local" / "ocp"
 
@@ -306,6 +331,8 @@ def write_json_file(path: Path, payload: dict) -> None:
     "health_url",
     "is_loopback_host",
     "is_wildcard_host",
+    "operator_app_url",
+    "port_is_available",
     "profile_from_values",
     "read_json_file",
     "resolve_state_paths",
diff --git a/scripts/start_ocp_easy.py b/scripts/start_ocp_easy.py
index 89b7557..1d0223d 100755
--- a/scripts/start_ocp_easy.py
+++ b/scripts/start_ocp_easy.py
@@ -97,7 +97,10 @@ def main() -> int:
     args = parser.parse_args()
     repo_root = REPO_ROOT
     command = server_command(args, repo_root)
+    operator_token = (os.environ.get("OCP_OPERATOR_TOKEN") or os.environ.get("OCP_CONTROL_TOKEN") or "").strip()
     open_url = build_open_url(args.host, args.port, args.open_path)
+    if operator_token and args.open_path.strip("/") in {"", "app"}:
+        open_url = ocp_startup.operator_app_url(build_open_url(args.host, args.port, "/"), operator_token)
     profile = _profile_from_args(args, repo_root)
 
     print("Starting The Open Compute Protocol")
@@ -110,21 +113,26 @@ def main() -> int:
     print(f"  db:           {profile.db_path}")
     print(f"  identity:     {profile.identity_dir}")
     print(f"  workspace:    {profile.workspace_root}")
+    if not ocp_startup.port_is_available(args.host, args.port):
+        print()
+        print(f"Port {args.port} is already in use on {args.host}.")
+        print("Stop the other OCP server or choose a different OCP_PORT.")
+        return 2
     print()
     print("OCP app:")
     print(f"  {open_url}")
     print()
     print("Easy setup module:")
-    print(f"  {build_open_url(args.host, args.port, '/easy')}")
+    print(f"  {ocp_startup.operator_app_url(build_open_url(args.host, args.port, '/'), operator_token, path='/easy') if operator_token else build_open_url(args.host, args.port, '/easy')}")
     print()
     print("Advanced control module:")
-    print(f"  {build_open_url(args.host, args.port, '/control')}")
+    print(f"  {ocp_startup.operator_app_url(build_open_url(args.host, args.port, '/'), operator_token, path='/control') if operator_token else build_open_url(args.host, args.port, '/control')}")
     share_urls = share_urls_for_host(args.host, args.port)
     if share_urls:
         print()
         print("LAN share URLs:")
         for url in share_urls:
-            print(f"  {url}")
+            print(f"  {ocp_startup.operator_app_url(url, operator_token) if operator_token else url}")
     elif discover_local_ipv4_addresses(bind_host=args.host) and is_loopback_host(args.host):
         print()
         print("Detected local network IPs, but this node is local-only right now:")
diff --git a/server_app.py b/server_app.py
index aeeeb39..ce3cf32 100644
--- a/server_app.py
+++ b/server_app.py
@@ -5,6 +5,7 @@
 from typing import Any
 
 from mesh import SovereignMesh
+from server_browser_client import build_browser_client_script
 
 
 def _node_summary(mesh: SovereignMesh) -> dict[str, Any]:
@@ -47,6 +48,7 @@ def build_app_page(mesh: SovereignMesh) -> str:
     protocol = html.escape(str(summary.get("protocol_release") or "0.1"))
     version = html.escape(str(summary.get("protocol_version") or ""))
     version_label = f" / {version}" if version else ""
+    browser_client_js = build_browser_client_script()
 
     return f"""<!doctype html>
 <html lang="en">
@@ -473,15 +475,15 @@ def build_app_page(mesh: SovereignMesh) -> str:
 
     <nav class="tabs" aria-label="OCP app sections">
       <button class="tab" type="button" data-tab="today" aria-selected="true">Today</button>
-      <button class="tab" type="button" data-tab="setup" aria-selected="false">Setup</button>
-      <button class="tab" type="button" data-tab="control" aria-selected="false">Control</button>
+      <button class="tab" type="button" data-tab="setup" aria-selected="false">Setup Details</button>
+      <button class="tab" type="button" data-tab="control" aria-selected="false">Advanced Control</button>
       <button class="tab" type="button" data-tab="protocol" aria-selected="false">Protocol</button>
     </nav>
 
     <section id="today" class="panel module active today" aria-label="OCP Today module">
       <div class="today-grid">
         <div class="today-card">
-          <p class="eyebrow">Autonomic Mesh</p>
+          <p class="eyebrow">Setup Doctor</p>
           <h2 data-app-quality-label>Local node ready</h2>
           <p data-app-summary>Loading local mesh status...</p>
           <div class="mesh-state" aria-label="Mesh status metrics">
@@ -499,12 +501,12 @@ def build_app_page(mesh: SovereignMesh) -> str:
             </div>
           </div>
           <div class="today-actions">
-            <button class="primary-action" type="button" data-activate-autonomic>Activate Autonomic Mesh</button>
+            <button class="primary-action" type="button" data-activate-autonomic>Activate Mesh</button>
             <button class="secondary-action" type="button" data-refresh-status>Refresh</button>
             <a class="secondary-action" href="/mesh/app/status" target="_blank" rel="noreferrer">Inspect App Status</a>
           </div>
           <ul class="next-actions" data-next-actions>
-            <li>Press Activate Autonomic Mesh to discover, repair, enlist, prove, and explain this mesh.</li>
+            <li>Press Activate Mesh to discover, repair, enlist, prove, and explain this mesh.</li>
           </ul>
         </div>
         <aside class="today-card">
@@ -525,10 +527,10 @@ def build_app_page(mesh: SovereignMesh) -> str:
     <section id="setup" class="panel module" aria-label="OCP Easy Setup module">
       <div class="module-head">
         <div>
-          <h2>OCP Easy Setup</h2>
-          <p>Pair nearby machines, copy the easy link, scan QR, and test the whole mesh.</p>
+          <h2>Setup Details</h2>
+          <p>Pair nearby machines, copy the easy link, scan QR, and inspect setup diagnostics.</p>
         </div>
-        <a class="open-link" href="/easy">Open /easy directly</a>
+        <a class="open-link" href="/easy">Open setup details</a>
       </div>
       <iframe title="OCP Easy Setup" src="/easy"></iframe>
     </section>
@@ -536,10 +538,10 @@ def build_app_page(mesh: SovereignMesh) -> str:
     <section id="control" class="panel module" aria-label="OCP Control Deck module">
       <div class="module-head">
         <div>
-          <h2>OCP Control Deck</h2>
+          <h2>Advanced Control</h2>
           <p>Operate missions, queues, approvals, helpers, artifacts, treaties, and live mesh state from the phone.</p>
         </div>
-        <a class="open-link" href="/control">Open /control directly</a>
+        <a class="open-link" href="/control">Open advanced control</a>
       </div>
       <iframe title="OCP Control Deck" src="/control" loading="lazy"></iframe>
     </section>
@@ -577,34 +579,7 @@ def build_app_page(mesh: SovereignMesh) -> str:
   </main>
 
   <script>
-    const OCP_OPERATOR_TOKEN_KEY = "ocp_operator_token";
-    const consumeOperatorToken = () => {{
-      const hash = String(window.location.hash || "");
-      let token = "";
-      if (hash.startsWith("#ocp_operator_token=")) {{
-        token = decodeURIComponent(hash.slice("#ocp_operator_token=".length));
-      }} else if (hash.includes("ocp_operator_token=")) {{
-        token = new URLSearchParams(hash.replace(/^#/, "")).get("ocp_operator_token") || "";
-      }}
-      if (token) {{
-        try {{ window.localStorage.setItem(OCP_OPERATOR_TOKEN_KEY, token); }} catch (error) {{}}
-        history.replaceState(null, "", window.location.pathname + window.location.search);
-      }}
-    }};
-    const operatorToken = () => {{
-      try {{ return String(window.localStorage.getItem(OCP_OPERATOR_TOKEN_KEY) || "").trim(); }} catch (error) {{ return ""; }}
-    }};
-    const withOperatorAuth = (options = {{}}) => {{
-      const next = Object.assign({{}}, options || {{}});
-      const headers = new Headers(next.headers || {{}});
-      const token = operatorToken();
-      if (token && !headers.has("X-OCP-Operator-Token")) {{
-        headers.set("X-OCP-Operator-Token", token);
-      }}
-      next.headers = headers;
-      return next;
-    }};
-    consumeOperatorToken();
+{browser_client_js}
 
     const tabs = Array.from(document.querySelectorAll("[data-tab]"));
     const modules = Array.from(document.querySelectorAll(".module"));
@@ -653,15 +628,16 @@ def build_app_page(mesh: SovereignMesh) -> str:
     }};
     const renderStatus = (payload) => {{
       const quality = payload.mesh_quality || {{}};
+      const setup = payload.setup || {{}};
       const routeHealth = payload.route_health || {{}};
       const proof = payload.latest_proof || {{}};
       const urls = payload.app_urls || {{}};
-      setText(appEls.quality, text(quality.label, "Local node ready"));
-      setText(appEls.summary, text(quality.operator_summary || (payload.autonomy || {{}}).operator_summary, "Press Activate Autonomic Mesh to discover, repair, enlist, prove, and explain this mesh."));
+      setText(appEls.quality, text(setup.label || quality.label, "Local node ready"));
+      setText(appEls.summary, text(setup.operator_summary || quality.operator_summary || (payload.autonomy || {{}}).operator_summary, "Press Activate Mesh to discover, repair, enlist, prove, and explain this mesh."));
       setText(appEls.peers, String(quality.peer_count || 0));
       setText(appEls.routes, String(quality.healthy_routes || 0) + "/" + String(quality.route_count || 0));
       setText(appEls.proof, text(proof.status, "none"));
-      const phoneUrl = text(urls.phone_url || urls.app_url, window.location.origin + "/app");
+      const phoneUrl = withOperatorFragment(text(setup.phone_url || urls.phone_url || urls.app_url, window.location.origin + "/app"));
       setText(appEls.phone, phoneUrl);
       renderQr(phoneUrl);
       if (appEls.actions) {{
@@ -691,8 +667,7 @@ def build_app_page(mesh: SovereignMesh) -> str:
     }};
     const refreshAppStatus = async () => {{
       try {{
-        const response = await fetch("/mesh/app/status", withOperatorAuth());
-        const payload = await response.json();
+        const payload = await fetchJson("/mesh/app/status");
         renderStatus(payload);
         return payload;
       }} catch (error) {{
@@ -702,9 +677,9 @@ def build_app_page(mesh: SovereignMesh) -> str:
     }};
     document.querySelector("[data-refresh-status]")?.addEventListener("click", () => refreshAppStatus());
     document.querySelector("[data-copy-phone-link]")?.addEventListener("click", async () => {{
-      const value = text(appEls.phone?.textContent, window.location.origin + "/app");
+      const value = withOperatorFragment(text(appEls.phone?.textContent, window.location.origin + "/app"));
       try {{
-        await navigator.clipboard.writeText(value);
+        await copyText(value);
         setText(appEls.summary, "Copied phone link: " + value);
       }} catch (error) {{
         setText(appEls.summary, "Copy failed. Select the phone link manually.");
@@ -715,9 +690,9 @@ def build_app_page(mesh: SovereignMesh) -> str:
       button.disabled = true;
       const original = button.textContent;
       button.textContent = "Activating...";
-      setText(appEls.summary, "Autonomic Mesh is discovering, probing routes, planning helpers, and running a proof...");
+      setText(appEls.summary, "OCP is discovering nearby devices, probing routes, planning safe helpers, and running a proof...");
       try {{
-        const response = await fetch("/mesh/autonomy/activate", withOperatorAuth({{
+        const result = await fetchJson("/mesh/autonomy/activate", {{
           method: "POST",
           headers: {{ "Content-Type": "application/json" }},
           body: JSON.stringify({{
@@ -727,15 +702,11 @@ def build_app_page(mesh: SovereignMesh) -> str:
             repair: true,
             actor_agent_id: "ocp-app-home"
           }})
-        }}));
-        const result = await response.json();
-        if (!response.ok) {{
-          throw new Error(result.error || result.message || response.status + " " + response.statusText);
-        }}
-        setText(appEls.summary, result.operator_summary || result.summary || "Autonomic Mesh activation complete.");
+        }});
+        setText(appEls.summary, result.operator_summary || result.summary || "Mesh activation complete.");
         await refreshAppStatus();
       }} catch (error) {{
-        setText(appEls.summary, "Autonomic Mesh activation failed: " + error.message);
+        setText(appEls.summary, "Activate Mesh failed: " + error.message);
       }} finally {{
         button.disabled = false;
         button.textContent = original;
@@ -748,8 +719,7 @@ def build_app_page(mesh: SovereignMesh) -> str:
     fetchButton?.addEventListener("click", async () => {{
       preview.textContent = "Loading /mesh/contract...";
       try {{
-        const response = await fetch("/mesh/contract", withOperatorAuth());
-        const payload = await response.json();
+        const payload = await fetchJson("/mesh/contract");
         preview.textContent = JSON.stringify(payload, null, 2);
       }} catch (error) {{
         preview.textContent = "Unable to fetch /mesh/contract: " + error;
diff --git a/server_app_status.py b/server_app_status.py
index 045c2d8..e8e6368 100644
--- a/server_app_status.py
+++ b/server_app_status.py
@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 import datetime as dt
+import os
 from typing import Any
 
 from mesh import SovereignMesh
@@ -132,6 +133,115 @@ def _next_actions(
     return actions[:5]
 
 
+def _configured_operator_token() -> bool:
+    return bool((os.environ.get("OCP_OPERATOR_TOKEN") or os.environ.get("OCP_CONTROL_TOKEN") or "").strip())
+
+
+def _route_fix(routes: dict[str, Any]) -> str:
+    for route in list(routes.get("routes") or []):
+        route = dict(route or {})
+        status = str(route.get("status") or "").strip().lower()
+        freshness = str(route.get("freshness") or "").strip().lower()
+        if status != "reachable" or freshness in {"stale", "failed"}:
+            return str(
+                route.get("operator_hint")
+                or route.get("operator_summary")
+                or "Press Activate Mesh to probe and repair this peer route."
+            )
+    return "Press Activate Mesh to probe and repair peer routes."
+
+
+def _setup_projection(
+    *,
+    mesh_quality: dict[str, Any],
+    route_health: dict[str, Any],
+    connectivity: dict[str, Any],
+    approvals: dict[str, Any],
+    latest_proof: dict[str, Any],
+    autonomy: dict[str, Any],
+    app_urls: dict[str, Any],
+) -> dict[str, Any]:
+    sharing_mode = str(connectivity.get("sharing_mode") or "").strip().lower()
+    token_configured = _configured_operator_token()
+    peer_count = int(mesh_quality.get("peer_count") or 0)
+    route_count = int(mesh_quality.get("route_count") or 0)
+    healthy_routes = int(mesh_quality.get("healthy_routes") or 0)
+    proof_status = str(latest_proof.get("status") or "none").strip().lower()
+    last_run = dict((autonomy or {}).get("last_run") or {})
+    run_status = str(last_run.get("status") or "").strip().lower()
+    pending_approvals = int(approvals.get("pending_count") or 0)
+
+    status = "ready"
+    label = "Ready for setup"
+    blocking_issue = ""
+    next_fix = "Press Activate Mesh to discover nearby devices, repair routes, and run a proof."
+
+    if run_status == "running":
+        status = "proving"
+        label = "Proving mesh"
+        next_fix = "Keep this page open while OCP finishes route checks and proof execution."
+    elif proof_status == "completed" and route_count and healthy_routes == route_count:
+        status = "strong"
+        label = "Mesh strong"
+        next_fix = "No fix needed. The current mesh proof completed."
+    elif proof_status in {"planned", "queued", "running", "accepted"}:
+        status = "proving"
+        label = "Proof running"
+        next_fix = "Wait for the proof mission to finish, then refresh setup status."
+    elif proof_status in {"failed", "needs_attention", "cancelled"}:
+        status = "needs_attention"
+        label = "Proof needs attention"
+        blocking_issue = "The latest mesh proof did not complete."
+        next_fix = "Press Activate Mesh again so OCP can repair routes and retry once."
+    elif pending_approvals:
+        status = "needs_attention"
+        label = "Approval needed"
+        blocking_issue = f"{pending_approvals} approval(s) need review."
+        next_fix = "Open Advanced Control and approve or reject the pending helper request."
+    elif sharing_mode == "lan" and not token_configured:
+        status = "needs_attention"
+        label = "LAN token needed"
+        blocking_issue = "This node is LAN-reachable but no operator token is configured for phone control."
+        next_fix = "Restart with OCP_OPERATOR_TOKEN set, or start Mesh Mode from the Mac launcher."
+    elif route_count and healthy_routes < route_count:
+        status = "needs_attention"
+        label = "Route needs repair"
+        blocking_issue = "One or more peer routes are stale or unreachable."
+        next_fix = _route_fix(route_health)
+    elif sharing_mode == "local" and not peer_count:
+        status = "local_only"
+        label = "Local only"
+        blocking_issue = "This node is only listening on this computer."
+        next_fix = "Start Mesh Mode to use your phone or spare laptop on the same Wi-Fi."
+    elif route_count and healthy_routes == route_count:
+        status = "ready"
+        label = "Routes ready"
+        next_fix = "Press Activate Mesh to run a whole-mesh proof."
+
+    if status == "strong":
+        operator_summary = "Mesh is strong. Devices have proven routes and the latest proof completed."
+    elif blocking_issue:
+        operator_summary = f"{blocking_issue} {next_fix}"
+    else:
+        operator_summary = next_fix
+
+    return {
+        "status": status,
+        "label": label,
+        "primary_action": "activate_mesh",
+        "bind_mode": sharing_mode or "unknown",
+        "phone_url": app_urls.get("phone_url") or app_urls.get("app_url") or "",
+        "token_status": "configured" if token_configured else "loopback_only",
+        "known_peer_count": peer_count,
+        "healthy_route_count": healthy_routes,
+        "route_count": route_count,
+        "latest_proof_status": proof_status,
+        "blocking_issue": blocking_issue,
+        "next_fix": next_fix,
+        "operator_summary": operator_summary,
+    }
+
+
 def build_app_status(mesh: SovereignMesh) -> dict[str, Any]:
     manifest = dict(_safe({}, mesh.get_manifest))
     autonomic = dict(
@@ -151,18 +261,31 @@ def build_app_status(mesh: SovereignMesh) -> dict[str, Any]:
     approvals_raw = dict(_safe({"approvals": []}, mesh.list_approvals, limit=12, status="pending"))
     latest_proof = _latest_proof(missions)
     approvals = _pending_approvals(approvals_raw)
+    mesh_quality = _mesh_quality(autonomic, peers)
+    app_urls = _app_urls(mesh, connectivity)
+    route_health = autonomic.get("routes") or {"routes": [], "count": 0, "healthy": 0}
+    setup = _setup_projection(
+        mesh_quality=mesh_quality,
+        route_health=route_health,
+        connectivity=connectivity,
+        approvals=approvals,
+        latest_proof=latest_proof,
+        autonomy=autonomic,
+        app_urls=app_urls,
+    )
     return {
         "status": "ok",
         "node": _node_summary(mesh, manifest),
-        "app_urls": _app_urls(mesh, connectivity),
-        "mesh_quality": _mesh_quality(autonomic, peers),
+        "app_urls": app_urls,
+        "mesh_quality": mesh_quality,
+        "setup": setup,
         "autonomy": {
             "status": autonomic.get("status") or "unknown",
             "mode": autonomic.get("mode") or "assisted",
             "operator_summary": autonomic.get("operator_summary") or "",
             "last_run": autonomic.get("last_run") or {},
         },
-        "route_health": autonomic.get("routes") or {"routes": [], "count": 0, "healthy": 0},
+        "route_health": route_health,
         "latest_proof": latest_proof,
         "approvals": approvals,
         "next_actions": _next_actions(autonomic, connectivity, approvals, latest_proof),
diff --git a/server_browser_client.py b/server_browser_client.py
new file mode 100644
index 0000000..252f359
--- /dev/null
+++ b/server_browser_client.py
@@ -0,0 +1,92 @@
+from __future__ import annotations
+
+
+def build_browser_client_script() -> str:
+    """Shared browser helpers for OCP's local operator pages."""
+    return """
+    const OCP_OPERATOR_TOKEN_KEY = "ocp_operator_token";
+
+    function consumeOperatorToken() {
+      const hash = String(window.location.hash || "");
+      let token = "";
+      if (hash.indexOf("#ocp_operator_token=") === 0) {
+        token = decodeURIComponent(hash.slice("#ocp_operator_token=".length));
+      } else if (hash.indexOf("ocp_operator_token=") !== -1) {
+        token = new URLSearchParams(hash.replace(/^#/, "")).get("ocp_operator_token") || "";
+      }
+      if (token) {
+        try {
+          window.localStorage.setItem(OCP_OPERATOR_TOKEN_KEY, token);
+        } catch (error) {
+        }
+        history.replaceState(null, "", window.location.pathname + window.location.search);
+      }
+    }
+
+    function operatorToken() {
+      try {
+        return String(window.localStorage.getItem(OCP_OPERATOR_TOKEN_KEY) || "").trim();
+      } catch (error) {
+        return "";
+      }
+    }
+
+    function withOperatorAuth(options) {
+      const next = Object.assign({}, options || {});
+      const headers = new Headers(next.headers || {});
+      const token = operatorToken();
+      if (token && !headers.has("X-OCP-Operator-Token")) {
+        headers.set("X-OCP-Operator-Token", token);
+      }
+      next.headers = headers;
+      return next;
+    }
+
+    function withOperatorFragment(url) {
+      const token = operatorToken();
+      const target = String(url || "");
+      if (!token || !target) {
+        return target;
+      }
+      return target.replace(/#.*$/, "") + "#ocp_operator_token=" + encodeURIComponent(token);
+    }
+
+    async function fetchJson(url, options) {
+      const response = await fetch(url, withOperatorAuth(options));
+      if (!response.ok) {
+        let message = response.status + " " + response.statusText;
+        try {
+          const payload = await response.json();
+          message = payload.error || payload.message || message;
+        } catch (error) {
+        }
+        throw new Error(message);
+      }
+      return response.json();
+    }
+
+    async function copyText(text) {
+      const token = String(text || "");
+      if (!token) {
+        throw new Error("nothing to copy");
+      }
+      if (navigator.clipboard && window.isSecureContext) {
+        await navigator.clipboard.writeText(token);
+        return;
+      }
+      const input = document.createElement("textarea");
+      input.value = token;
+      input.setAttribute("readonly", "readonly");
+      input.style.position = "absolute";
+      input.style.left = "-9999px";
+      document.body.appendChild(input);
+      input.select();
+      document.execCommand("copy");
+      document.body.removeChild(input);
+    }
+
+    consumeOperatorToken();
+""".strip()
+
+
+__all__ = ["build_browser_client_script"]
diff --git a/server_connect.py b/server_connect.py
index 3357d3d..fc40338 100644
--- a/server_connect.py
+++ b/server_connect.py
@@ -3,6 +3,7 @@
 from typing import Any
 
 from mesh import SovereignMesh
+from server_browser_client import build_browser_client_script
 from server_control import build_control_bootstrap
 
 
@@ -596,59 +597,12 @@ def launch_mesh_test_mission(mesh: SovereignMesh, data: dict[str, Any]) -> dict[
 
   <script>
     const OCP_EASY_BOOTSTRAP = __OCP_EASY_BOOTSTRAP__;
-    const OCP_OPERATOR_TOKEN_KEY = "ocp_operator_token";
+__OCP_BROWSER_CLIENT__
     const easyApp = {
       state: OCP_EASY_BOOTSTRAP,
       refreshTimer: null
     };
 
-    function consumeOperatorToken() {
-      const hash = String(window.location.hash || "");
-      let token = "";
-      if (hash.indexOf("#ocp_operator_token=") === 0) {
-        token = decodeURIComponent(hash.slice("#ocp_operator_token=".length));
-      } else if (hash.indexOf("ocp_operator_token=") !== -1) {
-        token = new URLSearchParams(hash.replace(/^#/, "")).get("ocp_operator_token") || "";
-      }
-      if (token) {
-        try {
-          window.localStorage.setItem(OCP_OPERATOR_TOKEN_KEY, token);
-        } catch (error) {
-        }
-        history.replaceState(null, "", window.location.pathname + window.location.search);
-      }
-    }
-
-    function operatorToken() {
-      try {
-        return String(window.localStorage.getItem(OCP_OPERATOR_TOKEN_KEY) || "").trim();
-      } catch (error) {
-        return "";
-      }
-    }
-
-    function withOperatorAuth(options) {
-      const next = Object.assign({}, options || {});
-      const headers = new Headers(next.headers || {});
-      const token = operatorToken();
-      if (token && !headers.has("X-OCP-Operator-Token")) {
-        headers.set("X-OCP-Operator-Token", token);
-      }
-      next.headers = headers;
-      return next;
-    }
-
-    function withOperatorFragment(url) {
-      const token = operatorToken();
-      const target = String(url || "");
-      if (!token || !target) {
-        return target;
-      }
-      return target.replace(/#.*$/, "") + "#ocp_operator_token=" + encodeURIComponent(token);
-    }
-
-    consumeOperatorToken();
-
     function escapeHtml(value) {
       return String(value ?? "").replace(/[&<>"']/g, function (token) {
         return {
@@ -707,40 +661,6 @@ def launch_mesh_test_mission(mesh: SovereignMesh, data: dict[str, Any]) -> dict[
       return "Keep this peer on normal sync until it advertises treaty validation.";
     }
 
-    async function fetchJson(url, options) {
-      const response = await fetch(url, withOperatorAuth(options));
-      if (!response.ok) {
-        let detail = response.statusText || "request failed";
-        try {
-          const payload = await response.json();
-          detail = payload.error || payload.message || detail;
-        } catch (error) {
-        }
-        throw new Error(detail);
-      }
-      return response.json();
-    }
-
-    async function copyText(text) {
-      const token = String(text || "");
-      if (!token) {
-        throw new Error("nothing to copy");
-      }
-      if (navigator.clipboard && window.isSecureContext) {
-        await navigator.clipboard.writeText(token);
-        return;
-      }
-      const input = document.createElement("textarea");
-      input.value = token;
-      input.setAttribute("readonly", "readonly");
-      input.style.position = "absolute";
-      input.style.left = "-9999px";
-      document.body.appendChild(input);
-      input.select();
-      document.execCommand("copy");
-      document.body.removeChild(input);
-    }
-
     function renderEasyQr(url) {
       const frame = document.getElementById("easy-qr-frame");
       const note = document.getElementById("easy-qr-note");
@@ -1122,7 +1042,11 @@ def launch_mesh_test_mission(mesh: SovereignMesh, data: dict[str, Any]) -> dict[
 
 
 def build_easy_page(mesh: SovereignMesh) -> str:
-    return EASY_PAGE_TEMPLATE.replace("__OCP_EASY_BOOTSTRAP__", build_easy_bootstrap(mesh))
+    return (
+        EASY_PAGE_TEMPLATE
+        .replace("__OCP_EASY_BOOTSTRAP__", build_easy_bootstrap(mesh))
+        .replace("__OCP_BROWSER_CLIENT__", build_browser_client_script())
+    )
 
 
 __all__ = [
diff --git a/server_control_page.py b/server_control_page.py
index b7b21de..f6b7f46 100644
--- a/server_control_page.py
+++ b/server_control_page.py
@@ -4,6 +4,7 @@
 from typing import Any
 
 from mesh import SovereignMesh
+from server_browser_client import build_browser_client_script
 from server_control import build_control_bootstrap as _build_control_bootstrap
 
 
@@ -2494,41 +2495,7 @@ def build_control_page(mesh: SovereignMesh) -> str:
       { label: "/mesh/helpers/autonomy", href: "/mesh/helpers/autonomy" },
       { label: "/mesh/helpers/preferences", href: "/mesh/helpers/preferences" }
     ];
-    const OCP_OPERATOR_TOKEN_KEY = "ocp_operator_token";
-    function consumeOperatorToken() {
-      const hash = String(window.location.hash || "");
-      let token = "";
-      if (hash.indexOf("#ocp_operator_token=") === 0) {
-        token = decodeURIComponent(hash.slice("#ocp_operator_token=".length));
-      } else if (hash.indexOf("ocp_operator_token=") !== -1) {
-        token = new URLSearchParams(hash.replace(/^#/, "")).get("ocp_operator_token") || "";
-      }
-      if (token) {
-        try {
-          window.localStorage.setItem(OCP_OPERATOR_TOKEN_KEY, token);
-        } catch (error) {
-        }
-        history.replaceState(null, "", window.location.pathname + window.location.search);
-      }
-    }
-    function operatorToken() {
-      try {
-        return String(window.localStorage.getItem(OCP_OPERATOR_TOKEN_KEY) || "").trim();
-      } catch (error) {
-        return "";
-      }
-    }
-    function withOperatorAuth(options) {
-      const next = Object.assign({}, options || {});
-      const headers = new Headers(next.headers || {});
-      const token = operatorToken();
-      if (token && !headers.has("X-OCP-Operator-Token")) {
-        headers.set("X-OCP-Operator-Token", token);
-      }
-      next.headers = headers;
-      return next;
-    }
-    consumeOperatorToken();
+__OCP_BROWSER_CLIENT__
     const app = {
       state: OCP_CONTROL_BOOTSTRAP,
       meshScene: null,
@@ -2620,22 +2587,6 @@ def build_control_page(mesh: SovereignMesh) -> str:
       });
     }
 
-    async function fetchJson(url, options) {
-      const response = await fetch(url, withOperatorAuth(options));
-      if (!response.ok) {
-        let message = response.status + " " + response.statusText;
-        try {
-          const payload = await response.json();
-          if (payload && payload.error) {
-            message = payload.error;
-          }
-        } catch (error) {
-        }
-        throw new Error(message);
-      }
-      return response.json();
-    }
-
     function utcValue(input) {
       if (!input) {
         return null;
@@ -5405,4 +5356,8 @@ def build_control_page(mesh: SovereignMesh) -> str:
   </script>
 </body>
 </html>"""
-    return control_html.replace("__OCP_CONTROL_BOOTSTRAP__", bootstrap)
+    return (
+        control_html
+        .replace("__OCP_CONTROL_BOOTSTRAP__", bootstrap)
+        .replace("__OCP_BROWSER_CLIENT__", build_browser_client_script())
+    )
diff --git a/tests/test_sovereign_mesh.py b/tests/test_sovereign_mesh.py
index ae233cc..45b262e 100644
--- a/tests/test_sovereign_mesh.py
+++ b/tests/test_sovereign_mesh.py
@@ -4,6 +4,7 @@
 import json
 import os
 import shutil
+import socket
 import subprocess
 import sys
 import tempfile
@@ -23,7 +24,9 @@
 
 import server
 import server_app
+import server_app_status
 import server_artifacts
+import server_browser_client
 import server_connect
 import server_control
 import server_control_page
@@ -5023,14 +5026,16 @@ def test_server_app_page_handler_returns_unified_phone_shell(self):
         self.assertEqual(probe.content_type, "text/html; charset=utf-8")
         self.assertIn("OCP App", probe.payload)
         self.assertIn("One app for the mesh.", probe.payload)
-        self.assertIn("OCP Easy Setup", probe.payload)
-        self.assertIn("OCP Control Deck", probe.payload)
+        self.assertIn("Setup Details", probe.payload)
+        self.assertIn("Advanced Control", probe.payload)
+        self.assertIn("Activate Mesh", probe.payload)
         self.assertIn("/easy", probe.payload)
         self.assertIn("/control", probe.payload)
         self.assertIn("/mesh/contract", probe.payload)
         self.assertIn("/app.webmanifest", probe.payload)
 
         manifest_probe = ProbeHandler()
+        manifest_probe.server = SimpleNamespace(mesh=alpha.mesh)
         manifest_probe._handle_app_manifest()
 
         self.assertEqual(manifest_probe.code, 200)
@@ -5039,6 +5044,65 @@ def test_server_app_page_handler_returns_unified_phone_shell(self):
         self.assertEqual(manifest_probe.payload["start_url"], "/app")
         self.assertEqual(manifest_probe.payload["display"], "standalone")
 
+    def test_shared_browser_client_supports_operator_token_and_fetch(self):
+        script = server_browser_client.build_browser_client_script()
+
+        self.assertIn("ocp_operator_token", script)
+        self.assertIn("X-OCP-Operator-Token", script)
+        self.assertIn("function withOperatorFragment", script)
+        self.assertIn("async function fetchJson", script)
+        self.assertIn("async function copyText", script)
+        self.assertIn("if (!response.ok)", script)
+
+    def test_app_status_setup_projection_surfaces_foolproof_states(self):
+        base = {
+            "mesh_quality": {"peer_count": 0, "route_count": 0, "healthy_routes": 0},
+            "route_health": {"status": "ok", "count": 0, "healthy": 0, "routes": []},
+            "connectivity": {"sharing_mode": "local"},
+            "approvals": {"pending_count": 0},
+            "latest_proof": {"status": "none"},
+            "autonomy": {"last_run": {}},
+            "app_urls": {"phone_url": "http://127.0.0.1:8421/app"},
+        }
+
+        with mock.patch.dict(os.environ, {"OCP_OPERATOR_TOKEN": "", "OCP_CONTROL_TOKEN": ""}, clear=False):
+            local_only = server_app_status._setup_projection(**base)
+            self.assertEqual(local_only["status"], "local_only")
+            self.assertIn("Start Mesh Mode", local_only["next_fix"])
+
+            lan_missing_token = server_app_status._setup_projection(
+                **{**base, "connectivity": {"sharing_mode": "lan"}}
+            )
+            self.assertEqual(lan_missing_token["status"], "needs_attention")
+            self.assertIn("operator token", lan_missing_token["blocking_issue"])
+
+        route_needs_repair = {
+            **base,
+            "mesh_quality": {"peer_count": 1, "route_count": 1, "healthy_routes": 0},
+            "route_health": {
+                "status": "ok",
+                "count": 1,
+                "healthy": 0,
+                "routes": [{"status": "reachable", "freshness": "stale", "operator_summary": "Beta route is stale."}],
+            },
+            "connectivity": {"sharing_mode": "lan"},
+        }
+        with mock.patch.dict(os.environ, {"OCP_OPERATOR_TOKEN": "token"}, clear=False):
+            repair = server_app_status._setup_projection(**route_needs_repair)
+            self.assertEqual(repair["status"], "needs_attention")
+            self.assertIn("stale", repair["next_fix"])
+
+            strong = server_app_status._setup_projection(
+                **{
+                    **route_needs_repair,
+                    "mesh_quality": {"peer_count": 1, "route_count": 1, "healthy_routes": 1},
+                    "route_health": {"status": "ok", "count": 1, "healthy": 1, "routes": []},
+                    "latest_proof": {"status": "completed"},
+                }
+            )
+            self.assertEqual(strong["status"], "strong")
+            self.assertEqual(strong["primary_action"], "activate_mesh")
+
     def test_raw_mesh_post_routes_require_operator_auth_off_loopback(self):
         alpha = self.make_stack("alpha")
         payload = {"device_profile": {"form_factor": "phone"}}
@@ -5384,8 +5448,8 @@ def test_autonomic_activation_connects_probes_enlists_and_runs_proof(self):
 
         self.assertIn(result["status"], {"completed", "partial"})
         self.assertGreaterEqual(result["routes"]["healthy"], 1)
-        self.assertTrue(any(action["kind"] == "route_probe" for action in result["actions"]))
-        self.assertTrue(any(action["kind"] == "whole_mesh_proof" for action in result["actions"]))
+        self.assertTrue(any(action["kind"] == "route_verified" for action in result["actions"]))
+        self.assertTrue(any("proof" in action["summary"].lower() for action in result["actions"]))
         self.assertTrue(result["helpers"]["enlisted"])
         self.assertEqual(alpha.mesh.autonomy.latest_run()["request_id"], "autonomic-activation-test")
 
@@ -5557,7 +5621,7 @@ def fake_sync(*args, **kwargs):
         self.assertEqual(calls["proof"], 2)
         self.assertGreaterEqual(calls["probe"], 1)
         self.assertGreaterEqual(calls["sync"], 1)
-        self.assertTrue(any(action["kind"] == "whole_mesh_proof_retry" for action in result["actions"]))
+        self.assertTrue(any(action["kind"] == "proof_completed" for action in result["actions"]))
 
     def test_server_autonomic_mesh_handlers_round_trip(self):
         alpha = self.make_stack("alpha")
@@ -6206,8 +6270,14 @@ def test_server_contract_module_exposes_mesh_route_contract(self):
                 "node": {},
                 "app_urls": {},
                 "mesh_quality": {},
+                "setup": {
+                    "status": "ready",
+                    "primary_action": "activate_mesh",
+                    "phone_url": "/app",
+                    "next_fix": "Press Activate Mesh.",
+                },
                 "route_health": {"status": "ok", "routes": []},
-                "next_actions": ["Activate Autonomic Mesh."],
+                "next_actions": ["Activate Mesh."],
             },
         )
         self.assertEqual(valid_app_status["status"], "ok")
@@ -6606,14 +6676,15 @@ def test_easy_page_is_exposed_over_http(self):
         self.assertIn("OCP App", markup)
         self.assertIn("One app for the mesh.", markup)
         self.assertIn("OCP Today", markup)
-        self.assertIn("Activate Autonomic Mesh", markup)
+        self.assertIn("Activate Mesh", markup)
+        self.assertIn("Setup Doctor", markup)
         self.assertIn("Phone Link + QR", markup)
         self.assertIn("/mesh/app/status", markup)
         self.assertIn("ocp_operator_token", markup)
         self.assertIn("X-OCP-Operator-Token", markup)
         self.assertIn("if (!response.ok)", markup)
-        self.assertIn("OCP Easy Setup", markup)
-        self.assertIn("OCP Control Deck", markup)
+        self.assertIn("Setup Details", markup)
+        self.assertIn("Advanced Control", markup)
         self.assertIn("/easy", markup)
         self.assertIn("/control", markup)
         self.assertIn("/app.webmanifest", markup)
@@ -6632,6 +6703,9 @@ def test_easy_page_is_exposed_over_http(self):
         self.assertIn("route_health", app_status)
         self.assertIn("latest_proof", app_status)
         self.assertIn("next_actions", app_status)
+        self.assertEqual(app_status["setup"]["primary_action"], "activate_mesh")
+        self.assertIn(app_status["setup"]["status"], {"ready", "local_only", "needs_attention", "proving", "strong"})
+        self.assertNotIn("ocp_operator_token", app_status["setup"]["phone_url"])
         self.assertIn("/app", app_status["app_urls"]["app_url"])
 
         with urlopen(f"{base_url}/app.webmanifest") as response:
@@ -6703,6 +6777,16 @@ def test_startup_helpers_resolve_state_paths_and_server_command(self):
             self.assertIn("--db-path", command)
             self.assertIn(str(state_dir / "ocp.db"), command)
             self.assertEqual(ocp_startup.health_url("0.0.0.0", 8555), "http://127.0.0.1:8555/mesh/manifest")
+            self.assertEqual(
+                ocp_startup.operator_app_url("http://192.168.1.44:8555/", "secret token"),
+                "http://192.168.1.44:8555/app#ocp_operator_token=secret%20token",
+            )
+            self.assertTrue(ocp_startup.port_is_available("127.0.0.1", 0))
+            with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
+                sock.bind(("127.0.0.1", 0))
+                sock.listen(1)
+                busy_port = sock.getsockname()[1]
+                self.assertFalse(ocp_startup.port_is_available("127.0.0.1", busy_port))
 
             custom_db = Path(tmp) / "custom" / "demo.db"
             custom_profile = ocp_startup.profile_from_values(
@@ -6742,6 +6826,14 @@ def test_desktop_launcher_builds_local_and_mesh_launch_plans(self):
                 ocp_launcher.operator_app_url("http://192.168.1.44:8666/", "secret token"),
                 "http://192.168.1.44:8666/app#ocp_operator_token=secret%20token",
             )
+            self.assertIn(
+                "ready for phone setup",
+                ocp_launcher.launcher_status_message({"setup": {"status": "ready"}}).lower(),
+            )
+            self.assertIn(
+                "Needs firewall",
+                ocp_launcher.launcher_status_message({"setup": {"status": "needs_attention", "next_fix": "Needs firewall"}}),
+            )
 
     def test_desktop_launcher_config_round_trips(self):
         with tempfile.TemporaryDirectory() as tmp: