diff --git a/CSharpDB.slnx b/CSharpDB.slnx
index 83d8c108..6882d38d 100644
--- a/CSharpDB.slnx
+++ b/CSharpDB.slnx
@@ -21,6 +21,7 @@
     <Project Path="samples/collection-indexing/CollectionIndexingSample.csproj" />
     <Project Path="samples/csv-bulk-import/CsvBulkImportSample.csproj" />
     <Project Path="samples/efcore-provider/EfCoreProviderSample.csproj" />
+    <Project Path="samples/trusted-csharp-host/TrustedCSharpHostSample.csproj" />
   </Folder>
   <Folder Name="/src/">
     <Project Path="src/CSharpDB/CSharpDB.csproj" />
@@ -53,6 +54,7 @@
     <Project Path="tests/CSharpDB.Daemon.Tests/CSharpDB.Daemon.Tests.csproj" />
     <Project Path="tests/CSharpDB.Admin.Forms.Tests/CSharpDB.Admin.Forms.Tests.csproj" />
     <Project Path="tests/CSharpDB.Admin.Reports.Tests/CSharpDB.Admin.Reports.Tests.csproj" />
+    <Project Path="tests/CSharpDB.ExtensionSandbox.Worker/CSharpDB.ExtensionSandbox.Worker.csproj" />
     <Project Path="tests/CSharpDB.Benchmarks/CSharpDB.Benchmarks.csproj" />
     <Project Path="tests/CSharpDB.DataGen/CSharpDB.DataGen.csproj" />
   </Folder>
diff --git a/Directory.Build.props b/Directory.Build.props
new file mode 100644
index 00000000..8d072b1f
--- /dev/null
+++ b/Directory.Build.props
@@ -0,0 +1,6 @@
+<Project>
+  <PropertyGroup>
+    <!-- Keep ignored/generated local outputs out of SDK-style default item globs. -->
+    <DefaultItemExcludes>$(DefaultItemExcludes);artifacts/**;**/artifacts/**;.tmp/**;**/.tmp/**;tmp/**;**/tmp/**;temp/**;**/temp/**;publish/**;**/publish/**</DefaultItemExcludes>
+  </PropertyGroup>
+</Project>
diff --git a/Directory.Build.targets b/Directory.Build.targets
new file mode 100644
index 00000000..cacfd2c6
--- /dev/null
+++ b/Directory.Build.targets
@@ -0,0 +1,8 @@
+<Project>
+  <Target Name="PurgeAdminArtifacts"
+          BeforeTargets="BeforeBuild"
+          Condition="'$(MSBuildProjectName)' == 'CSharpDB.Admin'">
+    <RemoveDir Directories="$(MSBuildProjectDirectory)\artifacts"
+               Condition="Exists('$(MSBuildProjectDirectory)\artifacts')" />
+  </Target>
+</Project>
diff --git a/README.md b/README.md
index c92e7732..c3e157f3 100644
--- a/README.md
+++ b/README.md
@@ -210,6 +210,8 @@ The native library exports 20 C functions. See the [Native Library Reference](ht
 | [Architecture Guide](https://csharpdb.com/architecture.html) | Engine design deep dive |
 | [Tools & Ecosystem](https://csharpdb.com/docs/ecosystem.html) | APIs, hosts, designers, and integrations |
 | [EF Core Provider](https://csharpdb.com/docs/entity-framework-core.html) | Embedded EF Core 10 provider guide |
+| [Trusted C# Callbacks](docs/trusted-csharp-functions/README.md) | Register in-process C# functions, commands, and validation rules for SQL, forms, reports, and pipelines |
+| [Trusted C# Host Sample](samples/trusted-csharp-host/README.md) | VS Code-ready C# host project for trusted functions, commands, validation rules, and form actions |
 | [Admin UI Guide](https://csharpdb.com/docs/admin-ui.html) | Querying, schema, pipelines, forms, reports, and storage |
 | [CSharpDB.Client](src/CSharpDB.Client/README.md) | Unified client API and transports |
 | [Pipelines](https://csharpdb.com/docs/pipelines.html) | ETL package model and visual designer |
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index dd327245..4a614773 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,5 +1,320 @@
 # What's New
 
+## v3.6.0
+
+v3.6.0 adds trusted, in-process C# scalar functions and commands across
+CSharpDB's user-facing expression and automation surfaces. Host applications
+can now register C# callbacks when opening or hosting a database, then call
+those callbacks from SQL, SQL-backed triggers and procedures, Admin Forms
+formulas/events/actions, Admin Reports calculated text and preview lifecycle
+events, and pipeline filter/derive/hook expressions.
+
+The release also adds tableless scalar `SELECT` support, common built-in scalar
+functions, Admin callback catalog metadata, SQL autocomplete for built-ins and
+tableless-safe host callbacks, and local Admin artifact cleanup to keep
+incremental builds fast.
+
+### Trusted C# Scalar Functions
+
+- Added the shared `DbFunctionRegistry`, `DbFunctionRegistryBuilder`,
+  `DbScalarFunctionDelegate`, and `DbScalarFunctionOptions` public model in
+  `CSharpDB.Primitives`.
+- Added `DatabaseOptions.Functions` plus `ConfigureFunctions(...)` so embedded
+  hosts can register scalar functions when opening file-backed, in-memory, or
+  hybrid databases.
+- SQL expression evaluation now resolves registered scalar functions in
+  projections, filters, ordering expressions, `INSERT`/`UPDATE` expressions,
+  trigger bodies, and stored SQL procedure bodies.
+- Direct clients can pass trusted functions through `DirectDatabaseOptions`;
+  HTTP and gRPC clients still do not serialize delegates and can only call
+  functions registered inside the remote host process.
+- Admin Forms formulas and Admin Reports calculated expressions can use the
+  same registry while preserving existing arithmetic and aggregate behavior.
+- Pipeline filter and derived-column expressions can call registered functions;
+  package definitions store expressions plus generated automation metadata, but
+  never C# function bodies.
+- Scalar callback registration now carries `CanRunWithoutFrom` metadata so
+  hosts can identify functions that are safe to discover in tableless
+  `SELECT ...` contexts.
+- Added the usage guide at `docs/trusted-csharp-functions/README.md`.
+
+### Tableless SELECT And Built-In Scalar Functions
+
+- SQL now supports scalar `SELECT` statements without a `FROM` clause through a
+  single-row planner source.
+- Tableless statements such as `SELECT Date();`, `SELECT abs(1123.34);`, and
+  `SELECT Slugify('Hello World');` can execute without inventing a dummy table
+  when the expression does not need row context.
+- Added a central built-in scalar dispatcher for common text, date/time,
+  numeric, conversion, and null helpers, including functions such as `ABS`,
+  `DATE`, `DATESERIAL`, `DATEADD`, `DATEDIFF`, `LEN`, `UCASE`, `LCASE`,
+  `ROUND`, `IFNULL`, and `NZ`.
+- Query planning now infers built-in scalar return types where possible.
+- Query paging and Admin result serialization now handle the internal
+  tableless single-row source.
+- BLOB procedure parameters can now round-trip through tableless
+  `SELECT @payload;` rather than failing on the old unsupported-path
+  assumption.
+
+### Admin Callback Catalog And Formula UX
+
+- The Admin navigation now groups callbacks under `Callbacks / Internal` and
+  `Callbacks / External`.
+- Internal callbacks show built-in formula functions separately from registered
+  host callbacks, so the list remains navigable as the built-in surface grows.
+- External callbacks show host-registered/user-created callbacks such as sample
+  functions and automation commands.
+- Callback details now surface whether a scalar callback is marked for
+  tableless `SELECT`.
+- SQL editor completion now suggests built-in scalar functions and host
+  callbacks marked with `CanRunWithoutFrom`.
+- Admin Forms formulas now have an Access-style function catalog/helper and
+  domain-function support for common form expressions.
+
+### Trusted Commands And Form Events
+
+- Added the shared `DbCommandRegistry`, `DbCommandRegistryBuilder`,
+  `DbCommandDelegate`, `DbCommandContext`, `DbCommandResult`, and
+  `DbCommandOptions` public model in `CSharpDB.Primitives`.
+- `DbCommandOptions` now includes `Timeout` and `IsLongRunning`, and
+  `DbCommandRegistryBuilder.AddAsyncCommand(...)` registers `Task`-based host
+  callbacks without manual `ValueTask` wrapping.
+- Command timeouts cancel the command invocation token and surface as command
+  failures through the existing Forms, Reports, and Pipelines dispatch paths;
+  external cancellation is still propagated as cancellation.
+- Admin Forms can now store form-level event bindings that reference trusted
+  command names instead of storing C# source.
+- The Forms data-entry runtime dispatches `OnOpen`, `OnLoad`, `BeforeInsert`,
+  `AfterInsert`, `BeforeUpdate`, `AfterUpdate`, `BeforeDelete`, and
+  `AfterDelete`.
+- `BeforeInsert`, `BeforeUpdate`, and `BeforeDelete` can cancel the requested
+  write by returning `DbCommandResult.Failure(...)`; after-events report errors
+  without attempting to roll back a completed write.
+- Command context arguments include current record fields converted to
+  `DbValue`; metadata includes the Forms surface, form id/name, table name, and
+  event name.
+- `AddCSharpDbAdminForms(...)` now has a command-registration overload for
+  trusted host applications.
+- The Admin Forms designer preserves and edits form-level event bindings
+  instead of dropping automation metadata during save.
+- Added a command button control that invokes a trusted host command on click,
+  passing current record fields, optional configured arguments, and form
+  metadata to the command callback.
+- Added control-level Admin Forms event bindings for `OnClick`, `OnChange`,
+  `OnGotFocus`, and `OnLostFocus`, so ordinary controls can invoke trusted
+  host commands without being command buttons.
+- The Forms property inspector now edits selected-control event bindings using
+  the same registered-command picker and JSON argument editor as form-level
+  events.
+- Added shared declarative action sequence metadata with `RunCommand`,
+  `SetFieldValue`, `ShowMessage`, and `Stop` steps for Admin Forms automation.
+  Form and control event bindings can now be command-only,
+  action-sequence-only, or a command followed by an action sequence.
+- Added built-in rendered-form actions for `NewRecord`, `SaveRecord`,
+  `DeleteRecord`, `RefreshRecords`, `PreviousRecord`, `NextRecord`, and
+  `GoToRecord`, so command buttons and control events can drive common form
+  workflows without host C# callbacks.
+- Action sequence steps can now include a simple condition such as
+  `Status = 'Ready'`, `Amount > 0`, or `IsActive`; false conditions skip that
+  step, while malformed conditions fail through the normal step failure path.
+- Forms can now store reusable named action sequences on `FormDefinition` and
+  invoke them from event/button sequences with `RunActionSequence`, including
+  optional per-call arguments and a nesting guard for recursive loops.
+- The form-event and selected-control event editors now include a visual
+  action-sequence editor for adding, ordering, removing, and configuring
+  command, reusable sequence, field, message, stop, built-in record actions,
+  and per-step conditions.
+- The Forms property inspector now includes a reusable action-sequence library
+  editor at the form level, and event action editors can pick those named
+  sequences while preserving missing names for portable metadata.
+- The action-sequence editor uses registered-command pickers when commands are
+  available, preserves missing command names for portable form metadata, and
+  keeps JSON editing limited to optional argument payloads.
+- Action sequences store names, arguments, field targets, and literal values
+  only. They do not store C# source, serialize delegates, or run untrusted code.
+- Added shared command argument conversion helpers so Forms, Reports, and
+  Pipelines pass host command arguments with the same `DbValue` conversion
+  rules.
+- Admin Reports can now bind `OnOpen`, `BeforeRender`, and `AfterRender`
+  preview lifecycle events to trusted commands. The preview service passes
+  report/source metadata plus row, truncation, page, and schema-drift metrics.
+- `AddCSharpDbAdminReports(...)` now has a command-registration overload for
+  trusted host applications.
+- Pipeline packages can now include trusted command hooks for `OnRunStarted`,
+  `OnBatchCompleted`, `OnRunSucceeded`, and `OnRunFailed`. Package JSON stores
+  hook names, arguments, and generated automation metadata only; command bodies
+  remain host-registered code.
+- Pipeline hook failures fail the run through `PipelineRunResult`; failure-hook
+  errors are appended to the failed run summary instead of recursively
+  dispatching more failure hooks.
+- Admin Forms command buttons now refresh their executing/disabled state before
+  and after async command work, so long-running trusted commands give visible
+  runtime feedback in the form surface.
+
+### Stored Automation Metadata
+
+- Added shared `DbAutomationMetadata`, command references, and scalar-function
+  references so portable definitions can declare the trusted host callbacks
+  they expect without storing C# code.
+- Admin Forms, Admin Reports, and pipeline packages now regenerate automation
+  metadata during repository save/load or package serialization/deserialization.
+  Older JSON without automation metadata is backfilled on read.
+- Form metadata captures trusted form events, command buttons, selected-control
+  events, reusable action sequences, action-sequence `RunCommand` steps, and
+  computed-formula scalar functions.
+- Report metadata captures preview lifecycle command bindings and calculated
+  text scalar functions.
+- Pipeline package metadata captures command hooks and scalar functions used by
+  filter and derived-column expressions; package validation reports stale
+  automation manifests so packages can be re-exported.
+
+### Developer Experience
+
+- Added `samples/trusted-csharp-host`, a VS Code-ready C# host project for
+  writing and debugging trusted C# callbacks in ordinary application code.
+- The sample registers a trusted scalar function, calls it from SQL, registers
+  a trusted command, and runs an Admin Forms action sequence that sets a field
+  before invoking that command.
+- The sample includes local `.vscode` launch/tasks files so developers can open
+  the sample folder, press `F5`, and set breakpoints inside callback code.
+- The direct Admin launcher now cleans stale Admin artifact snapshots, builds
+  once, and runs with `--no-build` so old generated artifacts do not slow
+  startup.
+- Added repo-level MSBuild cleanup for `src/CSharpDB.Admin/artifacts` and
+  default excludes for generated artifact folders.
+- Added the async I/O batching follow-up note at
+  `docs/query-and-durable-write-performance/async-io-batching-follow-up.md`.
+
+### Behavior And Safety
+
+- Function names are case-insensitive SQL identifiers, and registration rejects
+  duplicate user names or collisions with reserved built-ins such as `TEXT`,
+  `COUNT`, `SUM`, `AVG`, `MIN`, and `MAX`.
+- Arity is validated before invocation, missing SQL functions fail with the
+  existing unknown scalar function path, and thrown delegate exceptions are
+  wrapped with the function name before normal statement/transaction rollback.
+- `NullPropagating = true` returns `NULL` without invoking the delegate when
+  any argument is `NULL`; otherwise `DbValue.Null` is passed explicitly.
+- V1 remains scalar-only, synchronous, trusted, and in-process. It does not
+  persist C# source, sandbox code, load database-owned plugin assemblies,
+  marshal delegates over HTTP/gRPC, or add aggregate/table-valued/procedure
+  UDFs.
+- Query planning keeps custom functions on the residual expression path in V1:
+  no index pushdown, generated columns, constant folding, or cost assumptions
+  are inferred from user functions.
+
+### Tests And Benchmarks
+
+- Added registry and SQL coverage for case-insensitive lookup, duplicate and
+  built-in collision rejection, null propagation, deterministic metadata,
+  missing functions, thrown functions, rollback behavior, triggers, and stored
+  SQL procedures.
+- Added direct-client, Admin Forms, Admin Reports, pipeline validation, and
+  pipeline runtime tests for registered scalar functions.
+- Added command-registry, form-event dispatcher, event JSON round-trip, and
+  Forms data-entry tests for create/update/delete event dispatch and
+  before-event cancellation.
+- Added designer-state tests for action sequences, plus command-button and
+  control-event tests covering event binding preservation and registered
+  command invocation from rendered forms.
+- Added Forms action-sequence tests for event dispatch, mutable record updates,
+  command button action-only clicks, and JSON round-tripping.
+- Added report-event dispatcher and preview lifecycle tests, pipeline hook
+  serialization/validation/orchestrator tests, and shared command argument
+  conversion tests.
+- Added automation metadata tests covering manifest extraction, JSON
+  round-tripping, repository persistence/backfill, pipeline package
+  import/export, and stale package metadata validation.
+- Added async command and timeout coverage for the command registry, Admin
+  Forms dispatcher, Admin Reports dispatcher, and pipeline hook orchestration.
+- Added Forms built-in action tests covering rendered command-button dispatch,
+  next/previous/go-to navigation, and create/save/refresh/delete workflows.
+- Added conditional action tests for skip/run behavior, condition failure,
+  rendered built-in action skipping, metadata propagation, and JSON
+  round-tripping.
+- Added parser, planner, SQL execution, direct-client, procedure, query paging,
+  and Admin completion tests for tableless `SELECT`, built-in scalar functions,
+  BLOB parameter round-tripping, and tableless-safe callback autocomplete.
+- Added Admin callback catalog tests for tableless callback metadata.
+- Added Admin Forms formula evaluator tests for the built-in function catalog
+  and Access-style formula helpers.
+- Same-machine affected benchmark comparison against the pre-feature HEAD
+  baseline showed no material regression in the main write/query guardrails:
+
+| Suite | Worst current change | Best current change |
+|-------|---------------------:|--------------------:|
+| Insert | `+3.76%` | `-3.38%` |
+| Join | `+6.65%` | `-6.93%` |
+| PointLookup | `+5.15%` | `-9.25%` |
+| QueryPlanCache | `+1.62%` | `-4.45%` |
+| ScanProjection | `+0.20%` | `-18.12%` |
+| TriggerDispatch | `+0.77%` | `-4.52%` |
+| BatchEvaluation | `+10.53%` | `-10.36%` |
+
+The one notable row was the synthetic BatchEvaluation delegate
+filter/projection case at `+10.53%`; its paired specialized path improved by
+`-10.36%`, allocations were unchanged, and the affected guardrail suites were
+otherwise neutral to improved.
+
+### Validation
+
+- `git status --short --branch`
+- `dotnet restore CSharpDB.slnx`
+- `.\scripts\Test-NoLegacyCoreReferences.ps1`
+  - Passed through the script's PowerShell fallback after the local packaged
+    `rg.exe` could not be launched normally in this desktop environment.
+- `dotnet build CSharpDB.slnx -c Release --no-restore`
+  - Passed with `0` warnings and `0` errors.
+- `dotnet test CSharpDB.slnx -c Release --no-build -m:1 -- RunConfiguration.DisableParallelization=true`
+  - Non-parallel unit test run passed with `1,663` tests.
+- Phase 5 local validation used `dotnet build CSharpDB.slnx --no-restore -m:1`
+  and `dotnet test CSharpDB.slnx --no-build -m:1 -- RunConfiguration.DisableParallelization=true`
+  - Debug non-parallel unit test run passed with `1,703` tests after adding
+    automation metadata coverage.
+- Phase 6A async-command hardening validation used
+  `dotnet build CSharpDB.slnx --no-restore -m:1` and
+  `dotnet test CSharpDB.slnx --no-build -m:1 -- RunConfiguration.DisableParallelization=true`
+  - Debug non-parallel unit test run passed with `1,709` tests.
+- Phase 6B built-in form action validation used
+  `dotnet build CSharpDB.slnx --no-restore -m:1` and
+  `dotnet test CSharpDB.slnx --no-build -m:1 -- RunConfiguration.DisableParallelization=true`
+  - Debug non-parallel unit test run passed with `1,712` tests.
+- Phase 6C conditional form action validation used
+  `dotnet build CSharpDB.slnx --no-restore -m:1` and
+  `dotnet test CSharpDB.slnx --no-build -m:1 -- RunConfiguration.DisableParallelization=true`
+  - Debug non-parallel unit test run passed with `1,715` tests.
+- `dotnet pack` smoke for the release workflow packages with
+  `-p:Version=3.6.0`
+  - Produced `11` local packages:
+    `CSharpDB`, `CSharpDB.Client`, `CSharpDB.Data`, `CSharpDB.Engine`,
+    `CSharpDB.EntityFrameworkCore`, `CSharpDB.Execution`,
+    `CSharpDB.Pipelines`, `CSharpDB.Primitives`, `CSharpDB.Sql`,
+    `CSharpDB.Storage`, and `CSharpDB.Storage.Diagnostics`.
+- `.\scripts\Publish-CSharpDbDaemonRelease.ps1 -Version 3.6.0 -Runtime win-x64 -OutputRoot artifacts\daemon-release-local`
+  - Produced `csharpdb-daemon-v3.6.0-win-x64.zip` and `SHA256SUMS.txt`.
+- Latest tableless/callback stabilization validation used
+  `dotnet test .\CSharpDB.slnx -m:1 --no-restore -v:minimal /nr:false /p:UseSharedCompilation=false /p:TestTfmsInParallel=false -- RunConfiguration.DisableParallelization=true`
+  - Debug non-parallel unit test run passed with `1,877` tests.
+
+### Review Notes
+
+- The highest-risk runtime changes are in expression evaluation and planner
+  plumbing: custom functions are intentionally kept off the index-pushdown and
+  batch-fast-path planning assumptions in V1.
+- Remote hosts must register functions in the daemon/API host process; direct
+  clients can register functions locally through `DirectDatabaseOptions`, but
+  callback delegates are never serialized over HTTP or gRPC.
+- Admin Forms and Reports use the shared registries, but their formula and
+  automation surfaces remain narrower than SQL or stored macro systems:
+  formulas stay expression-focused, command hooks invoke host-owned code by
+  name, and declarative action sequences store only limited action metadata
+  rather than executable scripts in database metadata.
+- `SELECT ...` without `FROM` is represented internally as a single-row source
+  and is intended for scalar expressions that do not need row context.
+- `CanRunWithoutFrom` is currently discovery metadata for the Admin catalog and
+  SQL editor autocomplete; it is not yet a hard runtime denial gate for manually
+  typed tableless callback calls.
+
 ## v3.5.0
 
 v3.5.0 focuses on the collection binary payload fast path, generated
diff --git a/docs/admin-collections-ui/README.md b/docs/admin-collections-ui/README.md
new file mode 100644
index 00000000..57e11a15
--- /dev/null
+++ b/docs/admin-collections-ui/README.md
@@ -0,0 +1,59 @@
+# Admin Collections UI
+
+## Summary
+
+The Admin app now treats document collections as first-class objects alongside
+tables, views, forms, and reports. The first implementation is a browser and
+JSON editor built on the existing collection client APIs:
+
+- list collection names
+- browse documents by page
+- fetch one document by exact key
+- create or update a document
+- delete a document
+
+This deliberately avoids new engine, HTTP, gRPC, or client contracts. Collection
+path-index management, document-content search, collection rename, and
+collection drop remain future work.
+
+## User Experience
+
+- Object Explorer has a `Collections` filter chip and group.
+- The collection group menu supports `New Collection...` and `Refresh`.
+- Collection item menus support `Open`, `New Document...`, and `Copy Name`.
+- The command palette includes `New Collection` plus one entry for each existing
+  collection.
+- Each collection opens in a dedicated `collection:{name}` tab using the same
+  toolbar, pager, grid, and detail-panel language as table data tabs.
+
+## Collection Tab Behavior
+
+- The grid shows row number, document key, JSON kind, and a compact preview.
+- The detail panel shows indented JSON for the selected document.
+- Existing document keys are read-only.
+- New documents require a nonblank key and valid JSON before save is enabled.
+- Save writes through `PutDocumentAsync(collectionName, key, document)`.
+- Delete writes through `DeleteDocumentAsync(collectionName, key)` after
+  confirmation.
+- Successful writes notify Admin change listeners and refresh the current page.
+- Exact-key lookup uses `GetDocumentAsync(collectionName, key)`.
+
+## Defaults
+
+- Default page size is `25`.
+- Supported page sizes are `10`, `25`, `50`, and `100`.
+- Collection names use the same simple identifier shape as the direct client:
+  `^[A-Za-z_][A-Za-z0-9_]*$`.
+- Deleting all documents leaves the collection itself in place because there is
+  no drop-collection API today.
+- Generated collection model metadata is not surfaced; documents are edited as
+  raw JSON.
+
+## Verification
+
+Run the focused Admin checks after collection UI changes:
+
+```powershell
+dotnet build src/CSharpDB.Admin/CSharpDB.Admin.csproj
+dotnet test tests/CSharpDB.Admin.Forms.Tests/CSharpDB.Admin.Forms.Tests.csproj
+```
diff --git a/docs/admin-forms-access-parity/README.md b/docs/admin-forms-access-parity/README.md
index 64070b14..f04845df 100644
--- a/docs/admin-forms-access-parity/README.md
+++ b/docs/admin-forms-access-parity/README.md
@@ -22,6 +22,16 @@ The current forms surface already includes:
 - schema-change warnings
 - designer undo/redo, copy/paste, duplicate, layers, alignment, tab order, and
   mobile/tablet/desktop breakpoint editing
+- trusted host command registration for form lifecycle events
+- designer editing for form-level event bindings
+- command button controls that invoke trusted host commands
+- trusted command-backed selected-control events
+- declarative form action sequences for run-command, reusable sequence,
+  set-field, show-message, stop, built-in navigation, save, delete, refresh,
+  and go-to-record steps
+- conditional action steps and reusable named form action sequences
+- visual designer editing for form and selected-control action sequences
+- generated automation metadata for export/import host callback requirements
 
 ## Added Review Findings
 
@@ -96,9 +106,9 @@ Expected fix:
 
 | Feature | Status | Notes |
 | --- | --- | --- |
-| Command button control | Planned | Add buttons that can run form actions. |
-| Action model | Planned | Support actions such as open form, save, delete, navigate, apply filter, clear filter, run SQL/procedure, and show message. |
-| Event hooks | Planned | Add form/control events such as on load, before save, after save, before field change, after field change, and button click. |
+| Command button control | Partial | Trusted command buttons can invoke host-registered C# commands, action-only click sequences, reusable action sequences, and built-in rendered-form navigation/save/delete actions; richer button styling and command presets remain future work. |
+| Action model | Partial | Declarative action sequences support run-command, reusable sequence, set-field, show-message, stop, built-in navigation/save/delete/refresh/go-to, simple per-step conditions, visual designer editing, and generated automation metadata for form and selected-control events; open form, apply filter, clear filter, run SQL/procedure, loops, and conditional UI rules remain future work. |
+| Event hooks | Partial | Form lifecycle events, command-button clicks, and selected control events can call trusted commands; additional Access-style events remain future work. |
 | Conditional UI rules | Planned | Add visible/enabled/read-only expressions for controls. |
 
 ### Phase 5: Broader Control and Property Coverage
@@ -124,3 +134,17 @@ workflows." The highest leverage model changes are:
 - form-mode model
 
 Those foundations should be added before expanding the control palette too far.
+
+## Developer Extensibility
+
+Custom form controls can now be registered without changing saved form JSON. See
+[Form Control Extensibility](form-control-extensibility.md) for the registry API,
+component contexts, generic property schema, and the sample rating control.
+
+Host-owned validation callbacks can be registered for field-level and form-level
+save checks. See
+[Trusted Validation Rules](../trusted-csharp-functions/validation-rules.md) for
+registration, designer metadata, policy, diagnostics, and sample code.
+
+For Access-style expression functions and macro/action candidates, see
+[Access-Style Functions and Macros](access-style-functions-and-macros.md).
diff --git a/docs/admin-forms-access-parity/access-style-functions-and-macros.md b/docs/admin-forms-access-parity/access-style-functions-and-macros.md
new file mode 100644
index 00000000..32f29b80
--- /dev/null
+++ b/docs/admin-forms-access-parity/access-style-functions-and-macros.md
@@ -0,0 +1,244 @@
+# Access-Style Functions and Macros
+
+This note captures the Access-parity function and macro set we want available
+in Admin Forms. The goal is not to clone every Access/VBA surface area at once.
+The goal is to include the small, familiar built-in set that makes form
+expressions, validation, conditional formatting, buttons, and simple workflows
+feel productive without requiring host code for every common task.
+
+## Design Direction
+
+- Keep simple expression functions built into the formula engine.
+- Keep user-facing form actions as declarative Admin Form actions where possible.
+- Route dangerous or host-specific actions through trusted callbacks, policy, and
+  diagnostics.
+- Treat database-owned C# code modules as the later `RunCode` target.
+- Preserve the existing saved form wire shape by storing action and expression
+  settings in metadata/property bags.
+
+Implementation note: Admin Forms formulas now include the expression functions
+listed below as built-ins. Macro/action commands remain roadmap items unless
+already covered by the existing form action model.
+
+## Included Expression Functions
+
+### Null and Conditional
+
+These should be first because they appear constantly in form defaults,
+calculated controls, validation messages, and visibility/enabled rules.
+
+| Function | Purpose | Priority |
+| --- | --- | --- |
+| `Nz(value, fallback)` | Replace null/empty values with a fallback. | V1 |
+| `IsNull(value)` | Test for null. | V1 |
+| `IsEmpty(value)` | Test for empty/unset values where applicable. | V1 |
+| `IIf(condition, trueValue, falseValue)` | Inline conditional. | V1 |
+| `Switch(condition1, value1, ...)` | Multi-branch conditional. | V2 |
+| `Choose(index, value1, value2, ...)` | Pick from positional values. | V2 |
+
+### Text
+
+| Function | Purpose | Priority |
+| --- | --- | --- |
+| `Len(value)` | Text length. | V1 |
+| `Left(value, count)` | Left substring. | V1 |
+| `Right(value, count)` | Right substring. | V1 |
+| `Mid(value, start, count)` | Middle substring. | V1 |
+| `Trim(value)` | Trim both ends. | V1 |
+| `LTrim(value)` | Trim left. | V2 |
+| `RTrim(value)` | Trim right. | V2 |
+| `UCase(value)` | Uppercase text. | V1 |
+| `LCase(value)` | Lowercase text. | V1 |
+| `InStr(value, search)` | Find substring position. | V1 |
+| `Replace(value, search, replacement)` | Replace text. | V1 |
+| `StrComp(left, right, comparison)` | Compare strings. | V2 |
+| `Val(value)` | Parse leading numeric text. | V2 |
+
+### Date and Time
+
+| Function | Purpose | Priority |
+| --- | --- | --- |
+| `Date()` | Current date. | V1 |
+| `Time()` | Current time. | V1 |
+| `Now()` | Current date/time. | V1 |
+| `Year(value)` | Extract year. | V1 |
+| `Month(value)` | Extract month number. | V1 |
+| `Day(value)` | Extract day of month. | V1 |
+| `Hour(value)` | Extract hour. | V2 |
+| `Minute(value)` | Extract minute. | V2 |
+| `Second(value)` | Extract second. | V2 |
+| `DateAdd(interval, amount, value)` | Add date/time interval. | V1 |
+| `DateDiff(interval, start, end)` | Difference between dates. | V1 |
+| `DatePart(interval, value)` | Extract date/time part. | V2 |
+| `DateSerial(year, month, day)` | Construct date. | V2 |
+| `TimeSerial(hour, minute, second)` | Construct time. | V2 |
+| `Weekday(value)` | Day of week number. | V2 |
+| `MonthName(month)` | Month display name. | V2 |
+
+### Number and Conversion
+
+| Function | Purpose | Priority |
+| --- | --- | --- |
+| `Abs(value)` | Absolute value. | V1 |
+| `Round(value, digits)` | Round number. | V1 |
+| `Int(value)` | Floor-like integer conversion. | V1 |
+| `Fix(value)` | Truncate toward zero. | V2 |
+| `Sgn(value)` | Sign of number. | V2 |
+| `CStr(value)` | Convert to string. | V1 |
+| `CInt(value)` | Convert to integer. | V1 |
+| `CLng(value)` | Convert to long integer. | V2 |
+| `CDbl(value)` | Convert to double. | V1 |
+| `CBool(value)` | Convert to boolean. | V1 |
+| `CDate(value)` | Convert to date/time. | V1 |
+| `Format(value, format)` | Format date/number/text. | V2 |
+
+### Domain Aggregates
+
+Domain aggregate functions are important for Access familiarity, but they need a
+careful implementation because they read other rows/tables during form
+evaluation.
+
+| Function | Purpose | Priority |
+| --- | --- | --- |
+| `DLookup(expr, domain, criteria)` | Read one value from a table/query. | V2 |
+| `DCount(expr, domain, criteria)` | Count matching rows. | V2 |
+| `DSum(expr, domain, criteria)` | Sum matching rows. | V2 |
+| `DAvg(expr, domain, criteria)` | Average matching rows. | V2 |
+| `DMin(expr, domain, criteria)` | Minimum matching value. | V2 |
+| `DMax(expr, domain, criteria)` | Maximum matching value. | V2 |
+
+V2 should enforce query/table access through the same callback and diagnostics
+boundary used for trusted extensions where relevant. These functions should also
+have row limits and clear error handling so formula evaluation cannot become an
+unbounded database workload.
+
+## Included Macro and Action Commands
+
+### Record Actions
+
+These map cleanly to existing form runtime behavior and should remain
+declarative actions rather than host callbacks.
+
+| Action | Purpose | Priority |
+| --- | --- | --- |
+| `NewRecord` | Start a new record. | V1 |
+| `SaveRecord` | Save the current record. | V1 |
+| `DeleteRecord` | Delete the current record. | V1 |
+| `UndoRecord` | Revert unsaved edits. | V1 |
+| `RefreshRecord` | Reload the current record. | V1 |
+| `Requery` | Reload the form record source. | V1 |
+| `GoToRecord` | Navigate to a specific record. | V1 |
+| `FindRecord` | Search/navigate by criteria. | V2 |
+| `NextRecord` | Navigate forward. | V1 |
+| `PreviousRecord` | Navigate backward. | V1 |
+
+### Form, Window, and Report Actions
+
+| Action | Purpose | Priority |
+| --- | --- | --- |
+| `OpenForm` | Open another saved form. | V1 |
+| `CloseForm` | Close current or named form. | V1 |
+| `OpenReport` | Open a saved report. | V2 |
+| `CloseReport` | Close a report surface. | V2 |
+| `PreviewReport` | Open report preview. | V2 |
+| `PrintReport` | Print or export through report pipeline. | V2 |
+
+### Filter and Sort Actions
+
+| Action | Purpose | Priority |
+| --- | --- | --- |
+| `ApplyFilter` | Apply a form filter. | V1 |
+| `ClearFilter` | Clear current filter. | V1 |
+| `SetOrderBy` | Apply sort order. | V1 |
+| `ClearOrderBy` | Clear sort order. | V1 |
+| `SearchRecords` | Search over configured searchable fields. | V2 |
+
+### UI and Control Actions
+
+These are needed for Access-style command buttons and conditional workflows.
+
+| Action | Purpose | Priority |
+| --- | --- | --- |
+| `SetValue` | Set a field/control value. | V1 |
+| `SetProperty` | Set visible/enabled/read-only/text/style properties. | V1 |
+| `SetFocus` | Move focus to a control. | V1 |
+| `EnableControl` | Set enabled state. | V1 |
+| `DisableControl` | Clear enabled state. | V1 |
+| `ShowControl` | Set visible state. | V1 |
+| `HideControl` | Clear visible state. | V1 |
+| `LockControl` | Set read-only state. | V1 |
+| `UnlockControl` | Clear read-only state. | V1 |
+| `MsgBox` | Show a message dialog. | V1 |
+| `InputBox` | Prompt for a value. | V2 |
+
+### Flow Actions
+
+| Action | Purpose | Priority |
+| --- | --- | --- |
+| `If` / `Else` | Conditional action branching. | V1 |
+| `StopMacro` | Stop the current action sequence. | V1 |
+| `RunMacro` | Run a named action sequence. | V1 |
+| `RunActionSequence` | Existing explicit reusable sequence action. | V1 |
+| `OnError` | Configure failure handling. | V2 |
+
+### Data and Query Actions
+
+These must be gated carefully because they can mutate data outside the current
+form record.
+
+| Action | Purpose | Priority |
+| --- | --- | --- |
+| `OpenQuery` | Open a saved query result. | V2 |
+| `RunQuery` | Execute a saved query. | V2 trusted |
+| `RunProcedure` | Execute a saved procedure. | V2 trusted |
+| `RunSQL` | Execute SQL text. | Later trusted |
+| `ExportData` | Export records. | Later trusted |
+| `ImportData` | Import records. | Later trusted |
+
+### Code Bridge Actions
+
+| Action | Purpose | Priority |
+| --- | --- | --- |
+| `RunCommand` | Invoke host-registered trusted command callback. | Existing |
+| `RunCode` | Invoke database-owned C# code module function. | Later |
+
+`RunCode` should wait for the database code modules work. It should compile and
+execute database-owned C# through a trusted build/runtime model, not arbitrary
+source text embedded directly inside form JSON.
+
+### Temp and Session Variables
+
+| Action | Purpose | Priority |
+| --- | --- | --- |
+| `SetTempVar` | Store a session-scoped value. | V2 |
+| `RemoveTempVar` | Remove one session value. | V2 |
+| `RemoveAllTempVars` | Clear session values. | V2 |
+
+Temp variables should be scoped to the current user/session and be available to
+form expressions, filters, and action sequences.
+
+## Recommended Implementation Order
+
+1. Add core formula functions: `Nz`, `IIf`, `Date`, `Now`, common text helpers,
+   numeric helpers, and conversions.
+2. Add declarative form actions: `MsgBox`, `SetValue`, `SetProperty`,
+   `SetFocus`, `ApplyFilter`, `ClearFilter`, `Requery`, `OpenForm`, and
+   `CloseForm`.
+3. Add domain aggregates with clear access checks, row limits, and diagnostics.
+4. Add temp/session variables and make them visible to expressions and actions.
+5. Add `RunCode` after database code modules exist.
+6. Add import/export/file/app-launch style actions only as trusted operations.
+
+## Notes on Access Compatibility
+
+Microsoft Access exposes many functions and macro commands. CSharpDB should use
+the familiar names where it makes sense, but implementation should follow the
+CSharpDB security and diagnostics model. Anything that can call host code,
+modify unrelated data, access files, or run arbitrary SQL should go through an
+explicit trusted boundary.
+
+Useful Microsoft references:
+
+- [Access functions by category](https://support.microsoft.com/en-us/office/access-functions-by-category-b8b136c3-2716-4d39-94a2-658ce330ed83)
+- [Introduction to macros](https://support.microsoft.com/en-gb/office/introduction-to-macros-a39c2a26-e745-4957-8d06-89e0b435aac3)
+- [Access macro commands](https://learn.microsoft.com/en-ie/office/client-developer/access/desktop-database-reference/macro-commands)
diff --git a/docs/admin-forms-access-parity/form-control-extensibility.md b/docs/admin-forms-access-parity/form-control-extensibility.md
new file mode 100644
index 00000000..178bea87
--- /dev/null
+++ b/docs/admin-forms-access-parity/form-control-extensibility.md
@@ -0,0 +1,154 @@
+# Form Control Extensibility
+
+Admin Forms controls are persisted as `ControlDefinition.ControlType` plus a
+free-form `PropertyBag`. The extensibility registry turns that existing wire
+shape into a developer API: a host can add designer toolbox entries, placement
+defaults, property editing, designer previews, and runtime rendering without
+changing saved form JSON.
+
+## Registration
+
+Register built-ins with `AddCSharpDbAdminForms()`, then add custom controls with
+`AddCSharpDbAdminFormControls(...)`:
+
+```csharp
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+
+builder.Services.AddCSharpDbAdminForms();
+builder.Services.AddCSharpDbAdminFormControls(controls =>
+{
+    controls.Add(new FormControlDescriptor
+    {
+        ControlType = "rating",
+        DisplayName = "Rating",
+        ToolboxGroup = "Custom",
+        IconText = "*",
+        DefaultWidth = 220,
+        DefaultHeight = 48,
+        SupportsBinding = true,
+        ParticipatesInTabOrder = true,
+        DefaultProps = new Dictionary<string, object?>
+        {
+            ["max"] = 5,
+            ["displayMode"] = "buttons",
+        },
+        DesignerPreviewComponentType = typeof(RatingDesignerPreview),
+        RuntimeComponentType = typeof(RatingRuntimeControl),
+        PropertyEditorComponentType = typeof(RatingPropertyEditor),
+    });
+});
+```
+
+The same registration must exist anywhere the form is designed or rendered.
+Unknown control types are preserved in form metadata and render as placeholders.
+
+## Descriptor Fields
+
+`FormControlDescriptor` defines the designer and runtime contract:
+
+- `ControlType`: persisted control type string.
+- `DisplayName`, `ToolboxGroup`, `IconText`, `Description`: toolbox and labels.
+- `DefaultWidth`, `DefaultHeight`, `DefaultProps`: new-control placement.
+- `SupportsBinding`: whether placement and the inspector create a field binding.
+- `ParticipatesInTabOrder`: whether the control joins tab-order editing.
+- `PropertyDescriptors`: generic property fields for simple custom props.
+- `DesignerPreviewComponentType`: optional Blazor preview component.
+- `RuntimeComponentType`: optional Blazor data-entry component.
+- `PropertyEditorComponentType`: optional custom property editor.
+- `ReplaceBuiltInRuntime`: lets a host explicitly replace a built-in runtime
+  renderer while keeping the built-in designer metadata.
+
+Duplicate custom control types fail when the registry is resolved. Built-in
+runtime replacement also fails unless `ReplaceBuiltInRuntime = true`.
+
+## Component Contexts
+
+Custom components receive a single `Context` parameter.
+
+Designer previews use `FormControlDesignContext`:
+
+```csharp
+[Parameter, EditorRequired]
+public FormControlDesignContext Context { get; set; } = default!;
+```
+
+Runtime controls use `FormControlRuntimeContext`:
+
+```csharp
+[Parameter, EditorRequired]
+public FormControlRuntimeContext Context { get; set; } = default!;
+```
+
+The runtime context includes the form, control metadata, current record, bound
+field/value, resolved choices, enabled/read-only state, validation error,
+tab-index, `SetValueAsync`, and `DispatchEventAsync`.
+
+Custom property editors use `FormControlPropertyContext`:
+
+```csharp
+[Parameter, EditorRequired]
+public FormControlPropertyContext Context { get; set; } = default!;
+```
+
+Use `Context.SetPropertyAsync(name, value)` to write into the control
+`PropertyBag`.
+
+## Generic Property Schema
+
+For simple controls, skip a custom property editor and define
+`PropertyDescriptors`:
+
+```csharp
+PropertyDescriptors =
+[
+    new FormControlPropertyDescriptor
+    {
+        Name = "max",
+        Label = "Maximum Rating",
+        Editor = FormControlPropertyEditor.Number,
+        DefaultValue = 5,
+        HelpText = "Allowed values are 1 through 10.",
+    },
+    new FormControlPropertyDescriptor
+    {
+        Name = "displayMode",
+        Label = "Display Mode",
+        Editor = FormControlPropertyEditor.Select,
+        Options =
+        [
+            new FormControlPropertyOption("buttons", "Buttons"),
+            new FormControlPropertyOption("compact", "Compact"),
+        ],
+    },
+];
+```
+
+Generic editors support `Text`, `TextArea`, `Number`, `Checkbox`, and `Select`.
+
+## Sample Rating Control
+
+The Admin host includes a compiled sample custom control at:
+
+- `src/CSharpDB.Admin/Components/Samples/FormControls/RatingDesignerPreview.razor`
+- `src/CSharpDB.Admin/Components/Samples/FormControls/RatingRuntimeControl.razor`
+- `src/CSharpDB.Admin/Components/Samples/FormControls/RatingPropertyEditor.razor`
+- `src/CSharpDB.Admin/Components/Samples/FormControls/SampleRatingControlRegistration.cs`
+
+It is disabled by default. Enable it for local testing with:
+
+```powershell
+$env:AdminForms__EnableSampleControls = 'true'
+dotnet run --project src\CSharpDB.Admin --urls http://127.0.0.1:61818
+```
+
+The sample registers `sampleRating` under the `Custom` toolbox group. It binds to
+a scalar field, writes the selected numeric rating through `SetValueAsync`, and
+dispatches click events with runtime arguments.
+
+## Current Limits
+
+V1 custom controls are leaf controls. They can be placed inside existing
+`tabControl` pages, but custom containers do not own or render child controls
+yet. Custom components must be compiled into the host app or referenced
+assemblies; form JSON never loads arbitrary component assemblies.
diff --git a/docs/admin-reports-access-parity/README.md b/docs/admin-reports-access-parity/README.md
index 1195d992..f03f1956 100644
--- a/docs/admin-reports-access-parity/README.md
+++ b/docs/admin-reports-access-parity/README.md
@@ -23,6 +23,8 @@ The current reports surface already includes:
 - preview pagination with page headers and footers
 - print support through the browser
 - schema-drift warnings
+- trusted command-backed preview lifecycle events for `OnOpen`,
+  `BeforeRender`, and `AfterRender`
 
 ## Added Review Findings
 
@@ -120,7 +122,7 @@ Expected fix:
 
 | Feature | Status | Notes |
 | --- | --- | --- |
-| Email/report delivery | Planned | Export and attach reports, with host-provided delivery hooks. |
+| Email/report delivery | Planned | Export and attach reports; trusted `AfterRender` commands provide an initial host callback but not a full delivery pipeline. |
 | Scheduled reports | Research | Run recurring reports and store generated artifacts. |
 | Report artifact history | Research | Store generated report snapshots for auditing and re-download. |
 | Large-report cancellation | Planned | Add cancellation/progress for long render/export jobs. |
diff --git a/docs/api-sharding.md b/docs/api-sharding.md
new file mode 100644
index 00000000..11bf2a06
--- /dev/null
+++ b/docs/api-sharding.md
@@ -0,0 +1,190 @@
+# API-Level Sharding Plan
+
+This is a research and design proposal. API-level sharding is not a shipped
+CSharpDB feature today.
+
+## Goal
+
+The first target for sharding is write throughput. CSharpDB's durable commit
+path is isolated to a database file and its WAL, so multiple independent
+database files can spread write pressure across separate commit paths while the
+API decides where each request belongs.
+
+The recommended v1 shape is a routing layer above the existing client and
+daemon surfaces, not a distributed pager or storage-engine rewrite.
+
+## Recommended V1 Design
+
+- Run one warm `ICSharpDbClient` per shard.
+- Treat each shard as a normal CSharpDB database file with its own `.db` file,
+  WAL, checkpoints, maintenance lifecycle, and storage options.
+- Add a shard catalog that maps a stable shard key such as `tenantId` or
+  `accountId` to a shard identity and database path or endpoint.
+- Require a shard key for writes and point reads.
+- Keep write transactions scoped to one shard.
+- Do not support cross-shard transactions in v1.
+- Add read-only fan-out later for admin, diagnostics, and reporting workloads
+  that explicitly need all shards.
+
+Conceptually:
+
+```text
+HTTP/gRPC/API request
+        |
+        v
+Shard key extraction
+        |
+        v
+IShardRouter
+        |
+        +--> shard-a.db / ICSharpDbClient
+        +--> shard-b.db / ICSharpDbClient
+        +--> shard-c.db / ICSharpDbClient
+```
+
+## Proposed Interfaces
+
+These names describe the intended public shape. They are not implemented yet.
+
+```csharp
+public interface IShardRouter
+{
+    ValueTask<ShardRoute> ResolveAsync(
+        string shardKey,
+        CancellationToken cancellationToken = default);
+}
+
+public sealed record ShardRoute(
+    string ShardId,
+    string DataSource,
+    ICSharpDbClient Client);
+
+public interface IShardedCSharpDbClient
+{
+    ValueTask<ICSharpDbClient> GetClientAsync(
+        string shardKey,
+        CancellationToken cancellationToken = default);
+}
+```
+
+Two request shapes are worth considering:
+
+- Header-based routing: `X-CSharpDB-Shard-Key: tenant-0042`
+- Route-based routing: `/api/{tenantId}/tables/...`
+
+Header-based routing preserves the existing URL layout. Route-based routing is
+more visible and easier to test manually. Either way, the API should fail fast
+when a sharded operation does not include a shard key.
+
+## Shard Key Guidance
+
+Choose the shard key before implementation. Changing it later usually requires
+moving most or all data.
+
+Good shard keys are:
+
+- Stable and immutable.
+- High-cardinality, such as tenant, account, organization, or workspace IDs.
+- Present on the dominant write and point-read requests.
+- Shared by related tables and collections so normal application workflows stay
+  on a single shard.
+
+Avoid shard keys that are:
+
+- Auto-incrementing IDs.
+- Sequential timestamps.
+- Booleans or low-cardinality enums.
+- Values users commonly edit.
+- Attributes that do not appear in normal request filters.
+
+For multitenant data, prefer colocating related tenant data in the same shard.
+That means tenant-owned tables and collections should include the tenant key,
+and API calls should route by that same key.
+
+## Query And Transaction Rules
+
+V1 should make single-shard behavior explicit:
+
+- `INSERT`, `UPDATE`, `DELETE`, document writes, point reads, and explicit
+  transactions require one shard key and execute on one shard.
+- Raw SQL execution requires a shard key unless the endpoint is explicitly
+  marked as an all-shards read-only operation.
+- Cross-shard joins are out of scope for v1.
+- Cross-shard transactions are out of scope for v1.
+- Global reads should use an explicit fan-out API that returns per-shard
+  results and partial-failure metadata.
+
+This keeps the write-throughput feature honest: each shard can commit
+independently without a distributed transaction coordinator.
+
+## Shard Catalog
+
+Start with a small catalog that can be loaded at daemon/API startup:
+
+```json
+{
+  "strategy": "lookup",
+  "shards": [
+    { "id": "shard-a", "dataSource": "data/shard-a.db" },
+    { "id": "shard-b", "dataSource": "data/shard-b.db" }
+  ],
+  "routes": [
+    { "key": "tenant-0001", "shardId": "shard-a" },
+    { "key": "tenant-0002", "shardId": "shard-b" }
+  ]
+}
+```
+
+A lookup strategy is the best first step because it supports deliberate tenant
+placement and later tenant movement. A later version can introduce virtual
+shards:
+
+```text
+tenantId -> virtual shard -> physical shard
+```
+
+Virtual shards make rebalancing less disruptive because a new physical shard can
+take ownership of some virtual shards without changing application routing code.
+
+## Operations
+
+Sharding multiplies operational work. Each operation should report per-shard
+status instead of hiding failures behind one aggregate result.
+
+- Backup: back up every shard independently and record the shard id, database
+  path, timestamp, and result.
+- Restore: restore one shard at a time unless an explicit all-shards restore
+  workflow is added.
+- Reindex, vacuum, checkpoint, and inspect: support one shard or all shards with
+  per-shard output.
+- Schema changes: apply DDL to all shards through an orchestrated migration
+  command and capture success/failure per shard.
+- Monitoring: aggregate size, WAL, checkpoint, error, latency, and throughput
+  metrics by shard.
+- Rebalancing: move one tenant or virtual shard at a time, block or redirect
+  writes during the move, validate row/document counts, update the catalog, and
+  refresh router caches.
+
+## Open Questions
+
+- Should the first catalog live in JSON configuration, a control CSharpDB
+  database, or both?
+- Should API routing prefer headers, route prefixes, or support both?
+- Should raw SQL require a shard key only, or should the API also validate that
+  the SQL filters by the shard key?
+- Should fan-out reads return one combined result set, per-shard result sets, or
+  both?
+- How should Admin UI expose shard selection and all-shards maintenance tasks?
+
+## Suggested Rollout
+
+1. Add configuration models for shard definitions and routing strategy.
+2. Add an `IShardRouter` implementation backed by the configured catalog.
+3. Add a sharded client wrapper that opens and owns one warm `ICSharpDbClient`
+   per shard.
+4. Add shard-key extraction to API/daemon endpoints for writes and point reads.
+5. Add one-shard maintenance operations, then all-shards maintenance with
+   per-shard results.
+6. Add benchmarks comparing one database file versus multiple routed shards for
+   independent tenant write workloads.
+
diff --git a/docs/configuration.md b/docs/configuration.md
index c0c40866..64f77182 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -45,6 +45,7 @@ await using var db = await Database.OpenHybridAsync("mydata.db",
 ```
 DatabaseOptions
 ├── ImplicitInsertExecutionMode
+├── Functions
 ├── StorageEngineOptions
 │   ├── DurabilityMode
 │   ├── DurableGroupCommit
@@ -86,6 +87,7 @@ Top-level database composition and execution-shape configuration.
 | Option | Type | Default | Description |
 |--------|------|---------|-------------|
 | `ImplicitInsertExecutionMode` | `ImplicitInsertExecutionMode` | `Serialized` | Controls whether shared auto-commit `INSERT` statements stay behind the legacy database write gate or run as isolated `WriteTransaction` commits. This does not disable the explicit multi-writer `WriteTransaction` APIs. |
+| `Functions` | `DbFunctionRegistry` | `DbFunctionRegistry.Empty` | Trusted in-process scalar functions available to SQL and embedded expression surfaces. See [Trusted C# Scalar Functions](trusted-csharp-functions/README.md). |
 | `StorageEngineOptions` | `StorageEngineOptions` | default instance | Storage engine durability, pager, WAL, and checkpoint settings |
 | `StorageEngineFactory` | `IStorageEngineFactory` | `DefaultStorageEngineFactory` | Factory used to compose the backing storage engine |
 
diff --git a/docs/query-and-durable-write-performance/README.md b/docs/query-and-durable-write-performance/README.md
index 2f35ce79..5f14e77c 100644
--- a/docs/query-and-durable-write-performance/README.md
+++ b/docs/query-and-durable-write-performance/README.md
@@ -42,7 +42,7 @@ This note tracks the combined optimizer phase-2 and durable-write completion wor
 - The remaining phase-4 write-path question is now narrower than "shared auto-commit in general":
   - non-insert shared auto-commit fan-in is working
   - hot insert auto-commit still needs a dedicated design decision if we want it to coalesce without reopening structural conflict costs
-- Async I/O batching still has room for more auditing outside the WAL hot path, but the main write-path batching pieces are already in place.
+- Async I/O batching still has room for more auditing outside the WAL hot path, but the main write-path batching pieces are already in place. See [Async I/O Batching Follow-Up](async-io-batching-follow-up.md).
 
 ## Phase 4 Status
 
diff --git a/docs/query-and-durable-write-performance/async-io-batching-follow-up.md b/docs/query-and-durable-write-performance/async-io-batching-follow-up.md
new file mode 100644
index 00000000..65c104bb
--- /dev/null
+++ b/docs/query-and-durable-write-performance/async-io-batching-follow-up.md
@@ -0,0 +1,51 @@
+# Async I/O Batching Follow-Up
+
+This note captures the remaining work behind the roadmap item currently marked
+`In Progress`.
+
+## Current Shipped State
+
+The hot storage write path already has the main batching pieces in place:
+
+- WAL commits can append dirty pages through `AppendFramesAndCommitAsync(...)`.
+- Repeated `AppendFrameAsync(...)` calls inside a transaction are staged and emitted as chunked WAL writes during `CommitAsync(...)`.
+- Checkpoint copying batches contiguous page writes back into the main database file.
+- `SaveToFileAsync(...)` and backup-style snapshot copies use `StorageDeviceCopyBatcher`.
+- Vacuum and foreign-key migration rewrites share `BTreeCopyUtility` instead of each owning a separate row-copy loop.
+
+## Remaining Work
+
+The remaining work is an audit and measurement pass, not a missing core WAL batching primitive.
+
+1. Audit non-hot rewrite/export paths:
+   - Backup and restore: `DatabaseBackupCoordinator`, `Database.SaveToFileAsync(...)`, `Pager.SaveToFileAsync(...)`.
+   - Vacuum: `DatabaseMaintenanceCoordinator.CopyDatabaseAsync(...)`.
+   - Foreign-key migration rewrites: `DatabaseForeignKeyMigrationCoordinator.ApplyPlanAsync(...)`.
+   - Storage diagnostics and inspectors: `WalInspector`, `InspectorEngine`, and large sequential read paths.
+   - Admin/UI export helpers only if they prove relevant to large database-file movement.
+
+2. Decide whether `BTreeCopyUtility` should stay a logical row-copy helper or grow batching behavior:
+   - Current behavior is cursor-read plus per-row `InsertAsync(...)`.
+   - Possible follow-up: add row/page-local batching, reusable buffers, or progress hooks.
+   - Avoid direct B-tree page copying unless catalog, root-page, schema, freelist, row-count, and index invariants are explicitly preserved.
+
+3. Add benchmark/diagnostic coverage before optimizing further:
+   - Large backup snapshot.
+   - Large restore staging.
+   - Large vacuum rewrite.
+   - Large foreign-key migration rewrite.
+   - Inspector/diagnostic scans over large DB/WAL files.
+
+4. Define completion criteria:
+   - The audit identifies every large sequential file-copy and logical table-copy path.
+   - Each path is classified as already batched, intentionally unbatched, or worth optimizing.
+   - Any optimized path has before/after timings and no crash-recovery or integrity regression.
+
+## Non-Goals
+
+These are separate from this follow-up:
+
+- Durable group commit policy changes.
+- Hot single-row insert fan-in.
+- Public histogram/planner inspection.
+- Query row-batch execution kernel specialization.
diff --git a/docs/releases/v3.6.0-pr-notes.md b/docs/releases/v3.6.0-pr-notes.md
new file mode 100644
index 00000000..c2e71fca
--- /dev/null
+++ b/docs/releases/v3.6.0-pr-notes.md
@@ -0,0 +1,125 @@
+## Summary
+
+This `v3.6.0` release adds trusted in-process C# callbacks across the main
+CSharpDB expression and automation surfaces, then rounds that work out with
+tableless scalar `SELECT` support, built-in scalar functions, callback catalog
+metadata, and Admin discovery/autocomplete polish.
+
+Host applications can now register trusted scalar functions and commands in
+ordinary C# code. SQL, triggers, procedures, Admin Forms formulas, Admin
+Reports calculated expressions, and pipeline expressions can call registered
+scalar functions. Admin Forms, Admin Reports, and pipelines can also dispatch
+trusted host commands from supported event and hook surfaces without storing C#
+source in database metadata.
+
+The release also adds declarative Admin Forms action sequences, command buttons,
+selected-control events, reusable named actions, Access-style formula helpers,
+and generated automation metadata so portable forms/reports/packages can
+declare which host callbacks they expect.
+
+The final stabilization pass adds `SELECT ...` without `FROM`, built-in scalar
+function evaluation for common text/date/number/null helpers, a
+`CanRunWithoutFrom` callback metadata flag, SQL editor completion for built-ins
+and tableless-safe callbacks, an Internal/External callback catalog split, and
+Admin artifact cleanup so stale generated snapshots do not slow local builds.
+
+## Type of Change
+
+- [x] Bug fix
+- [x] New feature
+- [ ] Breaking change
+- [x] Documentation update
+- [x] Refactor / maintenance
+- [ ] Tests only
+
+## Related Issues
+
+No issue numbers were linked for this release branch. Included work:
+
+- Added trusted scalar function registration through `DbFunctionRegistry` and
+  `DatabaseOptions.Functions`.
+- Added trusted command registration through `DbCommandRegistry`, async command
+  support, command timeouts, and shared command argument conversion.
+- Added Admin Forms form lifecycle events, selected-control events, command
+  buttons, reusable action sequences, built-in record actions, and conditional
+  action steps.
+- Added Admin Reports preview lifecycle command events.
+- Added pipeline run hooks for trusted host commands.
+- Added generated automation metadata for Forms, Reports, and pipeline packages.
+- Added the trusted C# host sample for local callback development and debugging.
+- Added tableless `SELECT` support through a single-row planner source.
+- Added built-in scalar functions and SQL/Admin Forms formula coverage for
+  common Access-style text, date/time, numeric, conversion, and null helpers.
+- Added `CanRunWithoutFrom` metadata for scalar callbacks and used it for SQL
+  editor discovery/autocomplete.
+- Split the Admin callback catalog into Internal and External scopes.
+- Added Admin artifact cleanup through MSBuild and the direct Admin launcher.
+- Added async I/O batching follow-up documentation for the remaining non-hot
+  export/rewrite-path audit.
+
+## Testing
+
+- [x] `dotnet build CSharpDB.slnx`
+- [x] Relevant tests executed
+- [x] Failure-path tests executed (if applicable: cancellation, invalid/unsupported inputs, non-`DbException` paths)
+- [x] Manual verification performed (if applicable)
+
+Validation performed:
+
+- `dotnet restore CSharpDB.slnx`
+- `.\scripts\Test-NoLegacyCoreReferences.ps1`
+  - Passed through the script's PowerShell fallback after the local packaged
+    `rg.exe` could not be launched normally in this desktop environment.
+- `dotnet build CSharpDB.slnx -c Release --no-restore`
+  - Passed with `0` warnings and `0` errors.
+- `dotnet test CSharpDB.slnx -c Release --no-build -m:1 -- RunConfiguration.DisableParallelization=true`
+  - Non-parallel unit test run passed with `1,663` tests.
+- Multiple debug non-parallel validation passes were run during the Forms,
+  Reports, pipeline, command timeout, built-in action, and conditional action
+  phases; the final pre-tableless pass reached `1,715` tests.
+- `dotnet pack` smoke for release workflow packages with `-p:Version=3.6.0`
+  produced `11` local packages.
+- `.\scripts\Publish-CSharpDbDaemonRelease.ps1 -Version 3.6.0 -Runtime win-x64 -OutputRoot artifacts\daemon-release-local`
+  produced `csharpdb-daemon-v3.6.0-win-x64.zip` and `SHA256SUMS.txt`.
+- Latest tableless/callback stabilization validation:
+  - `dotnet test .\CSharpDB.slnx -m:1 --no-restore -v:minimal /nr:false /p:UseSharedCompilation=false /p:TestTfmsInParallel=false -- RunConfiguration.DisableParallelization=true`
+  - Passed with `1,877` tests.
+
+Benchmark validation:
+
+- Same-machine affected benchmark comparison against the pre-feature HEAD
+  baseline showed no material regression in the main write/query guardrails.
+- The only notable row was the synthetic `BatchEvaluation` delegate
+  filter/projection case at `+10.53%`; its paired specialized path improved by
+  `-10.36%`, allocations were unchanged, and the affected guardrail suites were
+  otherwise neutral to improved.
+
+## Checklist
+
+- [x] I followed the project style and conventions.
+- [x] I added or updated tests for behavior changes.
+- [x] I covered both success and failure paths for changed behavior.
+- [x] I updated docs for user-facing changes.
+- [x] I verified no sensitive data was added.
+
+## Notes for Reviewers
+
+- The highest-risk runtime changes are in expression evaluation and planner
+  plumbing. Custom functions are intentionally kept off index-pushdown and
+  batch-fast-path planning assumptions in V1.
+- Remote hosts must register functions and commands in the daemon/API host
+  process. Direct clients can register callbacks locally, but delegates are
+  never serialized over HTTP or gRPC.
+- `SELECT ...` without `FROM` is represented internally as a single-row source.
+  This is intended for scalar expressions and callbacks that do not need row
+  context.
+- `CanRunWithoutFrom` is discovery metadata used by the Admin catalog and SQL
+  autocomplete. It does not yet act as a hard runtime denial gate for manually
+  typed tableless callback calls.
+- Admin Forms and Reports use the shared registries, but their formula and
+  automation surfaces remain intentionally narrower than a stored macro/code
+  system. Form/report/pipeline metadata stores names, arguments, and action
+  definitions, not executable C# source.
+- Built-in scalar functions now cover common helpers, but aggregate UDFs,
+  table-valued UDFs, native plugins, database-owned C# modules, and sandboxed
+  UDFs remain future work.
diff --git a/docs/roadmap.md b/docs/roadmap.md
index 084b48a2..6b95d87a 100644
--- a/docs/roadmap.md
+++ b/docs/roadmap.md
@@ -42,7 +42,7 @@ SQL feature parity, provider/tooling compatibility, and ecosystem expansion.
 
 | Feature | Description | Status |
 |---------|-------------|--------|
-| **User-defined functions** | Broader built-in scalar function registry (UPPER, ABS, COALESCE, etc.), user-registered C# functions, native plugin extensions | Planned |
+| **User-defined functions and commands** | Trusted in-process C# scalar functions are implemented for SQL, triggers/procedures, direct clients, Admin Forms/Reports, and pipelines; trusted commands now back Admin Forms lifecycle events, command-button clicks, selected control events, Admin Reports render lifecycle events, and pipeline run hooks; Admin Forms now have declarative action sequences for run-command, set-field, show-message, and stop steps. Broader built-in scalar functions, native plugin extensions, aggregate/table-valued UDFs, richer macro flow, additional Access-style control events, and sandboxed UDFs remain future work | Partial |
 | **Subqueries** | Scalar subqueries, `IN (SELECT ...)`, `EXISTS (SELECT ...)`, including correlated evaluation in `WHERE`, non-aggregate projection, and `UPDATE`/`DELETE` expressions | Done |
 | **`UNION` / `INTERSECT` / `EXCEPT`** | Set operations across SELECT results, including use in top-level queries, views, and CTE query bodies | Done |
 | **Window functions** | `ROW_NUMBER()`, `RANK()`, `DENSE_RANK()`, `LEAD()`, `LAG()` | Planned |
@@ -56,8 +56,8 @@ SQL feature parity, provider/tooling compatibility, and ecosystem expansion.
 | **NuGet package** | Publish and maintain `CSharpDB.Engine`, `CSharpDB.Data`, `CSharpDB.Client`, and `CSharpDB.Primitives` as the primary NuGet packages | Done |
 | **Connection pooling** | Pool underlying direct embedded sessions behind `CSharpDbConnection` to amortize open/close cost | Done |
 | **Admin dashboard improvements** | Richer SQL editor UX, query history, deeper diagnostics, and integrated Forms/Reports tooling beyond the core schema/procedure/storage surface | Done |
-| **Admin Forms Access parity** | Close the highest-impact Access-style form gaps: runtime responsive layouts, full inferred validation enforcement, richer record-source/filter/sort models, Layout View, form modes, command/action events, and broader control coverage | Planned |
-| **Admin Reports Access parity** | Close the highest-impact Access-style report gaps: bounded saved-query previews, full report rendering/export, parameter/filter prompts, richer grouping/totals options, Layout View, conditional formatting, subreports, and broader report controls | Planned |
+| **Admin Forms Access parity** | Close the highest-impact Access-style form gaps: runtime responsive layouts, full inferred validation enforcement, richer record-source/filter/sort models, Layout View, form modes, broader action/event coverage, and broader control coverage; trusted command-backed form lifecycle events, command buttons, and selected control events are now started | Partial |
+| **Admin Reports Access parity** | Close the highest-impact Access-style report gaps: bounded saved-query previews, full report rendering/export, parameter/filter prompts, richer grouping/totals options, Layout View, conditional formatting, subreports, and broader report controls; trusted command-backed report preview lifecycle events are now started | Partial |
 | **Visual query designer** | Classic Admin query builder with source canvas, join editing, design grid, SQL preview, and saved designer layouts | Done |
 | **ETL pipelines** | Built-in package-driven pipeline runtime with validation, dry-run, execute/resume flows, API/CLI/client coverage, run history, and Admin visual designer support | Done |
 | **VS Code extension** | Schema explorer, SQL editor with IntelliSense, data browser, table designer, storage diagnostics | Done |
@@ -85,6 +85,7 @@ Advanced features and fundamental architecture enhancements.
 | **Group commit / deferred WAL flush** | Done in `v2.9.0`: opt-in `UseDurableCommitBatchWindow(...)` batches durable WAL flushes across contending in-process transactions and remains an expert measure-first knob rather than default behavior | Done |
 | **Initial multi-writer support** | Explicit `WriteTransaction` conflict-detected retry flow, shared auto-commit non-insert isolation, and opt-in `ConcurrentWriteTransactions` for shared implicit inserts | Done |
 | **Broader multi-writer insert optimization** | Improve hot insert fan-in, row-id reservation, and other high-contention patterns beyond the current initial multi-writer path | Research |
+| **API-level sharding** | Route API/daemon requests across multiple warm CSharpDB database files so independent tenants or shard keys can use separate WAL and commit paths, with v1 focused on single-shard writes and point reads | Research |
 | **Replication / change feed** | Stream committed changes for read replicas or event-driven architectures | Research |
 | **WebAssembly sandboxed UDFs** | Execute untrusted user-submitted functions in a WASM sandbox with resource limits (fuel, memory caps) via Wasmtime | Research |
 
@@ -96,7 +97,7 @@ These are known simplifications in the current implementation:
 
 | Area | Limitation |
 |------|-----------|
-| **Functions** | Very limited scalar function surface today: built-in `TEXT(expr)` plus aggregate functions; no broader built-in function library or user-defined functions yet |
+| **Functions and automation** | Trusted in-process C# scalar functions are supported when registered by the host; Admin Forms, Admin Reports, and pipelines can invoke trusted host commands from supported event/hook surfaces; Admin Forms support declarative action sequences for run-command, set-field, show-message, and stop steps. Broader built-in scalar functions, aggregate/table-valued UDFs, stored C# modules, remote delegate serialization, additional Access-style control events, richer macro flow, and sandboxed UDFs are not implemented |
 | **Query** | Scalar/`IN`/`EXISTS` subqueries are supported, including correlated cases in `WHERE`, non-aggregate projection, and `UPDATE`/`DELETE` expressions; correlated subqueries are not yet supported in `JOIN ON`, `GROUP BY`, `HAVING`, `ORDER BY`, or aggregate projections |
 | **Query** | `UNION`, `INTERSECT`, and `EXCEPT` are supported; `UNION ALL` is not implemented yet |
 | **Query** | No window functions |
@@ -106,8 +107,8 @@ These are known simplifications in the current implementation:
 | **Collections** | `FindByIndexAsync` supports declared field-equality lookups; `FindByPathAsync` and `FindByPathRangeAsync` support path-based queries on indexed paths; `FindAsync` remains a full scan for unindexed predicates |
 | **Networking** | `CSharpDB.Daemon` now hosts both REST and gRPC from one process; named pipes remain reserved but are not implemented end to end today |
 | **Security** | Remote HTTP and gRPC deployment still rely on external network controls or front-end TLS termination; built-in authentication, authorization, and TLS/mTLS support are still planned |
-| **Admin Forms** | The Forms designer/runtime supports the core generated-form and data-entry path, but still needs Access-parity work for responsive runtime rendering, complete inferred validation, richer form modes, command/action events, advanced filtering/sorting, and broader controls |
-| **Admin Reports** | The Reports designer/runtime supports the core banded preview path, but still needs Access-parity work for bounded saved-query previews, full report output/export, parameters, richer grouping and totals semantics, conditional formatting, subreports, and broader controls |
+| **Admin Forms** | The Forms designer/runtime supports the core generated-form and data-entry path plus initial trusted command-backed automation, including lifecycle events, command buttons, selected control events, and declarative action sequences, but still needs Access-parity work for responsive runtime rendering, complete inferred validation, richer form modes, broader built-in actions, additional events, advanced filtering/sorting, and broader controls |
+| **Admin Reports** | The Reports designer/runtime supports the core banded preview path plus trusted command-backed preview lifecycle events, but still needs Access-parity work for bounded saved-query previews, full report output/export, parameters, richer grouping and totals semantics, conditional formatting, subreports, and broader controls |
 | **Text / Multilingual** | Text is stored as UTF-8 and supports all Unicode languages; default semantics remain ordinal, but opt-in `BINARY`, `NOCASE`, `NOCASE_AI`, and `ICU:<locale>` collation are implemented for SQL and collection indexes. Dedicated ordered SQL text index optimization remains planned |
 | **Concurrency** | The physical WAL commit path is still serialized at the storage boundary. Initial multi-writer support is shipped, but observed gains still depend on conflict shape and whether shared auto-commit `INSERT` is left on the default serialized path |
 | **Storage** | No page-level compression |
@@ -182,6 +183,7 @@ Major features already implemented:
 - [Internals & Contributing](https://csharpdb.com/docs/internals.html) — How to extend the engine
 - [Deployment & Installation Plan](deployment/README.md) — Cross-platform distribution via dotnet tool, Docker, Homebrew, winget, and install scripts
 - [Multi-Writer Follow-Up Plan](multi-writer-follow-up-plan.md) — Post-initial multi-writer roadmap, insert-path gaps, and release criteria for broader completion
+- [API-Level Sharding Plan](api-sharding.md) — API/daemon-level routing across multiple database files for write-throughput scaling
 - [Query And Durable Write Performance Plan](query-and-durable-write-performance/README.md) — Combined optimizer phase-2 plus durable-write completion plan, shipped state, and remaining benchmark/future-work boundaries
 - [Multilingual Text Support Plan](https://csharpdb.com/docs/collation-support.html) — Build on existing Unicode text storage with case-insensitive matching, locale-aware sorting, and `COLLATE` clause support for queries and index definitions
 - [Database Encryption Plan](database-encryption/README.md) — Encrypted storage format, key management, migration, and managed-surface rollout
diff --git a/docs/sql-reference.md b/docs/sql-reference.md
index a18c8b28..e2bb355c 100644
--- a/docs/sql-reference.md
+++ b/docs/sql-reference.md
@@ -313,6 +313,11 @@ SELECT COUNT(DISTINCT status), AVG(age) FROM users;
 |----------|-----------|---------|-------------|
 | `TEXT(expr)` | 1 | TEXT | Converts any value to its text representation |
 
+Host applications can also register trusted in-process C# scalar functions and call
+them from SQL expression positions such as `SELECT`, `WHERE`, `ORDER BY`,
+`INSERT`, `UPDATE`, trigger bodies, and SQL procedure bodies. See
+[Trusted C# Scalar Functions](trusted-csharp-functions/README.md).
+
 ---
 
 ## Parameters
diff --git a/docs/trusted-csharp-functions/README.md b/docs/trusted-csharp-functions/README.md
new file mode 100644
index 00000000..d7df8bb6
--- /dev/null
+++ b/docs/trusted-csharp-functions/README.md
@@ -0,0 +1,1036 @@
+# Trusted C# Functions And Commands
+
+CSharpDB can call host-registered C# scalar functions from SQL and the embedded expression surfaces that sit on top of the engine. This is the CSharpDB equivalent of an Access-style application function integration: the application owns the C# code, registers it while opening or hosting the database, and users call the function by name in database expressions.
+
+This feature is intentionally trusted and in-process. It does not store C# source code in the database, sandbox user code, load plugin assemblies from database files, or serialize delegates over HTTP or gRPC.
+
+For an end-to-end app-builder walkthrough that combines Admin Forms, collections,
+macro actions, reports, trusted callbacks, and callback readiness, see the
+[Fulfillment Ops Admin Automation tutorial](../tutorials/fulfillment-ops-admin-automation.md).
+
+For Admin Forms save-time business validation, see
+[Trusted Validation Rules](validation-rules.md).
+
+---
+
+## Trusted Commands
+
+CSharpDB also supports trusted host-registered commands for application automation surfaces. Commands are different from scalar functions:
+
+- Scalar functions return a `DbValue` and can be used inside SQL or formulas.
+- Commands return a `DbCommandResult` and are invoked by host-driven events such as Admin Forms lifecycle events, Admin Reports render events, and pipeline run hooks.
+
+Commands are intended for Access-style application automation such as auditing, calling application services, sending notifications, refreshing derived state, coordinating UI workflows, or publishing operational run events. They are trusted in-process callbacks registered by the host application.
+
+```csharp
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
+
+builder.Services.AddCSharpDbAdminForms(commands =>
+{
+    commands.AddAsyncCommand(
+        "AuditCustomerChange",
+        new DbCommandOptions(
+            Description: "Writes an application audit entry.",
+            Timeout: TimeSpan.FromSeconds(10),
+            IsLongRunning: true),
+        static async (context, ct) =>
+        {
+            long customerId = context.Arguments["Id"].AsInteger;
+            string eventName = context.Metadata["event"];
+
+            await WriteAuditAsync(customerId, eventName, ct);
+            return DbCommandResult.Success();
+        });
+});
+```
+
+Command names are case-insensitive identifiers. Duplicate command names are rejected during registration.
+
+Use `AddCommand(...)` for synchronous or `ValueTask`-returning callbacks and
+`AddAsyncCommand(...)` for `Task<DbCommandResult>` callbacks. Every command
+receives a `CancellationToken`; host code should pass it to I/O calls and stop
+work when cancellation is requested.
+
+`DbCommandOptions.Timeout` is optional. When set, CSharpDB cancels the command
+token if the callback does not finish in time and reports a timeout through the
+same surface-specific failure path as other command errors. `IsLongRunning` is
+metadata for hosts and UI surfaces; it does not move the command out of process
+or run it on a separate scheduler.
+
+Every registered command exposes a `DbHostCallbackDescriptor` through
+`DbCommandDefinition.Descriptor` and `DbCommandRegistry.Callbacks`. The
+descriptor is read-only metadata for policy checks, diagnostics, and Admin
+visibility. It does not sandbox the command.
+
+---
+
+## Trusted Validation Rules
+
+Admin Forms can also call host-registered validation rules before save. Rules
+are registered in the host app with `AddCSharpDbAdminFormValidationRules(...)`
+and referenced from form or control metadata by name. Missing, denied, timed
+out, throwing, or failed validation rules block save and appear in the callback
+diagnostics path.
+
+See [Trusted Validation Rules](validation-rules.md) for registration examples,
+field-level and form-level metadata, policy grants, diagnostics behavior, and
+the runnable sample.
+
+---
+
+## What You Can Register
+
+V1 supports synchronous scalar functions:
+
+```csharp
+public delegate DbValue DbScalarFunctionDelegate(
+    DbScalarFunctionContext context,
+    ReadOnlySpan<DbValue> arguments);
+```
+
+A scalar function receives database values and returns one database value. Supported value types are:
+
+| CSharpDB type | Read with | Return with |
+| --- | --- | --- |
+| `DbType.Integer` | `value.AsInteger` | `DbValue.FromInteger(...)` |
+| `DbType.Real` | `value.AsReal` | `DbValue.FromReal(...)` |
+| `DbType.Text` | `value.AsText` | `DbValue.FromText(...)` |
+| `DbType.Blob` | `value.AsBlob` | `DbValue.FromBlob(...)` |
+| `DbType.Null` | `value.IsNull` | `DbValue.Null` |
+
+Functions are registered with:
+
+```csharp
+using CSharpDB.Engine;
+using CSharpDB.Primitives;
+
+var options = new DatabaseOptions()
+    .ConfigureFunctions(functions =>
+    {
+        functions.AddScalar(
+            "Slugify",
+            arity: 1,
+            options: new DbScalarFunctionOptions(
+                ReturnType: DbType.Text,
+                IsDeterministic: true,
+                NullPropagating: true),
+            invoke: static (_, args) =>
+                DbValue.FromText(args[0].AsText.ToLowerInvariant().Replace(' ', '-')));
+    });
+```
+
+Open the database with those options:
+
+```csharp
+await using var db = await Database.OpenAsync("app.db", options);
+```
+
+For tests or transient data:
+
+```csharp
+await using var db = await Database.OpenInMemoryAsync(options);
+```
+
+---
+
+## Complete Example
+
+```csharp
+using CSharpDB.Engine;
+using CSharpDB.Primitives;
+
+static string Slugify(string text)
+{
+    return text.Trim().ToLowerInvariant().Replace(' ', '-');
+}
+
+var options = new DatabaseOptions()
+    .ConfigureFunctions(functions =>
+    {
+        functions.AddScalar(
+            "Slugify",
+            arity: 1,
+            options: new DbScalarFunctionOptions(
+                ReturnType: DbType.Text,
+                IsDeterministic: true,
+                NullPropagating: true),
+            invoke: static (_, args) => DbValue.FromText(Slugify(args[0].AsText)));
+
+        functions.AddScalar(
+            "IsEven",
+            arity: 1,
+            options: new DbScalarFunctionOptions(
+                ReturnType: DbType.Integer,
+                IsDeterministic: true,
+                NullPropagating: true),
+            invoke: static (_, args) =>
+                DbValue.FromInteger(args[0].AsInteger % 2 == 0 ? 1 : 0));
+    });
+
+await using var db = await Database.OpenAsync("app.db", options);
+
+await db.ExecuteAsync("""
+    CREATE TABLE articles (
+        id INTEGER PRIMARY KEY,
+        title TEXT NOT NULL,
+        slug TEXT
+    );
+    """);
+
+await db.ExecuteAsync("INSERT INTO articles VALUES (1, 'Hello World', Slugify('Hello World'))");
+await db.ExecuteAsync("INSERT INTO articles VALUES (2, 'Second Post', Slugify('Second Post'))");
+
+await using var result = await db.ExecuteAsync("""
+    SELECT id, Slugify(title)
+    FROM articles
+    WHERE IsEven(id) = 1
+    ORDER BY Slugify(title);
+    """);
+```
+
+### VS Code Host Project Workflow
+
+For a runnable C# host project, open
+`samples/trusted-csharp-host` in VS Code. The sample includes `.vscode` launch
+and task files so a developer can press `F5`, set breakpoints inside the
+registered callbacks, and watch SQL and Admin Forms automation invoke ordinary
+C# code.
+
+```powershell
+dotnet run --project samples\trusted-csharp-host\TrustedCSharpHostSample.csproj
+```
+
+The sample demonstrates:
+
+- `DatabaseOptions.ConfigureFunctions(...)` for a trusted scalar function.
+- SQL calling the function by name.
+- `DbCommandRegistry` for a trusted host command.
+- An Admin Forms `DbActionSequence` that sets a field and then runs the
+  command.
+
+The VS Code story stays host-owned: VS Code is the editor/debugger for the C#
+host project, while database metadata stores names and declarative action data
+only.
+
+### End-To-End Developer Handoff
+
+The production workflow is a handoff between an app builder and a host
+developer:
+
+1. The app builder creates database metadata that references a callback by name.
+   Examples include a formula such as `=Slugify([Name])` or a form action step
+   such as `RunCommand` with command name `SendOpsDigest`.
+2. Admin records only the callback name, arity/kind metadata, action arguments,
+   and reference location. It does not store C# source.
+3. The callback catalog compares referenced names with the callbacks registered
+   by the current host. Missing names appear as missing callback readiness.
+4. The app builder copies the generated registration stub from Admin and gives
+   it to the host developer.
+5. The host developer implements the C# function or command in the host
+   project, registers it during startup, and debugs it in VS Code like normal
+   application code.
+6. The host is restarted. Admin refreshes callback readiness, and the reference
+   changes from missing to registered/allowed when the name, kind, and arity
+   match.
+
+For Admin itself, host-owned demo callbacks are registered in
+`src/CSharpDB.Admin/Services/AdminHostCallbacks.cs`. A scalar function is
+registered with `DbFunctionRegistry`:
+
+```csharp
+functions.AddScalar(
+    "Slugify",
+    arity: 1,
+    options: new DbScalarFunctionOptions(
+        ReturnType: DbType.Text,
+        IsDeterministic: true,
+        NullPropagating: true),
+    invoke: static (_, args) => DbValue.FromText(Slugify(args[0].AsText)));
+```
+
+A command callback is registered with `DbCommandRegistry`:
+
+```csharp
+commands.AddCommand(
+    "SendOpsDigest",
+    new DbCommandOptions("Sends a fulfillment operations digest."),
+    static context =>
+    {
+        string source = context.Arguments.TryGetValue("source", out DbValue value)
+            ? value.AsText
+            : "unknown";
+
+        // Call host-owned services here.
+        return DbCommandResult.Success($"Digest requested by {source}.");
+    });
+```
+
+That C# code belongs to the host application. The database still stores only the
+name `SendOpsDigest` and any declarative action arguments.
+
+### Stored Procedures In The Mix
+
+Stored procedures are different from trusted callbacks. They are database-owned
+SQL definitions with parameter metadata. They are useful when the logic should
+stay inside CSharpDB and can be expressed as SQL:
+
+| Need | Prefer |
+| --- | --- |
+| Reusable multi-statement table work | Stored procedure |
+| Transactional updates plus follow-up result sets | Stored procedure |
+| A form button that runs reviewed database logic | `RunProcedure` |
+| External API, email, filesystem, queue, or host service call | Trusted command callback |
+| Custom scalar calculation inside SQL expressions | Trusted scalar function |
+| UI-only behavior such as filtering or control state | Declarative macro action |
+
+A stored procedure can be executed directly through the client API:
+
+```csharp
+ProcedureExecutionResult result = await client.ExecuteProcedureAsync(
+    "AllocateOrder",
+    new Dictionary<string, object?>
+    {
+        ["orderId"] = 7005,
+        ["allocatedBy"] = "Wave Planner",
+        ["note"] = "Allocated from a reviewed procedure.",
+    });
+```
+
+Admin's SQL editor also accepts `EXEC` as an Admin command surface:
+
+```sql
+EXEC AllocateOrder @orderId = 7005, @allocatedBy = 'Wave Planner';
+EXEC RefreshOperationalStats;
+EXEC tutorial_OpenOrderSnapshot { "status": "released" };
+```
+
+Use `RunProcedure` from form metadata only when the rendered host enables
+procedure actions. Use `RunCommand` when the same button needs host-owned C#.
+When both are needed, run the procedure first for database work and the command
+second for the external side effect.
+
+---
+
+## Registration Rules
+
+Function names are SQL identifiers:
+
+- They must start with a letter or `_`.
+- Remaining characters must be letters, digits, or `_`.
+- Lookup is case-insensitive, so `Slugify`, `slugify`, and `SLUGIFY` refer to the same function.
+- A user function name can only be registered once. V1 does not support overloads by arity.
+- Reserved built-ins cannot be overridden. Current reserved names are `TEXT`, `COUNT`, `SUM`, `AVG`, `MIN`, and `MAX`.
+- `arity` must match the number of arguments used by the expression.
+
+Registration failures throw immediately so host applications fail at startup instead of later during a query.
+
+`ConfigureFunctions` sets the function registry for the returned `DatabaseOptions`. If you chain multiple option helpers, keep all function registrations in one `ConfigureFunctions` call or assign a single `DbFunctionRegistry` to `DatabaseOptions.Functions`.
+
+---
+
+## Function Options
+
+Each function can include `DbScalarFunctionOptions`:
+
+```csharp
+new DbScalarFunctionOptions(
+    ReturnType: DbType.Text,
+    IsDeterministic: true,
+    NullPropagating: true,
+    Description: "Formats a URL slug.",
+    AdditionalCapabilities:
+    [
+        new DbExtensionCapabilityRequest(DbExtensionCapability.Clock)
+    ])
+```
+
+| Option | Meaning |
+| --- | --- |
+| `ReturnType` | Optional metadata describing the expected return type. |
+| `IsDeterministic` | Marks the function as returning the same output for the same inputs. V1 exposes the metadata but does not use it for constant folding or index planning. |
+| `NullPropagating` | If any argument is `NULL`, CSharpDB returns `NULL` without invoking the delegate. |
+| `Description` | Optional human-readable text for host tools and Admin visibility. |
+| `AdditionalCapabilities` | Optional capability metadata beyond the implicit `ScalarFunctions` capability. This is for CSharpDB policy mediation and visibility, not a .NET sandbox. |
+| `Metadata` | Optional host-defined descriptor metadata. |
+
+Without `NullPropagating`, `DbValue.Null` is passed to the delegate and the function decides what to do.
+
+```csharp
+functions.AddScalar(
+    "CoalesceText",
+    arity: 2,
+    options: new DbScalarFunctionOptions(DbType.Text),
+    invoke: static (_, args) =>
+        args[0].IsNull ? args[1] : args[0]);
+```
+
+Registered scalar functions expose `DbScalarFunctionDefinition.Descriptor` and
+`DbFunctionRegistry.Callbacks`. The descriptor always uses
+`DbExtensionRuntimeKind.HostCallback`, records the callback kind, name, arity,
+return type, deterministic/null behavior, and includes the implicit
+`ScalarFunctions` capability plus any additional capabilities declared in the
+options.
+
+Commands expose the same descriptor shape through `DbCommandDefinition`.
+Command descriptors include the implicit `Commands` capability plus any
+additional capabilities declared in `DbCommandOptions`, along with description,
+timeout, and long-running metadata.
+
+Hosts can evaluate descriptor capabilities with `DbExtensionPolicyEvaluator`:
+
+```csharp
+DbHostCallbackDescriptor descriptor = commandRegistry.Callbacks.Single();
+DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+    descriptor,
+    new DbExtensionPolicy(
+        AllowExtensions: true,
+        Grants:
+        [
+            new DbExtensionCapabilityGrant(
+                DbExtensionCapability.Commands,
+                DbExtensionCapabilityGrantStatus.Granted),
+            new DbExtensionCapabilityGrant(
+                DbExtensionCapability.ReadDatabase,
+                DbExtensionCapabilityGrantStatus.Granted),
+        ]),
+    DbExtensionHostMode.Embedded);
+```
+
+Policy evaluation controls what CSharpDB-mediated APIs should allow. It does
+not restrict arbitrary in-process .NET calls made by trusted host code.
+
+---
+
+## SQL Usage
+
+Registered scalar functions can be used in non-aggregate SQL expression positions:
+
+```sql
+SELECT Slugify(title) FROM articles;
+SELECT * FROM articles WHERE IsEven(id) = 1;
+SELECT * FROM articles ORDER BY Slugify(title);
+INSERT INTO articles VALUES (3, 'New Title', Slugify('New Title'));
+UPDATE articles SET slug = Slugify(title) WHERE slug IS NULL;
+```
+
+They also work in trigger bodies and SQL procedure bodies because those paths execute through the same SQL expression evaluator:
+
+```sql
+CREATE TABLE article_audit (article_id INTEGER, slug TEXT);
+
+CREATE TRIGGER articles_ai AFTER INSERT ON articles
+BEGIN
+    INSERT INTO article_audit VALUES (NEW.id, Slugify(NEW.title));
+END;
+```
+
+Custom functions stay on the residual expression path in V1:
+
+- No index pushdown is inferred from a custom function.
+- No generated-column or expression-index behavior is added.
+- No constant folding or cost assumptions are made from custom function metadata.
+
+That keeps existing query and storage paths unchanged unless a query actually calls a registered function.
+
+---
+
+## Direct Client Usage
+
+Direct clients pass functions through `DirectDatabaseOptions`:
+
+```csharp
+using CSharpDB.Client;
+using CSharpDB.Engine;
+using CSharpDB.Primitives;
+
+await using var client = CSharpDbClient.Create(new CSharpDbClientOptions
+{
+    DataSource = "app.db",
+    DirectDatabaseOptions = new DatabaseOptions()
+        .ConfigureFunctions(functions =>
+        {
+            functions.AddScalar(
+                "AddOne",
+                1,
+                new DbScalarFunctionOptions(DbType.Integer, IsDeterministic: true, NullPropagating: true),
+                static (_, args) => DbValue.FromInteger(args[0].AsInteger + 1));
+        }),
+});
+
+await client.ExecuteSqlAsync("CREATE TABLE numbers (value INTEGER);");
+await client.ExecuteSqlAsync("INSERT INTO numbers VALUES (41);");
+
+var result = await client.ExecuteSqlAsync("SELECT AddOne(value) FROM numbers;");
+```
+
+`DirectDatabaseOptions` is only valid for direct transport. It is rejected for HTTP and gRPC clients because delegates cannot be serialized to another process.
+
+---
+
+## Remote Host Usage
+
+HTTP and gRPC clients cannot send C# delegates. Remote SQL can call a custom function only when that function is registered inside the host process that owns the database.
+
+The practical rule is:
+
+- Embedded or direct client: register functions in `DatabaseOptions` or `DirectDatabaseOptions`.
+- Remote client: register functions where the daemon, API host, or application server opens the database.
+- Pipeline packages, report definitions, form definitions, procedures, and SQL text store function names and expressions only. They do not store C# function bodies.
+- Admin Forms, Admin Reports, and pipeline packages also store generated `automation` metadata that lists required trusted commands and scalar functions by name, surface, and location. This is an import/export contract for hosts; it is not executable code.
+
+---
+
+## Admin Forms
+
+Admin Forms computed formulas can call registered scalar functions when the formula evaluator receives a `DbFunctionRegistry`.
+
+```csharp
+using CSharpDB.Admin.Forms.Evaluation;
+using CSharpDB.Primitives;
+
+var functions = DbFunctionRegistry.Create(builder =>
+{
+    builder.AddScalar(
+        "Tax",
+        1,
+        new DbScalarFunctionOptions(DbType.Real, IsDeterministic: true, NullPropagating: true),
+        static (_, args) => DbValue.FromReal(args[0].AsReal * 0.0825));
+});
+
+double? tax = FormulaEvaluator.Evaluate(
+    "=Tax(Subtotal)",
+    fieldResolver: name => name == "Subtotal" ? 100.00 : null,
+    functions: functions);
+```
+
+Forms formulas are numeric formulas. A custom function used from `FormulaEvaluator.Evaluate` should return `INTEGER` or `REAL`; other return types evaluate to `null` in that surface. Existing aggregate formulas such as `=SUM(OrderItems.LineTotal)` remain built-in form behavior and are not replaced by custom scalar functions.
+
+Admin Forms can also bind lifecycle events to trusted commands. Form definitions store event names and command names only; the C# command bodies stay registered in the host process.
+
+```csharp
+var form = existingForm with
+{
+    EventBindings =
+    [
+        new FormEventBinding(FormEventKind.OnOpen, "AuditFormOpen"),
+        new FormEventBinding(FormEventKind.BeforeInsert, "ValidateCustomerCreate"),
+        new FormEventBinding(FormEventKind.AfterUpdate, "AuditCustomerChange"),
+    ],
+};
+```
+
+Supported form-level events in this slice are:
+
+| Event | When it runs |
+| --- | --- |
+| `OnOpen` | After the form definition and source table are resolved, before records load. |
+| `OnLoad` | After the initial record page loads. |
+| `BeforeInsert` | Before a new record is inserted. Returning `DbCommandResult.Failure(...)` cancels the insert. |
+| `AfterInsert` | After a new record is inserted. |
+| `BeforeUpdate` | Before an existing record is updated. Returning failure cancels the update. |
+| `AfterUpdate` | After an existing record is updated. |
+| `BeforeDelete` | Before the current record is deleted. Returning failure cancels the delete. |
+| `AfterDelete` | After the current record is deleted. |
+
+Command context arguments include the current record fields converted to `DbValue`. Static arguments configured on the event binding override same-named record fields. Metadata includes `surface`, `formId`, `formName`, `tableName`, and `event`.
+
+The Admin Forms designer preserves form event bindings and exposes them in the property inspector when no control is selected. If the host has registered trusted commands, the designer shows those command names; otherwise it stores the command name typed by the designer. The same editor can attach a visual action sequence to the event.
+
+Admin Forms also include control-level trusted command events. Form controls store event names, command names, and optional JSON arguments in the form definition. At runtime, the renderer invokes the registered host command with the current record fields plus event-specific arguments.
+
+```csharp
+var textBox = existingTextBox with
+{
+    EventBindings =
+    [
+        new ControlEventBinding(
+            ControlEventKind.OnChange,
+            "NormalizeCustomerName",
+            new Dictionary<string, object?> { ["source"] = "name-textbox" }),
+        new ControlEventBinding(ControlEventKind.OnLostFocus, "ValidateCustomerName"),
+    ],
+};
+```
+
+Supported control events in this slice are:
+
+| Event | When it runs |
+| --- | --- |
+| `OnClick` | When a label or command button is clicked. |
+| `OnChange` | After an input, checkbox, radio, select, lookup, or textarea updates its bound field. |
+| `OnGotFocus` | When an interactive control receives focus. |
+| `OnLostFocus` | When an interactive control loses focus. |
+
+Control event metadata includes the Forms metadata plus `event`, `controlId`, `controlType`, and `fieldName` for bound controls. Arguments include current record fields and event details such as `fieldName`, `value`, and `oldValue` for field changes. Static arguments configured on the event binding override same-named runtime arguments.
+
+The Admin Forms designer exposes selected-control event bindings in the property inspector. If the host has registered trusted commands, the designer shows those command names; otherwise it stores the command name typed by the designer. Selected-control events use the same visual action-sequence editor as form lifecycle events.
+
+Admin Forms also include a command button control. Command buttons store a display label, a command name, and optional JSON arguments in the form definition. At runtime, clicking the button invokes the registered host command with the current record fields plus the configured arguments. Command buttons can also use `ControlEventKind.OnClick` bindings, which allows a button to be driven entirely by the shared control-event model.
+
+```csharp
+var button = new ControlDefinition(
+    "btn-ship",
+    "commandButton",
+    new Rect(24, 320, 160, 34),
+    Binding: null,
+    Props: new PropertyBag(new Dictionary<string, object?>
+    {
+        ["text"] = "Ship Order",
+        ["commandName"] = "ShipOrder",
+        ["commandArguments"] = new Dictionary<string, object?>
+        {
+            ["source"] = "form-button",
+        },
+    }),
+    ValidationOverride: null);
+```
+
+Command button direct-command metadata includes the same form metadata as lifecycle events, plus `event = "Click"`, `controlId`, and `controlType`.
+
+---
+
+## Declarative Admin Forms Action Sequences
+
+Admin Forms event bindings can also store small declarative action sequences.
+This is the first Access-style macro layer for CSharpDB Forms: the form stores
+action metadata, while any executable C# still lives in host-registered trusted
+commands.
+
+```csharp
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Primitives;
+
+var shipButton = existingButton with
+{
+    EventBindings =
+    [
+        new ControlEventBinding(
+            ControlEventKind.OnClick,
+            CommandName: string.Empty,
+            ActionSequence: new DbActionSequence(
+            [
+                new DbActionStep(
+                    DbActionKind.SetFieldValue,
+                    Target: "Status",
+                    Value: "Shipped"),
+                new DbActionStep(
+                    DbActionKind.RunCommand,
+                    CommandName: "AuditOrderStatus",
+                    Condition: "Status = 'Shipped'",
+                    Arguments: new Dictionary<string, object?>
+                    {
+                        ["source"] = "ship-button",
+                    }),
+                new DbActionStep(
+                    DbActionKind.ShowMessage,
+                    Message: "Order marked as shipped."),
+            ],
+            Name: "ShipButtonActions")),
+    ],
+};
+```
+
+The action set is intentionally small and form-focused:
+
+| Action | Behavior |
+| --- | --- |
+| `RunCommand` | Invokes a host-registered trusted command by name. |
+| `RunActionSequence` | Invokes a reusable named form action sequence stored on the form definition. |
+| `SetFieldValue` | Updates a target field in the current mutable form record. |
+| `ShowMessage` | Sends a message when the current Forms surface provides a command/message callback. |
+| `Stop` | Ends the current sequence successfully. |
+| `NewRecord` | Starts a new record in the rendered form. |
+| `SaveRecord` | Saves the current rendered record through the normal form save path. |
+| `DeleteRecord` | Deletes the current persisted rendered record through the normal form delete path. |
+| `RefreshRecords` | Reloads the current record/page while preserving the current primary key when possible. |
+| `PreviousRecord` | Moves the rendered form to the previous record. |
+| `NextRecord` | Moves the rendered form to the next record. |
+| `GoToRecord` | Navigates to a primary-key value from `Value`, `Arguments["value"]`, `Arguments["recordId"]`, `Arguments["primaryKey"]`, or the field named by `Target`. |
+
+Reusable action sequences are stored once on the form and invoked by name from
+form events, control events, or command buttons:
+
+```csharp
+var form = existingForm with
+{
+    ActionSequences =
+    [
+        new DbActionSequence(
+        [
+            new DbActionStep(DbActionKind.SetFieldValue, Target: "Status", Value: "Ready"),
+            new DbActionStep(DbActionKind.RunCommand, CommandName: "AuditReady"),
+        ],
+        Name: "PrepareReadyStatus"),
+    ],
+    EventBindings =
+    [
+        new FormEventBinding(
+            FormEventKind.BeforeUpdate,
+            string.Empty,
+            ActionSequence: new DbActionSequence(
+            [
+                new DbActionStep(
+                    DbActionKind.RunActionSequence,
+                    SequenceName: "PrepareReadyStatus",
+                    Arguments: new Dictionary<string, object?> { ["source"] = "before-update" }),
+            ])),
+    ],
+};
+```
+
+`RunActionSequence` arguments become runtime arguments for the nested sequence,
+so nested `RunCommand` steps receive current record fields, binding arguments,
+caller-supplied sequence arguments, and their own step arguments. Recursive
+sequence loops fail with a nesting-limit error instead of running forever.
+
+Action sequences can be attached to form lifecycle bindings or selected-control
+bindings. A binding can contain only a command, only an action sequence, or a
+command followed by an action sequence:
+
+```csharp
+var form = existingForm with
+{
+    EventBindings =
+    [
+        new FormEventBinding(
+            FormEventKind.BeforeInsert,
+            "ValidateOrder",
+            ActionSequence: new DbActionSequence(
+            [
+                new DbActionStep(
+                    DbActionKind.SetFieldValue,
+                    Target: "Status",
+                    Value: "Draft"),
+            ])),
+    ],
+};
+```
+
+The Admin Forms property inspector exposes action sequences with a visual
+editor on form-level and selected-control event bindings. Designers can add a
+sequence, name it, add command, reusable-sequence, field, message, stop, and
+built-in record steps, reorder or remove steps, choose registered commands or
+reusable sequences when available, and set per-step conditions and
+`StopOnFailure`. The form-level property inspector also includes a reusable
+action-sequence library editor. JSON editing remains only for optional binding,
+`RunCommand`, or `RunActionSequence` argument payloads.
+
+For `RunCommand`, command arguments are built from current record fields,
+binding arguments, runtime event arguments, and step arguments, with later
+sources overriding earlier ones. Command metadata includes the Forms metadata
+plus `actionKind`, `actionStep`, optional `actionSequence`, and optional
+`actionCondition`.
+
+Every action step can include a `Condition`. Empty conditions run the step.
+False conditions skip only that step. Malformed conditions fail through the
+normal step failure path, so `StopOnFailure = false` can allow a later step to
+continue.
+
+Supported condition syntax is intentionally small:
+
+| Syntax | Example |
+| --- | --- |
+| Truthy value | `IsActive` |
+| Equality | `Status = 'Ready'` or `[Status] == "Ready"` |
+| Inequality | `Status <> 'Closed'` or `Status != 'Closed'` |
+| Numeric comparison | `Amount > 0`, `Quantity <= 10` |
+| Null comparison | `ClosedAt = null` |
+
+Condition values are resolved from current record fields, binding arguments,
+runtime event arguments, and step arguments using the same later-wins order as
+command arguments. A leading `=` is accepted for macro-style conditions, for
+example `=Status = 'Ready'`.
+
+When forms are saved through `DbFormRepository` or exported through
+`FormAutomationMetadata.NormalizeForExport(...)`, the definition's `automation`
+metadata is regenerated from form events, command buttons, selected-control
+events, reusable action sequences, action-sequence `RunCommand` steps, and
+computed-control formulas. Older form JSON without automation metadata is
+backfilled when it is loaded.
+
+`SetFieldValue` can update mutable records in form lifecycle events such as
+`BeforeInsert` and `BeforeUpdate`, and it can update the current rendered record
+from control events or command-button clicks.
+
+Built-in record actions require a rendered Admin Forms data-entry runtime.
+They are intended for command buttons and selected-control events. Headless
+form lifecycle dispatch can still run `SetFieldValue`, `ShowMessage`, `Stop`,
+and `RunCommand`, but it reports a failure if a sequence asks for rendered-form
+navigation or save/delete actions.
+
+Action sequences do not include loops, stored C# source, database-owned
+plugins, or remote delegate serialization. Rendered Admin form runtimes support
+direct SQL and procedure actions only when the host explicitly enables those
+capabilities.
+
+---
+
+## Admin Reports
+
+Admin Reports preview rendering accepts the same registry through `DefaultReportPreviewService`:
+
+```csharp
+using CSharpDB.Admin.Reports.Services;
+using CSharpDB.Primitives;
+
+var previewService = new DefaultReportPreviewService(
+    dbClient,
+    sourceProvider,
+    functions);
+```
+
+Numeric calculated expressions can call numeric-returning functions:
+
+```text
+=Tax([Subtotal])
+```
+
+Calculated text can use a scalar function as the whole expression, including text-returning functions:
+
+```text
+=FormatInvoiceLabel([InvoiceNumber], [CustomerName])
+```
+
+Report aggregate formulas such as `=SUM([Subtotal])` remain built-in report behavior.
+
+Admin Reports can also bind preview-render lifecycle events to trusted commands. Report definitions store event names, command names, and optional static arguments only; the C# command bodies stay registered by the host process.
+
+```csharp
+using CSharpDB.Admin.Reports.Models;
+
+var report = existingReport with
+{
+    EventBindings =
+    [
+        new ReportEventBinding(ReportEventKind.OnOpen, "AuditReportOpen"),
+        new ReportEventBinding(ReportEventKind.BeforeRender, "PrepareReportContext"),
+        new ReportEventBinding(ReportEventKind.AfterRender, "PublishReportRendered"),
+    ],
+};
+```
+
+Supported report events are:
+
+| Event | When it runs |
+| --- | --- |
+| `OnOpen` | After the report source is resolved, before preview rows are loaded. |
+| `BeforeRender` | After preview rows are loaded and capped, before pagination and calculated text rendering. |
+| `AfterRender` | After preview pages are produced, before the preview result is returned. |
+
+Command context arguments include render metrics such as `rowCount`, `loadedRowCount`, `rowTruncated`, `pageCount`, `isTruncated`, and `hasSchemaDrift` depending on the event. Static arguments configured on the binding override same-named runtime arguments. Metadata includes `surface = AdminReports`, `reportId`, `reportName`, `sourceKind`, `sourceName`, and `event`.
+
+When reports are saved through `DbReportRepository` or exported through
+`ReportAutomationMetadata.NormalizeForExport(...)`, the definition's
+`automation` metadata is regenerated from report event bindings and calculated
+text expressions. Older report JSON without automation metadata is backfilled
+when it is loaded.
+
+Register report commands through the reports service registration overload:
+
+```csharp
+using CSharpDB.Admin.Reports.Services;
+using CSharpDB.Primitives;
+
+builder.Services.AddCSharpDbAdminReports(commands =>
+{
+    commands.AddCommand("PublishReportRendered", static context =>
+    {
+        string reportName = context.Metadata["reportName"];
+        long pageCount = context.Arguments["pageCount"].AsInteger;
+
+        PublishReportMetric(reportName, pageCount);
+        return DbCommandResult.Success();
+    });
+});
+```
+
+---
+
+## Pipelines
+
+Pipelines can call registered scalar functions in filter expressions and derived-column expressions when the runner or component factory is constructed with a registry.
+
+```csharp
+using CSharpDB.Client.Pipelines;
+using CSharpDB.Pipelines.Models;
+using CSharpDB.Primitives;
+
+var functions = DbFunctionRegistry.Create(builder =>
+{
+    builder.AddScalar(
+        "NormalizeStatus",
+        1,
+        new DbScalarFunctionOptions(DbType.Text, IsDeterministic: true, NullPropagating: true),
+        static (_, args) => DbValue.FromText(args[0].AsText.Trim().ToLowerInvariant()));
+});
+
+var runner = new CSharpDbPipelineRunner(client, functions);
+
+var package = new PipelinePackageDefinition
+{
+    Name = "active-customers",
+    Version = "1.0.0",
+    Source = new PipelineSourceDefinition
+    {
+        Kind = PipelineSourceKind.CsvFile,
+        Path = "customers.csv",
+        HasHeaderRow = true,
+    },
+    Transforms =
+    [
+        new PipelineTransformDefinition
+        {
+            Kind = PipelineTransformKind.Filter,
+            FilterExpression = "NormalizeStatus(status) == 'active'",
+        },
+        new PipelineTransformDefinition
+        {
+            Kind = PipelineTransformKind.Derive,
+            DerivedColumns =
+            [
+                new PipelineDerivedColumn
+                {
+                    Name = "status_key",
+                    Expression = "NormalizeStatus(status)",
+                },
+            ],
+        },
+    ],
+    Destination = new PipelineDestinationDefinition
+    {
+        Kind = PipelineDestinationKind.JsonFile,
+        Path = "active-customers.json",
+    },
+};
+
+await runner.RunPackageAsync(package);
+```
+
+Pipeline package JSON stores expressions such as `NormalizeStatus(status)` plus generated `automation` metadata listing the required scalar function names. The C# delegate must be registered by the process that runs the package.
+
+Pipelines can also invoke trusted commands from run hooks. Hook definitions are serialized with the package, but they store only the hook event, command name, optional static arguments, and generated automation metadata:
+
+```csharp
+var commands = DbCommandRegistry.Create(builder =>
+{
+    builder.AddCommand("NotifyPipeline", static context =>
+    {
+        string pipelineName = context.Metadata["pipelineName"];
+        string status = context.Arguments["status"].AsText;
+        long rowsWritten = context.Arguments["rowsWritten"].AsInteger;
+
+        NotifyOps(pipelineName, status, rowsWritten);
+        return DbCommandResult.Success();
+    });
+});
+
+var runner = new CSharpDbPipelineRunner(client, functions, commands);
+
+var package = new PipelinePackageDefinition
+{
+    Name = "active-customers",
+    Version = "1.0.0",
+    Source = new PipelineSourceDefinition
+    {
+        Kind = PipelineSourceKind.CsvFile,
+        Path = "customers.csv",
+    },
+    Destination = new PipelineDestinationDefinition
+    {
+        Kind = PipelineDestinationKind.JsonFile,
+        Path = "active-customers.json",
+    },
+    Hooks =
+    [
+        new PipelineCommandHookDefinition
+        {
+            Event = PipelineCommandHookEvent.OnRunSucceeded,
+            CommandName = "NotifyPipeline",
+            Arguments = new Dictionary<string, object?>
+            {
+                ["channel"] = "ops",
+            },
+        },
+    ],
+};
+```
+
+Supported pipeline hook events are:
+
+| Event | When it runs |
+| --- | --- |
+| `OnRunStarted` | After package validation and run logging, before components are created. |
+| `OnBatchCompleted` | After each source batch is transformed/written, metrics and checkpoints are updated, and reject limits pass. |
+| `OnRunSucceeded` | After destination completion and before the successful run is logged as completed. |
+| `OnRunFailed` | When the orchestrator is about to return a failed `PipelineRunResult`. |
+
+Hook arguments include `runId`, `pipelineName`, `pipelineVersion`, `mode`, `event`, `status`, `rowsRead`, `rowsWritten`, `rowsRejected`, and `batchesCompleted`. Batch hooks also include `batchNumber`, `startingRowNumber`, and `batchRowCount`. Failure hooks include `errorSummary`. Metadata includes `surface = Pipelines`, `pipelineName`, `pipelineVersion`, `runId`, `mode`, and `event`.
+
+`PipelinePackageSerializer` refreshes the `automation` manifest when packages are serialized, saved, deserialized, or loaded from disk. `PipelinePackageValidator` accepts older packages without a manifest, but if a manifest is present and no longer matches the package expressions/hooks, validation reports stale automation metadata so the package can be re-exported.
+
+`Validate` mode does not invoke command hooks, so package validation stays side-effect free. Missing command registration or a failing hook with `StopOnFailure = true` fails the run normally. For `OnRunFailed`, hook failures are appended to the failed run's error summary instead of recursively dispatching more failure hooks.
+
+---
+
+## Error Handling
+
+Missing SQL functions fail with the existing unknown scalar function error. Function exceptions are wrapped with the function name and the surrounding statement follows normal rollback behavior.
+
+```csharp
+functions.AddScalar(
+    "RequirePositive",
+    1,
+    new DbScalarFunctionOptions(DbType.Integer, NullPropagating: true),
+    static (context, args) =>
+    {
+        long value = args[0].AsInteger;
+        if (value <= 0)
+            throw new ArgumentOutOfRangeException(context.FunctionName, "Value must be positive.");
+
+        return DbValue.FromInteger(value);
+    });
+```
+
+For SQL write statements, a failing function aborts the statement. If the statement is inside a transaction, normal transaction rollback rules apply.
+
+Admin Forms formulas intentionally return `null` for invalid formulas, unsupported function return types, missing functions, division by zero, or exceptions. Pipeline functions throw runtime errors unless the pipeline error mode handles the affected row.
+
+Trusted command failures are surface-specific. Form before-events can cancel writes, report event failures fail preview rendering, and pipeline hook failures produce a failed `PipelineRunResult` unless the binding sets `StopOnFailure = false`. Timed-out commands are reported as command failures; caller-requested cancellation still propagates as cancellation instead of being converted to a failure message.
+
+Forms action-sequence failures follow the same binding-level `StopOnFailure`
+rule. Step-level `StopOnFailure = false` lets a later step continue after that
+step fails; otherwise the sequence reports the failure to the surrounding form
+or control event.
+
+---
+
+## Performance Guidance
+
+Custom functions run only when an expression calls them. Queries and writes that do not use custom functions stay on the existing paths.
+
+For low overhead:
+
+- Prefer `NullPropagating = true` when a function naturally returns null for null input.
+- Avoid database calls, blocking I/O, sleeps, and long network calls inside delegates.
+- For command callbacks that call application services, prefer `AddAsyncCommand(...)`, honor the provided cancellation token, and set a timeout that matches the user-facing workflow.
+- Keep delegates thread-safe. A function may be called by concurrent queries in the same host process.
+- Capture immutable services or thread-safe services in closures when application integration is needed.
+- Use `IsDeterministic = true` for accurate metadata, but do not rely on V1 to optimize from it.
+
+---
+
+## Current Limitations
+
+V1 does not support:
+
+- Aggregate UDFs.
+- Table-valued UDFs.
+- Stored C# source code or database-owned compiled modules.
+- Sandboxed execution.
+- Async scalar delegates.
+- Passing a database handle into the function context.
+- Sending delegates over HTTP, gRPC, or pipeline package files.
+- Optimizer pushdown, expression indexes, generated columns, or constant folding based on custom function metadata.
+- Additional Access-style control events such as double-click, key, mouse, timer, and dirty/current events.
+- Richer macro/action scripts with loops, reusable UI rule presets, additional event surfaces, or database-owned executable code.
diff --git a/docs/trusted-csharp-functions/access-style-macro-actions.md b/docs/trusted-csharp-functions/access-style-macro-actions.md
new file mode 100644
index 00000000..21411eb1
--- /dev/null
+++ b/docs/trusted-csharp-functions/access-style-macro-actions.md
@@ -0,0 +1,116 @@
+# Access-Style Macro Actions
+
+Phase 8 extends Admin Forms action sequences with Access-style UI and data actions. The action metadata still stays declarative: host applications own executable C# callbacks, SQL/procedure opt-in policy, database connections, and navigation behavior.
+
+## Supported Actions
+
+| Action | Runtime behavior |
+| --- | --- |
+| `openForm` | Resolves a form by id or name and asks the host to open it. Arguments can include `mode`, `recordId`, `primaryKey`, `id`, `filter`, or `where`. |
+| `closeForm` | Asks the host to close the active form entry tab or surface. |
+| `applyFilter` | Filters the current form record list when `target` is `form`; filters a rendered `datagrid` control when `target` is that control id. |
+| `clearFilter` | Clears the form or data-grid filter selected by `target`. |
+| `runSql` | Executes SQL only when the host enables SQL actions. `@name` parameters are resolved from action arguments. |
+| `runProcedure` | Executes a named database procedure only when the host enables procedure actions. `target` is the procedure name; action arguments become procedure arguments. |
+| `setControlProperty` | Overrides rendered control properties such as `visible`, `enabled`, `readOnly`, `text`, `placeholder`, and bound `value`. |
+| `setControlVisibility`, `setControlEnabled`, `setControlReadOnly` | Short forms for the corresponding `setControlProperty` calls. |
+
+Existing actions such as `setFieldValue`, `runCommand`, `runActionSequence`, `newRecord`, `saveRecord`, `deleteRecord`, `refreshRecords`, `previousRecord`, `nextRecord`, and `goToRecord` continue to work in the same action sequence model.
+
+## Filter Expressions
+
+Filters use the same bracketed field expression style as conditions:
+
+```json
+{
+  "kind": "applyFilter",
+  "target": "ordersGrid",
+  "value": "[Status] = @status AND [Total] > @minimum",
+  "arguments": {
+    "status": "Open",
+    "minimum": 100
+  }
+}
+```
+
+Use `target: "form"` for the parent form list. Use a DataGrid control id for child-row filtering.
+
+## Open Form Arguments
+
+`openForm` carries navigation arguments to the host:
+
+```json
+{
+  "kind": "openForm",
+  "target": "Orders Entry",
+  "arguments": {
+    "recordId": "$record.Id",
+    "mode": "view",
+    "filter": "[Status] = 'Open'"
+  }
+}
+```
+
+The built-in admin tab host forwards those values to `DataEntry` as initial state. `mode: "new"` starts a writable form on a new record. `recordId` navigates to the requested primary key after load. `filter` or `where` applies an initial form filter.
+
+## SQL And Procedure Actions
+
+Use `runProcedure` when the workflow should invoke reusable database-owned SQL,
+for example allocating an order, receiving a purchase order, processing a
+return, or returning a packaged operational snapshot. A procedure body can run
+multiple SQL statements in one execution and can return follow-up result sets.
+
+```json
+{
+  "kind": "runProcedure",
+  "target": "AllocateOrder",
+  "arguments": {
+    "orderId": 7005,
+    "allocatedBy": "Wave Planner",
+    "note": "Allocated from form action sequence."
+  },
+  "stopOnFailure": true
+}
+```
+
+Use `runCommand` instead when the workflow needs host-owned C# behavior such as
+email, queues, external APIs, filesystem access, or other services. A common
+sequence is `runProcedure` for database updates followed by `runCommand` for a
+host notification.
+
+Rendered Admin form runtimes can leave `runSql` and `runProcedure` disabled by
+policy. That keeps database-mutating actions explicit at the host boundary even
+though procedure definitions themselves are database metadata.
+
+## Conditional UI Rules
+
+Form-level `rules` apply control property effects whenever their condition is true:
+
+```json
+{
+  "ruleId": "archived-state",
+  "condition": "[Status] = 'Archived'",
+  "effects": [
+    { "controlId": "statusBox", "property": "readOnly", "value": true },
+    { "controlId": "archiveButton", "property": "enabled", "value": false }
+  ]
+}
+```
+
+The designer property inspector includes a rules editor and a validation panel for action/rule readiness.
+
+## Diagnostics
+
+Subscribe to `FormActionDiagnostics.Listener` to observe action execution:
+
+```csharp
+using CSharpDB.Admin.Forms.Contracts;
+
+using IDisposable subscription = FormActionDiagnostics.Listener.Subscribe(observer);
+```
+
+Events use `FormActionDiagnostics.InvocationEventName` and carry `FormActionInvocationDiagnostic`, including action kind, target, form id, event name, action sequence name, step index, elapsed time, success state, cancellation state, result message, exception message, and metadata.
+
+## Sample
+
+See `samples/trusted-csharp-host/access-style-macro-form.json` for a form manifest that combines open form, data-grid filtering, SQL execution, control property changes, and conditional UI rules.
diff --git a/docs/trusted-csharp-functions/database-code-modules-vscode-plan.md b/docs/trusted-csharp-functions/database-code-modules-vscode-plan.md
new file mode 100644
index 00000000..1a473417
--- /dev/null
+++ b/docs/trusted-csharp-functions/database-code-modules-vscode-plan.md
@@ -0,0 +1,664 @@
+# Database Code Modules With VS Code Sync Plan
+
+## Summary
+
+Add database-owned C# code modules that can be saved with a CSharpDB database,
+compiled by CSharpDB, and invoked by Admin Forms events. Editing and debugging
+should happen in VS Code, not in the Admin browser UI.
+
+This is the Access-style "code travels with the database" model, but with C#
+and normal developer tooling. Admin remains the app-builder and runtime surface.
+VS Code remains the serious code editor and debugger.
+
+The core implementation must be a public .NET API, not a CLI-first design.
+
+## Product Position
+
+CSharpDB will have three separate automation lanes:
+
+| Lane | Who Owns Code | Where It Lives | Use For |
+| --- | --- | --- | --- |
+| Declarative macros/actions | Database metadata | Form JSON/database metadata | No-code app behavior, navigation, field updates, command orchestration |
+| Host callbacks | Host application | C# host project startup registration | External services, compiled integrations, application-owned code |
+| Database code modules | Database | Database module metadata, synced to files for editing | Access-like form/business logic that travels with the database |
+
+Database code modules are not a replacement for host callbacks. Host callbacks
+remain the right path for application services, email, queues, filesystem,
+network calls, or privileged host operations.
+
+## Goals
+
+- Store C# source modules in the database.
+- Let Admin create form/control event stubs.
+- Let VS Code edit synced `.cs` files with normal C# tooling.
+- Sync source between the database and a local workspace folder.
+- Compile modules with Roslyn and return diagnostics.
+- Surface diagnostics in Admin and VS Code.
+- Execute trusted compiled modules from Admin Forms runtime events.
+- Keep the core reusable through a public API based on `ICSharpDbClient`.
+- Avoid Monaco/CodeMirror bloat in Admin.
+- Keep CLI optional; it is not the primary architecture.
+
+## Non-Goals For V1
+
+- No full in-browser IDE.
+- No Monaco dependency for Admin code editing.
+- No arbitrary hidden execution from untrusted databases.
+- No remote dynamic assembly loading from form JSON.
+- No debugger implemented inside Admin.
+- No replacement for host callback integrations.
+- No direct unmanaged/native code from modules.
+- No unrestricted file/network/process APIs from database-owned code.
+
+## High-Level Architecture
+
+```text
+CSharpDB.CodeModules
+  public .NET API
+  module metadata model
+  import/export/sync services
+  Roslyn build/diagnostic services
+  trusted runtime contracts
+  uses ICSharpDbClient
+
+CSharpDB.Admin
+  lists modules
+  creates event stubs
+  shows trust/build/diagnostic state
+  invokes compiled trusted module procedures at runtime
+  uses CSharpDB.CodeModules directly
+
+VS Code Extension
+  module tree
+  open/sync files
+  Problems diagnostics
+  build command
+  debug harness command
+  talks to .NET sidecar/language server
+
+.NET Sidecar / Language Server
+  references CSharpDB.CodeModules
+  exposes JSON-RPC to VS Code extension
+  owns local file watching and DB sync
+```
+
+The CLI is optional future work. If added, it should be a thin wrapper over
+`CSharpDB.CodeModules`, not the source of truth.
+
+## Project Layout
+
+```text
+src/
+  CSharpDB.CodeModules/
+    CSharpDB.CodeModules.csproj
+    Models/
+    Storage/
+    Sync/
+    Compilation/
+    Runtime/
+    Diagnostics/
+
+  CSharpDB.Admin/
+    uses CSharpDB.CodeModules
+
+vscode-extension/
+  src/
+    extension.ts
+    moduleTree.ts
+    diagnostics.ts
+    sidecarClient.ts
+
+  sidecar/
+    CSharpDB.CodeModules.LanguageServer.csproj
+```
+
+The sidecar can live under `vscode-extension/sidecar` or `src/` depending on
+packaging. It should not duplicate code-module logic.
+
+## Public API
+
+The core API should be usable by Admin, tests, VS Code sidecar, and host apps.
+
+```csharp
+public sealed class CSharpDbCodeModuleClient
+{
+    public CSharpDbCodeModuleClient(ICSharpDbClient client);
+
+    public Task<IReadOnlyList<CodeModuleSummary>> ListAsync(
+        CodeModuleListRequest? request = null,
+        CancellationToken ct = default);
+
+    public Task<CodeModuleDefinition?> GetAsync(
+        string moduleId,
+        CancellationToken ct = default);
+
+    public Task<CodeModuleDefinition> UpsertAsync(
+        CodeModuleDefinition module,
+        CodeModuleWriteOptions? options = null,
+        CancellationToken ct = default);
+
+    public Task DeleteAsync(
+        string moduleId,
+        CodeModuleDeleteOptions? options = null,
+        CancellationToken ct = default);
+
+    public Task<CodeModuleExportResult> ExportAsync(
+        CodeModuleExportRequest request,
+        CancellationToken ct = default);
+
+    public Task<CodeModuleImportResult> ImportAsync(
+        CodeModuleImportRequest request,
+        CancellationToken ct = default);
+
+    public Task<CodeModuleBuildResult> BuildAsync(
+        CodeModuleBuildRequest request,
+        CancellationToken ct = default);
+
+    public Task<CodeModuleTrustResult> TrustAsync(
+        CodeModuleTrustRequest request,
+        CancellationToken ct = default);
+}
+```
+
+### Key Models
+
+```csharp
+public sealed record CodeModuleDefinition(
+    string ModuleId,
+    string Name,
+    CodeModuleKind Kind,
+    string Language,
+    string Source,
+    CodeModuleScope Scope,
+    IReadOnlyDictionary<string, string> Metadata,
+    string? SourceHash = null,
+    string? LastBuiltHash = null,
+    CodeModuleTrustState TrustState = CodeModuleTrustState.Untrusted,
+    IReadOnlyList<CodeModuleEventBinding>? EventBindings = null);
+
+public enum CodeModuleKind
+{
+    Standard = 0,
+    Form = 1,
+    Report = 2,
+    Shared = 3,
+}
+
+public sealed record CodeModuleEventBinding(
+    string OwnerKind,
+    string OwnerId,
+    string EventName,
+    string ProcedureName,
+    string ModuleId);
+```
+
+`Language` should be `"csharp"` in V1. The field exists so the wire shape can
+evolve later.
+
+## Database Storage
+
+V1 can use system tables instead of embedding code directly inside form JSON.
+Forms can reference module event procedures by id/name.
+
+Suggested tables:
+
+```sql
+CREATE TABLE IF NOT EXISTS _admin_code_modules (
+    module_id TEXT PRIMARY KEY,
+    name TEXT NOT NULL,
+    kind TEXT NOT NULL,
+    language TEXT NOT NULL,
+    source TEXT NOT NULL,
+    source_hash TEXT NOT NULL,
+    last_built_hash TEXT,
+    trust_state TEXT NOT NULL,
+    metadata_json TEXT,
+    created_utc TEXT NOT NULL,
+    updated_utc TEXT NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS _admin_code_module_bindings (
+    binding_id TEXT PRIMARY KEY,
+    module_id TEXT NOT NULL,
+    owner_kind TEXT NOT NULL,
+    owner_id TEXT NOT NULL,
+    event_name TEXT NOT NULL,
+    procedure_name TEXT NOT NULL,
+    metadata_json TEXT,
+    FOREIGN KEY (module_id) REFERENCES _admin_code_modules(module_id)
+);
+
+CREATE TABLE IF NOT EXISTS _admin_code_module_builds (
+    build_id TEXT PRIMARY KEY,
+    module_set_hash TEXT NOT NULL,
+    status TEXT NOT NULL,
+    diagnostics_json TEXT,
+    artifact_hash TEXT,
+    built_utc TEXT NOT NULL
+);
+```
+
+Open question: whether compiled assemblies should be persisted in the database.
+For V1, prefer not storing binaries until the runtime model is settled. Store
+source, diagnostics, and hashes first. Compile on host startup or on first use.
+
+## Exported Workspace Shape
+
+VS Code should edit normal files generated from database modules.
+
+```text
+.csharpdb-code/
+  csharpdb.codeproj.json
+  forms/
+    Customers/
+      CustomersForm.cs
+  modules/
+    InventoryRules.cs
+    SharedValidation.cs
+  obj/
+    generated/
+      CSharpDbCodeModuleRuntime.g.cs
+      FormContracts.g.cs
+  .vscode/
+    tasks.json
+    launch.json
+```
+
+Manifest example:
+
+```json
+{
+  "database": "C:\\data\\app.db",
+  "formatVersion": 1,
+  "modules": [
+    {
+      "moduleId": "forms.customers",
+      "path": "forms/Customers/CustomersForm.cs",
+      "sourceHash": "sha256:...",
+      "kind": "Form",
+      "ownerKind": "Form",
+      "ownerId": "customers-form"
+    }
+  ]
+}
+```
+
+The manifest is required for conflict detection and stable module ids.
+
+## C# Module Shape
+
+Generated form module example:
+
+```csharp
+using CSharpDB.CodeModules.Runtime;
+
+namespace CSharpDB.DatabaseCode.Forms;
+
+public sealed class CustomersFormModule : FormCodeModule
+{
+    public void Form_BeforeUpdate(FormBeforeUpdateContext context)
+    {
+        if (Me.Status == "Closed" && Me.ClosedDate is null)
+        {
+            context.Cancel = true;
+            context.Message = "Closed date is required.";
+        }
+    }
+
+    public void btnShip_Click(FormControlEventContext context)
+    {
+        Me.Status = "Shipped";
+        DoCmd.SaveRecord();
+    }
+}
+```
+
+This is C#, but with generated helper APIs that feel like Access:
+
+- `Me`
+- `Controls`
+- strongly typed field properties when schema is known
+- `DoCmd`
+- event context objects
+- validation/cancel semantics
+
+## Runtime Contracts
+
+`CSharpDB.CodeModules.Runtime` should define small, controlled contracts:
+
+```csharp
+public abstract class FormCodeModule
+{
+    protected dynamic Me { get; }
+    protected IFormCommandApi DoCmd { get; }
+    protected IFormControlApi Controls { get; }
+}
+
+public sealed class FormBeforeUpdateContext
+{
+    public bool Cancel { get; set; }
+    public string? Message { get; set; }
+}
+
+public interface IFormCommandApi
+{
+    void SaveRecord();
+    void NewRecord();
+    void Refresh();
+    void OpenForm(string formName, object? filter = null);
+    void RunAction(string actionName);
+    ValueTask RunCommandAsync(string commandName, object? args = null);
+}
+```
+
+The runtime API should expose form-safe operations only. Host integrations still
+go through trusted host callbacks.
+
+## Compilation
+
+Use Roslyn in `CSharpDB.CodeModules.Compilation`.
+
+Build inputs:
+
+- module source files
+- generated runtime contracts
+- generated form schema wrappers
+- allowed framework references
+- CSharpDB runtime contract assembly references
+
+Build outputs:
+
+- success/failure
+- diagnostics with file/module/line/column
+- module set hash
+- optional in-memory assembly
+- optional debug harness project
+
+Diagnostics model:
+
+```csharp
+public sealed record CodeModuleDiagnostic(
+    string ModuleId,
+    string? FilePath,
+    CodeModuleDiagnosticSeverity Severity,
+    string Code,
+    string Message,
+    int StartLine,
+    int StartColumn,
+    int EndLine,
+    int EndColumn);
+```
+
+VS Code maps these to the Problems panel. Admin shows them in the module detail
+view.
+
+## Trust And Security
+
+Database-owned C# is powerful. V1 must fail closed.
+
+Trust states:
+
+| State | Meaning |
+| --- | --- |
+| `Untrusted` | Source exists but cannot execute. |
+| `TrustedForThisMachine` | User explicitly trusted this DB/module set locally. |
+| `TrustedBySignature` | Future signed module/package trust. |
+| `Revoked` | Explicitly blocked. |
+
+Execution requirements:
+
+- Database must be trusted.
+- Module source hash must match the trusted hash.
+- Build diagnostics must have no errors.
+- Runtime policy must allow module execution.
+- Host must opt into code module execution.
+
+Admin should show clear trust prompts. It should never silently execute code
+from a database file just because it contains modules.
+
+## VS Code Extension
+
+The VS Code extension should be a UI and sync shell, not the implementation
+owner.
+
+Commands:
+
+- `CSharpDB: Connect Database`
+- `CSharpDB: Export Code Modules`
+- `CSharpDB: Import Code Modules`
+- `CSharpDB: Sync Current File To Database`
+- `CSharpDB: Watch Code Modules`
+- `CSharpDB: Build Code Modules`
+- `CSharpDB: Create Form Event Stub`
+- `CSharpDB: Open Module From Database`
+- `CSharpDB: Generate Debug Harness`
+
+Views:
+
+- Code Modules tree
+- Forms and event procedures
+- Build diagnostics
+- Trust state
+
+The extension talks to a .NET sidecar/language server over JSON-RPC. The
+sidecar references `CSharpDB.CodeModules` and uses the public API.
+
+## Sidecar Protocol
+
+The protocol should be simple JSON-RPC:
+
+```text
+codeModules/connect
+codeModules/list
+codeModules/export
+codeModules/import
+codeModules/watch
+codeModules/build
+codeModules/upsert
+codeModules/createEventStub
+codeModules/trust
+```
+
+The sidecar owns:
+
+- loading CSharpDB assemblies
+- talking to `ICSharpDbClient`
+- file watching
+- conflict detection
+- Roslyn builds
+- diagnostics translation
+
+## Admin UX
+
+Admin should not become the main editor. It should provide:
+
+- Code Modules tab.
+- module list and details.
+- source read-only or simple textarea fallback.
+- build/trust status.
+- diagnostics history.
+- create event stub button from form designer.
+- "Open in VS Code" command when extension/deep link support exists.
+
+Form designer integration:
+
+- select form/control event.
+- choose "Create Code Module Handler".
+- Admin generates `Form_BeforeUpdate`, `btnSave_Click`, etc.
+- event binding points to module id and procedure name.
+- module appears in Code Modules tab.
+
+## Import/Export And Conflict Handling
+
+Every sync uses hashes:
+
+- database source hash
+- exported file hash
+- manifest hash
+
+Import should detect:
+
+- file changed, DB unchanged: import cleanly.
+- DB changed, file unchanged: update file on export.
+- both changed: conflict result, no overwrite by default.
+
+Conflict result includes:
+
+- module id
+- db hash
+- file hash
+- paths
+- suggested resolution
+
+## Debugging Strategy
+
+V1 should not promise live Admin breakpoints. Instead:
+
+1. Generate a debug harness project.
+2. Reference `CSharpDB.CodeModules.Runtime`.
+3. Generate sample event contexts from form metadata.
+4. Let VS Code run/debug the harness normally.
+
+Later live debugging can attach to Admin or a dedicated module host, but that
+requires a runtime/debug adapter design.
+
+## Runtime Execution
+
+Admin Forms runtime flow:
+
+1. Event fires.
+2. Runtime resolves event binding to module id/procedure.
+3. Trust policy is checked.
+4. Module set is compiled or loaded from cache.
+5. Procedure is invoked with a typed context.
+6. Result maps back to existing form event behavior:
+   - cancel save
+   - set error/message
+   - mutate current record
+   - dispatch allowed macro/actions
+
+Failures:
+
+- untrusted: block execution with clear message
+- missing module/procedure: block event with diagnostics
+- compile error: block event with diagnostics
+- exception: fail event and record diagnostics
+
+## Relationship To Host Callbacks
+
+Database modules should call host services only through explicit host callbacks:
+
+```csharp
+await DoCmd.RunCommandAsync("SendOpsDigest", new { OrderId = Me.Id });
+```
+
+This keeps external side effects behind host registration and policy.
+
+## Testing Plan
+
+Core API tests:
+
+- create/list/get/update/delete modules
+- module metadata round-trip
+- event binding round-trip
+- import/export manifest generation
+- import conflict detection
+- hash stability
+- build success/failure diagnostics
+- trust enforcement
+
+Admin tests:
+
+- create event stub from form/control event
+- module appears in catalog
+- untrusted module blocks execution
+- trusted module executes
+- compile errors shown in diagnostics
+- form save cancellation from code module
+
+VS Code sidecar tests:
+
+- JSON-RPC list/export/import/build
+- file watcher sync
+- diagnostics mapping
+- conflict reporting
+
+Runtime tests:
+
+- form before update cancel
+- button click mutation
+- missing procedure
+- compile failure
+- thrown exception
+- host callback bridge through `DoCmd.RunCommandAsync`
+
+## Phased Implementation
+
+### Phase 1: Core Storage And API
+
+- Add `CSharpDB.CodeModules`.
+- Add module models.
+- Add system-table storage through `ICSharpDbClient`.
+- Add list/get/upsert/delete.
+- Add tests.
+
+### Phase 2: Import/Export Sync
+
+- Add file layout and manifest.
+- Add export/import APIs.
+- Add conflict detection.
+- Add tests with temp directories.
+
+### Phase 3: Roslyn Build Diagnostics
+
+- Add C# compile service.
+- Add generated runtime references.
+- Return diagnostics.
+- Store last build status/hash.
+
+### Phase 4: Admin Catalog And Stub Generation
+
+- Add Code Modules tab.
+- Add module detail/status.
+- Add form/control event stub generation.
+- Add binding metadata.
+
+### Phase 5: VS Code Sidecar And Extension
+
+- Add sidecar JSON-RPC process.
+- Add VS Code module tree.
+- Add export/import/watch/build commands.
+- Map diagnostics to Problems panel.
+
+### Phase 6: Trusted Runtime Execution
+
+- Add trust state and prompts.
+- Add form event execution path.
+- Add runtime contexts.
+- Add diagnostics.
+
+### Phase 7: Debug Harness
+
+- Generate harness project.
+- Add VS Code launch/task config.
+- Add sample event contexts.
+
+## Open Questions
+
+- Store compiled assemblies in DB or cache only on disk?
+- Exact trust UX and where local trust is stored.
+- Whether form modules should be partial classes generated around user code.
+- How strongly typed `Me` should be in V1.
+- Whether remote databases can execute modules or only edit/sync them.
+- How module runtime policy composes with existing callback policy.
+- Whether code modules can reference other modules in V1.
+- How to version module runtime contracts.
+
+## Recommendation
+
+Proceed with `CSharpDB.CodeModules` as the core. Do not build an Admin Monaco
+editor for V1. Do not make the CLI a required layer.
+
+Use Admin for module discovery, trust, event stub creation, build status, and
+runtime execution. Use VS Code plus a .NET sidecar for editing, sync,
+diagnostics, and debug harness workflows.
diff --git a/docs/trusted-csharp-functions/validation-rules.md b/docs/trusted-csharp-functions/validation-rules.md
new file mode 100644
index 00000000..ce461b52
--- /dev/null
+++ b/docs/trusted-csharp-functions/validation-rules.md
@@ -0,0 +1,233 @@
+# Trusted Validation Rules
+
+Admin Forms can run host-registered validation callbacks before a record is
+saved. The form stores only the validation rule name, fallback message, and JSON
+parameters. The C# callback body is compiled into the host application and
+registered during startup.
+
+Validation rules are trusted in-process callbacks. They are intended for
+business checks that do not belong in generic field metadata, such as
+cross-field validation, tenant-specific policies, or checks against host-owned
+services.
+
+## Register Rules
+
+Register rules with `AddCSharpDbAdminFormValidationRules(...)`:
+
+```csharp
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
+
+builder.Services.AddCSharpDbAdminFormValidationRules(rules =>
+{
+    rules.AddRule(
+        "CustomerNamePolicy",
+        new DbValidationRuleOptions(
+            Description: "Rejects placeholder customer names.",
+            Timeout: TimeSpan.FromSeconds(2)),
+        static (context, ct) =>
+        {
+            string text = context.Value.IsNull ? string.Empty : context.Value.AsText;
+            string blockedText = context.Parameters.TryGetValue("blockedText", out DbValue configured)
+                && !configured.IsNull
+                    ? configured.AsText
+                    : "test";
+
+            DbValidationRuleResult result = text.Contains(blockedText, StringComparison.OrdinalIgnoreCase)
+                ? DbValidationRuleResult.Failure(
+                    context.FallbackMessage ?? "Customer name is not allowed.",
+                    context.FieldName,
+                    context.RuleName)
+                : DbValidationRuleResult.Success();
+            return ValueTask.FromResult(result);
+        });
+});
+```
+
+Rule names are case-insensitive identifiers. Duplicate names fail during
+registration so the host fails fast at startup.
+
+## Field-Level Rules
+
+Field-level rules are attached to a bound control through
+`ValidationOverride.AddRules`. The runtime context includes the current field
+value, field name, control id, full record, parameters, and metadata.
+
+```csharp
+new ControlDefinition(
+    "customer-name",
+    "text",
+    new Rect(24, 72, 240, 32),
+    new BindingDefinition("Name", "TwoWay"),
+    PropertyBag.Empty,
+    new ValidationOverride(
+        DisableInferredRules: false,
+        AddRules:
+        [
+            new ValidationRule(
+                "CustomerNamePolicy",
+                "Use the real customer name, not a placeholder.",
+                new Dictionary<string, object?>
+                {
+                    ["blockedText"] = "test",
+                }),
+        ],
+        DisableRuleIds: []));
+```
+
+The fallback message is used when the callback returns a failure without a more
+specific message. Parameters are converted to `DbValue` and are available through
+`context.Parameters`.
+
+## Form-Level Rules
+
+Form-level rules live on `FormDefinition.ValidationRules`. Use them for
+cross-field checks and global save policies. A form-level callback can return
+field-specific failures or global failures. A failure with `FieldName = null` or
+an empty field name is shown as a form-level error.
+
+```csharp
+builder.Services.AddCSharpDbAdminFormValidationRules(rules =>
+{
+    rules.AddRule(
+        "CustomerReadyForInsert",
+        static context =>
+        {
+            string status = context.Record.TryGetValue("Status", out DbValue value)
+                && !value.IsNull
+                    ? value.AsText
+                    : string.Empty;
+
+            return string.Equals(status, "Ready", StringComparison.OrdinalIgnoreCase)
+                ? DbValidationRuleResult.Success()
+                : DbValidationRuleResult.Failure(
+                    [
+                        new DbValidationFailure(
+                            "Status",
+                            "Customer status must be Ready before save.",
+                            context.RuleName),
+                    ],
+                    "Customer record is not ready.");
+        });
+});
+```
+
+Attach the rule to the form:
+
+```csharp
+var form = existingForm with
+{
+    ValidationRules =
+    [
+        new ValidationRule(
+            "CustomerReadyForInsert",
+            "Customer status must be Ready before save.",
+            new Dictionary<string, object?>()),
+    ],
+};
+```
+
+## Runtime Context
+
+Every rule receives `DbValidationRuleContext`:
+
+| Property | Meaning |
+| --- | --- |
+| `RuleName` | The registered callback name. |
+| `Scope` | `Field` or `Form`. |
+| `Record` | Full current record as `IReadOnlyDictionary<string, DbValue>`. |
+| `Parameters` | JSON parameters from form metadata as `DbValue`s. |
+| `Metadata` | Surface, owner, location, correlation id, and form details. |
+| `FormId`, `FormName`, `TableName` | Current form source metadata. |
+| `ControlId`, `FieldName`, `Value` | Field-level context; null/default for form-level rules. |
+| `FallbackMessage` | Designer-provided fallback message. |
+
+Validation callbacks are asynchronous:
+
+```csharp
+public delegate ValueTask<DbValidationRuleResult> DbValidationRuleDelegate(
+    DbValidationRuleContext context,
+    CancellationToken ct);
+```
+
+Pass the cancellation token to host I/O. If a rule uses host services, capture
+thread-safe services in the registration closure or register the rule from a
+host-owned composition root.
+
+## Policy
+
+Validation rules request the `DbExtensionCapability.ValidationRules`
+capability. `DbExtensionPolicies.DefaultHostCallbackPolicy` grants validation
+rules by default. If the host uses a custom policy, it must grant that
+capability:
+
+```csharp
+builder.Services.AddSingleton(new DbExtensionPolicy(
+    AllowExtensions: true,
+    Grants:
+    [
+        new DbExtensionCapabilityGrant(
+            DbExtensionCapability.ValidationRules,
+            DbExtensionCapabilityGrantStatus.Granted,
+            Exports: ["CustomerNamePolicy", "CustomerReadyForInsert"]),
+    ],
+    DefaultTimeout: TimeSpan.FromSeconds(5),
+    RequireSignature: true,
+    AllowedHostModes: DbExtensionHostMode.Embedded));
+```
+
+Scoped grants can use `Exports`, `Tables`, and `Scope`. Deny grants take
+precedence over allows when both match a callback request.
+
+## Failure Behavior
+
+Validation rules fail closed. Save is blocked when a rule is:
+
+- not registered
+- denied by policy
+- timed out
+- canceled by the validation runtime
+- throwing an exception
+- returning a failed result
+
+The Admin callbacks tab shows registered validation rules, saved references,
+policy decisions, and diagnostics history. Missing references mean saved form
+metadata names a rule that the current host has not registered.
+
+## Generated Stubs
+
+Forms export automation metadata for validation rule references. The callback
+catalog can generate starter registrations:
+
+```csharp
+public static void Register(
+    DbFunctionRegistryBuilder functions,
+    DbCommandRegistryBuilder commands,
+    DbValidationRuleRegistryBuilder validationRules)
+{
+    validationRules.AddRule(
+        "CustomerNamePolicy",
+        new DbValidationRuleOptions(
+            Description: "TODO: describe validation rule."),
+        static async (context, ct) =>
+        {
+            await ValueTask.CompletedTask;
+            return DbValidationRuleResult.Success();
+        });
+}
+```
+
+The generated code is a handoff artifact. Keep the rule implementation in the
+host project, not in form JSON or database metadata.
+
+## Runnable Sample
+
+The trusted host sample registers scalar functions, commands, and validation
+rules:
+
+```powershell
+dotnet run --project samples\trusted-csharp-host\TrustedCSharpHostSample.csproj
+```
+
+The sample exports form automation metadata, validates that the referenced
+callbacks are registered, prints generated stubs, and runs a validation demo.
diff --git a/docs/tutorials/fulfillment-ops-admin-automation.md b/docs/tutorials/fulfillment-ops-admin-automation.md
new file mode 100644
index 00000000..39ee9886
--- /dev/null
+++ b/docs/tutorials/fulfillment-ops-admin-automation.md
@@ -0,0 +1,837 @@
+# Fulfillment Ops Admin Automation Tutorial
+
+This tutorial walks through a realistic CSharpDB Admin scenario for an app
+builder. You will use the fulfillment demo database to inspect operational
+tables, work with JSON document collections, review Access-style forms and
+reports, run stored procedures, build a small form automation workflow, and
+inspect the trusted host callbacks that make executable behavior visible
+without storing C# code in the database.
+
+The goal is not just to click through Admin. The goal is to understand the
+product model:
+
+- tables and collections hold operational data
+- stored procedures package reusable SQL work inside the database
+- forms and reports provide Access-style application surfaces
+- macro actions are saved as database metadata
+- trusted callbacks are C# code owned and registered by the host application
+- callback readiness tells app builders whether saved metadata can run in the
+  current host
+
+## Scenario
+
+You are building an internal fulfillment console for an operations team. The
+team needs to:
+
+- review open orders
+- create or review shipments
+- receive purchase orders
+- process returns
+- inspect scanner-session JSON captured by warehouse devices
+- inspect webhook payloads received from external systems
+- run repeatable SQL workflows such as allocation, receiving, and status
+  snapshots
+- run a few host-owned automation hooks from buttons and form events
+- verify that every callback referenced by forms, reports, or automation is
+  registered by the current Admin host
+
+CSharpDB Admin fits this scenario because it combines database browsing,
+document inspection, form design, reports, declarative macro actions, and
+stored procedure execution with trusted C# callback visibility in one tool.
+
+## Prerequisites
+
+Use a copy of the demo database for tutorial work. The tutorial includes create,
+edit, and delete steps for disposable objects.
+
+From the repository root:
+
+```powershell
+Copy-Item `
+  -LiteralPath .\src\CSharpDB.Admin\fulfillment-hub-demo.db `
+  -Destination .\src\CSharpDB.Admin\fulfillment-hub-tutorial.db `
+  -Force
+```
+
+Start Admin against the copied database:
+
+```powershell
+$env:ConnectionStrings__CSharpDB = 'Data Source=fulfillment-hub-tutorial.db'
+dotnet run --project .\src\CSharpDB.Admin\CSharpDB.Admin.csproj --urls http://localhost:62818
+```
+
+Open:
+
+```text
+http://localhost:62818/
+```
+
+The Admin header should show a connected database. If it still shows
+`fulfillment-hub-demo.db`, stop Admin and restart it with the environment
+variable above.
+
+Important trust boundary:
+
+- trusted callbacks are ordinary in-process C# code registered by the host
+- database metadata can reference callback names, but does not store callback
+  implementations
+- CSharpDB does not use WASM, source scanning, or in-process database-owned
+  plugin assemblies for this workflow
+
+## Tour The Admin App
+
+Start in the Object Explorer on the left.
+
+You should see these high-level groups:
+
+- **User Tables**
+- **Collections**
+- **Forms**
+- **Reports**
+- **Procedures**
+- **Callbacks**
+
+Use the filter chips near the top of Object Explorer to focus the list. The
+tutorial uses these objects:
+
+| Area | Objects |
+| --- | --- |
+| Tables | `orders`, `shipments`, `returns`, `products`, `inventory_positions`, `purchase_orders` |
+| Collections | `scanner_sessions`, `webhook_archive` |
+| Forms | `Order Workbench`, `Purchase Order Receiving`, `Return Intake` |
+| Reports | `Low Stock Watch`, `Open Order Queue`, `Shipment Manifest` |
+| Procedures | `AllocateOrder`, `CreateShipment`, `ReceivePurchaseOrder`, `RecordReturn`, `RefreshOperationalStats` |
+| Callbacks | `Slugify`, `EchoAutomationEvent` |
+
+If Object Explorer does not show a new object after a write, click the refresh
+button in the Object Explorer header.
+
+## Browse Operational Tables
+
+1. Click **Tables** in Object Explorer.
+2. Open `orders`.
+3. Page through the order rows.
+4. Open `shipments`.
+5. Open `returns`.
+6. Open `inventory_positions`.
+
+Notice the table browser pattern:
+
+- each table opens in its own tab
+- the toolbar contains refresh and paging controls
+- the grid is for row browsing
+- the detail or edit area is for record-level work
+
+This is the relational side of the fulfillment app. The next sections use
+forms, procedures, collections, reports, and callbacks to build an application
+workflow on top of these tables.
+
+## Use The Existing Forms
+
+1. Click **Forms** in Object Explorer.
+2. Open `Order Workbench`.
+3. Use the data-entry runtime to move through order records.
+4. Open `Purchase Order Receiving`.
+5. Open `Return Intake`.
+
+These forms are the Access-style app surfaces. An app builder can design forms
+over tables and views, then attach event bindings and action sequences.
+
+Use the designer entry for `Order Workbench` when you want to edit layout or
+actions. Use the data-entry entry when you want to run the form as an operator
+would.
+
+## Use Stored Procedures For Reusable Database Work
+
+Stored procedures are database-owned SQL workflows. They are the right tool
+when the behavior is still database work:
+
+| Use a stored procedure when... | Use something else when... |
+| --- | --- |
+| the logic is a reusable set of SQL statements | the user is running one ad hoc query |
+| multiple table updates should succeed or fail together | the workflow needs external APIs, files, email, queues, or services |
+| the operation needs named parameters and defaults | the workflow only changes form UI state |
+| the operation should return follow-up result sets after it writes | the behavior must be host-owned C# |
+
+In this model:
+
+- procedures store SQL and parameter metadata in the database
+- procedure execution runs inside one transaction
+- `@parameter` references in the SQL body are bound from Args JSON or `EXEC`
+  arguments
+- procedures can read and write tables, write audit/event rows, and return one
+  or more result sets
+- procedures do not store C# source and are not host callbacks
+
+### Inspect And Run A Read-Only Procedure
+
+1. Click **Procedures** in Object Explorer.
+2. Open `RefreshOperationalStats`.
+3. Review the body SQL. It returns table stats, shortage-watch rows, and the
+   open order board.
+4. Confirm the procedure has no parameters.
+5. In **Args JSON**, keep:
+
+   ```json
+   {}
+   ```
+
+6. Click **Run**.
+
+Expected result:
+
+- the execution summary reports success
+- the tab lists each statement in the procedure body
+- result grids appear for the `SELECT` statements
+
+You can also run the same procedure from the SQL editor:
+
+```sql
+EXEC RefreshOperationalStats;
+```
+
+### Inspect Write Procedures Before Running Them
+
+Open these procedures and read their body SQL and parameter lists:
+
+- `AllocateOrder`
+- `ReceivePurchaseOrder`
+- `CreateShipment`
+- `RecordReturn`
+
+These are good stored-procedure candidates because they coordinate several
+related table changes and then return review data. For example, `AllocateOrder`
+updates inventory reservations, updates order-line allocation state, updates
+the order, writes an `ops_events` row, and returns follow-up rows for review.
+
+Run write procedures only against the copied tutorial database. They are meant
+to demonstrate operational workflows, but they still mutate real rows in that
+copy.
+
+### Create A Tutorial Read-Only Procedure
+
+Create one disposable procedure so you can practice the editor without changing
+operational data.
+
+1. Right-click **Procedures** and choose **New Procedure...**, or use the
+   command palette item **New Procedure**.
+2. Set **Name** to:
+
+   ```text
+   tutorial_OpenOrderSnapshot
+   ```
+
+3. Set **Description** to:
+
+   ```text
+   Tutorial read-only snapshot of order board rows by status.
+   ```
+
+4. Leave **Enabled** checked.
+5. Set **Body SQL** to:
+
+   ```sql
+   SELECT order_number,
+          customer_name,
+          warehouse_code,
+          order_status,
+          priority_code,
+          total_amount
+   FROM order_fulfillment_board
+   WHERE order_status = @status
+   ORDER BY required_ship_date, priority_code DESC, order_number;
+   ```
+
+6. Add one parameter:
+
+   | Name | Type | Required | Default | Description |
+   | --- | --- | --- | --- | --- |
+   | `status` | `TEXT` | unchecked | `released` | Order status to show. |
+
+7. Click **Save**.
+8. In **Args JSON**, enter:
+
+   ```json
+   {
+     "status": "released"
+   }
+   ```
+
+9. Click **Run** and review the result grid.
+
+The same procedure can be run from the SQL editor with either JSON args:
+
+```sql
+EXEC tutorial_OpenOrderSnapshot { "status": "allocated" };
+```
+
+or SQL-style args:
+
+```sql
+EXEC tutorial_OpenOrderSnapshot @status = 'allocated';
+```
+
+### When Procedures Meet Forms
+
+Forms can reference stored procedures through the `RunProcedure` macro action.
+Use that when a button or form event should invoke a reviewed database workflow,
+such as allocation, receiving, or a read-only snapshot. The action target is the
+procedure name, and the action arguments become procedure arguments.
+
+Use `RunCommand` instead when the workflow must leave the database and call
+host-owned C# services. A common pattern is:
+
+1. `RunProcedure` performs the database work.
+2. `RunCommand` tells host-owned C# to send a notification, publish a message,
+   or call an external service.
+
+The default Admin rendered form host may keep `RunProcedure` disabled unless
+the host explicitly opts in. The procedure editor and SQL editor can still run
+procedures directly.
+
+## Use Collections For Operational JSON
+
+Collections are for JSON documents that are better kept as document payloads
+than flattened relational rows. In this demo they represent warehouse scanner
+sessions and webhook payload archives.
+
+### Inspect `scanner_sessions`
+
+1. Click **Collections** in Object Explorer.
+2. Open `scanner_sessions`.
+3. Confirm the collection tab shows a paged document grid.
+4. Select a document.
+5. Review the indented JSON in the detail panel.
+6. Change the page size to `10`, `25`, `50`, or `100`.
+7. Use the exact-key lookup if you know a document key.
+
+The demo data may fit on a single page. The important behavior is that the tab
+uses the same paged browsing model for two documents as it does for thousands.
+
+The grid shows:
+
+- row number
+- document key
+- JSON kind
+- compact preview
+
+The detail panel shows the selected document as formatted JSON.
+
+### Create And Delete A Disposable Document
+
+Use a tutorial-only key so cleanup is obvious.
+
+1. In `scanner_sessions`, click **New Document**.
+2. Enter this key:
+
+   ```text
+   tutorial_scanner_session
+   ```
+
+3. Enter this JSON:
+
+   ```json
+   {
+     "sessionId": "tutorial_scanner_session",
+     "warehouse": "SEA-01",
+     "operator": "tutorial",
+     "startedAt": "2026-05-01T09:00:00Z",
+     "events": [
+       {
+         "kind": "scan",
+         "sku": "TUTORIAL-SKU",
+         "quantity": 1
+       }
+     ],
+     "status": "review"
+   }
+   ```
+
+4. Confirm **Save** is enabled only while the JSON is valid.
+5. Click **Save**.
+6. Select the saved document and confirm the preview updates.
+7. Click **Delete**.
+8. Confirm the delete prompt.
+
+If you intentionally break the JSON, for example by removing a closing brace,
+Admin keeps **Save** disabled and shows a validation message.
+
+### Inspect `webhook_archive`
+
+1. Open `webhook_archive`.
+2. Select a document.
+3. Review the payload structure.
+4. Review the page controls and page-size selector. If your copied database has
+   more webhook documents than one page can hold, move between pages.
+
+This is the document side of the fulfillment app. The app builder can inspect
+payloads without needing a new transport contract or a custom JSON viewer.
+
+## Build An Access-Style Workflow
+
+This section adds a tutorial-only workflow to `Order Workbench`. The workflow
+demonstrates the macro/action model. It stores action metadata in the form; it
+does not store executable C# code in the database.
+
+Use a copied tutorial database before making these edits.
+
+### Add Tutorial Controls
+
+1. Open the `Order Workbench` designer.
+2. Add a label near the top of the form.
+3. Set the label text to:
+
+   ```text
+   Tutorial review mode is active.
+   ```
+
+4. Copy the generated read-only control ID from the property inspector and
+   write it down as `<review-banner-id>`.
+5. Add a command button.
+6. Set the button text to:
+
+   ```text
+   Tutorial Review
+   ```
+
+7. Copy its generated control ID as `<review-button-id>`.
+8. Add a second command button.
+9. Set the button text to:
+
+   ```text
+   Clear Tutorial Filter
+   ```
+
+10. Copy its generated control ID as `<clear-filter-button-id>`.
+
+The current designer generates control IDs and shows them as read-only. Use the
+recorded IDs anywhere this tutorial asks for a target control. These controls
+are tutorial-owned because their visible text and action sequence names are
+tutorial-specific, so the cleanup step is still easy.
+
+### Add The Review Action Sequence
+
+Select the **Tutorial Review** button. Add an `OnClick` event, then add an
+action sequence named:
+
+```text
+tutorial_prepare_review
+```
+
+Add these steps in order:
+
+| Step | Action | Target | Value or settings |
+| ---: | --- | --- | --- |
+| 1 | `SetControlVisibility` | `<review-banner-id>` | `true` |
+| 2 | `SetControlEnabled` | `<clear-filter-button-id>` | `true` |
+| 3 | `SetControlReadOnly` | `<review-button-id>` | `true` |
+| 4 | `ApplyFilter` | `form` | `Status <> 'Closed'` |
+| 5 | `OpenForm` | `Purchase Order Receiving` | arguments JSON shown below |
+| 6 | `RunCommand` | empty | command name: `EchoAutomationEvent`; arguments JSON shown below |
+| 7 | `ShowMessage` | empty | `Tutorial review mode is active.` |
+
+For step 5, use JSON in the arguments field:
+
+```json
+{
+  "mode": "browse",
+  "filter": "Status <> 'Closed'"
+}
+```
+
+For step 6, use JSON in the arguments field:
+
+```json
+{
+  "source": "tutorial_review_button"
+}
+```
+
+Save the form.
+
+Run the data-entry form and click **Tutorial Review**.
+
+Expected result:
+
+- the banner becomes visible
+- the clear-filter button becomes enabled
+- the review button becomes read-only or disabled for editing where supported
+- the current form applies the `Status <> 'Closed'` filter
+- `Purchase Order Receiving` opens in a new tab with the supplied mode/filter
+- `EchoAutomationEvent` runs as a trusted host command
+- the form shows the tutorial message
+
+If the filter fails, check that the form's source has a `Status` field. If your
+copy of the form uses a different field name, change the filter to a field that
+exists on the form source.
+
+### Add The Clear Filter Sequence
+
+Select the **Clear Tutorial Filter** button. Add an `OnClick` event, then add
+an action sequence named:
+
+```text
+tutorial_clear_review
+```
+
+Add these steps:
+
+| Step | Action | Target | Value or settings |
+| ---: | --- | --- | --- |
+| 1 | `ClearFilter` | `form` | empty |
+| 2 | `SetControlVisibility` | `<review-banner-id>` | `false` |
+| 3 | `SetControlReadOnly` | `<review-button-id>` | `false` |
+| 4 | `ShowMessage` | empty | `Tutorial review mode cleared.` |
+
+Save the form, run data entry, and click **Clear Tutorial Filter**.
+
+Expected result:
+
+- the form filter is cleared
+- the banner is hidden
+- the review button becomes editable again where supported
+- a confirmation message appears
+
+### Optional Power Actions: SQL And Procedures
+
+The action model includes `RunSql` and `RunProcedure`. The default Admin
+rendered form host may leave those actions disabled by host policy, even for
+read-only procedure bodies. That is intentional: SQL/procedure actions can
+change data, so a host should enable them deliberately.
+
+To understand the design-time shape, add a disabled or non-running tutorial
+sequence named:
+
+```text
+tutorial_power_actions_reference
+```
+
+Add these steps with `StopOnFailure = false`:
+
+| Step | Action | Target | Value or settings |
+| ---: | --- | --- | --- |
+| 1 | `RunSql` | empty | `SELECT COUNT(*) AS open_orders FROM orders WHERE Status <> 'Closed'` |
+| 2 | `RunProcedure` | `tutorial_OpenOrderSnapshot` | arguments JSON shown below |
+| 3 | `ShowMessage` | empty | `Power action reference completed.` |
+
+For step 2, use JSON in the arguments field:
+
+```json
+{
+  "status": "released"
+}
+```
+
+If you run this sequence in a host where SQL/procedure actions are disabled,
+the expected result is a clear failure message such as `RunSql action is
+disabled by host policy` or `RunProcedure action is disabled by host policy`.
+That is the correct default posture. In a host that enables these actions, use
+a copied tutorial database and only run idempotent or disposable operations.
+
+If `tutorial_OpenOrderSnapshot` was not created earlier, use
+`RefreshOperationalStats` instead and leave the arguments field as `{}`.
+
+## Trusted Host Callbacks
+
+Callbacks are the bridge between saved database metadata and host-owned C#.
+
+1. Click **Callbacks** in Object Explorer.
+2. Open the callback catalog.
+3. Select `Slugify`.
+4. Review its descriptor:
+   - kind: scalar function
+   - runtime: `HostCallback`
+   - return type: text
+   - deterministic/null behavior
+   - capability requests and policy decision
+5. Select `EchoAutomationEvent`.
+6. Review its descriptor:
+   - kind: command
+   - runtime: `HostCallback`
+   - command capability
+   - policy decision
+
+The readiness badge summarizes whether saved metadata references callbacks that
+are missing from the current host.
+
+Important:
+
+- `Slugify` and `EchoAutomationEvent` are registered by the Admin host at
+  startup
+- the database can reference these names
+- the database does not contain their C# implementation
+- descriptor and policy metadata make callbacks visible, but do not sandbox
+  them
+
+## Demonstrate Missing Callback Readiness
+
+Use the copied tutorial database for this step.
+
+1. Open the `Order Workbench` designer.
+2. Select the **Tutorial Review** button.
+3. Add one more `RunCommand` step to `tutorial_prepare_review`.
+4. Set the command name to:
+
+   ```text
+   tutorial_SendOpsDigest
+   ```
+
+5. Set `StopOnFailure = false`.
+6. Add arguments:
+
+   ```json
+   {
+     "source": "tutorial_missing_callback_demo"
+   }
+   ```
+
+7. Save the form.
+8. Open **Callbacks**.
+9. Click **Refresh**.
+
+Expected result:
+
+- the readiness badge reports a missing callback
+- the grid includes `tutorial_SendOpsDigest`
+- the row is marked missing
+- the details panel shows the form/reference location
+- **Stubs** is enabled
+
+Click **Stubs** to copy registration stub source for all missing callbacks, or
+select the missing row and click **Copy Stub** for only that callback.
+
+The copied stub is a developer handoff. It is not stored in the database and it
+is not automatically trusted. A host developer must implement and register the
+command in the host application.
+
+Cleanup options:
+
+- remove the `tutorial_SendOpsDigest` step from the form, or
+- keep it as a deliberate missing-callback example in the copied tutorial
+  database
+
+## Implement The Missing Callback In A Host
+
+The previous section created the app-builder side of the story: database
+metadata now references a command named `tutorial_SendOpsDigest`. The database
+still does not contain C# code. A host developer must add that command to the
+host application and register it at startup.
+
+For the Admin demo host, the registration point is:
+
+```text
+src/CSharpDB.Admin/Services/AdminHostCallbacks.cs
+```
+
+For a smaller VS Code debugging walkthrough, open the sample host project:
+
+```powershell
+code .\samples\trusted-csharp-host
+```
+
+That sample shows the same pattern with `Slugify` and
+`AuditCustomerChange`: callbacks are ordinary C# methods/delegates, registered
+with `DbFunctionRegistry` or `DbCommandRegistry`, then invoked by SQL or form
+automation metadata that references them by name.
+
+A host developer would implement the tutorial command like this inside the
+host's command registry setup:
+
+```csharp
+commands.AddCommand(
+    "tutorial_SendOpsDigest",
+    new DbCommandOptions("Sends a tutorial fulfillment operations digest."),
+    static context =>
+    {
+        string source = context.Arguments.TryGetValue("source", out DbValue value)
+            ? value.AsText
+            : "unknown";
+
+        // Call host-owned services here: email, queues, logging, APIs, etc.
+        return DbCommandResult.Success($"Tutorial digest requested by {source}.");
+    });
+```
+
+Debug flow:
+
+1. Put a breakpoint inside the command delegate.
+2. Start the host from VS Code with `F5`.
+3. Open Admin against the copied tutorial database.
+4. Run the form action that references `tutorial_SendOpsDigest`.
+5. Confirm the breakpoint is hit in host-owned C# code.
+6. Refresh **Callbacks** and confirm readiness changes from missing to
+   registered/allowed when the name and kind match.
+
+The generated stub from Admin is only a starting point for the developer. The
+trusted implementation is the reviewed C# code compiled into the host app.
+
+## Reports And Review
+
+Reports let app builders validate that the workflow supports operational
+review, not only data entry.
+
+1. Click **Reports** in Object Explorer.
+2. Open `Low Stock Watch`.
+3. Preview the report.
+4. Open `Open Order Queue`.
+5. Preview the report.
+6. Open `Shipment Manifest`.
+7. Preview the report.
+
+Use these reports to answer:
+
+- do order changes show up where operators expect?
+- does low-stock review still surface the right products?
+- can a shipment manifest be reviewed after order/shipment work?
+- do report expressions and data sources still load after form automation
+  changes?
+
+If a report uses host-registered scalar functions in calculated expressions,
+those functions appear in the same callback catalog as form commands.
+
+## Security Model
+
+This tutorial uses several different kinds of behavior:
+
+| Behavior | Stored in database? | Executes C#? | Trust model |
+| --- | --- | --- | --- |
+| Tables and rows | yes | no | data only |
+| Collection documents | yes | no | JSON data only |
+| Stored procedures | yes | no | declarative SQL executed by CSharpDB |
+| Form/report metadata | yes | no | declarative metadata |
+| Macro/action sequences | yes | no | interpreted by Admin/runtime |
+| Trusted callbacks | name/reference only | yes | host-owned in-process C# |
+
+CSharpDB deliberately does not treat database files as executable plugin
+packages.
+
+Rejected for this feature track:
+
+- WASM plugin execution
+- source scanning as a security boundary
+- runtime-loaded database-owned assemblies in the CSharpDB process
+- C# source stored in the database and compiled on normal open paths
+
+Future out-of-process .NET/C# workers remain a gated exploration path for
+portable extension packages. They are not part of this tutorial workflow.
+
+## Troubleshooting
+
+### The Admin app opened the original demo database
+
+Stop Admin and restart with:
+
+```powershell
+$env:ConnectionStrings__CSharpDB = 'Data Source=fulfillment-hub-tutorial.db'
+dotnet run --project .\src\CSharpDB.Admin\CSharpDB.Admin.csproj --urls http://localhost:62818
+```
+
+### Object Explorer does not show the object I expect
+
+Click the refresh icon in Object Explorer. If the object is still missing,
+check that the tutorial database copy is the active database.
+
+### A collection document will not save
+
+Check:
+
+- the key is not blank
+- the JSON is valid
+- the collection name is `scanner_sessions` or another existing collection
+- you are not editing a read-only existing key
+
+### A form filter fails
+
+Check:
+
+- the filter references a field that exists on the form source
+- text values are quoted
+- brackets are balanced
+- parameters such as `@status` have matching action arguments
+
+Examples:
+
+```text
+Status <> 'Closed'
+[Status] = 'Ready'
+Quantity > 0
+ClosedAt = null
+```
+
+### `RunSql` or `RunProcedure` is disabled
+
+That is expected in the default safe host posture unless the host explicitly
+enables those rendered form actions. Use `RunCommand` for trusted host-owned C#
+callbacks, or enable SQL/procedure actions only in a host that has reviewed the
+risk.
+
+### A procedure will not save or run
+
+Check:
+
+- the procedure name is a simple identifier
+- every `@parameter` referenced by Body SQL is listed in Parameters
+- Args JSON contains every required parameter
+- argument names match parameter names without the `@` prefix
+- text values are JSON strings in Args JSON or single-quoted in `EXEC`
+- the procedure is enabled
+
+Examples:
+
+```json
+{
+  "status": "released"
+}
+```
+
+```sql
+EXEC tutorial_OpenOrderSnapshot @status = 'released';
+```
+
+### A callback is missing
+
+Open **Callbacks**, refresh the catalog, select the missing callback, and use
+**Copy Stub**. Give the generated stub to the host developer who owns the
+application. The fix is to register host-owned C# code with the same callback
+name and compatible arity.
+
+### A callback is denied
+
+Review the capability grid and policy reason in the callback details. A denied
+callback should not execute. The host policy must grant the requested capability
+before the callback is considered ready.
+
+### The tutorial controls should be removed
+
+Open the `Order Workbench` designer and delete:
+
+- the label with text `Tutorial review mode is active.`
+- the `Tutorial Review` button
+- the `Clear Tutorial Filter` button
+- action sequences whose names start with `tutorial_`
+
+Save the form and refresh Object Explorer.
+
+Also delete the disposable procedure:
+
+- `tutorial_OpenOrderSnapshot`
+
+## What You Built
+
+You used one copied fulfillment database to exercise the full current app-builder
+story:
+
+- browsed relational operational tables
+- inspected existing stored procedures and created a disposable read-only
+  procedure
+- inspected paged JSON collections
+- edited a disposable collection document
+- used forms as Access-style data-entry surfaces
+- added macro-style form action sequences
+- used trusted host callbacks from saved metadata
+- inspected callback readiness and generated missing registration stubs
+- reviewed reports as operational validation surfaces
+- kept executable code host-owned instead of database-owned
+
+That is the intended production posture for the current CSharpDB Admin
+automation model.
diff --git a/samples/README.md b/samples/README.md
index 8d38f2d6..38cba5fe 100644
--- a/samples/README.md
+++ b/samples/README.md
@@ -19,6 +19,7 @@ The SQL dataset samples use a conventional layout with `schema.sql` for setup, `
 | `collection-indexing/` | Runnable `Collection<T>` indexing walkthrough | `.csproj`, `Program.cs`, `README.md` |
 | `generated-collections/` | Runnable source-generated collection fast-path walkthrough | `.csproj`, `Program.cs`, `README.md` |
 | `efcore-provider/` | Runnable EF Core 10 embedded-provider sample | `.csproj`, `Program.cs`, `README.md` |
+| `trusted-csharp-host/` | Runnable trusted callback host sample | scalar functions, commands, validation rules, form automation metadata, `.csproj`, `Program.cs`, `README.md` |
 
 ## Tutorials
 
diff --git a/samples/trusted-csharp-host/.vscode/launch.json b/samples/trusted-csharp-host/.vscode/launch.json
new file mode 100644
index 00000000..c41047b9
--- /dev/null
+++ b/samples/trusted-csharp-host/.vscode/launch.json
@@ -0,0 +1,16 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Debug Trusted C# Host Sample",
+      "type": "coreclr",
+      "request": "launch",
+      "preLaunchTask": "build trusted C# host sample",
+      "program": "${workspaceFolder}/bin/Debug/net10.0/TrustedCSharpHostSample.dll",
+      "args": [],
+      "cwd": "${workspaceFolder}",
+      "console": "integratedTerminal",
+      "stopAtEntry": false
+    }
+  ]
+}
diff --git a/samples/trusted-csharp-host/.vscode/tasks.json b/samples/trusted-csharp-host/.vscode/tasks.json
new file mode 100644
index 00000000..5d40ff03
--- /dev/null
+++ b/samples/trusted-csharp-host/.vscode/tasks.json
@@ -0,0 +1,28 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "build trusted C# host sample",
+      "type": "process",
+      "command": "dotnet",
+      "args": [
+        "build",
+        "${workspaceFolder}/TrustedCSharpHostSample.csproj"
+      ],
+      "problemMatcher": "$msCompile",
+      "group": "build"
+    },
+    {
+      "label": "run trusted C# host sample",
+      "type": "process",
+      "command": "dotnet",
+      "args": [
+        "run",
+        "--project",
+        "${workspaceFolder}/TrustedCSharpHostSample.csproj"
+      ],
+      "problemMatcher": "$msCompile",
+      "group": "test"
+    }
+  ]
+}
diff --git a/samples/trusted-csharp-host/Program.cs b/samples/trusted-csharp-host/Program.cs
new file mode 100644
index 00000000..a9876d6d
--- /dev/null
+++ b/samples/trusted-csharp-host/Program.cs
@@ -0,0 +1,341 @@
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Engine;
+using CSharpDB.Primitives;
+
+Console.WriteLine("CSharpDB trusted C# host sample");
+Console.WriteLine();
+
+DbFunctionRegistry functions = DbFunctionRegistry.Create(builder =>
+{
+    builder.AddScalar(
+        "Slugify",
+        arity: 1,
+        options: new DbScalarFunctionOptions(
+            ReturnType: DbType.Text,
+            IsDeterministic: true,
+            NullPropagating: true),
+        invoke: static (_, args) =>
+            DbValue.FromText(Slugify(args[0].AsText)));
+});
+
+List<string> auditLog = [];
+DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+{
+    builder.AddCommand(
+        "AuditCustomerChange",
+        new DbCommandOptions("Records a customer workflow event."),
+        context =>
+        {
+            long customerId = context.Arguments["Id"].AsInteger;
+            string status = context.Arguments["Status"].AsText;
+            string source = context.Arguments["source"].AsText;
+            string eventName = context.Metadata["event"];
+            string actionSequence = context.Metadata.TryGetValue("actionSequence", out string? value)
+                ? value
+                : "(none)";
+
+            auditLog.Add(
+                $"Customer {customerId} -> {status}; source={source}; event={eventName}; sequence={actionSequence}");
+            return DbCommandResult.Success();
+        });
+});
+
+DbValidationRuleRegistry validationRules = DbValidationRuleRegistry.Create(builder =>
+{
+    builder.AddRule(
+        "CustomerNamePolicy",
+        new DbValidationRuleOptions(
+            Description: "Rejects placeholder customer names.",
+            Timeout: TimeSpan.FromSeconds(2)),
+        static (context, _) =>
+        {
+            string text = context.Value.IsNull ? string.Empty : context.Value.AsText;
+            string blockedText = context.Parameters.TryGetValue("blockedText", out DbValue configured)
+                && !configured.IsNull
+                    ? configured.AsText
+                    : "test";
+
+            DbValidationRuleResult result = text.Contains(blockedText, StringComparison.OrdinalIgnoreCase)
+                ? DbValidationRuleResult.Failure(
+                    context.FallbackMessage ?? "Customer name is not allowed.",
+                    context.FieldName,
+                    context.RuleName)
+                : DbValidationRuleResult.Success();
+            return ValueTask.FromResult(result);
+        });
+
+    builder.AddRule(
+        "CustomerReadyForInsert",
+        new DbValidationRuleOptions(
+            Description: "Requires the customer workflow status before save."),
+        static context =>
+        {
+            string requiredStatus = context.Parameters.TryGetValue("requiredStatus", out DbValue configured)
+                && !configured.IsNull
+                    ? configured.AsText
+                    : "Ready";
+            string status = context.Record.TryGetValue("Status", out DbValue value) && !value.IsNull
+                ? value.AsText
+                : string.Empty;
+
+            return string.Equals(status, requiredStatus, StringComparison.OrdinalIgnoreCase)
+                ? DbValidationRuleResult.Success()
+                : DbValidationRuleResult.Failure(
+                    [
+                        new DbValidationFailure(
+                            "Status",
+                            context.FallbackMessage ?? $"Status must be {requiredStatus}.",
+                            context.RuleName),
+                    ],
+                    "Customer record is not ready.");
+        });
+});
+
+FormDefinition form = FormAutomationMetadata.NormalizeForExport(CreateCustomerEntryForm());
+DbAutomationMetadata automation = form.Automation
+    ?? throw new InvalidOperationException("The sample form should export automation metadata.");
+
+PrintAutomationMetadata(automation);
+ValidateAutomationMetadata(automation, functions, commands, validationRules);
+PrintGeneratedStub(automation);
+
+await RunSqlScalarFunctionDemoAsync(functions);
+await RunAdminFormsAutomationDemoAsync(form, commands, auditLog);
+await RunAdminFormsValidationDemoAsync(form, validationRules);
+
+Console.WriteLine();
+Console.WriteLine("Set breakpoints inside Slugify, AuditCustomerChange, or a validation rule, then run this sample from VS Code.");
+
+static async Task RunSqlScalarFunctionDemoAsync(DbFunctionRegistry functions)
+{
+    await using Database db = await Database.OpenInMemoryAsync(new DatabaseOptions
+    {
+        Functions = functions,
+    });
+
+    await db.ExecuteAsync("""
+        CREATE TABLE articles (
+            id INTEGER PRIMARY KEY,
+            title TEXT NOT NULL,
+            slug TEXT
+        );
+        """);
+
+    await db.ExecuteAsync("INSERT INTO articles VALUES (1, 'Hello From VS Code', Slugify('Hello From VS Code'));");
+    await db.ExecuteAsync("INSERT INTO articles VALUES (2, 'Trusted CSharpDB Callbacks', Slugify('Trusted CSharpDB Callbacks'));");
+
+    Console.WriteLine();
+    Console.WriteLine("SQL scalar function result:");
+    await using var rows = await db.ExecuteAsync("""
+        SELECT id, title, slug
+        FROM articles
+        ORDER BY id;
+        """);
+
+    while (await rows.MoveNextAsync())
+    {
+        IReadOnlyList<DbValue> row = rows.Current;
+        Console.WriteLine($"  {row[0].AsInteger}: {row[1].AsText} -> {row[2].AsText}");
+    }
+}
+
+static async Task RunAdminFormsAutomationDemoAsync(
+    FormDefinition form,
+    DbCommandRegistry commands,
+    IReadOnlyList<string> auditLog)
+{
+    var record = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+    {
+        ["Id"] = 42L,
+        ["Name"] = "Ada Lovelace",
+    };
+
+    var dispatcher = new DefaultFormEventDispatcher(commands);
+    FormEventDispatchResult dispatchResult = await dispatcher.DispatchAsync(form, FormEventKind.BeforeInsert, record);
+
+    Console.WriteLine();
+    Console.WriteLine("Admin Forms action sequence result:");
+    Console.WriteLine($"  Succeeded: {dispatchResult.Succeeded}");
+    Console.WriteLine($"  Status field: {record["Status"]}");
+    foreach (string auditEntry in auditLog)
+        Console.WriteLine($"  Audit: {auditEntry}");
+}
+
+static async Task RunAdminFormsValidationDemoAsync(
+    FormDefinition form,
+    DbValidationRuleRegistry validationRules)
+{
+    var record = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+    {
+        ["Id"] = 43L,
+        ["Name"] = "Test Account",
+        ["Status"] = "Draft",
+    };
+
+    var validation = new DefaultValidationInferenceService(validationRules, DbExtensionPolicies.DefaultHostCallbackPolicy);
+    IReadOnlyList<ValidationError> errors = await validation.EvaluateAsync(form, record);
+
+    Console.WriteLine();
+    Console.WriteLine("Admin Forms validation result:");
+    foreach (ValidationError error in errors)
+        Console.WriteLine($"  {error.FieldName}: {error.RuleId} - {error.Message}");
+}
+
+static void PrintAutomationMetadata(DbAutomationMetadata automation)
+{
+    Console.WriteLine("Exported automation metadata:");
+    foreach (DbAutomationScalarFunctionReference function in automation.ScalarFunctions ?? [])
+    {
+        Console.WriteLine(
+            $"  scalar {function.Name}/{function.Arity} from {function.Surface}:{function.Location}");
+    }
+
+    foreach (DbAutomationCommandReference command in automation.Commands ?? [])
+        Console.WriteLine($"  command {command.Name} from {command.Surface}:{command.Location}");
+
+    foreach (DbAutomationValidationRuleReference rule in automation.ValidationRules ?? [])
+        Console.WriteLine($"  validation {rule.Name} from {rule.Surface}:{rule.Location}");
+}
+
+static void ValidateAutomationMetadata(
+    DbAutomationMetadata automation,
+    DbFunctionRegistry functions,
+    DbCommandRegistry commands,
+    DbValidationRuleRegistry validationRules)
+{
+    AutomationValidationResult result = AutomationManifestValidator.Validate(
+        automation,
+        functions,
+        commands,
+        validationRules,
+        new AutomationManifestValidationOptions(RequireMetadata: true));
+
+    Console.WriteLine();
+    Console.WriteLine("Automation validation:");
+    if (result.Succeeded)
+    {
+        Console.WriteLine("  All referenced callbacks are registered.");
+        return;
+    }
+
+    foreach (AutomationValidationIssue issue in result.Issues)
+        Console.WriteLine($"  {issue.Severity}: {issue.Message}");
+}
+
+static void PrintGeneratedStub(DbAutomationMetadata automation)
+{
+    string source = AutomationStubGenerator.GenerateCSharp(
+        automation,
+        new AutomationStubGenerationOptions(
+            Namespace: "MyApp.CSharpDbAutomation",
+            ClassName: "CSharpDbAutomationRegistration"));
+
+    Console.WriteLine();
+    Console.WriteLine("Starter C# registration stub:");
+    Console.WriteLine(source);
+}
+
+static FormDefinition CreateCustomerEntryForm()
+    => new(
+        "customers-entry",
+        "Customers Entry",
+        "Customers",
+        DefinitionVersion: 1,
+        SourceSchemaSignature: "sample:customers:v1",
+        Layout: new LayoutDefinition("absolute", 8, SnapToGrid: true, Breakpoints: []),
+        Controls:
+        [
+            new ControlDefinition(
+                "slug-preview",
+                "computed",
+                new Rect(24, 24, 240, 32),
+                Binding: null,
+                Props: new PropertyBag(new Dictionary<string, object?>
+                {
+                    ["formula"] = "=Slugify(Name)",
+                }),
+                ValidationOverride: null),
+            new ControlDefinition(
+                "customer-name",
+                "text",
+                new Rect(24, 72, 240, 32),
+                Binding: new BindingDefinition("Name", "TwoWay"),
+                Props: new PropertyBag(new Dictionary<string, object?>
+                {
+                    ["label"] = "Name",
+                }),
+                ValidationOverride: new ValidationOverride(
+                    DisableInferredRules: false,
+                    AddRules:
+                    [
+                        new ValidationRule(
+                            "CustomerNamePolicy",
+                            "Use the real customer name, not a placeholder.",
+                            new Dictionary<string, object?>
+                            {
+                                ["blockedText"] = "test",
+                            }),
+                    ],
+                    DisableRuleIds: [])),
+            new ControlDefinition(
+                "customer-status",
+                "text",
+                new Rect(24, 120, 160, 32),
+                Binding: new BindingDefinition("Status", "TwoWay"),
+                Props: new PropertyBag(new Dictionary<string, object?>
+                {
+                    ["label"] = "Status",
+                }),
+                ValidationOverride: null),
+        ],
+        EventBindings:
+        [
+            new FormEventBinding(
+                FormEventKind.BeforeInsert,
+                CommandName: string.Empty,
+                ActionSequence: new DbActionSequence(
+                [
+                    new DbActionStep(
+                        DbActionKind.SetFieldValue,
+                        Target: "Status",
+                        Value: "Ready"),
+                    new DbActionStep(
+                        DbActionKind.RunActionSequence,
+                        SequenceName: "ReusableCustomerAudit",
+                        Arguments: new Dictionary<string, object?>
+                        {
+                            ["source"] = "trusted-csharp-host-sample",
+                        }),
+                ],
+                Name: "PrepareCustomerInsert")),
+        ],
+        ActionSequences:
+        [
+            new DbActionSequence(
+            [
+                new DbActionStep(
+                    DbActionKind.RunCommand,
+                    CommandName: "AuditCustomerChange"),
+            ],
+            Name: "ReusableCustomerAudit"),
+        ],
+        ValidationRules:
+        [
+            new ValidationRule(
+                "CustomerReadyForInsert",
+                "Customer status must be Ready before save.",
+                new Dictionary<string, object?>
+                {
+                    ["requiredStatus"] = "Ready",
+                }),
+        ]);
+
+static string Slugify(string text)
+{
+    return text
+        .Trim()
+        .ToLowerInvariant()
+        .Replace(' ', '-');
+}
diff --git a/samples/trusted-csharp-host/README.md b/samples/trusted-csharp-host/README.md
new file mode 100644
index 00000000..90d7a21b
--- /dev/null
+++ b/samples/trusted-csharp-host/README.md
@@ -0,0 +1,135 @@
+# Trusted C# Host Sample
+
+This sample is the VS Code workflow for CSharpDB's trusted C# integration. It
+is a normal C# project: open this folder in VS Code, set breakpoints inside the
+registered callbacks, and run or debug the host process.
+
+It demonstrates:
+
+- registering a trusted scalar function with `DbFunctionRegistry`
+- calling that function from SQL
+- registering a trusted command with `DbCommandRegistry`
+- registering trusted Admin Forms validation rules with
+  `DbValidationRuleRegistry`
+- exporting Admin Forms automation metadata
+- validating automation metadata against registered callbacks
+- generating starter C# registration stubs from automation metadata
+- running an Admin Forms action sequence that sets a field
+- invoking a reusable named Admin Forms action sequence that calls the command
+- running field-level and form-level validation callbacks
+- inspecting an Access-style macro form manifest with open form, filter,
+  run SQL, and conditional UI rule actions
+- inspecting callback arguments and metadata in console output
+
+The sample keeps the important runtime boundary visible: C# callback bodies live
+in the host project. The database/form metadata stores names and action data
+only.
+
+## Run From VS Code
+
+1. Open `samples/trusted-csharp-host` in VS Code.
+2. Install the C# Dev Kit or C# extension if VS Code prompts for it.
+3. Press `F5`, or run the task `run trusted C# host sample`.
+4. Watch the sample print exported automation metadata.
+5. Watch validation confirm that referenced callbacks are registered.
+6. Inspect the generated starter C# registration stub.
+7. Put breakpoints in `Slugify`, `AuditCustomerChange`, or one of the
+   validation rule callbacks.
+
+## Developer Handoff Story
+
+The intended production workflow has two roles:
+
+1. An app builder creates metadata in Admin, such as a calculated expression
+   that calls `Slugify(...)` or a form action sequence that runs
+   `AuditCustomerChange`.
+2. A host developer owns the C# implementation, registers that callback during
+   startup, and debugs it from VS Code.
+
+The database/form metadata stores callback names, argument values, and
+reference locations. It does not store C# source or compiled assemblies.
+
+`Program.cs` shows both registration paths:
+
+```csharp
+builder.AddScalar(
+    "Slugify",
+    arity: 1,
+    options: new DbScalarFunctionOptions(
+        ReturnType: DbType.Text,
+        IsDeterministic: true,
+        NullPropagating: true),
+    invoke: static (_, args) => DbValue.FromText(Slugify(args[0].AsText)));
+```
+
+```csharp
+builder.AddCommand(
+    "AuditCustomerChange",
+    new DbCommandOptions("Records a customer workflow event."),
+    context =>
+    {
+        long customerId = context.Arguments["Id"].AsInteger;
+        string status = context.Arguments["Status"].AsText;
+
+        return DbCommandResult.Success(
+            $"Customer {customerId} changed to {status}.");
+});
+```
+
+Validation rules use the same host-owned pattern:
+
+```csharp
+builder.AddRule(
+    "CustomerNamePolicy",
+    new DbValidationRuleOptions(
+        Description: "Rejects placeholder customer names.",
+        Timeout: TimeSpan.FromSeconds(2)),
+    static (context, ct) =>
+    {
+        string text = context.Value.IsNull ? string.Empty : context.Value.AsText;
+
+        DbValidationRuleResult result = text.Contains("test", StringComparison.OrdinalIgnoreCase)
+            ? DbValidationRuleResult.Failure(
+                context.FallbackMessage ?? "Customer name is not allowed.",
+                context.FieldName,
+                context.RuleName)
+            : DbValidationRuleResult.Success();
+        return ValueTask.FromResult(result);
+    });
+```
+
+When Admin reports a missing callback, use the generated stub as the handoff
+artifact. The host developer pastes the registration shape into the host app,
+replaces the stub body with reviewed C# code, sets a breakpoint, then runs the
+host with `F5` to verify the metadata reference reaches the callback.
+
+## Run From Terminal
+
+```powershell
+dotnet run --project samples\trusted-csharp-host\TrustedCSharpHostSample.csproj
+```
+
+Expected output includes:
+
+- exported callback metadata and locations
+- validation status
+- generated starter registration code
+- slug values from SQL
+- an audit entry from the reusable form action sequence
+- validation errors from a field rule and a form rule
+
+The audit entry prints callback metadata such as the form event and reusable
+action sequence name, along with callback arguments passed from the form record
+and action sequence.
+
+The validation result prints the failing field, rule id, and message. The same
+rules block save in Admin Forms when referenced by saved form metadata.
+
+## Files
+
+- `Program.cs` contains the host registration code, metadata validation, stub
+  generation, and runnable demo.
+- `access-style-macro-form.json` contains a Phase 8 form manifest with richer
+  macro actions and conditional UI rules.
+- `.vscode/launch.json` launches the sample under the debugger.
+- `.vscode/tasks.json` builds and runs the sample from VS Code tasks.
diff --git a/samples/trusted-csharp-host/TrustedCSharpHostSample.csproj b/samples/trusted-csharp-host/TrustedCSharpHostSample.csproj
new file mode 100644
index 00000000..a8952804
--- /dev/null
+++ b/samples/trusted-csharp-host/TrustedCSharpHostSample.csproj
@@ -0,0 +1,16 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\CSharpDB.Engine\CSharpDB.Engine.csproj" />
+    <ProjectReference Include="..\..\src\CSharpDB.Admin.Forms\CSharpDB.Admin.Forms.csproj" />
+    <ProjectReference Include="..\..\src\CSharpDB.Primitives\CSharpDB.Primitives.csproj" />
+  </ItemGroup>
+
+</Project>
diff --git a/samples/trusted-csharp-host/access-style-macro-form.json b/samples/trusted-csharp-host/access-style-macro-form.json
new file mode 100644
index 00000000..211f6fa0
--- /dev/null
+++ b/samples/trusted-csharp-host/access-style-macro-form.json
@@ -0,0 +1,178 @@
+{
+  "formId": "products-entry-access-macros",
+  "name": "Products Entry Access Macros",
+  "tableName": "Products",
+  "definitionVersion": 1,
+  "sourceSchemaSignature": "sample:products:v1",
+  "layout": {
+    "layoutMode": "absolute",
+    "gridSize": 8,
+    "snapToGrid": true,
+    "breakpoints": []
+  },
+  "controls": [
+    {
+      "controlId": "statusBox",
+      "controlType": "text",
+      "rect": { "x": 24, "y": 24, "width": 180, "height": 32 },
+      "binding": { "fieldName": "Status", "mode": "TwoWay" },
+      "props": { "placeholder": "Status" }
+    },
+    {
+      "controlId": "openOrdersButton",
+      "controlType": "commandButton",
+      "rect": { "x": 224, "y": 24, "width": 120, "height": 32 },
+      "props": { "text": "Open Orders" },
+      "eventBindings": [
+        {
+          "event": "onClick",
+          "commandName": "",
+          "stopOnFailure": true,
+          "actionSequence": {
+            "name": "OpenOrders",
+            "steps": [
+              {
+                "kind": "openForm",
+                "target": "Orders Entry",
+                "arguments": {
+                  "recordId": "$record.Id",
+                  "mode": "view"
+                }
+              }
+            ]
+          }
+        }
+      ]
+    },
+    {
+      "controlId": "showOpenOrdersButton",
+      "controlType": "commandButton",
+      "rect": { "x": 24, "y": 72, "width": 152, "height": 32 },
+      "props": { "text": "Show Open" },
+      "eventBindings": [
+        {
+          "event": "onClick",
+          "commandName": "",
+          "stopOnFailure": true,
+          "actionSequence": {
+            "name": "ShowOpenOrders",
+            "steps": [
+              {
+                "kind": "applyFilter",
+                "target": "ordersGrid",
+                "value": "[Status] = @status",
+                "arguments": {
+                  "status": "Open"
+                }
+              },
+              {
+                "kind": "setControlVisibility",
+                "target": "clearOrdersFilterButton",
+                "value": true
+              }
+            ]
+          }
+        }
+      ]
+    },
+    {
+      "controlId": "clearOrdersFilterButton",
+      "controlType": "commandButton",
+      "rect": { "x": 184, "y": 72, "width": 152, "height": 32 },
+      "props": {
+        "text": "Clear Filter",
+        "visible": false
+      },
+      "eventBindings": [
+        {
+          "event": "onClick",
+          "commandName": "",
+          "stopOnFailure": true,
+          "actionSequence": {
+            "name": "ClearOrdersFilter",
+            "steps": [
+              {
+                "kind": "clearFilter",
+                "target": "ordersGrid"
+              },
+              {
+                "kind": "setControlVisibility",
+                "target": "clearOrdersFilterButton",
+                "value": false
+              }
+            ]
+          }
+        }
+      ]
+    },
+    {
+      "controlId": "archiveButton",
+      "controlType": "commandButton",
+      "rect": { "x": 344, "y": 72, "width": 120, "height": 32 },
+      "props": { "text": "Archive" },
+      "eventBindings": [
+        {
+          "event": "onClick",
+          "commandName": "",
+          "stopOnFailure": true,
+          "actionSequence": {
+            "name": "ArchiveProduct",
+            "steps": [
+              {
+                "kind": "runSql",
+                "value": "UPDATE Products SET Status = @status WHERE Id = @id",
+                "arguments": {
+                  "status": "Archived",
+                  "id": "$record.Id",
+                  "refresh": true
+                }
+              },
+              {
+                "kind": "setControlProperty",
+                "target": "statusBox",
+                "value": "Archived",
+                "arguments": {
+                  "property": "value"
+                }
+              }
+            ]
+          }
+        }
+      ]
+    },
+    {
+      "controlId": "ordersGrid",
+      "controlType": "datagrid",
+      "rect": { "x": 24, "y": 128, "width": 720, "height": 260 },
+      "props": {
+        "childTable": "Orders",
+        "dataGridMode": "related",
+        "foreignKeyField": "ProductId",
+        "parentKeyField": "Id",
+        "visibleColumns": [ "OrderId", "Status", "Total" ],
+        "allowAdd": true,
+        "allowEdit": true,
+        "allowDelete": false
+      }
+    }
+  ],
+  "rules": [
+    {
+      "ruleId": "archived-state",
+      "condition": "[Status] = 'Archived'",
+      "description": "Archived products cannot be edited from the entry form.",
+      "effects": [
+        {
+          "controlId": "statusBox",
+          "property": "readOnly",
+          "value": true
+        },
+        {
+          "controlId": "archiveButton",
+          "property": "enabled",
+          "value": false
+        }
+      ]
+    }
+  ]
+}
diff --git a/scripts/Start-CSharpDbAdminDirect.ps1 b/scripts/Start-CSharpDbAdminDirect.ps1
index 26ecc76a..7f5b63c9 100644
--- a/scripts/Start-CSharpDbAdminDirect.ps1
+++ b/scripts/Start-CSharpDbAdminDirect.ps1
@@ -6,11 +6,12 @@ Configures the admin site for direct mode, then starts only the admin host.
 This script is intended for local development and manual operator workflows.
 It updates `src/CSharpDB.Admin/appsettings.json` to use
 `CSharpDbTransport.Direct`, removes any daemon endpoint from the admin config,
-ensures a connection string exists, and then starts `CSharpDB.Admin`.
+ensures a connection string exists, builds `CSharpDB.Admin`, and then starts it.
 
-The script does not install a Windows service or a background task. It launches
-one `dotnet run` process. If you close the shell that launched this script, the
-child process continues running until you stop it explicitly.
+The script does not install a Windows service or a background task. It builds
+the admin project first, then launches one `dotnet run --no-build` process. If
+you close the shell that launched this script, the child process continues
+running until you stop it explicitly.
 
 .PARAMETER NoLaunch
 Only updates the admin configuration. Does not start the admin host.
@@ -26,7 +27,8 @@ later with `Stop-Process`.
 Overrides the admin database connection string before launch.
 
 .PARAMETER AdminStartupTimeoutSeconds
-How long to wait for the admin endpoint to start accepting TCP connections.
+How long to wait for the admin endpoint to start accepting TCP connections
+after the admin project has built and the app process has launched.
 
 .EXAMPLE
 powershell -ExecutionPolicy Bypass -File .\scripts\Start-CSharpDbAdminDirect.ps1
@@ -52,7 +54,7 @@ param(
     [switch]$OpenAdmin,
     [switch]$PassThru,
     [string]$ConnectionString,
-    [int]$AdminStartupTimeoutSeconds = 30
+    [int]$AdminStartupTimeoutSeconds = 60
 )
 
 $ErrorActionPreference = 'Stop'
@@ -182,6 +184,47 @@ function Select-PreferredUrl {
     return $urls[0]
 }
 
+function Get-LaunchUris {
+    param(
+        [Parameter(Mandatory = $true)]
+        [string]$ApplicationUrl
+    )
+
+    return @(
+        $ApplicationUrl.Split(';', [System.StringSplitOptions]::RemoveEmptyEntries) |
+            ForEach-Object { $_.Trim() } |
+            Where-Object { $_ } |
+            ForEach-Object { [Uri]$_ }
+    )
+}
+
+function Test-TcpEndpoint {
+    param(
+        [Parameter(Mandatory = $true)]
+        [Uri]$Uri
+    )
+
+    $client = $null
+
+    try {
+        $client = [System.Net.Sockets.TcpClient]::new()
+        $connectTask = $client.ConnectAsync($Uri.Host, $Uri.Port)
+
+        if ($connectTask.Wait([TimeSpan]::FromSeconds(1)) -and $client.Connected) {
+            return $true
+        }
+    }
+    catch {
+    }
+    finally {
+        if ($null -ne $client) {
+            $client.Dispose()
+        }
+    }
+
+    return $false
+}
+
 function Wait-ForTcpEndpoint {
     param(
         [Parameter(Mandatory = $true)]
@@ -193,28 +236,45 @@ function Wait-ForTcpEndpoint {
     $deadline = (Get-Date).AddSeconds($TimeoutSeconds)
 
     while ((Get-Date) -lt $deadline) {
-        $client = $null
+        if (Test-TcpEndpoint -Uri $Uri) {
+            return $true
+        }
+
+        Start-Sleep -Milliseconds 500
+    }
+
+    return $false
+}
+
+function Wait-ForAnyTcpEndpoint {
+    param(
+        [Parameter(Mandatory = $true)]
+        [Uri[]]$Uris,
+        [Parameter(Mandatory = $true)]
+        [int]$TimeoutSeconds,
+        [System.Diagnostics.Process]$Process
+    )
 
-        try {
-            $client = [System.Net.Sockets.TcpClient]::new()
-            $connectTask = $client.ConnectAsync($Uri.Host, $Uri.Port)
+    $deadline = (Get-Date).AddSeconds($TimeoutSeconds)
 
-            if ($connectTask.Wait([TimeSpan]::FromSeconds(1)) -and $client.Connected) {
-                return $true
+    while ((Get-Date) -lt $deadline) {
+        if ($null -ne $Process) {
+            $Process.Refresh()
+            if ($Process.HasExited) {
+                return $null
             }
         }
-        catch {
-        }
-        finally {
-            if ($null -ne $client) {
-                $client.Dispose()
+
+        foreach ($uri in $Uris) {
+            if (Test-TcpEndpoint -Uri $uri) {
+                return $uri
             }
         }
 
         Start-Sleep -Milliseconds 500
     }
 
-    return $false
+    return $null
 }
 
 function Stop-ProcessIfRunning {
@@ -242,6 +302,7 @@ $originalAdminJson = $adminConfig | ConvertTo-Json -Depth 20
 
 $adminLaunchProfile = Get-LaunchProfile -LaunchSettings $adminLaunchSettings -PreferredProfileName 'CSharpDB.Admin'
 $adminUrl = Select-PreferredUrl -ApplicationUrl $adminLaunchProfile.Profile.applicationUrl -PreferredScheme 'https'
+$adminUris = @(Get-LaunchUris -ApplicationUrl $adminLaunchProfile.Profile.applicationUrl)
 
 $csharpDbSection = Get-OrAddProperty -Object $adminConfig -Name 'CSharpDB' -DefaultValue ([pscustomobject]@{})
 Set-JsonProperty -Object $csharpDbSection -Name 'Transport' -Value 'direct'
@@ -291,19 +352,30 @@ if ($NoLaunch) {
 
 $adminArgs = @(
     'run',
+    '--no-build',
     '--project', $adminProjectPath,
     '--launch-profile', $adminLaunchProfile.Name
 )
 
+Write-Host "Building admin project..."
+dotnet build $adminProjectPath | Out-Host
+if ($LASTEXITCODE -ne 0) {
+    throw "The admin project build failed with exit code $LASTEXITCODE."
+}
+
 Write-Host "Starting admin profile '$($adminLaunchProfile.Name)'..."
 $adminProcess = Start-Process -FilePath 'dotnet' -ArgumentList $adminArgs -WorkingDirectory $repoRoot -PassThru
 
-if ($adminUrl) {
-    if (-not (Wait-ForTcpEndpoint -Uri ([Uri]$adminUrl) -TimeoutSeconds $AdminStartupTimeoutSeconds)) {
+if ($adminUris.Count -gt 0) {
+    $listeningUri = Wait-ForAnyTcpEndpoint -Uris $adminUris -TimeoutSeconds $AdminStartupTimeoutSeconds -Process $adminProcess
+    if ($null -eq $listeningUri) {
         Stop-ProcessIfRunning -Process $adminProcess
-        throw "The admin site did not start listening on $adminUrl within $AdminStartupTimeoutSeconds seconds."
+
+        $configuredUrls = ($adminUris | ForEach-Object { $_.ToString().TrimEnd('/') }) -join ', '
+        throw "The admin site did not start listening on any configured URL ($configuredUrls) within $AdminStartupTimeoutSeconds seconds."
     }
 
+    $adminUrl = $listeningUri.ToString().TrimEnd('/')
     Write-Host "Admin is listening on $adminUrl (PID $($adminProcess.Id))."
 
     if ($OpenAdmin) {
diff --git a/src/CSharpDB.Admin.Forms/CSharpDB.Admin.Forms.csproj b/src/CSharpDB.Admin.Forms/CSharpDB.Admin.Forms.csproj
index f7d414f9..6b923cd2 100644
--- a/src/CSharpDB.Admin.Forms/CSharpDB.Admin.Forms.csproj
+++ b/src/CSharpDB.Admin.Forms/CSharpDB.Admin.Forms.csproj
@@ -10,6 +10,7 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
     <ProjectReference Include="..\CSharpDB.Client\CSharpDB.Client.csproj" />
+    <ProjectReference Include="..\CSharpDB.Primitives\CSharpDB.Primitives.csproj" />
   </ItemGroup>
 
 </Project>
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/ActionSequenceEditor.razor b/src/CSharpDB.Admin.Forms/Components/Designer/ActionSequenceEditor.razor
new file mode 100644
index 00000000..e369d36e
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/ActionSequenceEditor.razor
@@ -0,0 +1,581 @@
+@using System.Text.Json
+@using CSharpDB.Admin.Forms.Serialization
+@using CSharpDB.Primitives
+@inject DbCommandRegistry CommandRegistry
+
+<div class="ase-container">
+    @if (ActionSequence is null)
+    {
+        <button class="feb-btn feb-btn-add" @onclick="CreateSequence">+ Add Action Sequence</button>
+    }
+    else
+    {
+        <div class="ase-header">
+            <div class="feb-field">
+                <label>Name</label>
+                <input type="text"
+                       value="@(ActionSequence.Name ?? string.Empty)"
+                       @onchange="@(e => UpdateName(e.Value?.ToString()))" />
+            </div>
+            <button class="feb-btn feb-btn-remove" @onclick="ClearSequence" title="Remove action sequence">x</button>
+        </div>
+
+        @if (ActionSequence.Steps.Count == 0)
+        {
+            <div class="feb-empty">No action steps</div>
+        }
+
+        @for (int i = 0; i < ActionSequence.Steps.Count; i++)
+        {
+            var idx = i;
+            var step = ActionSequence.Steps[idx];
+            <div class="ase-step">
+                <div class="feb-row">
+                    <div class="feb-field">
+                        <label>Action</label>
+                        <select value="@step.Kind" @onchange="@(e => UpdateKind(idx, step, e.Value?.ToString()))">
+                            @foreach (DbActionKind kind in ActionKinds)
+                            {
+                                <option value="@kind">@GetActionLabel(kind)</option>
+                            }
+                        </select>
+                    </div>
+                    <button class="feb-btn" @onclick="@(() => MoveStep(idx, -1))" disabled="@(idx == 0)" title="Move step up">Up</button>
+                    <button class="feb-btn" @onclick="@(() => MoveStep(idx, 1))" disabled="@(idx == ActionSequence.Steps.Count - 1)" title="Move step down">Down</button>
+                    <button class="feb-btn feb-btn-remove" @onclick="@(() => RemoveStep(idx))" title="Remove step">x</button>
+                </div>
+
+                @switch (step.Kind)
+                {
+                    case DbActionKind.RunCommand:
+                        <div class="feb-field">
+                            <label>Command</label>
+                            @if (RegisteredCommands.Count > 0)
+                            {
+                                <select value="@(step.CommandName ?? string.Empty)" @onchange="@(e => UpdateCommandName(idx, step, e.Value?.ToString()))">
+                                    <option value="">-- Select command --</option>
+                                    @if (ShouldRenderMissingCommand(step.CommandName))
+                                    {
+                                        <option value="@step.CommandName">@($"{step.CommandName} (missing)")</option>
+                                    }
+                                    @foreach (DbCommandDefinition command in RegisteredCommands)
+                                    {
+                                        <option value="@command.Name">@command.Name</option>
+                                    }
+                                </select>
+                            }
+                            else
+                            {
+                                <input type="text"
+                                       value="@(step.CommandName ?? string.Empty)"
+                                       @onchange="@(e => UpdateCommandName(idx, step, e.Value?.ToString()))" />
+                            }
+                        </div>
+                        <div class="feb-field">
+                            <label>Arguments</label>
+                            <textarea class="feb-arguments"
+                                      value="@GetArgumentsText(idx, step)"
+                                      placeholder="{&quot;source&quot;:&quot;form-action&quot;}"
+                                      @onchange="@(e => UpdateArguments(idx, step, e.Value?.ToString() ?? string.Empty))"></textarea>
+                        </div>
+                        break;
+                    case DbActionKind.RunActionSequence:
+                        <div class="feb-field">
+                            <label>Action Sequence</label>
+                            @if (AvailableActionSequences.Count > 0)
+                            {
+                                <select value="@(step.SequenceName ?? string.Empty)" @onchange="@(e => UpdateSequenceName(idx, step, e.Value?.ToString()))">
+                                    <option value="">-- Select sequence --</option>
+                                    @if (ShouldRenderMissingActionSequence(step.SequenceName))
+                                    {
+                                        <option value="@step.SequenceName">@($"{step.SequenceName} (missing)")</option>
+                                    }
+                                    @foreach (DbActionSequence sequence in AvailableActionSequences.Where(sequence => !string.IsNullOrWhiteSpace(sequence.Name)))
+                                    {
+                                        <option value="@sequence.Name">@sequence.Name</option>
+                                    }
+                                </select>
+                            }
+                            else
+                            {
+                                <input type="text"
+                                       value="@(step.SequenceName ?? string.Empty)"
+                                       @onchange="@(e => UpdateSequenceName(idx, step, e.Value?.ToString()))" />
+                            }
+                        </div>
+                        <div class="feb-field">
+                            <label>Arguments</label>
+                            <textarea class="feb-arguments"
+                                      value="@GetArgumentsText(idx, step)"
+                                      placeholder="{&quot;source&quot;:&quot;nested-sequence&quot;}"
+                                      @onchange="@(e => UpdateArguments(idx, step, e.Value?.ToString() ?? string.Empty))"></textarea>
+                        </div>
+                        break;
+                    case DbActionKind.SetFieldValue:
+                        <div class="feb-row">
+                            <div class="feb-field">
+                                <label>Target Field</label>
+                                <input type="text"
+                                       value="@(step.Target ?? string.Empty)"
+                                       @onchange="@(e => UpdateTarget(idx, step, e.Value?.ToString()))" />
+                            </div>
+                            <div class="feb-field">
+                                <label>Value</label>
+                                <input type="text"
+                                       value="@FormatValue(step.Value)"
+                                       @onchange="@(e => UpdateValue(idx, step, e.Value?.ToString()))" />
+                            </div>
+                        </div>
+                        break;
+                    case DbActionKind.GoToRecord:
+                        <div class="feb-row">
+                            <div class="feb-field">
+                                <label>Record Value</label>
+                                <input type="text"
+                                       value="@FormatValue(step.Value)"
+                                       @onchange="@(e => UpdateValue(idx, step, e.Value?.ToString()))" />
+                            </div>
+                            <div class="feb-field">
+                                <label>Value From Field</label>
+                                <input type="text"
+                                       value="@(step.Target ?? string.Empty)"
+                                       placeholder="Optional field name"
+                                       @onchange="@(e => UpdateTarget(idx, step, e.Value?.ToString()))" />
+                            </div>
+                        </div>
+                        break;
+                    case DbActionKind.OpenForm:
+                        <div class="feb-field">
+                            <label>Target Form</label>
+                            <input type="text"
+                                   value="@(step.Target ?? string.Empty)"
+                                   placeholder="Form id or name"
+                                   @onchange="@(e => UpdateTarget(idx, step, e.Value?.ToString()))" />
+                        </div>
+                        <div class="feb-field">
+                            <label>Arguments</label>
+                            <textarea class="feb-arguments"
+                                      value="@GetArgumentsText(idx, step)"
+                                      placeholder="{&quot;mode&quot;:&quot;edit&quot;,&quot;recordId&quot;:&quot;$record.Id&quot;}"
+                                      @onchange="@(e => UpdateArguments(idx, step, e.Value?.ToString() ?? string.Empty))"></textarea>
+                        </div>
+                        break;
+                    case DbActionKind.ApplyFilter:
+                        <div class="feb-row">
+                            <div class="feb-field">
+                                <label>Target</label>
+                                <input type="text"
+                                       value="@(step.Target ?? string.Empty)"
+                                       placeholder="form or control id"
+                                       @onchange="@(e => UpdateTarget(idx, step, e.Value?.ToString()))" />
+                            </div>
+                            <div class="feb-field">
+                                <label>Filter</label>
+                                <input type="text"
+                                       value="@FormatValue(step.Value)"
+                                       placeholder="[Status] = 'Open'"
+                                       @onchange="@(e => UpdateValue(idx, step, e.Value?.ToString()))" />
+                            </div>
+                        </div>
+                        <div class="feb-field">
+                            <label>Arguments</label>
+                            <textarea class="feb-arguments"
+                                      value="@GetArgumentsText(idx, step)"
+                                      placeholder="{&quot;parameters&quot;:{&quot;customerId&quot;:&quot;$record.CustomerId&quot;}}"
+                                      @onchange="@(e => UpdateArguments(idx, step, e.Value?.ToString() ?? string.Empty))"></textarea>
+                        </div>
+                        break;
+                    case DbActionKind.ClearFilter:
+                        <div class="feb-field">
+                            <label>Target</label>
+                            <input type="text"
+                                   value="@(step.Target ?? string.Empty)"
+                                   placeholder="form or control id"
+                                   @onchange="@(e => UpdateTarget(idx, step, e.Value?.ToString()))" />
+                        </div>
+                        break;
+                    case DbActionKind.RunSql:
+                        <div class="feb-field">
+                            <label>SQL Or Saved Query</label>
+                            <textarea class="feb-arguments"
+                                      value="@FormatValue(step.Value)"
+                                      placeholder="UPDATE Orders SET Status = @@status WHERE Id = @@id"
+                                      @onchange="@(e => UpdateValue(idx, step, e.Value?.ToString()))"></textarea>
+                        </div>
+                        <div class="feb-field">
+                            <label>Arguments</label>
+                            <textarea class="feb-arguments"
+                                      value="@GetArgumentsText(idx, step)"
+                                      placeholder="{&quot;status&quot;:&quot;Closed&quot;,&quot;id&quot;:&quot;$record.Id&quot;}"
+                                      @onchange="@(e => UpdateArguments(idx, step, e.Value?.ToString() ?? string.Empty))"></textarea>
+                        </div>
+                        break;
+                    case DbActionKind.RunProcedure:
+                        <div class="feb-field">
+                            <label>Procedure</label>
+                            <input type="text"
+                                   value="@(step.Target ?? string.Empty)"
+                                   @onchange="@(e => UpdateTarget(idx, step, e.Value?.ToString()))" />
+                        </div>
+                        <div class="feb-field">
+                            <label>Arguments</label>
+                            <textarea class="feb-arguments"
+                                      value="@GetArgumentsText(idx, step)"
+                                      placeholder="{&quot;orderId&quot;:&quot;$record.Id&quot;}"
+                                      @onchange="@(e => UpdateArguments(idx, step, e.Value?.ToString() ?? string.Empty))"></textarea>
+                        </div>
+                        break;
+                    case DbActionKind.SetControlProperty:
+                        <div class="feb-row">
+                            <div class="feb-field">
+                                <label>Control</label>
+                                <input type="text"
+                                       value="@(step.Target ?? string.Empty)"
+                                       @onchange="@(e => UpdateTarget(idx, step, e.Value?.ToString()))" />
+                            </div>
+                            <div class="feb-field">
+                                <label>Property</label>
+                                <input type="text"
+                                       value="@GetArgumentText(step, "property")"
+                                       placeholder="visible, enabled, readOnly, text, value"
+                                       @onchange='@(e => UpdateArgument(idx, step, "property", e.Value?.ToString()))' />
+                            </div>
+                            <div class="feb-field">
+                                <label>Value</label>
+                                <input type="text"
+                                       value="@FormatValue(step.Value)"
+                                       @onchange="@(e => UpdateValue(idx, step, e.Value?.ToString()))" />
+                            </div>
+                        </div>
+                        break;
+                    case DbActionKind.SetControlVisibility:
+                    case DbActionKind.SetControlEnabled:
+                    case DbActionKind.SetControlReadOnly:
+                        <div class="feb-row">
+                            <div class="feb-field">
+                                <label>Control</label>
+                                <input type="text"
+                                       value="@(step.Target ?? string.Empty)"
+                                       @onchange="@(e => UpdateTarget(idx, step, e.Value?.ToString()))" />
+                            </div>
+                            <div class="feb-field">
+                                <label>Value</label>
+                                <select value="@FormatValue(step.Value)" @onchange="@(e => UpdateBooleanValue(idx, step, e.Value?.ToString()))">
+                                    <option value="true">True</option>
+                                    <option value="false">False</option>
+                                </select>
+                            </div>
+                        </div>
+                        break;
+                    case DbActionKind.ShowMessage:
+                    case DbActionKind.Stop:
+                        <div class="feb-field">
+                            <label>Message</label>
+                            <input type="text"
+                                   value="@(step.Message ?? string.Empty)"
+                                   @onchange="@(e => UpdateMessage(idx, step, e.Value?.ToString()))" />
+                        </div>
+                        break;
+                }
+
+                <div class="feb-field">
+                    <label>Condition</label>
+                    <input type="text"
+                           value="@(step.Condition ?? string.Empty)"
+                           placeholder="Status = 'Ready'"
+                           @onchange="@(e => UpdateCondition(idx, step, e.Value?.ToString()))" />
+                </div>
+
+                <div class="feb-field">
+                    <label>
+                        <input type="checkbox"
+                               checked="@step.StopOnFailure"
+                               @onchange="@(e => UpdateStepStopOnFailure(idx, step, e.Value is bool b && b))" />
+                        Stop On Failure
+                    </label>
+                </div>
+            </div>
+        }
+
+        @if (!string.IsNullOrWhiteSpace(_argumentError))
+        {
+            <div class="feb-error">@_argumentError</div>
+        }
+
+        <div class="ase-actions">
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.RunCommand))">+ Command</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.RunActionSequence))">+ Sequence</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.SetFieldValue))">+ Set Field</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.NewRecord))">+ New</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.SaveRecord))">+ Save</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.DeleteRecord))">+ Delete</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.RefreshRecords))">+ Refresh</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.PreviousRecord))">+ Previous</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.NextRecord))">+ Next</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.GoToRecord))">+ Go To</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.OpenForm))">+ Open Form</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.ApplyFilter))">+ Filter</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.ClearFilter))">+ Clear Filter</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.RunSql))">+ SQL</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.RunProcedure))">+ Procedure</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.SetControlProperty))">+ Control Prop</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.ShowMessage))">+ Message</button>
+            <button class="feb-btn feb-btn-add" @onclick="@(() => AddStep(DbActionKind.Stop))">+ Stop</button>
+        </div>
+    }
+</div>
+
+@code {
+    [Parameter] public DbActionSequence? ActionSequence { get; set; }
+    [Parameter] public EventCallback<DbActionSequence?> ActionSequenceChanged { get; set; }
+    [Parameter] public IReadOnlyList<DbActionSequence> AvailableActionSequences { get; set; } = [];
+
+    private readonly Dictionary<int, string> _argumentText = [];
+    private string? _argumentError;
+
+    private static readonly DbActionKind[] ActionKinds = Enum.GetValues<DbActionKind>();
+    private IReadOnlyList<DbCommandDefinition> RegisteredCommands => CommandRegistry.Commands.ToList();
+
+    protected override void OnParametersSet()
+    {
+        if (ActionSequence is null)
+        {
+            _argumentText.Clear();
+            return;
+        }
+
+        for (int i = 0; i < ActionSequence.Steps.Count; i++)
+            _argumentText.TryAdd(i, FormatArguments(ActionSequence.Steps[i].Arguments));
+
+        foreach (int staleIndex in _argumentText.Keys.Where(index => index >= ActionSequence.Steps.Count).ToList())
+            _argumentText.Remove(staleIndex);
+    }
+
+    private Task CreateSequence()
+        => ActionSequenceChanged.InvokeAsync(new DbActionSequence([]));
+
+    private Task ClearSequence()
+    {
+        _argumentText.Clear();
+        _argumentError = null;
+        return ActionSequenceChanged.InvokeAsync(null);
+    }
+
+    private Task UpdateName(string? name)
+        => UpdateSequence(CurrentSequence() with { Name = string.IsNullOrWhiteSpace(name) ? null : name.Trim() });
+
+    private Task AddStep(DbActionKind kind)
+    {
+        DbActionSequence sequence = CurrentSequence();
+        List<DbActionStep> steps = sequence.Steps.ToList();
+        steps.Add(CreateDefaultStep(kind));
+        return UpdateSequence(sequence with { Steps = steps });
+    }
+
+    private Task RemoveStep(int index)
+    {
+        DbActionSequence sequence = CurrentSequence();
+        List<DbActionStep> steps = sequence.Steps.ToList();
+        if (index < 0 || index >= steps.Count)
+            return Task.CompletedTask;
+
+        steps.RemoveAt(index);
+        RebuildArgumentText(steps);
+        return UpdateSequence(sequence with { Steps = steps });
+    }
+
+    private Task MoveStep(int index, int delta)
+    {
+        DbActionSequence sequence = CurrentSequence();
+        List<DbActionStep> steps = sequence.Steps.ToList();
+        int target = index + delta;
+        if (index < 0 || index >= steps.Count || target < 0 || target >= steps.Count)
+            return Task.CompletedTask;
+
+        (steps[index], steps[target]) = (steps[target], steps[index]);
+        RebuildArgumentText(steps);
+        return UpdateSequence(sequence with { Steps = steps });
+    }
+
+    private Task UpdateKind(int index, DbActionStep step, string? value)
+    {
+        if (!Enum.TryParse(value, ignoreCase: true, out DbActionKind kind))
+            return Task.CompletedTask;
+
+        DbActionStep updated = CreateDefaultStep(kind) with
+        {
+            Arguments = kind is DbActionKind.RunCommand or DbActionKind.RunActionSequence ? step.Arguments : null,
+            SequenceName = kind == DbActionKind.RunActionSequence ? step.SequenceName : null,
+            StopOnFailure = step.StopOnFailure,
+            Condition = step.Condition,
+        };
+        return ReplaceStep(index, updated);
+    }
+
+    private Task UpdateCommandName(int index, DbActionStep step, string? commandName)
+        => ReplaceStep(index, step with { CommandName = string.IsNullOrWhiteSpace(commandName) ? null : commandName.Trim() });
+
+    private Task UpdateSequenceName(int index, DbActionStep step, string? sequenceName)
+        => ReplaceStep(index, step with { SequenceName = string.IsNullOrWhiteSpace(sequenceName) ? null : sequenceName.Trim() });
+
+    private Task UpdateTarget(int index, DbActionStep step, string? target)
+        => ReplaceStep(index, step with { Target = string.IsNullOrWhiteSpace(target) ? null : target.Trim() });
+
+    private Task UpdateValue(int index, DbActionStep step, string? value)
+        => ReplaceStep(index, step with { Value = string.IsNullOrEmpty(value) ? null : value });
+
+    private Task UpdateBooleanValue(int index, DbActionStep step, string? value)
+        => ReplaceStep(index, step with { Value = bool.TryParse(value, out bool parsed) ? parsed : null });
+
+    private Task UpdateMessage(int index, DbActionStep step, string? message)
+        => ReplaceStep(index, step with { Message = string.IsNullOrWhiteSpace(message) ? null : message });
+
+    private Task UpdateCondition(int index, DbActionStep step, string? condition)
+        => ReplaceStep(index, step with { Condition = string.IsNullOrWhiteSpace(condition) ? null : condition.Trim() });
+
+    private Task UpdateStepStopOnFailure(int index, DbActionStep step, bool stopOnFailure)
+        => ReplaceStep(index, step with { StopOnFailure = stopOnFailure });
+
+    private async Task UpdateArguments(int index, DbActionStep step, string text)
+    {
+        _argumentText[index] = text;
+        _argumentError = null;
+
+        if (string.IsNullOrWhiteSpace(text))
+        {
+            await ReplaceStep(index, step with { Arguments = null });
+            return;
+        }
+
+        try
+        {
+            IReadOnlyDictionary<string, object?>? arguments =
+                JsonSerializer.Deserialize<IReadOnlyDictionary<string, object?>>(text, JsonDefaults.Options);
+            await ReplaceStep(index, step with { Arguments = arguments });
+        }
+        catch (JsonException ex)
+        {
+            _argumentError = $"Invalid step arguments JSON: {ex.Message}";
+        }
+    }
+
+    private Task UpdateArgument(int index, DbActionStep step, string key, object? value)
+    {
+        var arguments = step.Arguments?.ToDictionary(pair => pair.Key, pair => pair.Value, StringComparer.OrdinalIgnoreCase)
+            ?? new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+        if (value is string text && string.IsNullOrWhiteSpace(text))
+            arguments.Remove(key);
+        else
+            arguments[key] = value;
+
+        _argumentText[index] = FormatArguments(arguments);
+        return ReplaceStep(index, step with { Arguments = arguments.Count == 0 ? null : arguments });
+    }
+
+    private Task ReplaceStep(int index, DbActionStep step)
+    {
+        DbActionSequence sequence = CurrentSequence();
+        List<DbActionStep> steps = sequence.Steps.ToList();
+        if (index < 0 || index >= steps.Count)
+            return Task.CompletedTask;
+
+        steps[index] = step;
+        return UpdateSequence(sequence with { Steps = steps });
+    }
+
+    private Task UpdateSequence(DbActionSequence sequence)
+        => ActionSequenceChanged.InvokeAsync(sequence);
+
+    private DbActionSequence CurrentSequence()
+        => ActionSequence ?? new DbActionSequence([]);
+
+    private DbActionStep CreateDefaultStep(DbActionKind kind)
+        => kind switch
+        {
+            DbActionKind.RunCommand => new DbActionStep(kind, CommandName: RegisteredCommands.FirstOrDefault()?.Name),
+            DbActionKind.RunActionSequence => new DbActionStep(kind, SequenceName: FirstAvailableActionSequenceName()),
+            DbActionKind.SetFieldValue => new DbActionStep(kind, Target: string.Empty, Value: string.Empty),
+            DbActionKind.GoToRecord => new DbActionStep(kind, Value: string.Empty),
+            DbActionKind.OpenForm => new DbActionStep(kind, Target: string.Empty),
+            DbActionKind.ApplyFilter => new DbActionStep(kind, Target: "form", Value: string.Empty),
+            DbActionKind.ClearFilter => new DbActionStep(kind, Target: "form"),
+            DbActionKind.RunSql => new DbActionStep(kind, Value: string.Empty),
+            DbActionKind.RunProcedure => new DbActionStep(kind, Target: string.Empty),
+            DbActionKind.SetControlProperty => new DbActionStep(
+                kind,
+                Target: string.Empty,
+                Value: string.Empty,
+                Arguments: new Dictionary<string, object?> { ["property"] = "visible" }),
+            DbActionKind.SetControlVisibility or
+            DbActionKind.SetControlEnabled or
+            DbActionKind.SetControlReadOnly => new DbActionStep(kind, Target: string.Empty, Value: true),
+            DbActionKind.ShowMessage => new DbActionStep(kind, Message: string.Empty),
+            DbActionKind.Stop => new DbActionStep(kind),
+            _ => new DbActionStep(kind),
+        };
+
+    private static string GetArgumentText(DbActionStep step, string key)
+        => step.Arguments is not null && step.Arguments.TryGetValue(key, out object? value)
+            ? value?.ToString() ?? string.Empty
+            : string.Empty;
+
+    private string GetArgumentsText(int index, DbActionStep step)
+    {
+        if (_argumentText.TryGetValue(index, out string? text))
+            return text;
+
+        text = FormatArguments(step.Arguments);
+        _argumentText[index] = text;
+        return text;
+    }
+
+    private void RebuildArgumentText(IReadOnlyList<DbActionStep> steps)
+    {
+        _argumentText.Clear();
+        for (int i = 0; i < steps.Count; i++)
+            _argumentText[i] = FormatArguments(steps[i].Arguments);
+    }
+
+    private bool ShouldRenderMissingCommand(string? commandName)
+        => !string.IsNullOrWhiteSpace(commandName)
+            && RegisteredCommands.All(command => !string.Equals(command.Name, commandName, StringComparison.OrdinalIgnoreCase));
+
+    private bool ShouldRenderMissingActionSequence(string? sequenceName)
+        => !string.IsNullOrWhiteSpace(sequenceName)
+            && AvailableActionSequences.All(sequence => !string.Equals(sequence.Name, sequenceName, StringComparison.OrdinalIgnoreCase));
+
+    private string? FirstAvailableActionSequenceName()
+        => AvailableActionSequences.FirstOrDefault(sequence => !string.IsNullOrWhiteSpace(sequence.Name))?.Name;
+
+    private static string FormatArguments(IReadOnlyDictionary<string, object?>? arguments)
+        => arguments is null || arguments.Count == 0
+            ? string.Empty
+            : JsonSerializer.Serialize(arguments, new JsonSerializerOptions(JsonDefaults.Options) { WriteIndented = true });
+
+    private static string FormatValue(object? value)
+        => value switch
+        {
+            null => string.Empty,
+            JsonElement { ValueKind: JsonValueKind.String } json => json.GetString() ?? string.Empty,
+            JsonElement json => json.ToString(),
+            _ => value.ToString() ?? string.Empty,
+        };
+
+    private static string GetActionLabel(DbActionKind kind)
+        => kind switch
+        {
+            DbActionKind.RunCommand => "Run Command",
+            DbActionKind.RunActionSequence => "Run Action Sequence",
+            DbActionKind.SetFieldValue => "Set Field Value",
+            DbActionKind.ShowMessage => "Show Message",
+            DbActionKind.Stop => "Stop",
+            DbActionKind.NewRecord => "New Record",
+            DbActionKind.SaveRecord => "Save Record",
+            DbActionKind.DeleteRecord => "Delete Record",
+            DbActionKind.RefreshRecords => "Refresh Records",
+            DbActionKind.PreviousRecord => "Previous Record",
+            DbActionKind.NextRecord => "Next Record",
+            DbActionKind.GoToRecord => "Go To Record",
+            _ => kind.ToString(),
+        };
+}
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/ChildDataGrid.razor b/src/CSharpDB.Admin.Forms/Components/Designer/ChildDataGrid.razor
index cbc87210..ad3870cb 100644
--- a/src/CSharpDB.Admin.Forms/Components/Designer/ChildDataGrid.razor
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/ChildDataGrid.razor
@@ -1,10 +1,11 @@
 @using CSharpDB.Admin.Forms.Models
 @using CSharpDB.Admin.Forms.Contracts
+@using CSharpDB.Admin.Forms.Services
 @inject IFormRecordService RecordService
 
 <div class="child-datagrid">
     <div class="cdg-toolbar">
-        <span class="cdg-title">@ChildTableName (@_rows.Count)</span>
+        <span class="cdg-title">@GetTitleText()</span>
         @if (AllowAdd)
         {
             <button class="cdg-btn cdg-btn-add" @onclick="AddRow" disabled="@_saving">+ New</button>
@@ -76,14 +77,35 @@
                     @if (_rows.Count == 0)
                     {
                         <tr>
-                            <td colspan="@(VisibleColumns.Count + (AllowDelete ? 1 : 0))" class="cdg-empty">
-                                No child records.
+                            <td colspan="@GetEmptyColumnSpan()" class="cdg-empty">
+                                @(IsStandalone ? "No records." : "No child records.")
                             </td>
                         </tr>
                     }
                 </tbody>
             </table>
         </div>
+        @if (IsStandalone)
+        {
+            <div class="cdg-pagination">
+                <div class="cdg-page-size">
+                    <select value="@_pageSize" @onchange="OnPageSizeChanged" disabled="@_saving">
+                        <option value="10">10 rows</option>
+                        <option value="25">25 rows</option>
+                        <option value="50">50 rows</option>
+                        <option value="100">100 rows</option>
+                    </select>
+                </div>
+                <div class="cdg-page-controls">
+                    <button type="button" class="cdg-page-btn" disabled="@(_pageNumber <= 1 || _saving)" @onclick="() => GoToPageAsync(1)">&laquo;</button>
+                    <button type="button" class="cdg-page-btn" disabled="@(_pageNumber <= 1 || _saving)" @onclick="() => GoToPageAsync(_pageNumber - 1)">&lsaquo;</button>
+                    <span class="cdg-page-info">Page @_pageNumber of @TotalPages</span>
+                    <button type="button" class="cdg-page-btn" disabled="@(_pageNumber >= TotalPages || _saving)" @onclick="() => GoToPageAsync(_pageNumber + 1)">&rsaquo;</button>
+                    <button type="button" class="cdg-page-btn" disabled="@(_pageNumber >= TotalPages || _saving)" @onclick="() => GoToPageAsync(TotalPages)">&raquo;</button>
+                </div>
+                <div class="cdg-row-count">@GetVisibleRangeText()</div>
+            </div>
+        }
     }
 </div>
 
@@ -91,6 +113,7 @@
     [Parameter, EditorRequired] public string ChildTableName { get; set; } = "";
     [Parameter, EditorRequired] public string ForeignKeyField { get; set; } = "";
     [Parameter, EditorRequired] public object? ParentKeyValue { get; set; }
+    [Parameter] public bool IsStandalone { get; set; }
     [Parameter] public List<string> VisibleColumns { get; set; } = [];
     [Parameter] public bool AllowAdd { get; set; } = true;
     [Parameter] public bool AllowEdit { get; set; } = true;
@@ -99,6 +122,8 @@
     [Parameter] public bool EnableRowSelection { get; set; }
     [Parameter] public EventCallback<Dictionary<string, object?>?> OnRowSelected { get; set; }
     [Parameter] public EventCallback OnRowsChanged { get; set; }
+    [Parameter] public string? FilterExpression { get; set; }
+    [Parameter] public IReadOnlyDictionary<string, object?>? FilterParameters { get; set; }
 
     private List<Dictionary<string, object?>> _rows = [];
     private bool _loading = true;
@@ -111,6 +136,15 @@
     private string? _lastChildTableName;
     private string? _lastForeignKeyField;
     private string? _lastChildTableDefinitionName;
+    private string? _lastFilterExpression;
+    private string _lastFilterParametersKey = string.Empty;
+    private bool _lastIsStandalone;
+    private int _pageNumber = 1;
+    private int _pageSize = 25;
+    private int _totalCount;
+
+    private int TotalPages => Math.Max(1, (int)Math.Ceiling(_totalCount / (double)_pageSize));
+    private bool HasActiveFilter => !string.IsNullOrWhiteSpace(FilterExpression);
 
     protected override async Task OnParametersSetAsync()
     {
@@ -118,13 +152,23 @@
         bool childTableChanged = !string.Equals(_lastChildTableName, ChildTableName, StringComparison.OrdinalIgnoreCase);
         bool foreignKeyChanged = !string.Equals(_lastForeignKeyField, ForeignKeyField, StringComparison.OrdinalIgnoreCase);
         bool definitionChanged = !string.Equals(_lastChildTableDefinitionName, ChildFormTableDefinition?.TableName, StringComparison.OrdinalIgnoreCase);
+        string filterParametersKey = FormatFilterParameterKey(FilterParameters);
+        bool filterChanged = !string.Equals(_lastFilterExpression, FilterExpression, StringComparison.Ordinal) ||
+            !string.Equals(_lastFilterParametersKey, filterParametersKey, StringComparison.Ordinal);
+        bool modeChanged = _lastIsStandalone != IsStandalone;
 
-        if (parentChanged || childTableChanged || foreignKeyChanged || definitionChanged)
+        if (parentChanged || childTableChanged || foreignKeyChanged || definitionChanged || filterChanged || modeChanged)
         {
+            if (childTableChanged || definitionChanged || filterChanged || modeChanged)
+                _pageNumber = 1;
+
             _lastParentKeyValue = ParentKeyValue;
             _lastChildTableName = ChildTableName;
             _lastForeignKeyField = ForeignKeyField;
             _lastChildTableDefinitionName = ChildFormTableDefinition?.TableName;
+            _lastFilterExpression = FilterExpression;
+            _lastFilterParametersKey = filterParametersKey;
+            _lastIsStandalone = IsStandalone;
             await LoadChildRecords();
         }
     }
@@ -143,15 +187,59 @@
             if (ChildFormTableDefinition is null)
             {
                 _rows = [];
+                _totalCount = 0;
                 return;
             }
 
+            if (IsStandalone)
+            {
+                if (TryGetActiveFilter(out FormFilterExpression? standaloneFilter, out IReadOnlyDictionary<string, object?> standaloneParameters, out string? standaloneFilterError))
+                {
+                    if (standaloneFilterError is not null)
+                        throw new InvalidOperationException(standaloneFilterError);
+
+                    List<Dictionary<string, object?>> filteredRows = (await RecordService.ListRecordsAsync(ChildFormTableDefinition))
+                        .Where(row => standaloneFilter!.Evaluate(row, standaloneParameters))
+                        .ToList();
+                    int totalPages = filteredRows.Count == 0 ? 1 : (int)Math.Ceiling(filteredRows.Count / (double)_pageSize);
+                    _pageNumber = Math.Clamp(_pageNumber, 1, totalPages);
+                    _totalCount = filteredRows.Count;
+                    _rows = filteredRows
+                        .Skip((_pageNumber - 1) * _pageSize)
+                        .Take(_pageSize)
+                        .ToList();
+                    return;
+                }
+
+                FormRecordPage page = await RecordService.ListRecordPageAsync(ChildFormTableDefinition, _pageNumber, _pageSize);
+                _pageNumber = page.PageNumber;
+                _pageSize = page.PageSize;
+                _totalCount = page.TotalCount;
+                _rows = page.Records.ToList();
+                return;
+            }
+
+            if (string.IsNullOrWhiteSpace(ForeignKeyField))
+                throw new InvalidOperationException("The related DataGrid foreign key field is not configured.");
+
             _rows = await RecordService.ListFilteredRecordsAsync(ChildFormTableDefinition, ForeignKeyField, ParentKeyValue);
+            if (TryGetActiveFilter(out FormFilterExpression? relatedFilter, out IReadOnlyDictionary<string, object?> relatedParameters, out string? relatedFilterError))
+            {
+                if (relatedFilterError is not null)
+                    throw new InvalidOperationException(relatedFilterError);
+
+                _rows = _rows
+                    .Where(row => relatedFilter!.Evaluate(row, relatedParameters))
+                    .ToList();
+            }
+
+            _totalCount = _rows.Count;
         }
         catch (Exception ex)
         {
             _error = $"Failed to load: {ex.Message}";
             _rows = [];
+            _totalCount = 0;
         }
         finally
         {
@@ -168,12 +256,29 @@
             if (ChildFormTableDefinition is null)
                 throw new InvalidOperationException($"The child table '{ChildTableName}' is not available.");
 
-            var newRow = new Dictionary<string, object?>
+            var newRow = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+            if (!IsStandalone)
             {
-                [ForeignKeyField] = ParentKeyValue
-            };
+                if (string.IsNullOrWhiteSpace(ForeignKeyField))
+                    throw new InvalidOperationException("The related DataGrid foreign key field is not configured.");
+
+                newRow[ForeignKeyField] = ParentKeyValue;
+            }
+
             var created = await RecordService.CreateRecordAsync(ChildFormTableDefinition, newRow);
-            _rows.Add(created);
+            if (IsStandalone || HasActiveFilter)
+            {
+                if (IsStandalone)
+                    _pageNumber = GetTotalPages(_totalCount + 1, _pageSize);
+
+                await LoadChildRecords();
+            }
+            else
+            {
+                _rows.Add(created);
+                _totalCount = _rows.Count;
+            }
+
             if (OnRowsChanged.HasDelegate)
                 await OnRowsChanged.InvokeAsync();
         }
@@ -242,19 +347,31 @@
                 throw new InvalidOperationException($"The child table '{ChildTableName}' is not available.");
 
             await RecordService.DeleteRecordAsync(ChildFormTableDefinition, pk);
-            _rows.RemoveAt(rowIdx);
-            if (OnRowsChanged.HasDelegate)
-                await OnRowsChanged.InvokeAsync();
-            if (_editingRow == rowIdx) StopEditing();
-            if (_selectedRowIndex == rowIdx)
+            if (IsStandalone)
             {
-                _selectedRowIndex = -1;
-                await OnRowSelected.InvokeAsync(null);
+                if (_rows.Count == 1 && _pageNumber > 1)
+                    _pageNumber--;
+
+                await LoadChildRecords();
             }
-            else if (_selectedRowIndex > rowIdx)
+            else
             {
-                _selectedRowIndex--;
+                _rows.RemoveAt(rowIdx);
+                _totalCount = _rows.Count;
+                if (_editingRow == rowIdx) StopEditing();
+                if (_selectedRowIndex == rowIdx)
+                {
+                    _selectedRowIndex = -1;
+                    await OnRowSelected.InvokeAsync(null);
+                }
+                else if (_selectedRowIndex > rowIdx)
+                {
+                    _selectedRowIndex--;
+                }
             }
+
+            if (OnRowsChanged.HasDelegate)
+                await OnRowsChanged.InvokeAsync();
         }
         catch (Exception ex)
         {
@@ -318,4 +435,105 @@
         }
         return fieldName;
     }
+
+    private int GetEmptyColumnSpan()
+        => Math.Max(1, VisibleColumns.Count + (AllowDelete ? 1 : 0));
+
+    private async Task GoToPageAsync(int pageNumber)
+    {
+        if (!IsStandalone || _saving)
+            return;
+
+        int targetPage = Math.Clamp(pageNumber, 1, TotalPages);
+        if (targetPage == _pageNumber && _rows.Count > 0)
+            return;
+
+        _pageNumber = targetPage;
+        await LoadChildRecords();
+    }
+
+    private async Task OnPageSizeChanged(ChangeEventArgs e)
+    {
+        if (!IsStandalone || _saving)
+            return;
+
+        if (!int.TryParse(e.Value?.ToString(), out int pageSize) || pageSize < 1)
+            return;
+
+        pageSize = Math.Clamp(pageSize, 1, 500);
+        if (pageSize == _pageSize)
+            return;
+
+        _pageSize = pageSize;
+        _pageNumber = 1;
+        await LoadChildRecords();
+    }
+
+    private string GetTitleText()
+        => IsStandalone
+            ? $"{ChildTableName} ({_totalCount} rows)"
+            : $"{ChildTableName} ({_rows.Count})";
+
+    private string GetVisibleRangeText()
+    {
+        if (_totalCount == 0 || _rows.Count == 0)
+            return "0 rows";
+
+        int first = ((_pageNumber - 1) * _pageSize) + 1;
+        int last = first + _rows.Count - 1;
+        return $"{first}-{last} of {_totalCount}";
+    }
+
+    private static int GetTotalPages(int totalCount, int pageSize)
+        => Math.Max(1, (int)Math.Ceiling(totalCount / (double)pageSize));
+
+    private bool TryGetActiveFilter(
+        out FormFilterExpression? filter,
+        out IReadOnlyDictionary<string, object?> parameters,
+        out string? error)
+    {
+        filter = null;
+        parameters = FilterParameters ?? EmptyObjectDictionary.Instance;
+        error = null;
+
+        if (!HasActiveFilter)
+            return false;
+
+        if (!FormFilterExpression.TryParse(FilterExpression!, ChildFormTableDefinition, out filter, out string? parseError))
+        {
+            error = $"Invalid DataGrid filter: {parseError}";
+            return true;
+        }
+
+        IReadOnlyDictionary<string, object?> parameterSnapshot = parameters;
+        string? missingParameter = filter!.Parameters.FirstOrDefault(parameter => !parameterSnapshot.ContainsKey(parameter));
+        if (missingParameter is not null)
+        {
+            error = $"DataGrid filter is missing parameter '@{missingParameter}'.";
+            return true;
+        }
+
+        return true;
+    }
+
+    private static string FormatFilterParameterKey(IReadOnlyDictionary<string, object?>? parameters)
+    {
+        if (parameters is null || parameters.Count == 0)
+            return string.Empty;
+
+        return string.Join(
+            "\u001f",
+            parameters
+                .OrderBy(pair => pair.Key, StringComparer.OrdinalIgnoreCase)
+                .Select(pair => $"{pair.Key}={FormatFilterParameterValue(pair.Value)}"));
+    }
+
+    private static string FormatFilterParameterValue(object? value)
+        => value is null ? "<null>" : $"{value.GetType().FullName}:{value}";
+
+    private static class EmptyObjectDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, object?> Instance =
+            new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+    }
 }
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/ControlEventBindingsEditor.razor b/src/CSharpDB.Admin.Forms/Components/Designer/ControlEventBindingsEditor.razor
new file mode 100644
index 00000000..2f74b955
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/ControlEventBindingsEditor.razor
@@ -0,0 +1,206 @@
+@using System.Text.Json
+@using CSharpDB.Admin.Forms.Models
+@using CSharpDB.Admin.Forms.Serialization
+@using CSharpDB.Primitives
+@inject DbCommandRegistry CommandRegistry
+
+<div class="feb-container">
+    @if (EventBindings.Count == 0)
+    {
+        <div class="feb-empty">No control events</div>
+    }
+
+    @for (int i = 0; i < EventBindings.Count; i++)
+    {
+        var idx = i;
+        var binding = EventBindings[idx];
+        <div class="feb-entry">
+            <div class="feb-row">
+                <div class="feb-field">
+                    <label>Event</label>
+                    <select value="@binding.Event" @onchange="@(e => UpdateEvent(idx, binding, e.Value?.ToString()))">
+                        @foreach (var eventKind in EventKinds)
+                        {
+                            <option value="@eventKind">@eventKind</option>
+                        }
+                    </select>
+                </div>
+                <button class="feb-btn feb-btn-remove" @onclick="@(() => RemoveBinding(idx))" title="Remove event">x</button>
+            </div>
+
+            <div class="feb-field">
+                <label>Command</label>
+                @if (RegisteredCommands.Count > 0)
+                {
+                    <select value="@binding.CommandName" @onchange="@(e => UpdateCommand(idx, binding, e.Value?.ToString() ?? string.Empty))">
+                        <option value="">-- Select command --</option>
+                        @if (ShouldRenderMissingCommand(binding.CommandName))
+                        {
+                            <option value="@binding.CommandName">@($"{binding.CommandName} (missing)")</option>
+                        }
+                        @foreach (DbCommandDefinition command in RegisteredCommands)
+                        {
+                            <option value="@command.Name">@command.Name</option>
+                        }
+                    </select>
+                }
+                else
+                {
+                    <input type="text"
+                           value="@binding.CommandName"
+                           @onchange="@(e => UpdateCommand(idx, binding, e.Value?.ToString() ?? string.Empty))" />
+                }
+            </div>
+
+            <div class="feb-field">
+                <label>
+                    <input type="checkbox"
+                           checked="@binding.StopOnFailure"
+                           @onchange="@(e => UpdateStopOnFailure(idx, binding, e.Value is bool b && b))" />
+                    Stop On Failure
+                </label>
+            </div>
+
+            <div class="feb-field">
+                <label>Arguments</label>
+                <textarea class="feb-arguments"
+                          value="@GetArgumentsText(idx, binding)"
+                          placeholder="{&quot;source&quot;:&quot;control&quot;}"
+                          @onchange="@(e => UpdateArguments(idx, binding, e.Value?.ToString() ?? string.Empty))"></textarea>
+            </div>
+
+            <div class="feb-field">
+                <label>Action Sequence</label>
+                <ActionSequenceEditor ActionSequence="binding.ActionSequence"
+                                      AvailableActionSequences="ActionSequences"
+                                      ActionSequenceChanged="@(sequence => UpdateActionSequence(idx, binding, sequence))" />
+            </div>
+        </div>
+    }
+
+    @if (!string.IsNullOrWhiteSpace(_argumentError))
+    {
+        <div class="feb-error">@_argumentError</div>
+    }
+
+    <button class="feb-btn feb-btn-add" @onclick="AddBinding">+ Add Event</button>
+</div>
+
+@code {
+    [Parameter, EditorRequired] public IReadOnlyList<ControlEventBinding> EventBindings { get; set; } = [];
+    [Parameter] public IReadOnlyList<DbActionSequence> ActionSequences { get; set; } = [];
+    [Parameter] public EventCallback<IReadOnlyList<ControlEventBinding>> EventBindingsChanged { get; set; }
+
+    private readonly Dictionary<int, string> _argumentText = [];
+    private string? _argumentError;
+
+    private static readonly ControlEventKind[] EventKinds = Enum.GetValues<ControlEventKind>();
+
+    private IReadOnlyList<DbCommandDefinition> RegisteredCommands => CommandRegistry.Commands.ToList();
+
+    protected override void OnParametersSet()
+    {
+        for (int i = 0; i < EventBindings.Count; i++)
+            _argumentText.TryAdd(i, FormatArguments(EventBindings[i].Arguments));
+
+        foreach (int staleIndex in _argumentText.Keys.Where(index => index >= EventBindings.Count).ToList())
+            _argumentText.Remove(staleIndex);
+    }
+
+    private async Task AddBinding()
+    {
+        string commandName = RegisteredCommands.Count > 0 ? RegisteredCommands[0].Name : string.Empty;
+        var updated = EventBindings
+            .Append(new ControlEventBinding(ControlEventKind.OnClick, commandName))
+            .ToList();
+        _argumentText[updated.Count - 1] = string.Empty;
+        await EventBindingsChanged.InvokeAsync(updated);
+    }
+
+    private async Task RemoveBinding(int index)
+    {
+        var updated = EventBindings.ToList();
+        if (index < 0 || index >= updated.Count)
+            return;
+
+        updated.RemoveAt(index);
+        RebuildArgumentText(updated);
+        await EventBindingsChanged.InvokeAsync(updated);
+    }
+
+    private Task UpdateEvent(int index, ControlEventBinding binding, string? value)
+    {
+        if (!Enum.TryParse(value, ignoreCase: true, out ControlEventKind eventKind))
+            return Task.CompletedTask;
+
+        return ReplaceBinding(index, binding with { Event = eventKind });
+    }
+
+    private Task UpdateCommand(int index, ControlEventBinding binding, string commandName)
+        => ReplaceBinding(index, binding with { CommandName = commandName.Trim() });
+
+    private Task UpdateStopOnFailure(int index, ControlEventBinding binding, bool stopOnFailure)
+        => ReplaceBinding(index, binding with { StopOnFailure = stopOnFailure });
+
+    private async Task UpdateArguments(int index, ControlEventBinding binding, string text)
+    {
+        _argumentText[index] = text;
+        _argumentError = null;
+
+        if (string.IsNullOrWhiteSpace(text))
+        {
+            await ReplaceBinding(index, binding with { Arguments = null });
+            return;
+        }
+
+        try
+        {
+            IReadOnlyDictionary<string, object?>? arguments =
+                JsonSerializer.Deserialize<IReadOnlyDictionary<string, object?>>(text, JsonDefaults.Options);
+            await ReplaceBinding(index, binding with { Arguments = arguments });
+        }
+        catch (JsonException ex)
+        {
+            _argumentError = $"Invalid arguments JSON: {ex.Message}";
+        }
+    }
+
+    private Task UpdateActionSequence(int index, ControlEventBinding binding, DbActionSequence? actionSequence)
+        => ReplaceBinding(index, binding with { ActionSequence = actionSequence });
+
+    private async Task ReplaceBinding(int index, ControlEventBinding binding)
+    {
+        var updated = EventBindings.ToList();
+        if (index < 0 || index >= updated.Count)
+            return;
+
+        updated[index] = binding;
+        await EventBindingsChanged.InvokeAsync(updated);
+    }
+
+    private string GetArgumentsText(int index, ControlEventBinding binding)
+    {
+        if (_argumentText.TryGetValue(index, out string? text))
+            return text;
+
+        text = FormatArguments(binding.Arguments);
+        _argumentText[index] = text;
+        return text;
+    }
+
+    private void RebuildArgumentText(IReadOnlyList<ControlEventBinding> updated)
+    {
+        _argumentText.Clear();
+        for (int i = 0; i < updated.Count; i++)
+            _argumentText[i] = FormatArguments(updated[i].Arguments);
+    }
+
+    private bool ShouldRenderMissingCommand(string commandName)
+        => !string.IsNullOrWhiteSpace(commandName)
+            && RegisteredCommands.All(command => !string.Equals(command.Name, commandName, StringComparison.OrdinalIgnoreCase));
+
+    private static string FormatArguments(IReadOnlyDictionary<string, object?>? arguments)
+        => arguments is null || arguments.Count == 0
+            ? string.Empty
+            : JsonSerializer.Serialize(arguments, new JsonSerializerOptions(JsonDefaults.Options) { WriteIndented = true });
+}
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/ControlRulesEditor.razor b/src/CSharpDB.Admin.Forms/Components/Designer/ControlRulesEditor.razor
new file mode 100644
index 00000000..6997a43b
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/ControlRulesEditor.razor
@@ -0,0 +1,246 @@
+@using System.Text.Json
+@using CSharpDB.Admin.Forms.Models
+@using CSharpDB.Admin.Forms.Serialization
+
+<div class="feb-container">
+    @if (Rules.Count == 0)
+    {
+        <div class="feb-empty">No control rules</div>
+    }
+
+    @for (int i = 0; i < Rules.Count; i++)
+    {
+        var ruleIndex = i;
+        var rule = Rules[ruleIndex];
+        <div class="feb-entry">
+            <div class="feb-row">
+                <div class="feb-field">
+                    <label>Rule ID</label>
+                    <input type="text"
+                           value="@rule.RuleId"
+                           @onchange="@(e => UpdateRuleId(ruleIndex, rule, e.Value?.ToString() ?? string.Empty))" />
+                </div>
+                <button class="feb-btn feb-btn-remove" @onclick="@(() => RemoveRule(ruleIndex))" title="Remove rule">x</button>
+            </div>
+
+            <div class="feb-field">
+                <label>Description</label>
+                <input type="text"
+                       value="@rule.Description"
+                       @onchange="@(e => UpdateDescription(ruleIndex, rule, e.Value?.ToString()))" />
+            </div>
+
+            <div class="feb-field">
+                <label>Condition</label>
+                <textarea class="feb-arguments"
+                          value="@rule.Condition"
+                          placeholder="[Status] = 'Closed'"
+                          @onchange="@(e => UpdateCondition(ruleIndex, rule, e.Value?.ToString() ?? string.Empty))"></textarea>
+            </div>
+
+            <div class="feb-field">
+                <label>Effects</label>
+                @for (int effectIndex = 0; effectIndex < rule.Effects.Count; effectIndex++)
+                {
+                    var idx = effectIndex;
+                    var effect = rule.Effects[idx];
+                    <div class="feb-entry">
+                        <div class="feb-row">
+                            <div class="feb-field">
+                                <label>Control</label>
+                                <select value="@effect.ControlId" @onchange="@(e => UpdateEffectControl(ruleIndex, idx, rule, effect, e.Value?.ToString() ?? string.Empty))">
+                                    <option value="">-- Select control --</option>
+                                    @if (ShouldRenderMissingControl(effect.ControlId))
+                                    {
+                                        <option value="@effect.ControlId">@($"{effect.ControlId} (missing)")</option>
+                                    }
+                                    @foreach (ControlDefinition control in Controls)
+                                    {
+                                        <option value="@control.ControlId">@GetControlLabel(control)</option>
+                                    }
+                                </select>
+                            </div>
+                            <button class="feb-btn feb-btn-remove" @onclick="@(() => RemoveEffect(ruleIndex, idx, rule))" title="Remove effect">x</button>
+                        </div>
+                        <div class="feb-field">
+                            <label>Property</label>
+                            <select value="@effect.Property" @onchange="@(e => UpdateEffectProperty(ruleIndex, idx, rule, effect, e.Value?.ToString() ?? string.Empty))">
+                                @foreach (string property in SupportedProperties)
+                                {
+                                    <option value="@property">@property</option>
+                                }
+                            </select>
+                        </div>
+                        <div class="feb-field">
+                            <label>Value</label>
+                            <textarea class="feb-arguments"
+                                      value="@FormatValue(effect.Value)"
+                                      @onchange="@(e => UpdateEffectValue(ruleIndex, idx, rule, effect, e.Value?.ToString() ?? string.Empty))"></textarea>
+                        </div>
+                    </div>
+                }
+
+                <button class="feb-btn feb-btn-add" @onclick="@(() => AddEffect(ruleIndex, rule))">+ Add Effect</button>
+            </div>
+        </div>
+    }
+
+    <button class="feb-btn feb-btn-add" @onclick="AddRule">+ Add Rule</button>
+</div>
+
+@code {
+    [Parameter, EditorRequired] public IReadOnlyList<ControlRuleDefinition> Rules { get; set; } = [];
+    [Parameter] public IReadOnlyList<ControlDefinition> Controls { get; set; } = [];
+    [Parameter] public EventCallback<IReadOnlyList<ControlRuleDefinition>> RulesChanged { get; set; }
+
+    private static readonly string[] SupportedProperties =
+    [
+        "visible",
+        "enabled",
+        "readOnly",
+        "required",
+        "styleVariant",
+        "validationMessage",
+        "text",
+        "value",
+        "placeholder",
+    ];
+
+    private async Task AddRule()
+    {
+        var updated = Rules
+            .Append(new ControlRuleDefinition(NextRuleId(), string.Empty, []))
+            .ToList();
+        await RulesChanged.InvokeAsync(updated);
+    }
+
+    private async Task RemoveRule(int index)
+    {
+        var updated = Rules.ToList();
+        if (index < 0 || index >= updated.Count)
+            return;
+
+        updated.RemoveAt(index);
+        await RulesChanged.InvokeAsync(updated);
+    }
+
+    private Task UpdateRuleId(int index, ControlRuleDefinition rule, string value)
+        => ReplaceRule(index, rule with { RuleId = value.Trim() });
+
+    private Task UpdateDescription(int index, ControlRuleDefinition rule, string? value)
+        => ReplaceRule(index, rule with { Description = string.IsNullOrWhiteSpace(value) ? null : value.Trim() });
+
+    private Task UpdateCondition(int index, ControlRuleDefinition rule, string value)
+        => ReplaceRule(index, rule with { Condition = value.Trim() });
+
+    private async Task AddEffect(int ruleIndex, ControlRuleDefinition rule)
+    {
+        string controlId = Controls.FirstOrDefault()?.ControlId ?? string.Empty;
+        var updatedEffects = rule.Effects
+            .Append(new ControlRuleEffect(controlId, "visible", true))
+            .ToList();
+        await ReplaceRule(ruleIndex, rule with { Effects = updatedEffects });
+    }
+
+    private async Task RemoveEffect(int ruleIndex, int effectIndex, ControlRuleDefinition rule)
+    {
+        var updatedEffects = rule.Effects.ToList();
+        if (effectIndex < 0 || effectIndex >= updatedEffects.Count)
+            return;
+
+        updatedEffects.RemoveAt(effectIndex);
+        await ReplaceRule(ruleIndex, rule with { Effects = updatedEffects });
+    }
+
+    private Task UpdateEffectControl(int ruleIndex, int effectIndex, ControlRuleDefinition rule, ControlRuleEffect effect, string value)
+        => ReplaceEffect(ruleIndex, effectIndex, rule, effect with { ControlId = value.Trim() });
+
+    private Task UpdateEffectProperty(int ruleIndex, int effectIndex, ControlRuleDefinition rule, ControlRuleEffect effect, string value)
+        => ReplaceEffect(ruleIndex, effectIndex, rule, effect with { Property = value.Trim() });
+
+    private Task UpdateEffectValue(int ruleIndex, int effectIndex, ControlRuleDefinition rule, ControlRuleEffect effect, string value)
+        => ReplaceEffect(ruleIndex, effectIndex, rule, effect with { Value = ParseValue(value) });
+
+    private async Task ReplaceEffect(int ruleIndex, int effectIndex, ControlRuleDefinition rule, ControlRuleEffect effect)
+    {
+        var updatedEffects = rule.Effects.ToList();
+        if (effectIndex < 0 || effectIndex >= updatedEffects.Count)
+            return;
+
+        updatedEffects[effectIndex] = effect;
+        await ReplaceRule(ruleIndex, rule with { Effects = updatedEffects });
+    }
+
+    private async Task ReplaceRule(int index, ControlRuleDefinition rule)
+    {
+        var updated = Rules.ToList();
+        if (index < 0 || index >= updated.Count)
+            return;
+
+        updated[index] = rule;
+        await RulesChanged.InvokeAsync(updated);
+    }
+
+    private string NextRuleId()
+    {
+        const string prefix = "Rule";
+        HashSet<string> existing = Rules
+            .Select(rule => rule.RuleId)
+            .Where(ruleId => !string.IsNullOrWhiteSpace(ruleId))
+            .ToHashSet(StringComparer.OrdinalIgnoreCase);
+
+        for (int i = 1; ; i++)
+        {
+            string candidate = $"{prefix}{i}";
+            if (!existing.Contains(candidate))
+                return candidate;
+        }
+    }
+
+    private bool ShouldRenderMissingControl(string controlId)
+        => !string.IsNullOrWhiteSpace(controlId) &&
+            Controls.All(control => !string.Equals(control.ControlId, controlId, StringComparison.OrdinalIgnoreCase));
+
+    private static string GetControlLabel(ControlDefinition control)
+        => $"{control.ControlId} ({control.ControlType})";
+
+    private static string FormatValue(object? value)
+        => value switch
+        {
+            null => "null",
+            string text => text,
+            _ => JsonSerializer.Serialize(value, JsonDefaults.Options),
+        };
+
+    private static object? ParseValue(string text)
+    {
+        if (string.IsNullOrWhiteSpace(text))
+            return string.Empty;
+
+        try
+        {
+            using JsonDocument doc = JsonDocument.Parse(text);
+            return ReadJsonValue(doc.RootElement);
+        }
+        catch (JsonException)
+        {
+            return text;
+        }
+    }
+
+    private static object? ReadJsonValue(JsonElement value)
+        => value.ValueKind switch
+        {
+            JsonValueKind.Null => null,
+            JsonValueKind.True => true,
+            JsonValueKind.False => false,
+            JsonValueKind.String => value.GetString(),
+            JsonValueKind.Number => value.TryGetInt64(out long integer) ? integer : value.GetDouble(),
+            JsonValueKind.Object => value.EnumerateObject().ToDictionary(
+                static property => property.Name,
+                static property => ReadJsonValue(property.Value),
+                StringComparer.OrdinalIgnoreCase),
+            JsonValueKind.Array => value.EnumerateArray().Select(ReadJsonValue).ToArray(),
+            _ => value.ToString(),
+        };
+}
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/DesignCanvas.razor b/src/CSharpDB.Admin.Forms/Components/Designer/DesignCanvas.razor
index 0b1de80a..e07fa907 100644
--- a/src/CSharpDB.Admin.Forms/Components/Designer/DesignCanvas.razor
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/DesignCanvas.razor
@@ -1,5 +1,6 @@
 @using CSharpDB.Admin.Forms.Models
 @using CSharpDB.Admin.Forms.Components.Designer
+@using CSharpDB.Admin.Forms.Contracts
 @implements IDisposable
 
 <div class="design-canvas-wrapper">
@@ -23,6 +24,7 @@
 
         @foreach (var control in State.Controls)
         {
+            if (IsNestedControl(control)) continue;
             if (!State.IsVisibleAtBreakpoint(control)) continue;
             var isSelected = State.SelectedIds.Contains(control.ControlId);
             var c = control; // capture for lambda
@@ -32,7 +34,7 @@
                  @onpointerdown="e => OnItemPointerDown(e, c)"
                  @onpointerdown:stopPropagation="true">
 
-                @if (State.ShowTabOrder && c.Binding is not null)
+                @if (State.ShowTabOrder && IsTabOrderControl(c))
                 {
                     var tabIdx = GetTabIndex(c);
                     @if (tabIdx > 0)
@@ -42,8 +44,15 @@
                 }
 
                 <div class="design-item-content">
-                    @switch (c.ControlType)
+                    @if (TryGetDesignerPreviewComponent(c, out Type? designerPreviewComponent))
                     {
+                        <DynamicComponent Type="@designerPreviewComponent"
+                                          Parameters="GetDesignerPreviewParameters(c, isSelected, effectiveRect)" />
+                    }
+                    else
+                    {
+                        @switch (c.ControlType)
+                        {
                         case "label":
                             <span class="preview-label">@GetProp(c, "text", "Label")</span>
                             break;
@@ -67,18 +76,40 @@
                                 <option>@GetProp(c, "placeholder", "-- Select --")</option>
                             </select>
                             break;
+                        case "comboBox":
+                            <input type="text" class="preview-input" placeholder="@GetProp(c, "placeholder", "Search or select")" disabled />
+                            break;
+                        case "listBox":
+                            <select class="preview-input" size="@GetIntProp(c, "visibleRows", 5)" disabled>
+                                <option>Option 1</option>
+                                <option>Option 2</option>
+                                <option>Option 3</option>
+                            </select>
+                            break;
                         case "lookup":
                             var lkTable = GetProp(c, "lookupTable", "");
                             <select class="preview-input" disabled>
                                 <option>@(string.IsNullOrEmpty(lkTable) ? GetProp(c, "placeholder", "-- Select --") : $"Lookup: {lkTable}")</option>
                             </select>
                             break;
+                        case "optionGroup":
+                            <div class="preview-option-group">
+                                <span>&#x25CB; Option 1</span>
+                                <span>&#x25CB; Option 2</span>
+                            </div>
+                            break;
+                        case "toggleButton":
+                            <button class="preview-command-button" disabled>@GetProp(c, "text", c.Binding?.FieldName ?? "Toggle")</button>
+                            break;
                         case "computed":
                             var formula = GetProp(c, "formula", "");
                             <input type="text" class="preview-input preview-computed"
                                    placeholder="@(string.IsNullOrEmpty(formula) ? "Computed" : formula)"
                                    disabled />
                             break;
+                        case "commandButton":
+                            <button class="preview-command-button" disabled>@GetProp(c, "text", "Button")</button>
+                            break;
                         case "textarea":
                             <textarea class="preview-input" style="resize: none;" placeholder="@GetProp(c, "placeholder", "Text area")" disabled></textarea>
                             break;
@@ -87,11 +118,17 @@
                             break;
                         case "datagrid":
                             var childTbl = GetProp(c, "childTable", "");
+                            var dataGridMode = GetProp(c, "dataGridMode", "related");
+                            var dataGridLabel = string.IsNullOrEmpty(childTbl)
+                                ? "DataGrid (not configured)"
+                                : string.Equals(dataGridMode, "standalone", StringComparison.OrdinalIgnoreCase)
+                                    ? $"Table Grid: {childTbl}"
+                                    : $"Related Grid: {childTbl}";
                             var dgCols = GetListProp(c, "visibleColumns");
                             <div class="preview-datagrid">
                                 <div class="preview-datagrid-header">
                                     <span class="preview-datagrid-icon">&#x2637;</span>
-                                    @(string.IsNullOrEmpty(childTbl) ? "DataGrid (not configured)" : $"DataGrid: {childTbl}")
+                                    @dataGridLabel
                                 </div>
                                 <div class="preview-datagrid-body">
                                     <div class="preview-datagrid-row header-row">
@@ -155,9 +192,111 @@
                                 }
                             </div>
                             break;
-                        default:
-                            <span class="preview-label">[@c.ControlType]</span>
+                        case "tabControl":
+                            var tabPages = GetTabPages(c);
+                            var visibleTabPages = tabPages.Count > 0
+                                ? tabPages
+                                : new List<(string Id, string Label)> { ("tab1", "Page 1") };
+                            var activeTabPage = GetActiveDesignerTab(c, visibleTabPages);
+                            var tabChildControls = GetTabChildControls(c.ControlId, activeTabPage.Id);
+                            <div class="preview-childtabs preview-tab-designer">
+                                <div class="preview-childtabs-header">
+                                    <span class="preview-datagrid-icon">&#x25AB;</span>
+                                    @(tabPages.Count == 0 ? "Tab Control (no pages)" : "Tab Control")
+                                </div>
+                                <div class="preview-childtabs-tabbar">
+                                    @foreach (var tab in visibleTabPages)
+                                    {
+                                        var page = tab;
+                                        <button type="button"
+                                                class="@GetPreviewTabClass(activeTabPage.Id, page.Id)"
+                                                @onclick="@(() => SetActiveDesignerTab(c.ControlId, page.Id))"
+                                                @onclick:stopPropagation="true"
+                                                @onpointerdown:stopPropagation="true">
+                                            @(page.Label)
+                                        </button>
+                                    }
+                                </div>
+                                <div class="preview-childtabs-body preview-tab-page">
+                                    @if (tabChildControls.Count == 0)
+                                    {
+                                        <div class="preview-childtabs-empty">Assign child controls in the property inspector</div>
+                                    }
+                                    else
+                                    {
+                                        @foreach (var child in tabChildControls)
+                                        {
+                                            var tabChild = child;
+                                            var childSelected = State.SelectedIds.Contains(tabChild.ControlId);
+                                            <div class="@($"design-tab-child {(childSelected ? "selected" : "")}")"
+                                                 style="@GetTabChildStyle(tabChild)"
+                                                 title="@GetDesignControlTitle(tabChild)"
+                                                 @onpointerdown="e => OnItemPointerDown(e, tabChild)"
+                                                 @onpointerdown:stopPropagation="true">
+                                                @if (State.ShowTabOrder && IsTabOrderControl(tabChild))
+                                                {
+                                                    var tabIdx = GetTabIndex(tabChild);
+                                                    @if (tabIdx > 0)
+                                                    {
+                                                        <div class="tab-order-badge">@tabIdx</div>
+                                                    }
+                                                }
+
+                                                <div class="design-tab-child-content">
+                                                    @if (TryGetDesignerPreviewComponent(tabChild, out Type? tabChildDesignerPreviewComponent))
+                                                    {
+                                                        <DynamicComponent Type="@tabChildDesignerPreviewComponent"
+                                                                          Parameters="GetDesignerPreviewParameters(tabChild, childSelected, State.GetEffectiveRect(tabChild))" />
+                                                    }
+                                                    else
+                                                    {
+                                                        <span class="design-tab-child-type">@GetControlDisplayName(tabChild.ControlType)</span>
+                                                        <span class="design-tab-child-label">@GetDesignControlTitle(tabChild)</span>
+                                                    }
+                                                </div>
+
+                                                @if (childSelected)
+                                                {
+                                                    @foreach (var h in _handles)
+                                                    {
+                                                        var handle = h;
+                                                        <div class="@($"resize-handle {handle}")"
+                                                             @onpointerdown="e => OnResizePointerDown(e, tabChild, handle)"
+                                                             @onpointerdown:stopPropagation="true"></div>
+                                                    }
+                                                }
+                                            </div>
+                                        }
+                                    }
+                                </div>
+                            </div>
+                            break;
+                        case "subform":
+                            var formId = GetProp(c, "formId", "");
+                            <div class="preview-datagrid">
+                                <div class="preview-datagrid-header">
+                                    <span class="preview-datagrid-icon">&#x25A3;</span>
+                                    @(string.IsNullOrWhiteSpace(formId) ? "Subform (not configured)" : $"Subform: {formId}")
+                                </div>
+                                <div class="preview-childtabs-empty">Embedded form</div>
+                            </div>
+                            break;
+                        case "attachment":
+                            <div class="preview-attachment">
+                                <span>&#x2398;</span>
+                                <span>No file</span>
+                                <button disabled>Clear</button>
+                            </div>
                             break;
+                        case "image":
+                            <div class="preview-image">
+                                <span>Image preview</span>
+                            </div>
+                            break;
+                            default:
+                                <span class="preview-label">[@c.ControlType]</span>
+                                break;
+                        }
                     }
                 </div>
 
@@ -178,9 +317,11 @@
 
 @code {
     [CascadingParameter] public DesignerState State { get; set; } = default!;
+    [Inject] public IFormControlRegistry ControlRegistry { get; set; } = DefaultFormControlRegistry.Instance;
 
     private ElementReference _canvasRef;
     private static readonly string[] _handles = ["nw", "n", "ne", "e", "se", "s", "sw", "w"];
+    private readonly Dictionary<string, string> _activeDesignerTabs = new(StringComparer.Ordinal);
 
     // Marquee selection state
     private bool _isMarquee;
@@ -216,6 +357,183 @@
         return [];
     }
 
+    private static int GetIntProp(ControlDefinition c, string key, int fallback)
+    {
+        if (!c.Props.Values.TryGetValue(key, out var value) || value is null)
+            return fallback;
+
+        if (value is int i) return i;
+        if (value is long l) return (int)l;
+        if (value is double d) return (int)d;
+        if (value is System.Text.Json.JsonElement je && je.TryGetInt32(out var ji)) return ji;
+        return int.TryParse(value.ToString(), out var parsed) ? parsed : fallback;
+    }
+
+    private static bool IsNestedControl(ControlDefinition c)
+        => c.Props.Values.TryGetValue("parentControlId", out var value)
+           && !string.IsNullOrWhiteSpace(value?.ToString());
+
+    private static List<(string Id, string Label)> GetTabPages(ControlDefinition c)
+    {
+        if (!c.Props.Values.TryGetValue("tabs", out var value) || value is null)
+            return [];
+
+        if (value is System.Text.Json.JsonElement json && json.ValueKind == System.Text.Json.JsonValueKind.Array)
+        {
+            return json.EnumerateArray()
+                .Select(element => ReadTabPage(element))
+                .Where(tab => tab is not null)
+                .Select(tab => tab!.Value)
+                .ToList();
+        }
+
+        if (value is IEnumerable<object?> items)
+        {
+            return items
+                .Select(item => ReadTabPage(item))
+                .Where(tab => tab is not null)
+                .Select(tab => tab!.Value)
+                .ToList();
+        }
+
+        return [];
+    }
+
+    private static (string Id, string Label)? ReadTabPage(object? value)
+    {
+        if (value is System.Text.Json.JsonElement json)
+        {
+            if (json.ValueKind != System.Text.Json.JsonValueKind.Object)
+                return null;
+
+            var id = json.TryGetProperty("id", out var idValue) ? idValue.ToString() : "";
+            var label = json.TryGetProperty("label", out var labelValue) ? labelValue.ToString() : id;
+            return string.IsNullOrWhiteSpace(id) ? null : (id, string.IsNullOrWhiteSpace(label) ? id : label);
+        }
+
+        if (value is IReadOnlyDictionary<string, object?> readOnly)
+        {
+            var id = readOnly.TryGetValue("id", out var idValue) ? idValue?.ToString() ?? "" : "";
+            var label = readOnly.TryGetValue("label", out var labelValue) ? labelValue?.ToString() ?? id : id;
+            return string.IsNullOrWhiteSpace(id) ? null : (id, string.IsNullOrWhiteSpace(label) ? id : label);
+        }
+
+        if (value is IDictionary<string, object?> dictionary)
+        {
+            var id = dictionary.TryGetValue("id", out var idValue) ? idValue?.ToString() ?? "" : "";
+            var label = dictionary.TryGetValue("label", out var labelValue) ? labelValue?.ToString() ?? id : id;
+            return string.IsNullOrWhiteSpace(id) ? null : (id, string.IsNullOrWhiteSpace(label) ? id : label);
+        }
+
+        return null;
+    }
+
+    private (string Id, string Label) GetActiveDesignerTab(ControlDefinition control, IReadOnlyList<(string Id, string Label)> tabs)
+    {
+        if (tabs.Count == 0)
+            return ("tab1", "Page 1");
+
+        if (_activeDesignerTabs.TryGetValue(control.ControlId, out string? activeId))
+        {
+            var active = tabs.FirstOrDefault(tab => string.Equals(tab.Id, activeId, StringComparison.Ordinal));
+            if (!string.IsNullOrWhiteSpace(active.Id))
+                return active;
+        }
+
+        _activeDesignerTabs[control.ControlId] = tabs[0].Id;
+        return tabs[0];
+    }
+
+    private void SetActiveDesignerTab(string controlId, string tabId)
+    {
+        _activeDesignerTabs[controlId] = tabId;
+        StateHasChanged();
+    }
+
+    private static string GetPreviewTabClass(string activeTabId, string tabId)
+        => string.Equals(activeTabId, tabId, StringComparison.Ordinal)
+            ? "preview-childtabs-tab active"
+            : "preview-childtabs-tab";
+
+    private IReadOnlyList<ControlDefinition> GetTabChildControls(string parentControlId, string tabId)
+        => State.Controls
+            .Where(control => State.IsVisibleAtBreakpoint(control) && IsTabChildControl(control, parentControlId, tabId))
+            .ToList();
+
+    private static bool IsTabChildControl(ControlDefinition control, string parentControlId, string tabId)
+        => TryGetStringProp(control, "parentControlId", out string configuredParentId)
+           && string.Equals(configuredParentId, parentControlId, StringComparison.Ordinal)
+           && TryGetStringProp(control, "parentTabId", out string configuredTabId)
+           && string.Equals(configuredTabId, tabId, StringComparison.Ordinal);
+
+    private static bool TryGetStringProp(ControlDefinition control, string key, out string value)
+    {
+        value = string.Empty;
+        if (!control.Props.Values.TryGetValue(key, out object? raw) || raw is null)
+            return false;
+
+        if (raw is System.Text.Json.JsonElement json)
+            raw = json.ValueKind == System.Text.Json.JsonValueKind.String ? json.GetString() : json.ToString();
+
+        value = raw?.ToString() ?? string.Empty;
+        return !string.IsNullOrWhiteSpace(value);
+    }
+
+    private string GetTabChildStyle(ControlDefinition control)
+    {
+        var rect = State.GetEffectiveRect(control);
+        return FormattableString.Invariant($"left: {rect.X}px; top: {rect.Y}px; width: {rect.Width}px; height: {rect.Height}px;");
+    }
+
+    private string GetDesignControlTitle(ControlDefinition control)
+    {
+        var fieldName = control.Binding?.FieldName;
+        return control.ControlType switch
+        {
+            "label" => GetProp(control, "text", "Label"),
+            "checkbox" => GetProp(control, "text", fieldName ?? "Checkbox"),
+            "commandButton" => GetProp(control, "text", "Button"),
+            "toggleButton" => GetProp(control, "text", fieldName ?? "Toggle"),
+            "datagrid" => GetProp(control, "childTable", "DataGrid"),
+            "subform" => GetProp(control, "formId", "Subform"),
+            _ when !string.IsNullOrWhiteSpace(fieldName) => $"{GetControlDisplayName(control.ControlType)}: {fieldName}",
+            _ => GetControlDisplayName(control.ControlType)
+        };
+    }
+
+    private FormControlDescriptor? GetControlDescriptor(string controlType)
+        => ControlRegistry.TryGetControl(controlType, out FormControlDescriptor descriptor) ? descriptor : null;
+
+    private string GetControlDisplayName(string controlType)
+        => GetControlDescriptor(controlType)?.DisplayName ?? controlType;
+
+    private bool TryGetDesignerPreviewComponent(ControlDefinition control, out Type componentType)
+    {
+        componentType = default!;
+        FormControlDescriptor? descriptor = GetControlDescriptor(control.ControlType);
+        if (descriptor?.DesignerPreviewComponentType is null)
+            return false;
+
+        componentType = descriptor.DesignerPreviewComponentType;
+        return true;
+    }
+
+    private Dictionary<string, object?> GetDesignerPreviewParameters(ControlDefinition control, bool isSelected, Rect effectiveRect)
+    {
+        FormControlDescriptor descriptor = GetControlDescriptor(control.ControlType)
+            ?? new FormControlDescriptor
+            {
+                ControlType = control.ControlType,
+                DisplayName = control.ControlType,
+                ShowInToolbox = false,
+            };
+
+        return new Dictionary<string, object?>
+        {
+            ["Context"] = new FormControlDesignContext(control, State, isSelected, effectiveRect, descriptor),
+        };
+    }
+
     private void OnCanvasPointerDown(PointerEventArgs e)
     {
         if (e.Button != 0) return;
@@ -244,55 +562,17 @@
         var y = State.Snap(e.OffsetY);
         var controlType = State.ActiveTool!;
 
-        var (width, height) = controlType switch
-        {
-            "label" => (180.0, 34.0),
-            "checkbox" => (200.0, 34.0),
-            "textarea" => (320.0, 80.0),
-            "radio" => (200.0, 80.0),
-            "datagrid" => (560.0, 200.0),
-            "childtabs" => (600.0, 280.0),
-            _ => (320.0, 34.0)
-        };
-
-        var props = new Dictionary<string, object?>();
-        if (controlType == "label")
-            props["text"] = "Label";
-        if (controlType == "checkbox")
-            props["text"] = "Checkbox";
-        if (controlType == "datagrid")
-        {
-            props["childTable"] = "";
-            props["foreignKeyField"] = "";
-            props["parentKeyField"] = "";
-            props["foreignKeyName"] = "";
-            props["visibleColumns"] = Array.Empty<object?>();
-            props["allowAdd"] = true;
-            props["allowDelete"] = true;
-            props["allowEdit"] = true;
-        }
-        if (controlType == "childtabs")
-        {
-            props["tabs"] = Array.Empty<object?>();
-        }
-        if (controlType == "lookup")
-        {
-            props["lookupTable"] = "";
-            props["displayField"] = "";
-            props["valueField"] = "";
-            props["placeholder"] = "-- Select --";
-        }
-        if (controlType == "computed")
-        {
-            props["formula"] = "";
-            props["format"] = "";
-        }
+        FormControlDescriptor? descriptor = GetControlDescriptor(controlType);
+        var (width, height) = descriptor is null
+            ? (320.0, 34.0)
+            : (descriptor.DefaultWidth, descriptor.DefaultHeight);
+        Dictionary<string, object?> props = descriptor?.CreateDefaultProps() ?? [];
 
         var control = new ControlDefinition(
             ControlId: Guid.NewGuid().ToString("N"),
             ControlType: controlType,
             Rect: new Rect(x, y, width, height),
-            Binding: (controlType is "label" or "datagrid" or "childtabs") ? null : new BindingDefinition("", "TwoWay"),
+            Binding: (descriptor?.SupportsBinding ?? true) ? new BindingDefinition("", "TwoWay") : null,
             Props: new PropertyBag(props),
             ValidationOverride: null);
 
@@ -412,6 +692,10 @@
         return 0;
     }
 
+    private bool IsTabOrderControl(ControlDefinition c)
+        => GetControlDescriptor(c.ControlType)?.ParticipatesInTabOrder
+           ?? (c.ControlType is not ("label" or "datagrid" or "childtabs" or "tabControl" or "subform"));
+
     private void ApplyResize(PointerEventArgs e)
     {
         var o = State.ResizeOriginRect!;
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/DesignerState.cs b/src/CSharpDB.Admin.Forms/Components/Designer/DesignerState.cs
index 77eef41a..8f432972 100644
--- a/src/CSharpDB.Admin.Forms/Components/Designer/DesignerState.cs
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/DesignerState.cs
@@ -1,10 +1,15 @@
 using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Admin.Forms.Components.Designer;
 
 public class DesignerState
 {
     private readonly List<ControlDefinition> _controls = [];
+    private readonly List<FormEventBinding> _eventBindings = [];
+    private readonly List<DbActionSequence> _actionSequences = [];
+    private readonly List<ControlRuleDefinition> _rules = [];
+    private readonly List<ValidationRule> _validationRules = [];
     private readonly Stack<List<ControlDefinition>> _undoStack = new();
     private readonly Stack<List<ControlDefinition>> _redoStack = new();
 
@@ -16,6 +21,10 @@ public class DesignerState
     public LayoutDefinition Layout { get; private set; } = new("absolute", 8, true, [new Breakpoint("md", 0, null)]);
 
     public IReadOnlyList<ControlDefinition> Controls => _controls;
+    public IReadOnlyList<FormEventBinding> EventBindings => _eventBindings;
+    public IReadOnlyList<DbActionSequence> ActionSequences => _actionSequences;
+    public IReadOnlyList<ControlRuleDefinition> Rules => _rules;
+    public IReadOnlyList<ValidationRule> ValidationRules => _validationRules;
     public HashSet<string> SelectedIds { get; } = [];
 
     // Active tool from toolbox (null = select mode)
@@ -48,6 +57,28 @@ public class DesignerState
     public double GridSize => Layout.GridSize;
     public bool SnapToGrid => Layout.SnapToGrid;
 
+    public void SetLayoutMode(string layoutMode)
+    {
+        if (string.IsNullOrWhiteSpace(layoutMode) || string.Equals(Layout.LayoutMode, layoutMode, StringComparison.OrdinalIgnoreCase))
+            return;
+
+        Layout = Layout with { LayoutMode = layoutMode };
+        NotifyChanged();
+    }
+
+    public void SetFormName(string? formName)
+    {
+        string normalized = string.IsNullOrWhiteSpace(formName)
+            ? "Untitled Form"
+            : formName.Trim();
+
+        if (string.Equals(FormName, normalized, StringComparison.Ordinal))
+            return;
+
+        FormName = normalized;
+        NotifyChanged();
+    }
+
     public double Snap(double v)
     {
         if (!SnapToGrid) return v;
@@ -58,6 +89,14 @@ public void LoadForm(FormDefinition form)
     {
         _controls.Clear();
         _controls.AddRange(form.Controls);
+        _eventBindings.Clear();
+        _eventBindings.AddRange(form.EventBindings ?? []);
+        _actionSequences.Clear();
+        _actionSequences.AddRange(form.ActionSequences ?? []);
+        _rules.Clear();
+        _rules.AddRange(form.Rules ?? []);
+        _validationRules.Clear();
+        _validationRules.AddRange(form.ValidationRules ?? []);
         _undoStack.Clear();
         _redoStack.Clear();
         SelectedIds.Clear();
@@ -82,7 +121,53 @@ public FormDefinition ToFormDefinition()
     {
         return new FormDefinition(
             FormId, FormName, TableName, DefinitionVersion, SourceSchemaSignature,
-            Layout, _controls.ToList());
+            Layout, _controls.ToList(), EventBindings: _eventBindings.ToList(), ActionSequences: _actionSequences.ToList(), Rules: _rules.ToList(), ValidationRules: _validationRules.ToList());
+    }
+
+    public void UpdateEventBindings(IReadOnlyList<FormEventBinding> bindings)
+    {
+        _eventBindings.Clear();
+        _eventBindings.AddRange(bindings);
+        NotifyChanged();
+    }
+
+    public void UpdateActionSequences(IReadOnlyList<DbActionSequence> sequences)
+    {
+        _actionSequences.Clear();
+        _actionSequences.AddRange(sequences);
+        NotifyChanged();
+    }
+
+    public void UpdateRules(IReadOnlyList<ControlRuleDefinition> rules)
+    {
+        _rules.Clear();
+        _rules.AddRange(rules);
+        NotifyChanged();
+    }
+
+    public void UpdateValidationRules(IReadOnlyList<ValidationRule> rules)
+    {
+        _validationRules.Clear();
+        _validationRules.AddRange(rules);
+        NotifyChanged();
+    }
+
+    public void UpdateControlValidationOverride(string controlId, ValidationOverride? validationOverride)
+    {
+        var idx = _controls.FindIndex(c => c.ControlId == controlId);
+        if (idx < 0) return;
+        PushUndo();
+        _controls[idx] = _controls[idx] with { ValidationOverride = validationOverride };
+        NotifyChanged();
+    }
+
+    public void UpdateControlEventBindings(string controlId, IReadOnlyList<ControlEventBinding> bindings)
+    {
+        var idx = _controls.FindIndex(c => c.ControlId == controlId);
+        if (idx < 0) return;
+        PushUndo();
+        _controls[idx] = _controls[idx] with { EventBindings = bindings.ToList() };
+        NotifyChanged();
     }
 
     public void PushUndo()
@@ -146,7 +231,23 @@ public void DeleteSelected()
     {
         if (SelectedIds.Count == 0) return;
         PushUndo();
-        _controls.RemoveAll(c => SelectedIds.Contains(c.ControlId));
+        var idsToDelete = new HashSet<string>(SelectedIds, StringComparer.Ordinal);
+        bool added;
+        do
+        {
+            added = false;
+            foreach (var child in _controls)
+            {
+                if (TryGetParentControlId(child, out string parentControlId) &&
+                    idsToDelete.Contains(parentControlId) &&
+                    idsToDelete.Add(child.ControlId))
+                {
+                    added = true;
+                }
+            }
+        } while (added);
+
+        _controls.RemoveAll(c => idsToDelete.Contains(c.ControlId));
         SelectedIds.Clear();
         NotifyChanged();
     }
@@ -177,6 +278,22 @@ public void UpdateControlProp(string controlId, string key, object? value)
         NotifyChanged();
     }
 
+    public void UpdateControlProps(string controlId, IReadOnlyDictionary<string, object?> values)
+    {
+        if (values.Count == 0) return;
+        var idx = _controls.FindIndex(c => c.ControlId == controlId);
+        if (idx < 0) return;
+        PushUndo();
+        var c = _controls[idx];
+        var newValues = new Dictionary<string, object?>(c.Props.Values);
+
+        foreach (var (key, value) in values)
+            newValues[key] = value;
+
+        _controls[idx] = c with { Props = new PropertyBag(newValues) };
+        NotifyChanged();
+    }
+
     public void UpdateControlType(string controlId, string newType)
     {
         var idx = _controls.FindIndex(c => c.ControlId == controlId);
@@ -261,8 +378,24 @@ public void MoveToIndex(string controlId, int newIndex)
 
     public void CopySelected()
     {
+        var idsToCopy = new HashSet<string>(SelectedIds, StringComparer.Ordinal);
+        bool added;
+        do
+        {
+            added = false;
+            foreach (var child in _controls)
+            {
+                if (TryGetParentControlId(child, out string parentControlId) &&
+                    idsToCopy.Contains(parentControlId) &&
+                    idsToCopy.Add(child.ControlId))
+                {
+                    added = true;
+                }
+            }
+        } while (added);
+
         _clipboard = _controls
-            .Where(c => SelectedIds.Contains(c.ControlId))
+            .Where(c => idsToCopy.Contains(c.ControlId))
             .ToList();
     }
 
@@ -272,12 +405,25 @@ public void PasteClipboard()
         PushUndo();
         SelectedIds.Clear();
 
+        var idMap = _clipboard.ToDictionary(
+            control => control.ControlId,
+            _ => Guid.NewGuid().ToString("N"),
+            StringComparer.Ordinal);
+
         foreach (var original in _clipboard)
         {
+            var props = new Dictionary<string, object?>(original.Props.Values);
+            if (TryGetParentControlId(original, out string parentControlId) &&
+                idMap.TryGetValue(parentControlId, out string? pastedParentId))
+            {
+                props["parentControlId"] = pastedParentId;
+            }
+
             var pasted = original with
             {
-                ControlId = Guid.NewGuid().ToString("N"),
-                Rect = original.Rect with { X = original.Rect.X + 16, Y = original.Rect.Y + 16 }
+                ControlId = idMap[original.ControlId],
+                Rect = original.Rect with { X = original.Rect.X + 16, Y = original.Rect.Y + 16 },
+                Props = new PropertyBag(props)
             };
             _controls.Add(pasted);
             SelectedIds.Add(pasted.ControlId);
@@ -371,6 +517,19 @@ private void MoveControlInternal(string controlId, double x, double y)
         _controls[idx] = c with { Rect = c.Rect with { X = x, Y = y } };
     }
 
+    private static bool TryGetParentControlId(ControlDefinition control, out string parentControlId)
+    {
+        parentControlId = string.Empty;
+        if (!control.Props.Values.TryGetValue("parentControlId", out object? value) || value is null)
+            return false;
+
+        if (value is System.Text.Json.JsonElement json)
+            value = json.ValueKind == System.Text.Json.JsonValueKind.String ? json.GetString() : json.ToString();
+
+        parentControlId = value?.ToString() ?? string.Empty;
+        return !string.IsNullOrWhiteSpace(parentControlId);
+    }
+
     // ===== Responsive Breakpoints =====
 
     public double GetCanvasWidth()
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/FormActionSequencesEditor.razor b/src/CSharpDB.Admin.Forms/Components/Designer/FormActionSequencesEditor.razor
new file mode 100644
index 00000000..8b87ace5
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/FormActionSequencesEditor.razor
@@ -0,0 +1,65 @@
+@using CSharpDB.Primitives
+
+<div class="feb-container">
+    @if (ActionSequences.Count == 0)
+    {
+        <div class="feb-empty">No reusable action sequences</div>
+    }
+
+    @for (int i = 0; i < ActionSequences.Count; i++)
+    {
+        var idx = i;
+        var sequence = ActionSequences[idx];
+        <div class="feb-entry">
+            <ActionSequenceEditor ActionSequence="sequence"
+                                  AvailableActionSequences="ActionSequences"
+                                  ActionSequenceChanged="@(updated => UpdateSequence(idx, updated))" />
+        </div>
+    }
+
+    <button class="feb-btn feb-btn-add" @onclick="AddSequence">+ Add Reusable Sequence</button>
+</div>
+
+@code {
+    [Parameter, EditorRequired] public IReadOnlyList<DbActionSequence> ActionSequences { get; set; } = [];
+    [Parameter] public EventCallback<IReadOnlyList<DbActionSequence>> ActionSequencesChanged { get; set; }
+
+    private async Task AddSequence()
+    {
+        var updated = ActionSequences
+            .Append(new DbActionSequence([], Name: NextSequenceName()))
+            .ToList();
+        await ActionSequencesChanged.InvokeAsync(updated);
+    }
+
+    private async Task UpdateSequence(int index, DbActionSequence? sequence)
+    {
+        var updated = ActionSequences.ToList();
+        if (index < 0 || index >= updated.Count)
+            return;
+
+        if (sequence is null)
+            updated.RemoveAt(index);
+        else
+            updated[index] = sequence;
+
+        await ActionSequencesChanged.InvokeAsync(updated);
+    }
+
+    private string NextSequenceName()
+    {
+        const string prefix = "Sequence";
+        HashSet<string> existing = ActionSequences
+            .Select(sequence => sequence.Name)
+            .Where(name => !string.IsNullOrWhiteSpace(name))
+            .Select(name => name!)
+            .ToHashSet(StringComparer.OrdinalIgnoreCase);
+
+        for (int i = 1; ; i++)
+        {
+            string candidate = $"{prefix}{i}";
+            if (!existing.Contains(candidate))
+                return candidate;
+        }
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/FormEventBindingsEditor.razor b/src/CSharpDB.Admin.Forms/Components/Designer/FormEventBindingsEditor.razor
new file mode 100644
index 00000000..c1f14137
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/FormEventBindingsEditor.razor
@@ -0,0 +1,205 @@
+@using System.Text.Json
+@using CSharpDB.Admin.Forms.Serialization
+@using CSharpDB.Primitives
+@inject DbCommandRegistry CommandRegistry
+
+<div class="feb-container">
+    @if (EventBindings.Count == 0)
+    {
+        <div class="feb-empty">No form events</div>
+    }
+
+    @for (int i = 0; i < EventBindings.Count; i++)
+    {
+        var idx = i;
+        var binding = EventBindings[idx];
+        <div class="feb-entry">
+            <div class="feb-row">
+                <div class="feb-field">
+                    <label>Event</label>
+                    <select value="@binding.Event" @onchange="@(e => UpdateEvent(idx, binding, e.Value?.ToString()))">
+                        @foreach (var eventKind in EventKinds)
+                        {
+                            <option value="@eventKind">@eventKind</option>
+                        }
+                    </select>
+                </div>
+                <button class="feb-btn feb-btn-remove" @onclick="@(() => RemoveBinding(idx))" title="Remove event">x</button>
+            </div>
+
+            <div class="feb-field">
+                <label>Command</label>
+                @if (RegisteredCommands.Count > 0)
+                {
+                    <select value="@binding.CommandName" @onchange="@(e => UpdateCommand(idx, binding, e.Value?.ToString() ?? string.Empty))">
+                        <option value="">-- Select command --</option>
+                        @if (ShouldRenderMissingCommand(binding.CommandName))
+                        {
+                            <option value="@binding.CommandName">@($"{binding.CommandName} (missing)")</option>
+                        }
+                        @foreach (DbCommandDefinition command in RegisteredCommands)
+                        {
+                            <option value="@command.Name">@command.Name</option>
+                        }
+                    </select>
+                }
+                else
+                {
+                    <input type="text"
+                           value="@binding.CommandName"
+                           @onchange="@(e => UpdateCommand(idx, binding, e.Value?.ToString() ?? string.Empty))" />
+                }
+            </div>
+
+            <div class="feb-field">
+                <label>
+                    <input type="checkbox"
+                           checked="@binding.StopOnFailure"
+                           @onchange="@(e => UpdateStopOnFailure(idx, binding, e.Value is bool b && b))" />
+                    Stop On Failure
+                </label>
+            </div>
+
+            <div class="feb-field">
+                <label>Arguments</label>
+                <textarea class="feb-arguments"
+                          value="@GetArgumentsText(idx, binding)"
+                          placeholder="{&quot;reason&quot;:&quot;manual&quot;}"
+                          @onchange="@(e => UpdateArguments(idx, binding, e.Value?.ToString() ?? string.Empty))"></textarea>
+            </div>
+
+            <div class="feb-field">
+                <label>Action Sequence</label>
+                <ActionSequenceEditor ActionSequence="binding.ActionSequence"
+                                      AvailableActionSequences="ActionSequences"
+                                      ActionSequenceChanged="@(sequence => UpdateActionSequence(idx, binding, sequence))" />
+            </div>
+        </div>
+    }
+
+    @if (!string.IsNullOrWhiteSpace(_argumentError))
+    {
+        <div class="feb-error">@_argumentError</div>
+    }
+
+    <button class="feb-btn feb-btn-add" @onclick="AddBinding">+ Add Event</button>
+</div>
+
+@code {
+    [Parameter, EditorRequired] public IReadOnlyList<FormEventBinding> EventBindings { get; set; } = [];
+    [Parameter] public IReadOnlyList<DbActionSequence> ActionSequences { get; set; } = [];
+    [Parameter] public EventCallback<IReadOnlyList<FormEventBinding>> EventBindingsChanged { get; set; }
+
+    private readonly Dictionary<int, string> _argumentText = [];
+    private string? _argumentError;
+
+    private static readonly FormEventKind[] EventKinds = Enum.GetValues<FormEventKind>();
+
+    private IReadOnlyList<DbCommandDefinition> RegisteredCommands => CommandRegistry.Commands.ToList();
+
+    protected override void OnParametersSet()
+    {
+        for (int i = 0; i < EventBindings.Count; i++)
+            _argumentText.TryAdd(i, FormatArguments(EventBindings[i].Arguments));
+
+        foreach (int staleIndex in _argumentText.Keys.Where(index => index >= EventBindings.Count).ToList())
+            _argumentText.Remove(staleIndex);
+    }
+
+    private async Task AddBinding()
+    {
+        string commandName = RegisteredCommands.Count > 0 ? RegisteredCommands[0].Name : string.Empty;
+        var updated = EventBindings
+            .Append(new FormEventBinding(FormEventKind.OnLoad, commandName))
+            .ToList();
+        _argumentText[updated.Count - 1] = string.Empty;
+        await EventBindingsChanged.InvokeAsync(updated);
+    }
+
+    private async Task RemoveBinding(int index)
+    {
+        var updated = EventBindings.ToList();
+        if (index < 0 || index >= updated.Count)
+            return;
+
+        updated.RemoveAt(index);
+        RebuildArgumentText(updated);
+        await EventBindingsChanged.InvokeAsync(updated);
+    }
+
+    private Task UpdateEvent(int index, FormEventBinding binding, string? value)
+    {
+        if (!Enum.TryParse(value, ignoreCase: true, out FormEventKind eventKind))
+            return Task.CompletedTask;
+
+        return ReplaceBinding(index, binding with { Event = eventKind });
+    }
+
+    private Task UpdateCommand(int index, FormEventBinding binding, string commandName)
+        => ReplaceBinding(index, binding with { CommandName = commandName.Trim() });
+
+    private Task UpdateStopOnFailure(int index, FormEventBinding binding, bool stopOnFailure)
+        => ReplaceBinding(index, binding with { StopOnFailure = stopOnFailure });
+
+    private async Task UpdateArguments(int index, FormEventBinding binding, string text)
+    {
+        _argumentText[index] = text;
+        _argumentError = null;
+
+        if (string.IsNullOrWhiteSpace(text))
+        {
+            await ReplaceBinding(index, binding with { Arguments = null });
+            return;
+        }
+
+        try
+        {
+            IReadOnlyDictionary<string, object?>? arguments =
+                JsonSerializer.Deserialize<IReadOnlyDictionary<string, object?>>(text, JsonDefaults.Options);
+            await ReplaceBinding(index, binding with { Arguments = arguments });
+        }
+        catch (JsonException ex)
+        {
+            _argumentError = $"Invalid arguments JSON: {ex.Message}";
+        }
+    }
+
+    private Task UpdateActionSequence(int index, FormEventBinding binding, DbActionSequence? actionSequence)
+        => ReplaceBinding(index, binding with { ActionSequence = actionSequence });
+
+    private async Task ReplaceBinding(int index, FormEventBinding binding)
+    {
+        var updated = EventBindings.ToList();
+        if (index < 0 || index >= updated.Count)
+            return;
+
+        updated[index] = binding;
+        await EventBindingsChanged.InvokeAsync(updated);
+    }
+
+    private string GetArgumentsText(int index, FormEventBinding binding)
+    {
+        if (_argumentText.TryGetValue(index, out string? text))
+            return text;
+
+        text = FormatArguments(binding.Arguments);
+        _argumentText[index] = text;
+        return text;
+    }
+
+    private void RebuildArgumentText(IReadOnlyList<FormEventBinding> updated)
+    {
+        _argumentText.Clear();
+        for (int i = 0; i < updated.Count; i++)
+            _argumentText[i] = FormatArguments(updated[i].Arguments);
+    }
+
+    private bool ShouldRenderMissingCommand(string commandName)
+        => !string.IsNullOrWhiteSpace(commandName)
+            && RegisteredCommands.All(command => !string.Equals(command.Name, commandName, StringComparison.OrdinalIgnoreCase));
+
+    private static string FormatArguments(IReadOnlyDictionary<string, object?>? arguments)
+        => arguments is null || arguments.Count == 0
+            ? string.Empty
+            : JsonSerializer.Serialize(arguments, new JsonSerializerOptions(JsonDefaults.Options) { WriteIndented = true });
+}
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/FormRenderer.razor b/src/CSharpDB.Admin.Forms/Components/Designer/FormRenderer.razor
index 1d75773b..64c761da 100644
--- a/src/CSharpDB.Admin.Forms/Components/Designer/FormRenderer.razor
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/FormRenderer.razor
@@ -1,7 +1,15 @@
+@using System.Globalization
+@using System.Text.Json
+@using CSharpDB.Admin.Forms.Contracts
 @using CSharpDB.Admin.Forms.Models
+@using CSharpDB.Admin.Forms.Pages
+@using CSharpDB.Admin.Forms.Services
+@using CSharpDB.Primitives
+@inject DbCommandRegistry Commands
+@inject DbExtensionPolicy? CallbackPolicy
 
-<div class="form-renderer" style="position: relative; min-height: 500px;">
-    @foreach (var control in Form.Controls)
+<div class="@GetRendererClass()" style="@GetRendererStyle()">
+    @foreach (var control in GetControlsToRender())
     {
         var c = control;
         var fieldName = c.Binding?.FieldName;
@@ -9,74 +17,135 @@
         var hasError = fieldName is not null && ValidationErrors?.ContainsKey(fieldName) == true;
         var errorMsg = hasError ? ValidationErrors![fieldName!] : null;
         var inputClass = hasError ? "fr-input fr-field-error" : "fr-input";
-        <div style="@($"position: absolute; left: {c.Rect.X}px; top: {c.Rect.Y}px; width: {c.Rect.Width}px; height: {c.Rect.Height}px;")">
-            @switch (c.ControlType)
+        <div class="@GetControlClass(c)" style="@GetControlStyle(c)">
+            @if (TryGetRuntimeComponent(c, out Type? runtimeComponent))
             {
+                <DynamicComponent Type="@runtimeComponent"
+                                  Parameters="GetRuntimeComponentParameters(c, fieldName, errorMsg, tabIdx)" />
+            }
+            else
+            {
+                @switch (c.ControlType)
+                {
                 case "label":
-                    <span class="fr-label">@GetProp(c, "text", "Label")</span>
+                    <span class="fr-label"
+                          @onclick="@(() => InvokeControlEventsAsync(c, ControlEventKind.OnClick))">@GetProp(c, "text", "Label")</span>
                     break;
                 case "text":
                     <input type="text"
                            class="@inputClass"
                            placeholder="@GetProp(c, "placeholder", "")"
                            value="@GetFieldValue(fieldName)"
-                           readonly="@GetBoolProp(c, "readOnly")"
+                           readonly="@IsControlReadOnly(c)"
+                           disabled="@(!IsControlEnabled(c))"
                            tabindex="@tabIdx"
-                           @onchange="@(e => SetFieldValue(fieldName, e.Value))" />
+                           @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                           @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                           @onchange="@(e => SetFieldValueAsync(c, fieldName, e.Value))" />
                     break;
                 case "number":
                     <input type="number"
                            class="@inputClass"
                            placeholder="@GetProp(c, "placeholder", "")"
                            value="@GetFieldValue(fieldName)"
-                           readonly="@GetBoolProp(c, "readOnly")"
+                           readonly="@IsControlReadOnly(c)"
+                           disabled="@(!IsControlEnabled(c))"
                            tabindex="@tabIdx"
-                           @onchange="@(e => SetFieldValue(fieldName, ParseNumber(e.Value)))" />
+                           @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                           @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                           @onchange="@(e => SetFieldValueAsync(c, fieldName, ParseNumber(e.Value)))" />
                     break;
                 case "date":
                     <input type="date"
                            class="@inputClass"
                            value="@GetDateValue(fieldName)"
-                           readonly="@GetBoolProp(c, "readOnly")"
+                           readonly="@IsControlReadOnly(c)"
+                           disabled="@(!IsControlEnabled(c))"
                            tabindex="@tabIdx"
-                           @onchange="@(e => SetFieldValue(fieldName, e.Value))" />
+                           @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                           @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                           @onchange="@(e => SetFieldValueAsync(c, fieldName, e.Value))" />
                     break;
                 case "checkbox":
                     <label class="fr-checkbox">
                         <input type="checkbox"
                                checked="@GetCheckboxFieldValue(fieldName)"
+                               disabled="@(!IsControlEnabled(c) || IsControlReadOnly(c))"
                                tabindex="@tabIdx"
-                               @onchange="@(e => SetCheckboxFieldValue(fieldName, e.Value is bool b && b))" />
+                               @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                               @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                               @onchange="@(e => SetCheckboxFieldValueAsync(c, fieldName, e.Value is bool b && b))" />
                         <span>@GetProp(c, "text", fieldName ?? "Checkbox")</span>
                     </label>
                     break;
                 case "select":
+                    var selectChoices = GetControlChoices(c, fieldName);
                     <select class="@inputClass"
-                            value="@GetFieldValue(fieldName)"
+                            value="@GetSelectedChoiceValue(fieldName, selectChoices)"
+                            disabled="@(!IsControlEnabled(c) || IsControlReadOnly(c))"
                             tabindex="@tabIdx"
-                            @onchange="@(e => SetFieldValue(fieldName, e.Value))">
+                            @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                            @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                            @onchange="@(e => SetChoiceFieldValueAsync(c, fieldName, e.Value))">
                         <option value="">@GetProp(c, "placeholder", "-- Select --")</option>
-                        @if (Choices?.TryGetValue(fieldName ?? "", out var choices) == true && choices is not null)
+                        @foreach (var ch in selectChoices)
                         {
-                            @foreach (var ch in choices)
-                            {
-                                <option value="@ch.Value">@ch.Label</option>
-                            }
+                            <option value="@ch.Value">@ch.Label</option>
                         }
                     </select>
                     break;
                 case "lookup":
+                    var lookupChoices = GetControlChoices(c, fieldName);
                     <select class="@inputClass"
-                            value="@GetFieldValue(fieldName)"
+                            value="@GetSelectedChoiceValue(fieldName, lookupChoices)"
+                            disabled="@(!IsControlEnabled(c) || IsControlReadOnly(c))"
                             tabindex="@tabIdx"
-                            @onchange="@(e => SetFieldValue(fieldName, e.Value))">
+                            @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                            @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                            @onchange="@(e => SetChoiceFieldValueAsync(c, fieldName, e.Value))">
                         <option value="">@GetProp(c, "placeholder", "-- Select --")</option>
-                        @if (Choices?.TryGetValue(fieldName ?? "", out var lookupChoices) == true && lookupChoices is not null)
+                        @foreach (var ch in lookupChoices)
                         {
-                            @foreach (var ch in lookupChoices)
-                            {
-                                <option value="@ch.Value">@ch.Label</option>
-                            }
+                            <option value="@ch.Value">@ch.Label</option>
+                        }
+                    </select>
+                    break;
+                case "comboBox":
+                    var comboChoices = GetControlChoices(c, fieldName);
+                    var comboListId = $"combo_{c.ControlId}";
+                    <input type="text"
+                           class="@(hasError ? "fr-input fr-combo fr-field-error" : "fr-input fr-combo")"
+                           list="@comboListId"
+                           placeholder="@GetProp(c, "placeholder", "")"
+                           value="@GetComboDisplayValue(fieldName, comboChoices)"
+                           readonly="@IsControlReadOnly(c)"
+                           disabled="@(!IsControlEnabled(c))"
+                           tabindex="@tabIdx"
+                           @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                           @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                           @onchange="@(e => SetComboBoxValueAsync(c, fieldName, e.Value, comboChoices))" />
+                    <datalist id="@comboListId">
+                        @foreach (var ch in comboChoices)
+                        {
+                            <option value="@ch.Label"></option>
+                        }
+                    </datalist>
+                    break;
+                case "listBox":
+                    var listChoices = GetControlChoices(c, fieldName);
+                    var listMultiSelect = IsListBoxMultiSelect(c);
+                    <select class="@(hasError ? "fr-input fr-listbox fr-field-error" : "fr-input fr-listbox")"
+                            size="@GetIntProp(c, "visibleRows", 6)"
+                            multiple="@listMultiSelect"
+                            value="@(listMultiSelect ? null : GetSelectedChoiceValue(fieldName, listChoices))"
+                            disabled="@(!IsControlEnabled(c) || IsControlReadOnly(c))"
+                            tabindex="@tabIdx"
+                            @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                            @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                            @onchange="@(e => SetListBoxValueAsync(c, fieldName, e.Value, listChoices))">
+                        @foreach (var ch in listChoices)
+                        {
+                            <option value="@ch.Value" selected="@IsListBoxChoiceSelected(c, fieldName, ch.Value, listChoices)">@ch.Label</option>
                         }
                     </select>
                     break;
@@ -84,12 +153,16 @@
                     <textarea class="@(hasError ? "fr-input fr-textarea fr-field-error" : "fr-input fr-textarea")"
                               placeholder="@GetProp(c, "placeholder", "")"
                               value="@GetFieldValue(fieldName)"
-                              readonly="@GetBoolProp(c, "readOnly")"
+                              readonly="@IsControlReadOnly(c)"
+                              disabled="@(!IsControlEnabled(c))"
                               tabindex="@tabIdx"
-                              @onchange="@(e => SetFieldValue(fieldName, e.Value))"></textarea>
+                              @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                              @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                              @onchange="@(e => SetFieldValueAsync(c, fieldName, e.Value))"></textarea>
                     break;
                 case "radio":
-                    @if (Choices?.TryGetValue(fieldName ?? "", out var radioChoices) == true && radioChoices is not null)
+                    var radioChoices = GetControlChoices(c, fieldName);
+                    @if (radioChoices.Count > 0)
                     {
                         <div class="fr-radio-group">
                             @foreach (var ch in radioChoices)
@@ -100,14 +173,53 @@
                                            name="@($"radio_{c.ControlId}")"
                                            value="@val"
                                            checked="@IsRadioChoiceSelected(fieldName, val)"
+                                           disabled="@(!IsControlEnabled(c) || IsControlReadOnly(c))"
                                            tabindex="@tabIdx"
-                                           @onchange="@(e => SetRadioFieldValue(fieldName, val))" />
+                                           @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                                           @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                                           @onchange="@(e => SetRadioFieldValueAsync(c, fieldName, val))" />
                                     <span>@ch.Label</span>
                                 </label>
                             }
                         </div>
                     }
                     break;
+                case "optionGroup":
+                    var optionChoices = GetControlChoices(c, fieldName);
+                    var orientation = GetProp(c, "orientation", "vertical");
+                    var buttonStyle = GetBoolProp(c, "buttonStyle") || string.Equals(GetProp(c, "buttonStyle", ""), "buttons", StringComparison.OrdinalIgnoreCase);
+                    <div class="@GetOptionGroupClass(orientation, buttonStyle)">
+                        @foreach (var ch in optionChoices)
+                        {
+                            var val = ch.Value;
+                            <label class="fr-option">
+                                <input type="radio"
+                                       name="@($"option_{c.ControlId}")"
+                                       value="@val"
+                                       checked="@IsRadioChoiceSelected(fieldName, val)"
+                                       disabled="@(!IsControlEnabled(c) || IsControlReadOnly(c))"
+                                       tabindex="@tabIdx"
+                                       @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                                       @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                                       @onchange="@(e => SetRadioFieldValueAsync(c, fieldName, val))" />
+                                <span>@ch.Label</span>
+                            </label>
+                        }
+                    </div>
+                    break;
+                case "toggleButton":
+                    var toggleOn = IsToggleButtonOn(c, fieldName);
+                    <button type="button"
+                            class="@GetToggleButtonClass(toggleOn)"
+                            aria-pressed="@toggleOn"
+                            disabled="@(!IsControlEnabled(c) || IsControlReadOnly(c))"
+                            tabindex="@tabIdx"
+                            @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                            @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))"
+                            @onclick="@(() => ToggleButtonValueAsync(c, fieldName))">
+                        @GetToggleButtonText(c, fieldName, toggleOn)
+                    </button>
+                    break;
                 case "computed":
                     var computedValue = GetFieldValue(fieldName);
                     var computedFormat = GetProp(c, "format", "");
@@ -120,31 +232,189 @@
                            class="fr-input fr-computed"
                            value="@displayValue"
                            readonly
-                           tabindex="@tabIdx" />
+                           tabindex="@tabIdx"
+                           @onfocus="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnGotFocus, fieldName))"
+                           @onblur="@(() => InvokeFieldControlEventAsync(c, ControlEventKind.OnLostFocus, fieldName))" />
+                    break;
+                case "commandButton":
+                    var isExecuting = _executingCommandButtons.Contains(c.ControlId);
+                    <button type="button"
+                            class="fr-command-button"
+                            tabindex="@tabIdx"
+                            disabled="@(isExecuting || !IsControlEnabled(c))"
+                            @onclick="@(() => InvokeCommandButtonAsync(c))">
+                        @GetProp(c, "text", "Button")
+                    </button>
+                    break;
+                case "tabControl":
+                    var tabPages = GetTabPages(c);
+                    @if (tabPages.Count == 0)
+                    {
+                        <div class="fr-datagrid-placeholder">Tab control has no pages.</div>
+                    }
+                    else
+                    {
+                        var activeTab = GetActiveTabPage(c, tabPages);
+                        var childForm = BuildTabChildForm(c, activeTab.Id);
+                        <div class="fr-tab-control">
+                            <div class="fr-tab-bar" role="tablist">
+                                @foreach (var tab in tabPages)
+                                {
+                                    var page = tab;
+                                    <button type="button"
+                                            class="@GetTabButtonClass(activeTab.Id, page.Id)"
+                                            role="tab"
+                                            aria-selected="@(string.Equals(activeTab.Id, page.Id, StringComparison.Ordinal))"
+                                            @onclick="@(() => SetActiveTab(c.ControlId, page.Id))">
+                                        @(page.Label)
+                                    </button>
+                                }
+                            </div>
+                            <div class="fr-tab-page" role="tabpanel">
+                                @if (childForm.Controls.Count == 0)
+                                {
+                                    <div class="fr-tab-empty">No controls on this tab.</div>
+                                }
+                                else
+                                {
+                                    <FormRenderer Form="childForm"
+                                                  TableDefinition="TableDefinition"
+                                                  Record="Record"
+                                                  OnFieldChanged="OnFieldChanged"
+                                                  BeforeFieldChanged="BeforeFieldChanged"
+                                                  Choices="Choices"
+                                                  ValidationErrors="ValidationErrors"
+                                                  ChildFormTableDefinitions="ChildFormTableDefinitions"
+                                                  OnCommandError="OnCommandError"
+                                                  OnBuiltInAction="OnBuiltInAction"
+                                                  ActionRuntime="ActionRuntime"
+                                                  ControlPropertyOverrides="ControlPropertyOverrides"
+                                                  ControlFilters="ControlFilters"
+                                                  OnChildRowsChanged="OnChildRowsChanged"
+                                                  AnchorCanvasWidth="@GetTabChildCanvasWidth(c)"
+                                                  AnchorCanvasHeight="@GetTabChildCanvasHeight(c, activeTab.Id)"
+                                                  RenderAllControls="true" />
+                                }
+                            </div>
+                        </div>
+                    }
+                    break;
+                case "subform":
+                    var subformId = GetProp(c, "formId", "");
+                    var subformParentField = GetProp(c, "parentKeyField", "");
+                    var subformForeignField = GetProp(c, "foreignKeyField", "");
+                    var subformParentValue = GetFieldObjectValue(subformParentField);
+                    @if (string.IsNullOrWhiteSpace(subformId) ||
+                         string.IsNullOrWhiteSpace(subformParentField) ||
+                         string.IsNullOrWhiteSpace(subformForeignField))
+                    {
+                        <div class="fr-datagrid-placeholder">Subform not configured.</div>
+                    }
+                    else if (subformParentValue is null || string.IsNullOrWhiteSpace(subformParentValue.ToString()))
+                    {
+                        <div class="fr-datagrid-placeholder">Save the parent record first to see child records.</div>
+                    }
+                    else
+                    {
+                        <div class="fr-subform">
+                            <DataEntry @key="BuildSubformKey(c, subformParentValue)"
+                                       FormId="@subformId"
+                                       ShowDesignerButton="false"
+                                       ShowToolbar="@GetBoolProp(c, "showToolbar", true)"
+                                       ShowRecordList="@GetBoolProp(c, "showRecordList", true)"
+                                       Embedded="true"
+                                       InitialFilterExpression="@BuildSubformFilterExpression(subformForeignField)"
+                                       InitialFilterParameters="@BuildSubformFilterParameters(subformParentValue)" />
+                        </div>
+                    }
+                    break;
+                case "attachment":
+                    <div class="fr-attachment">
+                        <div class="fr-attachment-summary">@GetBlobSummary(c, fieldName)</div>
+                        <div class="fr-attachment-actions">
+                            <InputFile OnChange="@(e => OnBlobFileChangedAsync(c, fieldName, e))"
+                                       disabled="@(!IsControlEnabled(c) || IsControlReadOnly(c))"
+                                       accept="@GetProp(c, "accept", "")" />
+                            <button type="button"
+                                    class="fr-attachment-clear"
+                                    disabled="@(!CanClearBlob(c, fieldName))"
+                                    @onclick="@(() => ClearBlobFieldAsync(c, fieldName))">
+                                Clear
+                            </button>
+                        </div>
+                    </div>
+                    break;
+                case "image":
+                    var imageSrc = GetImageDataUrl(c, fieldName);
+                    <div class="fr-image-control">
+                        @if (!string.IsNullOrWhiteSpace(imageSrc))
+                        {
+                            <img src="@imageSrc"
+                                 alt="@GetProp(c, "alt", fieldName ?? "Image")"
+                                 style="@GetImageStyle(c)" />
+                        }
+                        else
+                        {
+                            <div class="fr-image-empty">No image</div>
+                        }
+                        <div class="fr-image-actions">
+                            <InputFile OnChange="@(e => OnBlobFileChangedAsync(c, fieldName, e))"
+                                       disabled="@(!IsControlEnabled(c) || IsControlReadOnly(c))"
+                                       accept="@GetProp(c, "accept", "image/*")" />
+                            <button type="button"
+                                    class="fr-attachment-clear"
+                                    disabled="@(!CanClearBlob(c, fieldName))"
+                                    @onclick="@(() => ClearBlobFieldAsync(c, fieldName))">
+                                Clear
+                            </button>
+                        </div>
+                    </div>
                     break;
                 case "datagrid":
+                    var dgMode = GetProp(c, "dataGridMode", "related");
+                    var dgIsStandalone = string.Equals(dgMode, "standalone", StringComparison.OrdinalIgnoreCase);
                     var dgChildTable = GetProp(c, "childTable", "");
                     var dgFkField = GetProp(c, "foreignKeyField", "");
                     var dgPkField = GetProp(c, "parentKeyField", "");
-                    var dgColumns = GetListProp(c, "visibleColumns");
+                    var dgTableDefinition = ChildFormTableDefinitions?.GetValueOrDefault(dgChildTable);
+                    var dgColumns = GetDataGridVisibleColumns(c, dgTableDefinition);
                     var dgAllowAdd = GetBoolProp(c, "allowAdd");
                     var dgAllowEdit = GetBoolProp(c, "allowEdit");
                     var dgAllowDelete = GetBoolProp(c, "allowDelete");
                     var parentPkValue = GetFieldObjectValue(dgPkField);
+                    var dgFilter = GetControlFilter(c.ControlId);
 
-                    @if (!string.IsNullOrEmpty(dgChildTable) && !string.IsNullOrEmpty(dgFkField) && parentPkValue is not null)
+                    @if (!string.IsNullOrEmpty(dgChildTable) && dgIsStandalone)
+                    {
+                        <ChildDataGrid ChildTableName="@dgChildTable"
+                                       ForeignKeyField=""
+                                       ParentKeyValue="null"
+                                       IsStandalone="true"
+                                       VisibleColumns="dgColumns"
+                                       AllowAdd="dgAllowAdd"
+                                       AllowEdit="dgAllowEdit"
+                                       AllowDelete="dgAllowDelete"
+                                       ChildFormTableDefinition="dgTableDefinition"
+                                       FilterExpression="@dgFilter?.FilterExpression"
+                                       FilterParameters="@dgFilter?.Parameters"
+                                       OnRowsChanged="OnChildRowsChanged" />
+                    }
+                    else if (!string.IsNullOrEmpty(dgChildTable) && !string.IsNullOrEmpty(dgFkField) && parentPkValue is not null)
                     {
                         <ChildDataGrid ChildTableName="@dgChildTable"
                                        ForeignKeyField="@dgFkField"
                                        ParentKeyValue="@parentPkValue"
+                                       IsStandalone="false"
                                        VisibleColumns="dgColumns"
                                        AllowAdd="dgAllowAdd"
                                        AllowEdit="dgAllowEdit"
                                        AllowDelete="dgAllowDelete"
-                                       ChildFormTableDefinition="@(ChildFormTableDefinitions?.GetValueOrDefault(dgChildTable))"
+                                       ChildFormTableDefinition="dgTableDefinition"
+                                       FilterExpression="@dgFilter?.FilterExpression"
+                                       FilterParameters="@dgFilter?.Parameters"
                                        OnRowsChanged="OnChildRowsChanged" />
                     }
-                    else if (parentPkValue is null && !string.IsNullOrEmpty(dgChildTable))
+                    else if (!dgIsStandalone && parentPkValue is null && !string.IsNullOrEmpty(dgChildTable))
                     {
                         <div class="fr-datagrid-placeholder">Save the parent record first to see child records.</div>
                     }
@@ -169,9 +439,10 @@
                         <div class="fr-datagrid-placeholder">Child Tabs not configured.</div>
                     }
                     break;
-                default:
-                    <span class="fr-label">[@c.ControlType]</span>
-                    break;
+                    default:
+                        <span class="fr-label">[@c.ControlType]</span>
+                        break;
+                }
             }
             @if (errorMsg is not null)
             {
@@ -191,6 +462,304 @@
     [Parameter] public Dictionary<string, string>? ValidationErrors { get; set; }
     [Parameter] public IReadOnlyDictionary<string, FormTableDefinition>? ChildFormTableDefinitions { get; set; }
     [Parameter] public EventCallback OnChildRowsChanged { get; set; }
+    [Parameter] public EventCallback<string> OnCommandError { get; set; }
+    [Parameter] public Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? OnBuiltInAction { get; set; }
+    [Parameter] public IFormActionRuntime? ActionRuntime { get; set; }
+    [Parameter] public IReadOnlyDictionary<string, IReadOnlyDictionary<string, object?>>? ControlPropertyOverrides { get; set; }
+    [Parameter] public IReadOnlyDictionary<string, ControlFilterState>? ControlFilters { get; set; }
+    [Parameter] public bool RenderAllControls { get; set; }
+    [Parameter] public double AnchorCanvasWidth { get; set; } = DesktopCanvasWidth;
+    [Parameter] public double? AnchorCanvasHeight { get; set; }
+    [Inject] public IFormControlRegistry ControlRegistry { get; set; } = DefaultFormControlRegistry.Instance;
+
+    private readonly HashSet<string> _executingCommandButtons = [];
+    private readonly Dictionary<string, string> _activeTabs = new(StringComparer.Ordinal);
+    private const string LayoutModeElastic = "elastic";
+    private const double DesktopCanvasWidth = 1200;
+    private const double TabletCanvasWidth = 768;
+    private const long DefaultMaxUploadBytes = 10 * 1024 * 1024;
+    private DbExtensionPolicy EffectiveCallbackPolicy => CallbackPolicy ?? DbExtensionPolicies.DefaultHostCallbackPolicy;
+
+    private bool TryGetRuntimeComponent(ControlDefinition control, out Type componentType)
+    {
+        componentType = default!;
+        if (!ControlRegistry.TryGetControl(control.ControlType, out FormControlDescriptor descriptor) ||
+            descriptor.RuntimeComponentType is null)
+        {
+            return false;
+        }
+
+        if (descriptor.IsBuiltIn && !descriptor.ReplaceBuiltInRuntime)
+            return false;
+
+        componentType = descriptor.RuntimeComponentType;
+        return true;
+    }
+
+    private Dictionary<string, object?> GetRuntimeComponentParameters(
+        ControlDefinition control,
+        string? fieldName,
+        string? validationError,
+        int tabIndex)
+    {
+        FormControlDescriptor descriptor = ControlRegistry.TryGetControl(control.ControlType, out FormControlDescriptor registered)
+            ? registered
+            : new FormControlDescriptor
+            {
+                ControlType = control.ControlType,
+                DisplayName = control.ControlType,
+                ShowInToolbox = false,
+            };
+
+        return new Dictionary<string, object?>
+        {
+            ["Context"] = new FormControlRuntimeContext(
+                Form,
+                control,
+                descriptor,
+                TableDefinition,
+                Record,
+                fieldName,
+                GetFieldObjectValue(fieldName),
+                GetControlChoices(control, fieldName),
+                IsControlEnabled(control),
+                IsControlReadOnly(control),
+                validationError,
+                tabIndex,
+                value => SetFieldValueAsync(control, fieldName, value),
+                (eventKind, arguments) => InvokeControlEventsAsync(control, eventKind, arguments)),
+        };
+    }
+
+    private bool IsElasticLayout
+        => string.Equals(Form.Layout.LayoutMode, LayoutModeElastic, StringComparison.OrdinalIgnoreCase);
+
+    private IEnumerable<ControlDefinition> GetControlsToRender()
+        => RenderAllControls
+            ? Form.Controls
+            : Form.Controls.Where(IsTopLevelControl);
+
+    private static bool IsTopLevelControl(ControlDefinition control)
+        => !FormChoiceResolver.TryGetString(control.Props.Values, "parentControlId", out _);
+
+    private string GetRendererClass()
+        => IsElasticLayout
+            ? "form-renderer form-renderer-elastic"
+            : "form-renderer form-renderer-fixed";
+
+    private string GetRendererStyle()
+        => FormattableString.Invariant($"--fr-canvas-height: {GetCanvasHeight()}px;");
+
+    private string GetControlClass(ControlDefinition c)
+    {
+        List<string> classes = ["fr-control", $"fr-control-{c.ControlType}"];
+
+        if (!IsVisibleAtBreakpoint(c, "mobile"))
+            classes.Add("fr-hidden-mobile");
+        if (!IsVisibleAtBreakpoint(c, "tablet"))
+            classes.Add("fr-hidden-tablet");
+
+        return string.Join(" ", classes);
+    }
+
+    private string GetControlStyle(ControlDefinition c)
+    {
+        Rect desktop = c.Rect;
+        Rect tablet = GetEffectiveRect(c, "tablet");
+        int desktopSpan = GetGridSpan(desktop, 12, DesktopCanvasWidth);
+        int tabletSpan = GetGridSpan(tablet, 8, TabletCanvasWidth);
+
+        ControlAnchors anchors = GetControlAnchors(c);
+        double canvasWidth = GetAnchorCanvasWidth();
+        double canvasHeight = GetAnchorCanvasHeight();
+
+        string resizeMode = GetProp(c, "resizeMode", "anchor");
+        string left;
+        string right;
+        string width;
+        string top;
+        string bottom;
+        string height;
+
+        if (string.Equals(resizeMode, "scale", StringComparison.OrdinalIgnoreCase))
+        {
+            left = ToCssPercent(desktop.X, canvasWidth);
+            right = "auto";
+            width = ToCssPercent(desktop.Width, canvasWidth);
+            top = ToCssPercent(desktop.Y, canvasHeight);
+            bottom = "auto";
+            height = ToCssPercent(desktop.Height, canvasHeight);
+        }
+        else
+        {
+            left = anchors.Left || !anchors.Right ? ToCssPx(desktop.X) : "auto";
+            right = anchors.Right ? ToCssPx(Math.Max(0, canvasWidth - desktop.X - desktop.Width)) : "auto";
+            width = anchors.Left && anchors.Right ? "auto" : ToCssPx(desktop.Width);
+
+            top = anchors.Top || !anchors.Bottom ? ToCssPx(desktop.Y) : "auto";
+            bottom = anchors.Bottom ? ToCssPx(Math.Max(0, canvasHeight - desktop.Y - desktop.Height)) : "auto";
+            height = anchors.Top && anchors.Bottom ? "auto" : ToCssPx(desktop.Height);
+        }
+
+        double minWidth = Math.Max(0, GetDoubleProp(c, "minWidth", 24));
+        double minHeight = Math.Max(0, GetDoubleProp(c, "minHeight", 16));
+        double elasticMinHeight = anchors.Top && anchors.Bottom ? minHeight : Math.Max(minHeight, desktop.Height);
+        string visibilityStyle = IsControlVisible(c) ? string.Empty : " display: none;";
+        return FormattableString.Invariant(
+            $"--fr-left: {left}; --fr-top: {top}; --fr-right: {right}; --fr-bottom: {bottom}; --fr-width: {width}; --fr-height: {height}; --fr-min-width: {minWidth}px; --fr-min-height: {minHeight}px; --fr-elastic-min-height: {elasticMinHeight}px; --fr-stack-order: {GetStackOrder(c)}; --fr-grid-span: {desktopSpan}; --fr-tablet-span: {tabletSpan};{visibilityStyle}");
+    }
+
+    private readonly record struct ControlAnchors(bool Left, bool Top, bool Right, bool Bottom);
+
+    private ControlAnchors GetControlAnchors(ControlDefinition c)
+    {
+        bool left = GetBoolProp(c, "anchorLeft", fallback: true);
+        bool top = GetBoolProp(c, "anchorTop", fallback: true);
+        bool right = GetBoolProp(c, "anchorRight", fallback: false);
+        bool bottom = GetBoolProp(c, "anchorBottom", fallback: false);
+
+        if (!left && !right)
+            left = true;
+        if (!top && !bottom)
+            top = true;
+
+        return new ControlAnchors(left, top, right, bottom);
+    }
+
+    private double GetAnchorCanvasWidth()
+        => AnchorCanvasWidth > 0 ? AnchorCanvasWidth : DesktopCanvasWidth;
+
+    private double GetAnchorCanvasHeight()
+        => AnchorCanvasHeight is > 0 ? AnchorCanvasHeight.Value : GetCanvasHeight();
+
+    private static string ToCssPx(double value)
+        => FormattableString.Invariant($"{value}px");
+
+    private static string ToCssPercent(double value, double total)
+    {
+        if (total <= 0)
+            return "0%";
+
+        return FormattableString.Invariant($"{value / total * 100}%");
+    }
+
+    private double GetCanvasHeight()
+    {
+        ControlDefinition[] controls = GetControlsToRender().ToArray();
+        double bottom = controls.Length == 0
+            ? 500
+            : controls.Max(control => control.Rect.Y + control.Rect.Height) + 24;
+        return Math.Max(500, bottom);
+    }
+
+    private int GetStackOrder(ControlDefinition c)
+    {
+        var ordered = GetControlsToRender()
+            .Select((control, index) => new
+            {
+                Control = control,
+                Index = index,
+                Rect = GetEffectiveRect(control, "mobile"),
+            })
+            .OrderBy(item => item.Rect.Y)
+            .ThenBy(item => item.Rect.X)
+            .ThenBy(item => item.Index)
+            .ToList();
+
+        int order = ordered.FindIndex(item => string.Equals(item.Control.ControlId, c.ControlId, StringComparison.Ordinal));
+        return order < 0 ? 0 : order;
+    }
+
+    private static int GetGridSpan(Rect rect, int columns, double canvasWidth)
+    {
+        if (canvasWidth <= 0)
+            return columns;
+
+        int span = (int)Math.Ceiling(Math.Max(1, rect.Width) / canvasWidth * columns);
+        return Math.Clamp(span, 1, columns);
+    }
+
+    private static Rect GetEffectiveRect(ControlDefinition c, string breakpoint)
+    {
+        if (string.Equals(breakpoint, "desktop", StringComparison.OrdinalIgnoreCase) || c.RendererHints is null)
+            return c.Rect;
+
+        string key = $"bp:{breakpoint}";
+        if (!c.RendererHints.TryGetValue(key, out object? hintObj) || hintObj is null)
+            return c.Rect;
+
+        if (hintObj is JsonElement json && json.ValueKind == JsonValueKind.Object)
+        {
+            double x = GetJsonDouble(json, "x", c.Rect.X);
+            double y = GetJsonDouble(json, "y", c.Rect.Y);
+            double width = GetJsonDouble(json, "width", c.Rect.Width);
+            double height = GetJsonDouble(json, "height", c.Rect.Height);
+            return new Rect(x, y, width, height);
+        }
+
+        if (hintObj is IReadOnlyDictionary<string, object?> dict)
+        {
+            double x = GetDictionaryDouble(dict, "x", c.Rect.X);
+            double y = GetDictionaryDouble(dict, "y", c.Rect.Y);
+            double width = GetDictionaryDouble(dict, "width", c.Rect.Width);
+            double height = GetDictionaryDouble(dict, "height", c.Rect.Height);
+            return new Rect(x, y, width, height);
+        }
+
+        return c.Rect;
+    }
+
+    private static bool IsVisibleAtBreakpoint(ControlDefinition c, string breakpoint)
+    {
+        if (string.Equals(breakpoint, "desktop", StringComparison.OrdinalIgnoreCase) || c.RendererHints is null)
+            return true;
+
+        string key = $"bp:{breakpoint}";
+        if (!c.RendererHints.TryGetValue(key, out object? hintObj) || hintObj is null)
+            return true;
+
+        if (hintObj is JsonElement json && json.ValueKind == JsonValueKind.Object)
+            return !json.TryGetProperty("visible", out JsonElement visible) || visible.GetBoolean();
+
+        if (hintObj is IReadOnlyDictionary<string, object?> dict && dict.TryGetValue("visible", out object? value))
+            return ReadBoolean(value, fallback: true);
+
+        return true;
+    }
+
+    private static double GetJsonDouble(JsonElement json, string propertyName, double fallback)
+        => json.TryGetProperty(propertyName, out JsonElement property) && property.ValueKind == JsonValueKind.Number && property.TryGetDouble(out double value)
+            ? value
+            : fallback;
+
+    private static double GetDictionaryDouble(IReadOnlyDictionary<string, object?> dict, string key, double fallback)
+    {
+        if (!dict.TryGetValue(key, out object? value) || value is null)
+            return fallback;
+
+        return value switch
+        {
+            double d => d,
+            float f => f,
+            decimal m => (double)m,
+            int i => i,
+            long l => l,
+            JsonElement json when json.ValueKind == JsonValueKind.Number && json.TryGetDouble(out double d) => d,
+            _ when double.TryParse(value.ToString(), NumberStyles.Float, CultureInfo.InvariantCulture, out double parsed) => parsed,
+            _ => fallback,
+        };
+    }
+
+    private static bool ReadBoolean(object? value, bool fallback)
+    {
+        return value switch
+        {
+            bool b => b,
+            JsonElement json when json.ValueKind is JsonValueKind.True or JsonValueKind.False => json.GetBoolean(),
+            _ when bool.TryParse(value?.ToString(), out bool parsed) => parsed,
+            _ => fallback,
+        };
+    }
 
     private string GetFieldValue(string? fieldName)
     {
@@ -228,25 +797,827 @@
     private bool IsRadioChoiceSelected(string? fieldName, string? choiceValue)
         => FormControlValueConverter.ChoiceMatchesValue(GetFieldObjectValue(fieldName), choiceValue, GetFieldDefinition(fieldName));
 
-    private void SetCheckboxFieldValue(string? fieldName, bool isChecked)
-        => SetFieldValue(fieldName, FormControlValueConverter.ConvertCheckboxValue(isChecked, GetFieldDefinition(fieldName)));
+    private IReadOnlyList<EnumChoice> GetControlChoices(ControlDefinition control, string? fieldName)
+        => FormChoiceResolver.ResolveChoices(control, fieldName, Choices, GetFieldDefinition(fieldName));
+
+    private string GetSelectedChoiceValue(string? fieldName, IReadOnlyList<EnumChoice> choices)
+    {
+        object? value = GetFieldObjectValue(fieldName);
+        if (value is null)
+            return string.Empty;
+
+        EnumChoice? selected = choices.FirstOrDefault(choice =>
+            FormControlValueConverter.ChoiceMatchesValue(value, choice.Value, GetFieldDefinition(fieldName)));
+        return selected?.Value ?? Convert.ToString(value, CultureInfo.InvariantCulture) ?? string.Empty;
+    }
+
+    private string GetComboDisplayValue(string? fieldName, IReadOnlyList<EnumChoice> choices)
+    {
+        string selectedValue = GetSelectedChoiceValue(fieldName, choices);
+        if (string.IsNullOrWhiteSpace(selectedValue))
+            return GetFieldValue(fieldName);
+
+        return choices.FirstOrDefault(choice => string.Equals(choice.Value, selectedValue, StringComparison.OrdinalIgnoreCase))?.Label
+            ?? selectedValue;
+    }
+
+    private Task SetCheckboxFieldValueAsync(ControlDefinition control, string? fieldName, bool isChecked)
+        => SetFieldValueAsync(control, fieldName, FormControlValueConverter.ConvertCheckboxValue(isChecked, GetFieldDefinition(fieldName)));
+
+    private Task SetRadioFieldValueAsync(ControlDefinition control, string? fieldName, string? choiceValue)
+        => SetFieldValueAsync(control, fieldName, FormControlValueConverter.ConvertChoiceValue(choiceValue, GetFieldDefinition(fieldName)));
+
+    private Task SetChoiceFieldValueAsync(ControlDefinition control, string? fieldName, object? choiceValue)
+        => SetFieldValueAsync(control, fieldName, FormControlValueConverter.ConvertChoiceValue(choiceValue?.ToString(), GetFieldDefinition(fieldName)));
 
-    private void SetRadioFieldValue(string? fieldName, string? choiceValue)
-        => SetFieldValue(fieldName, FormControlValueConverter.ConvertChoiceValue(choiceValue, GetFieldDefinition(fieldName)));
+    private bool IsListBoxMultiSelect(ControlDefinition control)
+        => GetBoolProp(control, "multiSelect");
 
-    private void SetFieldValue(string? fieldName, object? value)
+    private bool IsListBoxChoiceSelected(ControlDefinition control, string? fieldName, string? choiceValue, IReadOnlyList<EnumChoice> choices)
+    {
+        if (!IsListBoxMultiSelect(control))
+            return FormControlValueConverter.ChoiceMatchesValue(GetFieldObjectValue(fieldName), choiceValue, GetFieldDefinition(fieldName));
+
+        FormFieldDefinition? field = GetFieldDefinition(fieldName);
+        return GetSelectedListBoxValues(control, fieldName, choices)
+            .Any(selected => FormControlValueConverter.ChoiceMatchesValue(selected, choiceValue, field));
+    }
+
+    private Task SetListBoxValueAsync(ControlDefinition control, string? fieldName, object? rawValue, IReadOnlyList<EnumChoice> choices)
+    {
+        if (!IsListBoxMultiSelect(control))
+            return SetChoiceFieldValueAsync(control, fieldName, rawValue);
+
+        IReadOnlyList<string> selectedValues = ReadSelectedListBoxValues(rawValue);
+        object? storedValue = selectedValues.Count == 0
+            ? null
+            : string.Join(GetListBoxValueDelimiter(control), selectedValues);
+
+        return SetFieldValueAsync(control, fieldName, storedValue);
+    }
+
+    private IReadOnlyList<string> GetSelectedListBoxValues(ControlDefinition control, string? fieldName, IReadOnlyList<EnumChoice> choices)
+    {
+        object? value = GetFieldObjectValue(fieldName);
+        if (value is null)
+            return [];
+
+        if (value is JsonElement json)
+        {
+            if (json.ValueKind == JsonValueKind.Array)
+            {
+                return json.EnumerateArray()
+                    .Select(item => item.ValueKind == JsonValueKind.String ? item.GetString() : item.ToString())
+                    .Where(item => !string.IsNullOrWhiteSpace(item))
+                    .Select(item => item!)
+                    .ToArray();
+            }
+
+            if (json.ValueKind == JsonValueKind.String)
+                value = json.GetString();
+        }
+
+        if (value is string text)
+        {
+            string delimiter = GetListBoxValueDelimiter(control);
+            return text
+                .Split([delimiter], StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries)
+                .ToArray();
+        }
+
+        if (value is System.Collections.IEnumerable values && value is not byte[])
+        {
+            return values
+                .Cast<object?>()
+                .Select(item => Convert.ToString(item, CultureInfo.InvariantCulture))
+                .Where(item => !string.IsNullOrWhiteSpace(item))
+                .Select(item => item!)
+                .ToArray();
+        }
+
+        string selectedValue = GetSelectedChoiceValue(fieldName, choices);
+        return string.IsNullOrWhiteSpace(selectedValue) ? [] : [selectedValue];
+    }
+
+    private static IReadOnlyList<string> ReadSelectedListBoxValues(object? rawValue)
+    {
+        if (rawValue is null)
+            return [];
+
+        if (rawValue is string text)
+            return string.IsNullOrWhiteSpace(text) ? [] : [text];
+
+        if (rawValue is string[] textValues)
+            return textValues.Where(value => !string.IsNullOrWhiteSpace(value)).ToArray();
+
+        if (rawValue is IEnumerable<string> enumerableTextValues)
+            return enumerableTextValues.Where(value => !string.IsNullOrWhiteSpace(value)).ToArray();
+
+        if (rawValue is System.Collections.IEnumerable enumerable)
+        {
+            return enumerable
+                .Cast<object?>()
+                .Select(item => Convert.ToString(item, CultureInfo.InvariantCulture))
+                .Where(item => !string.IsNullOrWhiteSpace(item))
+                .Select(item => item!)
+                .ToArray();
+        }
+
+        string converted = Convert.ToString(rawValue, CultureInfo.InvariantCulture) ?? string.Empty;
+        return string.IsNullOrWhiteSpace(converted) ? [] : [converted];
+    }
+
+    private string GetListBoxValueDelimiter(ControlDefinition control)
+    {
+        string delimiter = GetProp(control, "multiValueDelimiter", ";");
+        return string.IsNullOrEmpty(delimiter) ? ";" : delimiter;
+    }
+
+    private Task SetComboBoxValueAsync(ControlDefinition control, string? fieldName, object? inputValue, IReadOnlyList<EnumChoice> choices)
+    {
+        string raw = inputValue?.ToString() ?? string.Empty;
+        if (string.IsNullOrWhiteSpace(raw))
+            return SetFieldValueAsync(control, fieldName, null);
+
+        EnumChoice? choice = choices.FirstOrDefault(candidate =>
+            string.Equals(candidate.Label, raw, StringComparison.OrdinalIgnoreCase) ||
+            string.Equals(candidate.Value, raw, StringComparison.OrdinalIgnoreCase));
+
+        if (choice is not null)
+            return SetChoiceFieldValueAsync(control, fieldName, choice.Value);
+
+        bool allowCustomValue = GetBoolProp(control, "allowCustomValue");
+        return allowCustomValue
+            ? SetChoiceFieldValueAsync(control, fieldName, raw)
+            : Task.CompletedTask;
+    }
+
+    private static string GetOptionGroupClass(string orientation, bool buttonStyle)
+    {
+        List<string> classes = ["fr-option-group"];
+        classes.Add(string.Equals(orientation, "horizontal", StringComparison.OrdinalIgnoreCase)
+            ? "fr-option-horizontal"
+            : "fr-option-vertical");
+        if (buttonStyle)
+            classes.Add("fr-option-buttons");
+        return string.Join(" ", classes);
+    }
+
+    private bool IsToggleButtonOn(ControlDefinition control, string? fieldName)
+    {
+        object? value = GetFieldObjectValue(fieldName);
+        object? trueValue = GetConfiguredToggleValue(control, "trueValue", true);
+        return ValuesMatch(value, trueValue, GetFieldDefinition(fieldName));
+    }
+
+    private string GetToggleButtonClass(bool isOn)
+        => isOn ? "fr-toggle-button active" : "fr-toggle-button";
+
+    private string GetToggleButtonText(ControlDefinition control, string? fieldName, bool isOn)
+    {
+        string explicitText = GetProp(control, "text", string.Empty);
+        if (!string.IsNullOrWhiteSpace(explicitText))
+            return explicitText;
+
+        return isOn
+            ? GetProp(control, "onText", fieldName ?? "On")
+            : GetProp(control, "offText", fieldName ?? "Off");
+    }
+
+    private Task ToggleButtonValueAsync(ControlDefinition control, string? fieldName)
+    {
+        bool isOn = IsToggleButtonOn(control, fieldName);
+        object? next = GetConfiguredToggleValue(control, isOn ? "falseValue" : "trueValue", isOn ? false : true);
+        FormFieldDefinition? field = GetFieldDefinition(fieldName);
+        object? converted = field?.DataType == FieldDataType.Boolean
+            ? FormControlValueConverter.ConvertCheckboxValue(FormControlValueConverter.ToBoolean(next), field)
+            : FormControlValueConverter.ConvertChoiceValue(next?.ToString(), field);
+        return SetFieldValueAsync(control, fieldName, converted);
+    }
+
+    private static object? GetConfiguredToggleValue(ControlDefinition control, string key, object fallback)
+    {
+        if (!control.Props.Values.TryGetValue(key, out object? value) || value is null)
+            return fallback;
+
+        if (value is JsonElement json)
+            return json.ValueKind switch
+            {
+                JsonValueKind.Null => null,
+                JsonValueKind.True => true,
+                JsonValueKind.False => false,
+                JsonValueKind.String => json.GetString(),
+                JsonValueKind.Number when json.TryGetInt64(out long integer) => integer,
+                JsonValueKind.Number => json.GetDouble(),
+                _ => json.ToString(),
+            };
+
+        return value;
+    }
+
+    private static bool ValuesMatch(object? value, object? configuredValue, FormFieldDefinition? field)
+    {
+        if (configuredValue is bool boolValue)
+            return FormControlValueConverter.ToBoolean(value) == boolValue;
+
+        return FormControlValueConverter.ChoiceMatchesValue(value, configuredValue?.ToString(), field);
+    }
+
+    private async Task SetFieldValueAsync(ControlDefinition control, string? fieldName, object? value)
     {
         if (fieldName is null) return;
-        BeforeFieldChanged.InvokeAsync(fieldName);
+        object? oldValue = GetFieldObjectValue(fieldName);
+        await BeforeFieldChanged.InvokeAsync(fieldName);
+        Record[fieldName] = value;
+        await InvokeControlEventsAsync(
+            control,
+            ControlEventKind.OnChange,
+            BuildFieldEventArguments(control, ControlEventKind.OnChange, fieldName, value, oldValue));
+        await OnFieldChanged.InvokeAsync(fieldName);
+    }
+
+    private async Task OnBlobFileChangedAsync(ControlDefinition control, string? fieldName, InputFileChangeEventArgs args)
+    {
+        if ((!IsAttachmentTableMode(control) && string.IsNullOrWhiteSpace(fieldName)) || !IsControlEnabled(control) || IsControlReadOnly(control))
+            return;
+
+        IBrowserFile file = args.File;
+        long maxBytes = GetLongProp(control, "maxFileBytes", DefaultMaxUploadBytes);
+        await using Stream stream = file.OpenReadStream(maxBytes);
+        using var memory = new MemoryStream();
+        await stream.CopyToAsync(memory);
+        string eventFieldName = fieldName ?? FormAttachmentValue.GetRecordKey(control.ControlId);
+
+        object? oldValue = IsAttachmentTableMode(control)
+            ? GetPendingAttachmentValue(control)
+            : GetFieldObjectValue(fieldName);
+        await BeforeFieldChanged.InvokeAsync(eventFieldName);
+
+        if (IsAttachmentTableMode(control))
+        {
+            Record[FormAttachmentValue.GetRecordKey(control.ControlId)] = FormAttachmentValue.FromFile(
+                memory.ToArray(),
+                file.Name,
+                file.ContentType,
+                file.Size);
+        }
+        else
+        {
+            Record[fieldName!] = memory.ToArray();
+            await SetRelatedFieldValueAsync(control, "fileNameField", file.Name);
+            await SetRelatedFieldValueAsync(control, "contentTypeField", file.ContentType);
+            await SetRelatedFieldValueAsync(control, "fileSizeField", file.Size);
+        }
+
+        object? newValue = IsAttachmentTableMode(control)
+            ? GetPendingAttachmentValue(control)
+            : Record[fieldName!];
+        var runtimeArguments = BuildFieldEventArguments(control, ControlEventKind.OnChange, eventFieldName, newValue, oldValue);
+        runtimeArguments["fileName"] = file.Name;
+        runtimeArguments["contentType"] = file.ContentType;
+        runtimeArguments["fileSize"] = file.Size;
+
+        await InvokeControlEventsAsync(control, ControlEventKind.OnChange, runtimeArguments);
+        await OnFieldChanged.InvokeAsync(eventFieldName);
+    }
+
+    private async Task ClearBlobFieldAsync(ControlDefinition control, string? fieldName)
+    {
+        if ((!IsAttachmentTableMode(control) && string.IsNullOrWhiteSpace(fieldName)) || !CanClearBlob(control, fieldName))
+            return;
+
+        string eventFieldName = fieldName ?? FormAttachmentValue.GetRecordKey(control.ControlId);
+        object? oldValue = IsAttachmentTableMode(control)
+            ? GetPendingAttachmentValue(control)
+            : GetFieldObjectValue(fieldName);
+        await BeforeFieldChanged.InvokeAsync(eventFieldName);
+
+        if (IsAttachmentTableMode(control))
+        {
+            Record[FormAttachmentValue.GetRecordKey(control.ControlId)] = FormAttachmentValue.Clear();
+        }
+        else
+        {
+            Record[fieldName!] = null;
+            await SetRelatedFieldValueAsync(control, "fileNameField", null);
+            await SetRelatedFieldValueAsync(control, "contentTypeField", null);
+            await SetRelatedFieldValueAsync(control, "fileSizeField", null);
+        }
+
+        await InvokeControlEventsAsync(
+            control,
+            ControlEventKind.OnChange,
+            BuildFieldEventArguments(control, ControlEventKind.OnChange, eventFieldName, IsAttachmentTableMode(control) ? GetPendingAttachmentValue(control) : null, oldValue));
+        await OnFieldChanged.InvokeAsync(eventFieldName);
+    }
+
+    private Task SetRelatedFieldValueAsync(ControlDefinition control, string metadataProperty, object? value)
+    {
+        string fieldName = GetProp(control, metadataProperty, string.Empty);
+        if (string.IsNullOrWhiteSpace(fieldName))
+            return Task.CompletedTask;
+
         Record[fieldName] = value;
-        OnFieldChanged.InvokeAsync(fieldName);
+        return OnFieldChanged.InvokeAsync(fieldName);
+    }
+
+    private bool CanClearBlob(ControlDefinition control, string? fieldName)
+        => IsControlEnabled(control) &&
+           !IsControlReadOnly(control) &&
+           (IsAttachmentTableMode(control) || GetBlobBytes(fieldName) is { Length: > 0 });
+
+    private string GetBlobSummary(ControlDefinition control, string? fieldName)
+    {
+        if (IsAttachmentTableMode(control))
+        {
+            FormAttachmentValue? pending = GetPendingAttachmentValue(control);
+            if (pending?.ClearExisting == true)
+                return "Attachment will be cleared";
+            if (pending?.Bytes is { Length: > 0 } pendingBytes)
+            {
+                string pendingSize = FormatByteSize(pendingBytes.LongLength);
+                return string.IsNullOrWhiteSpace(pending.FileName)
+                    ? $"Pending upload ({pendingSize})"
+                    : $"Pending upload: {pending.FileName} ({pendingSize})";
+            }
+
+            return "Attachment table";
+        }
+
+        byte[]? bytes = GetBlobBytes(fieldName);
+        if (bytes is null || bytes.Length == 0)
+            return "No file";
+
+        string fileNameField = GetProp(control, "fileNameField", string.Empty);
+        string fileName = string.IsNullOrWhiteSpace(fileNameField) ? string.Empty : GetFieldValue(fileNameField);
+        string size = FormatByteSize(bytes.LongLength);
+        return string.IsNullOrWhiteSpace(fileName)
+            ? size
+            : $"{fileName} ({size})";
+    }
+
+    private byte[]? GetBlobBytes(string? fieldName)
+    {
+        object? value = GetFieldObjectValue(fieldName);
+        return value switch
+        {
+            byte[] bytes => bytes,
+            JsonElement json when json.ValueKind == JsonValueKind.String && TryReadBase64(json.GetString(), out byte[]? bytes) => bytes,
+            string text when TryReadBase64(text, out byte[]? bytes) => bytes,
+            _ => null,
+        };
+    }
+
+    private string? GetImageDataUrl(ControlDefinition control, string? fieldName)
+    {
+        if (IsAttachmentTableMode(control) && GetPendingAttachmentValue(control)?.Bytes is { Length: > 0 } pendingBytes)
+        {
+            string pendingContentType = GetPendingAttachmentValue(control)?.ContentType ?? "image/png";
+            if (string.IsNullOrWhiteSpace(pendingContentType))
+                pendingContentType = "image/png";
+
+            return $"data:{pendingContentType};base64,{Convert.ToBase64String(pendingBytes)}";
+        }
+
+        byte[]? bytes = GetBlobBytes(fieldName);
+        if (bytes is null || bytes.Length == 0)
+            return null;
+
+        string contentTypeField = GetProp(control, "contentTypeField", string.Empty);
+        string contentType = string.IsNullOrWhiteSpace(contentTypeField) ? string.Empty : GetFieldValue(contentTypeField);
+        if (string.IsNullOrWhiteSpace(contentType))
+            contentType = "image/png";
+
+        return $"data:{contentType};base64,{Convert.ToBase64String(bytes)}";
+    }
+
+    private bool IsAttachmentTableMode(ControlDefinition control)
+        => string.Equals(GetProp(control, "storageMode", "blobField"), "attachmentTable", StringComparison.OrdinalIgnoreCase);
+
+    private FormAttachmentValue? GetPendingAttachmentValue(ControlDefinition control)
+        => Record.TryGetValue(FormAttachmentValue.GetRecordKey(control.ControlId), out object? value) && value is FormAttachmentValue attachment
+            ? attachment
+            : null;
+
+    private static bool TryReadBase64(string? value, out byte[]? bytes)
+    {
+        bytes = null;
+        if (string.IsNullOrWhiteSpace(value))
+            return false;
+
+        try
+        {
+            bytes = Convert.FromBase64String(value);
+            return true;
+        }
+        catch (FormatException)
+        {
+            return false;
+        }
+    }
+
+    private static string FormatByteSize(long bytes)
+    {
+        string[] units = ["B", "KB", "MB", "GB"];
+        double size = bytes;
+        int unit = 0;
+        while (size >= 1024 && unit < units.Length - 1)
+        {
+            size /= 1024;
+            unit++;
+        }
+
+        return unit == 0
+            ? $"{bytes} {units[unit]}"
+            : $"{size:0.#} {units[unit]}";
+    }
+
+    private string GetImageStyle(ControlDefinition control)
+    {
+        string fit = GetProp(control, "fit", "contain");
+        if (fit is not ("contain" or "cover" or "fill" or "scale-down"))
+            fit = "contain";
+
+        return $"object-fit: {fit};";
+    }
+
+    private async Task InvokeCommandButtonAsync(ControlDefinition control)
+    {
+        string commandName = GetProp(control, "commandName", string.Empty);
+        if (string.IsNullOrWhiteSpace(commandName) && !HasControlEventBindings(control, ControlEventKind.OnClick))
+        {
+            await ReportCommandErrorAsync("Command button has no command name.");
+            return;
+        }
+
+        DbCommandDefinition? definition = null;
+        if (!string.IsNullOrWhiteSpace(commandName) && !Commands.TryGetCommand(commandName, out definition))
+        {
+            Dictionary<string, string> metadata = FormCommandInvocation.BuildControlMetadata(Form, control, "Click");
+            string message = $"Unknown form command '{commandName}'.";
+            DbCallbackDiagnostics.WriteMissingCommandInvocation(commandName, metadata, message);
+            await ReportCommandErrorAsync(message);
+            return;
+        }
+
+        _executingCommandButtons.Add(control.ControlId);
+        await RefreshCommandButtonStateAsync();
+        try
+        {
+            if (!string.IsNullOrWhiteSpace(commandName))
+            {
+                if (definition is null)
+                    throw new InvalidOperationException($"Form command '{commandName}' was not resolved.");
+
+                control.Props.Values.TryGetValue("commandArguments", out object? configuredArguments);
+                Dictionary<string, DbValue> arguments = FormCommandInvocation.BuildArguments(
+                    Record,
+                    FormCommandInvocation.ReadArgumentsProperty(configuredArguments));
+                Dictionary<string, string> metadata = FormCommandInvocation.BuildControlMetadata(Form, control, "Click");
+
+                DbCommandResult result = await definition.InvokeAsync(
+                    arguments,
+                    metadata,
+                    EffectiveCallbackPolicy,
+                    DbExtensionHostMode.Embedded);
+                if (!result.Succeeded)
+                {
+                    string message = string.IsNullOrWhiteSpace(result.Message)
+                        ? $"Form command '{definition.Name}' failed."
+                        : result.Message;
+                    await ReportCommandErrorAsync(message);
+                    return;
+                }
+            }
+
+            await InvokeControlEventsAsync(control, ControlEventKind.OnClick);
+        }
+        catch (Exception ex)
+        {
+            string subject = string.IsNullOrWhiteSpace(commandName)
+                ? "Control click command"
+                : $"Form command '{commandName}'";
+            await ReportCommandErrorAsync($"{subject} failed: {ex.Message}");
+        }
+        finally
+        {
+            _executingCommandButtons.Remove(control.ControlId);
+            await RefreshCommandButtonStateAsync();
+        }
+    }
+
+    private async Task RefreshCommandButtonStateAsync()
+    {
+        try
+        {
+            await InvokeAsync(StateHasChanged);
+        }
+        catch (InvalidOperationException ex) when (ex.Message.Contains("render handle", StringComparison.OrdinalIgnoreCase))
+        {
+            // Private unit-test invocations can run before Blazor assigns a render handle.
+        }
+    }
+
+    private Task InvokeFieldControlEventAsync(ControlDefinition control, ControlEventKind eventKind, string? fieldName)
+        => InvokeControlEventsAsync(
+            control,
+            eventKind,
+            BuildFieldEventArguments(control, eventKind, fieldName, GetFieldObjectValue(fieldName), oldValue: null));
+
+    private async Task InvokeControlEventsAsync(
+        ControlDefinition control,
+        ControlEventKind eventKind,
+        IReadOnlyDictionary<string, object?>? runtimeArguments = null)
+    {
+        IReadOnlyList<ControlEventBinding> bindings = control.EventBindings ?? [];
+        foreach (ControlEventBinding binding in bindings.Where(binding => binding.Event == eventKind))
+        {
+            Dictionary<string, string> metadata = FormCommandInvocation.BuildControlMetadata(Form, control, eventKind.ToString());
+
+            if (!string.IsNullOrWhiteSpace(binding.CommandName))
+            {
+                if (!Commands.TryGetCommand(binding.CommandName, out DbCommandDefinition definition))
+                {
+                    string message = $"Unknown form command '{binding.CommandName}' for control event '{eventKind}'.";
+                    DbCallbackDiagnostics.WriteMissingCommandInvocation(binding.CommandName, metadata, message);
+                    await ReportCommandErrorAsync(message);
+                    return;
+                }
+
+                Dictionary<string, DbValue> arguments = FormCommandInvocation.BuildArguments(
+                    Record,
+                    runtimeArguments,
+                    binding.Arguments);
+
+                bool commandFailed = false;
+                string? commandFailureMessage = null;
+                try
+                {
+                    DbCommandResult result = await definition.InvokeAsync(
+                        arguments,
+                        metadata,
+                        EffectiveCallbackPolicy,
+                        DbExtensionHostMode.Embedded);
+                    if (!result.Succeeded)
+                    {
+                        commandFailed = true;
+                        commandFailureMessage = string.IsNullOrWhiteSpace(result.Message)
+                            ? $"Control event '{eventKind}' command '{definition.Name}' failed."
+                            : result.Message;
+                    }
+                }
+                catch (Exception ex)
+                {
+                    commandFailed = true;
+                    commandFailureMessage = $"Control event '{eventKind}' command '{definition.Name}' failed: {ex.Message}";
+                }
+
+                if (commandFailed)
+                {
+                    if (binding.StopOnFailure)
+                    {
+                        await ReportCommandErrorAsync(commandFailureMessage!);
+                        return;
+                    }
+
+                    if (binding.ActionSequence is null)
+                        continue;
+                }
+            }
+            else if (binding.ActionSequence is null)
+            {
+                await ReportCommandErrorAsync($"Control event '{eventKind}' has no command or action sequence.");
+                return;
+            }
+
+            if (binding.ActionSequence is not null)
+            {
+                FormEventDispatchResult actionResult = await FormActionSequenceExecutor.ExecuteAsync(
+                    binding.ActionSequence,
+                    Commands,
+                    Record,
+                    binding.Arguments,
+                    runtimeArguments,
+                    metadata,
+                    reusableSequences: Form.ActionSequences,
+                    setFieldValue: SetActionFieldValueAsync,
+                    showMessage: ReportCommandErrorAsync,
+                    executeBuiltInFormAction: OnBuiltInAction,
+                    actionRuntime: ActionRuntime,
+                    callbackPolicy: EffectiveCallbackPolicy);
+
+                if (!actionResult.Succeeded && binding.StopOnFailure)
+                {
+                    await ReportCommandErrorAsync(actionResult.Message ?? $"Control event '{eventKind}' action sequence failed.");
+                    return;
+                }
+            }
+        }
+    }
+
+    private static bool HasControlEventBindings(ControlDefinition control, ControlEventKind eventKind)
+        => control.EventBindings?.Any(binding => binding.Event == eventKind) == true;
+
+    private static Dictionary<string, object?> BuildFieldEventArguments(
+        ControlDefinition control,
+        ControlEventKind eventKind,
+        string? fieldName,
+        object? value,
+        object? oldValue)
+    {
+        var arguments = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+        {
+            ["controlId"] = control.ControlId,
+            ["controlType"] = control.ControlType,
+            ["event"] = eventKind.ToString(),
+        };
+
+        if (!string.IsNullOrWhiteSpace(fieldName))
+            arguments["fieldName"] = fieldName;
+
+        if (value is not null)
+            arguments["value"] = value;
+
+        if (oldValue is not null)
+            arguments["oldValue"] = oldValue;
+
+        return arguments;
+    }
+
+    private Task ReportCommandErrorAsync(string message)
+        => OnCommandError.HasDelegate ? OnCommandError.InvokeAsync(message) : Task.CompletedTask;
+
+    private async Task SetActionFieldValueAsync(string fieldName, object? value)
+    {
+        if (string.IsNullOrWhiteSpace(fieldName))
+            return;
+
+        string key = Record.Keys.FirstOrDefault(candidate => string.Equals(candidate, fieldName, StringComparison.OrdinalIgnoreCase))
+            ?? fieldName;
+        await BeforeFieldChanged.InvokeAsync(key);
+        Record[key] = value;
+        await OnFieldChanged.InvokeAsync(key);
+    }
+
+    private IReadOnlyList<TabPageInfo> GetTabPages(ControlDefinition control)
+    {
+        if (!control.Props.Values.TryGetValue("tabs", out object? value) || value is null)
+            return [];
+
+        if (value is JsonElement json && json.ValueKind == JsonValueKind.Array)
+        {
+            return json.EnumerateArray()
+                .Select(element => ReadTabPage(element))
+                .Where(tab => tab is not null)
+                .Select(tab => tab!)
+                .ToArray();
+        }
+
+        if (value is IEnumerable<object?> items)
+        {
+            return items
+                .Select(item => ReadTabPage(item))
+                .Where(tab => tab is not null)
+                .Select(tab => tab!)
+                .ToArray();
+        }
+
+        return [];
+    }
+
+    private static TabPageInfo? ReadTabPage(object? value)
+    {
+        if (value is null)
+            return null;
+
+        if (value is JsonElement json)
+        {
+            if (json.ValueKind != JsonValueKind.Object)
+                return null;
+
+            string id = json.TryGetProperty("id", out JsonElement idElement) ? ReadJsonText(idElement) : string.Empty;
+            string label = json.TryGetProperty("label", out JsonElement labelElement) ? ReadJsonText(labelElement) : id;
+            return string.IsNullOrWhiteSpace(id) ? null : new TabPageInfo(id, string.IsNullOrWhiteSpace(label) ? id : label);
+        }
+
+        if (value is IReadOnlyDictionary<string, object?> readOnly)
+            return ReadTabPage(readOnly);
+
+        if (value is IDictionary<string, object?> dictionary)
+            return ReadTabPage(dictionary);
+
+        return null;
+    }
+
+    private static TabPageInfo? ReadTabPage(IReadOnlyDictionary<string, object?> dictionary)
+    {
+        string id = ReadDictionaryText(dictionary, "id");
+        if (string.IsNullOrWhiteSpace(id))
+            return null;
+
+        string label = ReadDictionaryText(dictionary, "label");
+        return new TabPageInfo(id, string.IsNullOrWhiteSpace(label) ? id : label);
+    }
+
+    private TabPageInfo GetActiveTabPage(ControlDefinition control, IReadOnlyList<TabPageInfo> tabs)
+    {
+        if (_activeTabs.TryGetValue(control.ControlId, out string? activeId))
+        {
+            TabPageInfo? active = tabs.FirstOrDefault(tab => string.Equals(tab.Id, activeId, StringComparison.Ordinal));
+            if (active is not null)
+                return active;
+        }
+
+        _activeTabs[control.ControlId] = tabs[0].Id;
+        return tabs[0];
+    }
+
+    private void SetActiveTab(string controlId, string tabId)
+        => _activeTabs[controlId] = tabId;
+
+    private string GetTabButtonClass(string activeTabId, string tabId)
+        => string.Equals(activeTabId, tabId, StringComparison.Ordinal)
+            ? "fr-tab-button active"
+            : "fr-tab-button";
+
+    private FormDefinition BuildTabChildForm(ControlDefinition tabControl, string tabId)
+    {
+        var childControls = Form.Controls
+            .Where(control => IsTabChildControl(control, tabControl.ControlId, tabId))
+            .ToArray();
+
+        return Form with { Controls = childControls };
     }
 
+    private static double GetTabChildCanvasWidth(ControlDefinition tabControl)
+        => Math.Max(24, tabControl.Rect.Width - 24);
+
+    private double GetTabChildCanvasHeight(ControlDefinition tabControl, string tabId)
+    {
+        double designHeight = Form.Controls
+            .Where(control => IsTabChildControl(control, tabControl.ControlId, tabId))
+            .Select(control => control.Rect.Y + control.Rect.Height + 24)
+            .DefaultIfEmpty(0)
+            .Max();
+        double tabPageHeight = Math.Max(16, tabControl.Rect.Height - 56);
+
+        return Math.Max(designHeight, tabPageHeight);
+    }
+
+    private static bool IsTabChildControl(ControlDefinition control, string parentControlId, string tabId)
+        => TryGetControlProp(control, "parentControlId", out string configuredParentId)
+           && string.Equals(configuredParentId, parentControlId, StringComparison.Ordinal)
+           && TryGetControlProp(control, "parentTabId", out string configuredTabId)
+           && string.Equals(configuredTabId, tabId, StringComparison.Ordinal);
+
+    private static bool TryGetControlProp(ControlDefinition control, string key, out string value)
+    {
+        value = string.Empty;
+        if (!control.Props.Values.TryGetValue(key, out object? raw) || raw is null)
+            return false;
+
+        if (raw is JsonElement json)
+            raw = json.ValueKind == JsonValueKind.String ? json.GetString() : json.ToString();
+
+        value = raw?.ToString() ?? string.Empty;
+        return !string.IsNullOrWhiteSpace(value);
+    }
+
+    private static string ReadDictionaryText(IReadOnlyDictionary<string, object?> dictionary, string key)
+    {
+        if (!dictionary.TryGetValue(key, out object? value) || value is null)
+            return string.Empty;
+
+        if (value is JsonElement json)
+            return ReadJsonText(json);
+
+        return value.ToString() ?? string.Empty;
+    }
+
+    private static string ReadJsonText(JsonElement value)
+        => value.ValueKind == JsonValueKind.String
+            ? value.GetString() ?? string.Empty
+            : value.ToString();
+
+    private string BuildSubformKey(ControlDefinition control, object? parentValue)
+        => $"{control.ControlId}:{parentValue}";
+
+    private static string BuildSubformFilterExpression(string foreignKeyField)
+        => $"[{foreignKeyField}] = @parentValue";
+
+    private static IReadOnlyDictionary<string, object?> BuildSubformFilterParameters(object? parentValue)
+        => new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+        {
+            ["parentValue"] = parentValue,
+        };
+
     private FormFieldDefinition? GetFieldDefinition(string? fieldName)
         => fieldName is null
             ? null
             : TableDefinition?.Fields.FirstOrDefault(field => string.Equals(field.Name, fieldName, StringComparison.OrdinalIgnoreCase));
 
+    private sealed record TabPageInfo(string Id, string Label);
+
     private static int GetTabIndex(ControlDefinition c)
     {
         if (c.Props.Values.TryGetValue("tabIndex", out var val))
@@ -260,10 +1631,12 @@
         return 0;
     }
 
-    private static string GetProp(ControlDefinition c, string key, string fallback)
+    private string GetProp(ControlDefinition c, string key, string fallback)
     {
-        if (c.Props.Values.TryGetValue(key, out var val) && val is string s)
+        if (TryGetEffectiveProperty(c, key, out object? val) && val is string s)
             return s;
+        if (val is not null && key is "text" or "placeholder")
+            return val.ToString() ?? fallback;
         return fallback;
     }
 
@@ -279,11 +1652,127 @@
         return [];
     }
 
-    private static bool GetBoolProp(ControlDefinition c, string key)
+    private static List<string> GetDataGridVisibleColumns(ControlDefinition control, FormTableDefinition? tableDefinition)
     {
-        if (c.Props.Values.TryGetValue(key, out var val) && val is bool b)
-            return b;
-        return false;
+        List<string> configuredColumns = GetListProp(control, "visibleColumns");
+        if (configuredColumns.Count > 0 || tableDefinition is null)
+            return configuredColumns;
+
+        return tableDefinition.Fields
+            .Select(field => field.Name)
+            .ToList();
+    }
+
+    private ControlFilterState? GetControlFilter(string controlId)
+        => ControlFilters?.TryGetValue(controlId, out ControlFilterState? filter) == true
+            ? filter
+            : null;
+
+    private bool IsControlVisible(ControlDefinition c)
+        => GetBoolProp(c, "visible", fallback: true);
+
+    private bool IsControlEnabled(ControlDefinition c)
+        => GetBoolProp(c, "enabled", fallback: true);
+
+    private bool IsControlReadOnly(ControlDefinition c)
+        => GetBoolProp(c, "readOnly", fallback: false);
+
+    private bool GetBoolProp(ControlDefinition c, string key, bool fallback = false)
+        => TryGetEffectiveProperty(c, key, out object? value)
+            ? ReadBoolean(value, fallback)
+            : fallback;
+
+    private int GetIntProp(ControlDefinition c, string key, int fallback)
+        => TryGetEffectiveProperty(c, key, out object? value)
+            ? ReadInteger(value, fallback)
+            : fallback;
+
+    private double GetDoubleProp(ControlDefinition c, string key, double fallback)
+        => TryGetEffectiveProperty(c, key, out object? value)
+            ? ReadDouble(value, fallback)
+            : fallback;
+
+    private long GetLongProp(ControlDefinition c, string key, long fallback)
+        => TryGetEffectiveProperty(c, key, out object? value)
+            ? ReadLong(value, fallback)
+            : fallback;
+
+    private static int ReadInteger(object? value, int fallback)
+    {
+        long parsed = ReadLong(value, fallback);
+        return parsed > int.MaxValue || parsed < int.MinValue
+            ? fallback
+            : (int)parsed;
+    }
+
+    private static long ReadLong(object? value, long fallback)
+    {
+        return value switch
+        {
+            int i => i,
+            long l => l,
+            double d => (long)d,
+            decimal m => (long)m,
+            JsonElement json when json.ValueKind == JsonValueKind.Number && json.TryGetInt64(out long l) => l,
+            _ when long.TryParse(value?.ToString(), NumberStyles.Integer, CultureInfo.InvariantCulture, out long parsed) => parsed,
+            _ => fallback,
+        };
+    }
+
+    private static double ReadDouble(object? value, double fallback)
+    {
+        return value switch
+        {
+            int i => i,
+            long l => l,
+            float f => f,
+            double d => d,
+            decimal m => (double)m,
+            JsonElement json when json.ValueKind == JsonValueKind.Number && json.TryGetDouble(out double d) => d,
+            JsonElement json when json.ValueKind == JsonValueKind.String && double.TryParse(json.GetString(), NumberStyles.Float, CultureInfo.InvariantCulture, out double parsed) => parsed,
+            _ when double.TryParse(value?.ToString(), NumberStyles.Float, CultureInfo.InvariantCulture, out double parsed) => parsed,
+            _ => fallback,
+        };
+    }
+
+    private bool TryGetEffectiveProperty(ControlDefinition control, string key, out object? value)
+    {
+        bool found = control.Props.Values.TryGetValue(key, out value);
+
+        foreach (ControlRuleDefinition rule in Form.Rules ?? [])
+        {
+            if (!FormActionConditionEvaluator.TryEvaluate(
+                rule.Condition,
+                Record,
+                bindingArguments: null,
+                runtimeArguments: null,
+                stepArguments: null,
+                out bool shouldApply,
+                out _) ||
+                !shouldApply)
+            {
+                continue;
+            }
+
+            foreach (ControlRuleEffect effect in rule.Effects)
+            {
+                if (string.Equals(effect.ControlId, control.ControlId, StringComparison.OrdinalIgnoreCase) &&
+                    string.Equals(effect.Property, key, StringComparison.OrdinalIgnoreCase))
+                {
+                    value = effect.Value;
+                    found = true;
+                }
+            }
+        }
+
+        if (ControlPropertyOverrides?.TryGetValue(control.ControlId, out IReadOnlyDictionary<string, object?>? overrides) == true &&
+            overrides.TryGetValue(key, out object? overrideValue))
+        {
+            value = overrideValue;
+            found = true;
+        }
+
+        return found;
     }
 
     private static object? ParseNumber(object? value)
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/LayersPanel.razor b/src/CSharpDB.Admin.Forms/Components/Designer/LayersPanel.razor
index d3e57a54..09cb5ece 100644
--- a/src/CSharpDB.Admin.Forms/Components/Designer/LayersPanel.razor
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/LayersPanel.razor
@@ -1,4 +1,6 @@
 @using CSharpDB.Admin.Forms.Components.Designer
+@using CSharpDB.Admin.Forms.Contracts
+@using CSharpDB.Admin.Forms.Models
 @implements IDisposable
 
 <div class="layers-panel">
@@ -36,6 +38,7 @@
 
 @code {
     [CascadingParameter] public DesignerState State { get; set; } = default!;
+    [Inject] public IFormControlRegistry ControlRegistry { get; set; } = DefaultFormControlRegistry.Instance;
 
     private int _dragStartIndex = -1;
     private int _dragOverIndex = -1;
@@ -76,32 +79,27 @@
         State.SelectControl(controlId, e.ShiftKey);
     }
 
-    private static string GetLabel(CSharpDB.Admin.Forms.Models.ControlDefinition c)
+    private string GetLabel(ControlDefinition c)
     {
         // Prefer binding field name, then text prop, then control type
         if (c.Binding?.FieldName is { Length: > 0 } fieldName)
             return fieldName;
         if (c.Props.Values.TryGetValue("text", out var textVal) && textVal is string s && s.Length > 0)
             return s;
-        return c.ControlType;
+        return GetControlDisplayName(c.ControlType);
     }
 
-    private static string GetTypeIcon(string controlType) => controlType switch
+    private string GetTypeIcon(string controlType)
     {
-        "label" => "A",
-        "text" => "\u2328",
-        "textarea" => "\u2263",
-        "number" => "#",
-        "date" => "\U0001F4C5",
-        "checkbox" => "\u2611",
-        "radio" => "\u25C9",
-        "select" => "\u25BE",
-        "lookup" => "\U0001F50D",
-        "datagrid" => "\u2637",
-        "childtabs" => "\u2630",
-        "computed" => "\u03A3",
-        _ => "?"
-    };
+        return ControlRegistry.TryGetControl(controlType, out FormControlDescriptor descriptor)
+            ? descriptor.IconText
+            : "?";
+    }
+
+    private string GetControlDisplayName(string controlType)
+        => ControlRegistry.TryGetControl(controlType, out FormControlDescriptor descriptor)
+            ? descriptor.DisplayName
+            : controlType;
 
     private static string LayerRowClass(bool selected, bool dragOver)
     {
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/MacroValidationPanel.razor b/src/CSharpDB.Admin.Forms/Components/Designer/MacroValidationPanel.razor
new file mode 100644
index 00000000..bc2ed172
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/MacroValidationPanel.razor
@@ -0,0 +1,45 @@
+@using CSharpDB.Admin.Forms.Contracts
+@using CSharpDB.Admin.Forms.Models
+@using CSharpDB.Admin.Forms.Services
+
+@if (_issues.Count > 0)
+{
+    <div class="designer-warning">
+        <strong>@GetSummaryText()</strong>
+        <ul>
+            @foreach (FormActionValidationIssue issue in _issues.Take(6))
+            {
+                <li>@issue.Message</li>
+            }
+        </ul>
+    </div>
+}
+
+@code {
+    [Parameter, EditorRequired] public FormDefinition Form { get; set; } = default!;
+    [Parameter] public FormTableDefinition? Schema { get; set; }
+
+    private IReadOnlyList<FormActionValidationIssue> _issues = [];
+
+    protected override void OnParametersSet()
+    {
+        FormActionValidationResult result = FormActionManifestValidator.Validate(
+            Form,
+            new FormActionValidationOptions(
+                RuntimeCapabilities: FormActionRuntimeCapabilities.RenderedForm,
+                Schema: Schema));
+        _issues = result.Issues;
+    }
+
+    private string GetSummaryText()
+    {
+        int errors = _issues.Count(issue => issue.Severity == FormActionValidationSeverity.Error);
+        int warnings = _issues.Count - errors;
+        if (errors > 0 && warnings > 0)
+            return $"{errors} macro error(s), {warnings} warning(s)";
+
+        return errors > 0
+            ? $"{errors} macro error(s)"
+            : $"{warnings} macro warning(s)";
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/PropertyInspector.razor b/src/CSharpDB.Admin.Forms/Components/Designer/PropertyInspector.razor
index 63540d7b..ee78c33d 100644
--- a/src/CSharpDB.Admin.Forms/Components/Designer/PropertyInspector.razor
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/PropertyInspector.razor
@@ -1,7 +1,13 @@
+@using System.Globalization
+@using System.Text.Json
 @using CSharpDB.Admin.Forms.Models
 @using CSharpDB.Admin.Forms.Components.Designer
 @using CSharpDB.Admin.Forms.Contracts
+@using CSharpDB.Admin.Forms.Serialization
+@using CSharpDB.Primitives
 @inject ISchemaProvider SchemaProvider
+@inject DbCommandRegistry CommandRegistry
+@inject IFormRepository FormRepository
 @implements IDisposable
 
 <div class="property-inspector">
@@ -16,9 +22,48 @@
             }
             else
             {
-                <p>Select a control to edit its properties</p>
+                <p>Form properties</p>
             }
         </div>
+        @if (State.SelectedIds.Count <= 1)
+        {
+            <div class="pi-section">
+                <div class="pi-section-label">Form</div>
+                <div class="pi-field">
+                    <label>Name</label>
+                    <input type="text"
+                           value="@State.FormName"
+                           placeholder="Customer Entry"
+                           @onchange="OnFormNameChanged" />
+                </div>
+                <div class="pi-field">
+                    <label>Source</label>
+                    <div class="pi-static-value">@(string.IsNullOrWhiteSpace(State.TableName) ? "No source selected" : State.TableName)</div>
+                </div>
+            </div>
+        }
+        <div class="pi-section">
+            <div class="pi-section-label">Events</div>
+            <FormEventBindingsEditor EventBindings="State.EventBindings"
+                                     ActionSequences="State.ActionSequences"
+                                     EventBindingsChanged="OnEventBindingsChanged" />
+        </div>
+        <div class="pi-section">
+            <div class="pi-section-label">Reusable Actions</div>
+            <FormActionSequencesEditor ActionSequences="State.ActionSequences"
+                                       ActionSequencesChanged="OnActionSequencesChanged" />
+        </div>
+        <div class="pi-section">
+            <div class="pi-section-label">Rules</div>
+            <ControlRulesEditor Rules="State.Rules"
+                                Controls="State.Controls"
+                                RulesChanged="OnRulesChanged" />
+        </div>
+        <div class="pi-section">
+            <div class="pi-section-label">Validation</div>
+            <ValidationRulesEditor Rules="State.ValidationRules"
+                                   RulesChanged="OnFormValidationRulesChanged" />
+        </div>
     }
     else
     {
@@ -27,18 +72,14 @@
             <div class="pi-field">
                 <label>Type</label>
                 <select value="@_selected.ControlType" @onchange="OnTypeChanged">
-                    <option value="label">Label</option>
-                    <option value="text">Text</option>
-                    <option value="textarea">Textarea</option>
-                    <option value="number">Number</option>
-                    <option value="date">Date</option>
-                    <option value="checkbox">Checkbox</option>
-                    <option value="radio">Radio</option>
-                    <option value="select">Select</option>
-                    <option value="lookup">Lookup</option>
-                    <option value="computed">Computed</option>
-                    <option value="datagrid">DataGrid</option>
-                    <option value="childtabs">Child Tabs</option>
+                    @foreach (FormControlDescriptor descriptor in GetTypeDropdownControls())
+                    {
+                        <option value="@descriptor.ControlType">@descriptor.DisplayName</option>
+                    }
+                    @if (!IsRegisteredControlType(_selected.ControlType))
+                    {
+                        <option value="@_selected.ControlType">@($"{_selected.ControlType} (unregistered)")</option>
+                    }
                 </select>
             </div>
             <div class="pi-field">
@@ -47,6 +88,13 @@
             </div>
         </div>
 
+        <div class="pi-section">
+            <div class="pi-section-label">Events</div>
+            <ControlEventBindingsEditor EventBindings="@(_selected.EventBindings ?? [])"
+                                        ActionSequences="State.ActionSequences"
+                                        EventBindingsChanged="OnControlEventBindingsChanged" />
+        </div>
+
         <div class="pi-section">
             <div class="pi-section-label">Position &amp; Size</div>
             <div class="pi-field-row">
@@ -73,9 +121,66 @@
                            @onchange="@(e => OnRectChanged(e, RectPart.H))" />
                 </div>
             </div>
+            <div class="pi-field">
+                <label>Resize Mode</label>
+                <select value="@GetProp(PropResizeMode, "anchor")" @onchange="@(e => OnPropChanged(PropResizeMode, e.Value))">
+                    <option value="anchor">Anchored</option>
+                    <option value="scale">Scale With Form</option>
+                </select>
+            </div>
+            <div class="pi-field">
+                <label>Anchor Preset</label>
+                <select value="@GetAnchorPreset()" @onchange="OnAnchorPresetChanged">
+                    <option value="topLeft">Top Left</option>
+                    <option value="topRight">Top Right</option>
+                    <option value="bottomLeft">Bottom Left</option>
+                    <option value="bottomRight">Bottom Right</option>
+                    <option value="stretchAcross">Stretch Across</option>
+                    <option value="stretchDown">Stretch Down</option>
+                    <option value="stretchBoth">Stretch Both</option>
+                    <option value="custom">Custom</option>
+                </select>
+            </div>
+            <div class="pi-field">
+                <label>Anchors</label>
+                <div class="pi-anchor-grid">
+                    <label>
+                        <input type="checkbox" checked="@GetAnchorProp(PropAnchorLeft, true)"
+                               @onchange="@(e => OnAnchorChanged(PropAnchorLeft, e.Value))" />
+                        Left
+                    </label>
+                    <label>
+                        <input type="checkbox" checked="@GetAnchorProp(PropAnchorRight, false)"
+                               @onchange="@(e => OnAnchorChanged(PropAnchorRight, e.Value))" />
+                        Right
+                    </label>
+                    <label>
+                        <input type="checkbox" checked="@GetAnchorProp(PropAnchorTop, true)"
+                               @onchange="@(e => OnAnchorChanged(PropAnchorTop, e.Value))" />
+                        Top
+                    </label>
+                    <label>
+                        <input type="checkbox" checked="@GetAnchorProp(PropAnchorBottom, false)"
+                               @onchange="@(e => OnAnchorChanged(PropAnchorBottom, e.Value))" />
+                        Bottom
+                    </label>
+                </div>
+            </div>
+            <div class="pi-field-row">
+                <div class="pi-field half">
+                    <label>Min W</label>
+                    <input type="number" value="@GetProp(PropMinWidth, "24")" min="0" step="@State.GridSize"
+                           @onchange="@(e => OnPropChanged(PropMinWidth, ParseNonNegativeDouble(e.Value)))" />
+                </div>
+                <div class="pi-field half">
+                    <label>Min H</label>
+                    <input type="number" value="@GetProp(PropMinHeight, "16")" min="0" step="@State.GridSize"
+                           @onchange="@(e => OnPropChanged(PropMinHeight, ParseNonNegativeDouble(e.Value)))" />
+                </div>
+            </div>
         </div>
 
-        @if (_selected.ControlType is "label" or "checkbox")
+        @if (_selected.ControlType is "label" or "checkbox" or "toggleButton")
         {
             <div class="pi-section">
                 <div class="pi-section-label">Text</div>
@@ -87,7 +192,7 @@
             </div>
         }
 
-        @if (_selected.ControlType is "text" or "textarea" or "number" or "select" or "lookup")
+        @if (_selected.ControlType is "text" or "textarea" or "number" or "select" or "lookup" or "comboBox" or "listBox")
         {
             <div class="pi-section">
                 <div class="pi-section-label">Input</div>
@@ -112,6 +217,85 @@
             </div>
         }
 
+        @if (_selected.ControlType is "select" or "comboBox" or "listBox" or "optionGroup")
+        {
+            <div class="pi-section">
+                <div class="pi-section-label">Choices</div>
+                <div class="pi-field">
+                    <label>Static Options</label>
+                    <textarea class="pi-textarea"
+                              value="@GetOptionsText()"
+                              placeholder="value|Label"
+                              @onchange="@(e => OnOptionsChanged(e.Value?.ToString() ?? string.Empty))"></textarea>
+                    @if (!string.IsNullOrWhiteSpace(_optionsError))
+                    {
+                        <div class="pi-field-error">@_optionsError</div>
+                    }
+                </div>
+                @if (_selected.ControlType == "comboBox")
+                {
+                    <div class="pi-field">
+                        <label>Allow Custom Value</label>
+                        <input type="checkbox" checked="@GetBoolProp(PropAllowCustomValue)"
+                               @onchange="@(e => OnPropChanged(PropAllowCustomValue, e.Value))" />
+                    </div>
+                }
+                @if (_selected.ControlType == "listBox")
+                {
+                    <div class="pi-field">
+                        <label>Multi Select</label>
+                        <input type="checkbox" checked="@GetBoolProp(PropMultiSelect)"
+                               @onchange="@(e => OnPropChanged(PropMultiSelect, e.Value))" />
+                    </div>
+                    @if (GetBoolProp(PropMultiSelect))
+                    {
+                        <div class="pi-field">
+                            <label>Value Delimiter</label>
+                            <input type="text" value="@GetProp(PropMultiValueDelimiter, ";")"
+                                   @onchange="@(e => OnPropChanged(PropMultiValueDelimiter, e.Value))" />
+                        </div>
+                    }
+                    <div class="pi-field">
+                        <label>Visible Rows</label>
+                        <input type="number" value="@GetProp(PropVisibleRows, "6")" min="2"
+                               @onchange="@(e => OnPropChanged(PropVisibleRows, ParseLong(e.Value)))" />
+                    </div>
+                }
+                @if (_selected.ControlType == "optionGroup")
+                {
+                    <div class="pi-field">
+                        <label>Orientation</label>
+                        <select value="@GetProp(PropOrientation, "vertical")" @onchange="@(e => OnPropChanged(PropOrientation, e.Value))">
+                            <option value="vertical">Vertical</option>
+                            <option value="horizontal">Horizontal</option>
+                        </select>
+                    </div>
+                    <div class="pi-field">
+                        <label>Button Style</label>
+                        <input type="checkbox" checked="@GetBoolProp(PropButtonStyle)"
+                               @onchange="@(e => OnPropChanged(PropButtonStyle, e.Value))" />
+                    </div>
+                }
+            </div>
+        }
+
+        @if (_selected.ControlType == "toggleButton")
+        {
+            <div class="pi-section">
+                <div class="pi-section-label">Toggle Values</div>
+                <div class="pi-field">
+                    <label>True Value</label>
+                    <input type="text" value="@GetProp(PropTrueValue, "true")"
+                           @onchange="@(e => OnPropChanged(PropTrueValue, ParseScalar(e.Value)))" />
+                </div>
+                <div class="pi-field">
+                    <label>False Value</label>
+                    <input type="text" value="@GetProp(PropFalseValue, "false")"
+                           @onchange="@(e => OnPropChanged(PropFalseValue, ParseScalar(e.Value)))" />
+                </div>
+            </div>
+        }
+
         @if (_selected.Binding is not null)
         {
             <div class="pi-section">
@@ -152,9 +336,25 @@
                            @onchange="@(e => OnPropChanged(PropTabIndex, ParseLong(e.Value)))" />
                 </div>
             </div>
+            <div class="pi-section">
+                <div class="pi-section-label">Validation</div>
+                <ValidationRulesEditor Rules="@(_selected.ValidationOverride?.AddRules ?? [])"
+                                       RulesChanged="OnControlValidationRulesChanged" />
+            </div>
+        }
+        else if (IsTabOrderControl(_selected))
+        {
+            <div class="pi-section">
+                <div class="pi-section-label">Keyboard</div>
+                <div class="pi-field">
+                    <label>Tab Order</label>
+                    <input type="number" value="@GetProp(PropTabIndex, string.Empty)" min="0"
+                           @onchange="@(e => OnPropChanged(PropTabIndex, ParseLong(e.Value)))" />
+                </div>
+            </div>
         }
 
-        @if (_selected.ControlType == "lookup")
+        @if (_selected.ControlType is "lookup" or "comboBox" or "listBox" or "optionGroup")
         {
             <div class="pi-section">
                 <div class="pi-section-label">Lookup Configuration</div>
@@ -183,6 +383,12 @@
                             }
                         </select>
                     </div>
+                    <div class="pi-field">
+                        <label>Additional Display Fields</label>
+                        <input type="text" value="@GetDisplayFieldsText()"
+                               placeholder="Code, Name"
+                               @onchange="@(e => OnDisplayFieldsChanged(e.Value?.ToString() ?? string.Empty))" />
+                    </div>
                     <div class="pi-field">
                         <label>Value Field</label>
                         <select value="@GetProp(PropValueField, "")" @onchange="@(e => OnPropChanged(PropValueField, e.Value))">
@@ -194,6 +400,11 @@
                         </select>
                     </div>
                 }
+                <div class="pi-field">
+                    <label>Row Limit</label>
+                    <input type="number" value="@GetProp(PropRowLimit, "500")" min="1"
+                           @onchange="@(e => OnPropChanged(PropRowLimit, ParseLong(e.Value)))" />
+                </div>
             </div>
         }
 
@@ -203,19 +414,135 @@
                 <div class="pi-section-label">Formula Configuration</div>
                 <div class="pi-field">
                     <label>Formula</label>
-                    <input type="text" value="@GetProp(PropFormula, string.Empty)"
-                           placeholder="=Quantity * UnitPrice"
-                           @onchange="@(e => OnPropChanged(PropFormula, e.Value))" />
+                    <div class="pi-input-action-row">
+                        <input type="text" value="@GetProp(PropFormula, string.Empty)"
+                               placeholder="=Quantity * UnitPrice"
+                               @onchange="@(e => OnPropChanged(PropFormula, e.Value))" />
+                        <button type="button"
+                                class="pi-icon-btn"
+                                title="Formula functions"
+                                @onclick="ToggleFormulaHelper">fx</button>
+                    </div>
                 </div>
+                @if (_showFormulaHelper)
+                {
+                    <div class="pi-formula-helper">
+                        <div class="pi-formula-helper-toolbar">
+                            <select value="@_formulaFunctionCategory" @onchange="OnFormulaCategoryChanged">
+                                <option value="">All functions</option>
+                                @foreach (string category in FormulaFunctionCatalog.Categories)
+                                {
+                                    <option value="@category">@category</option>
+                                }
+                            </select>
+                            <input type="text"
+                                   value="@_formulaFunctionQuery"
+                                   placeholder="Search"
+                                   @oninput="OnFormulaQueryChanged" />
+                        </div>
+                        @if (_sourceTableDef?.Fields.Count > 0)
+                        {
+                            <div class="pi-formula-fields">
+                                @foreach (FormFieldDefinition field in _sourceTableDef.Fields.Where(static field => field.DataType != FieldDataType.Blob).Take(12))
+                                {
+                                    <button type="button"
+                                            class="pi-formula-field"
+                                            title="@field.Name"
+                                            @onclick="() => InsertFormulaField(field.Name)">
+                                        @field.Name
+                                    </button>
+                                }
+                            </div>
+                        }
+                        @foreach (FormulaFunctionGroup group in GetFormulaFunctionGroups())
+                        {
+                            <div class="pi-formula-group">
+                                <div class="pi-formula-group-label">@group.Category</div>
+                                @foreach (FormulaFunctionDescriptor function in group.Functions)
+                                {
+                                    <div class="pi-formula-function">
+                                        <button type="button"
+                                                class="pi-formula-function-main"
+                                                title="@($"Insert {function.Signature}")"
+                                                @onclick="() => InsertFormulaFunction(function)">
+                                            <strong>@function.Name</strong>
+                                            <code>@function.Signature</code>
+                                            <span>@function.Description</span>
+                                        </button>
+                                        <button type="button"
+                                                class="pi-formula-example-btn"
+                                                title="Use example"
+                                                @onclick="() => UseFormulaExample(function)">Example</button>
+                                    </div>
+                                }
+                            </div>
+                        }
+                        @if (GetFormulaFunctionGroups().Count == 0)
+                        {
+                            <div class="pi-formula-empty">No matching functions.</div>
+                        }
+                    </div>
+                }
                 <div class="pi-field">
                     <label>Format</label>
                     <input type="text" value="@GetProp(PropFormat, string.Empty)"
                            placeholder="N2, C, P, etc."
                            @onchange="@(e => OnPropChanged(PropFormat, e.Value))" />
                 </div>
-                <div style="font-size: 10px; color: #999; margin-top: 4px;">
-                    Field: <code>=A * B + C</code><br/>
-                    Aggregate: <code>=SUM(Table.Field)</code>
+                <div class="pi-help-text">
+                    Examples: <code>=Nz(Quantity, 0) * Nz(UnitPrice, 0)</code><br/>
+                    <code>=DateDiff('d', OrderDate, Date())</code>
+                </div>
+            </div>
+        }
+
+        @if (_selected.ControlType == "commandButton")
+        {
+            <div class="pi-section">
+                <div class="pi-section-label">Command Button</div>
+                <div class="pi-field">
+                    <label>Text</label>
+                    <input type="text" value="@GetProp(PropText, string.Empty)"
+                           @onchange="@(e => OnPropChanged(PropText, e.Value))" />
+                </div>
+                <div class="pi-field">
+                    <label>Command</label>
+                    @if (RegisteredCommands.Count > 0)
+                    {
+                        <select value="@GetProp(PropCommandName, string.Empty)" @onchange="@(e => OnPropChanged(PropCommandName, e.Value?.ToString() ?? string.Empty))">
+                            <option value="">-- Select command --</option>
+                            @if (ShouldRenderMissingCommand(GetProp(PropCommandName, string.Empty)))
+                            {
+                                var missingCommand = GetProp(PropCommandName, string.Empty);
+                                <option value="@missingCommand">@($"{missingCommand} (missing)")</option>
+                            }
+                            @foreach (DbCommandDefinition command in RegisteredCommands)
+                            {
+                                <option value="@command.Name">@command.Name</option>
+                            }
+                        </select>
+                    }
+                    else
+                    {
+                        <input type="text" value="@GetProp(PropCommandName, string.Empty)"
+                               @onchange="@(e => OnPropChanged(PropCommandName, e.Value?.ToString() ?? string.Empty))" />
+                    }
+                </div>
+                <div class="pi-field">
+                    <label>Arguments</label>
+                    <textarea class="pi-textarea"
+                              value="@GetCommandArgumentsText()"
+                              placeholder="{&quot;reason&quot;:&quot;manual&quot;}"
+                              @onchange="@(e => OnCommandArgumentsChanged(e.Value?.ToString() ?? string.Empty))"></textarea>
+                    @if (!string.IsNullOrWhiteSpace(_commandArgumentError))
+                    {
+                        <div class="pi-field-error">@_commandArgumentError</div>
+                    }
+                </div>
+                <div class="pi-field">
+                    <label>Tab Order</label>
+                    <input type="number" value="@GetProp(PropTabIndex, string.Empty)" min="0"
+                           @onchange="@(e => OnPropChanged(PropTabIndex, ParseLong(e.Value)))" />
                 </div>
             </div>
         }
@@ -223,11 +550,18 @@
         @if (_selected.ControlType == "datagrid")
         {
             <div class="pi-section">
-                <div class="pi-section-label">Child Table</div>
+                <div class="pi-section-label">Data Grid</div>
+                <div class="pi-field">
+                    <label>Mode</label>
+                    <select value="@GetProp(PropDataGridMode, "related")" @onchange="OnDataGridModeChanged">
+                        <option value="standalone">Standalone table</option>
+                        <option value="related">Related child table</option>
+                    </select>
+                </div>
                 <div class="pi-field">
                     <label>Table</label>
                     <select value="@GetProp(PropChildTable, "")" @onchange="OnChildTableChanged">
-                        <option value="">-- Select child table --</option>
+                        <option value="">-- Select table --</option>
                         @if (_availableTables is not null)
                         {
                             @foreach (var t in _availableTables)
@@ -240,55 +574,58 @@
 
                 @if (_childTableDef is not null)
                 {
-                    var fks = _childTableDef.ForeignKeys
-                        .Where(fk => string.Equals(fk.ReferencedTable, State.TableName, StringComparison.OrdinalIgnoreCase))
-                        .ToList();
-
-                    @if (fks.Count > 0)
+                    if (!IsStandaloneDataGrid())
                     {
+                        var fks = _childTableDef.ForeignKeys
+                            .Where(fk => string.Equals(fk.ReferencedTable, State.TableName, StringComparison.OrdinalIgnoreCase))
+                            .ToList();
+
+                        @if (fks.Count > 0)
+                        {
+                            <div class="pi-field">
+                                <label>Foreign Key</label>
+                                <select value="@GetProp(PropForeignKeyName, "")" @onchange="OnForeignKeyChanged">
+                                    <option value="">-- Manual mapping --</option>
+                                    @foreach (var fk in fks)
+                                    {
+                                        var fkLabel = $"{fk.Name} ({string.Join(", ", fk.LocalFields)})";
+                                        <option value="@fk.Name">@fkLabel</option>
+                                    }
+                                </select>
+                            </div>
+                        }
+                        else
+                        {
+                            <div class="pi-field">
+                                <span style="color: #d32f2f; font-size: 11px;">No FK referencing @State.TableName. Use manual mapping below.</span>
+                            </div>
+                        }
+
                         <div class="pi-field">
-                            <label>Foreign Key</label>
-                            <select value="@GetProp(PropForeignKeyName, "")" @onchange="OnForeignKeyChanged">
-                                <option value="">-- Manual mapping --</option>
-                                @foreach (var fk in fks)
+                            <label>Child Field</label>
+                            <select value="@GetProp(PropForeignKeyField, "")" @onchange="OnManualChildFieldChanged">
+                                <option value="">-- Select child field --</option>
+                                @foreach (var field in _childTableDef.Fields)
                                 {
-                                    var fkLabel = $"{fk.Name} ({string.Join(", ", fk.LocalFields)})";
-                                    <option value="@fk.Name">@fkLabel</option>
+                                    <option value="@field.Name">@GetFieldOptionLabel(field)</option>
                                 }
                             </select>
                         </div>
-                    }
-                    else
-                    {
-                        <div class="pi-field">
-                            <span style="color: #d32f2f; font-size: 11px;">No FK referencing @State.TableName. Use manual mapping below.</span>
-                        </div>
-                    }
-
-                    <div class="pi-field">
-                        <label>Child Field</label>
-                        <select value="@GetProp(PropForeignKeyField, "")" @onchange="OnManualChildFieldChanged">
-                            <option value="">-- Select child field --</option>
-                            @foreach (var field in _childTableDef.Fields)
-                            {
-                                <option value="@field.Name">@GetFieldOptionLabel(field)</option>
-                            }
-                        </select>
-                    </div>
 
-                    <div class="pi-field">
-                        <label>Parent Field</label>
-                        <select value="@GetProp(PropParentKeyField, "")" @onchange="OnManualParentFieldChanged" disabled="@(_sourceTableDef is null)">
-                            <option value="">-- Select parent field --</option>
-                            @if (_sourceTableDef is not null)
-                            {
-                                @foreach (var field in _sourceTableDef.Fields)
+                        <div class="pi-field">
+                            <label>Parent Field</label>
+                            <select value="@GetProp(PropParentKeyField, "")" @onchange="OnManualParentFieldChanged" disabled="@(_sourceTableDef is null)">
+                                <option value="">-- Select parent field --</option>
+                                @if (_sourceTableDef is not null)
                                 {
-                                    <option value="@field.Name">@GetFieldOptionLabel(field)</option>
+                                    @foreach (var field in _sourceTableDef.Fields)
+                                    {
+                                        <option value="@field.Name">@GetFieldOptionLabel(field)</option>
+                                    }
                                 }
-                            }
-                        </select>
-                    </div>
+                            </select>
+                        </div>
+                    }
 
                     <div class="pi-field">
                         <label>Visible Columns</label>
@@ -335,62 +672,359 @@
             </div>
         }
 
-        <div class="pi-section">
-            <div class="pi-section-label">Arrange</div>
-            <div class="pi-field-row">
-                <button class="pi-btn" @onclick="@(() => State.BringToFront(_selected.ControlId))">Bring Front</button>
-                <button class="pi-btn" @onclick="@(() => State.SendToBack(_selected.ControlId))">Send Back</button>
-            </div>
-            <div class="pi-field-row">
-                <button class="pi-btn" @onclick="@(() => State.MoveUp(_selected.ControlId))">Move Up</button>
-                <button class="pi-btn" @onclick="@(() => State.MoveDown(_selected.ControlId))">Move Down</button>
+        @if (_selected.ControlType == "tabControl")
+        {
+            <div class="pi-section">
+                <div class="pi-section-label">Tab Pages</div>
+                <div class="pi-field">
+                    <label>Pages</label>
+                    <textarea class="pi-textarea"
+                              value="@GetTabPagesText()"
+                              placeholder="page1|Page 1"
+                              @onchange="@(e => OnTabPagesChanged(e.Value?.ToString() ?? string.Empty))"></textarea>
+                    @if (!string.IsNullOrWhiteSpace(_tabPagesError))
+                    {
+                        <div class="pi-field-error">@_tabPagesError</div>
+                    }
+                </div>
             </div>
-        </div>
+        }
 
-        @if (State.ActiveBreakpoint != "desktop")
+        @if (_selected.ControlType != "tabControl" && GetTabControls().Count > 0)
         {
             <div class="pi-section">
-                <div class="pi-section-label">Breakpoint: @State.ActiveBreakpoint</div>
+                <div class="pi-section-label">Tab Membership</div>
                 <div class="pi-field">
-                    <label>Visible at this breakpoint</label>
-                    <input type="checkbox"
-                           checked="@State.IsVisibleAtBreakpoint(_selected)"
-                           @onchange="@(e => OnVisibilityChanged(e))" />
+                    <label>Parent Tab Control</label>
+                    <select value="@GetProp(PropParentControlId, "")" @onchange="OnParentTabControlChanged">
+                        <option value="">Top level</option>
+                        @foreach (var tabControl in GetTabControls())
+                        {
+                            <option value="@tabControl.ControlId">@GetControlDisplayName(tabControl)</option>
+                        }
+                    </select>
                 </div>
+                @if (GetSelectedParentTabControl() is { } parentTabControl)
+                {
+                    <div class="pi-field">
+                        <label>Tab Page</label>
+                        <select value="@GetProp(PropParentTabId, "")" @onchange="@(e => OnPropChanged(PropParentTabId, e.Value))">
+                            <option value="">-- Select page --</option>
+                            @foreach (var tab in ReadTabPages(parentTabControl))
+                            {
+                                <option value="@tab.Id">@tab.Label</option>
+                            }
+                        </select>
+                    </div>
+                }
             </div>
         }
-    }
-</div>
-
-@code {
-    [CascadingParameter] public DesignerState State { get; set; } = default!;
 
-    private ControlDefinition? _selected;
+        @if (_selected.ControlType == "subform")
+        {
+            <div class="pi-section">
+                <div class="pi-section-label">Subform</div>
+                <div class="pi-field">
+                    <label>Form</label>
+                    <select value="@GetProp(PropFormId, "")" @onchange="@(e => OnPropChanged(PropFormId, e.Value))">
+                        <option value="">-- Select form --</option>
+                        @if (_availableForms is not null)
+                        {
+                            @foreach (var form in _availableForms)
+                            {
+                                <option value="@form.FormId">@($"{form.Name} ({form.TableName})")</option>
+                            }
+                        }
+                    </select>
+                </div>
+                <div class="pi-field">
+                    <label>Parent Key Field</label>
+                    @RenderFieldSelect(PropParentKeyField, _sourceTableDef, "-- Select parent field --")
+                </div>
+                <div class="pi-field">
+                    <label>Foreign Key Field</label>
+                    <input type="text" value="@GetProp(PropForeignKeyField, "")"
+                           @onchange="@(e => OnPropChanged(PropForeignKeyField, e.Value))" />
+                </div>
+                <div class="pi-field">
+                    <label>Show Toolbar</label>
+                    <input type="checkbox" checked="@GetBoolProp(PropShowToolbar)"
+                           @onchange="@(e => OnPropChanged(PropShowToolbar, e.Value))" />
+                </div>
+                <div class="pi-field">
+                    <label>Show Record List</label>
+                    <input type="checkbox" checked="@GetBoolProp(PropShowRecordList)"
+                           @onchange="@(e => OnPropChanged(PropShowRecordList, e.Value))" />
+                </div>
+            </div>
+        }
 
-    // Property name constants to avoid string literals in Razor attributes
-    private const string PropText = "text";
-    private const string PropPlaceholder = "placeholder";
-    private const string PropMaxLength = "maxLength";
-    private const string PropReadOnly = "readOnly";
-    private const string PropTabIndex = "tabIndex";
-    private const string PropChildTable = "childTable";
-    private const string PropForeignKeyName = "foreignKeyName";
-    private const string PropForeignKeyField = "foreignKeyField";
-    private const string PropParentKeyField = "parentKeyField";
-    private const string PropVisibleColumns = "visibleColumns";
-    private const string PropAllowAdd = "allowAdd";
-    private const string PropAllowEdit = "allowEdit";
-    private const string PropAllowDelete = "allowDelete";
-    private const string PropLookupTable = "lookupTable";
-    private const string PropDisplayField = "displayField";
-    private const string PropValueField = "valueField";
-    private const string PropFormula = "formula";
-    private const string PropFormat = "format";
+        @if (_selected.ControlType is "attachment" or "image")
+        {
+            <div class="pi-section">
+                <div class="pi-section-label">Attachment Storage</div>
+                <div class="pi-field">
+                    <label>Storage Mode</label>
+                    <select value="@GetProp(PropStorageMode, "blobField")" @onchange="@(e => OnPropChanged(PropStorageMode, e.Value))">
+                        <option value="blobField">BLOB Field</option>
+                        <option value="attachmentTable">Attachment Table</option>
+                    </select>
+                </div>
+                @if (IsAttachmentTableMode())
+                {
+                    <div class="pi-field">
+                        <label>Attachment Table</label>
+                        <select value="@GetProp(PropAttachmentTable, "")" @onchange="@(e => OnPropChanged(PropAttachmentTable, e.Value))">
+                            <option value="">-- Select table --</option>
+                            @if (_availableTables is not null)
+                            {
+                                @foreach (var tableName in _availableTables)
+                                {
+                                    <option value="@tableName">@tableName</option>
+                                }
+                            }
+                        </select>
+                    </div>
+                    <div class="pi-field">
+                        <label>Parent Key Field</label>
+                        @RenderFieldSelect(PropParentKeyField, _sourceTableDef, "-- Primary key --")
+                    </div>
+                    <div class="pi-field">
+                        <label>Attachment FK Field</label>
+                        <input type="text" value="@GetProp(PropAttachmentForeignKeyField, "")"
+                               @onchange="@(e => OnPropChanged(PropAttachmentForeignKeyField, e.Value))" />
+                    </div>
+                    <div class="pi-field">
+                        <label>Attachment BLOB Field</label>
+                        <input type="text" value="@GetProp(PropAttachmentBlobField, "")"
+                               @onchange="@(e => OnPropChanged(PropAttachmentBlobField, e.Value))" />
+                    </div>
+                    <div class="pi-field">
+                        <label>File Name Field</label>
+                        <input type="text" value="@GetProp(PropAttachmentFileNameField, "")"
+                               @onchange="@(e => OnPropChanged(PropAttachmentFileNameField, e.Value))" />
+                    </div>
+                    <div class="pi-field">
+                        <label>Content Type Field</label>
+                        <input type="text" value="@GetProp(PropAttachmentContentTypeField, "")"
+                               @onchange="@(e => OnPropChanged(PropAttachmentContentTypeField, e.Value))" />
+                    </div>
+                    <div class="pi-field">
+                        <label>File Size Field</label>
+                        <input type="text" value="@GetProp(PropAttachmentFileSizeField, "")"
+                               @onchange="@(e => OnPropChanged(PropAttachmentFileSizeField, e.Value))" />
+                    </div>
+                    <div class="pi-field">
+                        <label>Control ID Field</label>
+                        <input type="text" value="@GetProp(PropAttachmentControlIdField, "")"
+                               @onchange="@(e => OnPropChanged(PropAttachmentControlIdField, e.Value))" />
+                    </div>
+                }
+                else
+                {
+                <div class="pi-field">
+                    <label>File Name Field</label>
+                    @RenderFieldSelect(PropFileNameField, _sourceTableDef, "-- None --")
+                </div>
+                <div class="pi-field">
+                    <label>Content Type Field</label>
+                    @RenderFieldSelect(PropContentTypeField, _sourceTableDef, "-- None --")
+                </div>
+                <div class="pi-field">
+                    <label>File Size Field</label>
+                    @RenderFieldSelect(PropFileSizeField, _sourceTableDef, "-- None --")
+                </div>
+                }
+                <div class="pi-field">
+                    <label>Accept</label>
+                    <input type="text" value="@GetProp(PropAccept, _selected.ControlType == "image" ? "image/*" : "")"
+                           @onchange="@(e => OnPropChanged(PropAccept, e.Value))" />
+                </div>
+                <div class="pi-field">
+                    <label>Max Bytes</label>
+                    <input type="number" value="@GetProp(PropMaxFileBytes, "")" min="1"
+                           @onchange="@(e => OnPropChanged(PropMaxFileBytes, ParseLong(e.Value)))" />
+                </div>
+                @if (_selected.ControlType == "image")
+                {
+                    <div class="pi-field">
+                        <label>Alt Text</label>
+                        <input type="text" value="@GetProp(PropAlt, "")"
+                               @onchange="@(e => OnPropChanged(PropAlt, e.Value))" />
+                    </div>
+                    <div class="pi-field">
+                        <label>Fit</label>
+                        <select value="@GetProp(PropFit, "contain")" @onchange="@(e => OnPropChanged(PropFit, e.Value))">
+                            <option value="contain">Contain</option>
+                            <option value="cover">Cover</option>
+                            <option value="fill">Fill</option>
+                            <option value="scale-down">Scale Down</option>
+                        </select>
+                    </div>
+                }
+            </div>
+        }
+
+        @if (GetSelectedDescriptor() is { } registeredDescriptor &&
+             (registeredDescriptor.PropertyEditorComponentType is not null || registeredDescriptor.PropertyDescriptors.Count > 0))
+        {
+            <div class="pi-section">
+                <div class="pi-section-label">@registeredDescriptor.DisplayName Properties</div>
+                @if (registeredDescriptor.PropertyEditorComponentType is not null)
+                {
+                    <DynamicComponent Type="@registeredDescriptor.PropertyEditorComponentType"
+                                      Parameters="GetPropertyEditorParameters(registeredDescriptor)" />
+                }
+                @foreach (FormControlPropertyDescriptor property in registeredDescriptor.PropertyDescriptors)
+                {
+                    <div class="pi-field">
+                        <label>@property.Label</label>
+                        @switch (property.Editor)
+                        {
+                            case FormControlPropertyEditor.TextArea:
+                                <textarea class="pi-textarea"
+                                          value="@GetRegisteredPropertyValue(property)"
+                                          placeholder="@property.Placeholder"
+                                          @onchange="@(e => OnRegisteredPropertyChanged(property, e.Value))"></textarea>
+                                break;
+                            case FormControlPropertyEditor.Number:
+                                <input type="number"
+                                       value="@GetRegisteredPropertyValue(property)"
+                                       placeholder="@property.Placeholder"
+                                       @onchange="@(e => OnRegisteredPropertyChanged(property, e.Value))" />
+                                break;
+                            case FormControlPropertyEditor.Checkbox:
+                                <input type="checkbox"
+                                       checked="@GetRegisteredBoolPropertyValue(property)"
+                                       @onchange="@(e => OnRegisteredPropertyChanged(property, e.Value))" />
+                                break;
+                            case FormControlPropertyEditor.Select:
+                                <select value="@GetRegisteredPropertyValue(property)"
+                                        @onchange="@(e => OnRegisteredPropertyChanged(property, e.Value))">
+                                    @foreach (FormControlPropertyOption option in property.Options)
+                                    {
+                                        <option value="@option.Value">@option.Label</option>
+                                    }
+                                </select>
+                                break;
+                            default:
+                                <input type="text"
+                                       value="@GetRegisteredPropertyValue(property)"
+                                       placeholder="@property.Placeholder"
+                                       @onchange="@(e => OnRegisteredPropertyChanged(property, e.Value))" />
+                                break;
+                        }
+                        @if (!string.IsNullOrWhiteSpace(property.HelpText))
+                        {
+                            <div class="pi-help-text">@property.HelpText</div>
+                        }
+                    </div>
+                }
+            </div>
+        }
+
+        <div class="pi-section">
+            <div class="pi-section-label">Arrange</div>
+            <div class="pi-field-row">
+                <button class="pi-btn" @onclick="@(() => State.BringToFront(_selected.ControlId))">Bring Front</button>
+                <button class="pi-btn" @onclick="@(() => State.SendToBack(_selected.ControlId))">Send Back</button>
+            </div>
+            <div class="pi-field-row">
+                <button class="pi-btn" @onclick="@(() => State.MoveUp(_selected.ControlId))">Move Up</button>
+                <button class="pi-btn" @onclick="@(() => State.MoveDown(_selected.ControlId))">Move Down</button>
+            </div>
+        </div>
+
+        @if (State.ActiveBreakpoint != "desktop")
+        {
+            <div class="pi-section">
+                <div class="pi-section-label">Breakpoint: @State.ActiveBreakpoint</div>
+                <div class="pi-field">
+                    <label>Visible at this breakpoint</label>
+                    <input type="checkbox"
+                           checked="@State.IsVisibleAtBreakpoint(_selected)"
+                           @onchange="@(e => OnVisibilityChanged(e))" />
+                </div>
+            </div>
+        }
+    }
+</div>
+
+@code {
+    [CascadingParameter] public DesignerState State { get; set; } = default!;
+    [Inject] public IFormControlRegistry ControlRegistry { get; set; } = DefaultFormControlRegistry.Instance;
+
+    private ControlDefinition? _selected;
+
+    // Property name constants to avoid string literals in Razor attributes
+    private const string PropText = "text";
+    private const string PropPlaceholder = "placeholder";
+    private const string PropMaxLength = "maxLength";
+    private const string PropReadOnly = "readOnly";
+    private const string PropTabIndex = "tabIndex";
+    private const string PropAnchorLeft = "anchorLeft";
+    private const string PropAnchorTop = "anchorTop";
+    private const string PropAnchorRight = "anchorRight";
+    private const string PropAnchorBottom = "anchorBottom";
+    private const string PropMinWidth = "minWidth";
+    private const string PropMinHeight = "minHeight";
+    private const string PropResizeMode = "resizeMode";
+    private const string PropDataGridMode = "dataGridMode";
+    private const string PropChildTable = "childTable";
+    private const string PropForeignKeyName = "foreignKeyName";
+    private const string PropForeignKeyField = "foreignKeyField";
+    private const string PropParentKeyField = "parentKeyField";
+    private const string PropVisibleColumns = "visibleColumns";
+    private const string PropAllowAdd = "allowAdd";
+    private const string PropAllowEdit = "allowEdit";
+    private const string PropAllowDelete = "allowDelete";
+    private const string PropLookupTable = "lookupTable";
+    private const string PropDisplayField = "displayField";
+    private const string PropValueField = "valueField";
+    private const string PropDisplayFields = "displayFields";
+    private const string PropRowLimit = "rowLimit";
+    private const string PropOptions = "options";
+    private const string PropAllowCustomValue = "allowCustomValue";
+    private const string PropVisibleRows = "visibleRows";
+    private const string PropMultiSelect = "multiSelect";
+    private const string PropMultiValueDelimiter = "multiValueDelimiter";
+    private const string PropOrientation = "orientation";
+    private const string PropButtonStyle = "buttonStyle";
+    private const string PropTrueValue = "trueValue";
+    private const string PropFalseValue = "falseValue";
+    private const string PropTabs = "tabs";
+    private const string PropParentControlId = "parentControlId";
+    private const string PropParentTabId = "parentTabId";
+    private const string PropFormId = "formId";
+    private const string PropShowToolbar = "showToolbar";
+    private const string PropShowRecordList = "showRecordList";
+    private const string PropFileNameField = "fileNameField";
+    private const string PropContentTypeField = "contentTypeField";
+    private const string PropFileSizeField = "fileSizeField";
+    private const string PropStorageMode = "storageMode";
+    private const string PropAttachmentTable = "attachmentTable";
+    private const string PropAttachmentForeignKeyField = "attachmentForeignKeyField";
+    private const string PropAttachmentBlobField = "attachmentBlobField";
+    private const string PropAttachmentFileNameField = "attachmentFileNameField";
+    private const string PropAttachmentContentTypeField = "attachmentContentTypeField";
+    private const string PropAttachmentFileSizeField = "attachmentFileSizeField";
+    private const string PropAttachmentControlIdField = "attachmentControlIdField";
+    private const string PropAccept = "accept";
+    private const string PropMaxFileBytes = "maxFileBytes";
+    private const string PropAlt = "alt";
+    private const string PropFit = "fit";
+    private const string PropFormula = "formula";
+    private const string PropFormat = "format";
+    private const string PropCommandName = "commandName";
+    private const string PropCommandArguments = "commandArguments";
 
     private enum RectPart { X, Y, W, H }
 
+    private sealed record FormulaFunctionGroup(string Category, IReadOnlyList<FormulaFunctionDescriptor> Functions);
+
     // DataGrid configuration state
     private IReadOnlyList<string>? _availableTables;
+    private IReadOnlyList<FormDefinition>? _availableForms;
     private string? _loadedSourceTableName;
     private FormTableDefinition? _sourceTableDef;
     private FormTableDefinition? _childTableDef;
@@ -400,11 +1034,26 @@
 
     // ChildTabs configuration state
     private List<ChildTabConfig> _currentTabs = [];
+    private string? _loadedCommandArgumentControlId;
+    private string _commandArgumentText = string.Empty;
+    private string? _commandArgumentError;
+    private string? _loadedOptionsControlId;
+    private string _optionsText = string.Empty;
+    private string? _optionsError;
+    private string? _loadedTabPagesControlId;
+    private string _tabPagesText = string.Empty;
+    private string? _tabPagesError;
+    private bool _showFormulaHelper;
+    private string _formulaFunctionQuery = string.Empty;
+    private string _formulaFunctionCategory = string.Empty;
+
+    private IReadOnlyList<DbCommandDefinition> RegisteredCommands => CommandRegistry.Commands.ToList();
 
     protected override async Task OnInitializedAsync()
     {
         State.OnChange += OnStateChanged;
         _availableTables = await SchemaProvider.ListTableNamesAsync();
+        _availableForms = await FormRepository.ListAsync();
         await RefreshSourceTableDefinitionAsync();
     }
 
@@ -439,8 +1088,8 @@
             await InvokeAsync(StateHasChanged);
         }
 
-        // Load lookup table def when a lookup control is selected
-        if (_selected?.ControlType == "lookup" && _selected != prev)
+        // Load lookup table def when a lookup-backed choice control is selected
+        if (_selected != prev && IsLookupChoiceControl(_selected?.ControlType))
         {
             var lookupTable = GetProp(PropLookupTable, "");
             if (!string.IsNullOrEmpty(lookupTable))
@@ -460,9 +1109,37 @@
         if (_selected?.ControlType != "childtabs")
             _currentTabs = [];
 
-        if (_selected?.ControlType != "lookup")
+        if (_selected?.ControlType is not ("lookup" or "comboBox" or "listBox" or "optionGroup"))
             _lookupTableDef = null;
 
+        if (_selected?.ControlType != "commandButton")
+        {
+            _loadedCommandArgumentControlId = null;
+            _commandArgumentText = string.Empty;
+            _commandArgumentError = null;
+        }
+
+        if (_selected?.ControlType is not ("select" or "comboBox" or "listBox" or "optionGroup"))
+        {
+            _loadedOptionsControlId = null;
+            _optionsText = string.Empty;
+            _optionsError = null;
+        }
+
+        if (_selected?.ControlType != "tabControl")
+        {
+            _loadedTabPagesControlId = null;
+            _tabPagesText = string.Empty;
+            _tabPagesError = null;
+        }
+
+        if (_selected?.ControlType != "computed")
+        {
+            _showFormulaHelper = false;
+            _formulaFunctionQuery = string.Empty;
+            _formulaFunctionCategory = string.Empty;
+        }
+
         await InvokeAsync(StateHasChanged);
     }
 
@@ -475,21 +1152,288 @@
 
     private bool GetBoolProp(string key)
     {
-        if (_selected?.Props.Values.TryGetValue(key, out var val) == true && val is bool b)
-            return b;
+        if (_selected?.Props.Values.TryGetValue(key, out var val) == true)
+            return ReadBool(val, false);
         return false;
     }
 
+    private FormControlDescriptor? GetSelectedDescriptor()
+        => _selected is not null && ControlRegistry.TryGetControl(_selected.ControlType, out FormControlDescriptor descriptor)
+            ? descriptor
+            : null;
+
+    private IReadOnlyList<FormControlDescriptor> GetTypeDropdownControls()
+        => ControlRegistry.Controls;
+
+    private bool IsRegisteredControlType(string controlType)
+        => ControlRegistry.TryGetControl(controlType, out _);
+
+    private bool IsTabOrderControl(ControlDefinition control)
+        => ControlRegistry.TryGetControl(control.ControlType, out FormControlDescriptor descriptor)
+            ? descriptor.ParticipatesInTabOrder
+            : control.ControlType is not ("label" or "datagrid" or "childtabs" or "tabControl" or "subform");
+
+    private string GetRegisteredPropertyValue(FormControlPropertyDescriptor property)
+    {
+        if (_selected?.Props.Values.TryGetValue(property.Name, out object? value) == true && value is not null)
+            return value.ToString() ?? string.Empty;
+
+        return property.DefaultValue?.ToString() ?? string.Empty;
+    }
+
+    private bool GetRegisteredBoolPropertyValue(FormControlPropertyDescriptor property)
+    {
+        if (_selected?.Props.Values.TryGetValue(property.Name, out object? value) == true)
+            return ReadBool(value, ReadBool(property.DefaultValue, false));
+
+        return ReadBool(property.DefaultValue, false);
+    }
+
+    private void OnRegisteredPropertyChanged(FormControlPropertyDescriptor property, object? rawValue)
+    {
+        object? value = property.Editor switch
+        {
+            FormControlPropertyEditor.Checkbox => rawValue is bool b && b,
+            FormControlPropertyEditor.Number => ParseScalar(rawValue),
+            _ => rawValue?.ToString(),
+        };
+
+        OnPropChanged(property.Name, value);
+    }
+
+    private Dictionary<string, object?> GetPropertyEditorParameters(FormControlDescriptor descriptor)
+        => new()
+        {
+            ["Context"] = new FormControlPropertyContext(
+                _selected!,
+                descriptor,
+                _sourceTableDef,
+                _availableTables,
+                _availableForms,
+                (key, value) =>
+                {
+                    OnPropChanged(key, value);
+                    return Task.CompletedTask;
+                }),
+        };
+
+    private bool IsAttachmentTableMode()
+        => string.Equals(GetProp(PropStorageMode, "blobField"), "attachmentTable", StringComparison.OrdinalIgnoreCase);
+
+    private bool GetAnchorProp(string key, bool fallback)
+    {
+        if (_selected?.Props.Values.TryGetValue(key, out var val) == true)
+            return ReadBool(val, fallback);
+        return fallback;
+    }
+
     private void OnPropChanged(string key, object? value)
     {
         if (_selected is null) return;
         State.UpdateControlProp(_selected.ControlId, key, value);
     }
 
+    private void ToggleFormulaHelper()
+    {
+        _showFormulaHelper = !_showFormulaHelper;
+    }
+
+    private void OnFormulaCategoryChanged(ChangeEventArgs e)
+    {
+        _formulaFunctionCategory = e.Value?.ToString() ?? string.Empty;
+    }
+
+    private void OnFormulaQueryChanged(ChangeEventArgs e)
+    {
+        _formulaFunctionQuery = e.Value?.ToString() ?? string.Empty;
+    }
+
+    private IReadOnlyList<FormulaFunctionGroup> GetFormulaFunctionGroups()
+    {
+        IEnumerable<FormulaFunctionDescriptor> functions = FormulaFunctionCatalog.AllFunctions;
+        if (!string.IsNullOrWhiteSpace(_formulaFunctionCategory))
+        {
+            functions = functions.Where(function =>
+                string.Equals(function.Category, _formulaFunctionCategory, StringComparison.OrdinalIgnoreCase));
+        }
+
+        if (!string.IsNullOrWhiteSpace(_formulaFunctionQuery))
+        {
+            string query = _formulaFunctionQuery.Trim();
+            functions = functions.Where(function => FormulaFunctionMatches(function, query));
+        }
+
+        return functions
+            .GroupBy(static function => function.Category, StringComparer.OrdinalIgnoreCase)
+            .Select(static group => new FormulaFunctionGroup(group.Key, group.ToArray()))
+            .ToArray();
+    }
+
+    private static bool FormulaFunctionMatches(FormulaFunctionDescriptor function, string query)
+        => function.Name.Contains(query, StringComparison.OrdinalIgnoreCase)
+           || function.Signature.Contains(query, StringComparison.OrdinalIgnoreCase)
+           || function.Description.Contains(query, StringComparison.OrdinalIgnoreCase)
+           || function.Example.Contains(query, StringComparison.OrdinalIgnoreCase);
+
+    private void InsertFormulaFunction(FormulaFunctionDescriptor function)
+    {
+        AppendFormulaText(function.InsertText);
+    }
+
+    private void UseFormulaExample(FormulaFunctionDescriptor function)
+    {
+        OnPropChanged(PropFormula, function.Example);
+    }
+
+    private void InsertFormulaField(string fieldName)
+    {
+        if (string.IsNullOrWhiteSpace(fieldName))
+            return;
+
+        AppendFormulaText($"[{fieldName}]");
+    }
+
+    private void AppendFormulaText(string text)
+    {
+        if (_selected is null || string.IsNullOrWhiteSpace(text))
+            return;
+
+        string current = GetProp(PropFormula, string.Empty).TrimEnd();
+        string updated = current switch
+        {
+            "" => $"={text}",
+            "=" => $"={text}",
+            _ when current.StartsWith('=') => $"{current} {text}",
+            _ => $"={current} {text}",
+        };
+
+        OnPropChanged(PropFormula, updated);
+    }
+
+    private string GetAnchorPreset()
+    {
+        var anchors = GetCurrentAnchors();
+
+        return anchors switch
+        {
+            (true, true, false, false) => "topLeft",
+            (false, true, true, false) => "topRight",
+            (true, false, false, true) => "bottomLeft",
+            (false, false, true, true) => "bottomRight",
+            (true, true, true, false) => "stretchAcross",
+            (true, true, false, true) => "stretchDown",
+            (true, true, true, true) => "stretchBoth",
+            _ => "custom",
+        };
+    }
+
+    private void OnAnchorPresetChanged(ChangeEventArgs e)
+    {
+        if (_selected is null) return;
+
+        string preset = e.Value?.ToString() ?? string.Empty;
+        if (preset == "custom")
+            return;
+
+        var anchors = preset switch
+        {
+            "topLeft" => (Left: true, Top: true, Right: false, Bottom: false),
+            "topRight" => (Left: false, Top: true, Right: true, Bottom: false),
+            "bottomLeft" => (Left: true, Top: false, Right: false, Bottom: true),
+            "bottomRight" => (Left: false, Top: false, Right: true, Bottom: true),
+            "stretchAcross" => (Left: true, Top: true, Right: true, Bottom: false),
+            "stretchDown" => (Left: true, Top: true, Right: false, Bottom: true),
+            "stretchBoth" => (Left: true, Top: true, Right: true, Bottom: true),
+            _ => GetCurrentAnchors(),
+        };
+
+        UpdateAnchorProps(anchors);
+    }
+
+    private void OnAnchorChanged(string key, object? value)
+    {
+        if (_selected is null) return;
+
+        var anchors = GetCurrentAnchors();
+        bool left = anchors.Left;
+        bool top = anchors.Top;
+        bool right = anchors.Right;
+        bool bottom = anchors.Bottom;
+        bool isChecked = value is bool b && b;
+
+        switch (key)
+        {
+            case PropAnchorLeft:
+                left = isChecked;
+                break;
+            case PropAnchorTop:
+                top = isChecked;
+                break;
+            case PropAnchorRight:
+                right = isChecked;
+                break;
+            case PropAnchorBottom:
+                bottom = isChecked;
+                break;
+        }
+
+        if (!left && !right)
+        {
+            if (key == PropAnchorLeft)
+                right = true;
+            else
+                left = true;
+        }
+
+        if (!top && !bottom)
+        {
+            if (key == PropAnchorTop)
+                bottom = true;
+            else
+                top = true;
+        }
+
+        UpdateAnchorProps((left, top, right, bottom));
+    }
+
+    private (bool Left, bool Top, bool Right, bool Bottom) GetCurrentAnchors()
+        => (
+            GetAnchorProp(PropAnchorLeft, true),
+            GetAnchorProp(PropAnchorTop, true),
+            GetAnchorProp(PropAnchorRight, false),
+            GetAnchorProp(PropAnchorBottom, false));
+
+    private void UpdateAnchorProps((bool Left, bool Top, bool Right, bool Bottom) anchors)
+    {
+        if (_selected is null) return;
+
+        State.UpdateControlProps(
+            _selected.ControlId,
+            new Dictionary<string, object?>
+            {
+                [PropAnchorLeft] = anchors.Left,
+                [PropAnchorTop] = anchors.Top,
+                [PropAnchorRight] = anchors.Right,
+                [PropAnchorBottom] = anchors.Bottom,
+            });
+    }
+
+    private void OnFormNameChanged(ChangeEventArgs e)
+    {
+        State.SetFormName(e.Value?.ToString());
+    }
+
     private void OnTypeChanged(ChangeEventArgs e)
     {
         if (_selected is null || e.Value is not string newType) return;
         State.UpdateControlType(_selected.ControlId, newType);
+        if (ControlRegistry.TryGetControl(newType, out FormControlDescriptor descriptor))
+        {
+            if (!descriptor.SupportsBinding && _selected.Binding is not null)
+                State.UpdateControlBinding(_selected.ControlId, null);
+            else if (descriptor.SupportsBinding && _selected.Binding is null)
+                State.UpdateControlBinding(_selected.ControlId, new BindingDefinition("", "TwoWay"));
+        }
     }
 
     private void OnRectChanged(ChangeEventArgs e, RectPart part)
@@ -540,8 +1484,61 @@
         return long.TryParse(s, out var l) ? l : null;
     }
 
+    private static object? ParseNonNegativeDouble(object? value)
+    {
+        if (value is null) return null;
+        var s = value.ToString();
+        if (string.IsNullOrWhiteSpace(s)) return null;
+        return double.TryParse(s, NumberStyles.Float, CultureInfo.InvariantCulture, out double parsed)
+            ? Math.Max(0, parsed)
+            : null;
+    }
+
+    private static bool ReadBool(object? value, bool fallback)
+    {
+        return value switch
+        {
+            bool b => b,
+            JsonElement json when json.ValueKind == JsonValueKind.True => true,
+            JsonElement json when json.ValueKind == JsonValueKind.False => false,
+            JsonElement json when json.ValueKind == JsonValueKind.String && bool.TryParse(json.GetString(), out bool parsed) => parsed,
+            _ when bool.TryParse(value?.ToString(), out bool parsed) => parsed,
+            _ => fallback,
+        };
+    }
+
     // ===== DataGrid Configuration Methods =====
 
+    private async Task OnDataGridModeChanged(ChangeEventArgs e)
+    {
+        if (_selected is null || e.Value is not string mode)
+            return;
+
+        mode = string.Equals(mode, "standalone", StringComparison.OrdinalIgnoreCase)
+            ? "standalone"
+            : "related";
+        OnPropChanged(PropDataGridMode, mode);
+
+        if (string.Equals(mode, "standalone", StringComparison.OrdinalIgnoreCase))
+        {
+            OnPropChanged(PropForeignKeyField, "");
+            OnPropChanged(PropParentKeyField, "");
+            OnPropChanged(PropForeignKeyName, "");
+            return;
+        }
+
+        if (_childTableDef is not null)
+        {
+            var matchingFks = _childTableDef.ForeignKeys
+                .Where(fk => string.Equals(fk.ReferencedTable, State.TableName, StringComparison.OrdinalIgnoreCase))
+                .ToList();
+            if (matchingFks.Count == 1)
+                AutoSelectForeignKey(matchingFks[0]);
+        }
+
+        await Task.CompletedTask;
+    }
+
     private async Task OnChildTableChanged(ChangeEventArgs e)
     {
         if (_selected is null || e.Value is not string tableName) return;
@@ -558,18 +1555,21 @@
 
             if (_childTableDef is not null)
             {
-                // Auto-select FK if exactly one references the parent table
-                var matchingFks = _childTableDef.ForeignKeys
-                    .Where(fk => string.Equals(fk.ReferencedTable, State.TableName, StringComparison.OrdinalIgnoreCase))
-                    .ToList();
-                if (matchingFks.Count == 1)
+                if (!IsStandaloneDataGrid())
                 {
-                    AutoSelectForeignKey(matchingFks[0]);
+                    // Auto-select FK if exactly one references the parent table
+                    var matchingFks = _childTableDef.ForeignKeys
+                        .Where(fk => string.Equals(fk.ReferencedTable, State.TableName, StringComparison.OrdinalIgnoreCase))
+                        .ToList();
+                    if (matchingFks.Count == 1)
+                    {
+                        AutoSelectForeignKey(matchingFks[0]);
+                    }
                 }
 
-                // Auto-select all non-PK columns as visible
+                // Related grids keep PKs hidden by default; standalone grids show the mapped table as-is.
                 var allCols = _childTableDef.Fields
-                    .Where(f => !_childTableDef.PrimaryKey.Contains(f.Name))
+                    .Where(f => IsStandaloneDataGrid() || !_childTableDef.PrimaryKey.Contains(f.Name))
                     .Select(f => (object?)f.Name)
                     .ToArray();
                 OnPropChanged(PropVisibleColumns, allCols);
@@ -674,6 +1674,247 @@
         }
     }
 
+    private string GetOptionsText()
+    {
+        if (_selected is null)
+            return string.Empty;
+
+        if (string.Equals(_loadedOptionsControlId, _selected.ControlId, StringComparison.Ordinal))
+            return _optionsText;
+
+        _loadedOptionsControlId = _selected.ControlId;
+        _optionsError = null;
+        IReadOnlyList<EnumChoice> options = _selected.Props.Values.TryGetValue(PropOptions, out object? value)
+            ? FormChoiceResolver.ReadOptions(value)
+            : [];
+        _optionsText = string.Join(Environment.NewLine, options.Select(option => $"{option.Value}|{option.Label}"));
+        return _optionsText;
+    }
+
+    private void OnOptionsChanged(string text)
+    {
+        _optionsText = text;
+        _optionsError = null;
+
+        if (string.IsNullOrWhiteSpace(text))
+        {
+            OnPropChanged(PropOptions, Array.Empty<object?>());
+            return;
+        }
+
+        var options = new List<object?>();
+        foreach (string line in text.Split(["\r\n", "\n"], StringSplitOptions.None))
+        {
+            if (string.IsNullOrWhiteSpace(line))
+                continue;
+
+            string[] parts = line.Split('|', 2);
+            string value = parts[0].Trim();
+            if (string.IsNullOrWhiteSpace(value))
+            {
+                _optionsError = "Each option needs a value before the pipe.";
+                return;
+            }
+
+            string label = parts.Length > 1 && !string.IsNullOrWhiteSpace(parts[1])
+                ? parts[1].Trim()
+                : value;
+            options.Add(new Dictionary<string, object?>
+            {
+                ["value"] = value,
+                ["label"] = label,
+            });
+        }
+
+        OnPropChanged(PropOptions, options.ToArray());
+    }
+
+    private string GetDisplayFieldsText()
+    {
+        if (_selected?.Props.Values.TryGetValue(PropDisplayFields, out object? value) == true)
+            return string.Join(", ", FormChoiceResolver.ReadStringList(value));
+
+        return string.Empty;
+    }
+
+    private void OnDisplayFieldsChanged(string text)
+    {
+        object?[] fields = text
+            .Split(',', StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries)
+            .Select(field => (object?)field)
+            .ToArray();
+        OnPropChanged(PropDisplayFields, fields);
+    }
+
+    private static object? ParseScalar(object? value)
+    {
+        string text = value?.ToString()?.Trim() ?? string.Empty;
+        if (text.Length == 0)
+            return null;
+
+        if (bool.TryParse(text, out bool boolValue))
+            return boolValue;
+        if (long.TryParse(text, out long longValue))
+            return longValue;
+        if (double.TryParse(text, out double doubleValue))
+            return doubleValue;
+
+        return text;
+    }
+
+    private string GetTabPagesText()
+    {
+        if (_selected is null)
+            return string.Empty;
+
+        if (string.Equals(_loadedTabPagesControlId, _selected.ControlId, StringComparison.Ordinal))
+            return _tabPagesText;
+
+        _loadedTabPagesControlId = _selected.ControlId;
+        _tabPagesError = null;
+        _tabPagesText = string.Join(Environment.NewLine, ReadTabPages(_selected).Select(tab => $"{tab.Id}|{tab.Label}"));
+        return _tabPagesText;
+    }
+
+    private void OnTabPagesChanged(string text)
+    {
+        _tabPagesText = text;
+        _tabPagesError = null;
+
+        var tabs = new List<object?>();
+        foreach (string line in text.Split(["\r\n", "\n"], StringSplitOptions.None))
+        {
+            if (string.IsNullOrWhiteSpace(line))
+                continue;
+
+            string[] parts = line.Split('|', 2);
+            string id = parts[0].Trim();
+            if (string.IsNullOrWhiteSpace(id))
+            {
+                _tabPagesError = "Each tab page needs an id before the pipe.";
+                return;
+            }
+
+            string label = parts.Length > 1 && !string.IsNullOrWhiteSpace(parts[1])
+                ? parts[1].Trim()
+                : id;
+            tabs.Add(new Dictionary<string, object?>
+            {
+                ["id"] = id,
+                ["label"] = label,
+            });
+        }
+
+        OnPropChanged(PropTabs, tabs.ToArray());
+    }
+
+    private IReadOnlyList<(string Id, string Label)> ReadTabPages(ControlDefinition control)
+    {
+        if (!control.Props.Values.TryGetValue(PropTabs, out object? value) || value is null)
+            return [];
+
+        if (value is JsonElement json && json.ValueKind == JsonValueKind.Array)
+        {
+            return json.EnumerateArray()
+                .Select(element => ReadTabPage(element))
+                .Where(tab => tab is not null)
+                .Select(tab => tab!.Value)
+                .ToArray();
+        }
+
+        if (value is IEnumerable<object?> items)
+        {
+            return items
+                .Select(item => ReadTabPage(item))
+                .Where(tab => tab is not null)
+                .Select(tab => tab!.Value)
+                .ToArray();
+        }
+
+        return [];
+    }
+
+    private static (string Id, string Label)? ReadTabPage(object? value)
+    {
+        if (value is JsonElement json)
+        {
+            if (json.ValueKind != JsonValueKind.Object)
+                return null;
+
+            string id = json.TryGetProperty("id", out JsonElement idValue) ? idValue.ToString() : string.Empty;
+            string label = json.TryGetProperty("label", out JsonElement labelValue) ? labelValue.ToString() : id;
+            return string.IsNullOrWhiteSpace(id) ? null : (id, string.IsNullOrWhiteSpace(label) ? id : label);
+        }
+
+        if (value is IReadOnlyDictionary<string, object?> readOnly)
+            return ReadTabPage(readOnly);
+
+        if (value is IDictionary<string, object?> dictionary)
+            return ReadTabPage(dictionary);
+
+        return null;
+    }
+
+    private static (string Id, string Label)? ReadTabPage(IReadOnlyDictionary<string, object?> dictionary)
+    {
+        string id = dictionary.TryGetValue("id", out object? idValue) ? idValue?.ToString() ?? string.Empty : string.Empty;
+        if (string.IsNullOrWhiteSpace(id))
+            return null;
+
+        string label = dictionary.TryGetValue("label", out object? labelValue) ? labelValue?.ToString() ?? id : id;
+        return (id, string.IsNullOrWhiteSpace(label) ? id : label);
+    }
+
+    private List<ControlDefinition> GetTabControls()
+        => State.Controls
+            .Where(control => control.ControlType == "tabControl" && !string.Equals(control.ControlId, _selected?.ControlId, StringComparison.Ordinal))
+            .ToList();
+
+    private ControlDefinition? GetSelectedParentTabControl()
+    {
+        string parentControlId = GetProp(PropParentControlId, string.Empty);
+        return string.IsNullOrWhiteSpace(parentControlId)
+            ? null
+            : State.Controls.FirstOrDefault(control => string.Equals(control.ControlId, parentControlId, StringComparison.Ordinal));
+    }
+
+    private void OnParentTabControlChanged(ChangeEventArgs e)
+    {
+        if (_selected is null)
+            return;
+
+        string parentControlId = e.Value?.ToString() ?? string.Empty;
+        OnPropChanged(PropParentControlId, parentControlId);
+        if (string.IsNullOrWhiteSpace(parentControlId))
+        {
+            OnPropChanged(PropParentTabId, string.Empty);
+            return;
+        }
+
+        ControlDefinition? parent = State.Controls.FirstOrDefault(control => string.Equals(control.ControlId, parentControlId, StringComparison.Ordinal));
+        string firstTabId = parent is null ? string.Empty : ReadTabPages(parent).FirstOrDefault().Id ?? string.Empty;
+        OnPropChanged(PropParentTabId, firstTabId);
+    }
+
+    private static string GetControlDisplayName(ControlDefinition control)
+        => control.Props.Values.TryGetValue(PropText, out object? text) && !string.IsNullOrWhiteSpace(text?.ToString())
+            ? $"{text} ({control.ControlId[..Math.Min(8, control.ControlId.Length)]})"
+            : $"{control.ControlType} ({control.ControlId[..Math.Min(8, control.ControlId.Length)]})";
+
+    private RenderFragment RenderFieldSelect(string propName, FormTableDefinition? table, string emptyText) => @<select value="@GetProp(propName, "")" @onchange="@(e => OnPropChanged(propName, e.Value))">
+        <option value="">@emptyText</option>
+        @if (table is not null)
+        {
+            @foreach (var field in table.Fields)
+            {
+                <option value="@field.Name">@GetFieldOptionLabel(field)</option>
+            }
+        }
+    </select>;
+
+    private static bool IsLookupChoiceControl(string? controlType)
+        => controlType is "lookup" or "comboBox" or "listBox" or "optionGroup";
+
     // ===== ChildTabs Configuration Methods =====
 
     private void OnTabsChanged(List<ChildTabConfig> tabs)
@@ -682,6 +1923,105 @@
         OnPropChanged("tabs", ChildTabConfigMapper.ToPropertyBag(tabs));
     }
 
+    private string GetCommandArgumentsText()
+    {
+        if (_selected is null)
+            return string.Empty;
+
+        if (string.Equals(_loadedCommandArgumentControlId, _selected.ControlId, StringComparison.Ordinal))
+            return _commandArgumentText;
+
+        _loadedCommandArgumentControlId = _selected.ControlId;
+        _commandArgumentError = null;
+        _commandArgumentText = _selected.Props.Values.TryGetValue(PropCommandArguments, out object? value)
+            ? FormatArguments(FormCommandInvocation.ReadArgumentsProperty(value))
+            : string.Empty;
+        return _commandArgumentText;
+    }
+
+    private void OnCommandArgumentsChanged(string text)
+    {
+        _commandArgumentText = text;
+        _commandArgumentError = null;
+
+        if (string.IsNullOrWhiteSpace(text))
+        {
+            OnPropChanged(PropCommandArguments, null);
+            return;
+        }
+
+        try
+        {
+            IReadOnlyDictionary<string, object?>? arguments =
+                JsonSerializer.Deserialize<IReadOnlyDictionary<string, object?>>(text, JsonDefaults.Options);
+            OnPropChanged(PropCommandArguments, arguments);
+        }
+        catch (JsonException ex)
+        {
+            _commandArgumentError = $"Invalid arguments JSON: {ex.Message}";
+        }
+    }
+
+    private bool IsStandaloneDataGrid()
+        => string.Equals(GetProp(PropDataGridMode, "related"), "standalone", StringComparison.OrdinalIgnoreCase);
+
+    private bool ShouldRenderMissingCommand(string commandName)
+        => !string.IsNullOrWhiteSpace(commandName)
+            && RegisteredCommands.All(command => !string.Equals(command.Name, commandName, StringComparison.OrdinalIgnoreCase));
+
+    private static string FormatArguments(IReadOnlyDictionary<string, object?>? arguments)
+        => arguments is null || arguments.Count == 0
+            ? string.Empty
+            : JsonSerializer.Serialize(arguments, new JsonSerializerOptions(JsonDefaults.Options) { WriteIndented = true });
+
+    private Task OnEventBindingsChanged(IReadOnlyList<FormEventBinding> bindings)
+    {
+        State.UpdateEventBindings(bindings);
+        return Task.CompletedTask;
+    }
+
+    private Task OnActionSequencesChanged(IReadOnlyList<DbActionSequence> sequences)
+    {
+        State.UpdateActionSequences(sequences);
+        return Task.CompletedTask;
+    }
+
+    private Task OnRulesChanged(IReadOnlyList<ControlRuleDefinition> rules)
+    {
+        State.UpdateRules(rules);
+        return Task.CompletedTask;
+    }
+
+    private Task OnFormValidationRulesChanged(IReadOnlyList<ValidationRule> rules)
+    {
+        State.UpdateValidationRules(rules);
+        return Task.CompletedTask;
+    }
+
+    private Task OnControlValidationRulesChanged(IReadOnlyList<ValidationRule> rules)
+    {
+        if (_selected is null)
+            return Task.CompletedTask;
+
+        ValidationOverride? existing = _selected.ValidationOverride;
+        bool disableInferredRules = existing?.DisableInferredRules ?? false;
+        IReadOnlyList<string> disableRuleIds = existing?.DisableRuleIds ?? [];
+        ValidationOverride? updated = rules.Count == 0 && !disableInferredRules && disableRuleIds.Count == 0
+            ? null
+            : new ValidationOverride(disableInferredRules, rules.ToList(), disableRuleIds);
+
+        State.UpdateControlValidationOverride(_selected.ControlId, updated);
+        return Task.CompletedTask;
+    }
+
+    private Task OnControlEventBindingsChanged(IReadOnlyList<ControlEventBinding> bindings)
+    {
+        if (_selected is not null)
+            State.UpdateControlEventBindings(_selected.ControlId, bindings);
+
+        return Task.CompletedTask;
+    }
+
     private async Task<FormTableDefinition?> LoadTableDefinitionAsync(string? tableName)
     {
         if (string.IsNullOrWhiteSpace(tableName))
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/Toolbox.razor b/src/CSharpDB.Admin.Forms/Components/Designer/Toolbox.razor
index 839aabd2..0a85f943 100644
--- a/src/CSharpDB.Admin.Forms/Components/Designer/Toolbox.razor
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/Toolbox.razor
@@ -1,4 +1,6 @@
 @using CSharpDB.Admin.Forms.Components.Designer
+@using CSharpDB.Admin.Forms.Contracts
+@using CSharpDB.Admin.Forms.Models
 @implements IDisposable
 
 <div class="toolbox">
@@ -13,77 +15,21 @@
         </button>
     </div>
 
-    <div class="toolbox-group">
-        <div class="toolbox-group-label">Layout</div>
-        <button class="@ToolClass(ToolLabel)"
-                @onclick="@(() => SetTool(ToolLabel))"
-                title="Static text label">
-            <span class="toolbox-icon">A</span> Label
-        </button>
-    </div>
-
-    <div class="toolbox-group">
-        <div class="toolbox-group-label">Input Controls</div>
-        <button class="@ToolClass(ToolText)"
-                @onclick="@(() => SetTool(ToolText))"
-                title="Text input field">
-            <span class="toolbox-icon">&#x2328;</span> Text
-        </button>
-        <button class="@ToolClass(ToolTextarea)"
-                @onclick="@(() => SetTool(ToolTextarea))"
-                title="Multi-line text area">
-            <span class="toolbox-icon">&#x2263;</span> Textarea
-        </button>
-        <button class="@ToolClass(ToolNumber)"
-                @onclick="@(() => SetTool(ToolNumber))"
-                title="Number input field">
-            <span class="toolbox-icon">#</span> Number
-        </button>
-        <button class="@ToolClass(ToolDate)"
-                @onclick="@(() => SetTool(ToolDate))"
-                title="Date picker">
-            <span class="toolbox-icon">&#x1F4C5;</span> Date
-        </button>
-        <button class="@ToolClass(ToolCheckbox)"
-                @onclick="@(() => SetTool(ToolCheckbox))"
-                title="Checkbox">
-            <span class="toolbox-icon">&#x2611;</span> Checkbox
-        </button>
-        <button class="@ToolClass(ToolRadio)"
-                @onclick="@(() => SetTool(ToolRadio))"
-                title="Radio button group">
-            <span class="toolbox-icon">&#x25C9;</span> Radio
-        </button>
-        <button class="@ToolClass(ToolSelect)"
-                @onclick="@(() => SetTool(ToolSelect))"
-                title="Dropdown select">
-            <span class="toolbox-icon">&#x25BE;</span> Select
-        </button>
-        <button class="@ToolClass(ToolLookup)"
-                @onclick="@(() => SetTool(ToolLookup))"
-                title="Lookup combo box (loads from table)">
-            <span class="toolbox-icon">&#x1F50D;</span> Lookup
-        </button>
-        <button class="@ToolClass(ToolComputed)"
-                @onclick="@(() => SetTool(ToolComputed))"
-                title="Computed field (formula-based)">
-            <span class="toolbox-icon">&#x03A3;</span> Computed
-        </button>
-    </div>
-
-    <div class="toolbox-group">
-        <div class="toolbox-group-label">Data</div>
-        <button class="@ToolClass(ToolDatagrid)"
-                @onclick="@(() => SetTool(ToolDatagrid))"
-                title="Child table data grid">
-            <span class="toolbox-icon">&#x2637;</span> DataGrid
-        </button>
-        <button class="@ToolClass(ToolChildTabs)"
-                @onclick="@(() => SetTool(ToolChildTabs))"
-                title="Tab-based child forms with nesting">
-            <span class="toolbox-icon">&#x2630;</span> Child Tabs
-        </button>
-    </div>
+    @foreach (var group in GetToolboxGroups())
+    {
+        <div class="toolbox-group">
+            <div class="toolbox-group-label">@group.Name</div>
+            @foreach (FormControlDescriptor control in group.Controls)
+            {
+                <button @key="control.ControlType"
+                        class="@ToolClass(control.ControlType)"
+                        @onclick="@(() => SetTool(control.ControlType))"
+                        title="@(control.Description ?? control.DisplayName)">
+                    <span class="toolbox-icon">@control.IconText</span> @control.DisplayName
+                </button>
+            }
+        </div>
+    }
 
     <div class="toolbox-group">
         <div class="toolbox-group-label">Clipboard</div>
@@ -146,24 +92,20 @@
 
 @code {
     [CascadingParameter] public DesignerState State { get; set; } = default!;
-
-    private const string ToolLabel = "label";
-    private const string ToolText = "text";
-    private const string ToolTextarea = "textarea";
-    private const string ToolNumber = "number";
-    private const string ToolDate = "date";
-    private const string ToolCheckbox = "checkbox";
-    private const string ToolRadio = "radio";
-    private const string ToolSelect = "select";
-    private const string ToolDatagrid = "datagrid";
-    private const string ToolChildTabs = "childtabs";
-    private const string ToolLookup = "lookup";
-    private const string ToolComputed = "computed";
+    [Inject] public IFormControlRegistry ControlRegistry { get; set; } = DefaultFormControlRegistry.Instance;
 
     protected override void OnInitialized() => State.OnChange += OnStateChanged;
     public void Dispose() => State.OnChange -= OnStateChanged;
     private void OnStateChanged() => InvokeAsync(StateHasChanged);
 
+    private IReadOnlyList<(string Name, IReadOnlyList<FormControlDescriptor> Controls)> GetToolboxGroups()
+        => ControlRegistry.GetToolboxControls()
+            .GroupBy(control => control.ToolboxGroup)
+            .Select(group => (
+                Name: group.Key,
+                Controls: (IReadOnlyList<FormControlDescriptor>)group.ToArray()))
+            .ToArray();
+
     private string ToolClass(string? tool) =>
         "toolbox-item" + (State.ActiveTool == tool ? " active" : "");
 
diff --git a/src/CSharpDB.Admin.Forms/Components/Designer/ValidationRulesEditor.razor b/src/CSharpDB.Admin.Forms/Components/Designer/ValidationRulesEditor.razor
new file mode 100644
index 00000000..534d5883
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Components/Designer/ValidationRulesEditor.razor
@@ -0,0 +1,198 @@
+@using System.Text.Json
+@using CSharpDB.Admin.Forms.Models
+@using CSharpDB.Admin.Forms.Serialization
+@using CSharpDB.Primitives
+@inject DbValidationRuleRegistry ValidationRuleRegistry
+
+<div class="feb-container">
+    @if (Rules.Count == 0)
+    {
+        <div class="feb-empty">No validation rules</div>
+    }
+
+    @for (int i = 0; i < Rules.Count; i++)
+    {
+        var ruleIndex = i;
+        var rule = Rules[ruleIndex];
+        <div class="feb-entry">
+            <div class="feb-row">
+                <div class="feb-field">
+                    <label>Registered Rule</label>
+                    <select value="@GetRuleSelectValue(rule)"
+                            @onchange="@(e => UpdateRuleFromDropdown(ruleIndex, rule, e.Value?.ToString() ?? string.Empty))">
+                        <option value="">Manual / unknown</option>
+                        @foreach (DbValidationRuleDefinition definition in RegisteredRules)
+                        {
+                            <option value="@definition.Name">@definition.Name</option>
+                        }
+                    </select>
+                </div>
+                <button class="feb-btn feb-btn-remove" @onclick="@(() => RemoveRule(ruleIndex))" title="Remove rule">x</button>
+            </div>
+
+            <div class="feb-field">
+                <label>Rule Name</label>
+                <input type="text"
+                       value="@rule.RuleId"
+                       placeholder="RuleName"
+                       @onchange="@(e => UpdateRuleId(ruleIndex, rule, e.Value?.ToString() ?? string.Empty))" />
+            </div>
+
+            <div class="feb-field">
+                <label>Fallback Message</label>
+                <input type="text"
+                       value="@rule.Message"
+                       placeholder="Validation failed."
+                       @onchange="@(e => UpdateMessage(ruleIndex, rule, e.Value?.ToString() ?? string.Empty))" />
+            </div>
+
+            <div class="feb-field">
+                <label>Parameters JSON</label>
+                <textarea class="feb-arguments"
+                          value="@FormatParameters(rule.Parameters)"
+                          placeholder="{ }"
+                          @onchange="@(e => UpdateParameters(ruleIndex, rule, e.Value?.ToString() ?? string.Empty))"></textarea>
+                @if (_parameterErrors.TryGetValue(ruleIndex, out string? error))
+                {
+                    <div class="pi-field-error">@error</div>
+                }
+            </div>
+        </div>
+    }
+
+    <button class="feb-btn feb-btn-add" @onclick="AddRule">+ Add Validation Rule</button>
+</div>
+
+@code {
+    [Parameter, EditorRequired] public IReadOnlyList<ValidationRule> Rules { get; set; } = [];
+    [Parameter] public EventCallback<IReadOnlyList<ValidationRule>> RulesChanged { get; set; }
+
+    private readonly Dictionary<int, string> _parameterErrors = [];
+
+    private IReadOnlyList<DbValidationRuleDefinition> RegisteredRules
+        => ValidationRuleRegistry.Rules
+            .OrderBy(static rule => rule.Name, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+    private async Task AddRule()
+    {
+        var updated = Rules
+            .Append(new ValidationRule(NextRuleName(), string.Empty, new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)))
+            .ToList();
+        await RulesChanged.InvokeAsync(updated);
+    }
+
+    private async Task RemoveRule(int index)
+    {
+        var updated = Rules.ToList();
+        if (index < 0 || index >= updated.Count)
+            return;
+
+        updated.RemoveAt(index);
+        _parameterErrors.Remove(index);
+        await RulesChanged.InvokeAsync(updated);
+    }
+
+    private Task UpdateRuleFromDropdown(int index, ValidationRule rule, string value)
+        => string.IsNullOrWhiteSpace(value)
+            ? Task.CompletedTask
+            : ReplaceRule(index, rule with { RuleId = value.Trim() });
+
+    private Task UpdateRuleId(int index, ValidationRule rule, string value)
+        => ReplaceRule(index, rule with { RuleId = value.Trim() });
+
+    private Task UpdateMessage(int index, ValidationRule rule, string value)
+        => ReplaceRule(index, rule with { Message = value.Trim() });
+
+    private async Task UpdateParameters(int index, ValidationRule rule, string text)
+    {
+        try
+        {
+            IReadOnlyDictionary<string, object?> parameters = ParseParameters(text);
+            _parameterErrors.Remove(index);
+            await ReplaceRule(index, rule with { Parameters = parameters });
+        }
+        catch (JsonException ex)
+        {
+            _parameterErrors[index] = $"Invalid JSON: {ex.Message}";
+        }
+        catch (InvalidOperationException ex)
+        {
+            _parameterErrors[index] = ex.Message;
+        }
+    }
+
+    private async Task ReplaceRule(int index, ValidationRule rule)
+    {
+        var updated = Rules.ToList();
+        if (index < 0 || index >= updated.Count)
+            return;
+
+        updated[index] = rule;
+        await RulesChanged.InvokeAsync(updated);
+    }
+
+    private string GetRuleSelectValue(ValidationRule rule)
+        => RegisteredRules.Any(definition => string.Equals(definition.Name, rule.RuleId, StringComparison.OrdinalIgnoreCase))
+            ? rule.RuleId
+            : string.Empty;
+
+    private string NextRuleName()
+    {
+        HashSet<string> existing = Rules
+            .Select(static rule => rule.RuleId)
+            .Where(static ruleId => !string.IsNullOrWhiteSpace(ruleId))
+            .ToHashSet(StringComparer.OrdinalIgnoreCase);
+
+        foreach (DbValidationRuleDefinition definition in RegisteredRules)
+        {
+            if (!existing.Contains(definition.Name))
+                return definition.Name;
+        }
+
+        for (int i = 1; ; i++)
+        {
+            string candidate = $"Rule{i}";
+            if (!existing.Contains(candidate))
+                return candidate;
+        }
+    }
+
+    private static string FormatParameters(IReadOnlyDictionary<string, object?> parameters)
+        => parameters.Count == 0
+            ? "{ }"
+            : JsonSerializer.Serialize(parameters, new JsonSerializerOptions(JsonDefaults.Options) { WriteIndented = true });
+
+    private static IReadOnlyDictionary<string, object?> ParseParameters(string text)
+    {
+        if (string.IsNullOrWhiteSpace(text))
+            return new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+
+        using JsonDocument document = JsonDocument.Parse(text);
+        if (document.RootElement.ValueKind != JsonValueKind.Object)
+            throw new InvalidOperationException("Parameters must be a JSON object.");
+
+        return document.RootElement
+            .EnumerateObject()
+            .ToDictionary(
+                static property => property.Name,
+                static property => ReadJsonValue(property.Value),
+                StringComparer.OrdinalIgnoreCase);
+    }
+
+    private static object? ReadJsonValue(JsonElement value)
+        => value.ValueKind switch
+        {
+            JsonValueKind.Null => null,
+            JsonValueKind.True => true,
+            JsonValueKind.False => false,
+            JsonValueKind.String => value.GetString(),
+            JsonValueKind.Number => value.TryGetInt64(out long integer) ? integer : value.GetDouble(),
+            JsonValueKind.Object => value.EnumerateObject().ToDictionary(
+                static property => property.Name,
+                static property => ReadJsonValue(property.Value),
+                StringComparer.OrdinalIgnoreCase),
+            JsonValueKind.Array => value.EnumerateArray().Select(ReadJsonValue).ToArray(),
+            _ => value.ToString(),
+        };
+}
diff --git a/src/CSharpDB.Admin.Forms/Contracts/ControlFilterState.cs b/src/CSharpDB.Admin.Forms/Contracts/ControlFilterState.cs
new file mode 100644
index 00000000..68be9154
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Contracts/ControlFilterState.cs
@@ -0,0 +1,5 @@
+namespace CSharpDB.Admin.Forms.Contracts;
+
+public sealed record ControlFilterState(
+    string FilterExpression,
+    IReadOnlyDictionary<string, object?> Parameters);
diff --git a/src/CSharpDB.Admin.Forms/Contracts/FormActionDiagnostics.cs b/src/CSharpDB.Admin.Forms/Contracts/FormActionDiagnostics.cs
new file mode 100644
index 00000000..a504eef9
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Contracts/FormActionDiagnostics.cs
@@ -0,0 +1,139 @@
+using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Contracts;
+
+public sealed record FormActionInvocationDiagnostic(
+    DbActionKind ActionKind,
+    string? Target,
+    string? FormId,
+    string? FormName,
+    string? TableName,
+    string? EventName,
+    string? ActionSequenceName,
+    int StepIndex,
+    string? Location,
+    TimeSpan Elapsed,
+    bool Succeeded,
+    bool Canceled,
+    string? ResultMessage,
+    string? ExceptionMessage,
+    IReadOnlyDictionary<string, string> Metadata);
+
+public static class FormActionDiagnostics
+{
+    public const string ListenerName = "CSharpDB.Admin.Forms.Actions";
+    public const string InvocationEventName = "CSharpDB.Admin.Forms.Actions.Invocation";
+
+    public static DiagnosticListener Listener { get; } = new(ListenerName);
+
+    public static bool IsInvocationEnabled
+        => Listener.IsEnabled(InvocationEventName);
+
+    internal static long GetTimestamp()
+        => Stopwatch.GetTimestamp();
+
+    internal static TimeSpan GetElapsedTime(long startingTimestamp)
+        => Stopwatch.GetElapsedTime(startingTimestamp);
+
+    [UnconditionalSuppressMessage(
+        "Trimming",
+        "IL2026",
+        Justification = "Form action diagnostics are emitted only for subscribed hosts; the strongly typed event payload is part of the public diagnostics contract.")]
+    internal static void WriteInvocation(
+        DbActionKind actionKind,
+        string? target,
+        IReadOnlyDictionary<string, string>? metadata,
+        TimeSpan elapsed,
+        bool succeeded,
+        bool canceled,
+        string? resultMessage,
+        string? exceptionMessage)
+    {
+        if (!IsInvocationEnabled)
+            return;
+
+        IReadOnlyDictionary<string, string> metadataSnapshot = CopyMetadata(metadata);
+        Listener.Write(
+            InvocationEventName,
+            new FormActionInvocationDiagnostic(
+                actionKind,
+                string.IsNullOrWhiteSpace(target) ? null : target,
+                ReadMetadata(metadataSnapshot, "formId"),
+                ReadMetadata(metadataSnapshot, "formName"),
+                ReadMetadata(metadataSnapshot, "tableName"),
+                ReadMetadata(metadataSnapshot, "event"),
+                ReadMetadata(metadataSnapshot, "actionSequence"),
+                ReadStepIndex(metadataSnapshot),
+                BuildLocation(metadataSnapshot),
+                elapsed,
+                succeeded,
+                canceled,
+                resultMessage,
+                exceptionMessage,
+                metadataSnapshot));
+    }
+
+    private static IReadOnlyDictionary<string, string> CopyMetadata(
+        IReadOnlyDictionary<string, string>? metadata)
+    {
+        if (metadata is null || metadata.Count == 0)
+            return EmptyStringDictionary.Instance;
+
+        return new Dictionary<string, string>(metadata, StringComparer.OrdinalIgnoreCase);
+    }
+
+    private static string? BuildLocation(IReadOnlyDictionary<string, string> metadata)
+    {
+        if (TryReadMetadata(metadata, "location", out string? location))
+            return location;
+
+        string? eventName = ReadMetadata(metadata, "event");
+        string? actionSequence = ReadMetadata(metadata, "actionSequence");
+        string? actionStep = ReadMetadata(metadata, "actionStep");
+        if (!string.IsNullOrWhiteSpace(actionSequence) && !string.IsNullOrWhiteSpace(actionStep))
+            return $"actionSequences.{actionSequence}.steps[{actionStep}]";
+
+        string? controlId = ReadMetadata(metadata, "controlId");
+        if (!string.IsNullOrWhiteSpace(controlId) && !string.IsNullOrWhiteSpace(eventName))
+            return $"controls.{controlId}.events.{eventName}";
+
+        if (!string.IsNullOrWhiteSpace(eventName) && !string.IsNullOrWhiteSpace(actionStep))
+            return $"events.{eventName}.actionSequence.steps[{actionStep}]";
+
+        if (!string.IsNullOrWhiteSpace(actionStep))
+            return $"action.steps[{actionStep}]";
+
+        return null;
+    }
+
+    private static int ReadStepIndex(IReadOnlyDictionary<string, string> metadata)
+        => int.TryParse(ReadMetadata(metadata, "actionStep"), out int stepIndex)
+            ? stepIndex
+            : -1;
+
+    private static string? ReadMetadata(IReadOnlyDictionary<string, string> metadata, string key)
+        => TryReadMetadata(metadata, key, out string? value) ? value : null;
+
+    private static bool TryReadMetadata(
+        IReadOnlyDictionary<string, string> metadata,
+        string key,
+        out string? value)
+    {
+        if (metadata.TryGetValue(key, out string? raw) && !string.IsNullOrWhiteSpace(raw))
+        {
+            value = raw;
+            return true;
+        }
+
+        value = null;
+        return false;
+    }
+
+    private static class EmptyStringDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, string> Instance =
+            new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Contracts/FormActionRequests.cs b/src/CSharpDB.Admin.Forms/Contracts/FormActionRequests.cs
new file mode 100644
index 00000000..8fbc17e9
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Contracts/FormActionRequests.cs
@@ -0,0 +1,13 @@
+namespace CSharpDB.Admin.Forms.Contracts;
+
+public sealed record FormOpenRequest(
+    string FormId,
+    string FormName,
+    IReadOnlyDictionary<string, object?> Arguments,
+    string? Mode = null,
+    object? RecordId = null,
+    string? FilterExpression = null);
+
+public sealed record FormCloseRequest(
+    string? FormId,
+    string? FormName);
diff --git a/src/CSharpDB.Admin.Forms/Contracts/FormActionRuntimeContext.cs b/src/CSharpDB.Admin.Forms/Contracts/FormActionRuntimeContext.cs
new file mode 100644
index 00000000..7896ccd0
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Contracts/FormActionRuntimeContext.cs
@@ -0,0 +1,14 @@
+namespace CSharpDB.Admin.Forms.Contracts;
+
+public sealed record FormActionRuntimeContext(
+    string? FormId,
+    string? FormName,
+    string? TableName,
+    string? EventName,
+    string? ActionSequenceName,
+    int StepIndex,
+    IReadOnlyDictionary<string, object?>? Record,
+    IReadOnlyDictionary<string, object?>? BindingArguments,
+    IReadOnlyDictionary<string, object?>? RuntimeArguments,
+    IReadOnlyDictionary<string, object?>? StepArguments,
+    IReadOnlyDictionary<string, string> Metadata);
diff --git a/src/CSharpDB.Admin.Forms/Contracts/FormActionValidationModels.cs b/src/CSharpDB.Admin.Forms/Contracts/FormActionValidationModels.cs
new file mode 100644
index 00000000..420a33f7
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Contracts/FormActionValidationModels.cs
@@ -0,0 +1,52 @@
+using CSharpDB.Primitives;
+using CSharpDB.Admin.Forms.Models;
+
+namespace CSharpDB.Admin.Forms.Contracts;
+
+public sealed record FormActionValidationResult(
+    bool Succeeded,
+    IReadOnlyList<FormActionValidationIssue> Issues);
+
+public sealed record FormActionValidationIssue(
+    FormActionValidationSeverity Severity,
+    DbActionKind ActionKind,
+    string Surface,
+    string Location,
+    string Message,
+    string? Target = null,
+    string? EventName = null,
+    string? ActionSequence = null,
+    int? StepIndex = null);
+
+public enum FormActionValidationSeverity
+{
+    Warning,
+    Error,
+}
+
+public sealed record FormActionRuntimeCapabilities(
+    bool RecordActions = false,
+    bool OpenForm = false,
+    bool CloseForm = false,
+    bool ApplyFilter = false,
+    bool ClearFilter = false,
+    bool RunSql = false,
+    bool RunProcedure = false,
+    bool SetControlProperty = false)
+{
+    public static FormActionRuntimeCapabilities None { get; } = new();
+
+    public static FormActionRuntimeCapabilities RenderedForm { get; } = new(
+        RecordActions: true,
+        OpenForm: true,
+        CloseForm: true,
+        ApplyFilter: true,
+        ClearFilter: true,
+        SetControlProperty: true);
+}
+
+public sealed record FormActionValidationOptions(
+    FormActionRuntimeCapabilities? RuntimeCapabilities = null,
+    IReadOnlyCollection<string>? AvailableForms = null,
+    IReadOnlyCollection<string>? AvailableProcedures = null,
+    FormTableDefinition? Schema = null);
diff --git a/src/CSharpDB.Admin.Forms/Contracts/FormEventDispatchResult.cs b/src/CSharpDB.Admin.Forms/Contracts/FormEventDispatchResult.cs
new file mode 100644
index 00000000..2279994d
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Contracts/FormEventDispatchResult.cs
@@ -0,0 +1,12 @@
+namespace CSharpDB.Admin.Forms.Contracts;
+
+public sealed record FormEventDispatchResult(bool Succeeded, string? Message = null)
+{
+    public static FormEventDispatchResult Success(string? message = null) => new(true, message);
+
+    public static FormEventDispatchResult Failure(string message)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(message);
+        return new(false, message);
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Contracts/IFormActionRuntime.cs b/src/CSharpDB.Admin.Forms/Contracts/IFormActionRuntime.cs
new file mode 100644
index 00000000..0193e082
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Contracts/IFormActionRuntime.cs
@@ -0,0 +1,53 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Contracts;
+
+public interface IFormActionRuntime
+{
+    Task<FormEventDispatchResult> ExecuteRecordActionAsync(
+        FormActionRuntimeContext context,
+        DbActionStep step,
+        CancellationToken ct);
+
+    Task<FormEventDispatchResult> OpenFormAsync(
+        FormActionRuntimeContext context,
+        string formName,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct);
+
+    Task<FormEventDispatchResult> CloseFormAsync(
+        FormActionRuntimeContext context,
+        string? formName,
+        CancellationToken ct);
+
+    Task<FormEventDispatchResult> ApplyFilterAsync(
+        FormActionRuntimeContext context,
+        string target,
+        string filter,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct);
+
+    Task<FormEventDispatchResult> ClearFilterAsync(
+        FormActionRuntimeContext context,
+        string target,
+        CancellationToken ct);
+
+    Task<FormEventDispatchResult> RunSqlAsync(
+        FormActionRuntimeContext context,
+        string sqlOrName,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct);
+
+    Task<FormEventDispatchResult> RunProcedureAsync(
+        FormActionRuntimeContext context,
+        string procedureName,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct);
+
+    Task<FormEventDispatchResult> SetControlPropertyAsync(
+        FormActionRuntimeContext context,
+        string controlId,
+        string propertyName,
+        object? value,
+        CancellationToken ct);
+}
diff --git a/src/CSharpDB.Admin.Forms/Contracts/IFormControlRegistry.cs b/src/CSharpDB.Admin.Forms/Contracts/IFormControlRegistry.cs
new file mode 100644
index 00000000..f91bd82e
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Contracts/IFormControlRegistry.cs
@@ -0,0 +1,12 @@
+using CSharpDB.Admin.Forms.Models;
+
+namespace CSharpDB.Admin.Forms.Contracts;
+
+public interface IFormControlRegistry
+{
+    IReadOnlyList<FormControlDescriptor> Controls { get; }
+
+    bool TryGetControl(string controlType, out FormControlDescriptor descriptor);
+
+    IReadOnlyList<FormControlDescriptor> GetToolboxControls();
+}
diff --git a/src/CSharpDB.Admin.Forms/Contracts/IFormEventDispatcher.cs b/src/CSharpDB.Admin.Forms/Contracts/IFormEventDispatcher.cs
new file mode 100644
index 00000000..7a03829a
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Contracts/IFormEventDispatcher.cs
@@ -0,0 +1,12 @@
+using CSharpDB.Admin.Forms.Models;
+
+namespace CSharpDB.Admin.Forms.Contracts;
+
+public interface IFormEventDispatcher
+{
+    Task<FormEventDispatchResult> DispatchAsync(
+        FormDefinition form,
+        FormEventKind eventKind,
+        IReadOnlyDictionary<string, object?>? record = null,
+        CancellationToken ct = default);
+}
diff --git a/src/CSharpDB.Admin.Forms/Contracts/IFormRecordService.cs b/src/CSharpDB.Admin.Forms/Contracts/IFormRecordService.cs
index c78ce407..9c9801f1 100644
--- a/src/CSharpDB.Admin.Forms/Contracts/IFormRecordService.cs
+++ b/src/CSharpDB.Admin.Forms/Contracts/IFormRecordService.cs
@@ -16,5 +16,6 @@ public interface IFormRecordService
     Task<List<Dictionary<string, object?>>> ListFilteredRecordsAsync(FormTableDefinition table, string filterField, object? filterValue, CancellationToken ct = default);
     Task<Dictionary<string, object?>> CreateRecordAsync(FormTableDefinition table, Dictionary<string, object?> values, CancellationToken ct = default);
     Task<Dictionary<string, object?>> UpdateRecordAsync(FormTableDefinition table, object pkValue, Dictionary<string, object?> values, CancellationToken ct = default);
+    Task SaveAttachmentAsync(FormAttachmentTableBinding binding, object parentValue, FormAttachmentValue attachment, CancellationToken ct = default);
     Task DeleteRecordAsync(FormTableDefinition table, object pkValue, CancellationToken ct = default);
 }
diff --git a/src/CSharpDB.Admin.Forms/Contracts/IValidationInferenceService.cs b/src/CSharpDB.Admin.Forms/Contracts/IValidationInferenceService.cs
index e40b91c1..335bf04b 100644
--- a/src/CSharpDB.Admin.Forms/Contracts/IValidationInferenceService.cs
+++ b/src/CSharpDB.Admin.Forms/Contracts/IValidationInferenceService.cs
@@ -6,4 +6,8 @@ public interface IValidationInferenceService
 {
     IReadOnlyList<ValidationRule> InferRules(FormFieldDefinition field);
     IReadOnlyList<ValidationError> Evaluate(FormDefinition form, IDictionary<string, object?> record);
+    Task<IReadOnlyList<ValidationError>> EvaluateAsync(
+        FormDefinition form,
+        IDictionary<string, object?> record,
+        CancellationToken ct = default);
 }
diff --git a/src/CSharpDB.Admin.Forms/Evaluation/FormulaEvaluator.cs b/src/CSharpDB.Admin.Forms/Evaluation/FormulaEvaluator.cs
index 46df04c1..bb94c79e 100644
--- a/src/CSharpDB.Admin.Forms/Evaluation/FormulaEvaluator.cs
+++ b/src/CSharpDB.Admin.Forms/Evaluation/FormulaEvaluator.cs
@@ -1,39 +1,100 @@
+using System.Globalization;
+using System.Text.Json;
+using CSharpDB.Primitives;
+
 namespace CSharpDB.Admin.Forms.Evaluation;
 
+public sealed record FormulaDomainFunctionRequest(
+    string FunctionName,
+    string Expression,
+    string Domain,
+    string? Criteria);
+
+public delegate object? FormulaDomainFunctionResolver(FormulaDomainFunctionRequest request);
+
 /// <summary>
-/// Evaluates formulas for computed fields.
-///
-/// Field formulas start with '=' and support arithmetic (+, -, *, /), parentheses,
-/// numeric literals, and field references (e.g., =Quantity * UnitPrice).
+/// Evaluates Admin Forms formulas.
 ///
-/// Aggregate formulas reference child table fields: =SUM(OrderItems.LineTotal),
-/// =COUNT(OrderItems.LineTotal), =AVG(...), =MIN(...), =MAX(...)
+/// Formulas start with '=' and support arithmetic, comparisons, logical
+/// operators, field references, registered scalar callbacks, and Access-style
+/// built-in functions.
 /// </summary>
 public static class FormulaEvaluator
 {
     private static readonly string[] AggregateFunctions = ["SUM", "COUNT", "AVG", "MIN", "MAX"];
+    private static readonly string[] DomainFunctionNames = ["DLOOKUP", "DCOUNT", "DSUM", "DAVG", "DMIN", "DMAX"];
+    private static readonly HashSet<string> BuiltInFunctionNameSet =
+        new(FormulaFunctionCatalog.BuiltInFunctionNames, StringComparer.OrdinalIgnoreCase);
+
+    public static IReadOnlyCollection<string> BuiltInFunctionNames => FormulaFunctionCatalog.BuiltInFunctionNames;
 
     /// <summary>
-    /// Evaluate a field-level formula (e.g., =Quantity * UnitPrice).
-    /// Returns null if any referenced field is null, formula is invalid, or division by zero.
+    /// Evaluate a field-level formula as a number.
+    /// Returns null if the formula is invalid, returns a nonnumeric value, or
+    /// hits an invalid numeric operation.
     /// </summary>
     public static double? Evaluate(string? formula, Func<string, double?> fieldResolver)
+        => Evaluate(formula, fieldResolver, DbFunctionRegistry.Empty);
+
+    public static double? Evaluate(
+        string? formula,
+        Func<string, double?> fieldResolver,
+        DbFunctionRegistry? functions)
+        => Evaluate(formula, fieldResolver, functions, callbackPolicy: null);
+
+    public static double? Evaluate(
+        string? formula,
+        Func<string, double?> fieldResolver,
+        DbFunctionRegistry? functions,
+        DbExtensionPolicy? callbackPolicy)
     {
-        if (string.IsNullOrWhiteSpace(formula)) return null;
+        object? value = EvaluateValue(
+            formula,
+            field => fieldResolver(field),
+            functions,
+            callbackPolicy);
+
+        return TryConvertDouble(value, out double numeric) ? numeric : null;
+    }
+
+    public static object? EvaluateValue(string? formula, Func<string, object?> fieldResolver)
+        => EvaluateValue(formula, fieldResolver, DbFunctionRegistry.Empty);
+
+    public static object? EvaluateValue(
+        string? formula,
+        Func<string, object?> fieldResolver,
+        DbFunctionRegistry? functions)
+        => EvaluateValue(formula, fieldResolver, functions, callbackPolicy: null);
+
+    public static object? EvaluateValue(
+        string? formula,
+        Func<string, object?> fieldResolver,
+        DbFunctionRegistry? functions,
+        DbExtensionPolicy? callbackPolicy,
+        FormulaDomainFunctionResolver? domainResolver = null)
+    {
+        if (string.IsNullOrWhiteSpace(formula))
+            return null;
+
+        string expr = formula.Trim();
+        if (!expr.StartsWith('='))
+            return null;
 
-        var expr = formula.Trim();
-        if (!expr.StartsWith('=')) return null;
         expr = expr[1..].Trim();
-        if (expr.Length == 0) return null;
+        if (expr.Length == 0)
+            return null;
 
         try
         {
-            var parser = new Parser(expr, fieldResolver);
-            var result = parser.ParseExpression();
-            // Ensure we consumed all input
-            if (parser.Position < parser.Input.Length)
-                return null;
-            return result;
+            var parser = new Parser(
+                expr,
+                fieldResolver,
+                functions ?? DbFunctionRegistry.Empty,
+                callbackPolicy,
+                domainResolver);
+            object? result = parser.ParseExpression();
+            parser.SkipWhitespace();
+            return parser.Failed || parser.Position < parser.Input.Length ? null : NormalizeValue(result);
         }
         catch
         {
@@ -41,6 +102,74 @@ public static class FormulaEvaluator
         }
     }
 
+    public static bool IsBuiltInFunctionName(string name)
+        => BuiltInFunctionNameSet.Contains(name);
+
+    public static IReadOnlyList<string> GetDomainReferences(string? formula)
+    {
+        string? expression = GetExpressionBody(formula);
+        if (expression is null)
+            return [];
+
+        var domains = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+        ReadOnlySpan<char> input = expression.AsSpan();
+        for (int i = 0; i < input.Length; i++)
+        {
+            char current = input[i];
+            if (current is '\'' or '"')
+            {
+                i = SkipQuoted(input, i, current);
+                continue;
+            }
+
+            if (current == '[')
+            {
+                i = SkipBracketed(input, i);
+                continue;
+            }
+
+            if (!IsIdentifierStart(current))
+                continue;
+
+            int start = i;
+            i++;
+            while (i < input.Length && IsIdentifierPart(input[i]))
+                i++;
+
+            string name = input[start..i].ToString();
+            if (!DomainFunctionNames.Contains(name, StringComparer.OrdinalIgnoreCase))
+            {
+                i--;
+                continue;
+            }
+
+            int cursor = i;
+            while (cursor < input.Length && char.IsWhiteSpace(input[cursor]))
+                cursor++;
+
+            if (cursor >= input.Length || input[cursor] != '(')
+            {
+                i--;
+                continue;
+            }
+
+            if (TryReadFunctionArguments(input, cursor, out string argumentsText, out int closeParen))
+            {
+                string[] arguments = SplitTopLevelArguments(argumentsText);
+                if (arguments.Length >= 2 && TryReadLiteralText(arguments[1], out string? domain) && !string.IsNullOrWhiteSpace(domain))
+                    domains.Add(domain);
+
+                i = closeParen;
+            }
+            else
+            {
+                i--;
+            }
+        }
+
+        return domains.OrderBy(static domain => domain, StringComparer.OrdinalIgnoreCase).ToArray();
+    }
+
     /// <summary>
     /// Try to parse an aggregate formula like =SUM(TableName.FieldName).
     /// Returns true if the formula matches the aggregate pattern.
@@ -54,7 +183,6 @@ public static bool TryParseAggregate(string? formula, out string func, out strin
         if (!expr.StartsWith('=')) return false;
         expr = expr[1..].Trim();
 
-        // Match: FUNC(Table.Field)
         foreach (var fn in AggregateFunctions)
         {
             if (!expr.StartsWith(fn, StringComparison.OrdinalIgnoreCase)) continue;
@@ -82,7 +210,7 @@ public static bool TryParseAggregate(string? formula, out string func, out strin
 
     /// <summary>
     /// Evaluate an aggregate function over a set of values.
-    /// Returns null if values is empty (except COUNT which returns 0).
+    /// Returns null if values is empty (except COUNT and SUM which return 0).
     /// </summary>
     public static double? EvaluateAggregate(string func, IEnumerable<double?> values)
     {
@@ -99,151 +227,1507 @@ public static bool TryParseAggregate(string? formula, out string func, out strin
         };
     }
 
+    private static string? GetExpressionBody(string? formula)
+    {
+        if (string.IsNullOrWhiteSpace(formula))
+            return null;
+
+        string expression = formula.Trim();
+        if (!expression.StartsWith('='))
+            return null;
+
+        expression = expression[1..].Trim();
+        return expression.Length == 0 ? null : expression;
+    }
+
     private static bool IsValidIdentifier(string s) =>
         s.Length > 0 && (char.IsLetter(s[0]) || s[0] == '_') && s.All(c => char.IsLetterOrDigit(c) || c == '_');
 
-    /// <summary>
-    /// Recursive-descent parser for arithmetic expressions with field references.
-    /// Grammar:
-    ///   Expression = Term (('+' | '-') Term)*
-    ///   Term       = Factor (('*' | '/') Factor)*
-    ///   Factor     = ['-'] Atom
-    ///   Atom       = Number | '(' Expression ')' | FieldName
-    /// </summary>
     private ref struct Parser
     {
         public ReadOnlySpan<char> Input;
         public int Position;
-        private readonly Func<string, double?> _fieldResolver;
+        public bool Failed;
 
-        public Parser(string input, Func<string, double?> fieldResolver)
+        private readonly Func<string, object?> _fieldResolver;
+        private readonly DbFunctionRegistry _functions;
+        private readonly DbExtensionPolicy? _callbackPolicy;
+        private readonly FormulaDomainFunctionResolver? _domainResolver;
+
+        public Parser(
+            string input,
+            Func<string, object?> fieldResolver,
+            DbFunctionRegistry functions,
+            DbExtensionPolicy? callbackPolicy,
+            FormulaDomainFunctionResolver? domainResolver)
         {
             Input = input.AsSpan();
             Position = 0;
+            Failed = false;
             _fieldResolver = fieldResolver;
+            _functions = functions;
+            _callbackPolicy = callbackPolicy;
+            _domainResolver = domainResolver;
         }
 
-        public double? ParseExpression()
+        public object? ParseExpression() => ParseOr();
+
+        private object? ParseOr()
         {
-            var left = ParseTerm();
-            while (Position < Input.Length)
+            object? left = ParseAnd();
+            while (!Failed)
+            {
+                if (!MatchKeyword("OR"))
+                    return left;
+
+                object? right = ParseAnd();
+                left = IsTruthy(left) || IsTruthy(right);
+            }
+
+            return null;
+        }
+
+        private object? ParseAnd()
+        {
+            object? left = ParseNot();
+            while (!Failed)
+            {
+                if (!MatchKeyword("AND"))
+                    return left;
+
+                object? right = ParseNot();
+                left = IsTruthy(left) && IsTruthy(right);
+            }
+
+            return null;
+        }
+
+        private object? ParseNot()
+        {
+            if (MatchKeyword("NOT"))
+                return !IsTruthy(ParseNot());
+
+            return ParseComparison();
+        }
+
+        private object? ParseComparison()
+        {
+            object? left = ParseAdditive();
+            SkipWhitespace();
+            string? op = MatchComparisonOperator();
+            if (op is null)
+                return left;
+
+            object? right = ParseAdditive();
+            return Compare(left, right, op);
+        }
+
+        private object? ParseAdditive()
+        {
+            object? left = ParseTerm();
+            while (!Failed)
             {
                 SkipWhitespace();
-                if (Position >= Input.Length) break;
-                var ch = Input[Position];
-                if (ch == '+')
+                if (Position >= Input.Length)
+                    return left;
+
+                char ch = Input[Position];
+                if (ch == '+' || ch == '-')
                 {
                     Position++;
-                    var right = ParseTerm();
-                    if (left is null || right is null) return null;
-                    left = left.Value + right.Value;
+                    object? right = ParseTerm();
+                    if (left is null || right is null)
+                    {
+                        left = null;
+                    }
+                    else if (TryConvertDouble(left, out double leftNumber) && TryConvertDouble(right, out double rightNumber))
+                    {
+                        left = ch == '+' ? leftNumber + rightNumber : leftNumber - rightNumber;
+                    }
+                    else if (ch == '+')
+                    {
+                        left = ToFormulaString(left) + ToFormulaString(right);
+                    }
+                    else
+                    {
+                        Failed = true;
+                        return null;
+                    }
+
+                    continue;
                 }
-                else if (ch == '-')
+
+                if (ch == '&')
                 {
                     Position++;
-                    var right = ParseTerm();
-                    if (left is null || right is null) return null;
-                    left = left.Value - right.Value;
-                }
-                else
-                {
-                    break;
+                    object? right = ParseTerm();
+                    left = ToFormulaString(left) + ToFormulaString(right);
+                    continue;
                 }
+
+                return left;
             }
-            return left;
+
+            return null;
         }
 
-        private double? ParseTerm()
+        private object? ParseTerm()
         {
-            var left = ParseFactor();
-            while (Position < Input.Length)
+            object? left = ParseFactor();
+            while (!Failed)
             {
                 SkipWhitespace();
-                if (Position >= Input.Length) break;
-                var ch = Input[Position];
-                if (ch == '*')
+                if (Position >= Input.Length)
+                    return left;
+
+                char ch = Input[Position];
+                if (ch != '*' && ch != '/')
+                    return left;
+
+                Position++;
+                object? right = ParseFactor();
+                if (left is null || right is null)
                 {
-                    Position++;
-                    var right = ParseFactor();
-                    if (left is null || right is null) return null;
-                    left = left.Value * right.Value;
+                    left = null;
+                    continue;
                 }
-                else if (ch == '/')
+
+                if (!TryConvertDouble(left, out double leftNumber) || !TryConvertDouble(right, out double rightNumber))
                 {
-                    Position++;
-                    var right = ParseFactor();
-                    if (left is null || right is null) return null;
-                    if (right.Value == 0) return null; // Division by zero → null
-                    left = left.Value / right.Value;
+                    Failed = true;
+                    return null;
                 }
-                else
+
+                if (ch == '/' && Math.Abs(rightNumber) < double.Epsilon)
                 {
-                    break;
+                    left = null;
+                    continue;
                 }
+
+                left = ch == '*' ? leftNumber * rightNumber : leftNumber / rightNumber;
             }
-            return left;
+
+            return null;
         }
 
-        private double? ParseFactor()
+        private object? ParseFactor()
         {
             SkipWhitespace();
             if (Position < Input.Length && Input[Position] == '-')
             {
                 Position++;
-                var val = ParseAtom();
-                return val.HasValue ? -val.Value : null;
+                object? value = ParseFactor();
+                return TryConvertDouble(value, out double numeric) ? -numeric : null;
+            }
+
+            if (Position < Input.Length && Input[Position] == '+')
+            {
+                Position++;
+                object? value = ParseFactor();
+                return TryConvertDouble(value, out double numeric) ? numeric : null;
             }
+
             return ParseAtom();
         }
 
-        private double? ParseAtom()
+        private object? ParseAtom()
         {
             SkipWhitespace();
-            if (Position >= Input.Length) return null;
-
-            var ch = Input[Position];
+            if (Position >= Input.Length)
+            {
+                Failed = true;
+                return null;
+            }
 
-            // Parenthesized expression
+            char ch = Input[Position];
             if (ch == '(')
             {
                 Position++;
-                var val = ParseExpression();
+                object? value = ParseExpression();
                 SkipWhitespace();
                 if (Position < Input.Length && Input[Position] == ')')
+                {
                     Position++;
-                else
-                    return null; // Missing closing paren
-                return val;
+                    return value;
+                }
+
+                Failed = true;
+                return null;
             }
 
-            // Number literal
+            if (ch is '\'' or '"')
+                return ParseString(ch);
+
+            if (ch == '[')
+                return ParseBracketedField();
+
             if (char.IsDigit(ch) || ch == '.')
+                return ParseNumber();
+
+            if (IsIdentifierStart(ch))
+            {
+                string identifier = ParseIdentifier();
+                if (string.Equals(identifier, "NULL", StringComparison.OrdinalIgnoreCase))
+                    return null;
+                if (string.Equals(identifier, "TRUE", StringComparison.OrdinalIgnoreCase))
+                    return true;
+                if (string.Equals(identifier, "FALSE", StringComparison.OrdinalIgnoreCase))
+                    return false;
+
+                SkipWhitespace();
+                if (Position < Input.Length && Input[Position] == '(')
+                    return ParseFunctionCall(identifier);
+
+                return NormalizeValue(_fieldResolver(identifier));
+            }
+
+            Failed = true;
+            return null;
+        }
+
+        private string ParseString(char quote)
+        {
+            Position++;
+            var builder = new System.Text.StringBuilder();
+            while (Position < Input.Length)
+            {
+                char ch = Input[Position++];
+                if (ch == quote)
+                {
+                    if (Position < Input.Length && Input[Position] == quote)
+                    {
+                        builder.Append(quote);
+                        Position++;
+                        continue;
+                    }
+
+                    return builder.ToString();
+                }
+
+                builder.Append(ch);
+            }
+
+            Failed = true;
+            return string.Empty;
+        }
+
+        private object? ParseBracketedField()
+        {
+            Position++;
+            int start = Position;
+            while (Position < Input.Length && Input[Position] != ']')
+                Position++;
+
+            if (Position >= Input.Length)
+            {
+                Failed = true;
+                return null;
+            }
+
+            string fieldName = Input[start..Position].ToString();
+            Position++;
+            return NormalizeValue(_fieldResolver(fieldName));
+        }
+
+        private object? ParseNumber()
+        {
+            int start = Position;
+            bool hasDecimal = false;
+            while (Position < Input.Length)
             {
-                var start = Position;
-                while (Position < Input.Length && (char.IsDigit(Input[Position]) || Input[Position] == '.'))
+                char current = Input[Position];
+                if (char.IsDigit(current))
+                {
+                    Position++;
+                    continue;
+                }
+
+                if (current == '.' && !hasDecimal)
+                {
+                    hasDecimal = true;
                     Position++;
-                var numStr = Input[start..Position].ToString();
-                return double.TryParse(numStr, System.Globalization.NumberStyles.Float,
-                    System.Globalization.CultureInfo.InvariantCulture, out var num) ? num : null;
+                    continue;
+                }
+
+                break;
+            }
+
+            ReadOnlySpan<char> number = Input[start..Position];
+            if (!hasDecimal && long.TryParse(number, NumberStyles.Integer, CultureInfo.InvariantCulture, out long integer))
+                return integer;
+
+            return double.TryParse(number, NumberStyles.Float, CultureInfo.InvariantCulture, out double real)
+                ? real
+                : Fail();
+        }
+
+        private string ParseIdentifier()
+        {
+            int start = Position;
+            Position++;
+            while (Position < Input.Length && IsIdentifierPart(Input[Position]))
+                Position++;
+
+            return Input[start..Position].ToString();
+        }
+
+        private object? ParseFunctionCall(string functionName)
+        {
+            Position++;
+            var arguments = new List<object?>();
+            SkipWhitespace();
+            if (Position < Input.Length && Input[Position] == ')')
+            {
+                Position++;
+                return InvokeFunction(functionName, arguments);
             }
 
-            // Field reference (identifier)
-            if (char.IsLetter(ch) || ch == '_')
+            while (!Failed && Position < Input.Length)
             {
-                var start = Position;
-                while (Position < Input.Length && (char.IsLetterOrDigit(Input[Position]) || Input[Position] == '_'))
+                arguments.Add(ParseExpression());
+
+                SkipWhitespace();
+                if (Position < Input.Length && Input[Position] == ',')
+                {
+                    Position++;
+                    continue;
+                }
+
+                if (Position < Input.Length && Input[Position] == ')')
+                {
                     Position++;
-                var fieldName = Input[start..Position].ToString();
-                return _fieldResolver(fieldName);
+                    return InvokeFunction(functionName, arguments);
+                }
+
+                Failed = true;
+                return null;
+            }
+
+            Failed = true;
+            return null;
+        }
+
+        private object? InvokeFunction(string functionName, List<object?> arguments)
+        {
+            if (TryInvokeBuiltInFunction(functionName, arguments, _domainResolver, out object? builtInValue))
+                return NormalizeValue(builtInValue);
+
+            return InvokeRegisteredFunction(functionName, arguments);
+        }
+
+        private object? InvokeRegisteredFunction(string functionName, List<object?> arguments)
+        {
+            if (!_functions.TryGetScalar(functionName, arguments.Count, out var definition))
+            {
+                DbCallbackDiagnostics.WriteMissingScalarInvocation(
+                    functionName,
+                    arguments.Count,
+                    CreateFormCallbackMetadata(functionName),
+                    $"Unknown scalar function '{functionName}'.");
+                return null;
             }
 
-            return null; // Unexpected character
+            DbValue[] dbArguments = arguments.Select(ToDbValue).ToArray();
+            if (definition.Options.NullPropagating && dbArguments.Any(static argument => argument.IsNull))
+                return null;
+
+            try
+            {
+                IReadOnlyDictionary<string, string>? metadata = CreateFormCallbackMetadata(functionName);
+                DbValue value = _callbackPolicy is null
+                    ? definition.Invoke(dbArguments, metadata)
+                    : definition.Invoke(dbArguments, metadata, _callbackPolicy, DbExtensionHostMode.Embedded);
+                return FromDbValue(value);
+            }
+            catch
+            {
+                return null;
+            }
         }
 
-        private void SkipWhitespace()
+        public void SkipWhitespace()
         {
             while (Position < Input.Length && char.IsWhiteSpace(Input[Position]))
                 Position++;
         }
+
+        private bool MatchKeyword(string keyword)
+        {
+            SkipWhitespace();
+            if (!Input[Position..].StartsWith(keyword, StringComparison.OrdinalIgnoreCase))
+                return false;
+
+            int end = Position + keyword.Length;
+            if (end < Input.Length && IsIdentifierPart(Input[end]))
+                return false;
+
+            Position = end;
+            return true;
+        }
+
+        private string? MatchComparisonOperator()
+        {
+            SkipWhitespace();
+            foreach (string op in new[] { ">=", "<=", "==", "!=", "<>", "=", ">", "<" })
+            {
+                if (Input[Position..].StartsWith(op, StringComparison.Ordinal))
+                {
+                    Position += op.Length;
+                    return op;
+                }
+            }
+
+            return null;
+        }
+
+        private object? Fail()
+        {
+            Failed = true;
+            return null;
+        }
+    }
+
+    private static bool TryInvokeBuiltInFunction(
+        string functionName,
+        IReadOnlyList<object?> args,
+        FormulaDomainFunctionResolver? domainResolver,
+        out object? value)
+    {
+        value = null;
+        switch (functionName.ToUpperInvariant())
+        {
+            case "NZ":
+                value = args.Count is 1 or 2
+                    ? IsNullOrEmpty(args[0]) ? args.Count == 2 ? args[1] : string.Empty : args[0]
+                    : null;
+                return args.Count is 1 or 2;
+            case "ISNULL":
+                value = args.Count == 1 && NormalizeValue(args[0]) is null;
+                return args.Count == 1;
+            case "ISEMPTY":
+                value = args.Count == 1 && IsNullOrEmpty(args[0]);
+                return args.Count == 1;
+            case "IIF":
+                value = args.Count == 3 ? IsTruthy(args[0]) ? args[1] : args[2] : null;
+                return args.Count == 3;
+            case "SWITCH":
+                if (args.Count == 0 || args.Count % 2 != 0)
+                    return true;
+                for (int i = 0; i < args.Count; i += 2)
+                {
+                    if (IsTruthy(args[i]))
+                    {
+                        value = args[i + 1];
+                        return true;
+                    }
+                }
+                return true;
+            case "CHOOSE":
+                if (args.Count < 2 || !TryConvertLong(args[0], out long index))
+                    return true;
+                value = index >= 1 && index < args.Count ? args[(int)index] : null;
+                return true;
+            case "LEN":
+                value = args.Count == 1 && args[0] is not null ? ToFormulaString(args[0]).Length : null;
+                return args.Count == 1;
+            case "LEFT":
+                value = args.Count == 2 && TryConvertLong(args[1], out long leftCount)
+                    ? Left(ToFormulaString(args[0]), leftCount)
+                    : null;
+                return args.Count == 2;
+            case "RIGHT":
+                value = args.Count == 2 && TryConvertLong(args[1], out long rightCount)
+                    ? Right(ToFormulaString(args[0]), rightCount)
+                    : null;
+                return args.Count == 2;
+            case "MID":
+                value = EvaluateMid(args);
+                return args.Count is 2 or 3;
+            case "TRIM":
+                value = args.Count == 1 && args[0] is not null ? ToFormulaString(args[0]).Trim() : null;
+                return args.Count == 1;
+            case "LTRIM":
+                value = args.Count == 1 && args[0] is not null ? ToFormulaString(args[0]).TrimStart() : null;
+                return args.Count == 1;
+            case "RTRIM":
+                value = args.Count == 1 && args[0] is not null ? ToFormulaString(args[0]).TrimEnd() : null;
+                return args.Count == 1;
+            case "UCASE":
+                value = args.Count == 1 && args[0] is not null ? ToFormulaString(args[0]).ToUpperInvariant() : null;
+                return args.Count == 1;
+            case "LCASE":
+                value = args.Count == 1 && args[0] is not null ? ToFormulaString(args[0]).ToLowerInvariant() : null;
+                return args.Count == 1;
+            case "INSTR":
+                value = EvaluateInStr(args);
+                return args.Count is 2 or 3;
+            case "REPLACE":
+                value = args.Count == 3 && args[0] is not null && args[1] is not null
+                    ? ToFormulaString(args[0]).Replace(ToFormulaString(args[1]), ToFormulaString(args[2]), StringComparison.Ordinal)
+                    : null;
+                return args.Count == 3;
+            case "STRCOMP":
+                value = EvaluateStrComp(args);
+                return args.Count is 2 or 3;
+            case "VAL":
+                value = args.Count == 1 ? ParseLeadingNumber(ToFormulaString(args[0])) : null;
+                return args.Count == 1;
+            case "DATE":
+                value = args.Count == 0 ? DateTime.Now.Date : null;
+                return args.Count == 0;
+            case "TIME":
+                value = args.Count == 0 ? DateTime.Now.TimeOfDay : null;
+                return args.Count == 0;
+            case "NOW":
+                value = args.Count == 0 ? DateTime.Now : null;
+                return args.Count == 0;
+            case "YEAR":
+                value = args.Count == 1 && TryConvertDateTime(args[0], out DateTime yearDate) ? yearDate.Year : null;
+                return args.Count == 1;
+            case "MONTH":
+                value = args.Count == 1 && TryConvertDateTime(args[0], out DateTime monthDate) ? monthDate.Month : null;
+                return args.Count == 1;
+            case "DAY":
+                value = args.Count == 1 && TryConvertDateTime(args[0], out DateTime dayDate) ? dayDate.Day : null;
+                return args.Count == 1;
+            case "HOUR":
+                value = args.Count == 1 && TryConvertTime(args[0], out TimeSpan hourTime) ? hourTime.Hours : null;
+                return args.Count == 1;
+            case "MINUTE":
+                value = args.Count == 1 && TryConvertTime(args[0], out TimeSpan minuteTime) ? minuteTime.Minutes : null;
+                return args.Count == 1;
+            case "SECOND":
+                value = args.Count == 1 && TryConvertTime(args[0], out TimeSpan secondTime) ? secondTime.Seconds : null;
+                return args.Count == 1;
+            case "DATEADD":
+                value = EvaluateDateAdd(args);
+                return args.Count == 3;
+            case "DATEDIFF":
+                value = EvaluateDateDiff(args);
+                return args.Count == 3;
+            case "DATEPART":
+                value = EvaluateDatePart(args);
+                return args.Count == 2;
+            case "DATESERIAL":
+                value = EvaluateDateSerial(args);
+                return args.Count == 3;
+            case "TIMESERIAL":
+                value = EvaluateTimeSerial(args);
+                return args.Count == 3;
+            case "WEEKDAY":
+                value = args.Count == 1 && TryConvertDateTime(args[0], out DateTime weekdayDate)
+                    ? ((int)weekdayDate.DayOfWeek) + 1
+                    : null;
+                return args.Count == 1;
+            case "MONTHNAME":
+                value = EvaluateMonthName(args);
+                return args.Count is 1 or 2;
+            case "ABS":
+                value = args.Count == 1 && TryConvertDouble(args[0], out double absValue) ? Math.Abs(absValue) : null;
+                return args.Count == 1;
+            case "ROUND":
+                value = EvaluateRound(args);
+                return args.Count is 1 or 2;
+            case "INT":
+                value = args.Count == 1 && TryConvertDouble(args[0], out double intValue) ? Math.Floor(intValue) : null;
+                return args.Count == 1;
+            case "FIX":
+                value = args.Count == 1 && TryConvertDouble(args[0], out double fixValue) ? Math.Truncate(fixValue) : null;
+                return args.Count == 1;
+            case "SGN":
+                value = args.Count == 1 && TryConvertDouble(args[0], out double sgnValue) ? Math.Sign(sgnValue) : null;
+                return args.Count == 1;
+            case "CSTR":
+                value = args.Count == 1 ? ToFormulaString(args[0]) : null;
+                return args.Count == 1;
+            case "CINT":
+            case "CLNG":
+                value = args.Count == 1 && TryConvertDouble(args[0], out double integerValue)
+                    ? Convert.ToInt64(Math.Round(integerValue, MidpointRounding.ToEven), CultureInfo.InvariantCulture)
+                    : null;
+                return args.Count == 1;
+            case "CDBL":
+                value = args.Count == 1 && TryConvertDouble(args[0], out double doubleValue) ? doubleValue : null;
+                return args.Count == 1;
+            case "CBOOL":
+                value = args.Count == 1 && TryConvertBoolean(args[0], out bool boolValue) ? boolValue : null;
+                return args.Count == 1;
+            case "CDATE":
+                value = args.Count == 1 && TryConvertDateTime(args[0], out DateTime dateValue) ? dateValue : null;
+                return args.Count == 1;
+            case "FORMAT":
+                value = args.Count == 2 ? FormatValue(args[0], ToFormulaString(args[1])) : null;
+                return args.Count == 2;
+            case "DLOOKUP":
+            case "DCOUNT":
+            case "DSUM":
+            case "DAVG":
+            case "DMIN":
+            case "DMAX":
+                value = EvaluateDomainFunction(functionName, args, domainResolver);
+                return args.Count is 2 or 3;
+            default:
+                return false;
+        }
+    }
+
+    private static object? EvaluateMid(IReadOnlyList<object?> args)
+    {
+        if (args.Count is not (2 or 3) || args[0] is null || !TryConvertLong(args[1], out long start))
+            return null;
+
+        string value = ToFormulaString(args[0]);
+        int zeroBasedStart = Math.Max(0, (int)start - 1);
+        if (zeroBasedStart >= value.Length)
+            return string.Empty;
+
+        if (args.Count == 2)
+            return value[zeroBasedStart..];
+
+        if (!TryConvertLong(args[2], out long count))
+            return null;
+
+        int length = Math.Clamp((int)count, 0, value.Length - zeroBasedStart);
+        return value.Substring(zeroBasedStart, length);
+    }
+
+    private static object? EvaluateInStr(IReadOnlyList<object?> args)
+    {
+        if (args.Count is not (2 or 3))
+            return null;
+
+        long start = 1;
+        object? source = args[0];
+        object? search = args[1];
+        if (args.Count == 3)
+        {
+            if (!TryConvertLong(args[0], out start))
+                return null;
+
+            source = args[1];
+            search = args[2];
+        }
+
+        if (source is null || search is null)
+            return null;
+
+        string sourceText = ToFormulaString(source);
+        string searchText = ToFormulaString(search);
+        int zeroBasedStart = Math.Clamp((int)start - 1, 0, sourceText.Length);
+        int index = sourceText.IndexOf(searchText, zeroBasedStart, StringComparison.OrdinalIgnoreCase);
+        return index < 0 ? 0 : index + 1;
     }
+
+    private static object? EvaluateStrComp(IReadOnlyList<object?> args)
+    {
+        if (args.Count is not (2 or 3) || args[0] is null || args[1] is null)
+            return null;
+
+        StringComparison comparison = StringComparison.Ordinal;
+        if (args.Count == 3)
+        {
+            string mode = ToFormulaString(args[2]);
+            if (string.Equals(mode, "text", StringComparison.OrdinalIgnoreCase) ||
+                string.Equals(mode, "1", StringComparison.OrdinalIgnoreCase))
+            {
+                comparison = StringComparison.OrdinalIgnoreCase;
+            }
+        }
+
+        int result = string.Compare(ToFormulaString(args[0]), ToFormulaString(args[1]), comparison);
+        return result < 0 ? -1 : result > 0 ? 1 : 0;
+    }
+
+    private static object? EvaluateDateAdd(IReadOnlyList<object?> args)
+    {
+        if (args.Count != 3 ||
+            !TryConvertLong(args[1], out long amount) ||
+            !TryConvertDateTime(args[2], out DateTime date))
+        {
+            return null;
+        }
+
+        return AddDateInterval(ToFormulaString(args[0]), date, amount);
+    }
+
+    private static object? EvaluateDateDiff(IReadOnlyList<object?> args)
+    {
+        if (args.Count != 3 ||
+            !TryConvertDateTime(args[1], out DateTime start) ||
+            !TryConvertDateTime(args[2], out DateTime end))
+        {
+            return null;
+        }
+
+        return DiffDateInterval(ToFormulaString(args[0]), start, end);
+    }
+
+    private static object? EvaluateDatePart(IReadOnlyList<object?> args)
+    {
+        if (args.Count != 2 || !TryConvertDateTime(args[1], out DateTime date))
+            return null;
+
+        return GetDatePart(ToFormulaString(args[0]), date);
+    }
+
+    private static object? EvaluateDateSerial(IReadOnlyList<object?> args)
+    {
+        if (args.Count != 3 ||
+            !TryConvertLong(args[0], out long year) ||
+            !TryConvertLong(args[1], out long month) ||
+            !TryConvertLong(args[2], out long day))
+        {
+            return null;
+        }
+
+        try
+        {
+            return new DateTime((int)year, 1, 1).AddMonths((int)month - 1).AddDays((int)day - 1);
+        }
+        catch
+        {
+            return null;
+        }
+    }
+
+    private static object? EvaluateTimeSerial(IReadOnlyList<object?> args)
+    {
+        if (args.Count != 3 ||
+            !TryConvertLong(args[0], out long hour) ||
+            !TryConvertLong(args[1], out long minute) ||
+            !TryConvertLong(args[2], out long second))
+        {
+            return null;
+        }
+
+        try
+        {
+            return TimeSpan.FromHours(hour) + TimeSpan.FromMinutes(minute) + TimeSpan.FromSeconds(second);
+        }
+        catch
+        {
+            return null;
+        }
+    }
+
+    private static object? EvaluateMonthName(IReadOnlyList<object?> args)
+    {
+        if (args.Count is not (1 or 2) || !TryConvertLong(args[0], out long month) || month is < 1 or > 12)
+            return null;
+
+        bool abbreviate = args.Count == 2 && TryConvertBoolean(args[1], out bool abbreviated) && abbreviated;
+        DateTimeFormatInfo format = CultureInfo.InvariantCulture.DateTimeFormat;
+        return abbreviate ? format.GetAbbreviatedMonthName((int)month) : format.GetMonthName((int)month);
+    }
+
+    private static object? EvaluateRound(IReadOnlyList<object?> args)
+    {
+        if (args.Count is not (1 or 2) || !TryConvertDouble(args[0], out double value))
+            return null;
+
+        int digits = 0;
+        if (args.Count == 2)
+        {
+            if (!TryConvertLong(args[1], out long parsedDigits) || parsedDigits is < 0 or > 15)
+                return null;
+
+            digits = (int)parsedDigits;
+        }
+
+        return Math.Round(value, digits, MidpointRounding.ToEven);
+    }
+
+    private static object? EvaluateDomainFunction(
+        string functionName,
+        IReadOnlyList<object?> args,
+        FormulaDomainFunctionResolver? domainResolver)
+    {
+        if (args.Count is not (2 or 3) || domainResolver is null)
+            return null;
+
+        string expression = ToFormulaString(args[0]).Trim();
+        string domain = ToFormulaString(args[1]).Trim();
+        string? criteria = args.Count == 3 ? ToFormulaString(args[2]) : null;
+        if (string.IsNullOrWhiteSpace(expression) || string.IsNullOrWhiteSpace(domain))
+            return null;
+
+        return domainResolver(new FormulaDomainFunctionRequest(
+            functionName.ToUpperInvariant(),
+            expression,
+            domain,
+            string.IsNullOrWhiteSpace(criteria) ? null : criteria));
+    }
+
+    private static DateTime? AddDateInterval(string interval, DateTime date, long amount)
+    {
+        try
+        {
+            return NormalizeInterval(interval) switch
+            {
+                "yyyy" => date.AddYears((int)amount),
+                "q" => date.AddMonths((int)amount * 3),
+                "m" => date.AddMonths((int)amount),
+                "y" or "d" or "w" => date.AddDays(amount),
+                "ww" => date.AddDays(amount * 7),
+                "h" => date.AddHours(amount),
+                "n" => date.AddMinutes(amount),
+                "s" => date.AddSeconds(amount),
+                _ => null,
+            };
+        }
+        catch
+        {
+            return null;
+        }
+    }
+
+    private static long? DiffDateInterval(string interval, DateTime start, DateTime end)
+        => NormalizeInterval(interval) switch
+        {
+            "yyyy" => end.Year - start.Year,
+            "q" => ((end.Year - start.Year) * 4) + ((end.Month - 1) / 3) - ((start.Month - 1) / 3),
+            "m" => ((end.Year - start.Year) * 12) + end.Month - start.Month,
+            "y" or "d" or "w" => (long)(end.Date - start.Date).TotalDays,
+            "ww" => (long)Math.Floor((end.Date - start.Date).TotalDays / 7),
+            "h" => (long)(end - start).TotalHours,
+            "n" => (long)(end - start).TotalMinutes,
+            "s" => (long)(end - start).TotalSeconds,
+            _ => null,
+        };
+
+    private static long? GetDatePart(string interval, DateTime date)
+        => NormalizeInterval(interval) switch
+        {
+            "yyyy" => date.Year,
+            "q" => ((date.Month - 1) / 3) + 1,
+            "m" => date.Month,
+            "y" => date.DayOfYear,
+            "d" => date.Day,
+            "w" => ((int)date.DayOfWeek) + 1,
+            "ww" => ISOWeek.GetWeekOfYear(date),
+            "h" => date.Hour,
+            "n" => date.Minute,
+            "s" => date.Second,
+            _ => null,
+        };
+
+    private static string NormalizeInterval(string interval)
+        => interval.Trim().Trim('"', '\'').ToLowerInvariant();
+
+    private static string Left(string value, long count)
+    {
+        int length = Math.Clamp((int)count, 0, value.Length);
+        return value[..length];
+    }
+
+    private static string Right(string value, long count)
+    {
+        int length = Math.Clamp((int)count, 0, value.Length);
+        return value[(value.Length - length)..];
+    }
+
+    private static double ParseLeadingNumber(string text)
+    {
+        text = text.TrimStart();
+        if (text.Length == 0)
+            return 0;
+
+        int index = 0;
+        if (text[index] is '+' or '-')
+            index++;
+
+        bool hasDigit = false;
+        bool hasDecimal = false;
+        while (index < text.Length)
+        {
+            char ch = text[index];
+            if (char.IsDigit(ch))
+            {
+                hasDigit = true;
+                index++;
+                continue;
+            }
+
+            if (ch == '.' && !hasDecimal)
+            {
+                hasDecimal = true;
+                index++;
+                continue;
+            }
+
+            break;
+        }
+
+        if (!hasDigit)
+            return 0;
+
+        if (index < text.Length && text[index] is 'e' or 'E')
+        {
+            int exponentStart = index;
+            index++;
+            if (index < text.Length && text[index] is '+' or '-')
+                index++;
+
+            bool hasExponentDigit = false;
+            while (index < text.Length && char.IsDigit(text[index]))
+            {
+                hasExponentDigit = true;
+                index++;
+            }
+
+            if (!hasExponentDigit)
+                index = exponentStart;
+        }
+
+        return double.TryParse(text[..index], NumberStyles.Float, CultureInfo.InvariantCulture, out double result)
+            ? result
+            : 0;
+    }
+
+    private static object? FormatValue(object? value, string format)
+    {
+        value = NormalizeValue(value);
+        if (value is null)
+            return null;
+
+        try
+        {
+            if (value is DateTime dateTime)
+                return dateTime.ToString(format, CultureInfo.InvariantCulture);
+
+            if (value is TimeSpan time)
+                return time.ToString(format, CultureInfo.InvariantCulture);
+
+            if (TryConvertDouble(value, out double number))
+                return number.ToString(format, CultureInfo.InvariantCulture);
+
+            if (value is IFormattable formattable)
+                return formattable.ToString(format, CultureInfo.InvariantCulture);
+        }
+        catch
+        {
+            return ToFormulaString(value);
+        }
+
+        return ToFormulaString(value);
+    }
+
+    private static bool Compare(object? left, object? right, string op)
+    {
+        int comparison = CompareValues(left, right);
+        return op switch
+        {
+            "=" or "==" => comparison == 0,
+            "!=" or "<>" => comparison != 0,
+            ">" => comparison > 0,
+            ">=" => comparison >= 0,
+            "<" => comparison < 0,
+            "<=" => comparison <= 0,
+            _ => false,
+        };
+    }
+
+    private static int CompareValues(object? left, object? right)
+    {
+        left = NormalizeValue(left);
+        right = NormalizeValue(right);
+
+        if (left is null || right is null)
+            return left is null && right is null ? 0 : left is null ? -1 : 1;
+
+        if (TryConvertDouble(left, out double leftNumber) && TryConvertDouble(right, out double rightNumber))
+            return leftNumber.CompareTo(rightNumber);
+
+        if (TryConvertDateTime(left, out DateTime leftDate) && TryConvertDateTime(right, out DateTime rightDate))
+            return leftDate.CompareTo(rightDate);
+
+        if (TryConvertBoolean(left, out bool leftBool) && TryConvertBoolean(right, out bool rightBool))
+            return leftBool.CompareTo(rightBool);
+
+        return string.Compare(ToFormulaString(left), ToFormulaString(right), StringComparison.OrdinalIgnoreCase);
+    }
+
+    private static bool IsTruthy(object? value)
+    {
+        value = NormalizeValue(value);
+        if (value is null)
+            return false;
+
+        if (value is bool boolean)
+            return boolean;
+
+        if (TryConvertDouble(value, out double number))
+            return Math.Abs(number) > double.Epsilon;
+
+        string text = ToFormulaString(value);
+        if (bool.TryParse(text, out bool parsed))
+            return parsed;
+
+        return !string.IsNullOrWhiteSpace(text);
+    }
+
+    private static bool IsNullOrEmpty(object? value)
+    {
+        value = NormalizeValue(value);
+        return value is null || value is string text && text.Length == 0;
+    }
+
+    private static bool TryConvertDouble(object? value, out double result)
+    {
+        value = NormalizeValue(value);
+        switch (value)
+        {
+            case byte number:
+                result = number;
+                return true;
+            case sbyte number:
+                result = number;
+                return true;
+            case short number:
+                result = number;
+                return true;
+            case ushort number:
+                result = number;
+                return true;
+            case int number:
+                result = number;
+                return true;
+            case uint number:
+                result = number;
+                return true;
+            case long number:
+                result = number;
+                return true;
+            case ulong number:
+                result = number;
+                return true;
+            case float number:
+                result = number;
+                return true;
+            case double number:
+                result = number;
+                return true;
+            case decimal number:
+                result = (double)number;
+                return true;
+            case bool boolean:
+                result = boolean ? 1 : 0;
+                return true;
+            case string text:
+                return double.TryParse(text, NumberStyles.Float | NumberStyles.AllowThousands, CultureInfo.InvariantCulture, out result);
+            default:
+                result = 0;
+                return false;
+        }
+    }
+
+    private static bool TryConvertLong(object? value, out long result)
+    {
+        value = NormalizeValue(value);
+        switch (value)
+        {
+            case byte number:
+                result = number;
+                return true;
+            case sbyte number:
+                result = number;
+                return true;
+            case short number:
+                result = number;
+                return true;
+            case ushort number:
+                result = number;
+                return true;
+            case int number:
+                result = number;
+                return true;
+            case uint number:
+                result = number;
+                return true;
+            case long number:
+                result = number;
+                return true;
+            case float or double or decimal:
+                if (TryConvertDouble(value, out double numeric))
+                {
+                    result = Convert.ToInt64(Math.Round(numeric, MidpointRounding.ToEven), CultureInfo.InvariantCulture);
+                    return true;
+                }
+
+                break;
+            case string text when long.TryParse(text, NumberStyles.Integer, CultureInfo.InvariantCulture, out long integer):
+                result = integer;
+                return true;
+            case string text when double.TryParse(text, NumberStyles.Float | NumberStyles.AllowThousands, CultureInfo.InvariantCulture, out double real):
+                result = Convert.ToInt64(Math.Round(real, MidpointRounding.ToEven), CultureInfo.InvariantCulture);
+                return true;
+        }
+
+        result = 0;
+        return false;
+    }
+
+    private static bool TryConvertBoolean(object? value, out bool result)
+    {
+        value = NormalizeValue(value);
+        switch (value)
+        {
+            case bool boolean:
+                result = boolean;
+                return true;
+            case string text:
+                if (bool.TryParse(text, out result))
+                    return true;
+                if (string.Equals(text, "yes", StringComparison.OrdinalIgnoreCase) ||
+                    string.Equals(text, "y", StringComparison.OrdinalIgnoreCase))
+                {
+                    result = true;
+                    return true;
+                }
+                if (string.Equals(text, "no", StringComparison.OrdinalIgnoreCase) ||
+                    string.Equals(text, "n", StringComparison.OrdinalIgnoreCase))
+                {
+                    result = false;
+                    return true;
+                }
+                if (TryConvertDouble(text, out double numericText))
+                {
+                    result = Math.Abs(numericText) > double.Epsilon;
+                    return true;
+                }
+                break;
+            default:
+                if (TryConvertDouble(value, out double numeric))
+                {
+                    result = Math.Abs(numeric) > double.Epsilon;
+                    return true;
+                }
+                break;
+        }
+
+        result = false;
+        return false;
+    }
+
+    private static bool TryConvertDateTime(object? value, out DateTime result)
+    {
+        value = NormalizeValue(value);
+        switch (value)
+        {
+            case DateTime dateTime:
+                result = dateTime;
+                return true;
+            case DateTimeOffset dateTimeOffset:
+                result = dateTimeOffset.LocalDateTime;
+                return true;
+            case DateOnly dateOnly:
+                result = dateOnly.ToDateTime(TimeOnly.MinValue);
+                return true;
+            case string text:
+                if (DateTime.TryParse(text, CultureInfo.InvariantCulture, DateTimeStyles.AllowWhiteSpaces, out result) ||
+                    DateTime.TryParse(text, CultureInfo.CurrentCulture, DateTimeStyles.AllowWhiteSpaces, out result))
+                {
+                    return true;
+                }
+                break;
+            default:
+                if (TryConvertDouble(value, out double numeric))
+                {
+                    try
+                    {
+                        result = DateTime.FromOADate(numeric);
+                        return true;
+                    }
+                    catch
+                    {
+                    }
+                }
+                break;
+        }
+
+        result = default;
+        return false;
+    }
+
+    private static bool TryConvertTime(object? value, out TimeSpan result)
+    {
+        value = NormalizeValue(value);
+        switch (value)
+        {
+            case TimeSpan timeSpan:
+                result = timeSpan;
+                return true;
+            case TimeOnly timeOnly:
+                result = timeOnly.ToTimeSpan();
+                return true;
+            case DateTime dateTime:
+                result = dateTime.TimeOfDay;
+                return true;
+            case DateTimeOffset dateTimeOffset:
+                result = dateTimeOffset.TimeOfDay;
+                return true;
+            case string text:
+                if (TimeSpan.TryParse(text, CultureInfo.InvariantCulture, out result))
+                    return true;
+                if (DateTime.TryParse(text, CultureInfo.InvariantCulture, DateTimeStyles.AllowWhiteSpaces, out DateTime parsedDate))
+                {
+                    result = parsedDate.TimeOfDay;
+                    return true;
+                }
+                break;
+        }
+
+        result = default;
+        return false;
+    }
+
+    private static string ToFormulaString(object? value)
+    {
+        value = NormalizeValue(value);
+        return value switch
+        {
+            null => string.Empty,
+            DateTime dateTime => dateTime.TimeOfDay == TimeSpan.Zero
+                ? dateTime.ToString("yyyy-MM-dd", CultureInfo.InvariantCulture)
+                : dateTime.ToString("yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture),
+            DateTimeOffset dateTimeOffset => dateTimeOffset.ToString("yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture),
+            TimeSpan timeSpan => timeSpan.ToString(@"hh\:mm\:ss", CultureInfo.InvariantCulture),
+            bool boolean => boolean ? "True" : "False",
+            IFormattable formattable => formattable.ToString(null, CultureInfo.InvariantCulture),
+            _ => Convert.ToString(value, CultureInfo.InvariantCulture) ?? string.Empty,
+        };
+    }
+
+    private static object? NormalizeValue(object? value)
+        => value is JsonElement json ? NormalizeJsonValue(json) : value;
+
+    private static object? NormalizeJsonValue(JsonElement value)
+        => value.ValueKind switch
+        {
+            JsonValueKind.Null => null,
+            JsonValueKind.True => true,
+            JsonValueKind.False => false,
+            JsonValueKind.String => value.GetString(),
+            JsonValueKind.Number when value.TryGetInt64(out long integer) => integer,
+            JsonValueKind.Number => value.GetDouble(),
+            _ => value.ToString(),
+        };
+
+    private static DbValue ToDbValue(object? value)
+    {
+        value = NormalizeValue(value);
+        return value switch
+        {
+            null => DbValue.Null,
+            DbValue dbValue => dbValue,
+            bool boolean => DbValue.FromInteger(boolean ? 1 : 0),
+            byte or sbyte or short or ushort or int or uint or long => DbValue.FromInteger(Convert.ToInt64(value, CultureInfo.InvariantCulture)),
+            float or double or decimal => DbValue.FromReal(Convert.ToDouble(value, CultureInfo.InvariantCulture)),
+            string text => DbValue.FromText(text),
+            byte[] bytes => DbValue.FromBlob(bytes),
+            DateTime or DateTimeOffset or DateOnly or TimeOnly or TimeSpan => DbValue.FromText(ToFormulaString(value)),
+            _ => DbValue.FromText(Convert.ToString(value, CultureInfo.InvariantCulture) ?? string.Empty),
+        };
+    }
+
+    private static object? FromDbValue(DbValue value) => value.Type switch
+    {
+        DbType.Null => null,
+        DbType.Integer => value.AsInteger,
+        DbType.Real => value.AsReal,
+        DbType.Text => value.AsText,
+        DbType.Blob => value.AsBlob,
+        _ => null,
+    };
+
+    private static bool TryReadFunctionArguments(
+        ReadOnlySpan<char> input,
+        int openParen,
+        out string argumentsText,
+        out int closeParen)
+    {
+        int depth = 0;
+        for (int i = openParen; i < input.Length; i++)
+        {
+            char ch = input[i];
+            if (ch is '\'' or '"')
+            {
+                i = SkipQuoted(input, i, ch);
+                continue;
+            }
+
+            if (ch == '[')
+            {
+                i = SkipBracketed(input, i);
+                continue;
+            }
+
+            if (ch == '(')
+            {
+                depth++;
+                continue;
+            }
+
+            if (ch == ')')
+            {
+                depth--;
+                if (depth == 0)
+                {
+                    argumentsText = input[(openParen + 1)..i].ToString();
+                    closeParen = i;
+                    return true;
+                }
+            }
+        }
+
+        argumentsText = string.Empty;
+        closeParen = -1;
+        return false;
+    }
+
+    private static string[] SplitTopLevelArguments(string argumentsText)
+    {
+        if (string.IsNullOrWhiteSpace(argumentsText))
+            return [];
+
+        var arguments = new List<string>();
+        int start = 0;
+        int depth = 0;
+        bool inBracket = false;
+        char quote = '\0';
+        for (int i = 0; i < argumentsText.Length; i++)
+        {
+            char ch = argumentsText[i];
+            if (quote != '\0')
+            {
+                if (ch == quote)
+                {
+                    if (i + 1 < argumentsText.Length && argumentsText[i + 1] == quote)
+                    {
+                        i++;
+                        continue;
+                    }
+
+                    quote = '\0';
+                }
+
+                continue;
+            }
+
+            if (inBracket)
+            {
+                if (ch == ']')
+                    inBracket = false;
+                continue;
+            }
+
+            if (ch is '\'' or '"')
+            {
+                quote = ch;
+                continue;
+            }
+
+            if (ch == '[')
+            {
+                inBracket = true;
+                continue;
+            }
+
+            if (ch == '(')
+            {
+                depth++;
+                continue;
+            }
+
+            if (ch == ')')
+            {
+                depth--;
+                continue;
+            }
+
+            if (ch == ',' && depth == 0)
+            {
+                arguments.Add(argumentsText[start..i].Trim());
+                start = i + 1;
+            }
+        }
+
+        arguments.Add(argumentsText[start..].Trim());
+        return arguments.Any(static argument => argument.Length == 0) ? [] : arguments.ToArray();
+    }
+
+    private static bool TryReadLiteralText(string token, out string? value)
+    {
+        value = null;
+        token = token.Trim();
+        if (token.Length == 0)
+            return false;
+
+        if (token.Length >= 2 && token[0] is '\'' or '"' && token[^1] == token[0])
+        {
+            char quote = token[0];
+            value = token[1..^1].Replace($"{quote}{quote}", quote.ToString(), StringComparison.Ordinal);
+            return true;
+        }
+
+        if (token.StartsWith('[') && token.EndsWith(']') && token.Length > 2)
+        {
+            value = token[1..^1].Trim();
+            return value.Length > 0;
+        }
+
+        if (IsValidIdentifier(token))
+        {
+            value = token;
+            return true;
+        }
+
+        return false;
+    }
+
+    private static int SkipQuoted(ReadOnlySpan<char> input, int start, char quote)
+    {
+        for (int i = start + 1; i < input.Length; i++)
+        {
+            if (input[i] != quote)
+                continue;
+
+            if (i + 1 < input.Length && input[i + 1] == quote)
+            {
+                i++;
+                continue;
+            }
+
+            return i;
+        }
+
+        return input.Length - 1;
+    }
+
+    private static int SkipBracketed(ReadOnlySpan<char> input, int start)
+    {
+        for (int i = start + 1; i < input.Length; i++)
+        {
+            if (input[i] == ']')
+                return i;
+        }
+
+        return input.Length - 1;
+    }
+
+    private static bool IsIdentifierStart(char value)
+        => char.IsLetter(value) || value == '_';
+
+    private static bool IsIdentifierPart(char value)
+        => char.IsLetterOrDigit(value) || value == '_';
+
+    private static IReadOnlyDictionary<string, string>? CreateFormCallbackMetadata(string functionName)
+        => DbCallbackDiagnostics.IsInvocationEnabled
+            ? new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["surface"] = "AdminForms",
+                ["location"] = $"formulas.functions.{functionName}",
+                ["correlationId"] = Guid.NewGuid().ToString("N"),
+            }
+            : null;
 }
diff --git a/src/CSharpDB.Admin.Forms/Evaluation/FormulaFunctionCatalog.cs b/src/CSharpDB.Admin.Forms/Evaluation/FormulaFunctionCatalog.cs
new file mode 100644
index 00000000..dd7214ef
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Evaluation/FormulaFunctionCatalog.cs
@@ -0,0 +1,94 @@
+namespace CSharpDB.Admin.Forms.Evaluation;
+
+public sealed record FormulaFunctionDescriptor(
+    string Name,
+    string Category,
+    string Signature,
+    string Description,
+    string Example,
+    string InsertText);
+
+public static class FormulaFunctionCatalog
+{
+    public static IReadOnlyList<FormulaFunctionDescriptor> ExpressionFunctions { get; } =
+    [
+        new("Nz", "Null and Conditional", "Nz(value, fallback)", "Returns fallback when value is null or empty.", "=Nz(Quantity, 0)", "Nz(value, fallback)"),
+        new("IsNull", "Null and Conditional", "IsNull(value)", "Returns true when value is null.", "=IsNull(ClosedDate)", "IsNull(value)"),
+        new("IsEmpty", "Null and Conditional", "IsEmpty(value)", "Returns true when value is null or empty text.", "=IsEmpty(Notes)", "IsEmpty(value)"),
+        new("IIf", "Null and Conditional", "IIf(condition, trueValue, falseValue)", "Returns one of two values based on a condition.", "=IIf(Status = 'Closed', 'Done', 'Open')", "IIf(condition, trueValue, falseValue)"),
+        new("Switch", "Null and Conditional", "Switch(condition1, value1, ...)", "Returns the first value whose condition is true.", "=Switch(Priority = 1, 'High', Priority = 2, 'Normal')", "Switch(condition1, value1, condition2, value2)"),
+        new("Choose", "Null and Conditional", "Choose(index, value1, value2, ...)", "Returns the value at a 1-based position.", "=Choose(StatusCode, 'New', 'Open', 'Closed')", "Choose(index, value1, value2)"),
+
+        new("Len", "Text", "Len(value)", "Returns text length.", "=Len(CustomerName)", "Len(value)"),
+        new("Left", "Text", "Left(value, count)", "Returns characters from the left side.", "=Left(CustomerCode, 3)", "Left(value, count)"),
+        new("Right", "Text", "Right(value, count)", "Returns characters from the right side.", "=Right(OrderNumber, 4)", "Right(value, count)"),
+        new("Mid", "Text", "Mid(value, start, count)", "Returns characters from the middle of text.", "=Mid(ProductCode, 2, 3)", "Mid(value, start, count)"),
+        new("Trim", "Text", "Trim(value)", "Trims leading and trailing spaces.", "=Trim(CustomerName)", "Trim(value)"),
+        new("LTrim", "Text", "LTrim(value)", "Trims leading spaces.", "=LTrim(Code)", "LTrim(value)"),
+        new("RTrim", "Text", "RTrim(value)", "Trims trailing spaces.", "=RTrim(Code)", "RTrim(value)"),
+        new("UCase", "Text", "UCase(value)", "Converts text to uppercase.", "=UCase(CustomerName)", "UCase(value)"),
+        new("LCase", "Text", "LCase(value)", "Converts text to lowercase.", "=LCase(Email)", "LCase(value)"),
+        new("InStr", "Text", "InStr(value, search)", "Returns the 1-based position of search text, or 0.", "=InStr(Email, '@')", "InStr(value, search)"),
+        new("Replace", "Text", "Replace(value, search, replacement)", "Replaces matching text.", "=Replace(Phone, '-', '')", "Replace(value, search, replacement)"),
+        new("StrComp", "Text", "StrComp(left, right, comparison)", "Compares two strings and returns -1, 0, or 1.", "=StrComp(Code, 'A1', 'text')", "StrComp(left, right, 'text')"),
+        new("Val", "Text", "Val(value)", "Parses leading numeric text.", "=Val(QuantityText)", "Val(value)"),
+
+        new("Date", "Date and Time", "Date()", "Returns today's date.", "=Date()", "Date()"),
+        new("Time", "Date and Time", "Time()", "Returns the current time.", "=Time()", "Time()"),
+        new("Now", "Date and Time", "Now()", "Returns the current date and time.", "=Now()", "Now()"),
+        new("Year", "Date and Time", "Year(value)", "Returns the year number.", "=Year(OrderDate)", "Year(value)"),
+        new("Month", "Date and Time", "Month(value)", "Returns the month number.", "=Month(OrderDate)", "Month(value)"),
+        new("Day", "Date and Time", "Day(value)", "Returns the day of month.", "=Day(OrderDate)", "Day(value)"),
+        new("Hour", "Date and Time", "Hour(value)", "Returns the hour.", "=Hour(UpdatedAt)", "Hour(value)"),
+        new("Minute", "Date and Time", "Minute(value)", "Returns the minute.", "=Minute(UpdatedAt)", "Minute(value)"),
+        new("Second", "Date and Time", "Second(value)", "Returns the second.", "=Second(UpdatedAt)", "Second(value)"),
+        new("DateAdd", "Date and Time", "DateAdd(interval, amount, value)", "Adds a date/time interval.", "=DateAdd('d', 7, OrderDate)", "DateAdd('d', amount, value)"),
+        new("DateDiff", "Date and Time", "DateDiff(interval, start, end)", "Returns the difference between dates.", "=DateDiff('d', OrderDate, Date())", "DateDiff('d', start, end)"),
+        new("DatePart", "Date and Time", "DatePart(interval, value)", "Returns a date/time part.", "=DatePart('q', OrderDate)", "DatePart('q', value)"),
+        new("DateSerial", "Date and Time", "DateSerial(year, month, day)", "Builds a date.", "=DateSerial(Year(Date()), 1, 1)", "DateSerial(year, month, day)"),
+        new("TimeSerial", "Date and Time", "TimeSerial(hour, minute, second)", "Builds a time value.", "=TimeSerial(17, 0, 0)", "TimeSerial(hour, minute, second)"),
+        new("Weekday", "Date and Time", "Weekday(value)", "Returns day of week as 1 through 7.", "=Weekday(OrderDate)", "Weekday(value)"),
+        new("MonthName", "Date and Time", "MonthName(month)", "Returns the month name.", "=MonthName(Month(OrderDate))", "MonthName(month)"),
+
+        new("Abs", "Number and Conversion", "Abs(value)", "Returns absolute value.", "=Abs(Balance)", "Abs(value)"),
+        new("Round", "Number and Conversion", "Round(value, digits)", "Rounds a number.", "=Round(Amount, 2)", "Round(value, digits)"),
+        new("Int", "Number and Conversion", "Int(value)", "Rounds down to an integer.", "=Int(Amount)", "Int(value)"),
+        new("Fix", "Number and Conversion", "Fix(value)", "Truncates toward zero.", "=Fix(Amount)", "Fix(value)"),
+        new("Sgn", "Number and Conversion", "Sgn(value)", "Returns -1, 0, or 1.", "=Sgn(Balance)", "Sgn(value)"),
+        new("CStr", "Number and Conversion", "CStr(value)", "Converts a value to text.", "=CStr(OrderId)", "CStr(value)"),
+        new("CInt", "Number and Conversion", "CInt(value)", "Converts a value to an integer.", "=CInt(QuantityText)", "CInt(value)"),
+        new("CLng", "Number and Conversion", "CLng(value)", "Converts a value to a long integer.", "=CLng(IdText)", "CLng(value)"),
+        new("CDbl", "Number and Conversion", "CDbl(value)", "Converts a value to a double.", "=CDbl(AmountText)", "CDbl(value)"),
+        new("CBool", "Number and Conversion", "CBool(value)", "Converts a value to boolean.", "=CBool(IsActive)", "CBool(value)"),
+        new("CDate", "Number and Conversion", "CDate(value)", "Converts a value to date/time.", "=CDate(DateText)", "CDate(value)"),
+        new("Format", "Number and Conversion", "Format(value, format)", "Formats a number, date, time, or text.", "=Format(Amount, '0.00')", "Format(value, format)"),
+
+        new("DLookup", "Domain", "DLookup(expr, domain, criteria)", "Returns one value from another table/query.", "=DLookup('Name', 'Customers', 'CustomerId = 1')", "DLookup('FieldName', 'TableName', 'Field = value')"),
+        new("DCount", "Domain", "DCount(expr, domain, criteria)", "Counts matching rows in another table/query.", "=DCount('*', 'Orders', 'Status = ''Open''')", "DCount('*', 'TableName', 'Field = value')"),
+        new("DSum", "Domain", "DSum(expr, domain, criteria)", "Sums matching rows in another table/query.", "=DSum('Amount', 'OrderLines', 'OrderId = 1')", "DSum('FieldName', 'TableName', 'Field = value')"),
+        new("DAvg", "Domain", "DAvg(expr, domain, criteria)", "Averages matching rows in another table/query.", "=DAvg('Amount', 'OrderLines', 'OrderId = 1')", "DAvg('FieldName', 'TableName', 'Field = value')"),
+        new("DMin", "Domain", "DMin(expr, domain, criteria)", "Returns the minimum matching value.", "=DMin('Amount', 'OrderLines', 'OrderId = 1')", "DMin('FieldName', 'TableName', 'Field = value')"),
+        new("DMax", "Domain", "DMax(expr, domain, criteria)", "Returns the maximum matching value.", "=DMax('Amount', 'OrderLines', 'OrderId = 1')", "DMax('FieldName', 'TableName', 'Field = value')"),
+    ];
+
+    public static IReadOnlyList<FormulaFunctionDescriptor> AggregateFunctions { get; } =
+    [
+        new("SUM", "Child Aggregates", "SUM(Table.Field)", "Sums child-row values for the current parent record.", "=SUM(OrderLines.Amount)", "SUM(Table.Field)"),
+        new("COUNT", "Child Aggregates", "COUNT(Table.Field)", "Counts child-row values for the current parent record.", "=COUNT(OrderLines.Id)", "COUNT(Table.Field)"),
+        new("AVG", "Child Aggregates", "AVG(Table.Field)", "Averages child-row values for the current parent record.", "=AVG(OrderLines.Amount)", "AVG(Table.Field)"),
+        new("MIN", "Child Aggregates", "MIN(Table.Field)", "Returns the minimum child-row value.", "=MIN(OrderLines.Amount)", "MIN(Table.Field)"),
+        new("MAX", "Child Aggregates", "MAX(Table.Field)", "Returns the maximum child-row value.", "=MAX(OrderLines.Amount)", "MAX(Table.Field)"),
+    ];
+
+    public static IReadOnlyList<FormulaFunctionDescriptor> AllFunctions { get; } =
+        ExpressionFunctions.Concat(AggregateFunctions).ToArray();
+
+    public static IReadOnlyList<string> Categories { get; } =
+        AllFunctions
+            .Select(static function => function.Category)
+            .Distinct(StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+    public static IReadOnlyCollection<string> BuiltInFunctionNames { get; } =
+        ExpressionFunctions.Select(static function => function.Name).ToArray();
+}
diff --git a/src/CSharpDB.Admin.Forms/Models/ControlDefinition.cs b/src/CSharpDB.Admin.Forms/Models/ControlDefinition.cs
index a1b02b12..cde54234 100644
--- a/src/CSharpDB.Admin.Forms/Models/ControlDefinition.cs
+++ b/src/CSharpDB.Admin.Forms/Models/ControlDefinition.cs
@@ -7,4 +7,5 @@ public sealed record ControlDefinition(
     BindingDefinition? Binding,
     PropertyBag Props,
     ValidationOverride? ValidationOverride,
-    IReadOnlyDictionary<string, object?>? RendererHints = null);
+    IReadOnlyDictionary<string, object?>? RendererHints = null,
+    IReadOnlyList<ControlEventBinding>? EventBindings = null);
diff --git a/src/CSharpDB.Admin.Forms/Models/ControlEventBinding.cs b/src/CSharpDB.Admin.Forms/Models/ControlEventBinding.cs
new file mode 100644
index 00000000..c4f21be1
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Models/ControlEventBinding.cs
@@ -0,0 +1,18 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Models;
+
+public enum ControlEventKind
+{
+    OnClick,
+    OnChange,
+    OnGotFocus,
+    OnLostFocus,
+}
+
+public sealed record ControlEventBinding(
+    ControlEventKind Event,
+    string CommandName,
+    IReadOnlyDictionary<string, object?>? Arguments = null,
+    bool StopOnFailure = true,
+    DbActionSequence? ActionSequence = null);
diff --git a/src/CSharpDB.Admin.Forms/Models/ControlRuleDefinition.cs b/src/CSharpDB.Admin.Forms/Models/ControlRuleDefinition.cs
new file mode 100644
index 00000000..69919c5b
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Models/ControlRuleDefinition.cs
@@ -0,0 +1,12 @@
+namespace CSharpDB.Admin.Forms.Models;
+
+public sealed record ControlRuleDefinition(
+    string RuleId,
+    string Condition,
+    IReadOnlyList<ControlRuleEffect> Effects,
+    string? Description = null);
+
+public sealed record ControlRuleEffect(
+    string ControlId,
+    string Property,
+    object? Value);
diff --git a/src/CSharpDB.Admin.Forms/Models/FormAttachmentTableBinding.cs b/src/CSharpDB.Admin.Forms/Models/FormAttachmentTableBinding.cs
new file mode 100644
index 00000000..e2bd8111
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Models/FormAttachmentTableBinding.cs
@@ -0,0 +1,11 @@
+namespace CSharpDB.Admin.Forms.Models;
+
+public sealed record FormAttachmentTableBinding(
+    string TableName,
+    string ForeignKeyField,
+    string BlobField,
+    string? FileNameField = null,
+    string? ContentTypeField = null,
+    string? FileSizeField = null,
+    string? ControlIdField = null,
+    string? ControlId = null);
diff --git a/src/CSharpDB.Admin.Forms/Models/FormAttachmentValue.cs b/src/CSharpDB.Admin.Forms/Models/FormAttachmentValue.cs
new file mode 100644
index 00000000..f60b6eec
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Models/FormAttachmentValue.cs
@@ -0,0 +1,18 @@
+namespace CSharpDB.Admin.Forms.Models;
+
+public sealed record FormAttachmentValue(
+    byte[]? Bytes,
+    string? FileName,
+    string? ContentType,
+    long? FileSize,
+    bool ClearExisting)
+{
+    public static string GetRecordKey(string controlId)
+        => $"__formAttachment:{controlId}";
+
+    public static FormAttachmentValue FromFile(byte[] bytes, string fileName, string? contentType, long fileSize)
+        => new(bytes, fileName, contentType, fileSize, ClearExisting: false);
+
+    public static FormAttachmentValue Clear()
+        => new(null, null, null, null, ClearExisting: true);
+}
diff --git a/src/CSharpDB.Admin.Forms/Models/FormControlContexts.cs b/src/CSharpDB.Admin.Forms/Models/FormControlContexts.cs
new file mode 100644
index 00000000..d08d511e
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Models/FormControlContexts.cs
@@ -0,0 +1,34 @@
+using CSharpDB.Admin.Forms.Components.Designer;
+
+namespace CSharpDB.Admin.Forms.Models;
+
+public sealed record FormControlDesignContext(
+    ControlDefinition Control,
+    DesignerState State,
+    bool IsSelected,
+    Rect EffectiveRect,
+    FormControlDescriptor Descriptor);
+
+public sealed record FormControlRuntimeContext(
+    FormDefinition Form,
+    ControlDefinition Control,
+    FormControlDescriptor Descriptor,
+    FormTableDefinition? TableDefinition,
+    Dictionary<string, object?> Record,
+    string? FieldName,
+    object? BoundValue,
+    IReadOnlyList<EnumChoice> Choices,
+    bool IsEnabled,
+    bool IsReadOnly,
+    string? ValidationError,
+    int TabIndex,
+    Func<object?, Task> SetValueAsync,
+    Func<ControlEventKind, IReadOnlyDictionary<string, object?>?, Task> DispatchEventAsync);
+
+public sealed record FormControlPropertyContext(
+    ControlDefinition Control,
+    FormControlDescriptor Descriptor,
+    FormTableDefinition? SourceTableDefinition,
+    IReadOnlyList<string>? AvailableTables,
+    IReadOnlyList<FormDefinition>? AvailableForms,
+    Func<string, object?, Task> SetPropertyAsync);
diff --git a/src/CSharpDB.Admin.Forms/Models/FormControlDescriptor.cs b/src/CSharpDB.Admin.Forms/Models/FormControlDescriptor.cs
new file mode 100644
index 00000000..c086e004
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Models/FormControlDescriptor.cs
@@ -0,0 +1,80 @@
+using System.Text.Json;
+using Microsoft.AspNetCore.Components;
+
+namespace CSharpDB.Admin.Forms.Models;
+
+public sealed record FormControlDescriptor
+{
+    public required string ControlType { get; init; }
+    public required string DisplayName { get; init; }
+    public string ToolboxGroup { get; init; } = "Custom";
+    public string IconText { get; init; } = "?";
+    public string? Description { get; init; }
+    public double DefaultWidth { get; init; } = 320;
+    public double DefaultHeight { get; init; } = 34;
+    public bool SupportsBinding { get; init; } = true;
+    public bool ParticipatesInTabOrder { get; init; } = true;
+    public bool ShowInToolbox { get; init; } = true;
+    public int ToolboxGroupOrder { get; init; } = 100;
+    public int ToolboxOrder { get; init; } = 100;
+    public IReadOnlyDictionary<string, object?> DefaultProps { get; init; } =
+        new Dictionary<string, object?>();
+    public IReadOnlyList<FormControlPropertyDescriptor> PropertyDescriptors { get; init; } =
+        [];
+    public Type? DesignerPreviewComponentType { get; init; }
+    public Type? RuntimeComponentType { get; init; }
+    public Type? PropertyEditorComponentType { get; init; }
+    public bool ReplaceBuiltInRuntime { get; init; }
+    public bool IsBuiltIn { get; init; }
+
+    public Dictionary<string, object?> CreateDefaultProps()
+        => DefaultProps.ToDictionary(pair => pair.Key, pair => CloneDefaultValue(pair.Value), StringComparer.Ordinal);
+
+    private static object? CloneDefaultValue(object? value)
+    {
+        if (value is null)
+            return null;
+
+        if (value is JsonElement json)
+            return json.Clone();
+
+        if (value is object?[] array)
+            return array.Select(CloneDefaultValue).ToArray();
+
+        if (value is IReadOnlyDictionary<string, object?> readOnlyDictionary)
+            return readOnlyDictionary.ToDictionary(pair => pair.Key, pair => CloneDefaultValue(pair.Value), StringComparer.Ordinal);
+
+        if (value is IDictionary<string, object?> dictionary)
+            return dictionary.ToDictionary(pair => pair.Key, pair => CloneDefaultValue(pair.Value), StringComparer.Ordinal);
+
+        return value;
+    }
+
+    public static void ValidateComponentType(Type? componentType, string propertyName)
+    {
+        if (componentType is not null && !typeof(IComponent).IsAssignableFrom(componentType))
+            throw new ArgumentException($"{propertyName} must implement {nameof(IComponent)}.", propertyName);
+    }
+}
+
+public sealed record FormControlPropertyDescriptor
+{
+    public required string Name { get; init; }
+    public required string Label { get; init; }
+    public FormControlPropertyEditor Editor { get; init; } = FormControlPropertyEditor.Text;
+    public object? DefaultValue { get; init; }
+    public string? Placeholder { get; init; }
+    public string? HelpText { get; init; }
+    public IReadOnlyList<FormControlPropertyOption> Options { get; init; } = [];
+}
+
+public sealed record FormControlPropertyOption(string Value, string Label);
+
+public enum FormControlPropertyEditor
+{
+    Text,
+    TextArea,
+    Number,
+    Checkbox,
+    Select,
+}
diff --git a/src/CSharpDB.Admin.Forms/Models/FormDefinition.cs b/src/CSharpDB.Admin.Forms/Models/FormDefinition.cs
index c823c971..7ed0c3f2 100644
--- a/src/CSharpDB.Admin.Forms/Models/FormDefinition.cs
+++ b/src/CSharpDB.Admin.Forms/Models/FormDefinition.cs
@@ -1,3 +1,5 @@
+using CSharpDB.Primitives;
+
 namespace CSharpDB.Admin.Forms.Models;
 
 public sealed record FormDefinition(
@@ -8,4 +10,9 @@ public sealed record FormDefinition(
     string SourceSchemaSignature,
     LayoutDefinition Layout,
     IReadOnlyList<ControlDefinition> Controls,
-    IReadOnlyDictionary<string, object?>? RendererHints = null);
+    IReadOnlyDictionary<string, object?>? RendererHints = null,
+    IReadOnlyList<FormEventBinding>? EventBindings = null,
+    DbAutomationMetadata? Automation = null,
+    IReadOnlyList<DbActionSequence>? ActionSequences = null,
+    IReadOnlyList<ControlRuleDefinition>? Rules = null,
+    IReadOnlyList<ValidationRule>? ValidationRules = null);
diff --git a/src/CSharpDB.Admin.Forms/Models/FormEventBinding.cs b/src/CSharpDB.Admin.Forms/Models/FormEventBinding.cs
new file mode 100644
index 00000000..754b031c
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Models/FormEventBinding.cs
@@ -0,0 +1,22 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Models;
+
+public enum FormEventKind
+{
+    OnOpen,
+    OnLoad,
+    BeforeInsert,
+    AfterInsert,
+    BeforeUpdate,
+    AfterUpdate,
+    BeforeDelete,
+    AfterDelete,
+}
+
+public sealed record FormEventBinding(
+    FormEventKind Event,
+    string CommandName,
+    IReadOnlyDictionary<string, object?>? Arguments = null,
+    bool StopOnFailure = true,
+    DbActionSequence? ActionSequence = null);
diff --git a/src/CSharpDB.Admin.Forms/Pages/DataEntry.razor b/src/CSharpDB.Admin.Forms/Pages/DataEntry.razor
index a3b12b07..4e4bd379 100644
--- a/src/CSharpDB.Admin.Forms/Pages/DataEntry.razor
+++ b/src/CSharpDB.Admin.Forms/Pages/DataEntry.razor
@@ -1,13 +1,23 @@
 @using System.Globalization
+@using System.Text.Json
+@using CSharpDB.Client
+@using CSharpDB.Client.Models
 @using CSharpDB.Admin.Forms.Contracts
+@using CSharpDB.Admin.Forms.Models
+@using CSharpDB.Primitives
 @implements IDisposable
+@implements IFormActionRuntime
 @inject IFormRepository FormRepository
 @inject IFormRecordService RecordService
 @inject ISchemaProvider SchemaProvider
 @inject IValidationInferenceService ValidationService
+@inject DbFunctionRegistry Functions
+@inject DbExtensionPolicy CallbackPolicy
 @inject IJSRuntime JS
 
-<div class="data-entry-layout" @ref="_layoutRef">
+<div class="@GetDataEntryLayoutClass()" @ref="_layoutRef">
+    @if (ShowToolbar)
+    {
     <div class="de-toolbar">
         @if (!string.IsNullOrWhiteSpace(BackHref))
         {
@@ -60,6 +70,7 @@
             <button class="de-btn" @onclick="OpenDesigner" title="Open in designer">Edit Form</button>
         }
     </div>
+    }
 
     @if (_error is not null)
     {
@@ -90,11 +101,16 @@
                           Choices="_choices"
                           ValidationErrors="_validationErrors"
                           ChildFormTableDefinitions="_childTableDefs"
+                          OnCommandError="OnCommandError"
+                          OnBuiltInAction="ExecuteBuiltInFormActionAsync"
+                          ActionRuntime="this"
+                          ControlPropertyOverrides="_controlPropertyOverrides"
+                          ControlFilters="_controlFilters"
                           OnChildRowsChanged="OnChildRowsChanged" />
         </div>
     }
 
-    @if (_form is not null)
+    @if (_form is not null && ShowRecordList)
     {
         <div class="de-record-resize"
              title="Resize records pane"
@@ -195,8 +211,22 @@
     [Parameter] public string FormId { get; set; } = string.Empty;
     [Parameter] public EventCallback<string> OnOpenDesigner { get; set; }
     [Parameter] public bool ShowDesignerButton { get; set; } = true;
+    [Parameter] public bool ShowToolbar { get; set; } = true;
+    [Parameter] public bool ShowRecordList { get; set; } = true;
+    [Parameter] public bool Embedded { get; set; }
     [Parameter] public string? BackHref { get; set; }
     [Parameter] public string BackLabel { get; set; } = "Forms";
+    [Parameter] public EventCallback<FormOpenRequest> OnOpenForm { get; set; }
+    [Parameter] public EventCallback<FormCloseRequest> OnCloseForm { get; set; }
+    [Parameter] public bool EnableSqlActions { get; set; }
+    [Parameter] public bool EnableProcedureActions { get; set; }
+    [Parameter] public object? InitialRecordId { get; set; }
+    [Parameter] public string? InitialMode { get; set; }
+    [Parameter] public string? InitialFilterExpression { get; set; }
+    [Parameter] public IReadOnlyDictionary<string, object?>? InitialFilterParameters { get; set; }
+    [Inject] public IFormEventDispatcher FormEvents { get; set; } = NullFormEventDispatcher.Instance;
+    [Inject] public ICSharpDbClient? DbClient { get; set; }
+    [Inject] public NavigationManager? Navigation { get; set; }
 
     private FormDefinition? _form;
     private FormTableDefinition? _table;
@@ -220,23 +250,33 @@
     private string _searchValue = string.Empty;
     private string? _activeSearchColumnName;
     private string? _activeSearchValue;
+    private string? _activeFilterExpression;
+    private FormFilterExpression? _activeFilter;
+    private IReadOnlyDictionary<string, object?>? _activeFilterParameters;
     private readonly Stack<Dictionary<string, object?>> _undoStack = new();
     private readonly Stack<Dictionary<string, object?>> _redoStack = new();
     private Dictionary<string, string>? _validationErrors;
     private readonly Dictionary<string, FormTableDefinition> _childTableDefs = new(StringComparer.OrdinalIgnoreCase);
+    private readonly Dictionary<string, FormTableDefinition> _formulaDomainTableDefs = new(StringComparer.OrdinalIgnoreCase);
+    private readonly Dictionary<string, List<Dictionary<string, object?>>> _formulaDomainRows = new(StringComparer.OrdinalIgnoreCase);
     private readonly List<ControlDefinition> _computedControls = [];
     private readonly HashSet<string> _computedFieldNames = new(StringComparer.OrdinalIgnoreCase);
+    private readonly Dictionary<string, IReadOnlyDictionary<string, object?>> _controlPropertyOverrides = new(StringComparer.OrdinalIgnoreCase);
+    private readonly Dictionary<string, ControlFilterState> _controlFilters = new(StringComparer.OrdinalIgnoreCase);
     private string? _loadedFormId;
+    private string _appliedInitialStateKey = string.Empty;
     private ElementReference _layoutRef;
     private ElementReference _recordListRef;
 
     private const int RecordPaneMinWidth = 320;
     private const int RecordPaneMaxWidth = 720;
+    private const int FormulaDomainRowLimit = 5000;
 
     private bool CanOpenDesigner => ShowDesignerButton && OnOpenDesigner.HasDelegate;
     private int TotalPages => Math.Max(1, (int)Math.Ceiling(_totalRecords / (double)_pageSize));
     private int CurrentRecordOrdinal => _isNew || _recordPageIndex < 0 ? 0 : ((_page - 1) * _pageSize) + _recordPageIndex + 1;
     private bool HasActiveSearch => !string.IsNullOrWhiteSpace(_activeSearchColumnName) && !string.IsNullOrWhiteSpace(_activeSearchValue);
+    private bool HasActiveFilter => _activeFilter is not null && !string.IsNullOrWhiteSpace(_activeFilterExpression);
     private bool HasAnySearchInput => HasActiveSearch || !string.IsNullOrWhiteSpace(_searchValue);
     private bool CanApplySearch => !string.IsNullOrWhiteSpace(_searchColumnName) && !string.IsNullOrWhiteSpace(_searchValue);
     private bool SupportsPrimaryKeyNavigation => _table?.HasSinglePrimaryKey == true;
@@ -250,18 +290,40 @@
         ? !_isNew && _recordPageIndex >= 0 && (_recordPageIndex < _records.Count - 1 || _hasFocusedNextRecords)
         : !_isNew && CurrentRecordOrdinal < _totalRecords;
 
+    private string GetDataEntryLayoutClass()
+    {
+        List<string> classes = ["data-entry-layout"];
+        if (!ShowRecordList)
+            classes.Add("data-entry-no-record-list");
+        if (!ShowToolbar)
+            classes.Add("data-entry-no-toolbar");
+        if (Embedded)
+            classes.Add("data-entry-embedded");
+
+        return string.Join(" ", classes);
+    }
+
     protected override async Task OnParametersSetAsync()
     {
-        if (string.IsNullOrWhiteSpace(FormId) || string.Equals(_loadedFormId, FormId, StringComparison.Ordinal))
+        if (string.IsNullOrWhiteSpace(FormId))
+            return;
+
+        string initialStateKey = BuildInitialStateKey();
+        if (!string.Equals(_loadedFormId, FormId, StringComparison.Ordinal))
+        {
+            _loadedFormId = FormId;
+            _appliedInitialStateKey = string.Empty;
+            await LoadAsync();
             return;
+        }
 
-        _loadedFormId = FormId;
-        await LoadAsync();
+        if (_form is not null && !string.Equals(_appliedInitialStateKey, initialStateKey, StringComparison.Ordinal))
+            await ApplyInitialEntryStateAsync();
     }
 
     protected override async Task OnAfterRenderAsync(bool firstRender)
     {
-        if (!firstRender)
+        if (!firstRender || !ShowRecordList)
             return;
 
         try
@@ -299,8 +361,13 @@
         _error = null;
         _validationErrors = null;
         _childTableDefs.Clear();
+        _formulaDomainTableDefs.Clear();
+        _formulaDomainRows.Clear();
         _computedControls.Clear();
         _computedFieldNames.Clear();
+        _controlPropertyOverrides.Clear();
+        _controlFilters.Clear();
+        ClearFilterState();
 
         try
         {
@@ -322,9 +389,16 @@
             await LoadChildTableDefinitionsAsync(_form);
             CacheComputedControls(_form);
 
+            if (!await DispatchFormEventAsync(FormEventKind.OnOpen))
+                return;
+
             InitializeSearchState();
             _page = 1;
             await LoadRecordPageAsync(_page);
+            if (_error is null)
+                await ApplyInitialEntryStateAsync();
+            if (_error is null)
+                await DispatchFormEventAsync(FormEventKind.OnLoad, _currentRecord);
         }
         catch (Exception ex)
         {
@@ -332,6 +406,94 @@
         }
     }
 
+    private async Task ApplyInitialEntryStateAsync()
+    {
+        _appliedInitialStateKey = BuildInitialStateKey();
+        if (_table is null)
+            return;
+
+        string? mode = InitialMode?.Trim();
+        if (string.Equals(mode, "new", StringComparison.OrdinalIgnoreCase))
+        {
+            if (SupportsWriteOperations)
+                NewRecord();
+            return;
+        }
+
+        if (!string.IsNullOrWhiteSpace(InitialFilterExpression))
+        {
+            if (!FormFilterExpression.TryParse(InitialFilterExpression, _table, out FormFilterExpression? parsed, out string? filterError))
+            {
+                _error = $"Initial filter is invalid: {filterError}";
+                return;
+            }
+
+            IReadOnlyDictionary<string, object?> parameters = InitialFilterParameters ?? EmptyObjectDictionary.Instance;
+            string? missingParameter = parsed!.Parameters.FirstOrDefault(parameter => !parameters.ContainsKey(parameter));
+            if (missingParameter is not null)
+            {
+                _error = $"Initial filter is missing parameter '@{missingParameter}'.";
+                return;
+            }
+
+            _activeFilterExpression = InitialFilterExpression;
+            _activeFilter = parsed;
+            _activeFilterParameters = parameters;
+            ClearSearchState(clearPendingValue: true);
+            await LoadRecordPageAsync(1, preserveCurrentRecordWhenEmpty: _currentRecord.Count > 0 || _isNew);
+        }
+
+        if (InitialRecordId is not null)
+            await NavigateToInitialRecordAsync(InitialRecordId);
+    }
+
+    private async Task NavigateToInitialRecordAsync(object initialRecordId)
+    {
+        FormFieldDefinition? primaryKeyField = GetPrimaryKeyField();
+        if (primaryKeyField is null)
+        {
+            _error = "Initial record navigation requires a form source with a single primary key column.";
+            return;
+        }
+
+        string rawValue = NormalizeActionValue(initialRecordId)?.ToString() ?? string.Empty;
+        if (string.IsNullOrWhiteSpace(rawValue))
+            return;
+
+        if (!TryParseFieldValue(primaryKeyField, rawValue, out object? parsedValue, out string? validationError) || parsedValue is null)
+        {
+            _error = validationError ?? $"'{rawValue}' is not a valid {GetPrimaryKeyLabel()} value.";
+            return;
+        }
+
+        ClearSearchState(clearPendingValue: true);
+        await NavigateToRecordAsync(parsedValue);
+    }
+
+    private string BuildInitialStateKey()
+        => string.Join(
+            "|",
+            FormId,
+            InitialMode?.Trim() ?? string.Empty,
+            FormatInitialStateValue(InitialRecordId),
+            InitialFilterExpression?.Trim() ?? string.Empty,
+            FormatInitialParameterKey(InitialFilterParameters));
+
+    private static string FormatInitialParameterKey(IReadOnlyDictionary<string, object?>? parameters)
+    {
+        if (parameters is null || parameters.Count == 0)
+            return string.Empty;
+
+        return string.Join(
+            "\u001f",
+            parameters
+                .OrderBy(pair => pair.Key, StringComparer.OrdinalIgnoreCase)
+                .Select(pair => $"{pair.Key}={FormatInitialStateValue(pair.Value)}"));
+    }
+
+    private static string FormatInitialStateValue(object? value)
+        => value is null ? "<null>" : $"{value.GetType().FullName}:{value}";
+
     private async Task<IReadOnlyDictionary<string, IReadOnlyList<EnumChoice>>> LoadChoicesAsync(FormDefinition form, FormTableDefinition table)
     {
         var choices = new Dictionary<string, IReadOnlyList<EnumChoice>>(StringComparer.OrdinalIgnoreCase);
@@ -342,15 +504,18 @@
                 choices[field.Name] = field.Choices;
         }
 
-        foreach (var control in form.Controls.Where(control => control.ControlType == "lookup"))
+        foreach (var control in form.Controls.Where(FormChoiceResolver.UsesLookupChoices))
         {
             string? bindingField = control.Binding?.FieldName;
-            string? lookupTableName = control.Props.Values.TryGetValue("lookupTable", out var lookupTable) ? lookupTable?.ToString() : null;
-            string? displayField = control.Props.Values.TryGetValue("displayField", out var display) ? display?.ToString() : null;
-            string? valueField = control.Props.Values.TryGetValue("valueField", out var value) ? value?.ToString() : null;
-
-            if (string.IsNullOrWhiteSpace(bindingField) ||
-                string.IsNullOrWhiteSpace(lookupTableName) ||
+            FormChoiceResolver.TryGetString(control.Props.Values, "lookupTable", out string lookupTableName);
+            FormChoiceResolver.TryGetString(control.Props.Values, "displayField", out string displayField);
+            FormChoiceResolver.TryGetString(control.Props.Values, "valueField", out string valueField);
+            int rowLimit = FormChoiceResolver.ReadInt(control.Props.Values, "rowLimit", 500);
+            IReadOnlyList<string> displayFields = control.Props.Values.TryGetValue("displayFields", out object? fields)
+                ? FormChoiceResolver.ReadStringList(fields)
+                : [];
+
+            if (string.IsNullOrWhiteSpace(lookupTableName) ||
                 string.IsNullOrWhiteSpace(displayField) ||
                 string.IsNullOrWhiteSpace(valueField))
             {
@@ -361,13 +526,16 @@
             if (lookupTableDef is null)
                 continue;
 
-            List<Dictionary<string, object?>> lookupRows = await RecordService.ListRecordsAsync(lookupTableDef);
-            var enumChoices = lookupRows
-                .Select(row => new EnumChoice(LookupField(row, valueField), LookupField(row, displayField)))
-                .Where(choice => !string.IsNullOrWhiteSpace(choice.Value))
-                .ToList();
+            FormRecordPage lookupPage = await RecordService.ListRecordPageAsync(lookupTableDef, 1, Math.Clamp(rowLimit, 1, 5000));
+            IReadOnlyList<EnumChoice> enumChoices = FormChoiceResolver.BuildLookupChoices(
+                lookupPage.Records,
+                valueField,
+                displayField,
+                displayFields);
 
-            choices[bindingField] = enumChoices;
+            choices[control.ControlId] = enumChoices;
+            if (!string.IsNullOrWhiteSpace(bindingField))
+                choices[bindingField] = enumChoices;
         }
 
         return choices;
@@ -411,6 +579,7 @@
         if (!SupportsWriteOperations)
             return;
 
+        _error = null;
         ExitFocusedNavigation();
         _currentRecord = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
         _isNew = true;
@@ -432,11 +601,24 @@
             return;
         }
 
-        var errors = ValidationService.Evaluate(_form, _currentRecord);
+        var errors = await ValidationService.EvaluateAsync(_form, _currentRecord);
         if (errors.Count > 0)
         {
-            _validationErrors = errors.ToDictionary(error => error.FieldName, error => error.Message, StringComparer.OrdinalIgnoreCase);
-            _error = $"Please fix {errors.Count} validation error(s) before saving.";
+            _validationErrors = errors
+                .Where(error => !string.IsNullOrWhiteSpace(error.FieldName))
+                .GroupBy(error => error.FieldName, StringComparer.OrdinalIgnoreCase)
+                .ToDictionary(group => group.Key, group => group.First().Message, StringComparer.OrdinalIgnoreCase);
+
+            string[] globalErrors = errors
+                .Where(error => string.IsNullOrWhiteSpace(error.FieldName))
+                .Select(error => error.Message)
+                .Where(static message => !string.IsNullOrWhiteSpace(message))
+                .Distinct(StringComparer.OrdinalIgnoreCase)
+                .Take(3)
+                .ToArray();
+            _error = globalErrors.Length > 0
+                ? string.Join(" ", globalErrors)
+                : $"Please fix {errors.Count} validation error(s) before saving.";
             return;
         }
 
@@ -451,7 +633,11 @@
 
             if (_isNew)
             {
+                if (!await DispatchFormEventAsync(FormEventKind.BeforeInsert, recordToSave))
+                    return;
+
                 Dictionary<string, object?> created = await RecordService.CreateRecordAsync(_table, recordToSave);
+                await PersistAttachmentTableValuesAsync(recordToSave, created);
                 _currentRecord = CloneRecord(created);
                 _isNew = false;
                 if (TryGetPrimaryKeyValue(created, out object? createdPk) && createdPk is not null)
@@ -463,11 +649,18 @@
                 {
                     await LoadRecordPageAsync(_page);
                 }
+
+                await DispatchFormEventAsync(FormEventKind.AfterInsert, created);
             }
             else if (TryGetPrimaryKeyValue(_currentRecord, out object? pkValue))
             {
+                if (!await DispatchFormEventAsync(FormEventKind.BeforeUpdate, _currentRecord))
+                    return;
+
                 Dictionary<string, object?> updated = await RecordService.UpdateRecordAsync(_table, pkValue!, recordToSave);
+                await PersistAttachmentTableValuesAsync(recordToSave, updated);
                 UpdateVisibleCurrentRecord(updated);
+                await DispatchFormEventAsync(FormEventKind.AfterUpdate, updated);
             }
 
             _dirty = false;
@@ -486,6 +679,77 @@
         }
     }
 
+    private async Task PersistAttachmentTableValuesAsync(
+        IReadOnlyDictionary<string, object?> pendingRecord,
+        IReadOnlyDictionary<string, object?> savedRecord)
+    {
+        if (_form is null || _table is null)
+            return;
+
+        foreach (ControlDefinition control in _form.Controls.Where(IsAttachmentTableControl))
+        {
+            string pendingKey = FormAttachmentValue.GetRecordKey(control.ControlId);
+            if (!pendingRecord.TryGetValue(pendingKey, out object? pendingValue) || pendingValue is not FormAttachmentValue attachment)
+                continue;
+
+            FormAttachmentTableBinding binding = BuildAttachmentTableBinding(control);
+            string parentKeyField = GetControlStringProp(control, "parentKeyField");
+            if (string.IsNullOrWhiteSpace(parentKeyField))
+                parentKeyField = RecordService.GetPrimaryKeyColumn(_table);
+
+            object? parentValue = ReadRecordValue(savedRecord, parentKeyField) ?? ReadRecordValue(pendingRecord, parentKeyField);
+            if (parentValue is null || string.IsNullOrWhiteSpace(parentValue.ToString()))
+                throw new InvalidOperationException($"Attachment control '{control.ControlId}' requires parent key field '{parentKeyField}'.");
+
+            await RecordService.SaveAttachmentAsync(binding, parentValue, attachment);
+        }
+    }
+
+    private static bool IsAttachmentTableControl(ControlDefinition control)
+        => control.ControlType is "attachment" or "image" &&
+           string.Equals(GetControlStringProp(control, "storageMode"), "attachmentTable", StringComparison.OrdinalIgnoreCase);
+
+    private static FormAttachmentTableBinding BuildAttachmentTableBinding(ControlDefinition control)
+    {
+        string tableName = GetControlStringProp(control, "attachmentTable");
+        string foreignKeyField = GetControlStringProp(control, "attachmentForeignKeyField");
+        string blobField = GetControlStringProp(control, "attachmentBlobField");
+
+        if (string.IsNullOrWhiteSpace(tableName) ||
+            string.IsNullOrWhiteSpace(foreignKeyField) ||
+            string.IsNullOrWhiteSpace(blobField))
+        {
+            throw new InvalidOperationException($"Attachment control '{control.ControlId}' is missing attachment table, foreign key field, or blob field.");
+        }
+
+        return new FormAttachmentTableBinding(
+            tableName,
+            foreignKeyField,
+            blobField,
+            NullIfWhiteSpace(GetControlStringProp(control, "attachmentFileNameField")),
+            NullIfWhiteSpace(GetControlStringProp(control, "attachmentContentTypeField")),
+            NullIfWhiteSpace(GetControlStringProp(control, "attachmentFileSizeField")),
+            NullIfWhiteSpace(GetControlStringProp(control, "attachmentControlIdField")),
+            control.ControlId);
+    }
+
+    private static string GetControlStringProp(ControlDefinition control, string key)
+        => FormChoiceResolver.TryGetString(control.Props.Values, key, out string value)
+            ? value
+            : string.Empty;
+
+    private static object? ReadRecordValue(IReadOnlyDictionary<string, object?> record, string key)
+    {
+        if (record.TryGetValue(key, out object? value))
+            return value;
+
+        string? actualKey = record.Keys.FirstOrDefault(candidate => string.Equals(candidate, key, StringComparison.OrdinalIgnoreCase));
+        return actualKey is null ? null : record[actualKey];
+    }
+
+    private static string? NullIfWhiteSpace(string value)
+        => string.IsNullOrWhiteSpace(value) ? null : value;
+
     private async Task DeleteRecord()
     {
         if (_table is null || !TryGetPrimaryKeyValue(_currentRecord, out object? pkValue))
@@ -501,9 +765,14 @@
 
         try
         {
+            var deletedRecord = CloneRecord(_currentRecord);
+            if (!await DispatchFormEventAsync(FormEventKind.BeforeDelete, deletedRecord))
+                return;
+
             int preferredPageIndex = _recordPageIndex;
             await RecordService.DeleteRecordAsync(_table, pkValue!);
             await LoadRecordPageAsync(_page, preferredPageIndex: preferredPageIndex);
+            await DispatchFormEventAsync(FormEventKind.AfterDelete, deletedRecord);
         }
         catch (Exception ex)
         {
@@ -566,6 +835,11 @@
         _redoStack.Clear();
     }
 
+    private void OnCommandError(string message)
+    {
+        _error = message;
+    }
+
     private async Task OnFieldChanged(string fieldName)
     {
         _dirty = true;
@@ -605,6 +879,790 @@
 
     private Task PrintRecord() => JS.InvokeVoidAsync("window.print").AsTask();
 
+    private async Task<FormEventDispatchResult> ExecuteBuiltInFormActionAsync(DbActionStep step, CancellationToken ct)
+    {
+        try
+        {
+            return await ExecuteBuiltInFormActionCoreAsync(step, ct);
+        }
+        finally
+        {
+            await RefreshDataEntryStateAsync();
+        }
+    }
+
+    private async Task<FormEventDispatchResult> ExecuteBuiltInFormActionCoreAsync(DbActionStep step, CancellationToken ct)
+    {
+        ct.ThrowIfCancellationRequested();
+        _error = null;
+
+        switch (step.Kind)
+        {
+            case DbActionKind.NewRecord:
+                if (!SupportsWriteOperations)
+                    return FormEventDispatchResult.Failure("NewRecord action requires a writable form source.");
+
+                NewRecord();
+                return FormEventDispatchResult.Success();
+
+            case DbActionKind.SaveRecord:
+                if (!SupportsWriteOperations)
+                    return FormEventDispatchResult.Failure("SaveRecord action requires a writable form source.");
+
+                await SaveRecord();
+                return ToActionResult("SaveRecord");
+
+            case DbActionKind.DeleteRecord:
+                if (!SupportsWriteOperations)
+                    return FormEventDispatchResult.Failure("DeleteRecord action requires a writable form source.");
+
+                if (!HasPersistedCurrentRecord)
+                    return FormEventDispatchResult.Failure("DeleteRecord action requires a persisted current record.");
+
+                await DeleteRecord();
+                return ToActionResult("DeleteRecord");
+
+            case DbActionKind.RefreshRecords:
+                await RefreshCurrentRecordsAsync();
+                return ToActionResult("RefreshRecords");
+
+            case DbActionKind.PreviousRecord:
+                if (!CanGoPreviousRecord)
+                    return FormEventDispatchResult.Failure("PreviousRecord action cannot move before the first record.");
+
+                await PrevRecord();
+                return ToActionResult("PreviousRecord");
+
+            case DbActionKind.NextRecord:
+                if (!CanGoNextRecord)
+                    return FormEventDispatchResult.Failure("NextRecord action cannot move past the last record.");
+
+                await NextRecord();
+                return ToActionResult("NextRecord");
+
+            case DbActionKind.GoToRecord:
+                return await ExecuteGoToRecordActionAsync(step);
+
+            default:
+                return FormEventDispatchResult.Failure($"Unsupported built-in form action '{step.Kind}'.");
+        }
+    }
+
+    public Task<FormEventDispatchResult> ExecuteRecordActionAsync(
+        FormActionRuntimeContext context,
+        DbActionStep step,
+        CancellationToken ct)
+        => ExecuteBuiltInFormActionAsync(step, ct);
+
+    public async Task<FormEventDispatchResult> OpenFormAsync(
+        FormActionRuntimeContext context,
+        string formName,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct)
+    {
+        ct.ThrowIfCancellationRequested();
+        IReadOnlyDictionary<string, object?> resolvedArguments = ResolveActionArguments(context, arguments);
+        FormDefinition? targetForm = await ResolveFormAsync(formName);
+        if (targetForm is null)
+            return FormEventDispatchResult.Failure($"OpenForm target '{formName}' was not found.");
+
+        if (!OnOpenForm.HasDelegate)
+        {
+            if (Navigation is null)
+                return FormEventDispatchResult.Failure("OpenForm action requires a host open-form handler.");
+
+            Navigation.NavigateTo($"/forms/{Uri.EscapeDataString(targetForm.FormId)}");
+            return FormEventDispatchResult.Success();
+        }
+
+        string? mode = TryReadArgumentText(resolvedArguments, "mode", "openMode");
+        object? recordId = TryReadArgumentValue(resolvedArguments, "recordId", "primaryKey", "id");
+        string? filterExpression = TryReadArgumentText(resolvedArguments, "filter", "where");
+        await OnOpenForm.InvokeAsync(new FormOpenRequest(targetForm.FormId, targetForm.Name, resolvedArguments, mode, recordId, filterExpression));
+        return FormEventDispatchResult.Success();
+    }
+
+    public async Task<FormEventDispatchResult> CloseFormAsync(
+        FormActionRuntimeContext context,
+        string? formName,
+        CancellationToken ct)
+    {
+        ct.ThrowIfCancellationRequested();
+        if (!OnCloseForm.HasDelegate)
+            return FormEventDispatchResult.Failure("CloseForm action requires a host close-form handler.");
+
+        await OnCloseForm.InvokeAsync(new FormCloseRequest(_form?.FormId, formName ?? _form?.Name));
+        return FormEventDispatchResult.Success();
+    }
+
+    public async Task<FormEventDispatchResult> ApplyFilterAsync(
+        FormActionRuntimeContext context,
+        string target,
+        string filter,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct)
+    {
+        ct.ThrowIfCancellationRequested();
+        if (_table is null)
+            return FormEventDispatchResult.Failure("ApplyFilter action requires a loaded form source.");
+
+        if (!IsCurrentFormTarget(target))
+            return await ApplyControlFilterAsync(context, target, filter, arguments, ct);
+
+        if (!FormFilterExpression.TryParse(filter, _table, out FormFilterExpression? parsed, out string? filterError))
+            return FormEventDispatchResult.Failure($"ApplyFilter action has an invalid filter expression: {filterError}");
+
+        IReadOnlyDictionary<string, object?> resolvedArguments = BuildActionParameterDictionary(context, arguments);
+        string? missingParameter = parsed!.Parameters.FirstOrDefault(parameter => !resolvedArguments.ContainsKey(parameter));
+        if (missingParameter is not null)
+            return FormEventDispatchResult.Failure($"ApplyFilter action is missing parameter '@{missingParameter}'.");
+
+        _activeFilterExpression = filter;
+        _activeFilter = parsed;
+        _activeFilterParameters = resolvedArguments;
+        ClearSearchState(clearPendingValue: true);
+        await LoadRecordPageAsync(1, preserveCurrentRecordWhenEmpty: _currentRecord.Count > 0 || _isNew);
+        await RefreshDataEntryStateAsync();
+        return ToActionResult("ApplyFilter");
+    }
+
+    public async Task<FormEventDispatchResult> ClearFilterAsync(
+        FormActionRuntimeContext context,
+        string target,
+        CancellationToken ct)
+    {
+        ct.ThrowIfCancellationRequested();
+        if (_table is null)
+            return FormEventDispatchResult.Failure("ClearFilter action requires a loaded form source.");
+
+        if (!IsCurrentFormTarget(target))
+            return await ClearControlFilterAsync(target, ct);
+
+        object? currentPk = TryGetPrimaryKeyValue(_currentRecord, out object? pkValue) ? pkValue : null;
+        ClearFilterState();
+        await LoadRecordPageAsync(1, preferredPk: currentPk, preserveCurrentRecordWhenEmpty: _currentRecord.Count > 0 || _isNew);
+        await RefreshDataEntryStateAsync();
+        return ToActionResult("ClearFilter");
+    }
+
+    public async Task<FormEventDispatchResult> RunSqlAsync(
+        FormActionRuntimeContext context,
+        string sqlOrName,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct)
+    {
+        ct.ThrowIfCancellationRequested();
+        if (!EnableSqlActions)
+            return FormEventDispatchResult.Failure("RunSql action is disabled by host policy.");
+        if (DbClient is null)
+            return FormEventDispatchResult.Failure("RunSql action requires a database client.");
+
+        IReadOnlyDictionary<string, object?> resolvedArguments = BuildActionParameterDictionary(context, arguments);
+        string? sql = await ResolveSqlTextAsync(sqlOrName, ct);
+        if (string.IsNullOrWhiteSpace(sql))
+            return FormEventDispatchResult.Failure($"RunSql action could not resolve SQL operation '{sqlOrName}'.");
+
+        if (!TrySubstituteSqlParameters(sql, resolvedArguments, out string resolvedSql, out string? parameterError))
+            return FormEventDispatchResult.Failure(parameterError ?? "RunSql action has invalid SQL parameters.");
+
+        SqlExecutionResult result = await DbClient.ExecuteSqlAsync(resolvedSql, ct);
+        if (!string.IsNullOrWhiteSpace(result.Error))
+            return FormEventDispatchResult.Failure($"RunSql action failed: {result.Error}");
+
+        if (TryReadArgumentText(resolvedArguments, "setField", "targetField") is { } targetField)
+            await SetRuntimeFieldValueAsync(targetField, ReadScalarResult(result));
+
+        if (ShouldRefreshAfterAction(resolvedArguments, defaultValue: true))
+            await RefreshCurrentRecordsAsync();
+
+        await RefreshDataEntryStateAsync();
+        string message = result.IsQuery
+            ? $"RunSql action returned {result.Rows?.Count ?? 0} row(s)."
+            : $"RunSql action affected {result.RowsAffected} row(s).";
+        FormEventDispatchResult actionResult = ToActionResult("RunSql");
+        return actionResult.Succeeded ? FormEventDispatchResult.Success(message) : actionResult;
+    }
+
+    public async Task<FormEventDispatchResult> RunProcedureAsync(
+        FormActionRuntimeContext context,
+        string procedureName,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct)
+    {
+        ct.ThrowIfCancellationRequested();
+        if (!EnableProcedureActions)
+            return FormEventDispatchResult.Failure("RunProcedure action is disabled by host policy.");
+        if (DbClient is null)
+            return FormEventDispatchResult.Failure("RunProcedure action requires a database client.");
+
+        IReadOnlyDictionary<string, object?> resolvedArguments = BuildExecutableArguments(BuildActionParameterDictionary(context, arguments));
+        ProcedureExecutionResult result = await DbClient.ExecuteProcedureAsync(procedureName, resolvedArguments, ct);
+        if (!result.Succeeded)
+            return FormEventDispatchResult.Failure($"RunProcedure action failed: {result.Error ?? $"Procedure '{procedureName}' failed."}");
+
+        if (ShouldRefreshAfterAction(arguments, defaultValue: true))
+            await RefreshCurrentRecordsAsync();
+
+        await RefreshDataEntryStateAsync();
+        FormEventDispatchResult actionResult = ToActionResult("RunProcedure");
+        return actionResult.Succeeded
+            ? FormEventDispatchResult.Success($"RunProcedure action executed '{procedureName}'.")
+            : actionResult;
+    }
+
+    public async Task<FormEventDispatchResult> SetControlPropertyAsync(
+        FormActionRuntimeContext context,
+        string controlId,
+        string propertyName,
+        object? value,
+        CancellationToken ct)
+    {
+        ct.ThrowIfCancellationRequested();
+        if (_form is null)
+            return FormEventDispatchResult.Failure("SetControlProperty action requires a loaded form.");
+
+        ControlDefinition? control = _form.Controls.FirstOrDefault(candidate => string.Equals(candidate.ControlId, controlId, StringComparison.OrdinalIgnoreCase));
+        if (control is null)
+            return FormEventDispatchResult.Failure($"SetControlProperty action targets unknown control '{controlId}'.");
+
+        string normalizedProperty = NormalizeControlPropertyName(propertyName);
+        object? resolvedValue = ResolveActionValue(value, context);
+        if (string.Equals(normalizedProperty, "value", StringComparison.OrdinalIgnoreCase))
+        {
+            if (string.IsNullOrWhiteSpace(control.Binding?.FieldName))
+                return FormEventDispatchResult.Failure($"SetControlProperty action cannot set value for unbound control '{controlId}'.");
+
+            await SetRuntimeFieldValueAsync(control.Binding.FieldName, resolvedValue);
+            await RefreshDataEntryStateAsync();
+            return FormEventDispatchResult.Success();
+        }
+
+        if (!IsSupportedRuntimeControlProperty(normalizedProperty))
+            return FormEventDispatchResult.Failure($"SetControlProperty action does not support property '{propertyName}'.");
+
+        if (!_controlPropertyOverrides.TryGetValue(control.ControlId, out IReadOnlyDictionary<string, object?>? existing) ||
+            existing is not Dictionary<string, object?> overrides)
+        {
+            overrides = existing?.ToDictionary(pair => pair.Key, pair => pair.Value, StringComparer.OrdinalIgnoreCase)
+                ?? new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+            _controlPropertyOverrides[control.ControlId] = overrides;
+        }
+
+        overrides[normalizedProperty] = NormalizeActionValue(resolvedValue);
+        await RefreshDataEntryStateAsync();
+        return FormEventDispatchResult.Success();
+    }
+
+    private async Task RefreshDataEntryStateAsync()
+    {
+        try
+        {
+            await InvokeAsync(StateHasChanged);
+        }
+        catch (InvalidOperationException ex) when (ex.Message.Contains("render handle", StringComparison.OrdinalIgnoreCase))
+        {
+            // Private unit-test invocations can run before Blazor assigns a render handle.
+        }
+    }
+
+    private FormEventDispatchResult ToActionResult(string actionName)
+        => string.IsNullOrWhiteSpace(_error)
+            ? FormEventDispatchResult.Success()
+            : FormEventDispatchResult.Failure($"{actionName} action failed: {_error}");
+
+    private async Task<FormDefinition?> ResolveFormAsync(string formName)
+    {
+        if (string.IsNullOrWhiteSpace(formName))
+            return null;
+
+        string trimmed = formName.Trim();
+        FormDefinition? direct = await FormRepository.GetAsync(trimmed);
+        if (direct is not null)
+            return direct;
+
+        try
+        {
+            IReadOnlyList<FormDefinition> forms = await FormRepository.ListAsync();
+            return forms.FirstOrDefault(form =>
+                string.Equals(form.FormId, trimmed, StringComparison.OrdinalIgnoreCase) ||
+                string.Equals(form.Name, trimmed, StringComparison.OrdinalIgnoreCase));
+        }
+        catch (NotSupportedException)
+        {
+            return null;
+        }
+    }
+
+    private bool IsCurrentFormTarget(string? target)
+        => string.IsNullOrWhiteSpace(target) ||
+           string.Equals(target, "form", StringComparison.OrdinalIgnoreCase) ||
+           string.Equals(target, _form?.FormId, StringComparison.OrdinalIgnoreCase) ||
+           string.Equals(target, _form?.Name, StringComparison.OrdinalIgnoreCase);
+
+    private async Task<FormEventDispatchResult> ApplyControlFilterAsync(
+        FormActionRuntimeContext context,
+        string target,
+        string filter,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct)
+    {
+        ct.ThrowIfCancellationRequested();
+
+        if (!TryResolveDataGridFilterTarget(target, out ControlDefinition? control, out FormTableDefinition? table, out string? targetError))
+            return FormEventDispatchResult.Failure(targetError ?? $"ApplyFilter target '{target}' is not supported by this rendered form runtime.");
+
+        if (!FormFilterExpression.TryParse(filter, table, out FormFilterExpression? parsed, out string? filterError))
+            return FormEventDispatchResult.Failure($"ApplyFilter action has an invalid filter expression for control '{control!.ControlId}': {filterError}");
+
+        IReadOnlyDictionary<string, object?> resolvedArguments = BuildActionParameterDictionary(context, arguments);
+        string? missingParameter = parsed!.Parameters.FirstOrDefault(parameter => !resolvedArguments.ContainsKey(parameter));
+        if (missingParameter is not null)
+            return FormEventDispatchResult.Failure($"ApplyFilter action is missing parameter '@{missingParameter}'.");
+
+        _controlFilters[control!.ControlId] = new ControlFilterState(filter, resolvedArguments);
+        await RefreshDataEntryStateAsync();
+        return FormEventDispatchResult.Success();
+    }
+
+    private async Task<FormEventDispatchResult> ClearControlFilterAsync(string target, CancellationToken ct)
+    {
+        ct.ThrowIfCancellationRequested();
+
+        if (!TryResolveDataGridFilterTarget(target, out ControlDefinition? control, out _, out string? targetError))
+            return FormEventDispatchResult.Failure(targetError ?? $"ClearFilter target '{target}' is not supported by this rendered form runtime.");
+
+        _controlFilters.Remove(control!.ControlId);
+        await RefreshDataEntryStateAsync();
+        return FormEventDispatchResult.Success();
+    }
+
+    private bool TryResolveDataGridFilterTarget(
+        string target,
+        out ControlDefinition? control,
+        out FormTableDefinition? table,
+        out string? error)
+    {
+        control = null;
+        table = null;
+        error = null;
+
+        if (_form is null)
+        {
+            error = "Control filter actions require a loaded form.";
+            return false;
+        }
+
+        control = _form.Controls.FirstOrDefault(candidate => string.Equals(candidate.ControlId, target, StringComparison.OrdinalIgnoreCase));
+        if (control is null)
+        {
+            error = $"Filter target '{target}' does not match the current form or a known control.";
+            return false;
+        }
+
+        if (!string.Equals(control.ControlType, "datagrid", StringComparison.OrdinalIgnoreCase))
+        {
+            error = $"Filter target '{target}' is not a DataGrid control.";
+            return false;
+        }
+
+        string? childTableName = control.Props.Values.TryGetValue("childTable", out object? childTableValue)
+            ? childTableValue?.ToString()
+            : null;
+        if (string.IsNullOrWhiteSpace(childTableName))
+        {
+            error = $"DataGrid control '{target}' does not have a child table configured.";
+            return false;
+        }
+
+        if (!_childTableDefs.TryGetValue(childTableName, out table))
+        {
+            error = $"DataGrid control '{target}' child table '{childTableName}' was not found.";
+            return false;
+        }
+
+        return true;
+    }
+
+    private IReadOnlyDictionary<string, object?> BuildActionParameterDictionary(
+        FormActionRuntimeContext context,
+        IReadOnlyDictionary<string, object?> arguments)
+    {
+        Dictionary<string, object?> resolved = ResolveActionArguments(context, arguments).ToDictionary(
+            pair => pair.Key,
+            pair => pair.Value,
+            StringComparer.OrdinalIgnoreCase);
+
+        if (resolved.TryGetValue("parameters", out object? nestedParameters))
+        {
+            foreach ((string key, object? value) in ToObjectDictionary(nestedParameters))
+                resolved[key] = ResolveActionValue(value, context);
+        }
+
+        return resolved;
+    }
+
+    private IReadOnlyDictionary<string, object?> ResolveActionArguments(
+        FormActionRuntimeContext context,
+        IReadOnlyDictionary<string, object?> arguments)
+    {
+        if (arguments.Count == 0)
+            return new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+
+        var resolved = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+        foreach ((string key, object? value) in arguments)
+        {
+            if (!string.IsNullOrWhiteSpace(key))
+                resolved[key] = ResolveActionValue(value, context);
+        }
+
+        return resolved;
+    }
+
+    private object? ResolveActionValue(object? value, FormActionRuntimeContext context)
+    {
+        value = NormalizeActionValue(value);
+        if (value is string text)
+        {
+            if (TryResolvePath(text, "$record.", context.Record ?? _currentRecord, out object? recordValue))
+                return recordValue;
+            if (TryResolvePath(text, "$binding.", context.BindingArguments, out object? bindingValue))
+                return bindingValue;
+            if (TryResolvePath(text, "$runtime.", context.RuntimeArguments, out object? runtimeValue))
+                return runtimeValue;
+            if (TryResolvePath(text, "$arguments.", context.StepArguments, out object? argumentValue))
+                return argumentValue;
+        }
+
+        return value;
+    }
+
+    private static bool TryResolvePath(
+        string value,
+        string prefix,
+        IReadOnlyDictionary<string, object?>? source,
+        out object? resolved)
+    {
+        resolved = null;
+        if (source is null || !value.StartsWith(prefix, StringComparison.OrdinalIgnoreCase))
+            return false;
+
+        string key = value[prefix.Length..].Trim();
+        if (key.Length == 0)
+            return false;
+
+        if (source.TryGetValue(key, out resolved))
+            return true;
+
+        string? actualKey = source.Keys.FirstOrDefault(candidate => string.Equals(candidate, key, StringComparison.OrdinalIgnoreCase));
+        if (actualKey is null)
+            return false;
+
+        resolved = source[actualKey];
+        return true;
+    }
+
+    private static object? NormalizeActionValue(object? value)
+    {
+        return value switch
+        {
+            JsonElement json => NormalizeJsonActionValue(json),
+            _ => value,
+        };
+    }
+
+    private static object? NormalizeJsonActionValue(JsonElement value)
+    {
+        return value.ValueKind switch
+        {
+            JsonValueKind.Null => null,
+            JsonValueKind.True => true,
+            JsonValueKind.False => false,
+            JsonValueKind.String => value.GetString(),
+            JsonValueKind.Number => value.TryGetInt64(out long integer) ? integer : value.GetDouble(),
+            JsonValueKind.Object => value.EnumerateObject().ToDictionary(
+                property => property.Name,
+                property => NormalizeJsonActionValue(property.Value),
+                StringComparer.OrdinalIgnoreCase),
+            JsonValueKind.Array => value.EnumerateArray().Select(NormalizeJsonActionValue).ToArray(),
+            _ => value.ToString(),
+        };
+    }
+
+    private static IReadOnlyDictionary<string, object?> ToObjectDictionary(object? value)
+    {
+        value = NormalizeActionValue(value);
+        if (value is IReadOnlyDictionary<string, object?> readOnly)
+            return readOnly;
+
+        if (value is IDictionary<string, object?> dictionary)
+            return dictionary.ToDictionary(pair => pair.Key, pair => pair.Value, StringComparer.OrdinalIgnoreCase);
+
+        return new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+    }
+
+    private static IReadOnlyDictionary<string, object?> BuildExecutableArguments(IReadOnlyDictionary<string, object?> arguments)
+    {
+        var executable = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+        foreach ((string key, object? value) in arguments)
+        {
+            if (key is "mode" or "refresh" or "procedure" or "procedureName" or "sql" or "name" or "setField" or "targetField")
+                continue;
+
+            executable[key] = value;
+        }
+
+        return executable;
+    }
+
+    private async Task<string?> ResolveSqlTextAsync(string sqlOrName, CancellationToken ct)
+    {
+        string trimmed = sqlOrName.Trim();
+        if (LooksLikeSql(trimmed))
+            return trimmed;
+
+        SavedQueryDefinition? savedQuery = await DbClient!.GetSavedQueryAsync(trimmed, ct);
+        return savedQuery?.SqlText;
+    }
+
+    private static bool LooksLikeSql(string value)
+    {
+        string firstWord = value.Split([' ', '\t', '\r', '\n'], StringSplitOptions.RemoveEmptyEntries).FirstOrDefault() ?? string.Empty;
+        return firstWord is "SELECT" or "WITH" or "INSERT" or "UPDATE" or "DELETE" or "CREATE" or "DROP" or "ALTER" or "REPLACE"
+            || firstWord.Equals("SELECT", StringComparison.OrdinalIgnoreCase)
+            || firstWord.Equals("WITH", StringComparison.OrdinalIgnoreCase)
+            || firstWord.Equals("INSERT", StringComparison.OrdinalIgnoreCase)
+            || firstWord.Equals("UPDATE", StringComparison.OrdinalIgnoreCase)
+            || firstWord.Equals("DELETE", StringComparison.OrdinalIgnoreCase)
+            || firstWord.Equals("CREATE", StringComparison.OrdinalIgnoreCase)
+            || firstWord.Equals("DROP", StringComparison.OrdinalIgnoreCase)
+            || firstWord.Equals("ALTER", StringComparison.OrdinalIgnoreCase)
+            || firstWord.Equals("REPLACE", StringComparison.OrdinalIgnoreCase);
+    }
+
+    private static bool TrySubstituteSqlParameters(
+        string sql,
+        IReadOnlyDictionary<string, object?> arguments,
+        out string resolvedSql,
+        out string? error)
+    {
+        var builder = new System.Text.StringBuilder(sql.Length);
+        bool inString = false;
+        for (int i = 0; i < sql.Length;)
+        {
+            char ch = sql[i];
+            if (ch == '\'')
+            {
+                builder.Append(ch);
+                if (inString && i + 1 < sql.Length && sql[i + 1] == '\'')
+                {
+                    builder.Append(sql[i + 1]);
+                    i += 2;
+                    continue;
+                }
+
+                inString = !inString;
+                i++;
+                continue;
+            }
+
+            if (!inString && ch == '@')
+            {
+                int start = i + 1;
+                int end = start;
+                while (end < sql.Length && (char.IsLetterOrDigit(sql[end]) || sql[end] == '_'))
+                    end++;
+
+                if (end == start)
+                {
+                    builder.Append(ch);
+                    i++;
+                    continue;
+                }
+
+                string parameterName = sql[start..end];
+                if (!arguments.TryGetValue(parameterName, out object? value))
+                {
+                    resolvedSql = string.Empty;
+                    error = $"RunSql action is missing parameter '@{parameterName}'.";
+                    return false;
+                }
+
+                builder.Append(FormSql.FormatLiteral(value));
+                i = end;
+                continue;
+            }
+
+            builder.Append(ch);
+            i++;
+        }
+
+        resolvedSql = builder.ToString();
+        error = null;
+        return true;
+    }
+
+    private static object? ReadScalarResult(SqlExecutionResult result)
+        => result.Rows is { Count: > 0 } rows && rows[0].Length > 0
+            ? rows[0][0]
+            : null;
+
+    private static bool ShouldRefreshAfterAction(IReadOnlyDictionary<string, object?> arguments, bool defaultValue)
+        => arguments.TryGetValue("refresh", out object? value)
+            ? ReadBooleanValue(value, defaultValue)
+            : defaultValue;
+
+    private static bool ReadBooleanValue(object? value, bool fallback)
+    {
+        value = NormalizeActionValue(value);
+        return value switch
+        {
+            bool boolean => boolean,
+            long integer => integer != 0,
+            int integer => integer != 0,
+            string text when bool.TryParse(text, out bool parsed) => parsed,
+            string text when long.TryParse(text, NumberStyles.Integer, CultureInfo.InvariantCulture, out long parsed) => parsed != 0,
+            _ => fallback,
+        };
+    }
+
+    private static string? TryReadArgumentText(
+        IReadOnlyDictionary<string, object?> arguments,
+        params string[] keys)
+    {
+        foreach (string key in keys)
+        {
+            if (arguments.TryGetValue(key, out object? value))
+            {
+                string? text = NormalizeActionValue(value)?.ToString()?.Trim();
+                if (!string.IsNullOrWhiteSpace(text))
+                    return text;
+            }
+        }
+
+        return null;
+    }
+
+    private static object? TryReadArgumentValue(
+        IReadOnlyDictionary<string, object?> arguments,
+        params string[] keys)
+    {
+        foreach (string key in keys)
+        {
+            if (arguments.TryGetValue(key, out object? value))
+                return NormalizeActionValue(value);
+        }
+
+        return null;
+    }
+
+    private async Task SetRuntimeFieldValueAsync(string fieldName, object? value)
+    {
+        string key = _currentRecord.Keys.FirstOrDefault(candidate => string.Equals(candidate, fieldName, StringComparison.OrdinalIgnoreCase))
+            ?? fieldName;
+
+        _undoStack.Push(CloneRecord(_currentRecord));
+        _redoStack.Clear();
+        _currentRecord[key] = NormalizeActionValue(value);
+        _dirty = true;
+
+        if (_recordPageIndex >= 0 && _recordPageIndex < _records.Count)
+            _records[_recordPageIndex] = CloneRecord(_currentRecord);
+
+        _validationErrors?.Remove(key);
+        if (_computedControls.Count > 0)
+            await EvaluateComputedFields();
+    }
+
+    private static string NormalizeControlPropertyName(string propertyName)
+    {
+        string trimmed = propertyName.Trim();
+        return trimmed.Equals("readonly", StringComparison.OrdinalIgnoreCase)
+            ? "readOnly"
+            : trimmed;
+    }
+
+    private static bool IsSupportedRuntimeControlProperty(string propertyName)
+        => propertyName is "visible" or "enabled" or "readOnly" or "required" or "styleVariant" or "validationMessage" or "text" or "placeholder";
+
+    private async Task<FormEventDispatchResult> ExecuteGoToRecordActionAsync(DbActionStep step)
+    {
+        if (_table is null)
+            return FormEventDispatchResult.Failure("GoToRecord action requires a loaded form source.");
+
+        FormFieldDefinition? primaryKeyField = GetPrimaryKeyField();
+        if (primaryKeyField is null)
+            return FormEventDispatchResult.Failure("GoToRecord action requires a form source with a single primary key column.");
+
+        object? requestedValue = ReadActionValue(step);
+        if (requestedValue is null && !string.IsNullOrWhiteSpace(step.Target))
+            TryGetFieldValue(_currentRecord, step.Target, out requestedValue);
+
+        if (requestedValue is null)
+            return FormEventDispatchResult.Failure("GoToRecord action requires a record value.");
+
+        string rawValue = requestedValue.ToString() ?? string.Empty;
+        if (!TryParseFieldValue(primaryKeyField, rawValue, out object? parsedValue, out string? validationError))
+            return FormEventDispatchResult.Failure(validationError ?? $"'{rawValue}' is not a valid {GetPrimaryKeyLabel()} value.");
+
+        if (parsedValue is null)
+            return FormEventDispatchResult.Failure($"'{rawValue}' is not a valid {GetPrimaryKeyLabel()} value.");
+
+        ClearSearchState(clearPendingValue: true);
+        await NavigateToRecordAsync(parsedValue);
+        return ToActionResult("GoToRecord");
+    }
+
+    private async Task RefreshCurrentRecordsAsync()
+    {
+        if (_table is null)
+            return;
+
+        object? currentPk = TryGetPrimaryKeyValue(_currentRecord, out object? pkValue) ? pkValue : null;
+        if (currentPk is not null)
+        {
+            await NavigateToRecordAsync(currentPk);
+            return;
+        }
+
+        await LoadRecordPageAsync(_page, preserveCurrentRecordWhenEmpty: _currentRecord.Count > 0 || _isNew);
+    }
+
+    private static object? ReadActionValue(DbActionStep step)
+    {
+        if (step.Value is not null)
+            return step.Value;
+
+        if (step.Arguments is null)
+            return null;
+
+        if (step.Arguments.TryGetValue("value", out object? value))
+            return value;
+
+        if (step.Arguments.TryGetValue("recordId", out object? recordId))
+            return recordId;
+
+        return step.Arguments.TryGetValue("primaryKey", out object? primaryKey) ? primaryKey : null;
+    }
+
+    private async Task<bool> DispatchFormEventAsync(
+        FormEventKind eventKind,
+        IReadOnlyDictionary<string, object?>? record = null)
+    {
+        if (_form is null)
+            return true;
+
+        FormEventDispatchResult result = FormEvents is DefaultFormEventDispatcher defaultDispatcher
+            ? await defaultDispatcher.DispatchAsync(_form, eventKind, record, this)
+            : await FormEvents.DispatchAsync(_form, eventKind, record);
+        if (result.Succeeded)
+            return true;
+
+        _error = string.IsNullOrWhiteSpace(result.Message)
+            ? $"Form event '{eventKind}' failed."
+            : result.Message;
+        return false;
+    }
+
     private void OnGoToRecordInput(ChangeEventArgs e) => _goToRecordValue = e.Value?.ToString() ?? string.Empty;
 
     private void OnSearchColumnChanged(ChangeEventArgs e) => _searchColumnName = e.Value?.ToString() ?? string.Empty;
@@ -657,6 +1715,7 @@
 
         _activeSearchColumnName = _searchColumnName;
         _activeSearchValue = requestedValue;
+        ClearFilterState();
         _searchValue = requestedValue;
         _page = 1;
         _error = null;
@@ -704,9 +1763,11 @@
 
         try
         {
-            FormRecordPage page = HasActiveSearch
-                ? await RecordService.SearchRecordPageAsync(_table, _activeSearchColumnName!, _activeSearchValue!, pageNumber, _pageSize)
-                : await RecordService.ListRecordPageAsync(_table, pageNumber, _pageSize);
+            FormRecordPage page = HasActiveFilter
+                ? await LoadFilteredRecordPageAsync(pageNumber)
+                : HasActiveSearch
+                    ? await RecordService.SearchRecordPageAsync(_table, _activeSearchColumnName!, _activeSearchValue!, pageNumber, _pageSize)
+                    : await RecordService.ListRecordPageAsync(_table, pageNumber, _pageSize);
             _records = page.Records.Select(CloneRecord).ToList();
             _page = page.PageNumber;
             _pageSize = page.PageSize;
@@ -773,6 +1834,34 @@
         return 0;
     }
 
+    private async Task<FormRecordPage> LoadFilteredRecordPageAsync(int pageNumber)
+    {
+        if (_table is null || _activeFilter is null)
+            return new FormRecordPage(1, _pageSize, 0, []);
+
+        List<Dictionary<string, object?>> filtered = await GetFilteredRecordsAsync();
+        int totalPages = filtered.Count == 0 ? 1 : (int)Math.Ceiling(filtered.Count / (double)_pageSize);
+        int effectivePage = Math.Clamp(pageNumber, 1, totalPages);
+        List<Dictionary<string, object?>> pageRecords = filtered
+            .Skip((effectivePage - 1) * _pageSize)
+            .Take(_pageSize)
+            .ToList();
+
+        return new FormRecordPage(effectivePage, _pageSize, filtered.Count, pageRecords);
+    }
+
+    private async Task<List<Dictionary<string, object?>>> GetFilteredRecordsAsync()
+    {
+        if (_table is null || _activeFilter is null)
+            return [];
+
+        List<Dictionary<string, object?>> rows = await RecordService.ListRecordsAsync(_table);
+        return rows
+            .Where(row => _activeFilter.Evaluate(row, _activeFilterParameters))
+            .Select(CloneRecord)
+            .ToList();
+    }
+
     private async Task LoadFocusedRecordWindowAsync(object pkValue)
     {
         if (_table is null)
@@ -862,9 +1951,17 @@
         if (_table is null)
             return;
 
-        int? ordinal = HasActiveSearch
-            ? await RecordService.GetRecordOrdinalAsync(_table, pkValue, _activeSearchColumnName!, _activeSearchValue!)
-            : await RecordService.GetRecordOrdinalAsync(_table, pkValue);
+        int? ordinal = HasActiveFilter
+            ? await GetFilteredRecordOrdinalAsync(pkValue)
+            : HasActiveSearch
+                ? await RecordService.GetRecordOrdinalAsync(_table, pkValue, _activeSearchColumnName!, _activeSearchValue!)
+                : await RecordService.GetRecordOrdinalAsync(_table, pkValue);
+
+        if (ordinal is null && HasActiveFilter)
+        {
+            ClearFilterState();
+            ordinal = await RecordService.GetRecordOrdinalAsync(_table, pkValue);
+        }
 
         if (ordinal is null && HasActiveSearch)
         {
@@ -882,6 +1979,22 @@
         await LoadRecordPageAsync(targetPage, preferredPk: pkValue);
     }
 
+    private async Task<int?> GetFilteredRecordOrdinalAsync(object pkValue)
+    {
+        if (_table is null || !_table.HasSinglePrimaryKey)
+            return null;
+
+        string pkColumn = RecordService.GetPrimaryKeyColumn(_table);
+        List<Dictionary<string, object?>> filtered = await GetFilteredRecordsAsync();
+        for (int i = 0; i < filtered.Count; i++)
+        {
+            if (TryGetFieldValue(filtered[i], pkColumn, out object? candidatePk) && AreValuesEqual(candidatePk, pkValue))
+                return i;
+        }
+
+        return null;
+    }
+
     private void UpdateVisibleCurrentRecord(Dictionary<string, object?> updated)
     {
         var clonedRecord = CloneRecord(updated);
@@ -1017,20 +2130,193 @@
             }
             else
             {
-                _currentRecord[fieldName] = FormulaEvaluator.Evaluate(formula, field =>
+                await LoadFormulaDomainReferencesAsync(formula);
+                _currentRecord[fieldName] = FormulaEvaluator.EvaluateValue(formula, field =>
+                {
+                    return TryGetFieldValue(_currentRecord, field, out object? value)
+                        ? value
+                        : null;
+                }, Functions, CallbackPolicy, ResolveFormulaDomainFunction);
+            }
+        }
+    }
+
+    private async Task LoadFormulaDomainReferencesAsync(string formula)
+    {
+        foreach (string domain in FormulaEvaluator.GetDomainReferences(formula))
+        {
+            if (_formulaDomainRows.ContainsKey(domain))
+                continue;
+
+            FormTableDefinition? domainTable = await SchemaProvider.GetTableDefinitionAsync(domain);
+            if (domainTable is null)
+                continue;
+
+            FormRecordPage page = await RecordService.ListRecordPageAsync(domainTable, 1, FormulaDomainRowLimit);
+            _formulaDomainTableDefs[domain] = domainTable;
+            _formulaDomainRows[domain] = page.Records.Select(CloneRecord).ToList();
+        }
+    }
+
+    private object? ResolveFormulaDomainFunction(FormulaDomainFunctionRequest request)
+    {
+        if (!_formulaDomainTableDefs.TryGetValue(request.Domain, out FormTableDefinition? table) ||
+            !_formulaDomainRows.TryGetValue(request.Domain, out List<Dictionary<string, object?>>? rows))
+        {
+            return null;
+        }
+
+        IReadOnlyList<Dictionary<string, object?>> filteredRows = FilterDomainRows(table, rows, request.Criteria);
+        string function = request.FunctionName.ToUpperInvariant();
+        if (function == "DCOUNT")
+        {
+            if (string.Equals(request.Expression.Trim(), "*", StringComparison.Ordinal))
+                return filteredRows.Count;
+
+            return filteredRows.Count(row => ReadDomainExpressionValue(request.Expression, row) is not null);
+        }
+
+        if (function == "DLOOKUP")
+            return filteredRows.Select(row => ReadDomainExpressionValue(request.Expression, row)).FirstOrDefault(value => value is not null);
+
+        IEnumerable<double?> values = filteredRows.Select(row => TryConvertDomainNumber(ReadDomainExpressionValue(request.Expression, row), out double value)
+            ? value
+            : (double?)null);
+
+        return function switch
+        {
+            "DSUM" => FormulaEvaluator.EvaluateAggregate("SUM", values),
+            "DAVG" => FormulaEvaluator.EvaluateAggregate("AVG", values),
+            "DMIN" => FormulaEvaluator.EvaluateAggregate("MIN", values),
+            "DMAX" => FormulaEvaluator.EvaluateAggregate("MAX", values),
+            _ => null,
+        };
+    }
+
+    private static IReadOnlyList<Dictionary<string, object?>> FilterDomainRows(
+        FormTableDefinition table,
+        IReadOnlyList<Dictionary<string, object?>> rows,
+        string? criteria)
+    {
+        if (string.IsNullOrWhiteSpace(criteria))
+            return rows;
+
+        string normalizedCriteria = NormalizeDomainCriteria(criteria, table);
+        return FormFilterExpression.TryParse(normalizedCriteria, table, out FormFilterExpression? filter, out _)
+            ? rows.Where(row => filter!.Evaluate(row)).ToArray()
+            : [];
+    }
+
+    private static object? ReadDomainExpressionValue(string expression, IReadOnlyDictionary<string, object?> row)
+    {
+        string fieldName = NormalizeDomainFieldReference(expression);
+        if (TryGetFieldValue(row, fieldName, out object? value))
+            return value;
+
+        return FormulaEvaluator.EvaluateValue(
+            expression.StartsWith('=') ? expression : $"={expression}",
+            field => TryGetFieldValue(row, field, out object? fieldValue) ? fieldValue : null);
+    }
+
+    private static string NormalizeDomainFieldReference(string expression)
+    {
+        string trimmed = expression.Trim();
+        if (trimmed.StartsWith('[') && trimmed.EndsWith(']') && trimmed.Length > 2)
+            return trimmed[1..^1].Trim();
+
+        return trimmed;
+    }
+
+    private static string NormalizeDomainCriteria(string criteria, FormTableDefinition table)
+    {
+        var fieldNames = new HashSet<string>(table.Fields.Select(static field => field.Name), StringComparer.OrdinalIgnoreCase);
+        var builder = new System.Text.StringBuilder(criteria.Length + 16);
+        for (int i = 0; i < criteria.Length;)
+        {
+            char ch = criteria[i];
+            if (ch is '\'' or '"')
+            {
+                int start = i;
+                i++;
+                while (i < criteria.Length)
                 {
-                    if (TryGetFieldValue(_currentRecord, field, out object? value) && value is not null)
+                    if (criteria[i] == ch)
                     {
-                        if (value is double d) return d;
-                        if (value is long l) return l;
-                        if (value is int i) return i;
-                        if (double.TryParse(value.ToString(), out var parsed)) return parsed;
+                        i++;
+                        if (i < criteria.Length && criteria[i] == ch)
+                        {
+                            i++;
+                            continue;
+                        }
+
+                        break;
                     }
 
-                    return null;
-                });
+                    i++;
+                }
+
+                builder.Append(criteria, start, i - start);
+                continue;
+            }
+
+            if (ch == '[')
+            {
+                int start = i;
+                int end = criteria.IndexOf(']', i + 1);
+                if (end < 0)
+                {
+                    builder.Append(criteria[i..]);
+                    break;
+                }
+
+                builder.Append(criteria, start, end - start + 1);
+                i = end + 1;
+                continue;
+            }
+
+            if (char.IsLetter(ch) || ch == '_')
+            {
+                int start = i;
+                i++;
+                while (i < criteria.Length && (char.IsLetterOrDigit(criteria[i]) || criteria[i] == '_'))
+                    i++;
+
+                string identifier = criteria[start..i];
+                if (fieldNames.Contains(identifier))
+                    builder.Append('[').Append(identifier).Append(']');
+                else
+                    builder.Append(identifier);
+                continue;
             }
+
+            builder.Append(ch);
+            i++;
         }
+
+        return builder.ToString();
+    }
+
+    private static bool TryConvertDomainNumber(object? value, out double result)
+    {
+        value = FormSql.NormalizeValue(value);
+        return value switch
+        {
+            byte number => Set(number, out result),
+            short number => Set(number, out result),
+            int number => Set(number, out result),
+            long number => Set(number, out result),
+            float number => Set(number, out result),
+            double number => Set(number, out result),
+            decimal number => Set((double)number, out result),
+            string text => double.TryParse(text, NumberStyles.Float | NumberStyles.AllowThousands, CultureInfo.InvariantCulture, out result),
+            _ => Set(0, out result, success: false),
+        };
+    }
+
+    private static bool Set(double value, out double result, bool success = true)
+    {
+        result = value;
+        return success;
     }
 
     private (string? ForeignKeyField, string? ParentKeyField) FindChildMapping(string childTableName)
@@ -1119,6 +2405,13 @@
             _searchColumnName = GetDefaultSearchFieldName() ?? string.Empty;
     }
 
+    private void ClearFilterState()
+    {
+        _activeFilterExpression = null;
+        _activeFilter = null;
+        _activeFilterParameters = null;
+    }
+
     private IReadOnlyList<FormFieldDefinition> GetSearchableFields()
     {
         if (_table is null)
@@ -1308,4 +2601,10 @@
         => TryGetFieldValue(record, fieldName, out object? value) && value is not null
             ? value.ToString() ?? string.Empty
             : string.Empty;
+
+    private static class EmptyObjectDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, object?> Instance =
+            new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+    }
 }
diff --git a/src/CSharpDB.Admin.Forms/Pages/Designer.razor b/src/CSharpDB.Admin.Forms/Pages/Designer.razor
index ad904f8e..9615694a 100644
--- a/src/CSharpDB.Admin.Forms/Pages/Designer.razor
+++ b/src/CSharpDB.Admin.Forms/Pages/Designer.razor
@@ -43,6 +43,15 @@
         <div class="toolbar-sep"></div>
         <button class="@(_state.ShowTabOrder ? "toolbar-active" : "")" @onclick="ToggleTabOrder">Tab Order</button>
         <div class="toolbar-sep"></div>
+        <div class="layout-mode-switcher" title="Runtime form layout mode">
+            <button class="@(IsLayoutMode(LayoutModeAbsolute) ? "bp-active" : "")"
+                    @onclick="@(() => SetLayoutMode(LayoutModeAbsolute))"
+                    title="Fixed pixel layout">Fixed</button>
+            <button class="@(IsLayoutMode(LayoutModeElastic) ? "bp-active" : "")"
+                    @onclick="@(() => SetLayoutMode(LayoutModeElastic))"
+                    title="Elastic grid layout">Elastic</button>
+        </div>
+        <div class="toolbar-sep"></div>
         <div class="breakpoint-switcher">
             <button class="@(_state.ActiveBreakpoint == BpMobile ? "bp-active" : "")"
                     @onclick="@(() => SetBreakpoint(BpMobile))"
@@ -73,6 +82,10 @@
     {
         <div class="designer-warning">Select a source before saving this form.</div>
     }
+    else
+    {
+        <MacroValidationPanel Form="_state.ToFormDefinition()" Schema="_currentSourceDefinition" />
+    }
 
     <CascadingValue Value="_state" IsFixed="true">
         <div class="left-panel">
@@ -117,6 +130,7 @@
     private bool _saving;
     private string? _error;
     private string? _schemaWarning;
+    private FormTableDefinition? _currentSourceDefinition;
     private bool _saved;
     private System.Timers.Timer? _savedTimer;
     private bool _editingName;
@@ -217,6 +231,7 @@
             }
 
             var generated = FormGenerator.GenerateDefault(source) with { FormId = string.Empty };
+            _currentSourceDefinition = source;
             _state.LoadForm(generated);
         }
         catch (Exception ex)
@@ -228,6 +243,7 @@
 
     private void LoadBlankDesigner(FormTableDefinition? source)
     {
+        _currentSourceDefinition = source;
         _state.LoadForm(new FormDefinition(
             string.Empty,
             source is null ? "Untitled Form" : $"{source.TableName} Form",
@@ -241,9 +257,12 @@
     private async Task OnTableChanged(ChangeEventArgs e)
     {
         string? tableName = e.Value?.ToString();
+        string previousTableName = _state.TableName;
+        bool shouldUseDefaultName = ShouldUseDefaultFormName(_state.FormName, previousTableName);
         if (string.IsNullOrWhiteSpace(tableName))
         {
             _state.SetTableContext(null);
+            _currentSourceDefinition = null;
             _schemaWarning = null;
             return;
         }
@@ -258,11 +277,10 @@
             }
 
             _state.SetTableContext(source);
-            if (string.IsNullOrWhiteSpace(_state.FormId) &&
-                (_state.FormName == "Untitled Form" || _state.Controls.Count == 0))
+            _currentSourceDefinition = source;
+            if (string.IsNullOrWhiteSpace(_state.FormId) && shouldUseDefaultName)
             {
-                _state.FormName = $"{source.TableName} Form";
-                _state.NotifyChanged();
+                _state.SetFormName($"{source.TableName} Form");
             }
 
             _schemaWarning = null;
@@ -328,6 +346,7 @@
         }
 
         FormTableDefinition? current = await SchemaProvider.GetTableDefinitionAsync(form.TableName);
+        _currentSourceDefinition = current;
         _schemaWarning = current is not null && !string.Equals(current.SourceSchemaSignature, form.SourceSchemaSignature, StringComparison.Ordinal)
             ? "The source schema has changed since this form was last saved."
             : null;
@@ -361,6 +380,16 @@
     private const string BpMobile = "mobile";
     private const string BpTablet = "tablet";
     private const string BpDesktop = "desktop";
+    private const string LayoutModeAbsolute = "absolute";
+    private const string LayoutModeElastic = "elastic";
+
+    private bool IsLayoutMode(string layoutMode)
+        => string.Equals(_state.Layout.LayoutMode, layoutMode, StringComparison.OrdinalIgnoreCase);
+
+    private void SetLayoutMode(string layoutMode)
+    {
+        _state.SetLayoutMode(layoutMode);
+    }
 
     private void SetBreakpoint(string breakpoint)
     {
@@ -380,11 +409,15 @@
     private void CommitNameEdit()
     {
         _editingName = false;
-        string? trimmed = _editNameValue?.Trim();
-        if (!string.IsNullOrEmpty(trimmed))
-            _state.FormName = trimmed;
+        _state.SetFormName(_editNameValue);
     }
 
+    private static bool ShouldUseDefaultFormName(string formName, string? previousTableName)
+        => string.IsNullOrWhiteSpace(formName)
+            || string.Equals(formName, "Untitled Form", StringComparison.Ordinal)
+            || (!string.IsNullOrWhiteSpace(previousTableName)
+                && string.Equals(formName, $"{previousTableName} Form", StringComparison.Ordinal));
+
     private void OnNameKeyDown(KeyboardEventArgs e)
     {
         if (e.Key == "Enter")
diff --git a/src/CSharpDB.Admin.Forms/README.md b/src/CSharpDB.Admin.Forms/README.md
index dad17947..79126d1c 100644
--- a/src/CSharpDB.Admin.Forms/README.md
+++ b/src/CSharpDB.Admin.Forms/README.md
@@ -15,6 +15,10 @@ This project is consumed by `CSharpDB.Admin`. It is not a standalone web host.
 - record paging, search, create, update, and delete services
 - validation rule inference and validation override support
 - child table/tab support for related records
+- trusted command-backed form events and command buttons
+- trusted command-backed selected-control events
+- declarative action sequences for form and selected-control events
+- generated automation metadata for import/export host callback requirements
 
 ## Main Components
 
@@ -39,6 +43,31 @@ using CSharpDB.Admin.Forms.Services;
 builder.Services.AddCSharpDbAdminForms();
 ```
 
+Trusted command callbacks can be registered with the overload:
+
+```csharp
+builder.Services.AddCSharpDbAdminForms(commands =>
+{
+    commands.AddAsyncCommand(
+        "AuditFormOpen",
+        new DbCommandOptions(
+            Description: "Writes a form audit entry.",
+            Timeout: TimeSpan.FromSeconds(5),
+            IsLongRunning: true),
+        async (context, ct) =>
+        {
+            await WriteAuditAsync(context.Metadata["formName"], ct);
+            return DbCommandResult.Success();
+        });
+});
+```
+
+The Forms runtime passes the command cancellation token to trusted callbacks.
+If a command timeout elapses, the runtime reports the timeout through the same
+form-event failure path as other command errors. Command buttons refresh their
+executing state around async callbacks so the clicked button is disabled while
+the callback is in flight.
+
 The extension registers:
 
 - `IFormRepository`
@@ -46,6 +75,8 @@ The extension registers:
 - `IFormRecordService`
 - `IFormGenerator`
 - `IValidationInferenceService`
+- `IFormEventDispatcher`
+- `DbCommandRegistry`
 
 ## Core Contracts
 
@@ -70,11 +101,43 @@ public sealed record FormDefinition(
     string SourceSchemaSignature,
     LayoutDefinition Layout,
     IReadOnlyList<ControlDefinition> Controls,
-    IReadOnlyDictionary<string, object?>? RendererHints = null);
+    IReadOnlyDictionary<string, object?>? RendererHints = null,
+    IReadOnlyList<FormEventBinding>? EventBindings = null,
+    DbAutomationMetadata? Automation = null,
+    IReadOnlyList<DbActionSequence>? ActionSequences = null);
 ```
 
 Controls are stored as `ControlDefinition` records with geometry, binding,
-properties, optional validation overrides, and optional renderer hints.
+properties, optional validation overrides, optional renderer hints, and optional
+`ControlEventBinding` entries for selected control events such as `OnClick`,
+`OnChange`, `OnGotFocus`, and `OnLostFocus`.
+
+Form and control event bindings can reference a trusted command name and can
+optionally include a `DbActionSequence`. Forms can also store reusable named
+action sequences in `ActionSequences`, and event/button sequences can invoke
+them with `RunActionSequence`. Action sequences store declarative steps such as
+`RunCommand`, `RunActionSequence`, `SetFieldValue`, `ShowMessage`, `Stop`,
+`NewRecord`, `SaveRecord`, `DeleteRecord`, `RefreshRecords`, `PreviousRecord`,
+`NextRecord`, and `GoToRecord`; they do not store C# source or serialized
+delegates. The property inspector exposes a visual action-sequence editor on
+form-level and selected-control event bindings plus a reusable action library
+when editing form properties. JSON editing is limited to optional command or
+nested-sequence argument payloads.
+
+The built-in record actions run only in the rendered Forms data-entry runtime.
+Headless form event dispatch can still run command, field, message, and stop
+steps, but navigation and save/delete actions require a rendered form instance.
+
+Every action step can also store a simple condition such as `Status = 'Ready'`,
+`Amount > 0`, or `IsActive`. False conditions skip that step; malformed
+conditions fail through the normal action failure path and honor
+`StopOnFailure`.
+
+`DbFormRepository` regenerates `Automation` on save/load. The manifest records
+trusted command and scalar-function names used by form events, command buttons,
+selected-control events, reusable action sequences, action sequences, and
+computed formulas so exported form JSON tells a host which callbacks it must
+register.
 
 ## Build
 
diff --git a/src/CSharpDB.Admin.Forms/Services/AdminFormsServiceCollectionExtensions.cs b/src/CSharpDB.Admin.Forms/Services/AdminFormsServiceCollectionExtensions.cs
index 29a46c75..4bea54cd 100644
--- a/src/CSharpDB.Admin.Forms/Services/AdminFormsServiceCollectionExtensions.cs
+++ b/src/CSharpDB.Admin.Forms/Services/AdminFormsServiceCollectionExtensions.cs
@@ -1,5 +1,7 @@
 using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Primitives;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 
 namespace CSharpDB.Admin.Forms.Services;
 
@@ -7,11 +9,65 @@ public static class AdminFormsServiceCollectionExtensions
 {
     public static IServiceCollection AddCSharpDbAdminForms(this IServiceCollection services)
     {
+        services.TryAddSingleton(DbCommandRegistry.Empty);
+        services.TryAddSingleton(DbValidationRuleRegistry.Empty);
+        services.TryAddSingleton(DbExtensionPolicies.DefaultHostCallbackPolicy);
+        services.TryAddSingleton<IFormActionRuntime>(NullFormActionRuntime.Instance);
+        services.TryAddFormControlRegistry();
         services.AddScoped<IFormRepository, DbFormRepository>();
         services.AddScoped<ISchemaProvider, DbSchemaProvider>();
         services.AddScoped<IFormRecordService, DbFormRecordService>();
+        services.AddScoped<IFormEventDispatcher, DefaultFormEventDispatcher>();
         services.AddScoped<IFormGenerator, DefaultFormGenerator>();
         services.AddScoped<IValidationInferenceService, DefaultValidationInferenceService>();
         return services;
     }
+
+    public static IServiceCollection AddCSharpDbAdminForms(
+        this IServiceCollection services,
+        Action<DbCommandRegistryBuilder> configureCommands)
+    {
+        ArgumentNullException.ThrowIfNull(configureCommands);
+
+        services.AddSingleton(DbCommandRegistry.Create(configureCommands));
+        return services.AddCSharpDbAdminForms();
+    }
+
+    public static IServiceCollection AddCSharpDbAdminFormValidationRules(
+        this IServiceCollection services,
+        Action<DbValidationRuleRegistryBuilder> configureRules)
+    {
+        ArgumentNullException.ThrowIfNull(configureRules);
+
+        services.AddSingleton(DbValidationRuleRegistry.Create(configureRules));
+        return services.AddCSharpDbAdminForms();
+    }
+
+    public static IServiceCollection AddCSharpDbAdminFormControls(
+        this IServiceCollection services,
+        Action<FormControlRegistryBuilder> configureControls)
+    {
+        ArgumentNullException.ThrowIfNull(configureControls);
+
+        services.AddSingleton<IFormControlRegistryConfiguration>(
+            new DelegateFormControlRegistryConfiguration(configureControls));
+        services.TryAddFormControlRegistry();
+        return services;
+    }
+
+    private static IServiceCollection TryAddFormControlRegistry(this IServiceCollection services)
+    {
+        services.TryAddSingleton<IFormControlRegistry>(sp =>
+        {
+            var builder = new FormControlRegistryBuilder();
+            BuiltInFormControlDescriptors.AddTo(builder);
+
+            foreach (IFormControlRegistryConfiguration configuration in sp.GetServices<IFormControlRegistryConfiguration>())
+                configuration.Configure(builder);
+
+            return builder.Build();
+        });
+
+        return services;
+    }
 }
diff --git a/src/CSharpDB.Admin.Forms/Services/BuiltInFormControlDescriptors.cs b/src/CSharpDB.Admin.Forms/Services/BuiltInFormControlDescriptors.cs
new file mode 100644
index 00000000..76ba2205
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/BuiltInFormControlDescriptors.cs
@@ -0,0 +1,133 @@
+using CSharpDB.Admin.Forms.Models;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+internal static class BuiltInFormControlDescriptors
+{
+    public static void AddTo(FormControlRegistryBuilder builder)
+    {
+        builder
+            .Add(BuiltIn("label", "Label", "Layout", "A", 180, 34, supportsBinding: false, participatesInTabOrder: false, 10, 10, "Static text label",
+                new Dictionary<string, object?> { ["text"] = "Label" }))
+            .Add(BuiltIn("text", "Text", "Input Controls", "\u2328", 320, 34, supportsBinding: true, participatesInTabOrder: true, 20, 10, "Text input field"))
+            .Add(BuiltIn("textarea", "Textarea", "Input Controls", "\u2263", 320, 80, supportsBinding: true, participatesInTabOrder: true, 20, 20, "Multi-line text area"))
+            .Add(BuiltIn("number", "Number", "Input Controls", "#", 320, 34, supportsBinding: true, participatesInTabOrder: true, 20, 30, "Number input field"))
+            .Add(BuiltIn("date", "Date", "Input Controls", "\U0001F4C5", 320, 34, supportsBinding: true, participatesInTabOrder: true, 20, 40, "Date picker"))
+            .Add(BuiltIn("checkbox", "Checkbox", "Input Controls", "\u2611", 200, 34, supportsBinding: true, participatesInTabOrder: true, 20, 50, "Checkbox",
+                new Dictionary<string, object?> { ["text"] = "Checkbox" }))
+            .Add(BuiltIn("radio", "Radio", "Input Controls", "\u25C9", 200, 80, supportsBinding: true, participatesInTabOrder: true, 20, 60, "Radio button group"))
+            .Add(BuiltIn("select", "Select", "Input Controls", "\u25BE", 320, 34, supportsBinding: true, participatesInTabOrder: true, 20, 70, "Dropdown select",
+                ChoiceDefaults()))
+            .Add(BuiltIn("comboBox", "Combo Box", "Input Controls", "\u2327", 320, 34, supportsBinding: true, participatesInTabOrder: true, 20, 80, "Searchable single-select with optional custom entry",
+                ChoiceDefaults(new Dictionary<string, object?> { ["placeholder"] = "Search or select", ["allowCustomValue"] = false })))
+            .Add(BuiltIn("listBox", "List Box", "Input Controls", "\u2630", 260, 120, supportsBinding: true, participatesInTabOrder: true, 20, 90, "Always-visible single-select list",
+                ChoiceDefaults(new Dictionary<string, object?> { ["visibleRows"] = 5, ["multiSelect"] = false, ["multiValueDelimiter"] = ";" })))
+            .Add(BuiltIn("lookup", "Lookup", "Input Controls", "\U0001F50D", 320, 34, supportsBinding: true, participatesInTabOrder: true, 20, 100, "Lookup combo box loaded from a table",
+                new Dictionary<string, object?> { ["lookupTable"] = "", ["displayField"] = "", ["valueField"] = "", ["placeholder"] = "-- Select --" }))
+            .Add(BuiltIn("optionGroup", "Option Group", "Input Controls", "\u25C9", 220, 100, supportsBinding: true, participatesInTabOrder: true, 20, 110, "Bound scalar option group",
+                ChoiceDefaults(new Dictionary<string, object?> { ["orientation"] = "vertical", ["buttonStyle"] = false })))
+            .Add(BuiltIn("toggleButton", "Toggle", "Input Controls", "\u25FC", 160, 34, supportsBinding: true, participatesInTabOrder: true, 20, 120, "Boolean or scalar toggle button",
+                new Dictionary<string, object?> { ["text"] = "Toggle", ["trueValue"] = true, ["falseValue"] = false }))
+            .Add(BuiltIn("computed", "Computed", "Input Controls", "\u03A3", 320, 34, supportsBinding: true, participatesInTabOrder: true, 20, 130, "Computed field",
+                new Dictionary<string, object?> { ["formula"] = "", ["format"] = "" }))
+            .Add(BuiltIn("datagrid", "DataGrid", "Data", "\u2637", 560, 200, supportsBinding: false, participatesInTabOrder: false, 30, 10, "Table data grid",
+                new Dictionary<string, object?>
+                {
+                    ["dataGridMode"] = "standalone",
+                    ["childTable"] = "",
+                    ["foreignKeyField"] = "",
+                    ["parentKeyField"] = "",
+                    ["foreignKeyName"] = "",
+                    ["visibleColumns"] = Array.Empty<object?>(),
+                    ["allowAdd"] = true,
+                    ["allowDelete"] = true,
+                    ["allowEdit"] = true,
+                }))
+            .Add(BuiltIn("childtabs", "Child Tabs", "Data", "\u2630", 600, 280, supportsBinding: false, participatesInTabOrder: false, 30, 20, "Tab-based child forms with nesting",
+                new Dictionary<string, object?> { ["tabs"] = Array.Empty<object?>() }))
+            .Add(BuiltIn("tabControl", "Tab Control", "Data", "\u25AB", 600, 300, supportsBinding: false, participatesInTabOrder: false, 30, 30, "General tab container for form controls",
+                new Dictionary<string, object?>
+                {
+                    ["tabs"] = new object?[]
+                    {
+                        new Dictionary<string, object?> { ["id"] = "page1", ["label"] = "Page 1" },
+                        new Dictionary<string, object?> { ["id"] = "page2", ["label"] = "Page 2" },
+                    },
+                }))
+            .Add(BuiltIn("subform", "Subform", "Data", "\u25A3", 640, 320, supportsBinding: false, participatesInTabOrder: false, 30, 40, "Embedded saved form linked to the parent record",
+                new Dictionary<string, object?> { ["formId"] = "", ["parentKeyField"] = "", ["foreignKeyField"] = "", ["showToolbar"] = true, ["showRecordList"] = true }))
+            .Add(BuiltIn("attachment", "Attachment", "Data", "\u2398", 360, 74, supportsBinding: true, participatesInTabOrder: true, 30, 50, "BLOB attachment upload",
+                AttachmentDefaults("attachment")))
+            .Add(BuiltIn("image", "Image", "Data", "\u25A7", 360, 240, supportsBinding: true, participatesInTabOrder: true, 30, 60, "BLOB image upload and preview",
+                AttachmentDefaults("image")))
+            .Add(BuiltIn("commandButton", "Button", "Automation", "\u25B6", 160, 34, supportsBinding: false, participatesInTabOrder: true, 40, 10, "Runs a trusted command",
+                new Dictionary<string, object?> { ["text"] = "Button", ["commandName"] = "" }));
+    }
+
+    private static FormControlDescriptor BuiltIn(
+        string controlType,
+        string displayName,
+        string toolboxGroup,
+        string iconText,
+        double defaultWidth,
+        double defaultHeight,
+        bool supportsBinding,
+        bool participatesInTabOrder,
+        int groupOrder,
+        int order,
+        string description,
+        IReadOnlyDictionary<string, object?>? defaultProps = null)
+        => new()
+        {
+            ControlType = controlType,
+            DisplayName = displayName,
+            ToolboxGroup = toolboxGroup,
+            IconText = iconText,
+            Description = description,
+            DefaultWidth = defaultWidth,
+            DefaultHeight = defaultHeight,
+            SupportsBinding = supportsBinding,
+            ParticipatesInTabOrder = participatesInTabOrder,
+            ToolboxGroupOrder = groupOrder,
+            ToolboxOrder = order,
+            DefaultProps = defaultProps ?? new Dictionary<string, object?>(),
+            IsBuiltIn = true,
+        };
+
+    private static Dictionary<string, object?> ChoiceDefaults(Dictionary<string, object?>? extra = null)
+    {
+        var props = new Dictionary<string, object?>
+        {
+            ["options"] = new object?[]
+            {
+                new Dictionary<string, object?> { ["value"] = "1", ["label"] = "Option 1" },
+                new Dictionary<string, object?> { ["value"] = "2", ["label"] = "Option 2" },
+            },
+        };
+
+        if (extra is not null)
+        {
+            foreach (KeyValuePair<string, object?> pair in extra)
+                props[pair.Key] = pair.Value;
+        }
+
+        return props;
+    }
+
+    private static Dictionary<string, object?> AttachmentDefaults(string controlType)
+        => new()
+        {
+            ["storageMode"] = "blobField",
+            ["fileNameField"] = "",
+            ["contentTypeField"] = "",
+            ["fileSizeField"] = "",
+            ["attachmentTable"] = "",
+            ["attachmentForeignKeyField"] = "",
+            ["attachmentBlobField"] = "",
+            ["attachmentFileNameField"] = "",
+            ["attachmentContentTypeField"] = "",
+            ["attachmentFileSizeField"] = "",
+            ["attachmentControlIdField"] = "",
+            ["accept"] = controlType == "image" ? "image/*" : "",
+        };
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/DbFormRecordService.cs b/src/CSharpDB.Admin.Forms/Services/DbFormRecordService.cs
index 19ddd68d..29f2c04c 100644
--- a/src/CSharpDB.Admin.Forms/Services/DbFormRecordService.cs
+++ b/src/CSharpDB.Admin.Forms/Services/DbFormRecordService.cs
@@ -297,6 +297,45 @@ SELECT COUNT(*) AS RowCount
             ?? throw new InvalidOperationException("The updated record could not be reloaded.");
     }
 
+    public async Task SaveAttachmentAsync(FormAttachmentTableBinding binding, object parentValue, FormAttachmentValue attachment, CancellationToken ct = default)
+    {
+        ArgumentNullException.ThrowIfNull(binding);
+        ArgumentNullException.ThrowIfNull(parentValue);
+        ArgumentNullException.ThrowIfNull(attachment);
+
+        string tableName = FormSql.RequireIdentifier(binding.TableName, nameof(binding.TableName));
+        string foreignKeyField = FormSql.RequireIdentifier(binding.ForeignKeyField, nameof(binding.ForeignKeyField));
+        string blobField = FormSql.RequireIdentifier(binding.BlobField, nameof(binding.BlobField));
+        string whereClause = $"{foreignKeyField} = {FormSql.FormatLiteral(parentValue)}";
+
+        if (!string.IsNullOrWhiteSpace(binding.ControlIdField) && !string.IsNullOrWhiteSpace(binding.ControlId))
+        {
+            string controlIdField = FormSql.RequireIdentifier(binding.ControlIdField, nameof(binding.ControlIdField));
+            whereClause += $" AND {controlIdField} = {FormSql.FormatLiteral(binding.ControlId)}";
+        }
+
+        FormSql.ThrowIfError(await dbClient.ExecuteSqlAsync($"""
+            DELETE FROM {tableName}
+            WHERE {whereClause};
+            """, ct));
+
+        if (attachment.ClearExisting || attachment.Bytes is not { Length: > 0 } bytes)
+            return;
+
+        var values = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+        {
+            [binding.ForeignKeyField] = parentValue,
+            [binding.BlobField] = bytes,
+        };
+
+        AddOptionalAttachmentValue(values, binding.FileNameField, attachment.FileName);
+        AddOptionalAttachmentValue(values, binding.ContentTypeField, attachment.ContentType);
+        AddOptionalAttachmentValue(values, binding.FileSizeField, attachment.FileSize);
+        AddOptionalAttachmentValue(values, binding.ControlIdField, binding.ControlId);
+
+        await dbClient.InsertRowAsync(binding.TableName, values, ct);
+    }
+
     public Task DeleteRecordAsync(FormTableDefinition table, object pkValue, CancellationToken ct = default)
         => dbClient.DeleteRowAsync(table.TableName, GetPrimaryKeyColumn(table), pkValue, ct);
 
@@ -431,6 +470,12 @@ private static int FindRecordIndex(IReadOnlyList<Dictionary<string, object?>> re
         return filtered;
     }
 
+    private static void AddOptionalAttachmentValue(Dictionary<string, object?> values, string? fieldName, object? value)
+    {
+        if (!string.IsNullOrWhiteSpace(fieldName))
+            values[fieldName] = value;
+    }
+
     private static Dictionary<string, object?> BuildEmptyInsertValues(FormTableDefinition table)
     {
         string pkColumn = GetSinglePrimaryKeyColumn(table);
diff --git a/src/CSharpDB.Admin.Forms/Services/DbFormRepository.cs b/src/CSharpDB.Admin.Forms/Services/DbFormRepository.cs
index ea9913e3..72f0f579 100644
--- a/src/CSharpDB.Admin.Forms/Services/DbFormRepository.cs
+++ b/src/CSharpDB.Admin.Forms/Services/DbFormRepository.cs
@@ -167,30 +167,33 @@ private static FormDefinition DeserializeForm(Dictionary<string, object?> row)
         string json = row["definition_json"]?.ToString()
             ?? throw new InvalidOperationException("Stored form definition is missing JSON.");
 
-        return JsonSerializer.Deserialize<FormDefinition>(json, JsonDefaults.Options)
+        FormDefinition form = JsonSerializer.Deserialize<FormDefinition>(json, JsonDefaults.Options)
             ?? throw new InvalidOperationException("Stored form definition JSON could not be deserialized.");
+        return FormAutomationMetadata.NormalizeForExport(form);
     }
 
     private static FormDefinition NormalizeForCreate(FormDefinition form)
     {
         ValidateForPersistence(form);
-        return form with
+        FormDefinition stored = form with
         {
             FormId = string.IsNullOrWhiteSpace(form.FormId) ? Guid.NewGuid().ToString("N") : form.FormId,
             Name = string.IsNullOrWhiteSpace(form.Name) ? $"{form.TableName} Form" : form.Name.Trim(),
             DefinitionVersion = 1,
         };
+        return FormAutomationMetadata.NormalizeForExport(stored);
     }
 
     private static FormDefinition NormalizeForUpdate(string formId, int expectedVersion, FormDefinition form)
     {
         ValidateForPersistence(form);
-        return form with
+        FormDefinition stored = form with
         {
             FormId = formId,
             Name = string.IsNullOrWhiteSpace(form.Name) ? $"{form.TableName} Form" : form.Name.Trim(),
             DefinitionVersion = expectedVersion + 1,
         };
+        return FormAutomationMetadata.NormalizeForExport(stored);
     }
 
     private static void ValidateForPersistence(FormDefinition form)
diff --git a/src/CSharpDB.Admin.Forms/Services/DefaultFormControlRegistry.cs b/src/CSharpDB.Admin.Forms/Services/DefaultFormControlRegistry.cs
new file mode 100644
index 00000000..f1681f73
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/DefaultFormControlRegistry.cs
@@ -0,0 +1,15 @@
+using CSharpDB.Admin.Forms.Contracts;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+internal static class DefaultFormControlRegistry
+{
+    public static IFormControlRegistry Instance { get; } = Create();
+
+    private static IFormControlRegistry Create()
+    {
+        var builder = new FormControlRegistryBuilder();
+        BuiltInFormControlDescriptors.AddTo(builder);
+        return builder.Build();
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/DefaultFormEventDispatcher.cs b/src/CSharpDB.Admin.Forms/Services/DefaultFormEventDispatcher.cs
new file mode 100644
index 00000000..0db65f52
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/DefaultFormEventDispatcher.cs
@@ -0,0 +1,133 @@
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+public sealed class DefaultFormEventDispatcher : IFormEventDispatcher
+{
+    private readonly DbCommandRegistry _commands;
+    private readonly DbExtensionPolicy _callbackPolicy;
+    private readonly IFormActionRuntime _actionRuntime;
+
+    public DefaultFormEventDispatcher(DbCommandRegistry commands)
+        : this(commands, DbExtensionPolicies.DefaultHostCallbackPolicy, NullFormActionRuntime.Instance)
+    {
+    }
+
+    public DefaultFormEventDispatcher(DbCommandRegistry commands, IFormActionRuntime actionRuntime)
+        : this(commands, DbExtensionPolicies.DefaultHostCallbackPolicy, actionRuntime)
+    {
+    }
+
+    public DefaultFormEventDispatcher(
+        DbCommandRegistry commands,
+        DbExtensionPolicy callbackPolicy,
+        IFormActionRuntime actionRuntime)
+    {
+        ArgumentNullException.ThrowIfNull(commands);
+        ArgumentNullException.ThrowIfNull(callbackPolicy);
+        ArgumentNullException.ThrowIfNull(actionRuntime);
+
+        _commands = commands;
+        _callbackPolicy = callbackPolicy;
+        _actionRuntime = actionRuntime;
+    }
+
+    public async Task<FormEventDispatchResult> DispatchAsync(
+        FormDefinition form,
+        FormEventKind eventKind,
+        IReadOnlyDictionary<string, object?>? record = null,
+        CancellationToken ct = default)
+        => await DispatchAsync(form, eventKind, record, _actionRuntime, ct);
+
+    public async Task<FormEventDispatchResult> DispatchAsync(
+        FormDefinition form,
+        FormEventKind eventKind,
+        IReadOnlyDictionary<string, object?>? record,
+        IFormActionRuntime actionRuntime,
+        CancellationToken ct = default)
+    {
+        ArgumentNullException.ThrowIfNull(form);
+        ArgumentNullException.ThrowIfNull(actionRuntime);
+
+        IReadOnlyList<FormEventBinding> bindings = form.EventBindings ?? [];
+        foreach (FormEventBinding binding in bindings.Where(binding => binding.Event == eventKind))
+        {
+            Dictionary<string, string> metadata = FormCommandInvocation.BuildMetadata(form);
+            metadata["event"] = eventKind.ToString();
+
+            if (!string.IsNullOrWhiteSpace(binding.CommandName))
+            {
+                if (!_commands.TryGetCommand(binding.CommandName, out DbCommandDefinition definition))
+                {
+                    string message = $"Unknown form command '{binding.CommandName}' for event '{eventKind}'.";
+                    DbCallbackDiagnostics.WriteMissingCommandInvocation(binding.CommandName, metadata, message);
+                    return FormEventDispatchResult.Failure(message);
+                }
+
+                Dictionary<string, DbValue> arguments = FormCommandInvocation.BuildArguments(record, binding.Arguments);
+                bool commandFailed = false;
+                string? commandFailureMessage = null;
+                try
+                {
+                    DbCommandResult result = await definition.InvokeAsync(
+                        arguments,
+                        metadata,
+                        _callbackPolicy,
+                        DbExtensionHostMode.Embedded,
+                        ct);
+                    if (!result.Succeeded)
+                    {
+                        commandFailed = true;
+                        commandFailureMessage = string.IsNullOrWhiteSpace(result.Message)
+                            ? $"Form event '{eventKind}' command '{definition.Name}' failed."
+                            : result.Message;
+                    }
+                }
+                catch (OperationCanceledException) when (ct.IsCancellationRequested)
+                {
+                    throw;
+                }
+                catch (Exception ex)
+                {
+                    commandFailed = true;
+                    commandFailureMessage = $"Form event '{eventKind}' command '{definition.Name}' failed: {ex.Message}";
+                }
+
+                if (commandFailed)
+                {
+                    if (binding.StopOnFailure)
+                        return FormEventDispatchResult.Failure(commandFailureMessage!);
+
+                    if (binding.ActionSequence is null)
+                        continue;
+                }
+            }
+            else if (binding.ActionSequence is null)
+            {
+                return FormEventDispatchResult.Failure($"Form event '{eventKind}' has no command or action sequence.");
+            }
+
+            if (binding.ActionSequence is not null)
+            {
+                FormEventDispatchResult actionResult = await FormActionSequenceExecutor.ExecuteAsync(
+                    binding.ActionSequence,
+                    _commands,
+                    record,
+                    binding.Arguments,
+                    runtimeArguments: null,
+                    metadata,
+                    reusableSequences: form.ActionSequences,
+                    actionRuntime: actionRuntime,
+                    callbackPolicy: _callbackPolicy,
+                    ct: ct);
+
+                if (!actionResult.Succeeded && binding.StopOnFailure)
+                    return actionResult;
+            }
+        }
+
+        return FormEventDispatchResult.Success();
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/DefaultFormGenerator.cs b/src/CSharpDB.Admin.Forms/Services/DefaultFormGenerator.cs
index 57d27b9a..022d20cb 100644
--- a/src/CSharpDB.Admin.Forms/Services/DefaultFormGenerator.cs
+++ b/src/CSharpDB.Admin.Forms/Services/DefaultFormGenerator.cs
@@ -63,6 +63,7 @@ private static string PickControlType(FormFieldDefinition field)
         {
             FieldDataType.Boolean => "checkbox",
             FieldDataType.Date or FieldDataType.DateTime => "date",
+            FieldDataType.Blob => "attachment",
             FieldDataType.Int32 or FieldDataType.Int64 or FieldDataType.Decimal or FieldDataType.Double => "number",
             _ => "text",
         };
diff --git a/src/CSharpDB.Admin.Forms/Services/DefaultValidationInferenceService.cs b/src/CSharpDB.Admin.Forms/Services/DefaultValidationInferenceService.cs
index c9ebdccb..1cd4fd90 100644
--- a/src/CSharpDB.Admin.Forms/Services/DefaultValidationInferenceService.cs
+++ b/src/CSharpDB.Admin.Forms/Services/DefaultValidationInferenceService.cs
@@ -1,10 +1,39 @@
+using System.Globalization;
+using System.Text.Json;
+using System.Text.RegularExpressions;
 using CSharpDB.Admin.Forms.Contracts;
 using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Admin.Forms.Services;
 
 public sealed class DefaultValidationInferenceService : IValidationInferenceService
 {
+    private static readonly HashSet<string> BuiltInRuleIds = new(StringComparer.OrdinalIgnoreCase)
+    {
+        "required",
+        "maxLength",
+        "range",
+        "regex",
+        "oneOf",
+    };
+
+    private readonly DbValidationRuleRegistry _validationRules;
+    private readonly DbExtensionPolicy _callbackPolicy;
+
+    public DefaultValidationInferenceService()
+        : this(DbValidationRuleRegistry.Empty, DbExtensionPolicies.DefaultHostCallbackPolicy)
+    {
+    }
+
+    public DefaultValidationInferenceService(
+        DbValidationRuleRegistry validationRules,
+        DbExtensionPolicy callbackPolicy)
+    {
+        _validationRules = validationRules;
+        _callbackPolicy = callbackPolicy;
+    }
+
     public IReadOnlyList<ValidationRule> InferRules(FormFieldDefinition field)
     {
         var rules = new List<ValidationRule>();
@@ -67,46 +96,449 @@ public IReadOnlyList<ValidationRule> InferRules(FormFieldDefinition field)
     }
 
     public IReadOnlyList<ValidationError> Evaluate(FormDefinition form, IDictionary<string, object?> record)
+        => EvaluateAsync(form, record).GetAwaiter().GetResult();
+
+    public async Task<IReadOnlyList<ValidationError>> EvaluateAsync(
+        FormDefinition form,
+        IDictionary<string, object?> record,
+        CancellationToken ct = default)
     {
+        ArgumentNullException.ThrowIfNull(form);
+        ArgumentNullException.ThrowIfNull(record);
+
         var errors = new List<ValidationError>();
+        Dictionary<string, DbValue> recordValues = DbCommandArguments.FromObjectDictionary(
+            new Dictionary<string, object?>(record, StringComparer.OrdinalIgnoreCase));
 
-        foreach (var control in form.Controls)
+        foreach (ControlDefinition control in form.Controls)
         {
             if (control.Binding is null)
                 continue;
 
-            if (control.ValidationOverride?.DisableInferredRules == true)
-                continue;
-
             string fieldName = control.Binding.FieldName;
             record.TryGetValue(fieldName, out object? value);
-            var disabledIds = control.ValidationOverride?.DisableRuleIds ?? [];
-
-            if (!disabledIds.Contains("maxLength") &&
-                control.Props.Values.TryGetValue("maxLength", out object? maxLength) &&
-                value is string text &&
-                maxLength is long max &&
-                text.Length > max)
-            {
-                errors.Add(new ValidationError(fieldName, "maxLength", $"{fieldName} must be at most {max} characters."));
-            }
+            IReadOnlyList<string> disabledIds = control.ValidationOverride?.DisableRuleIds ?? [];
 
-            if (control.ValidationOverride?.AddRules is not { } addedRules)
-                continue;
+            if (control.ValidationOverride?.DisableInferredRules != true)
+                AddInferredControlErrors(errors, control, fieldName, value, disabledIds);
 
-            foreach (var rule in addedRules)
+            foreach (ValidationRule rule in control.ValidationOverride?.AddRules ?? [])
             {
-                if (disabledIds.Contains(rule.RuleId))
+                if (disabledIds.Contains(rule.RuleId, StringComparer.OrdinalIgnoreCase))
                     continue;
 
-                if (rule.RuleId == "required" && IsEmpty(value))
-                    errors.Add(new ValidationError(fieldName, rule.RuleId, rule.Message));
+                if (ApplyBuiltInRule(errors, rule, fieldName, value))
+                    continue;
+
+                await InvokeValidationRuleAsync(
+                    errors,
+                    form,
+                    control,
+                    fieldName,
+                    value,
+                    recordValues,
+                    rule,
+                    DbValidationRuleScope.Field,
+                    ct).ConfigureAwait(false);
             }
         }
 
+        foreach (ValidationRule rule in form.ValidationRules ?? [])
+        {
+            await InvokeValidationRuleAsync(
+                errors,
+                form,
+                control: null,
+                fieldName: null,
+                value: null,
+                recordValues,
+                rule,
+                DbValidationRuleScope.Form,
+                ct).ConfigureAwait(false);
+        }
+
         return errors;
     }
 
+    private static void AddInferredControlErrors(
+        List<ValidationError> errors,
+        ControlDefinition control,
+        string fieldName,
+        object? value,
+        IReadOnlyList<string> disabledIds)
+    {
+        if (!disabledIds.Contains("required", StringComparer.OrdinalIgnoreCase) &&
+            TryGetBoolean(control.Props.Values, "required", out bool required) &&
+            required &&
+            IsEmpty(value))
+        {
+            errors.Add(new ValidationError(fieldName, "required", $"{fieldName} is required."));
+        }
+
+        if (!disabledIds.Contains("maxLength", StringComparer.OrdinalIgnoreCase) &&
+            TryGetLong(control.Props.Values, "maxLength", out long maxLength) &&
+            value is string text &&
+            text.Length > maxLength)
+        {
+            errors.Add(new ValidationError(fieldName, "maxLength", $"{fieldName} must be at most {maxLength} characters."));
+        }
+
+        if (!disabledIds.Contains("range", StringComparer.OrdinalIgnoreCase) &&
+            TryGetDoubleValue(value, out double numericValue))
+        {
+            bool hasMin = TryGetDouble(control.Props.Values, "min", out double min);
+            bool hasMax = TryGetDouble(control.Props.Values, "max", out double maxValue);
+            if (hasMin && numericValue < min)
+                errors.Add(new ValidationError(fieldName, "range", $"{fieldName} must be at least {min.ToString(CultureInfo.InvariantCulture)}."));
+            if (hasMax && numericValue > maxValue)
+                errors.Add(new ValidationError(fieldName, "range", $"{fieldName} must be at most {maxValue.ToString(CultureInfo.InvariantCulture)}."));
+        }
+
+        if (!disabledIds.Contains("regex", StringComparer.OrdinalIgnoreCase) &&
+            TryGetString(control.Props.Values, "pattern", out string? pattern) &&
+            pattern is not null &&
+            value is string stringValue &&
+            !Regex.IsMatch(stringValue, pattern))
+        {
+            errors.Add(new ValidationError(fieldName, "regex", $"{fieldName} has an invalid format."));
+        }
+    }
+
+    private static bool ApplyBuiltInRule(
+        List<ValidationError> errors,
+        ValidationRule rule,
+        string fieldName,
+        object? value)
+    {
+        if (!BuiltInRuleIds.Contains(rule.RuleId))
+            return false;
+
+        switch (rule.RuleId)
+        {
+            case "required" when IsEmpty(value):
+                errors.Add(new ValidationError(fieldName, rule.RuleId, GetRuleMessage(rule, $"{fieldName} is required.")));
+                break;
+
+            case "maxLength" when value is string text && TryGetLong(rule.Parameters, "max", out long maxLength) && text.Length > maxLength:
+                errors.Add(new ValidationError(fieldName, rule.RuleId, GetRuleMessage(rule, $"{fieldName} must be at most {maxLength} characters.")));
+                break;
+
+            case "range" when TryGetDoubleValue(value, out double numericValue):
+                bool hasMin = TryGetDouble(rule.Parameters, "min", out double min);
+                bool hasMax = TryGetDouble(rule.Parameters, "max", out double maxValue);
+                if ((hasMin && numericValue < min) || (hasMax && numericValue > maxValue))
+                    errors.Add(new ValidationError(fieldName, rule.RuleId, GetRuleMessage(rule, $"{fieldName} is outside the allowed range.")));
+                break;
+
+            case "regex" when value is string stringValue && TryGetString(rule.Parameters, "pattern", out string? pattern) && pattern is not null && !Regex.IsMatch(stringValue, pattern):
+                errors.Add(new ValidationError(fieldName, rule.RuleId, GetRuleMessage(rule, $"{fieldName} has an invalid format.")));
+                break;
+
+            case "oneOf" when !IsOneOfAllowedValue(value, rule.Parameters):
+                errors.Add(new ValidationError(fieldName, rule.RuleId, GetRuleMessage(rule, $"{fieldName} must be one of the allowed values.")));
+                break;
+        }
+
+        return true;
+    }
+
+    private async Task InvokeValidationRuleAsync(
+        List<ValidationError> errors,
+        FormDefinition form,
+        ControlDefinition? control,
+        string? fieldName,
+        object? value,
+        IReadOnlyDictionary<string, DbValue> recordValues,
+        ValidationRule rule,
+        DbValidationRuleScope scope,
+        CancellationToken ct)
+    {
+        string ruleName = rule.RuleId?.Trim() ?? string.Empty;
+        string defaultFieldName = fieldName ?? string.Empty;
+        IReadOnlyDictionary<string, string> metadata = CreateValidationMetadata(form, control, ruleName, scope);
+
+        if (string.IsNullOrWhiteSpace(ruleName))
+        {
+            errors.Add(new ValidationError(defaultFieldName, string.Empty, "Validation rule is missing a rule name."));
+            return;
+        }
+
+        if (!_validationRules.TryGetRule(ruleName, out DbValidationRuleDefinition? definition))
+        {
+            string message = $"Validation rule '{ruleName}' is not registered in the current Admin host.";
+            DbCallbackDiagnostics.WriteMissingValidationInvocation(ruleName, metadata, message);
+            errors.Add(new ValidationError(defaultFieldName, ruleName, message));
+            return;
+        }
+
+        var context = DbValidationRuleContext.Create(
+            ruleName,
+            scope,
+            recordValues,
+            DbCommandArguments.FromObjectDictionary(rule.Parameters),
+            metadata) with
+        {
+            FormId = form.FormId,
+            FormName = form.Name,
+            TableName = form.TableName,
+            ControlId = control?.ControlId,
+            FieldName = fieldName,
+            Value = DbCommandArguments.FromObject(value),
+            FallbackMessage = rule.Message,
+        };
+
+        try
+        {
+            DbValidationRuleResult result = await definition
+                .InvokeAsync(context, _callbackPolicy, DbExtensionHostMode.Embedded, ct)
+                .ConfigureAwait(false);
+
+            if (!result.Succeeded || result.Failures is { Count: > 0 })
+                AddValidationRuleFailures(errors, result, defaultFieldName, ruleName, rule.Message);
+        }
+        catch (DbCallbackPolicyException ex)
+        {
+            string reason = ex.Decision.DenialReason ?? ex.Message;
+            errors.Add(new ValidationError(defaultFieldName, ruleName, $"Validation rule '{ruleName}' was denied by policy: {reason}"));
+        }
+        catch (TimeoutException ex)
+        {
+            errors.Add(new ValidationError(defaultFieldName, ruleName, ex.Message));
+        }
+        catch (OperationCanceledException)
+        {
+            throw;
+        }
+        catch (Exception ex)
+        {
+            errors.Add(new ValidationError(defaultFieldName, ruleName, $"Validation rule '{ruleName}' failed: {ex.Message}"));
+        }
+    }
+
+    private static void AddValidationRuleFailures(
+        List<ValidationError> errors,
+        DbValidationRuleResult result,
+        string defaultFieldName,
+        string ruleName,
+        string fallbackMessage)
+    {
+        if (result.Failures is { Count: > 0 } failures)
+        {
+            foreach (DbValidationFailure failure in failures)
+            {
+                string fieldName = failure.FieldName ?? string.Empty;
+                errors.Add(new ValidationError(
+                    fieldName,
+                    failure.RuleId ?? ruleName,
+                    string.IsNullOrWhiteSpace(failure.Message) ? GetFallbackFailureMessage(ruleName, fallbackMessage, result.Message) : failure.Message));
+            }
+
+            return;
+        }
+
+        errors.Add(new ValidationError(
+            defaultFieldName,
+            ruleName,
+            GetFallbackFailureMessage(ruleName, fallbackMessage, result.Message)));
+    }
+
+    private static string GetFallbackFailureMessage(string ruleName, string fallbackMessage, string? resultMessage)
+    {
+        if (!string.IsNullOrWhiteSpace(resultMessage))
+            return resultMessage;
+        if (!string.IsNullOrWhiteSpace(fallbackMessage))
+            return fallbackMessage;
+
+        return $"Validation rule '{ruleName}' failed.";
+    }
+
+    private static IReadOnlyDictionary<string, string> CreateValidationMetadata(
+        FormDefinition form,
+        ControlDefinition? control,
+        string ruleName,
+        DbValidationRuleScope scope)
+    {
+        var metadata = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+        {
+            ["surface"] = "admin.forms",
+            ["ownerKind"] = "Form",
+            ["ownerId"] = form.FormId,
+            ["ownerName"] = form.Name,
+            ["formId"] = form.FormId,
+            ["formName"] = form.Name,
+            ["tableName"] = form.TableName,
+            ["validationScope"] = scope.ToString(),
+            ["ruleName"] = ruleName,
+            ["correlationId"] = Guid.NewGuid().ToString("N"),
+        };
+
+        if (scope == DbValidationRuleScope.Field && control is not null)
+        {
+            metadata["controlId"] = control.ControlId;
+            if (control.Binding?.FieldName is { Length: > 0 } fieldName)
+                metadata["fieldName"] = fieldName;
+            metadata["location"] = $"controls.{control.ControlId}.validationRules.{ruleName}";
+        }
+        else
+        {
+            metadata["location"] = $"form.validationRules.{ruleName}";
+        }
+
+        return metadata;
+    }
+
+    private static string GetRuleMessage(ValidationRule rule, string fallback)
+        => string.IsNullOrWhiteSpace(rule.Message) ? fallback : rule.Message;
+
     private static bool IsEmpty(object? value)
         => value is null or "" || value is string text && string.IsNullOrWhiteSpace(text);
+
+    private static bool TryGetBoolean(IReadOnlyDictionary<string, object?> values, string key, out bool result)
+    {
+        result = false;
+        if (!values.TryGetValue(key, out object? value) || value is null)
+            return false;
+
+        if (value is bool boolValue)
+        {
+            result = boolValue;
+            return true;
+        }
+
+        if (value is JsonElement json)
+        {
+            if (json.ValueKind is JsonValueKind.True or JsonValueKind.False)
+            {
+                result = json.GetBoolean();
+                return true;
+            }
+
+            if (json.ValueKind == JsonValueKind.String)
+                value = json.GetString();
+        }
+
+        if (value is null)
+            return false;
+
+        string? text = value.ToString();
+        return text is not null && bool.TryParse(text, out result);
+    }
+
+    private static bool TryGetString(IReadOnlyDictionary<string, object?> values, string key, out string? result)
+    {
+        result = null;
+        if (!values.TryGetValue(key, out object? value) || value is null)
+            return false;
+
+        if (value is JsonElement json)
+            value = json.ValueKind == JsonValueKind.String ? json.GetString() : json.ToString();
+
+        result = value?.ToString();
+        return !string.IsNullOrWhiteSpace(result);
+    }
+
+    private static bool TryGetLong(IReadOnlyDictionary<string, object?> values, string key, out long result)
+    {
+        result = 0;
+        if (!values.TryGetValue(key, out object? value))
+            return false;
+
+        return TryGetLongValue(value, out result);
+    }
+
+    private static bool TryGetDouble(IReadOnlyDictionary<string, object?> values, string key, out double result)
+    {
+        result = 0;
+        if (!values.TryGetValue(key, out object? value))
+            return false;
+
+        return TryGetDoubleValue(value, out result);
+    }
+
+    private static bool TryGetLongValue(object? value, out long result)
+    {
+        result = 0;
+        if (value is null)
+            return false;
+
+        if (value is JsonElement json)
+        {
+            if (json.ValueKind == JsonValueKind.Number)
+                return json.TryGetInt64(out result);
+            if (json.ValueKind == JsonValueKind.String)
+                value = json.GetString();
+        }
+
+        if (value is null)
+            return false;
+
+        if (value is IConvertible)
+            return long.TryParse(Convert.ToString(value, CultureInfo.InvariantCulture), NumberStyles.Integer, CultureInfo.InvariantCulture, out result);
+
+        string? text = value.ToString();
+        return text is not null && long.TryParse(text, NumberStyles.Integer, CultureInfo.InvariantCulture, out result);
+    }
+
+    private static bool TryGetDoubleValue(object? value, out double result)
+    {
+        result = 0;
+        if (value is null)
+            return false;
+
+        if (value is JsonElement json)
+        {
+            if (json.ValueKind == JsonValueKind.Number)
+                return json.TryGetDouble(out result);
+            if (json.ValueKind == JsonValueKind.String)
+                value = json.GetString();
+        }
+
+        if (value is null)
+            return false;
+
+        if (value is IConvertible)
+            return double.TryParse(Convert.ToString(value, CultureInfo.InvariantCulture), NumberStyles.Float, CultureInfo.InvariantCulture, out result);
+
+        string? text = value.ToString();
+        return text is not null && double.TryParse(text, NumberStyles.Float, CultureInfo.InvariantCulture, out result);
+    }
+
+    private static bool IsOneOfAllowedValue(object? value, IReadOnlyDictionary<string, object?> parameters)
+    {
+        if (!parameters.TryGetValue("values", out object? rawValues) || rawValues is null)
+            return true;
+
+        string candidate = Convert.ToString(value, CultureInfo.InvariantCulture) ?? string.Empty;
+        foreach (object? allowed in EnumerateValues(rawValues))
+        {
+            string allowedText = Convert.ToString(allowed, CultureInfo.InvariantCulture) ?? string.Empty;
+            if (string.Equals(candidate, allowedText, StringComparison.OrdinalIgnoreCase))
+                return true;
+        }
+
+        return false;
+    }
+
+    private static IEnumerable<object?> EnumerateValues(object value)
+    {
+        if (value is JsonElement json && json.ValueKind == JsonValueKind.Array)
+        {
+            foreach (JsonElement item in json.EnumerateArray())
+                yield return item.ValueKind == JsonValueKind.String ? item.GetString() : item.ToString();
+            yield break;
+        }
+
+        if (value is IEnumerable<object?> objectValues)
+        {
+            foreach (object? item in objectValues)
+                yield return item;
+            yield break;
+        }
+
+        if (value is System.Collections.IEnumerable values && value is not string)
+        {
+            foreach (object? item in values)
+                yield return item;
+        }
+    }
 }
diff --git a/src/CSharpDB.Admin.Forms/Services/FormActionConditionEvaluator.cs b/src/CSharpDB.Admin.Forms/Services/FormActionConditionEvaluator.cs
new file mode 100644
index 00000000..4c6c1c5a
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/FormActionConditionEvaluator.cs
@@ -0,0 +1,307 @@
+using System.Globalization;
+using System.Text.Json;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+internal static class FormActionConditionEvaluator
+{
+    private static readonly string[] Operators = [">=", "<=", "==", "!=", "<>", "=", ">", "<"];
+
+    public static bool TryEvaluate(
+        string? condition,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, object?>? stepArguments,
+        out bool result,
+        out string? error)
+    {
+        result = true;
+        error = null;
+
+        if (string.IsNullOrWhiteSpace(condition))
+            return true;
+
+        string expression = condition.Trim();
+        if (expression.StartsWith('=') && !expression.StartsWith("==", StringComparison.Ordinal))
+            expression = expression[1..].Trim();
+
+        if (expression.Length == 0)
+        {
+            error = "Condition is empty.";
+            return false;
+        }
+
+        Dictionary<string, object?> values = BuildValues(record, bindingArguments, runtimeArguments, stepArguments);
+        if (TryFindOperator(expression, out int operatorIndex, out string? op))
+        {
+            string leftText = expression[..operatorIndex].Trim();
+            string rightText = expression[(operatorIndex + op.Length)..].Trim();
+            if (leftText.Length == 0 || rightText.Length == 0)
+            {
+                error = $"Condition '{condition}' is missing a comparison operand.";
+                return false;
+            }
+
+            if (!TryResolveValue(leftText, values, requireKnownIdentifier: true, out object? left, out error) ||
+                !TryResolveValue(rightText, values, requireKnownIdentifier: false, out object? right, out error))
+            {
+                return false;
+            }
+
+            result = Compare(left, right, op);
+            return true;
+        }
+
+        if (!TryResolveValue(expression, values, requireKnownIdentifier: true, out object? value, out error))
+            return false;
+
+        result = IsTruthy(value);
+        return true;
+    }
+
+    private static Dictionary<string, object?> BuildValues(params IReadOnlyDictionary<string, object?>?[] sources)
+    {
+        var values = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+        foreach (IReadOnlyDictionary<string, object?>? source in sources)
+        {
+            if (source is null)
+                continue;
+
+            foreach ((string key, object? value) in source)
+                values[key] = NormalizeValue(value);
+        }
+
+        return values;
+    }
+
+    private static bool TryFindOperator(string expression, out int index, out string op)
+    {
+        bool inSingleQuote = false;
+        bool inDoubleQuote = false;
+        bool inBracket = false;
+
+        for (int i = 0; i < expression.Length; i++)
+        {
+            char ch = expression[i];
+            if (ch == '\'' && !inDoubleQuote && !inBracket)
+            {
+                inSingleQuote = !inSingleQuote;
+                continue;
+            }
+
+            if (ch == '"' && !inSingleQuote && !inBracket)
+            {
+                inDoubleQuote = !inDoubleQuote;
+                continue;
+            }
+
+            if (ch == '[' && !inSingleQuote && !inDoubleQuote)
+            {
+                inBracket = true;
+                continue;
+            }
+
+            if (ch == ']' && inBracket)
+            {
+                inBracket = false;
+                continue;
+            }
+
+            if (inSingleQuote || inDoubleQuote || inBracket)
+                continue;
+
+            foreach (string candidate in Operators)
+            {
+                if (expression.AsSpan(i).StartsWith(candidate, StringComparison.Ordinal))
+                {
+                    index = i;
+                    op = candidate;
+                    return true;
+                }
+            }
+        }
+
+        index = -1;
+        op = string.Empty;
+        return false;
+    }
+
+    private static bool TryResolveValue(
+        string token,
+        IReadOnlyDictionary<string, object?> values,
+        bool requireKnownIdentifier,
+        out object? value,
+        out string? error)
+    {
+        error = null;
+        token = token.Trim();
+        if (token.Length == 0)
+        {
+            value = null;
+            error = "Condition contains an empty value.";
+            return false;
+        }
+
+        if (TryReadQuotedString(token, out string? quoted))
+        {
+            value = quoted;
+            return true;
+        }
+
+        if (token.StartsWith('[') && token.EndsWith(']') && token.Length > 2)
+        {
+            string name = token[1..^1].Trim();
+            if (values.TryGetValue(name, out value))
+                return true;
+
+            error = $"Condition references unknown value '{name}'.";
+            return false;
+        }
+
+        if (string.Equals(token, "null", StringComparison.OrdinalIgnoreCase))
+        {
+            value = null;
+            return true;
+        }
+
+        if (bool.TryParse(token, out bool boolean))
+        {
+            value = boolean;
+            return true;
+        }
+
+        if (long.TryParse(token, NumberStyles.Integer, CultureInfo.InvariantCulture, out long integer))
+        {
+            value = integer;
+            return true;
+        }
+
+        if (double.TryParse(token, NumberStyles.Float | NumberStyles.AllowThousands, CultureInfo.InvariantCulture, out double real))
+        {
+            value = real;
+            return true;
+        }
+
+        if (IsIdentifier(token))
+        {
+            if (values.TryGetValue(token, out value))
+                return true;
+
+            if (requireKnownIdentifier)
+            {
+                error = $"Condition references unknown value '{token}'.";
+                return false;
+            }
+        }
+
+        value = token;
+        return true;
+    }
+
+    private static bool TryReadQuotedString(string token, out string? value)
+    {
+        value = null;
+        if (token.Length < 2)
+            return false;
+
+        char quote = token[0];
+        if ((quote != '\'' && quote != '"') || token[^1] != quote)
+            return false;
+
+        value = token[1..^1].Replace($"{quote}{quote}", quote.ToString(), StringComparison.Ordinal);
+        return true;
+    }
+
+    private static bool Compare(object? left, object? right, string op)
+    {
+        int comparison = CompareValues(left, right);
+        return op switch
+        {
+            "=" or "==" => comparison == 0,
+            "!=" or "<>" => comparison != 0,
+            ">" => comparison > 0,
+            ">=" => comparison >= 0,
+            "<" => comparison < 0,
+            "<=" => comparison <= 0,
+            _ => false,
+        };
+    }
+
+    private static int CompareValues(object? left, object? right)
+    {
+        if (left is null || right is null)
+            return left is null && right is null ? 0 : left is null ? -1 : 1;
+
+        if (TryConvertDouble(left, out double leftNumber) &&
+            TryConvertDouble(right, out double rightNumber))
+        {
+            return leftNumber.CompareTo(rightNumber);
+        }
+
+        if (left is bool leftBool && right is bool rightBool)
+            return leftBool.CompareTo(rightBool);
+
+        return string.Compare(
+            Convert.ToString(left, CultureInfo.InvariantCulture),
+            Convert.ToString(right, CultureInfo.InvariantCulture),
+            StringComparison.OrdinalIgnoreCase);
+    }
+
+    private static bool IsTruthy(object? value)
+    {
+        value = NormalizeValue(value);
+        if (value is null)
+            return false;
+
+        if (value is bool boolean)
+            return boolean;
+
+        if (TryConvertDouble(value, out double number))
+            return Math.Abs(number) > double.Epsilon;
+
+        return !string.IsNullOrWhiteSpace(Convert.ToString(value, CultureInfo.InvariantCulture));
+    }
+
+    private static bool TryConvertDouble(object? value, out double result)
+    {
+        value = NormalizeValue(value);
+        return value switch
+        {
+            byte number => Set(number, out result),
+            short number => Set(number, out result),
+            int number => Set(number, out result),
+            long number => Set(number, out result),
+            float number => Set(number, out result),
+            double number => Set(number, out result),
+            decimal number => Set((double)number, out result),
+            string text => double.TryParse(text, NumberStyles.Float | NumberStyles.AllowThousands, CultureInfo.InvariantCulture, out result),
+            _ => Set(0, out result, success: false),
+        };
+    }
+
+    private static bool Set(double value, out double result, bool success = true)
+    {
+        result = value;
+        return success;
+    }
+
+    private static object? NormalizeValue(object? value)
+        => value is JsonElement json ? NormalizeJsonValue(json) : value;
+
+    private static object? NormalizeJsonValue(JsonElement value)
+        => value.ValueKind switch
+        {
+            JsonValueKind.Null => null,
+            JsonValueKind.True => true,
+            JsonValueKind.False => false,
+            JsonValueKind.String => value.GetString(),
+            JsonValueKind.Number => value.TryGetInt64(out long integer) ? integer : value.GetDouble(),
+            _ => value.ToString(),
+        };
+
+    private static bool IsIdentifier(string value)
+        => value.Length > 0
+            && (char.IsLetter(value[0]) || value[0] == '_')
+            && value.All(static ch => char.IsLetterOrDigit(ch) || ch == '_');
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/FormActionManifestValidator.cs b/src/CSharpDB.Admin.Forms/Services/FormActionManifestValidator.cs
new file mode 100644
index 00000000..d06e70fd
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/FormActionManifestValidator.cs
@@ -0,0 +1,603 @@
+using System.Text.Json;
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+public static class FormActionManifestValidator
+{
+    private static readonly HashSet<string> s_supportedControlProperties = new(StringComparer.OrdinalIgnoreCase)
+    {
+        "visible",
+        "enabled",
+        "readOnly",
+        "required",
+        "styleVariant",
+        "validationMessage",
+        "text",
+        "value",
+        "placeholder",
+    };
+
+    public static FormActionValidationResult Validate(
+        FormDefinition form,
+        FormActionValidationOptions? options = null)
+    {
+        ArgumentNullException.ThrowIfNull(form);
+
+        options ??= new FormActionValidationOptions();
+        FormActionRuntimeCapabilities capabilities = options.RuntimeCapabilities ?? FormActionRuntimeCapabilities.None;
+        var issues = new List<FormActionValidationIssue>();
+        var controlIds = new HashSet<string>(
+            form.Controls.Select(static control => control.ControlId),
+            StringComparer.OrdinalIgnoreCase);
+        var sequenceNames = BuildSequenceNameIndex(form.ActionSequences, issues);
+        HashSet<string>? availableForms = options.AvailableForms is null
+            ? null
+            : new HashSet<string>(options.AvailableForms, StringComparer.OrdinalIgnoreCase);
+        HashSet<string>? availableProcedures = options.AvailableProcedures is null
+            ? null
+            : new HashSet<string>(options.AvailableProcedures, StringComparer.OrdinalIgnoreCase);
+
+        foreach (FormEventBinding binding in form.EventBindings ?? [])
+        {
+            if (binding.ActionSequence is not null)
+            {
+                ValidateSequence(
+                    binding.ActionSequence,
+                    $"form.events.{binding.Event}.actionSequence",
+                    binding.Event.ToString(),
+                    controlIds,
+                    sequenceNames,
+                    availableForms,
+                    availableProcedures,
+                    options.Schema,
+                    capabilities,
+                    issues);
+            }
+        }
+
+        foreach (ControlDefinition control in form.Controls)
+        {
+            foreach (ControlEventBinding binding in control.EventBindings ?? [])
+            {
+                if (binding.ActionSequence is not null)
+                {
+                    ValidateSequence(
+                        binding.ActionSequence,
+                        $"controls.{control.ControlId}.events.{binding.Event}.actionSequence",
+                        binding.Event.ToString(),
+                        controlIds,
+                        sequenceNames,
+                        availableForms,
+                        availableProcedures,
+                        options.Schema,
+                        capabilities,
+                        issues);
+                }
+            }
+        }
+
+        foreach (DbActionSequence sequence in form.ActionSequences ?? [])
+        {
+            string location = string.IsNullOrWhiteSpace(sequence.Name)
+                ? "form.actionSequences.unnamed"
+                : $"form.actionSequences.{sequence.Name}";
+            ValidateSequence(
+                sequence,
+                location,
+                eventName: null,
+                controlIds,
+                sequenceNames,
+                availableForms,
+                availableProcedures,
+                options.Schema,
+                capabilities,
+                issues);
+        }
+
+        ValidateRules(form.Rules, controlIds, options.Schema, issues);
+
+        return new FormActionValidationResult(
+            !issues.Any(static issue => issue.Severity == FormActionValidationSeverity.Error),
+            issues.ToArray());
+    }
+
+    private static Dictionary<string, int> BuildSequenceNameIndex(
+        IReadOnlyList<DbActionSequence>? sequences,
+        List<FormActionValidationIssue> issues)
+    {
+        var names = new Dictionary<string, int>(StringComparer.OrdinalIgnoreCase);
+        foreach (DbActionSequence sequence in sequences ?? [])
+        {
+            if (string.IsNullOrWhiteSpace(sequence.Name))
+                continue;
+
+            string name = sequence.Name.Trim();
+            names[name] = names.TryGetValue(name, out int count) ? count + 1 : 1;
+        }
+
+        foreach ((string name, int count) in names.Where(static pair => pair.Value > 1))
+        {
+            issues.Add(new FormActionValidationIssue(
+                FormActionValidationSeverity.Error,
+                DbActionKind.RunActionSequence,
+                "admin.forms",
+                $"form.actionSequences.{name}",
+                $"Form action sequence name '{name}' is ambiguous because {count} sequences use it.",
+                Target: name,
+                ActionSequence: name));
+        }
+
+        return names;
+    }
+
+    private static void ValidateSequence(
+        DbActionSequence sequence,
+        string sequenceLocation,
+        string? eventName,
+        HashSet<string> controlIds,
+        Dictionary<string, int> sequenceNames,
+        HashSet<string>? availableForms,
+        HashSet<string>? availableProcedures,
+        FormTableDefinition? schema,
+        FormActionRuntimeCapabilities capabilities,
+        List<FormActionValidationIssue> issues)
+    {
+        IReadOnlyList<DbActionStep> steps = sequence.Steps ?? [];
+        for (int i = 0; i < steps.Count; i++)
+        {
+            DbActionStep step = steps[i];
+            string location = $"{sequenceLocation}.steps[{i}]";
+            ValidateStep(
+                step,
+                location,
+                eventName,
+                sequence.Name,
+                i,
+                controlIds,
+                sequenceNames,
+                availableForms,
+                availableProcedures,
+                schema,
+                capabilities,
+                issues);
+        }
+    }
+
+    private static void ValidateStep(
+        DbActionStep step,
+        string location,
+        string? eventName,
+        string? actionSequence,
+        int stepIndex,
+        HashSet<string> controlIds,
+        Dictionary<string, int> sequenceNames,
+        HashSet<string>? availableForms,
+        HashSet<string>? availableProcedures,
+        FormTableDefinition? schema,
+        FormActionRuntimeCapabilities capabilities,
+        List<FormActionValidationIssue> issues)
+    {
+        switch (step.Kind)
+        {
+            case DbActionKind.RunCommand:
+                if (string.IsNullOrWhiteSpace(step.CommandName))
+                    AddError(issues, step, location, "RunCommand action requires a command name.", eventName, actionSequence, stepIndex);
+                break;
+            case DbActionKind.SetFieldValue:
+                if (string.IsNullOrWhiteSpace(step.Target))
+                    AddError(issues, step, location, "SetFieldValue action requires a target field.", eventName, actionSequence, stepIndex);
+                break;
+            case DbActionKind.RunActionSequence:
+                ValidateRunActionSequence(step, location, eventName, actionSequence, stepIndex, sequenceNames, issues);
+                break;
+            case DbActionKind.OpenForm:
+                RequireCapability(capabilities.OpenForm, issues, step, location, "OpenForm", eventName, actionSequence, stepIndex);
+                ValidateOpenForm(step, location, eventName, actionSequence, stepIndex, availableForms, issues);
+                break;
+            case DbActionKind.CloseForm:
+                RequireCapability(capabilities.CloseForm, issues, step, location, "CloseForm", eventName, actionSequence, stepIndex);
+                break;
+            case DbActionKind.ApplyFilter:
+                RequireCapability(capabilities.ApplyFilter, issues, step, location, "ApplyFilter", eventName, actionSequence, stepIndex);
+                ValidateApplyFilter(step, location, eventName, actionSequence, stepIndex, controlIds, schema, issues);
+                break;
+            case DbActionKind.ClearFilter:
+                RequireCapability(capabilities.ClearFilter, issues, step, location, "ClearFilter", eventName, actionSequence, stepIndex);
+                ValidateOptionalControlTarget(step, location, eventName, actionSequence, stepIndex, controlIds, issues);
+                break;
+            case DbActionKind.RunSql:
+                RequireCapability(capabilities.RunSql, issues, step, location, "RunSql", eventName, actionSequence, stepIndex);
+                if (string.IsNullOrWhiteSpace(ReadText(step.Value) ?? ReadText(step.Target) ?? ReadArgumentText(step.Arguments, "sql", "name")))
+                    AddError(issues, step, location, "RunSql action requires SQL text or a named SQL operation.", eventName, actionSequence, stepIndex);
+                break;
+            case DbActionKind.RunProcedure:
+                RequireCapability(capabilities.RunProcedure, issues, step, location, "RunProcedure", eventName, actionSequence, stepIndex);
+                ValidateRunProcedure(step, location, eventName, actionSequence, stepIndex, availableProcedures, issues);
+                break;
+            case DbActionKind.SetControlProperty:
+                RequireCapability(capabilities.SetControlProperty, issues, step, location, "SetControlProperty", eventName, actionSequence, stepIndex);
+                ValidateControlProperty(step, location, eventName, actionSequence, stepIndex, controlIds, issues);
+                break;
+            case DbActionKind.SetControlVisibility:
+            case DbActionKind.SetControlEnabled:
+            case DbActionKind.SetControlReadOnly:
+                RequireCapability(capabilities.SetControlProperty, issues, step, location, step.Kind.ToString(), eventName, actionSequence, stepIndex);
+                ValidateRequiredControlTarget(step, location, eventName, actionSequence, stepIndex, controlIds, issues);
+                break;
+            case DbActionKind.NewRecord:
+            case DbActionKind.SaveRecord:
+            case DbActionKind.DeleteRecord:
+            case DbActionKind.RefreshRecords:
+            case DbActionKind.PreviousRecord:
+            case DbActionKind.NextRecord:
+            case DbActionKind.GoToRecord:
+                RequireCapability(capabilities.RecordActions, issues, step, location, step.Kind.ToString(), eventName, actionSequence, stepIndex);
+                break;
+        }
+    }
+
+    private static void ValidateRunActionSequence(
+        DbActionStep step,
+        string location,
+        string? eventName,
+        string? actionSequence,
+        int stepIndex,
+        Dictionary<string, int> sequenceNames,
+        List<FormActionValidationIssue> issues)
+    {
+        string? target = ReadSequenceName(step);
+        if (string.IsNullOrWhiteSpace(target))
+        {
+            AddError(issues, step, location, "RunActionSequence action requires a sequence name.", eventName, actionSequence, stepIndex);
+            return;
+        }
+
+        if (!sequenceNames.TryGetValue(target, out int count))
+        {
+            AddError(issues, step, location, $"Unknown form action sequence '{target}'.", eventName, actionSequence, stepIndex, target);
+            return;
+        }
+
+        if (count > 1)
+            AddError(issues, step, location, $"Form action sequence name '{target}' is ambiguous.", eventName, actionSequence, stepIndex, target);
+    }
+
+    private static void ValidateOpenForm(
+        DbActionStep step,
+        string location,
+        string? eventName,
+        string? actionSequence,
+        int stepIndex,
+        HashSet<string>? availableForms,
+        List<FormActionValidationIssue> issues)
+    {
+        string? formName = ReadText(step.Target)
+            ?? ReadText(step.Value)
+            ?? ReadArgumentText(step.Arguments, "formName", "form", "name");
+        if (string.IsNullOrWhiteSpace(formName))
+        {
+            AddError(issues, step, location, "OpenForm action requires a target form name.", eventName, actionSequence, stepIndex);
+            return;
+        }
+
+        if (availableForms is not null && !availableForms.Contains(formName))
+            AddError(issues, step, location, $"OpenForm target '{formName}' was not found.", eventName, actionSequence, stepIndex, formName);
+    }
+
+    private static void ValidateApplyFilter(
+        DbActionStep step,
+        string location,
+        string? eventName,
+        string? actionSequence,
+        int stepIndex,
+        HashSet<string> controlIds,
+        FormTableDefinition? schema,
+        List<FormActionValidationIssue> issues)
+    {
+        ValidateOptionalControlTarget(step, location, eventName, actionSequence, stepIndex, controlIds, issues);
+        string? filter = ReadText(step.Value) ?? ReadArgumentText(step.Arguments, "filter", "where");
+        string? target = ReadText(step.Target) ?? ReadArgumentText(step.Arguments, "target");
+        bool targetsForm = string.IsNullOrWhiteSpace(target) ||
+            string.Equals(target, "form", StringComparison.OrdinalIgnoreCase);
+        FormTableDefinition? filterSchema = targetsForm ? schema : null;
+        if (string.IsNullOrWhiteSpace(filter))
+            AddError(issues, step, location, "ApplyFilter action requires a filter expression.", eventName, actionSequence, stepIndex);
+        else if (!FormFilterExpression.TryParse(filter, filterSchema, out _, out string? filterError))
+            AddError(issues, step, location, $"ApplyFilter expression '{filter}' is malformed: {filterError}", eventName, actionSequence, stepIndex);
+    }
+
+    private static void ValidateRunProcedure(
+        DbActionStep step,
+        string location,
+        string? eventName,
+        string? actionSequence,
+        int stepIndex,
+        HashSet<string>? availableProcedures,
+        List<FormActionValidationIssue> issues)
+    {
+        string? procedureName = ReadText(step.Target)
+            ?? ReadText(step.Value)
+            ?? ReadArgumentText(step.Arguments, "procedureName", "procedure", "name");
+        if (string.IsNullOrWhiteSpace(procedureName))
+        {
+            AddError(issues, step, location, "RunProcedure action requires a procedure name.", eventName, actionSequence, stepIndex);
+            return;
+        }
+
+        if (availableProcedures is not null && !availableProcedures.Contains(procedureName))
+            AddError(issues, step, location, $"Procedure '{procedureName}' was not found.", eventName, actionSequence, stepIndex, procedureName);
+    }
+
+    private static void ValidateControlProperty(
+        DbActionStep step,
+        string location,
+        string? eventName,
+        string? actionSequence,
+        int stepIndex,
+        HashSet<string> controlIds,
+        List<FormActionValidationIssue> issues)
+    {
+        ValidateRequiredControlTarget(step, location, eventName, actionSequence, stepIndex, controlIds, issues);
+        string? property = ReadArgumentText(step.Arguments, "property", "propertyName");
+        if (string.IsNullOrWhiteSpace(property))
+        {
+            AddError(issues, step, location, "SetControlProperty action requires a property name.", eventName, actionSequence, stepIndex);
+            return;
+        }
+
+        if (!s_supportedControlProperties.Contains(property))
+            AddError(issues, step, location, $"Control property '{property}' is not supported.", eventName, actionSequence, stepIndex, step.Target);
+    }
+
+    private static void ValidateRequiredControlTarget(
+        DbActionStep step,
+        string location,
+        string? eventName,
+        string? actionSequence,
+        int stepIndex,
+        HashSet<string> controlIds,
+        List<FormActionValidationIssue> issues)
+    {
+        if (string.IsNullOrWhiteSpace(step.Target))
+        {
+            AddError(issues, step, location, $"{step.Kind} action requires a target control id.", eventName, actionSequence, stepIndex);
+            return;
+        }
+
+        if (!controlIds.Contains(step.Target))
+            AddError(issues, step, location, $"Unknown control '{step.Target}'.", eventName, actionSequence, stepIndex, step.Target);
+    }
+
+    private static void ValidateOptionalControlTarget(
+        DbActionStep step,
+        string location,
+        string? eventName,
+        string? actionSequence,
+        int stepIndex,
+        HashSet<string> controlIds,
+        List<FormActionValidationIssue> issues)
+    {
+        if (string.IsNullOrWhiteSpace(step.Target) ||
+            string.Equals(step.Target, "form", StringComparison.OrdinalIgnoreCase))
+        {
+            return;
+        }
+
+        if (!controlIds.Contains(step.Target))
+            AddError(issues, step, location, $"Unknown control '{step.Target}'.", eventName, actionSequence, stepIndex, step.Target);
+    }
+
+    private static void ValidateRules(
+        IReadOnlyList<ControlRuleDefinition>? rules,
+        HashSet<string> controlIds,
+        FormTableDefinition? schema,
+        List<FormActionValidationIssue> issues)
+    {
+        foreach (ControlRuleDefinition rule in rules ?? [])
+        {
+            string ruleId = string.IsNullOrWhiteSpace(rule.RuleId) ? "unnamed" : rule.RuleId.Trim();
+            string location = $"form.rules.{ruleId}";
+            if (string.IsNullOrWhiteSpace(rule.RuleId))
+            {
+                issues.Add(new FormActionValidationIssue(
+                    FormActionValidationSeverity.Error,
+                    DbActionKind.SetControlProperty,
+                    "admin.forms",
+                    location,
+                    "Control rule requires a rule id."));
+            }
+
+            if (string.IsNullOrWhiteSpace(rule.Condition))
+            {
+                issues.Add(new FormActionValidationIssue(
+                    FormActionValidationSeverity.Error,
+                    DbActionKind.SetControlProperty,
+                    "admin.forms",
+                    location,
+                    $"Control rule '{ruleId}' requires a condition."));
+            }
+            else if (schema is not null)
+            {
+                var values = schema.Fields.ToDictionary(
+                    static field => field.Name,
+                    static _ => (object?)null,
+                    StringComparer.OrdinalIgnoreCase);
+                if (!FormActionConditionEvaluator.TryEvaluate(rule.Condition, values, null, null, null, out _, out string? conditionError))
+                {
+                    issues.Add(new FormActionValidationIssue(
+                        FormActionValidationSeverity.Error,
+                        DbActionKind.SetControlProperty,
+                        "admin.forms",
+                        location,
+                        $"Control rule '{ruleId}' condition is malformed: {conditionError}"));
+                }
+            }
+
+            if (rule.Effects.Count == 0)
+            {
+                issues.Add(new FormActionValidationIssue(
+                    FormActionValidationSeverity.Error,
+                    DbActionKind.SetControlProperty,
+                    "admin.forms",
+                    location,
+                    $"Control rule '{ruleId}' requires at least one effect."));
+            }
+
+            for (int i = 0; i < rule.Effects.Count; i++)
+            {
+                ControlRuleEffect effect = rule.Effects[i];
+                string effectLocation = $"{location}.effects[{i}]";
+                if (string.IsNullOrWhiteSpace(effect.ControlId) || !controlIds.Contains(effect.ControlId))
+                {
+                    issues.Add(new FormActionValidationIssue(
+                        FormActionValidationSeverity.Error,
+                        DbActionKind.SetControlProperty,
+                        "admin.forms",
+                        effectLocation,
+                        $"Control rule '{ruleId}' targets unknown control '{effect.ControlId}'.",
+                        Target: effect.ControlId));
+                }
+
+                if (string.IsNullOrWhiteSpace(effect.Property) || !s_supportedControlProperties.Contains(effect.Property))
+                {
+                    issues.Add(new FormActionValidationIssue(
+                        FormActionValidationSeverity.Error,
+                        DbActionKind.SetControlProperty,
+                        "admin.forms",
+                        effectLocation,
+                        $"Control rule '{ruleId}' uses unsupported property '{effect.Property}'.",
+                        Target: effect.ControlId));
+                }
+            }
+        }
+    }
+
+    private static void RequireCapability(
+        bool capability,
+        List<FormActionValidationIssue> issues,
+        DbActionStep step,
+        string location,
+        string actionName,
+        string? eventName,
+        string? actionSequence,
+        int stepIndex)
+    {
+        if (capability)
+            return;
+
+        issues.Add(new FormActionValidationIssue(
+            FormActionValidationSeverity.Warning,
+            step.Kind,
+            "admin.forms",
+            location,
+            $"{actionName} action requires a rendered form runtime capability.",
+            Target: step.Target,
+            EventName: eventName,
+            ActionSequence: actionSequence,
+            StepIndex: stepIndex));
+    }
+
+    private static void AddError(
+        List<FormActionValidationIssue> issues,
+        DbActionStep step,
+        string location,
+        string message,
+        string? eventName,
+        string? actionSequence,
+        int stepIndex,
+        string? target = null)
+        => issues.Add(new FormActionValidationIssue(
+            FormActionValidationSeverity.Error,
+            step.Kind,
+            "admin.forms",
+            location,
+            message,
+            Target: target ?? step.Target,
+            EventName: eventName,
+            ActionSequence: actionSequence,
+            StepIndex: stepIndex));
+
+    private static string? ReadSequenceName(DbActionStep step)
+    {
+        if (!string.IsNullOrWhiteSpace(step.SequenceName))
+            return step.SequenceName.Trim();
+
+        if (!string.IsNullOrWhiteSpace(step.Target))
+            return step.Target.Trim();
+
+        return ReadArgumentText(step.Arguments, "sequenceName", "sequence", "name");
+    }
+
+    private static string? ReadText(object? value)
+        => NormalizeValue(value)?.ToString()?.Trim();
+
+    private static string? ReadArgumentText(
+        IReadOnlyDictionary<string, object?>? arguments,
+        params string[] keys)
+    {
+        if (arguments is null)
+            return null;
+
+        foreach (string key in keys)
+        {
+            if (arguments.TryGetValue(key, out object? value))
+            {
+                string? text = ReadText(value);
+                if (!string.IsNullOrWhiteSpace(text))
+                    return text;
+            }
+        }
+
+        return null;
+    }
+
+    private static object? NormalizeValue(object? value)
+        => value is JsonElement json ? NormalizeJsonValue(json) : value;
+
+    private static object? NormalizeJsonValue(JsonElement value)
+        => value.ValueKind switch
+        {
+            JsonValueKind.Null => null,
+            JsonValueKind.True => true,
+            JsonValueKind.False => false,
+            JsonValueKind.String => value.GetString(),
+            JsonValueKind.Number => value.TryGetInt64(out long integer) ? integer : value.GetDouble(),
+            _ => value.ToString(),
+        };
+
+    private static bool HasBalancedBracketsAndQuotes(string filter)
+    {
+        int bracketDepth = 0;
+        bool inString = false;
+        for (int i = 0; i < filter.Length; i++)
+        {
+            char ch = filter[i];
+            if (ch == '\'')
+            {
+                inString = !inString;
+                continue;
+            }
+
+            if (inString)
+                continue;
+
+            if (ch == '[')
+            {
+                bracketDepth++;
+                continue;
+            }
+
+            if (ch == ']')
+            {
+                bracketDepth--;
+                if (bracketDepth < 0)
+                    return false;
+            }
+        }
+
+        return bracketDepth == 0 && !inString;
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/FormActionSequenceExecutor.cs b/src/CSharpDB.Admin.Forms/Services/FormActionSequenceExecutor.cs
new file mode 100644
index 00000000..f720d9f2
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/FormActionSequenceExecutor.cs
@@ -0,0 +1,883 @@
+using System.Globalization;
+using System.Text.Json;
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+internal static class FormActionSequenceExecutor
+{
+    private const int MaxNestedActionSequenceDepth = 8;
+
+    public static async Task<FormEventDispatchResult> ExecuteAsync(
+        DbActionSequence sequence,
+        DbCommandRegistry commands,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IReadOnlyList<DbActionSequence>? reusableSequences = null,
+        Func<string, object?, Task>? setFieldValue = null,
+        Func<string, Task>? showMessage = null,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction = null,
+        IFormActionRuntime? actionRuntime = null,
+        DbExtensionPolicy? callbackPolicy = null,
+        CancellationToken ct = default)
+    {
+        ArgumentNullException.ThrowIfNull(sequence);
+        ArgumentNullException.ThrowIfNull(commands);
+        ArgumentNullException.ThrowIfNull(metadata);
+
+        return await ExecuteCoreAsync(
+            sequence,
+            commands,
+            record,
+            bindingArguments,
+            runtimeArguments,
+            metadata,
+            reusableSequences,
+            setFieldValue,
+            showMessage,
+            executeBuiltInFormAction,
+            actionRuntime ?? NullFormActionRuntime.Instance,
+            callbackPolicy ?? DbExtensionPolicies.DefaultHostCallbackPolicy,
+            ct,
+            depth: 0);
+    }
+
+    private static async Task<FormEventDispatchResult> ExecuteCoreAsync(
+        DbActionSequence sequence,
+        DbCommandRegistry commands,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IReadOnlyList<DbActionSequence>? reusableSequences,
+        Func<string, object?, Task>? setFieldValue,
+        Func<string, Task>? showMessage,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        IFormActionRuntime actionRuntime,
+        DbExtensionPolicy callbackPolicy,
+        CancellationToken ct,
+        int depth)
+    {
+        IReadOnlyList<DbActionStep> steps = sequence.Steps ?? [];
+        string? lastMessage = null;
+        for (int i = 0; i < steps.Count; i++)
+        {
+            DbActionStep step = steps[i];
+            FormEventDispatchResult result = await ExecuteStepAsync(
+                sequence,
+                step,
+                i,
+                commands,
+                callbackPolicy,
+                record,
+                bindingArguments,
+                runtimeArguments,
+                metadata,
+                reusableSequences,
+                setFieldValue,
+                showMessage,
+                executeBuiltInFormAction,
+                actionRuntime,
+                ct,
+                depth);
+
+            if (!result.Succeeded && step.StopOnFailure)
+                return result;
+
+            if (result.Succeeded && !string.IsNullOrWhiteSpace(result.Message))
+                lastMessage = result.Message;
+
+            if (step.Kind == DbActionKind.Stop)
+                return result;
+        }
+
+        return FormEventDispatchResult.Success(lastMessage);
+    }
+
+    private static async Task<FormEventDispatchResult> ExecuteStepAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        DbCommandRegistry commands,
+        DbExtensionPolicy callbackPolicy,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IReadOnlyList<DbActionSequence>? reusableSequences,
+        Func<string, object?, Task>? setFieldValue,
+        Func<string, Task>? showMessage,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        IFormActionRuntime actionRuntime,
+        CancellationToken ct,
+        int depth)
+    {
+        bool diagnosticsEnabled = FormActionDiagnostics.IsInvocationEnabled;
+        long started = diagnosticsEnabled ? FormActionDiagnostics.GetTimestamp() : 0;
+        Dictionary<string, string>? stepMetadata = diagnosticsEnabled
+            ? BuildStepMetadata(sequence, step, stepIndex, metadata)
+            : null;
+
+        try
+        {
+            FormEventDispatchResult result = await ExecuteStepCoreAsync(
+                sequence,
+                step,
+                stepIndex,
+                commands,
+                callbackPolicy,
+                record,
+                bindingArguments,
+                runtimeArguments,
+                metadata,
+                reusableSequences,
+                setFieldValue,
+                showMessage,
+                executeBuiltInFormAction,
+                actionRuntime,
+                ct,
+                depth);
+
+            WriteActionDiagnostic(step, stepMetadata, started, result, canceled: false, exceptionMessage: null);
+            return result;
+        }
+        catch (OperationCanceledException) when (ct.IsCancellationRequested)
+        {
+            WriteActionDiagnostic(
+                step,
+                stepMetadata,
+                started,
+                FormEventDispatchResult.Failure($"Form action '{step.Kind}' was canceled."),
+                canceled: true,
+                exceptionMessage: null);
+            throw;
+        }
+        catch (Exception ex)
+        {
+            FormEventDispatchResult result = FormEventDispatchResult.Failure(
+                $"Form action '{step.Kind}' failed: {ex.Message}");
+            WriteActionDiagnostic(step, stepMetadata, started, result, canceled: false, ex.Message);
+            return result;
+        }
+    }
+
+    private static async Task<FormEventDispatchResult> ExecuteStepCoreAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        DbCommandRegistry commands,
+        DbExtensionPolicy callbackPolicy,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IReadOnlyList<DbActionSequence>? reusableSequences,
+        Func<string, object?, Task>? setFieldValue,
+        Func<string, Task>? showMessage,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        IFormActionRuntime actionRuntime,
+        CancellationToken ct,
+        int depth)
+    {
+        if (!FormActionConditionEvaluator.TryEvaluate(
+            step.Condition,
+            record,
+            bindingArguments,
+            runtimeArguments,
+            step.Arguments,
+            out bool shouldRun,
+            out string? conditionError))
+        {
+            return FormEventDispatchResult.Failure(
+                $"Form action '{step.Kind}' condition failed: {conditionError}");
+        }
+
+        if (!shouldRun)
+            return FormEventDispatchResult.Success();
+
+        return step.Kind switch
+        {
+            DbActionKind.RunCommand => await RunCommandAsync(sequence, step, stepIndex, commands, callbackPolicy, record, bindingArguments, runtimeArguments, metadata, ct),
+            DbActionKind.SetFieldValue => await SetFieldValueAsync(step, record, setFieldValue),
+            DbActionKind.ShowMessage => await ShowMessageAsync(step, showMessage),
+            DbActionKind.Stop => FormEventDispatchResult.Success(ReadMessage(step)),
+            DbActionKind.RunActionSequence => await RunActionSequenceAsync(
+                step,
+                commands,
+                record,
+                bindingArguments,
+                runtimeArguments,
+                metadata,
+                reusableSequences,
+                setFieldValue,
+                showMessage,
+                executeBuiltInFormAction,
+                actionRuntime,
+                callbackPolicy,
+                ct,
+                depth),
+            DbActionKind.OpenForm => await OpenFormAsync(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            DbActionKind.CloseForm => await CloseFormAsync(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            DbActionKind.ApplyFilter => await ApplyFilterAsync(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            DbActionKind.ClearFilter => await ClearFilterAsync(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            DbActionKind.RunSql => await RunSqlAsync(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            DbActionKind.RunProcedure => await RunProcedureAsync(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            DbActionKind.SetControlProperty => await SetControlPropertyAsync(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            DbActionKind.SetControlVisibility => await SetSpecificControlPropertyAsync(sequence, step, stepIndex, "visible", record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            DbActionKind.SetControlEnabled => await SetSpecificControlPropertyAsync(sequence, step, stepIndex, "enabled", record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            DbActionKind.SetControlReadOnly => await SetSpecificControlPropertyAsync(sequence, step, stepIndex, "readOnly", record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            DbActionKind.NewRecord or
+            DbActionKind.SaveRecord or
+            DbActionKind.DeleteRecord or
+            DbActionKind.RefreshRecords or
+            DbActionKind.PreviousRecord or
+            DbActionKind.NextRecord or
+            DbActionKind.GoToRecord => await ExecuteRecordActionAsync(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata, actionRuntime, executeBuiltInFormAction, ct),
+            _ => FormEventDispatchResult.Failure($"Unsupported form action kind '{step.Kind}'."),
+        };
+    }
+
+    private static void WriteActionDiagnostic(
+        DbActionStep step,
+        IReadOnlyDictionary<string, string>? metadata,
+        long started,
+        FormEventDispatchResult result,
+        bool canceled,
+        string? exceptionMessage)
+    {
+        if (metadata is null)
+            return;
+
+        FormActionDiagnostics.WriteInvocation(
+            step.Kind,
+            step.Target,
+            metadata,
+            FormActionDiagnostics.GetElapsedTime(started),
+            result.Succeeded,
+            canceled,
+            result.Message,
+            exceptionMessage);
+    }
+
+    private static Task<FormEventDispatchResult> ExecuteRecordActionAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IFormActionRuntime actionRuntime,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        CancellationToken ct)
+    {
+        if (executeBuiltInFormAction is not null && actionRuntime is NullFormActionRuntime)
+            return executeBuiltInFormAction(step, ct);
+
+        return actionRuntime.ExecuteRecordActionAsync(
+            BuildRuntimeContext(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata),
+            step,
+            ct);
+    }
+
+    private static Task<FormEventDispatchResult> OpenFormAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IFormActionRuntime actionRuntime,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        CancellationToken ct)
+    {
+        if (executeBuiltInFormAction is not null && actionRuntime is NullFormActionRuntime)
+            return executeBuiltInFormAction(step, ct);
+
+        IReadOnlyDictionary<string, object?> arguments = NormalizeArguments(step.Arguments);
+        string? formName = ReadText(step.Target)
+            ?? ReadText(step.Value)
+            ?? ReadArgumentText(arguments, "formName", "form", "name");
+        if (string.IsNullOrWhiteSpace(formName))
+            return Task.FromResult(FormEventDispatchResult.Failure("OpenForm action requires a target form name."));
+
+        return actionRuntime.OpenFormAsync(
+            BuildRuntimeContext(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata),
+            formName,
+            arguments,
+            ct);
+    }
+
+    private static Task<FormEventDispatchResult> CloseFormAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IFormActionRuntime actionRuntime,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        CancellationToken ct)
+    {
+        if (executeBuiltInFormAction is not null && actionRuntime is NullFormActionRuntime)
+            return executeBuiltInFormAction(step, ct);
+
+        IReadOnlyDictionary<string, object?> arguments = NormalizeArguments(step.Arguments);
+        string? formName = ReadText(step.Target)
+            ?? ReadText(step.Value)
+            ?? ReadArgumentText(arguments, "formName", "form", "name");
+
+        return actionRuntime.CloseFormAsync(
+            BuildRuntimeContext(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata),
+            formName,
+            ct);
+    }
+
+    private static Task<FormEventDispatchResult> ApplyFilterAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IFormActionRuntime actionRuntime,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        CancellationToken ct)
+    {
+        if (executeBuiltInFormAction is not null && actionRuntime is NullFormActionRuntime)
+            return executeBuiltInFormAction(step, ct);
+
+        IReadOnlyDictionary<string, object?> arguments = NormalizeArguments(step.Arguments);
+        string target = ReadText(step.Target)
+            ?? ReadArgumentText(arguments, "target")
+            ?? "form";
+        string? filter = ReadText(step.Value)
+            ?? ReadArgumentText(arguments, "filter", "where");
+        if (string.IsNullOrWhiteSpace(filter))
+            return Task.FromResult(FormEventDispatchResult.Failure("ApplyFilter action requires a filter expression."));
+
+        return actionRuntime.ApplyFilterAsync(
+            BuildRuntimeContext(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata),
+            target,
+            filter,
+            arguments,
+            ct);
+    }
+
+    private static Task<FormEventDispatchResult> ClearFilterAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IFormActionRuntime actionRuntime,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        CancellationToken ct)
+    {
+        if (executeBuiltInFormAction is not null && actionRuntime is NullFormActionRuntime)
+            return executeBuiltInFormAction(step, ct);
+
+        IReadOnlyDictionary<string, object?> arguments = NormalizeArguments(step.Arguments);
+        string target = ReadText(step.Target)
+            ?? ReadArgumentText(arguments, "target")
+            ?? "form";
+
+        return actionRuntime.ClearFilterAsync(
+            BuildRuntimeContext(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata),
+            target,
+            ct);
+    }
+
+    private static Task<FormEventDispatchResult> RunSqlAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IFormActionRuntime actionRuntime,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        CancellationToken ct)
+    {
+        if (executeBuiltInFormAction is not null && actionRuntime is NullFormActionRuntime)
+            return executeBuiltInFormAction(step, ct);
+
+        IReadOnlyDictionary<string, object?> arguments = NormalizeArguments(step.Arguments);
+        string? sqlOrName = ReadText(step.Value)
+            ?? ReadText(step.Target)
+            ?? ReadArgumentText(arguments, "sql", "name");
+        if (string.IsNullOrWhiteSpace(sqlOrName))
+            return Task.FromResult(FormEventDispatchResult.Failure("RunSql action requires SQL text or a named SQL operation."));
+
+        return actionRuntime.RunSqlAsync(
+            BuildRuntimeContext(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata),
+            sqlOrName,
+            arguments,
+            ct);
+    }
+
+    private static Task<FormEventDispatchResult> RunProcedureAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IFormActionRuntime actionRuntime,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        CancellationToken ct)
+    {
+        if (executeBuiltInFormAction is not null && actionRuntime is NullFormActionRuntime)
+            return executeBuiltInFormAction(step, ct);
+
+        IReadOnlyDictionary<string, object?> arguments = NormalizeArguments(step.Arguments);
+        string? procedureName = ReadText(step.Target)
+            ?? ReadText(step.Value)
+            ?? ReadArgumentText(arguments, "procedureName", "procedure", "name");
+        if (string.IsNullOrWhiteSpace(procedureName))
+            return Task.FromResult(FormEventDispatchResult.Failure("RunProcedure action requires a procedure name."));
+
+        return actionRuntime.RunProcedureAsync(
+            BuildRuntimeContext(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata),
+            procedureName,
+            arguments,
+            ct);
+    }
+
+    private static Task<FormEventDispatchResult> SetControlPropertyAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IFormActionRuntime actionRuntime,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        CancellationToken ct)
+    {
+        IReadOnlyDictionary<string, object?> arguments = NormalizeArguments(step.Arguments);
+        string? propertyName = ReadArgumentText(arguments, "property", "propertyName");
+        return SetControlPropertyCoreAsync(
+            sequence,
+            step,
+            stepIndex,
+            propertyName,
+            ReadValue(step, arguments),
+            record,
+            bindingArguments,
+            runtimeArguments,
+            metadata,
+            actionRuntime,
+            executeBuiltInFormAction,
+            ct);
+    }
+
+    private static Task<FormEventDispatchResult> SetSpecificControlPropertyAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        string propertyName,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IFormActionRuntime actionRuntime,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        CancellationToken ct)
+    {
+        IReadOnlyDictionary<string, object?> arguments = NormalizeArguments(step.Arguments);
+        return SetControlPropertyCoreAsync(
+            sequence,
+            step,
+            stepIndex,
+            propertyName,
+            ReadValue(step, arguments),
+            record,
+            bindingArguments,
+            runtimeArguments,
+            metadata,
+            actionRuntime,
+            executeBuiltInFormAction,
+            ct);
+    }
+
+    private static Task<FormEventDispatchResult> SetControlPropertyCoreAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        string? propertyName,
+        object? value,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IFormActionRuntime actionRuntime,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        CancellationToken ct)
+    {
+        if (executeBuiltInFormAction is not null && actionRuntime is NullFormActionRuntime)
+            return executeBuiltInFormAction(step, ct);
+
+        string? controlId = ReadText(step.Target);
+        if (string.IsNullOrWhiteSpace(controlId))
+            return Task.FromResult(FormEventDispatchResult.Failure($"{step.Kind} action requires a target control id."));
+
+        if (string.IsNullOrWhiteSpace(propertyName))
+            return Task.FromResult(FormEventDispatchResult.Failure("SetControlProperty action requires a property name."));
+
+        return actionRuntime.SetControlPropertyAsync(
+            BuildRuntimeContext(sequence, step, stepIndex, record, bindingArguments, runtimeArguments, metadata),
+            controlId,
+            propertyName,
+            value,
+            ct);
+    }
+
+    private static async Task<FormEventDispatchResult> RunCommandAsync(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        DbCommandRegistry commands,
+        DbExtensionPolicy callbackPolicy,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        CancellationToken ct)
+    {
+        if (string.IsNullOrWhiteSpace(step.CommandName))
+            return FormEventDispatchResult.Failure("RunCommand action requires a command name.");
+
+        if (!commands.TryGetCommand(step.CommandName, out DbCommandDefinition definition))
+        {
+            Dictionary<string, string> missingMetadata = BuildStepMetadata(sequence, step, stepIndex, metadata);
+            string message = $"Unknown form command '{step.CommandName}' for action sequence.";
+            DbCallbackDiagnostics.WriteMissingCommandInvocation(step.CommandName, missingMetadata, message);
+            return FormEventDispatchResult.Failure(message);
+        }
+
+        Dictionary<string, DbValue> arguments = DbCommandArguments.FromObjectDictionaries(
+            record,
+            bindingArguments,
+            runtimeArguments,
+            step.Arguments);
+        Dictionary<string, string> stepMetadata = BuildStepMetadata(sequence, step, stepIndex, metadata);
+
+        try
+        {
+            DbCommandResult result = await definition.InvokeAsync(
+                arguments,
+                stepMetadata,
+                callbackPolicy,
+                DbExtensionHostMode.Embedded,
+                ct);
+            if (result.Succeeded)
+                return FormEventDispatchResult.Success(result.Message);
+
+            string message = string.IsNullOrWhiteSpace(result.Message)
+                ? $"Action command '{definition.Name}' failed."
+                : result.Message;
+            return FormEventDispatchResult.Failure(message);
+        }
+        catch (OperationCanceledException) when (ct.IsCancellationRequested)
+        {
+            throw;
+        }
+        catch (Exception ex)
+        {
+            return FormEventDispatchResult.Failure(
+                $"Action command '{definition.Name}' failed: {ex.Message}");
+        }
+    }
+
+    private static async Task<FormEventDispatchResult> RunActionSequenceAsync(
+        DbActionStep step,
+        DbCommandRegistry commands,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata,
+        IReadOnlyList<DbActionSequence>? reusableSequences,
+        Func<string, object?, Task>? setFieldValue,
+        Func<string, Task>? showMessage,
+        Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>? executeBuiltInFormAction,
+        IFormActionRuntime actionRuntime,
+        DbExtensionPolicy callbackPolicy,
+        CancellationToken ct,
+        int depth)
+    {
+        string? sequenceName = ReadSequenceName(step);
+        if (string.IsNullOrWhiteSpace(sequenceName))
+            return FormEventDispatchResult.Failure("RunActionSequence action requires a sequence name.");
+
+        if (depth >= MaxNestedActionSequenceDepth)
+            return FormEventDispatchResult.Failure(
+                $"Action sequence nesting limit exceeded while running '{sequenceName}'.");
+
+        IReadOnlyList<DbActionSequence> matches = (reusableSequences ?? [])
+            .Where(sequence => string.Equals(sequence.Name, sequenceName, StringComparison.OrdinalIgnoreCase))
+            .Take(2)
+            .ToList();
+
+        if (matches.Count == 0)
+            return FormEventDispatchResult.Failure($"Unknown form action sequence '{sequenceName}'.");
+
+        if (matches.Count > 1)
+            return FormEventDispatchResult.Failure($"Form action sequence name '{sequenceName}' is ambiguous.");
+
+        IReadOnlyDictionary<string, object?>? nestedRuntimeArguments =
+            MergeRuntimeArguments(runtimeArguments, step.Arguments);
+
+        return await ExecuteCoreAsync(
+            matches[0],
+            commands,
+            record,
+            bindingArguments,
+            nestedRuntimeArguments,
+            metadata,
+            reusableSequences,
+            setFieldValue,
+            showMessage,
+            executeBuiltInFormAction,
+            actionRuntime,
+            callbackPolicy,
+            ct,
+            depth + 1);
+    }
+
+    private static async Task<FormEventDispatchResult> SetFieldValueAsync(
+        DbActionStep step,
+        IReadOnlyDictionary<string, object?>? record,
+        Func<string, object?, Task>? setFieldValue)
+    {
+        if (string.IsNullOrWhiteSpace(step.Target))
+            return FormEventDispatchResult.Failure("SetFieldValue action requires a target field.");
+
+        object? value = step.Value is null && step.Arguments?.TryGetValue("value", out object? argumentValue) == true
+            ? NormalizeValue(argumentValue)
+            : NormalizeValue(step.Value);
+        if (setFieldValue is not null)
+        {
+            await setFieldValue(step.Target, value);
+            return FormEventDispatchResult.Success();
+        }
+
+        if (record is IDictionary<string, object?> mutableRecord)
+        {
+            string key = mutableRecord.Keys.FirstOrDefault(candidate => string.Equals(candidate, step.Target, StringComparison.OrdinalIgnoreCase))
+                ?? step.Target;
+            mutableRecord[key] = value;
+            return FormEventDispatchResult.Success();
+        }
+
+        return FormEventDispatchResult.Failure(
+            $"SetFieldValue action could not update field '{step.Target}' because the current record is read-only.");
+    }
+
+    private static async Task<FormEventDispatchResult> ShowMessageAsync(
+        DbActionStep step,
+        Func<string, Task>? showMessage)
+    {
+        string message = ReadMessage(step) ?? string.Empty;
+        if (string.IsNullOrWhiteSpace(message))
+            return FormEventDispatchResult.Failure("ShowMessage action requires a message.");
+
+        if (showMessage is not null)
+            await showMessage(message);
+
+        return FormEventDispatchResult.Success(message);
+    }
+
+    private static Dictionary<string, string> BuildStepMetadata(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        IReadOnlyDictionary<string, string> metadata)
+    {
+        var result = new Dictionary<string, string>(metadata, StringComparer.OrdinalIgnoreCase)
+        {
+            ["actionKind"] = step.Kind.ToString(),
+            ["actionStep"] = stepIndex.ToString(CultureInfo.InvariantCulture),
+        };
+
+        if (!string.IsNullOrWhiteSpace(sequence.Name))
+            result["actionSequence"] = sequence.Name;
+
+        if (!string.IsNullOrWhiteSpace(step.Target))
+            result["actionTarget"] = step.Target;
+
+        if (!string.IsNullOrWhiteSpace(step.Condition))
+            result["actionCondition"] = step.Condition;
+
+        string? sequenceName = ReadSequenceName(step);
+        if (!string.IsNullOrWhiteSpace(sequenceName))
+            result["actionSequenceTarget"] = sequenceName;
+
+        return result;
+    }
+
+    private static FormActionRuntimeContext BuildRuntimeContext(
+        DbActionSequence sequence,
+        DbActionStep step,
+        int stepIndex,
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? bindingArguments,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, string> metadata)
+    {
+        Dictionary<string, string> stepMetadata = BuildStepMetadata(sequence, step, stepIndex, metadata);
+        return new FormActionRuntimeContext(
+            ReadMetadata(stepMetadata, "formId"),
+            ReadMetadata(stepMetadata, "formName"),
+            ReadMetadata(stepMetadata, "tableName"),
+            ReadMetadata(stepMetadata, "event"),
+            string.IsNullOrWhiteSpace(sequence.Name) ? null : sequence.Name,
+            stepIndex,
+            record,
+            bindingArguments,
+            runtimeArguments,
+            NormalizeArguments(step.Arguments),
+            stepMetadata);
+    }
+
+    private static string? ReadMetadata(IReadOnlyDictionary<string, string> metadata, string key)
+        => metadata.TryGetValue(key, out string? value) && !string.IsNullOrWhiteSpace(value)
+            ? value
+            : null;
+
+    private static string? ReadSequenceName(DbActionStep step)
+    {
+        if (!string.IsNullOrWhiteSpace(step.SequenceName))
+            return step.SequenceName.Trim();
+
+        if (!string.IsNullOrWhiteSpace(step.Target))
+            return step.Target.Trim();
+
+        if (step.Arguments is null)
+            return null;
+
+        foreach (string key in new[] { "sequenceName", "sequence", "name" })
+        {
+            if (step.Arguments.TryGetValue(key, out object? value))
+                return NormalizeValue(value)?.ToString();
+        }
+
+        return null;
+    }
+
+    private static IReadOnlyDictionary<string, object?>? MergeRuntimeArguments(
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, object?>? stepArguments)
+    {
+        if (stepArguments is null || stepArguments.Count == 0)
+            return runtimeArguments;
+
+        var merged = runtimeArguments is null
+            ? new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+            : new Dictionary<string, object?>(runtimeArguments, StringComparer.OrdinalIgnoreCase);
+
+        foreach ((string key, object? value) in stepArguments)
+            merged[key] = NormalizeValue(value);
+
+        return merged;
+    }
+
+    private static IReadOnlyDictionary<string, object?> NormalizeArguments(
+        IReadOnlyDictionary<string, object?>? arguments)
+    {
+        if (arguments is null || arguments.Count == 0)
+            return EmptyObjectDictionary.Instance;
+
+        var result = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+        foreach ((string key, object? value) in arguments)
+        {
+            if (!string.IsNullOrWhiteSpace(key))
+                result[key] = NormalizeValue(value);
+        }
+
+        return result;
+    }
+
+    private static object? ReadValue(DbActionStep step, IReadOnlyDictionary<string, object?> arguments)
+        => step.Value is null && arguments.TryGetValue("value", out object? argumentValue)
+            ? argumentValue
+            : NormalizeValue(step.Value);
+
+    private static string? ReadText(object? value)
+        => NormalizeValue(value)?.ToString()?.Trim();
+
+    private static string? ReadArgumentText(
+        IReadOnlyDictionary<string, object?> arguments,
+        params string[] keys)
+    {
+        foreach (string key in keys)
+        {
+            if (arguments.TryGetValue(key, out object? value))
+            {
+                string? text = ReadText(value);
+                if (!string.IsNullOrWhiteSpace(text))
+                    return text;
+            }
+        }
+
+        return null;
+    }
+
+    private static string? ReadMessage(DbActionStep step)
+    {
+        if (!string.IsNullOrWhiteSpace(step.Message))
+            return step.Message;
+
+        if (step.Value is string text)
+            return text;
+
+        if (step.Value is JsonElement { ValueKind: JsonValueKind.String } json)
+            return json.GetString();
+
+        return null;
+    }
+
+    private static object? NormalizeValue(object? value)
+    {
+        return value switch
+        {
+            JsonElement json => NormalizeJsonValue(json),
+            _ => value,
+        };
+    }
+
+    private static object? NormalizeJsonValue(JsonElement value)
+    {
+        return value.ValueKind switch
+        {
+            JsonValueKind.Null => null,
+            JsonValueKind.True => true,
+            JsonValueKind.False => false,
+            JsonValueKind.String => value.GetString(),
+            JsonValueKind.Number => value.TryGetInt64(out long integer) ? integer : value.GetDouble(),
+            JsonValueKind.Object => value.EnumerateObject().ToDictionary(
+                static property => property.Name,
+                static property => NormalizeJsonValue(property.Value),
+                StringComparer.OrdinalIgnoreCase),
+            JsonValueKind.Array => value.EnumerateArray().Select(NormalizeJsonValue).ToArray(),
+            _ => value.ToString(),
+        };
+    }
+
+    private static class EmptyObjectDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, object?> Instance =
+            new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/FormAutomationMetadata.cs b/src/CSharpDB.Admin.Forms/Services/FormAutomationMetadata.cs
new file mode 100644
index 00000000..c6bd735c
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/FormAutomationMetadata.cs
@@ -0,0 +1,131 @@
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Evaluation;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+public static class FormAutomationMetadata
+{
+    private const string Surface = "admin.forms";
+    private static readonly string[] IgnoredFormulaFunctions =
+        FormulaEvaluator.BuiltInFunctionNames.Concat(["SUM", "COUNT", "AVG", "MIN", "MAX"]).ToArray();
+    private static readonly HashSet<string> BuiltInValidationRuleIds = new(StringComparer.OrdinalIgnoreCase)
+    {
+        "required",
+        "maxLength",
+        "range",
+        "regex",
+        "oneOf",
+    };
+
+    public static FormDefinition NormalizeForExport(FormDefinition form)
+    {
+        ArgumentNullException.ThrowIfNull(form);
+
+        DbAutomationMetadata metadata = Build(form);
+        return form with { Automation = metadata.IsEmpty ? null : metadata };
+    }
+
+    public static DbAutomationMetadata Build(FormDefinition form)
+    {
+        ArgumentNullException.ThrowIfNull(form);
+
+        var builder = new DbAutomationMetadataBuilder();
+        foreach (FormEventBinding binding in form.EventBindings ?? [])
+        {
+            string bindingLocation = $"form.events.{binding.Event}";
+            builder.AddCommand(binding.CommandName, Surface, bindingLocation);
+            AddActionSequence(builder, binding.ActionSequence, bindingLocation);
+        }
+
+        foreach (DbActionSequence sequence in form.ActionSequences ?? [])
+        {
+            string sequenceLocation = string.IsNullOrWhiteSpace(sequence.Name)
+                ? "form.actionSequences.unnamed"
+                : $"form.actionSequences.{sequence.Name}";
+            AddActionSequence(builder, sequence, sequenceLocation);
+        }
+
+        AddValidationRules(builder, form.ValidationRules, "form.validationRules");
+
+        foreach (ControlDefinition control in form.Controls)
+        {
+            AddCommandButton(builder, control);
+            AddComputedFormula(builder, control);
+            AddValidationRules(builder, control.ValidationOverride?.AddRules, $"controls.{control.ControlId}.validationRules");
+            foreach (ControlEventBinding binding in control.EventBindings ?? [])
+            {
+                string bindingLocation = $"controls.{control.ControlId}.events.{binding.Event}";
+                builder.AddCommand(binding.CommandName, Surface, bindingLocation);
+                AddActionSequence(builder, binding.ActionSequence, bindingLocation);
+            }
+        }
+
+        return builder.Build();
+    }
+
+    private static void AddCommandButton(DbAutomationMetadataBuilder builder, ControlDefinition control)
+    {
+        if (!string.Equals(control.ControlType, "commandButton", StringComparison.OrdinalIgnoreCase))
+            return;
+
+        if (control.Props.Values.TryGetValue("commandName", out object? commandName))
+            builder.AddCommand(commandName?.ToString(), Surface, $"controls.{control.ControlId}.commandButton.click");
+    }
+
+    private static void AddComputedFormula(DbAutomationMetadataBuilder builder, ControlDefinition control)
+    {
+        if (!string.Equals(control.ControlType, "computed", StringComparison.OrdinalIgnoreCase))
+            return;
+
+        if (!control.Props.Values.TryGetValue("formula", out object? formula) || formula is null)
+            return;
+
+        AddScalarFunctions(builder, formula.ToString(), $"controls.{control.ControlId}.formula");
+    }
+
+    private static void AddActionSequence(
+        DbAutomationMetadataBuilder builder,
+        DbActionSequence? sequence,
+        string bindingLocation)
+    {
+        if (sequence is null)
+            return;
+
+        string sequenceLocation = string.IsNullOrWhiteSpace(sequence.Name)
+            ? $"{bindingLocation}.actionSequence"
+            : $"{bindingLocation}.actionSequence.{sequence.Name}";
+        for (int i = 0; i < sequence.Steps.Count; i++)
+        {
+            DbActionStep step = sequence.Steps[i];
+            if (step.Kind == DbActionKind.RunCommand)
+                builder.AddCommand(step.CommandName, Surface, $"{sequenceLocation}.steps[{i}]");
+        }
+    }
+
+    private static void AddValidationRules(
+        DbAutomationMetadataBuilder builder,
+        IReadOnlyList<ValidationRule>? rules,
+        string locationPrefix)
+    {
+        foreach (ValidationRule rule in rules ?? [])
+        {
+            if (string.IsNullOrWhiteSpace(rule.RuleId) ||
+                BuiltInValidationRuleIds.Contains(rule.RuleId))
+            {
+                continue;
+            }
+
+            builder.AddValidationRule(rule.RuleId, Surface, $"{locationPrefix}.{rule.RuleId}");
+        }
+    }
+
+    private static void AddScalarFunctions(DbAutomationMetadataBuilder builder, string? expression, string location)
+    {
+        foreach (DbAutomationScalarFunctionCall call in
+            DbAutomationExpressionInspector.FindScalarFunctionCalls(expression, IgnoredFormulaFunctions))
+        {
+            builder.AddScalarFunction(call.Name, call.Arity, Surface, location);
+        }
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/FormChoiceResolver.cs b/src/CSharpDB.Admin.Forms/Services/FormChoiceResolver.cs
new file mode 100644
index 00000000..e6fd975b
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/FormChoiceResolver.cs
@@ -0,0 +1,268 @@
+using System.Globalization;
+using System.Text.Json;
+using CSharpDB.Admin.Forms.Models;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+public static class FormChoiceResolver
+{
+    private static readonly HashSet<string> s_choiceControlTypes = new(StringComparer.OrdinalIgnoreCase)
+    {
+        "select",
+        "lookup",
+        "comboBox",
+        "listBox",
+        "optionGroup",
+        "radio",
+    };
+
+    public static bool IsChoiceControl(ControlDefinition control)
+        => s_choiceControlTypes.Contains(control.ControlType);
+
+    public static bool UsesLookupChoices(ControlDefinition control)
+        => IsChoiceControl(control)
+           && TryGetString(control.Props.Values, "lookupTable", out _)
+           && TryGetString(control.Props.Values, "valueField", out _)
+           && TryGetString(control.Props.Values, "displayField", out _);
+
+    public static IReadOnlyList<EnumChoice> ResolveChoices(
+        ControlDefinition control,
+        string? fieldName,
+        IReadOnlyDictionary<string, IReadOnlyList<EnumChoice>>? runtimeChoices,
+        FormFieldDefinition? fieldDefinition = null)
+    {
+        IReadOnlyList<EnumChoice> staticChoices = ReadOptions(control.Props.Values.TryGetValue("options", out object? options) ? options : null);
+        if (staticChoices.Count > 0)
+            return staticChoices;
+
+        if (runtimeChoices is not null &&
+            runtimeChoices.TryGetValue(control.ControlId, out IReadOnlyList<EnumChoice>? controlChoices) &&
+            controlChoices is not null)
+        {
+            return controlChoices;
+        }
+
+        if (!string.IsNullOrWhiteSpace(fieldName) &&
+            runtimeChoices is not null &&
+            runtimeChoices.TryGetValue(fieldName, out IReadOnlyList<EnumChoice>? fieldChoices) &&
+            fieldChoices is not null)
+        {
+            return fieldChoices;
+        }
+
+        return fieldDefinition?.Choices is { Count: > 0 } schemaChoices
+            ? schemaChoices
+            : [];
+    }
+
+    public static IReadOnlyList<EnumChoice> BuildLookupChoices(
+        IEnumerable<IReadOnlyDictionary<string, object?>> rows,
+        string valueField,
+        string displayField,
+        IReadOnlyList<string>? displayFields = null)
+    {
+        string[] effectiveDisplayFields = displayFields is { Count: > 0 }
+            ? displayFields.Where(field => !string.IsNullOrWhiteSpace(field)).ToArray()
+            : [displayField];
+
+        return rows
+            .Select(row => new EnumChoice(
+                LookupField(row, valueField),
+                BuildDisplayLabel(row, effectiveDisplayFields)))
+            .Where(choice => !string.IsNullOrWhiteSpace(choice.Value))
+            .ToArray();
+    }
+
+    public static IReadOnlyList<EnumChoice> ReadOptions(object? value)
+    {
+        value = NormalizeJsonValue(value);
+        if (value is null)
+            return [];
+
+        if (value is JsonElement json)
+            return ReadOptionsFromJson(json);
+
+        if (value is IEnumerable<EnumChoice> enumChoices)
+            return enumChoices.ToArray();
+
+        if (value is IEnumerable<object?> items)
+        {
+            return items
+                .Select(ReadOption)
+                .Where(choice => choice is not null)
+                .Select(choice => choice!)
+                .ToArray();
+        }
+
+        return [];
+    }
+
+    public static IReadOnlyList<string> ReadStringList(object? value)
+    {
+        value = NormalizeJsonValue(value);
+        if (value is null)
+            return [];
+
+        if (value is JsonElement json && json.ValueKind == JsonValueKind.Array)
+            return json.EnumerateArray()
+                .Select(element => element.ValueKind == JsonValueKind.String ? element.GetString() : element.ToString())
+                .Where(text => !string.IsNullOrWhiteSpace(text))
+                .Select(text => text!)
+                .ToArray();
+
+        if (value is IEnumerable<object?> items)
+            return items
+                .Select(item => NormalizeJsonValue(item)?.ToString())
+                .Where(text => !string.IsNullOrWhiteSpace(text))
+                .Select(text => text!)
+                .ToArray();
+
+        string? single = value.ToString();
+        return string.IsNullOrWhiteSpace(single)
+            ? []
+            : single.Split(',', StringSplitOptions.TrimEntries | StringSplitOptions.RemoveEmptyEntries);
+    }
+
+    public static int ReadInt(IReadOnlyDictionary<string, object?> props, string key, int fallback)
+    {
+        if (!props.TryGetValue(key, out object? value) || value is null)
+            return fallback;
+
+        value = NormalizeJsonValue(value);
+        return value switch
+        {
+            int i => i,
+            long l => checked((int)l),
+            double d => checked((int)d),
+            decimal m => checked((int)m),
+            JsonElement json when json.ValueKind == JsonValueKind.Number && json.TryGetInt32(out int i) => i,
+            _ when int.TryParse(value?.ToString(), NumberStyles.Integer, CultureInfo.InvariantCulture, out int parsed) => parsed,
+            _ => fallback,
+        };
+    }
+
+    public static bool TryGetString(IReadOnlyDictionary<string, object?> props, string key, out string value)
+    {
+        value = string.Empty;
+        if (!props.TryGetValue(key, out object? raw) || raw is null)
+            return false;
+
+        raw = NormalizeJsonValue(raw);
+        value = raw?.ToString() ?? string.Empty;
+        return !string.IsNullOrWhiteSpace(value);
+    }
+
+    private static EnumChoice? ReadOption(object? value)
+    {
+        value = NormalizeJsonValue(value);
+        if (value is null)
+            return null;
+
+        if (value is JsonElement json)
+            return ReadOptionFromJson(json);
+
+        if (value is IReadOnlyDictionary<string, object?> readOnly)
+            return ReadOptionFromDictionary(readOnly);
+
+        if (value is IDictionary<string, object?> dictionary)
+            return ReadOptionFromDictionary(dictionary.ToDictionary(pair => pair.Key, pair => pair.Value, StringComparer.OrdinalIgnoreCase));
+
+        string? scalar = value.ToString();
+        return string.IsNullOrWhiteSpace(scalar)
+            ? null
+            : new EnumChoice(scalar, scalar);
+    }
+
+    private static EnumChoice? ReadOptionFromDictionary(IReadOnlyDictionary<string, object?> dictionary)
+    {
+        string optionValue = ReadDictionaryText(dictionary, "value");
+        if (string.IsNullOrWhiteSpace(optionValue))
+            return null;
+
+        string label = ReadDictionaryText(dictionary, "label");
+        return new EnumChoice(optionValue, string.IsNullOrWhiteSpace(label) ? optionValue : label);
+    }
+
+    private static string ReadDictionaryText(IReadOnlyDictionary<string, object?> dictionary, string key)
+    {
+        if (!dictionary.TryGetValue(key, out object? value) || value is null)
+            return string.Empty;
+
+        return NormalizeJsonValue(value)?.ToString() ?? string.Empty;
+    }
+
+    private static IReadOnlyList<EnumChoice> ReadOptionsFromJson(JsonElement json)
+    {
+        if (json.ValueKind != JsonValueKind.Array)
+            return [];
+
+        return json.EnumerateArray()
+            .Select(ReadOptionFromJson)
+            .Where(choice => choice is not null)
+            .Select(choice => choice!)
+            .ToArray();
+    }
+
+    private static EnumChoice? ReadOptionFromJson(JsonElement json)
+    {
+        if (json.ValueKind == JsonValueKind.Object)
+        {
+            string optionValue = json.TryGetProperty("value", out JsonElement valueElement)
+                ? ReadJsonText(valueElement)
+                : string.Empty;
+            if (string.IsNullOrWhiteSpace(optionValue))
+                return null;
+
+            string label = json.TryGetProperty("label", out JsonElement labelElement)
+                ? ReadJsonText(labelElement)
+                : optionValue;
+            return new EnumChoice(optionValue, string.IsNullOrWhiteSpace(label) ? optionValue : label);
+        }
+
+        string scalar = ReadJsonText(json);
+        return string.IsNullOrWhiteSpace(scalar)
+            ? null
+            : new EnumChoice(scalar, scalar);
+    }
+
+    private static string ReadJsonText(JsonElement value)
+        => value.ValueKind == JsonValueKind.String
+            ? value.GetString() ?? string.Empty
+            : value.ToString();
+
+    private static string LookupField(IReadOnlyDictionary<string, object?> row, string fieldName)
+    {
+        if (row.TryGetValue(fieldName, out object? value) && value is not null)
+            return value.ToString() ?? string.Empty;
+
+        string? actualKey = row.Keys.FirstOrDefault(candidate => string.Equals(candidate, fieldName, StringComparison.OrdinalIgnoreCase));
+        return actualKey is not null && row.TryGetValue(actualKey, out value) && value is not null
+            ? value.ToString() ?? string.Empty
+            : string.Empty;
+    }
+
+    private static string BuildDisplayLabel(IReadOnlyDictionary<string, object?> row, IReadOnlyList<string> displayFields)
+    {
+        string label = string.Join(" - ", displayFields.Select(field => LookupField(row, field)).Where(value => value.Length > 0));
+        return label.Length == 0 && displayFields.Count > 0
+            ? LookupField(row, displayFields[0])
+            : label;
+    }
+
+    private static object? NormalizeJsonValue(object? value)
+        => value is JsonElement json ? NormalizeJsonElement(json) : value;
+
+    private static object? NormalizeJsonElement(JsonElement json)
+    {
+        return json.ValueKind switch
+        {
+            JsonValueKind.Null => null,
+            JsonValueKind.True => true,
+            JsonValueKind.False => false,
+            JsonValueKind.String => json.GetString(),
+            JsonValueKind.Number when json.TryGetInt64(out long integer) => integer,
+            JsonValueKind.Number => json.GetDouble(),
+            _ => json,
+        };
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/FormCommandInvocation.cs b/src/CSharpDB.Admin.Forms/Services/FormCommandInvocation.cs
new file mode 100644
index 00000000..979431f3
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/FormCommandInvocation.cs
@@ -0,0 +1,88 @@
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+internal static class FormCommandInvocation
+{
+    public static Dictionary<string, DbValue> BuildArguments(
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? configuredArguments)
+        => DbCommandArguments.FromObjectDictionary(record, configuredArguments);
+
+    public static Dictionary<string, DbValue> BuildArguments(
+        IReadOnlyDictionary<string, object?>? record,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        IReadOnlyDictionary<string, object?>? configuredArguments)
+        => DbCommandArguments.FromObjectDictionaries(record, runtimeArguments, configuredArguments);
+
+    public static Dictionary<string, string> BuildMetadata(FormDefinition form)
+    {
+        ArgumentNullException.ThrowIfNull(form);
+
+        return new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+        {
+            ["surface"] = "AdminForms",
+            ["formId"] = form.FormId,
+            ["formName"] = form.Name,
+            ["tableName"] = form.TableName,
+            ["ownerKind"] = "Form",
+            ["ownerId"] = form.FormId,
+            ["ownerName"] = form.Name,
+            ["correlationId"] = Guid.NewGuid().ToString("N"),
+        };
+    }
+
+    public static Dictionary<string, string> BuildControlMetadata(
+        FormDefinition form,
+        ControlDefinition control,
+        string eventName)
+    {
+        Dictionary<string, string> metadata = BuildMetadata(form);
+        metadata["event"] = eventName;
+        metadata["controlId"] = control.ControlId;
+        metadata["controlType"] = control.ControlType;
+        if (!string.IsNullOrWhiteSpace(control.Binding?.FieldName))
+            metadata["fieldName"] = control.Binding.FieldName;
+
+        return metadata;
+    }
+
+    public static IReadOnlyDictionary<string, object?>? ReadArgumentsProperty(object? value)
+    {
+        if (value is null)
+            return null;
+
+        if (value is IReadOnlyDictionary<string, object?> readOnly)
+            return readOnly;
+
+        if (value is Dictionary<string, object?> dictionary)
+            return dictionary;
+
+        if (value is System.Text.Json.JsonElement { ValueKind: System.Text.Json.JsonValueKind.Object } json)
+        {
+            var result = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+            foreach (System.Text.Json.JsonProperty property in json.EnumerateObject())
+                result[property.Name] = ReadJsonValue(property.Value);
+            return result;
+        }
+
+        return null;
+    }
+
+    private static object? ReadJsonValue(System.Text.Json.JsonElement value)
+    {
+        return value.ValueKind switch
+        {
+            System.Text.Json.JsonValueKind.Null => null,
+            System.Text.Json.JsonValueKind.True => true,
+            System.Text.Json.JsonValueKind.False => false,
+            System.Text.Json.JsonValueKind.Number => value.TryGetInt64(out long longValue) ? longValue : value.GetDouble(),
+            System.Text.Json.JsonValueKind.String => value.GetString(),
+            System.Text.Json.JsonValueKind.Object => ReadArgumentsProperty(value),
+            System.Text.Json.JsonValueKind.Array => value.EnumerateArray().Select(ReadJsonValue).ToArray(),
+            _ => value.ToString(),
+        };
+    }
+
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/FormControlRegistry.cs b/src/CSharpDB.Admin.Forms/Services/FormControlRegistry.cs
new file mode 100644
index 00000000..140fce96
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/FormControlRegistry.cs
@@ -0,0 +1,33 @@
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+public sealed class FormControlRegistry : IFormControlRegistry
+{
+    private readonly Dictionary<string, FormControlDescriptor> _controls;
+    private readonly IReadOnlyList<FormControlDescriptor> _orderedControls;
+
+    internal FormControlRegistry(IEnumerable<FormControlDescriptor> controls)
+    {
+        _orderedControls = controls
+            .OrderBy(control => control.ToolboxGroupOrder)
+            .ThenBy(control => control.ToolboxOrder)
+            .ThenBy(control => control.DisplayName, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+        _controls = _orderedControls.ToDictionary(
+            control => control.ControlType,
+            control => control,
+            StringComparer.OrdinalIgnoreCase);
+    }
+
+    public IReadOnlyList<FormControlDescriptor> Controls => _orderedControls;
+
+    public bool TryGetControl(string controlType, out FormControlDescriptor descriptor)
+        => _controls.TryGetValue(controlType, out descriptor!);
+
+    public IReadOnlyList<FormControlDescriptor> GetToolboxControls()
+        => _orderedControls
+            .Where(control => control.ShowInToolbox)
+            .ToArray();
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/FormControlRegistryBuilder.cs b/src/CSharpDB.Admin.Forms/Services/FormControlRegistryBuilder.cs
new file mode 100644
index 00000000..4534042e
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/FormControlRegistryBuilder.cs
@@ -0,0 +1,61 @@
+using CSharpDB.Admin.Forms.Models;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+public sealed class FormControlRegistryBuilder
+{
+    private readonly Dictionary<string, FormControlDescriptor> _controls = new(StringComparer.OrdinalIgnoreCase);
+
+    public FormControlRegistryBuilder Add(FormControlDescriptor descriptor)
+    {
+        ValidateDescriptor(descriptor);
+
+        if (_controls.TryGetValue(descriptor.ControlType, out FormControlDescriptor? existing))
+        {
+            if (existing.IsBuiltIn && descriptor.ReplaceBuiltInRuntime && descriptor.RuntimeComponentType is not null)
+            {
+                _controls[existing.ControlType] = existing with
+                {
+                    RuntimeComponentType = descriptor.RuntimeComponentType,
+                    ReplaceBuiltInRuntime = true,
+                };
+                return this;
+            }
+
+            throw new InvalidOperationException($"A form control with type '{descriptor.ControlType}' is already registered.");
+        }
+
+        _controls.Add(descriptor.ControlType, descriptor);
+        return this;
+    }
+
+    internal FormControlRegistry Build() => new(_controls.Values);
+
+    private static void ValidateDescriptor(FormControlDescriptor descriptor)
+    {
+        ArgumentNullException.ThrowIfNull(descriptor);
+
+        if (string.IsNullOrWhiteSpace(descriptor.ControlType))
+            throw new ArgumentException("Control type is required.", nameof(descriptor));
+        if (string.IsNullOrWhiteSpace(descriptor.DisplayName))
+            throw new ArgumentException("Display name is required.", nameof(descriptor));
+        if (descriptor.DefaultWidth <= 0)
+            throw new ArgumentException("Default width must be greater than zero.", nameof(descriptor));
+        if (descriptor.DefaultHeight <= 0)
+            throw new ArgumentException("Default height must be greater than zero.", nameof(descriptor));
+
+        FormControlDescriptor.ValidateComponentType(descriptor.DesignerPreviewComponentType, nameof(descriptor.DesignerPreviewComponentType));
+        FormControlDescriptor.ValidateComponentType(descriptor.RuntimeComponentType, nameof(descriptor.RuntimeComponentType));
+        FormControlDescriptor.ValidateComponentType(descriptor.PropertyEditorComponentType, nameof(descriptor.PropertyEditorComponentType));
+
+        foreach (FormControlPropertyDescriptor property in descriptor.PropertyDescriptors)
+        {
+            if (string.IsNullOrWhiteSpace(property.Name))
+                throw new ArgumentException("Property descriptor name is required.", nameof(descriptor));
+            if (string.IsNullOrWhiteSpace(property.Label))
+                throw new ArgumentException("Property descriptor label is required.", nameof(descriptor));
+            if (property.Editor == FormControlPropertyEditor.Select && property.Options.Count == 0)
+                throw new ArgumentException($"Select property '{property.Name}' must define options.", nameof(descriptor));
+        }
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/FormControlRegistryConfiguration.cs b/src/CSharpDB.Admin.Forms/Services/FormControlRegistryConfiguration.cs
new file mode 100644
index 00000000..9b8890a2
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/FormControlRegistryConfiguration.cs
@@ -0,0 +1,12 @@
+namespace CSharpDB.Admin.Forms.Services;
+
+internal interface IFormControlRegistryConfiguration
+{
+    void Configure(FormControlRegistryBuilder builder);
+}
+
+internal sealed class DelegateFormControlRegistryConfiguration(Action<FormControlRegistryBuilder> configure)
+    : IFormControlRegistryConfiguration
+{
+    public void Configure(FormControlRegistryBuilder builder) => configure(builder);
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/FormFilterExpression.cs b/src/CSharpDB.Admin.Forms/Services/FormFilterExpression.cs
new file mode 100644
index 00000000..5f172949
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/FormFilterExpression.cs
@@ -0,0 +1,623 @@
+using System.Globalization;
+using System.Text.Json;
+using CSharpDB.Admin.Forms.Models;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+internal sealed class FormFilterExpression
+{
+    private readonly Node _root;
+
+    private FormFilterExpression(Node root, IReadOnlyCollection<string> fields, IReadOnlyCollection<string> parameters)
+    {
+        _root = root;
+        Fields = fields;
+        Parameters = parameters;
+    }
+
+    public IReadOnlyCollection<string> Fields { get; }
+
+    public IReadOnlyCollection<string> Parameters { get; }
+
+    public bool Evaluate(
+        IReadOnlyDictionary<string, object?> record,
+        IReadOnlyDictionary<string, object?>? parameters = null)
+        => IsTruthy(_root.Evaluate(record, parameters ?? EmptyObjectDictionary.Instance));
+
+    public static bool TryParse(
+        string expression,
+        FormTableDefinition? table,
+        out FormFilterExpression? filter,
+        out string? error)
+    {
+        filter = null;
+        error = null;
+
+        if (string.IsNullOrWhiteSpace(expression))
+        {
+            error = "Filter expression is empty.";
+            return false;
+        }
+
+        if (!Tokenizer.TryTokenize(expression, out List<Token> tokens, out error))
+            return false;
+
+        var parser = new Parser(tokens);
+        if (!parser.TryParse(out Node? root, out error))
+            return false;
+
+        var fields = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+        var parameters = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+        root!.CollectReferences(fields, parameters);
+
+        if (table is not null)
+        {
+            var availableFields = new HashSet<string>(
+                table.Fields.Select(static field => field.Name),
+                StringComparer.OrdinalIgnoreCase);
+            string? missingField = fields.FirstOrDefault(field => !availableFields.Contains(field));
+            if (missingField is not null)
+            {
+                error = $"Filter references unknown field '{missingField}'.";
+                return false;
+            }
+        }
+
+        filter = new FormFilterExpression(root, fields, parameters);
+        return true;
+    }
+
+    private static object? NormalizeValue(object? value)
+        => value is JsonElement json ? NormalizeJsonValue(json) : value;
+
+    private static object? NormalizeJsonValue(JsonElement value)
+        => value.ValueKind switch
+        {
+            JsonValueKind.Null => null,
+            JsonValueKind.True => true,
+            JsonValueKind.False => false,
+            JsonValueKind.String => value.GetString(),
+            JsonValueKind.Number => value.TryGetInt64(out long integer) ? integer : value.GetDouble(),
+            _ => value.ToString(),
+        };
+
+    private static bool IsTruthy(object? value)
+    {
+        value = NormalizeValue(value);
+        if (value is null)
+            return false;
+
+        if (value is bool boolean)
+            return boolean;
+
+        if (TryConvertDouble(value, out double number))
+            return Math.Abs(number) > double.Epsilon;
+
+        return !string.IsNullOrWhiteSpace(Convert.ToString(value, CultureInfo.InvariantCulture));
+    }
+
+    private static bool Compare(object? left, object? right, string op)
+    {
+        left = NormalizeValue(left);
+        right = NormalizeValue(right);
+
+        if (left is null || right is null)
+        {
+            int nullComparison = left is null && right is null ? 0 : left is null ? -1 : 1;
+            return ApplyComparison(nullComparison, op);
+        }
+
+        if (TryConvertDouble(left, out double leftNumber) &&
+            TryConvertDouble(right, out double rightNumber))
+        {
+            return ApplyComparison(leftNumber.CompareTo(rightNumber), op);
+        }
+
+        if (left is bool leftBool && right is bool rightBool)
+            return ApplyComparison(leftBool.CompareTo(rightBool), op);
+
+        int comparison = string.Compare(
+            Convert.ToString(left, CultureInfo.InvariantCulture),
+            Convert.ToString(right, CultureInfo.InvariantCulture),
+            StringComparison.OrdinalIgnoreCase);
+        return ApplyComparison(comparison, op);
+    }
+
+    private static bool ApplyComparison(int comparison, string op)
+        => op switch
+        {
+            "=" or "==" => comparison == 0,
+            "!=" or "<>" => comparison != 0,
+            ">" => comparison > 0,
+            ">=" => comparison >= 0,
+            "<" => comparison < 0,
+            "<=" => comparison <= 0,
+            _ => false,
+        };
+
+    private static bool TryConvertDouble(object? value, out double result)
+    {
+        value = NormalizeValue(value);
+        return value switch
+        {
+            byte number => Set(number, out result),
+            short number => Set(number, out result),
+            int number => Set(number, out result),
+            long number => Set(number, out result),
+            float number => Set(number, out result),
+            double number => Set(number, out result),
+            decimal number => Set((double)number, out result),
+            string text => double.TryParse(text, NumberStyles.Float | NumberStyles.AllowThousands, CultureInfo.InvariantCulture, out result),
+            _ => Set(0, out result, success: false),
+        };
+    }
+
+    private static bool Set(double value, out double result, bool success = true)
+    {
+        result = value;
+        return success;
+    }
+
+    private abstract class Node
+    {
+        public abstract object? Evaluate(
+            IReadOnlyDictionary<string, object?> record,
+            IReadOnlyDictionary<string, object?> parameters);
+
+        public virtual void CollectReferences(HashSet<string> fields, HashSet<string> parameters)
+        {
+        }
+    }
+
+    private sealed class LiteralNode(object? value) : Node
+    {
+        public override object? Evaluate(
+            IReadOnlyDictionary<string, object?> record,
+            IReadOnlyDictionary<string, object?> parameters)
+            => value;
+    }
+
+    private sealed class FieldNode(string name) : Node
+    {
+        public override object? Evaluate(
+            IReadOnlyDictionary<string, object?> record,
+            IReadOnlyDictionary<string, object?> parameters)
+        {
+            if (record.TryGetValue(name, out object? value))
+                return value;
+
+            string? actualKey = record.Keys.FirstOrDefault(candidate => string.Equals(candidate, name, StringComparison.OrdinalIgnoreCase));
+            return actualKey is null ? null : record[actualKey];
+        }
+
+        public override void CollectReferences(HashSet<string> fields, HashSet<string> parameters)
+            => fields.Add(name);
+    }
+
+    private sealed class ParameterNode(string name) : Node
+    {
+        public override object? Evaluate(
+            IReadOnlyDictionary<string, object?> record,
+            IReadOnlyDictionary<string, object?> parameters)
+        {
+            if (parameters.TryGetValue(name, out object? value))
+                return value;
+
+            string? actualKey = parameters.Keys.FirstOrDefault(candidate => string.Equals(candidate, name, StringComparison.OrdinalIgnoreCase));
+            return actualKey is null ? null : parameters[actualKey];
+        }
+
+        public override void CollectReferences(HashSet<string> fields, HashSet<string> parameters)
+            => parameters.Add(name);
+    }
+
+    private sealed class ComparisonNode(Node left, string op, Node right) : Node
+    {
+        public override object? Evaluate(
+            IReadOnlyDictionary<string, object?> record,
+            IReadOnlyDictionary<string, object?> parameters)
+            => Compare(left.Evaluate(record, parameters), right.Evaluate(record, parameters), op);
+
+        public override void CollectReferences(HashSet<string> fields, HashSet<string> parameters)
+        {
+            left.CollectReferences(fields, parameters);
+            right.CollectReferences(fields, parameters);
+        }
+    }
+
+    private sealed class LogicalNode(Node left, TokenType op, Node right) : Node
+    {
+        public override object? Evaluate(
+            IReadOnlyDictionary<string, object?> record,
+            IReadOnlyDictionary<string, object?> parameters)
+            => op == TokenType.And
+                ? IsTruthy(left.Evaluate(record, parameters)) && IsTruthy(right.Evaluate(record, parameters))
+                : IsTruthy(left.Evaluate(record, parameters)) || IsTruthy(right.Evaluate(record, parameters));
+
+        public override void CollectReferences(HashSet<string> fields, HashSet<string> parameters)
+        {
+            left.CollectReferences(fields, parameters);
+            right.CollectReferences(fields, parameters);
+        }
+    }
+
+    private sealed class Parser(List<Token> tokens)
+    {
+        private int _position;
+
+        public bool TryParse(out Node? node, out string? error)
+        {
+            node = ParseOr(out error);
+            if (node is null)
+                return false;
+
+            if (!IsAtEnd)
+            {
+                error = $"Unexpected token '{Current.Text}' in filter expression.";
+                node = null;
+                return false;
+            }
+
+            return true;
+        }
+
+        private Node? ParseOr(out string? error)
+        {
+            Node? left = ParseAnd(out error);
+            if (left is null)
+                return null;
+
+            while (Match(TokenType.Or))
+            {
+                Node? right = ParseAnd(out error);
+                if (right is null)
+                    return null;
+
+                left = new LogicalNode(left, TokenType.Or, right);
+            }
+
+            return left;
+        }
+
+        private Node? ParseAnd(out string? error)
+        {
+            Node? left = ParseComparison(out error);
+            if (left is null)
+                return null;
+
+            while (Match(TokenType.And))
+            {
+                Node? right = ParseComparison(out error);
+                if (right is null)
+                    return null;
+
+                left = new LogicalNode(left, TokenType.And, right);
+            }
+
+            return left;
+        }
+
+        private Node? ParseComparison(out string? error)
+        {
+            Node? left = ParsePrimary(out error);
+            if (left is null)
+                return null;
+
+            if (Current.Type != TokenType.Operator)
+                return left;
+
+            string op = Current.Text;
+            Advance();
+            Node? right = ParsePrimary(out error);
+            return right is null ? null : new ComparisonNode(left, op, right);
+        }
+
+        private Node? ParsePrimary(out string? error)
+        {
+            Token token = Current;
+            switch (token.Type)
+            {
+                case TokenType.Field:
+                    Advance();
+                    error = null;
+                    return new FieldNode(token.Text);
+                case TokenType.Parameter:
+                    Advance();
+                    error = null;
+                    return new ParameterNode(token.Text);
+                case TokenType.String:
+                case TokenType.Number:
+                case TokenType.Boolean:
+                case TokenType.Null:
+                    Advance();
+                    error = null;
+                    return new LiteralNode(token.Value);
+                case TokenType.LeftParen:
+                    Advance();
+                    Node? expression = ParseOr(out error);
+                    if (expression is null)
+                        return null;
+                    if (!Match(TokenType.RightParen))
+                    {
+                        error = "Filter expression is missing a closing parenthesis.";
+                        return null;
+                    }
+
+                    error = null;
+                    return expression;
+                default:
+                    error = IsAtEnd
+                        ? "Filter expression ended unexpectedly."
+                        : $"Unexpected token '{token.Text}' in filter expression.";
+                    return null;
+            }
+        }
+
+        private bool Match(TokenType type)
+        {
+            if (Current.Type != type)
+                return false;
+
+            Advance();
+            return true;
+        }
+
+        private void Advance()
+        {
+            if (!IsAtEnd)
+                _position++;
+        }
+
+        private bool IsAtEnd => Current.Type == TokenType.End;
+
+        private Token Current => tokens[_position];
+    }
+
+    private static class Tokenizer
+    {
+        public static bool TryTokenize(string expression, out List<Token> tokens, out string? error)
+        {
+            tokens = [];
+            error = null;
+
+            for (int i = 0; i < expression.Length;)
+            {
+                char ch = expression[i];
+                if (char.IsWhiteSpace(ch))
+                {
+                    i++;
+                    continue;
+                }
+
+                if (ch == '[')
+                {
+                    int end = expression.IndexOf(']', i + 1);
+                    if (end < 0)
+                    {
+                        error = "Filter expression has an unclosed field reference.";
+                        return false;
+                    }
+
+                    string fieldName = expression[(i + 1)..end].Trim();
+                    if (fieldName.Length == 0)
+                    {
+                        error = "Filter expression contains an empty field reference.";
+                        return false;
+                    }
+
+                    tokens.Add(new Token(TokenType.Field, fieldName));
+                    i = end + 1;
+                    continue;
+                }
+
+                if (ch == '@')
+                {
+                    int start = i + 1;
+                    int end = ReadIdentifierEnd(expression, start);
+                    if (end == start)
+                    {
+                        error = "Filter expression contains an empty parameter reference.";
+                        return false;
+                    }
+
+                    tokens.Add(new Token(TokenType.Parameter, expression[start..end]));
+                    i = end;
+                    continue;
+                }
+
+                if (ch == '\'')
+                {
+                    if (!TryReadString(expression, i, out string? value, out int nextIndex, out error))
+                        return false;
+
+                    tokens.Add(new Token(TokenType.String, value, value));
+                    i = nextIndex;
+                    continue;
+                }
+
+                if (ch == '(')
+                {
+                    tokens.Add(new Token(TokenType.LeftParen, "("));
+                    i++;
+                    continue;
+                }
+
+                if (ch == ')')
+                {
+                    tokens.Add(new Token(TokenType.RightParen, ")"));
+                    i++;
+                    continue;
+                }
+
+                string? op = ReadOperator(expression, i);
+                if (op is not null)
+                {
+                    tokens.Add(new Token(TokenType.Operator, op));
+                    i += op.Length;
+                    continue;
+                }
+
+                if (char.IsDigit(ch) || ch == '-')
+                {
+                    int end = ReadNumberEnd(expression, i);
+                    if (end > i && TryReadNumber(expression[i..end], out object number))
+                    {
+                        tokens.Add(new Token(TokenType.Number, expression[i..end], number));
+                        i = end;
+                        continue;
+                    }
+                }
+
+                if (IsIdentifierStart(ch))
+                {
+                    int end = ReadIdentifierEnd(expression, i);
+                    string identifier = expression[i..end];
+                    if (string.Equals(identifier, "AND", StringComparison.OrdinalIgnoreCase))
+                        tokens.Add(new Token(TokenType.And, identifier));
+                    else if (string.Equals(identifier, "OR", StringComparison.OrdinalIgnoreCase))
+                        tokens.Add(new Token(TokenType.Or, identifier));
+                    else if (string.Equals(identifier, "NULL", StringComparison.OrdinalIgnoreCase))
+                        tokens.Add(new Token(TokenType.Null, identifier, null));
+                    else if (bool.TryParse(identifier, out bool boolean))
+                        tokens.Add(new Token(TokenType.Boolean, identifier, boolean));
+                    else
+                        tokens.Add(new Token(TokenType.String, identifier, identifier));
+                    i = end;
+                    continue;
+                }
+
+                error = $"Unexpected character '{ch}' in filter expression.";
+                return false;
+            }
+
+            tokens.Add(new Token(TokenType.End, string.Empty));
+            return true;
+        }
+
+        private static bool TryReadString(
+            string expression,
+            int start,
+            out string value,
+            out int nextIndex,
+            out string? error)
+        {
+            var builder = new System.Text.StringBuilder();
+            for (int i = start + 1; i < expression.Length; i++)
+            {
+                char ch = expression[i];
+                if (ch == '\'')
+                {
+                    if (i + 1 < expression.Length && expression[i + 1] == '\'')
+                    {
+                        builder.Append('\'');
+                        i++;
+                        continue;
+                    }
+
+                    value = builder.ToString();
+                    nextIndex = i + 1;
+                    error = null;
+                    return true;
+                }
+
+                builder.Append(ch);
+            }
+
+            value = string.Empty;
+            nextIndex = expression.Length;
+            error = "Filter expression has an unclosed string literal.";
+            return false;
+        }
+
+        private static string? ReadOperator(string expression, int index)
+        {
+            foreach (string op in new[] { ">=", "<=", "==", "!=", "<>", "=", ">", "<" })
+            {
+                if (expression.AsSpan(index).StartsWith(op, StringComparison.Ordinal))
+                    return op;
+            }
+
+            return null;
+        }
+
+        private static int ReadNumberEnd(string expression, int start)
+        {
+            int i = start;
+            if (i < expression.Length && expression[i] == '-')
+                i++;
+
+            bool hasDigit = false;
+            while (i < expression.Length && char.IsDigit(expression[i]))
+            {
+                hasDigit = true;
+                i++;
+            }
+
+            if (i < expression.Length && expression[i] == '.')
+            {
+                i++;
+                while (i < expression.Length && char.IsDigit(expression[i]))
+                {
+                    hasDigit = true;
+                    i++;
+                }
+            }
+
+            return hasDigit ? i : start;
+        }
+
+        private static bool TryReadNumber(string text, out object value)
+        {
+            if (long.TryParse(text, NumberStyles.Integer, CultureInfo.InvariantCulture, out long integer))
+            {
+                value = integer;
+                return true;
+            }
+
+            if (double.TryParse(text, NumberStyles.Float, CultureInfo.InvariantCulture, out double real))
+            {
+                value = real;
+                return true;
+            }
+
+            value = text;
+            return false;
+        }
+
+        private static int ReadIdentifierEnd(string expression, int start)
+        {
+            int i = start;
+            while (i < expression.Length && (char.IsLetterOrDigit(expression[i]) || expression[i] == '_'))
+                i++;
+
+            return i;
+        }
+
+        private static bool IsIdentifierStart(char value)
+            => char.IsLetter(value) || value == '_';
+    }
+
+    private sealed record Token(TokenType Type, string Text, object? Value = null);
+
+    private enum TokenType
+    {
+        Field,
+        Parameter,
+        String,
+        Number,
+        Boolean,
+        Null,
+        Operator,
+        And,
+        Or,
+        LeftParen,
+        RightParen,
+        End,
+    }
+
+    private static class EmptyObjectDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, object?> Instance =
+            new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+    }
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/FormSql.cs b/src/CSharpDB.Admin.Forms/Services/FormSql.cs
index 83bd6720..f33cbdee 100644
--- a/src/CSharpDB.Admin.Forms/Services/FormSql.cs
+++ b/src/CSharpDB.Admin.Forms/Services/FormSql.cs
@@ -27,7 +27,7 @@ public static string FormatLiteral(object? value)
             long integer => integer.ToString(CultureInfo.InvariantCulture),
             double real => real.ToString(CultureInfo.InvariantCulture),
             string text => $"'{text.Replace("'", "''", StringComparison.Ordinal)}'",
-            byte[] => throw new InvalidOperationException("Blob literals are not supported."),
+            byte[] blob => $"X'{Convert.ToHexString(blob)}'",
             _ => $"'{Convert.ToString(normalized, CultureInfo.InvariantCulture)?.Replace("'", "''", StringComparison.Ordinal) ?? string.Empty}'",
         };
     }
diff --git a/src/CSharpDB.Admin.Forms/Services/NullFormActionRuntime.cs b/src/CSharpDB.Admin.Forms/Services/NullFormActionRuntime.cs
new file mode 100644
index 00000000..7b3ffa9e
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/NullFormActionRuntime.cs
@@ -0,0 +1,68 @@
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+public sealed class NullFormActionRuntime : IFormActionRuntime
+{
+    public static NullFormActionRuntime Instance { get; } = new();
+
+    public Task<FormEventDispatchResult> ExecuteRecordActionAsync(
+        FormActionRuntimeContext context,
+        DbActionStep step,
+        CancellationToken ct)
+        => UnsupportedAsync(step.Kind);
+
+    public Task<FormEventDispatchResult> OpenFormAsync(
+        FormActionRuntimeContext context,
+        string formName,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct)
+        => UnsupportedAsync(DbActionKind.OpenForm);
+
+    public Task<FormEventDispatchResult> CloseFormAsync(
+        FormActionRuntimeContext context,
+        string? formName,
+        CancellationToken ct)
+        => UnsupportedAsync(DbActionKind.CloseForm);
+
+    public Task<FormEventDispatchResult> ApplyFilterAsync(
+        FormActionRuntimeContext context,
+        string target,
+        string filter,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct)
+        => UnsupportedAsync(DbActionKind.ApplyFilter);
+
+    public Task<FormEventDispatchResult> ClearFilterAsync(
+        FormActionRuntimeContext context,
+        string target,
+        CancellationToken ct)
+        => UnsupportedAsync(DbActionKind.ClearFilter);
+
+    public Task<FormEventDispatchResult> RunSqlAsync(
+        FormActionRuntimeContext context,
+        string sqlOrName,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct)
+        => UnsupportedAsync(DbActionKind.RunSql);
+
+    public Task<FormEventDispatchResult> RunProcedureAsync(
+        FormActionRuntimeContext context,
+        string procedureName,
+        IReadOnlyDictionary<string, object?> arguments,
+        CancellationToken ct)
+        => UnsupportedAsync(DbActionKind.RunProcedure);
+
+    public Task<FormEventDispatchResult> SetControlPropertyAsync(
+        FormActionRuntimeContext context,
+        string controlId,
+        string propertyName,
+        object? value,
+        CancellationToken ct)
+        => UnsupportedAsync(DbActionKind.SetControlProperty);
+
+    private static Task<FormEventDispatchResult> UnsupportedAsync(DbActionKind actionKind)
+        => Task.FromResult(FormEventDispatchResult.Failure(
+            $"Form action '{actionKind}' requires a rendered form runtime."));
+}
diff --git a/src/CSharpDB.Admin.Forms/Services/NullFormEventDispatcher.cs b/src/CSharpDB.Admin.Forms/Services/NullFormEventDispatcher.cs
new file mode 100644
index 00000000..6c413c2a
--- /dev/null
+++ b/src/CSharpDB.Admin.Forms/Services/NullFormEventDispatcher.cs
@@ -0,0 +1,20 @@
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+
+namespace CSharpDB.Admin.Forms.Services;
+
+public sealed class NullFormEventDispatcher : IFormEventDispatcher
+{
+    public static NullFormEventDispatcher Instance { get; } = new();
+
+    private NullFormEventDispatcher()
+    {
+    }
+
+    public Task<FormEventDispatchResult> DispatchAsync(
+        FormDefinition form,
+        FormEventKind eventKind,
+        IReadOnlyDictionary<string, object?>? record = null,
+        CancellationToken ct = default)
+        => Task.FromResult(FormEventDispatchResult.Success());
+}
diff --git a/src/CSharpDB.Admin.Forms/wwwroot/css/designer.css b/src/CSharpDB.Admin.Forms/wwwroot/css/designer.css
index c96e92cd..7782a51d 100644
--- a/src/CSharpDB.Admin.Forms/wwwroot/css/designer.css
+++ b/src/CSharpDB.Admin.Forms/wwwroot/css/designer.css
@@ -224,6 +224,27 @@
     pointer-events: none;
 }
 
+.preview-command-button,
+.fr-command-button {
+    width: 100%;
+    height: 100%;
+    border: 1px solid #c0c0c0;
+    border-radius: 4px;
+    background: #fff;
+    color: #1a1a1a;
+    font: inherit;
+    cursor: pointer;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.preview-command-button:disabled,
+.fr-command-button:disabled {
+    opacity: 0.6;
+    cursor: default;
+}
+
 /* ===== Resize Handles ===== */
 .resize-handle {
     position: absolute;
@@ -296,7 +317,8 @@
 
 .pi-field input[type="text"],
 .pi-field input[type="number"],
-.pi-field select {
+.pi-field select,
+.pi-field textarea {
     width: 100%;
     padding: 4px 6px;
     border: 1px solid #d0d0d0;
@@ -322,7 +344,8 @@
 
 .pi-field input[type="text"]:focus,
 .pi-field input[type="number"]:focus,
-.pi-field select:focus {
+.pi-field select:focus,
+.pi-field textarea:focus {
     outline: none;
     border-color: #1a73e8;
     box-shadow: 0 0 0 2px rgba(26,115,232,0.15);
@@ -332,6 +355,167 @@
     margin: 4px 0;
 }
 
+.pi-textarea,
+.feb-arguments {
+    min-height: 68px;
+    resize: vertical;
+    font-family: ui-monospace, "SFMono-Regular", Consolas, "Liberation Mono", monospace;
+}
+
+.pi-field-error,
+.feb-error {
+    color: #d32f2f;
+    font-size: 11px;
+    margin-top: 4px;
+}
+
+.pi-help-text {
+    color: var(--cdb-muted, #64748b);
+    font-size: 11px;
+    line-height: 1.35;
+    margin-top: 4px;
+}
+
+.pi-input-action-row {
+    display: flex;
+    gap: 4px;
+    align-items: stretch;
+}
+
+.pi-input-action-row input {
+    min-width: 0;
+}
+
+.pi-icon-btn {
+    flex: 0 0 auto;
+    min-width: 34px;
+    padding: 4px 8px;
+    border: 1px solid #d0d0d0;
+    border-radius: 3px;
+    background: #fff;
+    color: #333;
+    cursor: pointer;
+    font-size: 11px;
+    font-weight: 600;
+}
+
+.pi-icon-btn:hover {
+    background: #e8e8e8;
+}
+
+.pi-formula-helper {
+    margin: 6px 0 8px;
+    padding: 8px;
+    border: 1px solid #d0d0d0;
+    border-radius: 4px;
+    background: #fafafa;
+}
+
+.pi-formula-helper-toolbar {
+    display: grid;
+    grid-template-columns: minmax(0, 1fr);
+    gap: 6px;
+    margin-bottom: 8px;
+}
+
+.pi-formula-fields {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 4px;
+    margin-bottom: 8px;
+}
+
+.pi-formula-field {
+    max-width: 100%;
+    padding: 3px 6px;
+    border: 1px solid #d0d0d0;
+    border-radius: 999px;
+    background: #fff;
+    color: #333;
+    cursor: pointer;
+    font-size: 10px;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.pi-formula-group {
+    margin-top: 8px;
+}
+
+.pi-formula-group-label {
+    margin-bottom: 4px;
+    color: #777;
+    font-size: 10px;
+    font-weight: 700;
+    letter-spacing: 0.4px;
+    text-transform: uppercase;
+}
+
+.pi-formula-function {
+    display: grid;
+    grid-template-columns: minmax(0, 1fr) auto;
+    gap: 4px;
+    margin-bottom: 4px;
+}
+
+.pi-formula-function-main,
+.pi-formula-example-btn {
+    border: 1px solid #d0d0d0;
+    border-radius: 4px;
+    background: #fff;
+    color: #333;
+    cursor: pointer;
+}
+
+.pi-formula-function-main {
+    min-width: 0;
+    padding: 6px;
+    text-align: left;
+}
+
+.pi-formula-function-main strong,
+.pi-formula-function-main code,
+.pi-formula-function-main span {
+    display: block;
+}
+
+.pi-formula-function-main strong {
+    color: #1a73e8;
+    font-size: 12px;
+}
+
+.pi-formula-function-main code {
+    margin-top: 2px;
+    color: #555;
+    font-size: 10px;
+    white-space: normal;
+}
+
+.pi-formula-function-main span {
+    margin-top: 2px;
+    color: #777;
+    font-size: 10px;
+    line-height: 1.3;
+}
+
+.pi-formula-example-btn {
+    padding: 0 6px;
+    font-size: 10px;
+}
+
+.pi-formula-function-main:hover,
+.pi-formula-example-btn:hover,
+.pi-formula-field:hover {
+    background: #e8f0fe;
+}
+
+.pi-formula-empty {
+    color: #999;
+    font-size: 11px;
+    padding: 6px 0 2px;
+}
+
 .pi-readonly {
     background: #f5f5f5 !important;
     color: #888;
@@ -348,6 +532,20 @@
     margin-bottom: 0;
 }
 
+.pi-anchor-grid {
+    display: grid;
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+    gap: 4px 8px;
+}
+
+.pi-anchor-grid label {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    color: #555;
+    font-size: 12px;
+}
+
 .pi-btn {
     flex: 1;
     padding: 4px 8px;
@@ -491,6 +689,8 @@
 
 .de-form-area {
     grid-column: 1;
+    container-name: form-area;
+    container-type: inline-size;
     overflow: auto;
     padding: 24px;
     background: #fff;
@@ -578,7 +778,43 @@
 /* ===== Form Renderer (runtime controls) ===== */
 .form-renderer {
     position: relative;
-    min-height: 500px;
+    min-height: var(--fr-canvas-height, 500px);
+    max-width: 100%;
+}
+
+.form-renderer-fixed {
+    height: 100%;
+}
+
+.fr-control {
+    position: absolute;
+    left: var(--fr-left, auto);
+    top: var(--fr-top, auto);
+    right: var(--fr-right, auto);
+    bottom: var(--fr-bottom, auto);
+    width: var(--fr-width, auto);
+    height: var(--fr-height, auto);
+    min-width: var(--fr-min-width, 0);
+    min-height: var(--fr-min-height, 0);
+    box-sizing: border-box;
+}
+
+.form-renderer-elastic {
+    display: grid;
+    grid-template-columns: repeat(12, minmax(0, 1fr));
+    gap: 12px;
+    align-items: start;
+    min-height: 0;
+}
+
+.form-renderer-elastic .fr-control {
+    position: static;
+    width: auto;
+    height: auto;
+    min-width: var(--fr-min-width, 0);
+    min-height: var(--fr-elastic-min-height, var(--fr-min-height, 0));
+    order: var(--fr-stack-order);
+    grid-column: span var(--fr-grid-span);
 }
 
 .fr-label {
@@ -626,6 +862,192 @@
     cursor: pointer;
 }
 
+@media (min-width: 641px) and (max-width: 900px) {
+    .form-renderer-elastic {
+        grid-template-columns: repeat(8, minmax(0, 1fr));
+        gap: 10px;
+    }
+
+    .form-renderer-elastic .fr-control {
+        grid-column: span var(--fr-tablet-span);
+    }
+
+    .fr-hidden-tablet {
+        display: none !important;
+    }
+}
+
+@container form-area (min-width: 641px) and (max-width: 900px) {
+    .form-renderer-elastic {
+        grid-template-columns: repeat(8, minmax(0, 1fr));
+        gap: 10px;
+    }
+
+    .form-renderer-elastic .fr-control {
+        grid-column: span var(--fr-tablet-span);
+    }
+
+    .fr-hidden-tablet {
+        display: none !important;
+    }
+}
+
+@media (max-width: 640px) {
+    .form-renderer {
+        display: flex;
+        flex-direction: column;
+        gap: 12px;
+        min-height: 0;
+    }
+
+    .form-renderer .fr-control,
+    .form-renderer-elastic .fr-control {
+        position: static;
+        left: auto;
+        top: auto;
+        right: auto;
+        bottom: auto;
+        width: 100%;
+        height: auto;
+        min-width: 0;
+        min-height: 44px;
+        order: var(--fr-stack-order);
+        grid-column: 1 / -1;
+    }
+
+    .form-renderer .fr-control-label {
+        min-height: auto;
+    }
+
+    .fr-input,
+    .fr-command-button {
+        min-height: 44px;
+        height: auto;
+        padding: 10px 12px;
+        font-size: 16px;
+    }
+
+    .fr-label {
+        min-height: 24px;
+        height: auto;
+        align-items: flex-end;
+    }
+
+    .fr-checkbox {
+        min-height: 44px;
+        height: auto;
+        align-items: center;
+    }
+
+    .fr-checkbox input[type="checkbox"],
+    .fr-radio input[type="radio"] {
+        min-width: 20px;
+        width: 20px;
+        height: 20px;
+    }
+
+    .fr-radio-group {
+        gap: 8px;
+    }
+
+    .fr-radio {
+        min-height: 40px;
+    }
+
+    .fr-textarea {
+        min-height: 96px;
+        resize: vertical;
+    }
+
+    .fr-error-message {
+        position: static;
+        margin-top: 4px;
+        white-space: normal;
+    }
+
+    .fr-hidden-mobile {
+        display: none !important;
+    }
+}
+
+@container form-area (max-width: 640px) {
+    .form-renderer {
+        display: flex;
+        flex-direction: column;
+        gap: 12px;
+        min-height: 0;
+    }
+
+    .form-renderer .fr-control,
+    .form-renderer-elastic .fr-control {
+        position: static;
+        left: auto;
+        top: auto;
+        right: auto;
+        bottom: auto;
+        width: 100%;
+        height: auto;
+        min-width: 0;
+        min-height: 44px;
+        order: var(--fr-stack-order);
+        grid-column: 1 / -1;
+    }
+
+    .form-renderer .fr-control-label {
+        min-height: auto;
+    }
+
+    .fr-input,
+    .fr-command-button {
+        min-height: 44px;
+        height: auto;
+        padding: 10px 12px;
+        font-size: 16px;
+    }
+
+    .fr-label {
+        min-height: 24px;
+        height: auto;
+        align-items: flex-end;
+    }
+
+    .fr-checkbox {
+        min-height: 44px;
+        height: auto;
+        align-items: center;
+    }
+
+    .fr-checkbox input[type="checkbox"],
+    .fr-radio input[type="radio"] {
+        min-width: 20px;
+        width: 20px;
+        height: 20px;
+    }
+
+    .fr-radio-group {
+        gap: 8px;
+    }
+
+    .fr-radio {
+        min-height: 40px;
+    }
+
+    .fr-textarea {
+        min-height: 96px;
+        resize: vertical;
+    }
+
+    .fr-error-message {
+        position: static;
+        margin-top: 4px;
+        white-space: normal;
+    }
+
+    .fr-hidden-mobile {
+        display: none !important;
+    }
+}
+
 .fr-checkbox input[type="checkbox"] {
     width: 16px;
     height: 16px;
@@ -650,6 +1072,275 @@
     cursor: pointer;
 }
 
+.fr-listbox {
+    height: 100%;
+    padding: 4px;
+}
+
+.fr-option-group {
+    display: flex;
+    gap: 6px;
+    height: 100%;
+    align-content: flex-start;
+    overflow: auto;
+}
+
+.fr-option-vertical {
+    flex-direction: column;
+}
+
+.fr-option-horizontal {
+    flex-direction: row;
+    flex-wrap: wrap;
+}
+
+.fr-option {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    font-size: 13px;
+    cursor: pointer;
+}
+
+.fr-option-buttons .fr-option {
+    border: 1px solid var(--fd-border, #c9d2df);
+    border-radius: 4px;
+    padding: 4px 8px;
+    background: var(--fd-bg-elevated, #fff);
+    color: var(--fd-text, #1a1a1a);
+}
+
+.fr-option-buttons .fr-option:has(input:checked) {
+    border-color: var(--fd-accent, #1a73e8);
+    background: var(--fd-accent-soft, #e8f0fe);
+    color: var(--fd-accent, #174ea6);
+}
+
+.fr-toggle-button {
+    width: 100%;
+    height: 100%;
+    border: 1px solid var(--fd-border, #c0c0c0);
+    border-radius: 4px;
+    background: var(--fd-bg-elevated, #fff);
+    color: var(--fd-text, #1a1a1a);
+    font: inherit;
+    cursor: pointer;
+}
+
+.fr-toggle-button.active {
+    border-color: var(--fd-accent, #188038);
+    background: var(--fd-accent-soft, #e6f4ea);
+    color: var(--fd-accent, #137333);
+}
+
+.fr-toggle-button:disabled {
+    opacity: 0.6;
+    cursor: default;
+}
+
+.fr-tab-control {
+    display: flex;
+    flex-direction: column;
+    height: 100%;
+    min-height: 120px;
+    border: 1px solid var(--fd-border, #c9d2df);
+    border-radius: 4px;
+    background: var(--fd-bg-elevated, #fff);
+    color: var(--fd-text, #1a1a1a);
+    overflow: hidden;
+}
+
+.fr-tab-bar {
+    display: flex;
+    gap: 2px;
+    border-bottom: 1px solid var(--fd-border, #c9d2df);
+    background: var(--fd-bg-tertiary, #f6f8fb);
+    padding: 4px 4px 0;
+}
+
+.fr-tab-button {
+    border: 1px solid transparent;
+    border-bottom: none;
+    border-radius: 4px 4px 0 0;
+    background: transparent;
+    color: var(--fd-text-secondary, #4b5563);
+    padding: 6px 10px;
+    font: inherit;
+    cursor: pointer;
+}
+
+.fr-tab-button.active {
+    border-color: var(--fd-border, #c9d2df);
+    background: var(--fd-bg-elevated, #fff);
+    color: var(--fd-text, #1a1a1a);
+    margin-bottom: -1px;
+}
+
+.fr-tab-page {
+    position: relative;
+    flex: 1;
+    min-height: 0;
+    overflow: auto;
+    padding: 12px;
+}
+
+.fr-tab-page .form-renderer {
+    min-height: 100%;
+}
+
+.fr-tab-empty {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    height: 100%;
+    min-height: 80px;
+    color: var(--fd-text-muted, #999);
+    font-size: 12px;
+    font-style: italic;
+}
+
+.fr-subform {
+    height: 100%;
+    min-height: 180px;
+    border: 1px solid var(--fd-border, #d0d7de);
+    border-radius: 4px;
+    overflow: hidden;
+    background: var(--fd-bg-elevated, #fff);
+    color: var(--fd-text, #1a1a1a);
+}
+
+.fr-subform .data-entry-layout {
+    height: 100%;
+}
+
+.data-entry-no-record-list {
+    grid-template-columns: minmax(0, 1fr);
+}
+
+.data-entry-no-record-list .de-toolbar,
+.data-entry-no-record-list .de-error,
+.data-entry-no-record-list .de-print-header,
+.data-entry-no-record-list .de-form-area,
+.data-entry-no-record-list .de-loading {
+    grid-column: 1;
+}
+
+.data-entry-embedded {
+    height: 100%;
+    min-height: 0;
+    background: var(--fd-bg-primary, #fff);
+}
+
+.data-entry-embedded .de-form-area {
+    margin: 0;
+    border-radius: 0;
+    box-shadow: none;
+    min-height: 0;
+}
+
+.data-entry-no-toolbar {
+    grid-template-rows: 1fr;
+}
+
+.fr-attachment,
+.fr-image-control {
+    display: flex;
+    flex-direction: column;
+    gap: 6px;
+    height: 100%;
+    min-height: 60px;
+    border: 1px solid var(--fd-border, #d0d7de);
+    border-radius: 4px;
+    padding: 8px;
+    background: var(--fd-bg-elevated, #fff);
+    color: var(--fd-text, #1a1a1a);
+    box-sizing: border-box;
+    overflow: hidden;
+}
+
+.fr-attachment-summary {
+    color: var(--fd-text-secondary, #4b5563);
+    font-size: 12px;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.fr-attachment-actions,
+.fr-image-actions {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    min-width: 0;
+}
+
+.fr-attachment-actions input[type="file"],
+.fr-image-actions input[type="file"] {
+    min-width: 0;
+    flex: 1;
+}
+
+.fr-attachment-clear {
+    border: 1px solid var(--fd-border, #c9d2df);
+    border-radius: 4px;
+    background: var(--fd-bg-elevated, #fff);
+    color: var(--fd-text, #1a1a1a);
+    padding: 4px 8px;
+    font: inherit;
+    cursor: pointer;
+}
+
+.fr-attachment-clear:disabled {
+    opacity: 0.5;
+    cursor: default;
+}
+
+.fr-image-control img {
+    flex: 1;
+    width: 100%;
+    min-height: 0;
+    border-radius: 3px;
+    background: var(--fd-bg-tertiary, #f6f8fb);
+}
+
+.fr-image-empty {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    flex: 1;
+    min-height: 80px;
+    color: var(--fd-text-muted, #999);
+    border: 1px dashed var(--fd-border, #c9d2df);
+    border-radius: 3px;
+}
+
+.preview-option-group,
+.preview-attachment,
+.preview-image {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    width: 100%;
+    height: 100%;
+    border: 1px solid #a0a0a0;
+    border-radius: 3px;
+    padding: 6px;
+    background: #fafafa;
+    box-sizing: border-box;
+    color: #555;
+    font-size: 12px;
+}
+
+.preview-option-group {
+    flex-direction: column;
+    align-items: flex-start;
+}
+
+.preview-image {
+    justify-content: center;
+    border-style: dashed;
+}
+
 /* ===== Feature 4: Editable Form Name ===== */
 .toolbar-title-editable {
     cursor: pointer;
@@ -774,6 +1465,116 @@
     .de-record-pagination .row-count {
         text-align: center;
     }
+
+    .cdg-pagination {
+        grid-template-columns: 1fr;
+        justify-items: stretch;
+    }
+
+    .cdg-page-controls {
+        flex-wrap: wrap;
+    }
+
+    .cdg-page-size,
+    .cdg-row-count {
+        text-align: center;
+    }
+}
+
+@media (max-width: 900px) {
+    .data-entry-layout {
+        grid-template-columns: minmax(0, 1fr);
+        grid-template-rows: auto auto auto;
+        height: auto;
+        min-height: 100vh;
+        overflow: auto;
+    }
+
+    .de-toolbar {
+        position: sticky;
+        top: 0;
+        z-index: 20;
+        padding: 8px 10px;
+    }
+
+    .de-toolbar-title {
+        flex: 1 1 100%;
+    }
+
+    .de-toolbar-group {
+        flex: 1 1 100%;
+    }
+
+    .de-toolbar-input {
+        flex: 1 1 180px;
+        width: auto;
+    }
+
+    .de-form-area {
+        grid-column: 1;
+        min-height: 0;
+        overflow: visible;
+    }
+
+    .de-record-resize {
+        display: none;
+    }
+
+    .de-record-list {
+        grid-column: 1;
+        min-height: 220px;
+        max-height: 42vh;
+        border-left: none;
+        border-top: 1px solid var(--fd-border, #d0d0d0);
+    }
+}
+
+@media (max-width: 640px) {
+    .de-toolbar {
+        gap: 8px;
+        align-items: stretch;
+    }
+
+    .de-toolbar-sep {
+        display: none;
+    }
+
+    .de-btn,
+    .de-btn-link,
+    .page-btn {
+        min-height: 40px;
+        padding: 8px 12px;
+    }
+
+    .de-form-area {
+        margin: 0;
+        padding: 12px;
+        border-radius: 0;
+        box-shadow: none;
+    }
+
+    .de-toolbar-group {
+        display: grid;
+        grid-template-columns: 1fr auto;
+        align-items: end;
+    }
+
+    .de-toolbar-group .de-toolbar-label {
+        grid-column: 1 / -1;
+    }
+
+    .de-toolbar-input {
+        min-width: 0;
+        width: 100%;
+    }
+
+    .de-record-list {
+        max-height: none;
+    }
+
+    .de-record-row {
+        min-height: 44px;
+    }
 }
 
 /* ===== Feature 2: Marquee Selection ===== */
@@ -838,7 +1639,8 @@
 }
 
 /* ===== Feature 5: Breakpoint Switcher ===== */
-.breakpoint-switcher {
+.breakpoint-switcher,
+.layout-mode-switcher {
     display: flex;
     gap: 2px;
     background: #f0f0f0;
@@ -846,7 +1648,8 @@
     padding: 2px;
 }
 
-.breakpoint-switcher button {
+.breakpoint-switcher button,
+.layout-mode-switcher button {
     padding: 3px 8px;
     border: none;
     border-radius: 3px;
@@ -857,11 +1660,13 @@
     transition: all 0.15s;
 }
 
-.breakpoint-switcher button:hover {
+.breakpoint-switcher button:hover,
+.layout-mode-switcher button:hover {
     background: #e0e0e0;
 }
 
-.breakpoint-switcher button.bp-active {
+.breakpoint-switcher button.bp-active,
+.layout-mode-switcher button.bp-active {
     background: #1a73e8;
     color: #fff;
     font-weight: 500;
@@ -955,37 +1760,94 @@
     color: #333;
 }
 
-.cdg-btn {
-    padding: 2px 10px;
+.cdg-btn {
+    padding: 2px 10px;
+    border: 1px solid #c0c0c0;
+    border-radius: 3px;
+    background: #fff;
+    cursor: pointer;
+    font-size: 11px;
+}
+
+.cdg-btn:hover {
+    background: #e8e8e8;
+}
+
+.cdg-btn-add {
+    background: #1a73e8;
+    color: #fff;
+    border-color: #1a73e8;
+}
+
+.cdg-btn-add:hover {
+    background: #1557b0;
+}
+
+.cdg-btn-add:disabled {
+    opacity: 0.5;
+    cursor: default;
+}
+
+.cdg-table-wrapper {
+    flex: 1;
+    overflow: auto;
+}
+
+.cdg-pagination {
+    display: grid;
+    grid-template-columns: auto minmax(0, 1fr) auto;
+    align-items: center;
+    gap: 8px;
+    padding: 5px 8px;
+    border-top: 1px solid #d0d0d0;
+    background: #f5f5f5;
+    min-height: 32px;
+}
+
+.cdg-page-size select {
+    max-width: 96px;
+    padding: 2px 6px;
     border: 1px solid #c0c0c0;
     border-radius: 3px;
     background: #fff;
-    cursor: pointer;
     font-size: 11px;
 }
 
-.cdg-btn:hover {
-    background: #e8e8e8;
-}
-
-.cdg-btn-add {
-    background: #1a73e8;
-    color: #fff;
-    border-color: #1a73e8;
+.cdg-page-controls {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 4px;
+    min-width: 0;
 }
 
-.cdg-btn-add:hover {
-    background: #1557b0;
+.cdg-page-btn {
+    min-width: 24px;
+    height: 24px;
+    padding: 0 6px;
+    border: 1px solid #c0c0c0;
+    border-radius: 3px;
+    background: #fff;
+    cursor: pointer;
+    font-size: 11px;
+    line-height: 1;
 }
 
-.cdg-btn-add:disabled {
+.cdg-page-btn:disabled {
     opacity: 0.5;
     cursor: default;
 }
 
-.cdg-table-wrapper {
-    flex: 1;
-    overflow: auto;
+.cdg-page-info,
+.cdg-row-count {
+    font-size: 11px;
+    color: #666;
+    white-space: nowrap;
+    font-variant-numeric: tabular-nums;
+}
+
+.cdg-row-count {
+    text-align: right;
 }
 
 .cdg-table {
@@ -1220,16 +2082,22 @@
 }
 
 .preview-childtabs-tab {
+    appearance: none;
+    background: transparent;
+    border: 0;
+    border-right: 1px solid #ddd;
     padding: 3px 10px;
     font-size: 10px;
     font-weight: 500;
     color: #555;
-    border-right: 1px solid #ddd;
+    font-family: inherit;
+    text-align: left;
 }
 
-.preview-childtabs-tab:first-child {
-    color: #1a73e8;
-    background: #fff;
+.preview-childtabs-tab:first-child,
+.preview-childtabs-tab.active {
+    color: var(--fd-accent, #1a73e8);
+    background: var(--fd-bg-elevated, #fff);
     font-weight: 600;
 }
 
@@ -1238,6 +2106,76 @@
     overflow: hidden;
 }
 
+.preview-tab-designer,
+.preview-tab-designer * {
+    pointer-events: auto;
+}
+
+.preview-tab-designer .preview-childtabs-tab {
+    cursor: pointer;
+}
+
+.preview-tab-designer .preview-childtabs-tab:first-child:not(.active) {
+    background: transparent !important;
+    color: var(--fd-text-secondary, #555) !important;
+    font-weight: 500;
+}
+
+.preview-tab-page {
+    position: relative;
+    overflow: auto;
+    background: var(--fd-bg-elevated, #fff);
+}
+
+.preview-tab-page .preview-childtabs-empty {
+    min-height: 100%;
+}
+
+.design-tab-child {
+    position: absolute;
+    box-sizing: border-box;
+    min-width: 24px;
+    min-height: 16px;
+    border: 1px solid var(--fd-border-light, #a0a0a0);
+    border-radius: 2px;
+    background: var(--fd-bg-elevated, #fff);
+    color: var(--fd-text, #333);
+    cursor: grab;
+    overflow: visible;
+}
+
+.design-tab-child:hover,
+.design-tab-child.selected {
+    border-color: var(--fd-accent, #1a73e8);
+}
+
+.design-tab-child-content {
+    width: 100%;
+    height: 100%;
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    overflow: hidden;
+    padding: 2px 6px;
+    box-sizing: border-box;
+    pointer-events: none;
+}
+
+.design-tab-child-type {
+    flex: 0 0 auto;
+    font-size: 10px;
+    font-weight: 600;
+    color: var(--fd-accent, #1a73e8);
+}
+
+.design-tab-child-label {
+    min-width: 0;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    font-size: 11px;
+}
+
 .preview-childtabs-empty {
     display: flex;
     align-items: center;
@@ -1375,6 +2313,112 @@
     background: #d2e3fc;
 }
 
+/* ===== Form Event Binding Editor ===== */
+.feb-container {
+    display: flex;
+    flex-direction: column;
+    gap: 6px;
+}
+
+.feb-empty {
+    color: #999;
+    font-size: 11px;
+    font-style: italic;
+}
+
+.feb-entry {
+    border: 1px solid #e0e0e0;
+    border-radius: 4px;
+    padding: 8px;
+    background: #fafafa;
+}
+
+.feb-row {
+    display: flex;
+    align-items: flex-start;
+    gap: 6px;
+}
+
+.feb-field {
+    flex: 1;
+    margin-bottom: 6px;
+}
+
+.feb-field label {
+    display: block;
+    font-size: 11px;
+    color: #666;
+    margin-bottom: 2px;
+}
+
+.feb-field input[type="text"],
+.feb-field select,
+.feb-field textarea {
+    width: 100%;
+    padding: 3px 6px;
+    border: 1px solid #d0d0d0;
+    border-radius: 3px;
+    font-size: 11px;
+    background: #fff;
+    box-sizing: border-box;
+}
+
+.feb-btn {
+    padding: 2px 8px;
+    border: 1px solid #d0d0d0;
+    border-radius: 3px;
+    background: #fff;
+    cursor: pointer;
+    font-size: 11px;
+    color: #333;
+}
+
+.feb-btn:hover {
+    background: #e8e8e8;
+}
+
+.feb-btn-remove {
+    flex: 0 0 auto;
+    margin-top: 18px;
+}
+
+.feb-btn-add {
+    align-self: flex-start;
+    background: #e8f0fe;
+    border-color: #c4d9f5;
+    color: #1a73e8;
+    font-weight: 500;
+}
+
+.feb-btn-add:hover {
+    background: #d2e3fc;
+}
+
+.ase-container {
+    display: flex;
+    flex-direction: column;
+    gap: 6px;
+}
+
+.ase-header {
+    display: flex;
+    align-items: flex-start;
+    gap: 6px;
+}
+
+.ase-step {
+    border: 1px solid #e4e4e4;
+    border-radius: 4px;
+    padding: 6px;
+    background: #fff;
+}
+
+.ase-actions {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 4px;
+}
+
 /* ===== Layers Panel ===== */
 .layers-panel {
     flex: 1;
@@ -1541,12 +2585,24 @@
     background: var(--fd-bg-primary);
 }
 
+.tce-tab-entry,
+.tce-tab-body {
+    background: var(--fd-bg-secondary);
+    color: var(--fd-text);
+}
+
+.tce-child-tabs {
+    border-left-color: var(--fd-border-light);
+}
+
 .designer-toolbar,
 .de-toolbar,
 .cdg-toolbar,
+.cdg-pagination,
 .ctp-tab-bar,
 .preview-datagrid-row.header-row,
 .preview-childtabs-tabbar,
+.fr-tab-bar,
 .toolbox-header,
 .layers-header,
 .pi-header,
@@ -1565,11 +2621,16 @@
 .property-inspector,
 .de-record-list,
 .child-datagrid,
+.fr-tab-control,
+.fr-subform,
+.fr-attachment,
+.fr-image-control,
 .tce-tab-entry,
 .design-canvas,
 .de-form-area,
 .preview-datagrid,
 .preview-childtabs,
+.design-tab-child,
 .child-tab-panel.ctp-nested {
     border-color: var(--fd-border);
 }
@@ -1584,7 +2645,9 @@
 .preview-label,
 .preview-checkbox,
 .preview-datagrid-row.header-row,
-.preview-childtabs-tab:first-child {
+.preview-childtabs-tab:first-child,
+.preview-childtabs-tab.active,
+.fr-tab-button.active {
     color: var(--fd-text);
 }
 
@@ -1603,12 +2666,17 @@
 .de-search-status,
 .page-info,
 .row-count,
+.cdg-page-info,
+.cdg-row-count,
 .pi-empty,
 .layers-empty,
 .cdg-empty,
 .cdg-loading,
 .ctp-select-prompt,
 .fr-datagrid-placeholder,
+.fr-tab-empty,
+.fr-image-empty,
+.fr-attachment-summary,
 .preview-childtabs-empty {
     color: var(--fd-text-muted);
 }
@@ -1616,40 +2684,128 @@
 .designer-toolbar button,
 .de-btn,
 .pi-btn,
+.pi-icon-btn,
+.pi-formula-field,
+.pi-formula-function-main,
+.pi-formula-example-btn,
 .cdg-btn,
 .tce-btn,
 .breakpoint-switcher button,
+.layout-mode-switcher button,
 .toolbar-source-select,
 .toolbar-title-input,
 .de-toolbar-input,
 .page-size-select select,
 .page-btn,
+.cdg-page-size select,
+.cdg-page-btn,
 .pi-field input[type="text"],
 .pi-field input[type="number"],
 .pi-field select,
+.pi-field textarea,
 .de-search-select,
 .de-search-input,
 .fr-input,
+.fr-toggle-button,
+.fr-attachment-clear,
+.fr-command-button,
+.preview-command-button,
 .cdg-cell-input,
+.cdg-page-size select,
 .tce-field input[type="text"],
-.tce-field select {
+.tce-field select,
+.feb-field input[type="text"],
+.feb-field select,
+.feb-field textarea,
+.feb-btn {
     background: var(--fd-bg-elevated);
     color: var(--fd-text);
     border-color: var(--fd-border);
 }
 
+.feb-container,
+.ase-container {
+    color-scheme: dark;
+}
+
+.feb-entry,
+.ase-step {
+    background: var(--fd-bg-tertiary);
+    color: var(--fd-text);
+    border-color: var(--fd-border);
+}
+
+.ase-step {
+    box-shadow: inset 0 0 0 1px color-mix(in srgb, var(--fd-border-light) 35%, transparent);
+}
+
+.feb-empty {
+    color: var(--fd-text-secondary);
+}
+
+.feb-error {
+    color: var(--fd-danger);
+    background: var(--fd-danger-soft);
+    border: 1px solid color-mix(in srgb, var(--fd-danger) 32%, var(--fd-border));
+    border-radius: 4px;
+    padding: 6px 8px;
+}
+
+.feb-field input[type="checkbox"] {
+    accent-color: var(--fd-accent);
+}
+
+.tce-field input[type="checkbox"] {
+    accent-color: var(--fd-accent);
+}
+
+.tce-field select option {
+    background: var(--fd-bg-elevated);
+    color: var(--fd-text);
+}
+
+.tce-toggle {
+    color: var(--fd-text-secondary);
+}
+
+.tce-toggle:hover {
+    color: var(--fd-text);
+    background: var(--fd-bg-hover);
+}
+
+.tce-btn-add {
+    background: var(--fd-accent-soft);
+    border-color: color-mix(in srgb, var(--fd-accent) 42%, var(--fd-border));
+    color: var(--fd-accent);
+}
+
+.tce-btn-add:hover {
+    background: color-mix(in srgb, var(--fd-accent-soft) 72%, var(--fd-bg-hover));
+}
+
 .designer-toolbar button:hover,
 .de-btn:hover,
 .pi-btn:hover,
+.pi-icon-btn:hover,
+.pi-formula-field:hover,
+.pi-formula-function-main:hover,
+.pi-formula-example-btn:hover,
 .cdg-btn:hover,
 .tce-btn:hover,
+.feb-btn:hover,
 .breakpoint-switcher button:hover,
+.layout-mode-switcher button:hover,
 .page-btn:hover,
+.cdg-page-btn:hover,
 .toolbox-item:hover,
 .layer-row:hover,
 .de-record-row:hover,
 .ctp-tab:hover,
-.cdg-cell:hover {
+.cdg-cell:hover,
+.fr-tab-button:hover,
+.fr-attachment-clear:hover,
+.fr-toggle-button:hover,
+.fr-command-button:hover {
     background: var(--fd-bg-hover);
     color: var(--fd-text);
 }
@@ -1661,18 +2817,29 @@
     cursor: default;
 }
 
+.cdg-page-btn:disabled {
+    opacity: 0.45;
+    cursor: default;
+}
+
 .toolbar-source-select,
 .toolbar-title-input,
 .de-toolbar-input,
 .pi-field input[type="text"],
 .pi-field input[type="number"],
 .pi-field select,
+.pi-field textarea,
 .de-search-select,
 .de-search-input,
 .fr-input,
+.fr-command-button,
+.preview-command-button,
 .cdg-cell-input,
 .tce-field input[type="text"],
-.tce-field select {
+.tce-field select,
+.feb-field input[type="text"],
+.feb-field select,
+.feb-field textarea {
     outline: none;
     box-shadow: none;
 }
@@ -1683,19 +2850,26 @@
 .pi-field input[type="text"]:focus,
 .pi-field input[type="number"]:focus,
 .pi-field select:focus,
+.pi-field textarea:focus,
 .de-search-select:focus,
 .de-search-input:focus,
 .fr-input:focus,
+.fr-command-button:focus,
 .cdg-cell-input:focus,
+.cdg-page-size select:focus,
 .tce-field input[type="text"]:focus,
-.tce-field select:focus {
+.tce-field select:focus,
+.feb-field input[type="text"]:focus,
+.feb-field select:focus,
+.feb-field textarea:focus {
     border-color: var(--fd-accent);
     box-shadow: 0 0 0 2px var(--fd-accent-soft);
 }
 
 .de-btn-primary,
 .cdg-btn-add,
-.breakpoint-switcher button.bp-active {
+.breakpoint-switcher button.bp-active,
+.layout-mode-switcher button.bp-active {
     background: var(--fd-accent);
     color: #fff;
     border-color: var(--fd-accent);
@@ -1768,8 +2942,13 @@
 
 .de-form-area,
 .child-datagrid,
+.fr-tab-control,
+.fr-subform,
+.fr-attachment,
+.fr-image-control,
 .preview-datagrid,
-.preview-childtabs {
+.preview-childtabs,
+.design-tab-child {
     background: var(--fd-bg-elevated);
     color: var(--fd-text);
 }
@@ -1780,6 +2959,8 @@
 
 .preview-input,
 .fr-input,
+.fr-command-button,
+.preview-command-button,
 .cdg-cell-input,
 .designer-cell-input,
 .designer-cell-select {
@@ -1791,6 +2972,8 @@
 .preview-input::placeholder,
 .de-toolbar-input::placeholder,
 .de-search-input::placeholder,
+.pi-textarea::placeholder,
+.feb-arguments::placeholder,
 .designer-cell-input::placeholder,
 .toolbar-title-input::placeholder {
     color: var(--fd-text-muted);
@@ -1811,6 +2994,21 @@
     border-color: var(--fd-border);
 }
 
+.pi-formula-helper {
+    background: var(--fd-bg-tertiary);
+    border-color: var(--fd-border);
+}
+
+.pi-formula-group-label,
+.pi-formula-function-main code,
+.pi-formula-function-main span {
+    color: var(--fd-text-secondary);
+}
+
+.pi-formula-function-main strong {
+    color: var(--fd-accent);
+}
+
 .pi-id-value {
     background: color-mix(in srgb, var(--fd-bg-elevated) 88%, var(--fd-accent-soft));
     color: var(--fd-text);
@@ -1825,8 +3023,10 @@
 .de-record-row,
 .ctp-tab,
 .preview-childtabs-tab,
+.fr-tab-button,
 .pi-field label,
 .tce-field label,
+.feb-field label,
 .property-label,
 .cdg-table thead th,
 .table-designer-grid thead th {
@@ -1840,12 +3040,52 @@
 .toolbar-active,
 .cdg-selected,
 .preview-childtabs-tab:first-child,
+.preview-childtabs-tab.active,
+.fr-tab-button.active,
+.fr-option-buttons .fr-option:has(input:checked),
+.fr-toggle-button.active,
 .table-designer-grid tbody tr.selected {
     background: var(--fd-accent-soft) !important;
     color: var(--fd-accent) !important;
     border-color: var(--fd-accent);
 }
 
+.data-entry-layout .child-datagrid .cdg-table tbody tr.cdg-selected,
+.data-entry-layout .child-datagrid .cdg-table tbody tr.cdg-editing {
+    background: color-mix(in srgb, var(--fd-bg-active) 76%, var(--fd-accent) 24%) !important;
+    color: var(--fd-text) !important;
+    box-shadow: inset 3px 0 0 var(--fd-accent);
+}
+
+.data-entry-layout .child-datagrid .cdg-table tbody tr.cdg-selected:hover,
+.data-entry-layout .child-datagrid .cdg-table tbody tr.cdg-editing:hover {
+    background: color-mix(in srgb, var(--fd-bg-active) 66%, var(--fd-accent) 34%) !important;
+}
+
+.data-entry-layout .child-datagrid .cdg-table tbody tr.cdg-selected > .cdg-cell,
+.data-entry-layout .child-datagrid .cdg-table tbody tr.cdg-editing > .cdg-cell {
+    background: transparent !important;
+    color: var(--fd-text) !important;
+    border-bottom-color: color-mix(in srgb, var(--fd-border-light) 72%, var(--fd-accent) 28%);
+}
+
+.data-entry-layout .child-datagrid .cdg-cell-editing {
+    background: color-mix(in srgb, var(--fd-bg-tertiary) 78%, var(--fd-accent) 22%) !important;
+}
+
+.data-entry-layout .child-datagrid .cdg-cell-input {
+    background: var(--fd-bg-secondary) !important;
+    color: var(--fd-text) !important;
+    border-color: var(--fd-accent) !important;
+    caret-color: var(--fd-accent);
+    box-shadow: inset 0 0 0 1px color-mix(in srgb, var(--fd-accent) 38%, transparent), 0 0 0 2px var(--fd-accent-soft) !important;
+}
+
+.data-entry-layout .child-datagrid .cdg-cell-input:focus {
+    background: var(--fd-bg-primary) !important;
+    color: var(--fd-text) !important;
+}
+
 .design-item {
     border-color: var(--fd-border-light);
 }
@@ -1877,6 +3117,7 @@
 .table-designer-preview,
 .preview-datagrid-row.header-row,
 .preview-childtabs-tabbar,
+.fr-tab-bar,
 .ctp-tab-bar {
     background: var(--fd-bg-tertiary);
 }
@@ -1885,8 +3126,13 @@
 .de-record-row,
 .layer-row,
 .toolbox-group,
+.fr-tab-bar,
+.fr-tab-button.active,
+.fr-attachment-clear,
+.fr-image-empty,
 .pi-section,
 .tce-tab-entry,
+.feb-entry,
 .table-designer-grid tbody tr,
 .table-designer-grid td {
     border-color: var(--fd-border-light);
@@ -1903,7 +3149,8 @@
     color: var(--fd-text-secondary);
 }
 
-.breakpoint-switcher {
+.breakpoint-switcher,
+.layout-mode-switcher {
     background: var(--fd-bg-tertiary);
 }
 
@@ -1913,8 +3160,10 @@
 .cdg-cell,
 .de-record-summary,
 .tce-btn,
+.feb-btn,
 .pi-field input[type="checkbox"],
-.tce-field input[type="checkbox"] {
+.tce-field input[type="checkbox"],
+.feb-field input[type="checkbox"] {
     color: var(--fd-text);
 }
 
@@ -2028,7 +3277,8 @@
 
     .cdg-btn,
     .cdg-btn-add,
-    .cdg-btn-delete {
+    .cdg-btn-delete,
+    .cdg-pagination {
         display: none !important;
     }
 
diff --git a/src/CSharpDB.Admin.Reports/CSharpDB.Admin.Reports.csproj b/src/CSharpDB.Admin.Reports/CSharpDB.Admin.Reports.csproj
index 37b2988f..56136941 100644
--- a/src/CSharpDB.Admin.Reports/CSharpDB.Admin.Reports.csproj
+++ b/src/CSharpDB.Admin.Reports/CSharpDB.Admin.Reports.csproj
@@ -10,6 +10,7 @@
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
     <ProjectReference Include="..\CSharpDB.Client\CSharpDB.Client.csproj" />
+    <ProjectReference Include="..\CSharpDB.Primitives\CSharpDB.Primitives.csproj" />
   </ItemGroup>
 
 </Project>
diff --git a/src/CSharpDB.Admin.Reports/Contracts/IReportEventDispatcher.cs b/src/CSharpDB.Admin.Reports/Contracts/IReportEventDispatcher.cs
new file mode 100644
index 00000000..96946ac3
--- /dev/null
+++ b/src/CSharpDB.Admin.Reports/Contracts/IReportEventDispatcher.cs
@@ -0,0 +1,13 @@
+using CSharpDB.Admin.Reports.Models;
+
+namespace CSharpDB.Admin.Reports.Contracts;
+
+public interface IReportEventDispatcher
+{
+    Task<ReportEventDispatchResult> DispatchAsync(
+        ReportDefinition report,
+        ReportSourceDefinition source,
+        ReportEventKind eventKind,
+        IReadOnlyDictionary<string, object?>? runtimeArguments = null,
+        CancellationToken ct = default);
+}
diff --git a/src/CSharpDB.Admin.Reports/Contracts/ReportEventDispatchResult.cs b/src/CSharpDB.Admin.Reports/Contracts/ReportEventDispatchResult.cs
new file mode 100644
index 00000000..5f5ef8b1
--- /dev/null
+++ b/src/CSharpDB.Admin.Reports/Contracts/ReportEventDispatchResult.cs
@@ -0,0 +1,12 @@
+namespace CSharpDB.Admin.Reports.Contracts;
+
+public sealed record ReportEventDispatchResult(bool Succeeded, string? Message = null)
+{
+    public static ReportEventDispatchResult Success(string? message = null) => new(true, message);
+
+    public static ReportEventDispatchResult Failure(string message)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(message);
+        return new(false, message);
+    }
+}
diff --git a/src/CSharpDB.Admin.Reports/Models/ReportDefinition.cs b/src/CSharpDB.Admin.Reports/Models/ReportDefinition.cs
index b6cbed04..0a3d2aa1 100644
--- a/src/CSharpDB.Admin.Reports/Models/ReportDefinition.cs
+++ b/src/CSharpDB.Admin.Reports/Models/ReportDefinition.cs
@@ -1,3 +1,5 @@
+using CSharpDB.Primitives;
+
 namespace CSharpDB.Admin.Reports.Models;
 
 public sealed record ReportDefinition(
@@ -10,4 +12,6 @@ public sealed record ReportDefinition(
     IReadOnlyList<ReportGroupDefinition> Groups,
     IReadOnlyList<ReportSortDefinition> Sorts,
     IReadOnlyList<ReportBandDefinition> Bands,
-    IReadOnlyDictionary<string, object?>? RendererHints = null);
+    IReadOnlyDictionary<string, object?>? RendererHints = null,
+    IReadOnlyList<ReportEventBinding>? EventBindings = null,
+    DbAutomationMetadata? Automation = null);
diff --git a/src/CSharpDB.Admin.Reports/Models/ReportEventBinding.cs b/src/CSharpDB.Admin.Reports/Models/ReportEventBinding.cs
new file mode 100644
index 00000000..20f0efc0
--- /dev/null
+++ b/src/CSharpDB.Admin.Reports/Models/ReportEventBinding.cs
@@ -0,0 +1,14 @@
+namespace CSharpDB.Admin.Reports.Models;
+
+public enum ReportEventKind
+{
+    OnOpen,
+    BeforeRender,
+    AfterRender,
+}
+
+public sealed record ReportEventBinding(
+    ReportEventKind Event,
+    string CommandName,
+    IReadOnlyDictionary<string, object?>? Arguments = null,
+    bool StopOnFailure = true);
diff --git a/src/CSharpDB.Admin.Reports/README.md b/src/CSharpDB.Admin.Reports/README.md
index 46cef9a5..feef71ca 100644
--- a/src/CSharpDB.Admin.Reports/README.md
+++ b/src/CSharpDB.Admin.Reports/README.md
@@ -16,6 +16,8 @@ This project is consumed by `CSharpDB.Admin`. It is not a standalone web host.
 - grouping, sorting, bands, bound text, calculated text, labels, lines, and box
   controls
 - preview pagination and simple expression evaluation
+- trusted command-backed preview lifecycle events
+- generated automation metadata for import/export host callback requirements
 
 ## Main Components
 
@@ -39,11 +41,38 @@ using CSharpDB.Admin.Reports.Services;
 builder.Services.AddCSharpDbAdminReports();
 ```
 
+Hosts that want Access-style report automation can register trusted commands:
+
+```csharp
+using CSharpDB.Primitives;
+
+builder.Services.AddCSharpDbAdminReports(commands =>
+{
+    commands.AddAsyncCommand(
+        "PublishReportRendered",
+        new DbCommandOptions(
+            Description: "Publishes report render metrics.",
+            Timeout: TimeSpan.FromSeconds(5),
+            IsLongRunning: true),
+        static async (context, ct) =>
+        {
+            long pageCount = context.Arguments["pageCount"].AsInteger;
+            await PublishReportMetricAsync(context.Metadata["reportName"], pageCount, ct);
+            return DbCommandResult.Success($"Rendered {pageCount} page(s).");
+        });
+});
+```
+
+Report event dispatch preserves caller cancellation. Command timeouts and other
+callback exceptions are returned as failed preview results with the command name
+included in the message.
+
 The extension registers:
 
 - `IReportRepository`
 - `IReportSourceProvider`
 - `IReportGenerator`
+- `IReportEventDispatcher`
 - `IReportPreviewService`
 
 ## Core Contracts
@@ -70,12 +99,21 @@ public sealed record ReportDefinition(
     IReadOnlyList<ReportGroupDefinition> Groups,
     IReadOnlyList<ReportSortDefinition> Sorts,
     IReadOnlyList<ReportBandDefinition> Bands,
-    IReadOnlyDictionary<string, object?>? RendererHints = null);
+    IReadOnlyDictionary<string, object?>? RendererHints = null,
+    IReadOnlyList<ReportEventBinding>? EventBindings = null,
+    DbAutomationMetadata? Automation = null);
 ```
 
 Report layout is band-based. Each `ReportBandDefinition` owns a list of
 `ReportControlDefinition` records positioned within that band.
 
+`EventBindings` can reference host-registered commands for `OnOpen`,
+`BeforeRender`, and `AfterRender`. Report JSON stores event names, command
+names, and optional arguments only; C# command bodies stay in the host process.
+`DbReportRepository` regenerates `Automation` on save/load so exported report
+JSON lists required trusted commands and scalar functions from event bindings
+and calculated text expressions.
+
 ## Build
 
 ```powershell
diff --git a/src/CSharpDB.Admin.Reports/Services/AdminReportsServiceCollectionExtensions.cs b/src/CSharpDB.Admin.Reports/Services/AdminReportsServiceCollectionExtensions.cs
index 60f9a3c3..fab89f31 100644
--- a/src/CSharpDB.Admin.Reports/Services/AdminReportsServiceCollectionExtensions.cs
+++ b/src/CSharpDB.Admin.Reports/Services/AdminReportsServiceCollectionExtensions.cs
@@ -1,5 +1,7 @@
 using CSharpDB.Admin.Reports.Contracts;
+using CSharpDB.Primitives;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 
 namespace CSharpDB.Admin.Reports.Services;
 
@@ -7,10 +9,23 @@ public static class AdminReportsServiceCollectionExtensions
 {
     public static IServiceCollection AddCSharpDbAdminReports(this IServiceCollection services)
     {
+        services.TryAddSingleton(DbCommandRegistry.Empty);
+        services.TryAddSingleton(DbExtensionPolicies.DefaultHostCallbackPolicy);
         services.AddScoped<IReportRepository, DbReportRepository>();
         services.AddScoped<IReportSourceProvider, DbReportSourceProvider>();
         services.AddScoped<IReportGenerator, DefaultReportGenerator>();
+        services.AddScoped<IReportEventDispatcher, DefaultReportEventDispatcher>();
         services.AddScoped<IReportPreviewService, DefaultReportPreviewService>();
         return services;
     }
+
+    public static IServiceCollection AddCSharpDbAdminReports(
+        this IServiceCollection services,
+        Action<DbCommandRegistryBuilder> configureCommands)
+    {
+        ArgumentNullException.ThrowIfNull(configureCommands);
+
+        services.AddSingleton(DbCommandRegistry.Create(configureCommands));
+        return services.AddCSharpDbAdminReports();
+    }
 }
diff --git a/src/CSharpDB.Admin.Reports/Services/DbReportRepository.cs b/src/CSharpDB.Admin.Reports/Services/DbReportRepository.cs
index 39a3062a..f172a9e3 100644
--- a/src/CSharpDB.Admin.Reports/Services/DbReportRepository.cs
+++ b/src/CSharpDB.Admin.Reports/Services/DbReportRepository.cs
@@ -288,30 +288,33 @@ SELECT chunk_text
 
     private static ReportDefinition DeserializeReportJson(string json)
     {
-        return JsonSerializer.Deserialize<ReportDefinition>(json, JsonDefaults.Options)
+        ReportDefinition report = JsonSerializer.Deserialize<ReportDefinition>(json, JsonDefaults.Options)
             ?? throw new InvalidOperationException("Stored report definition JSON could not be deserialized.");
+        return ReportAutomationMetadata.NormalizeForExport(report);
     }
 
     private static ReportDefinition NormalizeForCreate(ReportDefinition report)
     {
         ValidateForPersistence(report);
-        return report with
+        ReportDefinition stored = report with
         {
             ReportId = string.IsNullOrWhiteSpace(report.ReportId) ? Guid.NewGuid().ToString("N") : report.ReportId,
             Name = string.IsNullOrWhiteSpace(report.Name) ? $"{report.Source.Name} Report" : report.Name.Trim(),
             DefinitionVersion = 1,
         };
+        return ReportAutomationMetadata.NormalizeForExport(stored);
     }
 
     private static ReportDefinition NormalizeForUpdate(string reportId, int expectedVersion, ReportDefinition report)
     {
         ValidateForPersistence(report);
-        return report with
+        ReportDefinition stored = report with
         {
             ReportId = reportId,
             Name = string.IsNullOrWhiteSpace(report.Name) ? $"{report.Source.Name} Report" : report.Name.Trim(),
             DefinitionVersion = expectedVersion + 1,
         };
+        return ReportAutomationMetadata.NormalizeForExport(stored);
     }
 
     private static void ValidateForPersistence(ReportDefinition report)
diff --git a/src/CSharpDB.Admin.Reports/Services/DefaultReportEventDispatcher.cs b/src/CSharpDB.Admin.Reports/Services/DefaultReportEventDispatcher.cs
new file mode 100644
index 00000000..483ddc6a
--- /dev/null
+++ b/src/CSharpDB.Admin.Reports/Services/DefaultReportEventDispatcher.cs
@@ -0,0 +1,89 @@
+using CSharpDB.Admin.Reports.Contracts;
+using CSharpDB.Admin.Reports.Models;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Reports.Services;
+
+public sealed class DefaultReportEventDispatcher(
+    DbCommandRegistry commands,
+    DbExtensionPolicy? callbackPolicy = null) : IReportEventDispatcher
+{
+    private readonly DbExtensionPolicy _callbackPolicy = callbackPolicy ?? DbExtensionPolicies.DefaultHostCallbackPolicy;
+
+    public async Task<ReportEventDispatchResult> DispatchAsync(
+        ReportDefinition report,
+        ReportSourceDefinition source,
+        ReportEventKind eventKind,
+        IReadOnlyDictionary<string, object?>? runtimeArguments = null,
+        CancellationToken ct = default)
+    {
+        ArgumentNullException.ThrowIfNull(report);
+        ArgumentNullException.ThrowIfNull(source);
+
+        IReadOnlyList<ReportEventBinding> bindings = report.EventBindings ?? [];
+        foreach (ReportEventBinding binding in bindings.Where(binding => binding.Event == eventKind))
+        {
+            if (string.IsNullOrWhiteSpace(binding.CommandName))
+                return ReportEventDispatchResult.Failure($"Report event '{eventKind}' has an empty command name.");
+
+            if (!commands.TryGetCommand(binding.CommandName, out DbCommandDefinition definition))
+            {
+                Dictionary<string, string> missingMetadata = BuildMetadata(report, source, eventKind);
+                string message = $"Unknown report command '{binding.CommandName}' for event '{eventKind}'.";
+                DbCallbackDiagnostics.WriteMissingCommandInvocation(binding.CommandName, missingMetadata, message);
+                return ReportEventDispatchResult.Failure(message);
+            }
+
+            Dictionary<string, DbValue> arguments = DbCommandArguments.FromObjectDictionary(runtimeArguments, binding.Arguments);
+            Dictionary<string, string> metadata = BuildMetadata(report, source, eventKind);
+
+            DbCommandResult result;
+            try
+            {
+                result = await definition.InvokeAsync(
+                    arguments,
+                    metadata,
+                    _callbackPolicy,
+                    DbExtensionHostMode.Embedded,
+                    ct);
+            }
+            catch (OperationCanceledException) when (ct.IsCancellationRequested)
+            {
+                throw;
+            }
+            catch (Exception ex)
+            {
+                return ReportEventDispatchResult.Failure(
+                    $"Report event '{eventKind}' command '{definition.Name}' failed: {ex.Message}");
+            }
+
+            if (!result.Succeeded && binding.StopOnFailure)
+            {
+                string message = string.IsNullOrWhiteSpace(result.Message)
+                    ? $"Report event '{eventKind}' command '{definition.Name}' failed."
+                    : result.Message;
+                return ReportEventDispatchResult.Failure(message);
+            }
+        }
+
+        return ReportEventDispatchResult.Success();
+    }
+
+    private static Dictionary<string, string> BuildMetadata(
+        ReportDefinition report,
+        ReportSourceDefinition source,
+        ReportEventKind eventKind)
+        => new(StringComparer.OrdinalIgnoreCase)
+        {
+            ["surface"] = "AdminReports",
+            ["reportId"] = report.ReportId,
+            ["reportName"] = report.Name,
+            ["ownerKind"] = "Report",
+            ["ownerId"] = report.ReportId,
+            ["ownerName"] = report.Name,
+            ["correlationId"] = Guid.NewGuid().ToString("N"),
+            ["sourceKind"] = source.Kind.ToString(),
+            ["sourceName"] = source.Name,
+            ["event"] = eventKind.ToString(),
+        };
+}
diff --git a/src/CSharpDB.Admin.Reports/Services/DefaultReportPreviewService.cs b/src/CSharpDB.Admin.Reports/Services/DefaultReportPreviewService.cs
index d7d02027..45b92466 100644
--- a/src/CSharpDB.Admin.Reports/Services/DefaultReportPreviewService.cs
+++ b/src/CSharpDB.Admin.Reports/Services/DefaultReportPreviewService.cs
@@ -1,20 +1,30 @@
 using CSharpDB.Admin.Reports.Contracts;
 using CSharpDB.Admin.Reports.Models;
 using CSharpDB.Client;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Admin.Reports.Services;
 
-public sealed class DefaultReportPreviewService(ICSharpDbClient dbClient, IReportSourceProvider sourceProvider) : IReportPreviewService
+public sealed class DefaultReportPreviewService(
+    ICSharpDbClient dbClient,
+    IReportSourceProvider sourceProvider,
+    DbFunctionRegistry? functions = null,
+    IReportEventDispatcher? reportEvents = null,
+    DbExtensionPolicy? callbackPolicy = null) : IReportPreviewService
 {
     internal const int MaxPreviewRows = 10000;
     internal const int MaxPreviewPages = 250;
     private const double PixelsPerInch = 96.0;
+    private readonly IReportEventDispatcher _reportEvents = reportEvents ?? NullReportEventDispatcher.Instance;
+    private readonly DbExtensionPolicy _callbackPolicy = callbackPolicy ?? DbExtensionPolicies.DefaultHostCallbackPolicy;
 
     public async Task<ReportPreviewResult> BuildPreviewAsync(ReportDefinition report, CancellationToken ct = default)
     {
         ReportSourceDefinition source = await sourceProvider.GetSourceDefinitionAsync(report.Source)
             ?? throw new InvalidOperationException($"Source '{report.Source.Name}' is no longer available.");
 
+        await DispatchReportEventOrThrowAsync(report, source, ReportEventKind.OnOpen, runtimeArguments: null, ct);
+
         IReadOnlyList<Dictionary<string, object?>> loadedRows = source.Kind switch
         {
             ReportSourceKind.SavedQuery => SortRowsInMemory(
@@ -25,11 +35,24 @@ public async Task<ReportPreviewResult> BuildPreviewAsync(ReportDefinition report
         bool rowTruncated = loadedRows.Count > MaxPreviewRows;
         List<Dictionary<string, object?>> rows = loadedRows.Take(MaxPreviewRows).ToList();
 
-        IReadOnlyList<ReportPreviewPage> pages = Paginate(report, rows, out bool pageTruncated);
+        await DispatchReportEventOrThrowAsync(
+            report,
+            source,
+            ReportEventKind.BeforeRender,
+            new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["rowCount"] = rows.Count,
+                ["loadedRowCount"] = loadedRows.Count,
+                ["rowTruncated"] = rowTruncated,
+                ["maxPreviewRows"] = MaxPreviewRows,
+            },
+            ct);
+
+        IReadOnlyList<ReportPreviewPage> pages = Paginate(report, rows, functions ?? DbFunctionRegistry.Empty, _callbackPolicy, out bool pageTruncated);
         bool hasSchemaDrift = !string.Equals(source.SourceSchemaSignature, report.SourceSchemaSignature, StringComparison.Ordinal);
         string? warning = BuildWarning(rowTruncated, pageTruncated, hasSchemaDrift);
 
-        return new ReportPreviewResult(
+        var result = new ReportPreviewResult(
             report,
             source,
             pages,
@@ -38,6 +61,38 @@ public async Task<ReportPreviewResult> BuildPreviewAsync(ReportDefinition report
             hasSchemaDrift,
             warning,
             DateTime.UtcNow);
+
+        await DispatchReportEventOrThrowAsync(
+            report,
+            source,
+            ReportEventKind.AfterRender,
+            new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["rowCount"] = result.TotalRows,
+                ["pageCount"] = result.Pages.Count,
+                ["isTruncated"] = result.IsTruncated,
+                ["hasSchemaDrift"] = result.HasSchemaDrift,
+            },
+            ct);
+
+        return result;
+    }
+
+    private async Task DispatchReportEventOrThrowAsync(
+        ReportDefinition report,
+        ReportSourceDefinition source,
+        ReportEventKind eventKind,
+        IReadOnlyDictionary<string, object?>? runtimeArguments,
+        CancellationToken ct)
+    {
+        ReportEventDispatchResult dispatchResult = await _reportEvents.DispatchAsync(report, source, eventKind, runtimeArguments, ct);
+        if (!dispatchResult.Succeeded)
+        {
+            string message = string.IsNullOrWhiteSpace(dispatchResult.Message)
+                ? $"Report event '{eventKind}' failed."
+                : dispatchResult.Message;
+            throw new InvalidOperationException(message);
+        }
     }
 
     private static string? BuildWarning(bool rowTruncated, bool pageTruncated, bool hasSchemaDrift)
@@ -120,7 +175,12 @@ private static int CompareValues(object? left, object? right)
             Convert.ToString(normalizedRight, System.Globalization.CultureInfo.InvariantCulture));
     }
 
-    private static IReadOnlyList<ReportPreviewPage> Paginate(ReportDefinition report, List<Dictionary<string, object?>> rows, out bool pageTruncated)
+    private static IReadOnlyList<ReportPreviewPage> Paginate(
+        ReportDefinition report,
+        List<Dictionary<string, object?>> rows,
+        DbFunctionRegistry functions,
+        DbExtensionPolicy callbackPolicy,
+        out bool pageTruncated)
     {
         pageTruncated = false;
         var pages = new List<ReportPreviewPage>();
@@ -159,7 +219,7 @@ void StartPage()
             remainingBodyHeight = bodyHeight;
 
             if (pageHeader is not null)
-                currentBands.Add(RenderBand(pageHeader, row: null, rows: [], pageNumber: pages.Count + 1, generatedUtc));
+                currentBands.Add(RenderBand(pageHeader, row: null, rows: [], pageNumber: pages.Count + 1, generatedUtc: generatedUtc, functions: functions, callbackPolicy: callbackPolicy));
         }
 
         void FinalizePage()
@@ -168,7 +228,7 @@ void FinalizePage()
                 return;
 
             if (pageFooter is not null)
-                currentBands.Add(RenderBand(pageFooter, row: null, rows: [], pageNumber: pages.Count + 1, generatedUtc));
+                currentBands.Add(RenderBand(pageFooter, row: null, rows: [], pageNumber: pages.Count + 1, generatedUtc: generatedUtc, functions: functions, callbackPolicy: callbackPolicy));
 
             pages.Add(new ReportPreviewPage(pages.Count + 1, currentBands.ToArray()));
             currentBands = null;
@@ -202,7 +262,7 @@ bool TryAddBand(ReportRenderedBand band)
             return pages;
         }
 
-        if (reportHeader is not null && !TryAddBand(RenderBand(reportHeader, row: rows.FirstOrDefault(), rows, pageNumber: pages.Count + 1, generatedUtc)))
+        if (reportHeader is not null && !TryAddBand(RenderBand(reportHeader, row: rows.FirstOrDefault(), rows: rows, pageNumber: pages.Count + 1, generatedUtc: generatedUtc, functions: functions, callbackPolicy: callbackPolicy)))
         {
             pageTruncated = truncated;
             return pages;
@@ -230,7 +290,7 @@ bool TryAddBand(ReportRenderedBand band)
                         continue;
 
                     IReadOnlyList<Dictionary<string, object?>> groupRows = rows.Skip(groupStartIndices[groupIndex]).Take(rowIndex - groupStartIndices[groupIndex]).ToArray();
-                    if (!TryAddBand(RenderBand(footerBand, row: rows[rowIndex - 1], groupRows, pageNumber: pages.Count + 1, generatedUtc)))
+                    if (!TryAddBand(RenderBand(footerBand, row: rows[rowIndex - 1], rows: groupRows, pageNumber: pages.Count + 1, generatedUtc: generatedUtc, functions: functions, callbackPolicy: callbackPolicy)))
                     {
                         pageTruncated = truncated;
                         return pages;
@@ -253,7 +313,7 @@ bool TryAddBand(ReportRenderedBand band)
                     if (headerBand is null)
                         continue;
 
-                    if (!TryAddBand(RenderBand(headerBand, row, [row], pageNumber: pages.Count + 1, generatedUtc)))
+                    if (!TryAddBand(RenderBand(headerBand, row: row, rows: [row], pageNumber: pages.Count + 1, generatedUtc: generatedUtc, functions: functions, callbackPolicy: callbackPolicy)))
                     {
                         pageTruncated = truncated;
                         return pages;
@@ -263,7 +323,7 @@ bool TryAddBand(ReportRenderedBand band)
 
             havePreviousRow = true;
 
-            if (detailBand is not null && !TryAddBand(RenderBand(detailBand, row, [row], pageNumber: pages.Count + 1, generatedUtc)))
+            if (detailBand is not null && !TryAddBand(RenderBand(detailBand, row: row, rows: [row], pageNumber: pages.Count + 1, generatedUtc: generatedUtc, functions: functions, callbackPolicy: callbackPolicy)))
             {
                 pageTruncated = truncated;
                 return pages;
@@ -283,7 +343,7 @@ bool TryAddBand(ReportRenderedBand band)
                     continue;
 
                 IReadOnlyList<Dictionary<string, object?>> groupRows = rows.Skip(groupStartIndices[groupIndex]).ToArray();
-                if (!TryAddBand(RenderBand(footerBand, row: rows[^1], groupRows, pageNumber: pages.Count + 1, generatedUtc)))
+                if (!TryAddBand(RenderBand(footerBand, row: rows[^1], rows: groupRows, pageNumber: pages.Count + 1, generatedUtc: generatedUtc, functions: functions, callbackPolicy: callbackPolicy)))
                 {
                     pageTruncated = truncated;
                     return pages;
@@ -292,7 +352,7 @@ bool TryAddBand(ReportRenderedBand band)
         }
 
         if (reportFooter is not null)
-            TryAddBand(RenderBand(reportFooter, row: rows.LastOrDefault(), rows, pageNumber: pages.Count + 1, generatedUtc));
+            TryAddBand(RenderBand(reportFooter, row: rows.LastOrDefault(), rows: rows, pageNumber: pages.Count + 1, generatedUtc: generatedUtc, functions: functions, callbackPolicy: callbackPolicy));
 
         FinalizePage();
         pageTruncated = truncated;
@@ -320,28 +380,49 @@ private static int FindChangedGroupIndex(IReadOnlyList<ReportGroupDefinition> gr
     private static ReportBandDefinition? FindBand(ReportDefinition report, ReportBandKind kind, string? groupId)
         => report.Bands.FirstOrDefault(band => band.BandKind == kind && string.Equals(band.GroupId, groupId, StringComparison.Ordinal));
 
-    private static ReportRenderedBand RenderBand(ReportBandDefinition band, IReadOnlyDictionary<string, object?>? row, IReadOnlyList<Dictionary<string, object?>> rows, int pageNumber, DateTime generatedUtc)
+    private static ReportRenderedBand RenderBand(
+        ReportBandDefinition band,
+        IReadOnlyDictionary<string, object?>? row,
+        IReadOnlyList<Dictionary<string, object?>> rows,
+        int pageNumber,
+        DateTime generatedUtc,
+        DbFunctionRegistry functions,
+        DbExtensionPolicy callbackPolicy)
     {
         ReportRenderedControl[] renderedControls = band.Controls
-            .Select(control => RenderControl(control, row, rows, pageNumber, generatedUtc))
+            .Select(control => RenderControl(control, row, rows, pageNumber, generatedUtc, functions, callbackPolicy))
             .ToArray();
         return new ReportRenderedBand(band.BandId, band.BandKind, band.GroupId, band.Height, renderedControls);
     }
 
-    private static ReportRenderedControl RenderControl(ReportControlDefinition control, IReadOnlyDictionary<string, object?>? row, IReadOnlyList<Dictionary<string, object?>> rows, int pageNumber, DateTime generatedUtc)
+    private static ReportRenderedControl RenderControl(
+        ReportControlDefinition control,
+        IReadOnlyDictionary<string, object?>? row,
+        IReadOnlyList<Dictionary<string, object?>> rows,
+        int pageNumber,
+        DateTime generatedUtc,
+        DbFunctionRegistry functions,
+        DbExtensionPolicy callbackPolicy)
     {
         string? text = control.ControlType switch
         {
             ReportControlType.Label => LookupProp(control.Props, "text"),
             ReportControlType.BoundText => ReportSql.FormatDisplayValue(LookupFieldValue(row, control.BoundFieldName), control.FormatString),
-            ReportControlType.CalculatedText => RenderCalculatedText(control, row, rows, pageNumber, generatedUtc),
+            ReportControlType.CalculatedText => RenderCalculatedText(control, row, rows, pageNumber, generatedUtc, functions, callbackPolicy),
             _ => null,
         };
 
         return new ReportRenderedControl(control.ControlId, control.ControlType, control.Rect, text, control.Props);
     }
 
-    private static string RenderCalculatedText(ReportControlDefinition control, IReadOnlyDictionary<string, object?>? row, IReadOnlyList<Dictionary<string, object?>> rows, int pageNumber, DateTime generatedUtc)
+    private static string RenderCalculatedText(
+        ReportControlDefinition control,
+        IReadOnlyDictionary<string, object?>? row,
+        IReadOnlyList<Dictionary<string, object?>> rows,
+        int pageNumber,
+        DateTime generatedUtc,
+        DbFunctionRegistry functions,
+        DbExtensionPolicy callbackPolicy)
     {
         string expression = control.Expression?.Trim() ?? string.Empty;
         string? prefix = LookupProp(control.Props, "prefix");
@@ -352,6 +433,8 @@ private static string RenderCalculatedText(ReportControlDefinition control, IRea
             "=PrintDate" => ReportSql.FormatDisplayValue(generatedUtc, control.FormatString),
             _ when ReportFormulaEvaluator.TryParseAggregate(expression, out string functionName, out string fieldName)
                 => ReportSql.FormatDisplayValue(ReportFormulaEvaluator.EvaluateAggregate(functionName, rows.Select(item => LookupFieldValue(item, fieldName))), control.FormatString),
+            _ when ReportFormulaEvaluator.TryEvaluateScalar(expression, field => LookupFieldValue(row, field), functions, callbackPolicy, out object? scalarValue)
+                => ReportSql.FormatDisplayValue(scalarValue, control.FormatString),
             _ when row is not null && ReportFormulaEvaluator.TryReadFieldReference(expression.TrimStart('='), out string boundFieldName)
                 => ReportSql.FormatDisplayValue(LookupFieldValue(row, boundFieldName), control.FormatString),
             _ when row is not null
@@ -360,7 +443,7 @@ _ when row is not null
                     {
                         object? fieldValue = LookupFieldValue(row, field);
                         return ReportSql.TryConvertToDouble(fieldValue, out double numeric) ? numeric : null;
-                    }),
+                    }, functions, callbackPolicy),
                     control.FormatString),
             _ => string.Empty,
         };
diff --git a/src/CSharpDB.Admin.Reports/Services/NullReportEventDispatcher.cs b/src/CSharpDB.Admin.Reports/Services/NullReportEventDispatcher.cs
new file mode 100644
index 00000000..80dd322b
--- /dev/null
+++ b/src/CSharpDB.Admin.Reports/Services/NullReportEventDispatcher.cs
@@ -0,0 +1,21 @@
+using CSharpDB.Admin.Reports.Contracts;
+using CSharpDB.Admin.Reports.Models;
+
+namespace CSharpDB.Admin.Reports.Services;
+
+public sealed class NullReportEventDispatcher : IReportEventDispatcher
+{
+    public static NullReportEventDispatcher Instance { get; } = new();
+
+    private NullReportEventDispatcher()
+    {
+    }
+
+    public Task<ReportEventDispatchResult> DispatchAsync(
+        ReportDefinition report,
+        ReportSourceDefinition source,
+        ReportEventKind eventKind,
+        IReadOnlyDictionary<string, object?>? runtimeArguments = null,
+        CancellationToken ct = default)
+        => Task.FromResult(ReportEventDispatchResult.Success());
+}
diff --git a/src/CSharpDB.Admin.Reports/Services/ReportAutomationMetadata.cs b/src/CSharpDB.Admin.Reports/Services/ReportAutomationMetadata.cs
new file mode 100644
index 00000000..9a2e3f5f
--- /dev/null
+++ b/src/CSharpDB.Admin.Reports/Services/ReportAutomationMetadata.cs
@@ -0,0 +1,44 @@
+using CSharpDB.Admin.Reports.Models;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Reports.Services;
+
+public static class ReportAutomationMetadata
+{
+    private const string Surface = "admin.reports";
+    private static readonly string[] IgnoredFormulaFunctions = ["SUM", "COUNT", "AVG", "MIN", "MAX"];
+
+    public static ReportDefinition NormalizeForExport(ReportDefinition report)
+    {
+        ArgumentNullException.ThrowIfNull(report);
+
+        DbAutomationMetadata metadata = Build(report);
+        return report with { Automation = metadata.IsEmpty ? null : metadata };
+    }
+
+    public static DbAutomationMetadata Build(ReportDefinition report)
+    {
+        ArgumentNullException.ThrowIfNull(report);
+
+        var builder = new DbAutomationMetadataBuilder();
+        foreach (ReportEventBinding binding in report.EventBindings ?? [])
+            builder.AddCommand(binding.CommandName, Surface, $"report.events.{binding.Event}");
+
+        foreach (ReportBandDefinition band in report.Bands)
+        {
+            foreach (ReportControlDefinition control in band.Controls)
+                AddScalarFunctions(builder, control.Expression, $"bands.{band.BandId}.controls.{control.ControlId}.expression");
+        }
+
+        return builder.Build();
+    }
+
+    private static void AddScalarFunctions(DbAutomationMetadataBuilder builder, string? expression, string location)
+    {
+        foreach (DbAutomationScalarFunctionCall call in
+            DbAutomationExpressionInspector.FindScalarFunctionCalls(expression, IgnoredFormulaFunctions))
+        {
+            builder.AddScalarFunction(call.Name, call.Arity, Surface, location);
+        }
+    }
+}
diff --git a/src/CSharpDB.Admin.Reports/Services/ReportFormulaEvaluator.cs b/src/CSharpDB.Admin.Reports/Services/ReportFormulaEvaluator.cs
index f1d7ec69..00990bf4 100644
--- a/src/CSharpDB.Admin.Reports/Services/ReportFormulaEvaluator.cs
+++ b/src/CSharpDB.Admin.Reports/Services/ReportFormulaEvaluator.cs
@@ -1,3 +1,6 @@
+using System.Globalization;
+using CSharpDB.Primitives;
+
 namespace CSharpDB.Admin.Reports.Services;
 
 public static class ReportFormulaEvaluator
@@ -5,6 +8,19 @@ public static class ReportFormulaEvaluator
     private static readonly string[] AggregateFunctions = ["SUM", "COUNT", "AVG", "MIN", "MAX"];
 
     public static double? EvaluateNumeric(string? expression, Func<string, double?> fieldResolver)
+        => EvaluateNumeric(expression, fieldResolver, DbFunctionRegistry.Empty);
+
+    public static double? EvaluateNumeric(
+        string? expression,
+        Func<string, double?> fieldResolver,
+        DbFunctionRegistry? functions)
+        => EvaluateNumeric(expression, fieldResolver, functions, callbackPolicy: null);
+
+    public static double? EvaluateNumeric(
+        string? expression,
+        Func<string, double?> fieldResolver,
+        DbFunctionRegistry? functions,
+        DbExtensionPolicy? callbackPolicy)
     {
         if (string.IsNullOrWhiteSpace(expression))
             return null;
@@ -19,7 +35,7 @@ public static class ReportFormulaEvaluator
 
         try
         {
-            var parser = new Parser(expr, fieldResolver);
+            var parser = new Parser(expr, fieldResolver, functions ?? DbFunctionRegistry.Empty, callbackPolicy);
             double? result = parser.ParseExpression();
             if (parser.Position < parser.Input.Length)
                 return null;
@@ -32,6 +48,36 @@ public static class ReportFormulaEvaluator
         }
     }
 
+    public static bool TryEvaluateScalar(
+        string? expression,
+        Func<string, object?> fieldResolver,
+        DbFunctionRegistry? functions,
+        out object? value)
+        => TryEvaluateScalar(expression, fieldResolver, functions, callbackPolicy: null, out value);
+
+    public static bool TryEvaluateScalar(
+        string? expression,
+        Func<string, object?> fieldResolver,
+        DbFunctionRegistry? functions,
+        DbExtensionPolicy? callbackPolicy,
+        out object? value)
+    {
+        value = null;
+        if (functions == null || string.IsNullOrWhiteSpace(expression))
+            return false;
+
+        string expr = expression.Trim();
+        if (!expr.StartsWith('='))
+            return false;
+
+        expr = expr[1..].Trim();
+        if (!TryEvaluateFunctionCall(expr, fieldResolver, functions, callbackPolicy, out DbValue dbValue))
+            return false;
+
+        value = FromDbValue(dbValue);
+        return true;
+    }
+
     public static bool TryParseAggregate(string? expression, out string functionName, out string fieldName)
     {
         functionName = fieldName = string.Empty;
@@ -109,12 +155,20 @@ private ref struct Parser
         public int Position;
 
         private readonly Func<string, double?> _fieldResolver;
-
-        public Parser(string input, Func<string, double?> fieldResolver)
+        private readonly DbFunctionRegistry _functions;
+        private readonly DbExtensionPolicy? _callbackPolicy;
+
+        public Parser(
+            string input,
+            Func<string, double?> fieldResolver,
+            DbFunctionRegistry functions,
+            DbExtensionPolicy? callbackPolicy)
         {
             Input = input.AsSpan();
             Position = 0;
             _fieldResolver = fieldResolver;
+            _functions = functions;
+            _callbackPolicy = callbackPolicy;
         }
 
         public double? ParseExpression()
@@ -226,7 +280,14 @@ public Parser(string input, Func<string, double?> fieldResolver)
                 return ParseNumber();
 
             string? fieldReference = ParseFieldReference();
-            return fieldReference is null ? null : _fieldResolver(fieldReference);
+            if (fieldReference is null)
+                return null;
+
+            SkipWhitespace();
+            if (Position < Input.Length && Input[Position] == '(' && IsIdentifier(fieldReference))
+                return ParseFunctionCall(fieldReference);
+
+            return _fieldResolver(fieldReference);
         }
 
         private double? ParseNumber()
@@ -270,10 +331,246 @@ public Parser(string input, Func<string, double?> fieldResolver)
             return Input[identifierStart..Position].ToString();
         }
 
+        private double? ParseFunctionCall(string functionName)
+        {
+            Position++;
+            var arguments = new List<DbValue>();
+            SkipWhitespace();
+            if (Position < Input.Length && Input[Position] == ')')
+            {
+                Position++;
+                return InvokeFunction(functionName, arguments);
+            }
+
+            while (Position < Input.Length)
+            {
+                double? argument = ParseExpression();
+                arguments.Add(argument.HasValue ? DbValue.FromReal(argument.Value) : DbValue.Null);
+
+                SkipWhitespace();
+                if (Position < Input.Length && Input[Position] == ',')
+                {
+                    Position++;
+                    continue;
+                }
+
+                if (Position < Input.Length && Input[Position] == ')')
+                {
+                    Position++;
+                    return InvokeFunction(functionName, arguments);
+                }
+
+                return null;
+            }
+
+            return null;
+        }
+
+        private double? InvokeFunction(string functionName, List<DbValue> arguments)
+        {
+            if (!_functions.TryGetScalar(functionName, arguments.Count, out var definition))
+            {
+                DbCallbackDiagnostics.WriteMissingScalarInvocation(
+                    functionName,
+                    arguments.Count,
+                    CreateReportCallbackMetadata(functionName),
+                    $"Unknown scalar function '{functionName}'.");
+                return null;
+            }
+
+            if (definition.Options.NullPropagating && arguments.Any(static argument => argument.IsNull))
+                return null;
+
+            try
+            {
+                DbValue[] dbArguments = arguments.ToArray();
+                IReadOnlyDictionary<string, string>? metadata = CreateReportCallbackMetadata(functionName);
+                DbValue value = _callbackPolicy is null
+                    ? definition.Invoke(dbArguments, metadata)
+                    : definition.Invoke(dbArguments, metadata, _callbackPolicy, DbExtensionHostMode.Embedded);
+                return value.Type switch
+                {
+                    DbType.Integer => value.AsInteger,
+                    DbType.Real => value.AsReal,
+                    _ => null,
+                };
+            }
+            catch
+            {
+                return null;
+            }
+        }
+
         private void SkipWhitespace()
         {
             while (Position < Input.Length && char.IsWhiteSpace(Input[Position]))
                 Position++;
         }
     }
+
+    private static bool TryEvaluateFunctionCall(
+        string expression,
+        Func<string, object?> fieldResolver,
+        DbFunctionRegistry functions,
+        DbExtensionPolicy? callbackPolicy,
+        out DbValue value)
+    {
+        value = DbValue.Null;
+        int openParen = expression.IndexOf('(');
+        if (openParen <= 0 || !expression.EndsWith(')'))
+            return false;
+
+        string name = expression[..openParen].Trim();
+        if (!IsIdentifier(name))
+            return false;
+
+        string[] argumentTokens = SplitArguments(expression[(openParen + 1)..^1]);
+        if (!functions.TryGetScalar(name, argumentTokens.Length, out var definition))
+        {
+            DbCallbackDiagnostics.WriteMissingScalarInvocation(
+                name,
+                argumentTokens.Length,
+                CreateReportCallbackMetadata(name),
+                $"Unknown scalar function '{name}'.");
+            return false;
+        }
+
+        var arguments = new DbValue[argumentTokens.Length];
+        for (int i = 0; i < argumentTokens.Length; i++)
+            arguments[i] = EvaluateScalarArgument(argumentTokens[i].Trim(), fieldResolver, functions, callbackPolicy);
+
+        if (definition.Options.NullPropagating && arguments.Any(static argument => argument.IsNull))
+        {
+            value = DbValue.Null;
+            return true;
+        }
+
+        IReadOnlyDictionary<string, string>? metadata = CreateReportCallbackMetadata(name);
+        value = callbackPolicy is null
+            ? definition.Invoke(arguments, metadata)
+            : definition.Invoke(arguments, metadata, callbackPolicy, DbExtensionHostMode.Embedded);
+        return true;
+    }
+
+    private static DbValue EvaluateScalarArgument(
+        string token,
+        Func<string, object?> fieldResolver,
+        DbFunctionRegistry functions,
+        DbExtensionPolicy? callbackPolicy)
+    {
+        if (TryEvaluateFunctionCall(token, fieldResolver, functions, callbackPolicy, out DbValue nestedValue))
+            return nestedValue;
+
+        if (token.StartsWith('\'') && token.EndsWith('\'') && token.Length >= 2)
+            return DbValue.FromText(token[1..^1]);
+
+        if (string.Equals(token, "null", StringComparison.OrdinalIgnoreCase))
+            return DbValue.Null;
+
+        if (long.TryParse(token, NumberStyles.Integer, CultureInfo.InvariantCulture, out long integer))
+            return DbValue.FromInteger(integer);
+
+        if (double.TryParse(token, NumberStyles.Float | NumberStyles.AllowThousands, CultureInfo.InvariantCulture, out double real))
+            return DbValue.FromReal(real);
+
+        if (TryReadFieldReference(token, out string fieldName))
+            return ToDbValue(fieldResolver(fieldName));
+
+        return DbValue.FromText(token);
+    }
+
+    private static string[] SplitArguments(string argumentsText)
+    {
+        if (string.IsNullOrWhiteSpace(argumentsText))
+            return [];
+
+        var arguments = new List<string>();
+        int start = 0;
+        int depth = 0;
+        bool inString = false;
+        for (int i = 0; i < argumentsText.Length; i++)
+        {
+            char ch = argumentsText[i];
+            if (ch == '\'')
+            {
+                inString = !inString;
+                continue;
+            }
+
+            if (inString)
+                continue;
+
+            if (ch == '(')
+            {
+                depth++;
+                continue;
+            }
+
+            if (ch == ')')
+            {
+                depth--;
+                if (depth < 0)
+                    return [];
+                continue;
+            }
+
+            if (ch == ',' && depth == 0)
+            {
+                arguments.Add(argumentsText[start..i].Trim());
+                start = i + 1;
+            }
+        }
+
+        if (inString || depth != 0)
+            return [];
+
+        arguments.Add(argumentsText[start..].Trim());
+        return arguments.Any(static argument => argument.Length == 0) ? [] : arguments.ToArray();
+    }
+
+    private static DbValue ToDbValue(object? value) => value switch
+    {
+        null => DbValue.Null,
+        DbValue dbValue => dbValue,
+        bool boolean => DbValue.FromInteger(boolean ? 1 : 0),
+        byte or sbyte or short or ushort or int or uint or long => DbValue.FromInteger(Convert.ToInt64(value, CultureInfo.InvariantCulture)),
+        float or double or decimal => DbValue.FromReal(Convert.ToDouble(value, CultureInfo.InvariantCulture)),
+        string text => DbValue.FromText(text),
+        byte[] bytes => DbValue.FromBlob(bytes),
+        _ => DbValue.FromText(Convert.ToString(value, CultureInfo.InvariantCulture) ?? string.Empty),
+    };
+
+    private static object? FromDbValue(DbValue value) => value.Type switch
+    {
+        DbType.Null => null,
+        DbType.Integer => value.AsInteger,
+        DbType.Real => value.AsReal,
+        DbType.Text => value.AsText,
+        DbType.Blob => value.AsBlob,
+        _ => null,
+    };
+
+    private static bool IsIdentifier(string value)
+    {
+        if (value.Length == 0 || (!char.IsLetter(value[0]) && value[0] != '_'))
+            return false;
+
+        for (int i = 1; i < value.Length; i++)
+        {
+            if (!char.IsLetterOrDigit(value[i]) && value[i] != '_')
+                return false;
+        }
+
+        return true;
+    }
+
+    private static IReadOnlyDictionary<string, string>? CreateReportCallbackMetadata(string functionName)
+        => DbCallbackDiagnostics.IsInvocationEnabled
+            ? new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["surface"] = "AdminReports",
+                ["location"] = $"expressions.functions.{functionName}",
+                ["correlationId"] = Guid.NewGuid().ToString("N"),
+            }
+            : null;
 }
diff --git a/src/CSharpDB.Admin/CSharpDB.Admin.csproj b/src/CSharpDB.Admin/CSharpDB.Admin.csproj
index 2bafa2c4..2c073bb4 100644
--- a/src/CSharpDB.Admin/CSharpDB.Admin.csproj
+++ b/src/CSharpDB.Admin/CSharpDB.Admin.csproj
@@ -9,6 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\CSharpDB.Primitives\CSharpDB.Primitives.csproj" />
     <ProjectReference Include="..\CSharpDB.Client\CSharpDB.Client.csproj" />
     <ProjectReference Include="..\CSharpDB.Admin.Forms\CSharpDB.Admin.Forms.csproj" />
     <ProjectReference Include="..\CSharpDB.Admin.Reports\CSharpDB.Admin.Reports.csproj" />
diff --git a/src/CSharpDB.Admin/Components/App.razor b/src/CSharpDB.Admin/Components/App.razor
index f8aa1a15..23e4caf1 100644
--- a/src/CSharpDB.Admin/Components/App.razor
+++ b/src/CSharpDB.Admin/Components/App.razor
@@ -12,7 +12,7 @@
     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
     <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" />
     <link rel="stylesheet" href="css/app.css?v=20260310" />
-    <link rel="stylesheet" href="_content/CSharpDB.Admin.Forms/css/designer.css" />
+    <link rel="stylesheet" href="_content/CSharpDB.Admin.Forms/css/designer.css?v=20260429" />
     <link rel="stylesheet" href="_content/CSharpDB.Admin.Reports/css/reports.css" />
     <HeadOutlet />
 </head>
diff --git a/src/CSharpDB.Admin/Components/Layout/CommandPalette.razor b/src/CSharpDB.Admin/Components/Layout/CommandPalette.razor
new file mode 100644
index 00000000..40fb3611
--- /dev/null
+++ b/src/CSharpDB.Admin/Components/Layout/CommandPalette.razor
@@ -0,0 +1,346 @@
+@using CSharpDB.Primitives
+@inject ICSharpDbClient DbClient
+@inject IFormRepository FormRepository
+@inject IReportRepository ReportRepository
+@inject TabManagerService TabManager
+@inject HostCallbackCatalogService CallbackCatalog
+@inject DatabaseChangeService Changes
+@inject ModalService Modal
+@inject ToastService Toast
+@inject IJSRuntime JS
+@implements IDisposable
+
+@if (Visible)
+{
+    <div class="command-palette-backdrop" @onclick="CloseAsync">
+        <div class="command-palette" role="dialog" aria-modal="true" aria-label="Command palette" @onclick:stopPropagation>
+            <div class="command-palette-search">
+                <i class="bi bi-search"></i>
+                <input id="admin-command-palette-search"
+                       value="@_query"
+                       @oninput="OnQueryChanged"
+                       @onkeydown="HandleKeyDown"
+                       placeholder="Search commands, tables, collections, forms, reports..." />
+                <span class="kbd">Esc</span>
+            </div>
+
+            <div class="command-palette-body">
+                @if (_loading)
+                {
+                    <div class="command-palette-empty">Loading commands...</div>
+                }
+                else if (FilteredItems.Count == 0)
+                {
+                    <div class="command-palette-empty">No matching commands</div>
+                }
+                else
+                {
+                    @foreach (PaletteItem item in FilteredItems)
+                    {
+                        <button class="command-palette-item" @onclick="() => ExecuteAsync(item)">
+                            <span class="command-palette-icon @item.IconClass"><i class="bi @item.Icon"></i></span>
+                            <span class="command-palette-copy">
+                                <strong>@item.Title</strong>
+                                <small>@item.Subtitle</small>
+                            </span>
+                            <span class="command-palette-kind">@item.Kind</span>
+                        </button>
+                    }
+                }
+            </div>
+        </div>
+    </div>
+}
+
+@code {
+    [Parameter] public bool Visible { get; set; }
+    [Parameter] public EventCallback<bool> VisibleChanged { get; set; }
+
+    private readonly List<PaletteItem> _items = [];
+    private string _query = string.Empty;
+    private bool _loading;
+    private bool _loaded;
+
+    private IReadOnlyList<PaletteItem> FilteredItems
+    {
+        get
+        {
+            if (string.IsNullOrWhiteSpace(_query))
+                return _items.Take(32).ToList();
+
+            string query = _query.Trim();
+            return _items
+                .Where(item => item.Title.Contains(query, StringComparison.OrdinalIgnoreCase)
+                               || item.Subtitle.Contains(query, StringComparison.OrdinalIgnoreCase)
+                               || item.Kind.Contains(query, StringComparison.OrdinalIgnoreCase))
+                .Take(32)
+                .ToList();
+        }
+    }
+
+    protected override async Task OnParametersSetAsync()
+    {
+        if (Visible && !_loaded && !_loading)
+            await LoadItemsAsync();
+    }
+
+    protected override async Task OnAfterRenderAsync(bool firstRender)
+    {
+        if (Visible)
+        {
+            try { await JS.InvokeVoidAsync("editorInterop.focus", "admin-command-palette-search"); }
+            catch { }
+        }
+    }
+
+    private async Task LoadItemsAsync()
+    {
+        _loading = true;
+        try
+        {
+            _items.Clear();
+            AddCoreCommands();
+            await AddCallbackCommandsAsync();
+
+            IReadOnlyCollection<string> tables = await DbClient.GetTableNamesAsync();
+            foreach (string tableName in tables.Where(static name => !name.StartsWith("_", StringComparison.Ordinal)).OrderBy(name => name))
+            {
+                string captured = tableName;
+                _items.Add(new PaletteItem(
+                    "Table",
+                    captured,
+                    "Open table data",
+                    "bi-table",
+                    "icon-table",
+                    () => { TabManager.OpenTableTab(captured); return Task.CompletedTask; }));
+                _items.Add(new PaletteItem(
+                    "Schema",
+                    $"Design {captured}",
+                    "Open table schema",
+                    "bi-file-earmark-code",
+                    "icon-system",
+                    () => { TabManager.OpenTableSchemaTab(captured); return Task.CompletedTask; }));
+            }
+
+            IReadOnlyCollection<string> views = await DbClient.GetViewNamesAsync();
+            foreach (string viewName in views.OrderBy(name => name))
+            {
+                string captured = viewName;
+                _items.Add(new PaletteItem(
+                    "View",
+                    captured,
+                    "Open view data",
+                    "bi-eye",
+                    "icon-view",
+                    () => { TabManager.OpenViewTab(captured); return Task.CompletedTask; }));
+            }
+
+            IReadOnlyCollection<string> collections = await DbClient.GetCollectionNamesAsync();
+            foreach (string collectionName in collections.OrderBy(name => name, StringComparer.OrdinalIgnoreCase))
+            {
+                string captured = collectionName;
+                _items.Add(new PaletteItem(
+                    "Collection",
+                    captured,
+                    "Open collection documents",
+                    "bi-braces",
+                    "icon-view",
+                    () => { TabManager.OpenCollectionTab(captured); return Task.CompletedTask; }));
+            }
+
+            foreach (ProcedureDefinition procedure in (await DbClient.GetProceduresAsync()).OrderBy(procedure => procedure.Name))
+            {
+                string captured = procedure.Name;
+                _items.Add(new PaletteItem(
+                    "Procedure",
+                    captured,
+                    procedure.Description ?? "Open procedure",
+                    "bi-gear-wide-connected",
+                    "icon-trigger",
+                    () => { TabManager.OpenProcedureTab(captured); return Task.CompletedTask; }));
+            }
+
+            foreach (FormDefinition form in (await FormRepository.ListAsync()).OrderBy(form => form.Name, StringComparer.OrdinalIgnoreCase))
+            {
+                FormDefinition captured = form;
+                _items.Add(new PaletteItem(
+                    "Form",
+                    captured.Name,
+                    $"Design form for {captured.TableName}",
+                    "bi-ui-checks-grid",
+                    "icon-form",
+                    () => { TabManager.OpenFormDesignerTab(captured.FormId, title: captured.Name); return Task.CompletedTask; }));
+                _items.Add(new PaletteItem(
+                    "Form",
+                    $"Open {captured.Name}",
+                    $"Data entry for {captured.TableName}",
+                    "bi-file-earmark-text",
+                    "icon-form",
+                    () => { TabManager.OpenFormEntryTab(captured.FormId, captured.Name); return Task.CompletedTask; }));
+            }
+
+            foreach (ReportDefinition report in (await ReportRepository.ListAsync()).OrderBy(report => report.Name, StringComparer.OrdinalIgnoreCase))
+            {
+                ReportDefinition captured = report;
+                _items.Add(new PaletteItem(
+                    "Report",
+                    captured.Name,
+                    $"Design report from {captured.Source.Name}",
+                    "bi-file-earmark-richtext",
+                    "icon-report",
+                    () => { TabManager.OpenReportDesignerTab(captured.ReportId, title: captured.Name); return Task.CompletedTask; }));
+                _items.Add(new PaletteItem(
+                    "Report",
+                    $"Preview {captured.Name}",
+                    $"Render report from {captured.Source.Name}",
+                    "bi-printer",
+                    "icon-report",
+                    () => { TabManager.OpenReportPreviewTab(captured.ReportId, captured.Name); return Task.CompletedTask; }));
+            }
+
+            _loaded = true;
+        }
+        catch
+        {
+            _items.Clear();
+            AddCoreCommands();
+            _loaded = true;
+        }
+        finally
+        {
+            _loading = false;
+        }
+    }
+
+    private void AddCoreCommands()
+    {
+        _items.Add(new PaletteItem("Command", "New Query", "Open a SQL editor", "bi-terminal", "icon-system", () => { TabManager.OpenQueryTab(); return Task.CompletedTask; }));
+        _items.Add(new PaletteItem("Command", "New Table", "Open table designer", "bi-table", "icon-table", () => { TabManager.OpenTableDesignerTab(); return Task.CompletedTask; }));
+        _items.Add(new PaletteItem("Command", "New Collection", "Create or open a document collection", "bi-braces", "icon-view", OpenNewCollectionAsync));
+        _items.Add(new PaletteItem("Command", "Callbacks", "Open host callback catalog", "bi-plug", "icon-system", () => { TabManager.OpenCallbacksTab(); return Task.CompletedTask; }));
+        _items.Add(new PaletteItem("Command", "New Form", "Open form designer", "bi-ui-checks-grid", "icon-form", () => { TabManager.OpenFormDesignerTab(); return Task.CompletedTask; }));
+        _items.Add(new PaletteItem("Command", "New Report", "Open report designer", "bi-file-earmark-richtext", "icon-report", () => { TabManager.OpenReportDesignerTab(); return Task.CompletedTask; }));
+        _items.Add(new PaletteItem("Command", "New Procedure", "Open procedure editor", "bi-gear-wide-connected", "icon-trigger", () => { TabManager.OpenNewProcedureTab(); return Task.CompletedTask; }));
+        _items.Add(new PaletteItem("Command", "New Pipeline", "Open pipeline builder", "bi-diagram-3", "icon-view", () => { TabManager.OpenPipelineTab(); return Task.CompletedTask; }));
+        _items.Add(new PaletteItem("Command", "Storage Inspector", "Open storage diagnostics", "bi-hdd-stack", "icon-system", () => { TabManager.OpenStorageTab(); return Task.CompletedTask; }));
+    }
+
+    private async Task AddCallbackCommandsAsync()
+    {
+        foreach (HostCallbackCatalogEntry callback in await CallbackCatalog.GetEntriesAsync())
+        {
+            HostCallbackCatalogEntry captured = callback;
+            _items.Add(new PaletteItem(
+                captured.IsMissingRegistration ? "Missing callback" : GetCallbackKindLabel(captured.Kind),
+                captured.Name,
+                FormatCallbackSubtitle(captured),
+                captured.IsMissingRegistration ? "bi-exclamation-triangle" : "bi-plug",
+                captured.IsMissingRegistration ? "icon-report" : "icon-system",
+                () =>
+                {
+                    TabManager.OpenCallbacksTab(captured.Name, captured.Kind.ToString(), captured.Arity);
+                    return Task.CompletedTask;
+                }));
+        }
+    }
+
+    private async Task OpenNewCollectionAsync()
+    {
+        string? enteredName = await Modal.PromptAsync(
+            "New Collection",
+            CollectionNameValidator.HelpText,
+            "Create",
+            "collection_name");
+        if (enteredName is null)
+            return;
+
+        string collectionName = CollectionNameValidator.Normalize(enteredName);
+        if (!CollectionNameValidator.IsValid(collectionName))
+        {
+            Toast.Error(CollectionNameValidator.HelpText);
+            return;
+        }
+
+        try
+        {
+            await DbClient.BrowseCollectionAsync(collectionName, page: 1, pageSize: 1);
+            TabManager.OpenCollectionTab(collectionName);
+            Changes.NotifyChanged();
+        }
+        catch (Exception ex)
+        {
+            Toast.Error(ex.Message);
+        }
+    }
+
+    private Task OnQueryChanged(ChangeEventArgs e)
+    {
+        _query = e.Value?.ToString() ?? string.Empty;
+        return Task.CompletedTask;
+    }
+
+    private async Task HandleKeyDown(KeyboardEventArgs e)
+    {
+        if (e.Key == "Escape")
+            await CloseAsync();
+    }
+
+    private async Task ExecuteAsync(PaletteItem item)
+    {
+        await item.Execute();
+        await CloseAsync();
+    }
+
+    private async Task CloseAsync()
+    {
+        _query = string.Empty;
+        await VisibleChanged.InvokeAsync(false);
+    }
+
+    private void OnChanged()
+    {
+        _loaded = false;
+        if (Visible)
+            _ = InvokeAsync(LoadItemsAsync);
+    }
+
+    protected override void OnInitialized()
+    {
+        Changes.Changed += OnChanged;
+    }
+
+    public void Dispose()
+    {
+        Changes.Changed -= OnChanged;
+    }
+
+    private static string GetCallbackKindLabel(AutomationCallbackKind kind)
+        => kind switch
+        {
+            AutomationCallbackKind.ScalarFunction => "Scalar function",
+            AutomationCallbackKind.Command => "Command",
+            _ => kind.ToString(),
+        };
+
+    private static string FormatCallbackSubtitle(HostCallbackCatalogEntry callback)
+    {
+        if (callback.IsMissingRegistration)
+            return $"Missing registration, referenced {callback.References.Count} time{(callback.References.Count == 1 ? "" : "s")}";
+
+        if (!string.IsNullOrWhiteSpace(callback.Descriptor?.Description))
+            return callback.Descriptor.Description;
+
+        return callback.Descriptor is null || callback.Descriptor.Capabilities.Count == 0
+            ? callback.Descriptor?.Runtime.ToString() ?? "Callback"
+            : $"{callback.Descriptor.Runtime} · {string.Join(", ", callback.Descriptor.Capabilities.Select(static capability => capability.Name))}";
+    }
+
+    private sealed record PaletteItem(
+        string Kind,
+        string Title,
+        string Subtitle,
+        string Icon,
+        string IconClass,
+        Func<Task> Execute);
+
+}
diff --git a/src/CSharpDB.Admin/Components/Layout/MainLayout.razor b/src/CSharpDB.Admin/Components/Layout/MainLayout.razor
index f7ade104..9b77d2d7 100644
--- a/src/CSharpDB.Admin/Components/Layout/MainLayout.razor
+++ b/src/CSharpDB.Admin/Components/Layout/MainLayout.razor
@@ -6,7 +6,9 @@
 @implements IDisposable
 
 <div class="app-root">
-    <TitleBar OnToggleSidebar="ToggleSidebar" OnShowShortcuts="ShowShortcuts" />
+    <TitleBar OnToggleSidebar="ToggleSidebar"
+              OnShowShortcuts="ShowShortcuts"
+              OnOpenCommandPalette="OpenCommandPalette" />
     <div class="app-container">
         @if (_sidebarVisible)
         {
@@ -40,6 +42,15 @@
                                          ObjectName="@(tab.ObjectName ?? string.Empty)"
                                          IsView="true" />
                                 break;
+                            case TabKind.CollectionData:
+                                <CollectionTab @key="tab.Id"
+                                               Tab="tab"
+                                               CollectionName="@(tab.ObjectName ?? string.Empty)" />
+                                break;
+                            case TabKind.HostCallbacks:
+                                <CallbacksTab @key="tab.Id"
+                                              Tab="tab" />
+                                break;
                             case TabKind.Procedure:
                                 <ProcedureTab @key="tab.Id"
                                               Tab="tab" />
@@ -82,9 +93,11 @@
 
 <ToastContainer />
 <ConfirmModal />
+<CommandPalette @bind-Visible="_commandPaletteVisible" />
 
 @code {
     private bool _sidebarVisible = true;
+    private bool _commandPaletteVisible;
     private DotNetObjectReference<MainLayout>? _dotNetRef;
 
     protected override async Task OnAfterRenderAsync(bool firstRender)
@@ -112,6 +125,9 @@
             case "ToggleTheme":
                 await Theme.ToggleAsync();
                 break;
+            case "OpenCommandPalette":
+                OpenCommandPalette();
+                break;
             case "CloseTab":
                 if (TabManager.ActiveTab?.Closable == true)
                     TabManager.CloseTab(TabManager.ActiveTab.Id);
@@ -129,11 +145,17 @@
         StateHasChanged();
     }
 
+    private void OpenCommandPalette()
+    {
+        _commandPaletteVisible = true;
+        StateHasChanged();
+    }
+
     private async Task ShowShortcuts()
     {
         await Modal.ConfirmAsync(
             "Keyboard Shortcuts",
-            "Ctrl+N \u2014 New query tab\nCtrl+B \u2014 Toggle sidebar\nCtrl+Enter \u2014 Run query\nCtrl+Shift+L \u2014 Toggle theme\nCtrl+W \u2014 Close tab\nDouble-click \u2014 Edit cell",
+            "Ctrl+K - Command palette\nCtrl+N - New query tab\nCtrl+B - Toggle sidebar\nCtrl+Enter - Run query\nCtrl+Shift+L - Toggle theme\nCtrl+W - Close tab\nDouble-click - Edit cell",
             "OK");
     }
 
diff --git a/src/CSharpDB.Admin/Components/Layout/NavMenu.razor b/src/CSharpDB.Admin/Components/Layout/NavMenu.razor
index d84b254b..6f4edd38 100644
--- a/src/CSharpDB.Admin/Components/Layout/NavMenu.razor
+++ b/src/CSharpDB.Admin/Components/Layout/NavMenu.razor
@@ -1,9 +1,11 @@
+@using CSharpDB.Admin.Forms.Evaluation
 @inject ICSharpDbClient DbClient
 @inject DatabaseClientHolder DbHolder
 @inject DatabaseChangeService Changes
 @inject IFormRepository FormRepository
 @inject IReportRepository ReportRepository
 @inject TabManagerService TabManager
+@inject HostCallbackCatalogService CallbackCatalog
 @inject ToastService Toast
 @inject ModalService Modal
 @inject IJSRuntime JS
@@ -12,18 +14,83 @@
 <aside class="sidebar">
     <div class="sidebar-header">
         <span>Object Explorer</span>
-        <button class="sidebar-collapse-btn" title="Collapse All" @onclick="CollapseAll">
-            <i class="bi bi-arrows-collapse"></i>
-        </button>
+        <div class="sidebar-header-actions">
+            <button class="sidebar-collapse-btn" title="Refresh" @onclick="RefreshObjectsAsync">
+                <i class="bi bi-arrow-clockwise"></i>
+            </button>
+            <button class="sidebar-collapse-btn" title="Collapse All" @onclick="CollapseAll">
+                <i class="bi bi-arrows-collapse"></i>
+            </button>
+        </div>
     </div>
 
     <div class="sidebar-search">
         <i class="bi bi-search"></i>
         <input type="text" placeholder="Filter objects..." @bind="_searchQuery" @bind:event="oninput" />
+        @if (!string.IsNullOrWhiteSpace(_searchQuery))
+        {
+            <button class="sidebar-clear-btn" title="Clear filter" @onclick="() => _searchQuery = string.Empty">
+                <i class="bi bi-x-lg"></i>
+            </button>
+        }
+    </div>
+
+    <div class="sidebar-filter-chips">
+        <button class="@GetFilterChipClass("all")" @onclick='() => SetObjectFilter("all")'>All</button>
+        <button class="@GetFilterChipClass("tables")" @onclick='() => SetObjectFilter("tables")'>Tables</button>
+        <button class="@GetFilterChipClass("collections")" @onclick='() => SetObjectFilter("collections")'>Collections</button>
+        <button class="@GetFilterChipClass("callbacks")" @onclick='() => SetObjectFilter("callbacks")'>Callbacks</button>
+        <button class="@GetFilterChipClass("forms")" @onclick='() => SetObjectFilter("forms")'>Forms</button>
+        <button class="@GetFilterChipClass("reports")" @onclick='() => SetObjectFilter("reports")'>Reports</button>
     </div>
 
     <div class="tree-container">
+        @if (ShouldShowUtilityGroups)
+        {
+            <div class="tree-group utility-group">
+                <div class="tree-group-header compact">
+                    <i class="bi bi-pin-angle-fill icon-pin"></i>
+                    <span>Pinned</span>
+                    <span class="group-count">@PinnedItems.Count</span>
+                </div>
+                <div class="tree-items">
+                    @foreach (var item in PinnedItems)
+                    {
+                        <button class="tree-item command-item" @onclick="item.Open">
+                            <i class="bi @item.Icon @item.IconClass"></i>
+                            <span class="item-label">@item.Name</span>
+                            <i class="bi bi-star-fill item-pin"></i>
+                        </button>
+                    }
+                </div>
+            </div>
+
+            <div class="tree-group utility-group">
+                <div class="tree-group-header compact">
+                    <i class="bi bi-clock-history icon-recent"></i>
+                    <span>Recent</span>
+                    <span class="group-count">@RecentItems.Count</span>
+                </div>
+                @if (RecentItems.Count > 0)
+                {
+                    <div class="tree-items">
+                        @foreach (var tab in RecentItems)
+                        {
+                            <button class="tree-item command-item @(TabManager.ActiveTab?.Id == tab.Id ? "active" : "")"
+                                    @onclick="() => TabManager.ActivateTab(tab.Id)">
+                                <i class="bi @tab.Icon"></i>
+                                <span class="item-label">@tab.Title</span>
+                                <span class="item-hint">@tab.Kind</span>
+                            </button>
+                        }
+                    </div>
+                }
+            </div>
+        }
+
         @* User Tables *@
+        @if (ShouldShowGroup("tables"))
+        {
         <div class="tree-group">
             <div class="tree-group-header"
                  @onclick='() => ToggleGroup("tables")'
@@ -37,21 +104,142 @@
             @if (_expandedGroups.Contains("tables") && _userTableNames is not null)
             {
                 <div class="tree-items">
-                    @foreach (var name in FilterItems(_userTableNames))
+                    @foreach (var name in FilterTableNames(_userTableNames))
                     {
                         var tableName = name;
-                        <div class="tree-item @(IsActive("table", tableName) ? "active" : "")"
+                        <div class="tree-item table-tree-item @(IsActive("table", tableName) ? "active" : "")"
                              @onclick="() => TabManager.OpenTableTab(tableName)"
                              @oncontextmenu="e => ShowTableItemMenu(e, tableName)"
                              @oncontextmenu:preventDefault>
+                            <button type="button"
+                                    class="tree-disclosure"
+                                    title="Show table objects"
+                                    @onclick="() => ToggleTableNodeAsync(tableName)"
+                                    @onclick:stopPropagation="true">
+                                <i class="bi @(IsTableNodeExpanded(tableName) ? "bi-chevron-down" : "bi-chevron-right")"></i>
+                            </button>
                             <i class="bi bi-table icon-table"></i>
                             <span class="item-label">@tableName</span>
                         </div>
+                        @if (ShouldShowTableChildren(tableName))
+                        {
+                            <div class="tree-child-group">
+                                @if (_tableSchemas.TryGetValue(tableName, out var schema))
+                                {
+                                    <div class="tree-child-head">Columns · @schema.Columns.Count</div>
+                                    @foreach (var column in schema.Columns.Take(SidebarColumnPreviewLimit))
+                                    {
+                                        var currentColumn = column;
+                                        <button type="button" class="tree-child-item" @onclick="() => TabManager.OpenTableSchemaTab(tableName)">
+                                            <i class="bi @GetColumnIconClass(currentColumn)"></i>
+                                            <span class="tree-child-label">@currentColumn.Name</span>
+                                            <span class="tree-child-type">@GetColumnTypeLabel(currentColumn)</span>
+                                        </button>
+                                    }
+                                    @if (schema.Columns.Count > SidebarColumnPreviewLimit)
+                                    {
+                                        <button type="button" class="tree-child-more" @onclick="() => TabManager.OpenTableSchemaTab(tableName)">
+                                            +@(schema.Columns.Count - SidebarColumnPreviewLimit) more columns
+                                        </button>
+                                    }
+                                }
+                                else
+                                {
+                                    <div class="tree-child-state">@GetSchemaLoadStateText(tableName)</div>
+                                }
+
+                                @{
+                                    var tableIndexes = GetIndexesForTable(tableName).ToList();
+                                    var tableTriggers = GetTriggersForTable(tableName).ToList();
+                                }
+                                @if (tableIndexes.Count > 0)
+                                {
+                                    <div class="tree-child-head">Indexes · @tableIndexes.Count</div>
+                                    @foreach (var index in tableIndexes.Take(SidebarIndexPreviewLimit))
+                                    {
+                                        var currentIndex = index;
+                                        <button type="button"
+                                                class="tree-child-item"
+                                                @onclick="() => TabManager.OpenTableSchemaTab(tableName)"
+                                                @oncontextmenu="e => ShowIndexItemMenu(e, currentIndex)"
+                                                @oncontextmenu:preventDefault>
+                                            <i class="bi bi-lightning icon-index"></i>
+                                            <span class="tree-child-label">@currentIndex.IndexName</span>
+                                            <span class="tree-child-type">@GetIndexTypeLabel(currentIndex)</span>
+                                        </button>
+                                    }
+                                    @if (tableIndexes.Count > SidebarIndexPreviewLimit)
+                                    {
+                                        <button type="button" class="tree-child-more" @onclick="() => TabManager.OpenTableSchemaTab(tableName)">
+                                            +@(tableIndexes.Count - SidebarIndexPreviewLimit) more indexes
+                                        </button>
+                                    }
+                                }
+                                @if (tableTriggers.Count > 0)
+                                {
+                                    <div class="tree-child-head">Triggers · @tableTriggers.Count</div>
+                                    @foreach (var trigger in tableTriggers.Take(SidebarTriggerPreviewLimit))
+                                    {
+                                        var currentTrigger = trigger;
+                                        <button type="button"
+                                                class="tree-child-item"
+                                                @onclick="() => TabManager.OpenTableSchemaTab(tableName)"
+                                                @oncontextmenu="e => ShowTriggerItemMenu(e, currentTrigger)"
+                                                @oncontextmenu:preventDefault>
+                                            <i class="bi bi-lightning-charge icon-trigger"></i>
+                                            <span class="tree-child-label">@currentTrigger.TriggerName</span>
+                                            <span class="tree-child-type">@GetTriggerTypeLabel(currentTrigger)</span>
+                                        </button>
+                                    }
+                                    @if (tableTriggers.Count > SidebarTriggerPreviewLimit)
+                                    {
+                                        <button type="button" class="tree-child-more" @onclick="() => TabManager.OpenTableSchemaTab(tableName)">
+                                            +@(tableTriggers.Count - SidebarTriggerPreviewLimit) more triggers
+                                        </button>
+                                    }
+                                }
+                            </div>
+                        }
                     }
                 </div>
             }
         </div>
+        }
 
+        @* Collections *@
+        @if (ShouldShowGroup("collections"))
+        {
+        <div class="tree-group">
+            <div class="tree-group-header"
+                 @onclick='() => ToggleGroup("collections")'
+                 @oncontextmenu="e => ShowCollectionsGroupMenu(e)"
+                 @oncontextmenu:preventDefault>
+                <i class="bi @(_expandedGroups.Contains("collections") ? "bi-chevron-down" : "bi-chevron-right")"></i>
+                <i class="bi bi-braces icon-view"></i>
+                <span>Collections</span>
+                <span class="group-count">@(_collectionNames?.Count ?? 0)</span>
+            </div>
+            @if (_expandedGroups.Contains("collections") && _collectionNames is not null)
+            {
+                <div class="tree-items">
+                    @foreach (var name in FilterCollections())
+                    {
+                        var collectionName = name;
+                        <div class="tree-item @(IsActive("collection", collectionName) ? "active" : "")"
+                             @onclick="() => TabManager.OpenCollectionTab(collectionName)"
+                             @oncontextmenu="e => ShowCollectionItemMenu(e, collectionName)"
+                             @oncontextmenu:preventDefault>
+                            <i class="bi bi-braces icon-view"></i>
+                            <span class="item-label">@collectionName</span>
+                        </div>
+                    }
+                </div>
+            }
+        </div>
+        }
+
+        @if (ShouldShowGroup("forms"))
+        {
         <div class="tree-group">
             <div class="tree-group-header"
                  @onclick='() => ToggleGroup("forms")'
@@ -80,7 +268,10 @@
                 </div>
             }
         </div>
+        }
 
+        @if (ShouldShowGroup("reports"))
+        {
         <div class="tree-group">
             <div class="tree-group-header"
                  @onclick='() => ToggleGroup("reports")'
@@ -109,7 +300,10 @@
                 </div>
             }
         </div>
+        }
 
+        @if (ShouldShowGroup("system"))
+        {
         <div class="tree-group">
             <div class="tree-group-header" @onclick='() => ToggleGroup("systemTables")'>
                 <i class="bi @(_expandedGroups.Contains("systemTables") ? "bi-chevron-down" : "bi-chevron-right")"></i>
@@ -120,19 +314,109 @@
             @if (_expandedGroups.Contains("systemTables") && _systemTableNames is not null)
             {
                 <div class="tree-items">
-                    @foreach (var name in FilterItems(_systemTableNames))
+                    @foreach (var name in FilterTableNames(_systemTableNames))
                     {
-                        <div class="tree-item @(IsActive("table", name) ? "active" : "")"
-                             @onclick="() => TabManager.OpenTableTab(name)">
+                        var tableName = name;
+                        <div class="tree-item table-tree-item @(IsActive("table", tableName) ? "active" : "")"
+                             @onclick="() => TabManager.OpenTableTab(tableName)">
+                            <button type="button"
+                                    class="tree-disclosure"
+                                    title="Show table objects"
+                                    @onclick="() => ToggleTableNodeAsync(tableName)"
+                                    @onclick:stopPropagation="true">
+                                <i class="bi @(IsTableNodeExpanded(tableName) ? "bi-chevron-down" : "bi-chevron-right")"></i>
+                            </button>
                             <i class="bi bi-hdd-stack icon-system"></i>
-                            <span class="item-label">@name</span>
+                            <span class="item-label">@tableName</span>
                         </div>
+                        @if (ShouldShowTableChildren(tableName))
+                        {
+                            <div class="tree-child-group">
+                                @if (_tableSchemas.TryGetValue(tableName, out var schema))
+                                {
+                                    <div class="tree-child-head">Columns · @schema.Columns.Count</div>
+                                    @foreach (var column in schema.Columns.Take(SidebarColumnPreviewLimit))
+                                    {
+                                        var currentColumn = column;
+                                        <button type="button" class="tree-child-item" @onclick="() => TabManager.OpenTableSchemaTab(tableName)">
+                                            <i class="bi @GetColumnIconClass(currentColumn)"></i>
+                                            <span class="tree-child-label">@currentColumn.Name</span>
+                                            <span class="tree-child-type">@GetColumnTypeLabel(currentColumn)</span>
+                                        </button>
+                                    }
+                                    @if (schema.Columns.Count > SidebarColumnPreviewLimit)
+                                    {
+                                        <button type="button" class="tree-child-more" @onclick="() => TabManager.OpenTableSchemaTab(tableName)">
+                                            +@(schema.Columns.Count - SidebarColumnPreviewLimit) more columns
+                                        </button>
+                                    }
+                                }
+                                else
+                                {
+                                    <div class="tree-child-state">@GetSchemaLoadStateText(tableName)</div>
+                                }
+
+                                @{
+                                    var tableIndexes = GetIndexesForTable(tableName).ToList();
+                                    var tableTriggers = GetTriggersForTable(tableName).ToList();
+                                }
+                                @if (tableIndexes.Count > 0)
+                                {
+                                    <div class="tree-child-head">Indexes · @tableIndexes.Count</div>
+                                    @foreach (var index in tableIndexes.Take(SidebarIndexPreviewLimit))
+                                    {
+                                        var currentIndex = index;
+                                        <button type="button"
+                                                class="tree-child-item"
+                                                @onclick="() => TabManager.OpenTableSchemaTab(tableName)"
+                                                @oncontextmenu="e => ShowIndexItemMenu(e, currentIndex)"
+                                                @oncontextmenu:preventDefault>
+                                            <i class="bi bi-lightning icon-index"></i>
+                                            <span class="tree-child-label">@currentIndex.IndexName</span>
+                                            <span class="tree-child-type">@GetIndexTypeLabel(currentIndex)</span>
+                                        </button>
+                                    }
+                                    @if (tableIndexes.Count > SidebarIndexPreviewLimit)
+                                    {
+                                        <button type="button" class="tree-child-more" @onclick="() => TabManager.OpenTableSchemaTab(tableName)">
+                                            +@(tableIndexes.Count - SidebarIndexPreviewLimit) more indexes
+                                        </button>
+                                    }
+                                }
+                                @if (tableTriggers.Count > 0)
+                                {
+                                    <div class="tree-child-head">Triggers · @tableTriggers.Count</div>
+                                    @foreach (var trigger in tableTriggers.Take(SidebarTriggerPreviewLimit))
+                                    {
+                                        var currentTrigger = trigger;
+                                        <button type="button"
+                                                class="tree-child-item"
+                                                @onclick="() => TabManager.OpenTableSchemaTab(tableName)"
+                                                @oncontextmenu="e => ShowTriggerItemMenu(e, currentTrigger)"
+                                                @oncontextmenu:preventDefault>
+                                            <i class="bi bi-lightning-charge icon-trigger"></i>
+                                            <span class="tree-child-label">@currentTrigger.TriggerName</span>
+                                            <span class="tree-child-type">@GetTriggerTypeLabel(currentTrigger)</span>
+                                        </button>
+                                    }
+                                    @if (tableTriggers.Count > SidebarTriggerPreviewLimit)
+                                    {
+                                        <button type="button" class="tree-child-more" @onclick="() => TabManager.OpenTableSchemaTab(tableName)">
+                                            +@(tableTriggers.Count - SidebarTriggerPreviewLimit) more triggers
+                                        </button>
+                                    }
+                                }
+                            </div>
+                        }
                     }
                 </div>
             }
         </div>
+        }
 
         @* System Catalog (Virtual) *@
+        @if (ShouldShowGroup("system"))
+        {
         <div class="tree-group">
             <div class="tree-group-header" @onclick='() => ToggleGroup("system")'>
                 <i class="bi @(_expandedGroups.Contains("system") ? "bi-chevron-down" : "bi-chevron-right")"></i>
@@ -155,8 +439,11 @@
                 </div>
             }
         </div>
+        }
 
         @* Views *@
+        @if (ShouldShowGroup("views"))
+        {
         <div class="tree-group">
             <div class="tree-group-header"
                  @onclick='() => ToggleGroup("views")'
@@ -184,8 +471,11 @@
                 </div>
             }
         </div>
+        }
 
         @* Indexes *@
+        @if (ShouldShowGroup("system"))
+        {
         <div class="tree-group">
             <div class="tree-group-header" @onclick='() => ToggleGroup("indexes")'>
                 <i class="bi @(_expandedGroups.Contains("indexes") ? "bi-chevron-down" : "bi-chevron-right")"></i>
@@ -211,8 +501,11 @@
                 </div>
             }
         </div>
+        }
 
         @* Triggers *@
+        @if (ShouldShowGroup("system"))
+        {
         <div class="tree-group">
             <div class="tree-group-header" @onclick='() => ToggleGroup("triggers")'>
                 <i class="bi @(_expandedGroups.Contains("triggers") ? "bi-chevron-down" : "bi-chevron-right")"></i>
@@ -238,8 +531,11 @@
                 </div>
             }
         </div>
+        }
 
         @* Procedures *@
+        @if (ShouldShowGroup("procedures"))
+        {
         <div class="tree-group">
             <div class="tree-group-header"
                  @onclick='() => ToggleGroup("procedures")'
@@ -267,6 +563,63 @@
                 </div>
             }
         </div>
+        }
+
+        @* Host callbacks *@
+        @if (ShouldShowGroup("callbacks"))
+        {
+        <div class="tree-group">
+            <div class="tree-group-header"
+                 @onclick='() => ToggleGroup("callbacks")'
+                 @oncontextmenu="e => ShowCallbacksGroupMenu(e)"
+                 @oncontextmenu:preventDefault>
+                <i class="bi @(_expandedGroups.Contains("callbacks") ? "bi-chevron-down" : "bi-chevron-right")"></i>
+                <i class="bi bi-plug icon-system"></i>
+                <span>Callbacks</span>
+                <span class="group-count">@CallbackObjectCount</span>
+            </div>
+            @if (_expandedGroups.Contains("callbacks"))
+            {
+                <div class="tree-items">
+                    @{
+                        int internalCount = InternalCallbackObjectCount;
+                        int externalCount = ExternalCallbackObjectCount;
+                    }
+
+                    @if (internalCount == 0 && externalCount == 0)
+                    {
+                        <div class="tree-empty">No matching callbacks.</div>
+                    }
+                    else
+                    {
+                        <div class="tree-child-group callback-tree-section">
+                            @if (internalCount > 0)
+                            {
+                                <button type="button"
+                                        class="tree-child-item callback-tree-item @(IsActiveCallbackScope(CallbackScopeInternal) ? "active" : "")"
+                                        @onclick='() => OpenCallbackScope(CallbackScopeInternal)'>
+                                    <i class="bi bi-code-slash icon-system"></i>
+                                    <span class="tree-child-label">Internal</span>
+                                    <span class="tree-child-type">@internalCount</span>
+                                </button>
+                            }
+
+                            @if (externalCount > 0)
+                            {
+                                <button type="button"
+                                        class="tree-child-item callback-tree-item @(IsActiveCallbackScope(CallbackScopeExternal) ? "active" : "")"
+                                        @onclick='() => OpenCallbackScope(CallbackScopeExternal)'>
+                                    <i class="bi bi-plug icon-system"></i>
+                                    <span class="tree-child-label">External</span>
+                                    <span class="tree-child-type">@externalCount</span>
+                                </button>
+                            }
+                        </div>
+                    }
+                </div>
+            }
+        </div>
+        }
     </div>
 
     <div class="sidebar-resize" @onmousedown="StartResize" @onmousedown:preventDefault></div>
@@ -275,6 +628,12 @@
 <ContextMenu @ref="_contextMenu" Items="_contextMenuItems" />
 
 @code {
+    private const int SidebarColumnPreviewLimit = 12;
+    private const int SidebarIndexPreviewLimit = 6;
+    private const int SidebarTriggerPreviewLimit = 6;
+    private const string CallbackScopeInternal = "internal";
+    private const string CallbackScopeExternal = "external";
+
     private ContextMenu? _contextMenu;
     private List<ContextMenuItem> _contextMenuItems = new();
 
@@ -296,13 +655,65 @@
     private IReadOnlyCollection<string>? _userTableNames;
     private IReadOnlyCollection<string>? _systemTableNames;
     private IReadOnlyCollection<string>? _viewNames;
+    private IReadOnlyCollection<string>? _collectionNames;
     private IReadOnlyList<IndexSchema>? _indexes;
     private IReadOnlyList<TriggerSchema>? _triggers;
     private IReadOnlyList<ProcedureDefinition>? _procedures;
+    private IReadOnlyList<HostCallbackCatalogEntry> _callbacks = [];
     private IReadOnlyList<FormDefinition>? _forms;
     private IReadOnlyList<ReportDefinition>? _reports;
     private string _searchQuery = string.Empty;
-    private readonly HashSet<string> _expandedGroups = new() { "tables", "forms", "reports", "system", "views", "procedures" };
+    private string _objectFilter = "all";
+    private readonly HashSet<string> _expandedGroups = new() { "tables", "collections", "forms", "reports", "system", "views", "procedures", "callbacks" };
+    private readonly HashSet<string> _expandedTableNodes = new(StringComparer.OrdinalIgnoreCase);
+    private readonly Dictionary<string, TableSchema> _tableSchemas = new(StringComparer.OrdinalIgnoreCase);
+    private readonly HashSet<string> _tableSchemaLoadFailures = new(StringComparer.OrdinalIgnoreCase);
+
+    private bool ShouldShowUtilityGroups => string.Equals(_objectFilter, "all", StringComparison.Ordinal);
+
+    private int CallbackObjectCount => 2;
+
+    private int InternalCallbackObjectCount
+        => FilterInternalCallbackFunctions().Count() + FilterInternalCallbacks().Count();
+
+    private int ExternalCallbackObjectCount
+        => FilterExternalCallbacks().Count();
+
+    private IReadOnlyList<SidebarShortcut> PinnedItems
+    {
+        get
+        {
+            var items = new List<SidebarShortcut>();
+            foreach (string tableName in (_userTableNames ?? []).Take(2))
+            {
+                string captured = tableName;
+                items.Add(new SidebarShortcut(captured, "bi-table", "icon-table", () => TabManager.OpenTableTab(captured)));
+            }
+
+            foreach (FormDefinition form in (_forms ?? []).Take(1))
+            {
+                FormDefinition captured = form;
+                items.Add(new SidebarShortcut(captured.Name, "bi-ui-checks-grid", "icon-form", () => TabManager.OpenFormDesignerTab(captured.FormId, title: captured.Name)));
+            }
+
+            foreach (string collectionName in (_collectionNames ?? []).Take(1))
+            {
+                string captured = collectionName;
+                items.Add(new SidebarShortcut(captured, "bi-braces", "icon-view", () => TabManager.OpenCollectionTab(captured)));
+            }
+
+            return items;
+        }
+    }
+
+    private IReadOnlyList<TabDescriptor> RecentItems
+        => TabManager.Tabs
+            .Where(tab => tab.Kind != TabKind.Welcome)
+            .Reverse()
+            .Take(5)
+            .ToList();
+
+    private sealed record SidebarShortcut(string Name, string Icon, string IconClass, Action Open);
 
     protected override async Task OnInitializedAsync()
     {
@@ -328,28 +739,40 @@
 
     private async Task LoadObjects()
     {
+        _callbacks = await CallbackCatalog.GetEntriesAsync();
+
         try
         {
             var allTables = (await DbClient.GetTableNamesAsync()).OrderBy(n => n).ToList();
             _userTableNames = allTables.Where(static n => !IsSystemTableName(n)).ToList();
             _systemTableNames = allTables.Where(IsSystemTableName).ToList();
             _viewNames = (await DbClient.GetViewNamesAsync()).OrderBy(n => n).ToList();
+            _collectionNames = (await DbClient.GetCollectionNamesAsync()).OrderBy(n => n, StringComparer.OrdinalIgnoreCase).ToList();
             _indexes = (await DbClient.GetIndexesAsync()).OrderBy(i => i.IndexName).ToList();
             _triggers = (await DbClient.GetTriggersAsync()).OrderBy(t => t.TriggerName).ToList();
             _procedures = (await DbClient.GetProceduresAsync()).OrderBy(p => p.Name).ToList();
             _forms = (await FormRepository.ListAsync()).OrderBy(f => f.Name, StringComparer.OrdinalIgnoreCase).ToList();
             _reports = (await ReportRepository.ListAsync()).OrderBy(r => r.Name, StringComparer.OrdinalIgnoreCase).ToList();
+
+            _expandedTableNodes.RemoveWhere(tableName => !allTables.Contains(tableName, StringComparer.OrdinalIgnoreCase));
+            _tableSchemas.Clear();
+            _tableSchemaLoadFailures.Clear();
+            foreach (string tableName in _expandedTableNodes.ToArray())
+                await TryLoadTableSchemaAsync(tableName);
         }
         catch
         {
             _userTableNames = null;
             _systemTableNames = null;
             _viewNames = null;
+            _collectionNames = null;
             _indexes = null;
             _triggers = null;
             _procedures = null;
             _forms = null;
             _reports = null;
+            _tableSchemas.Clear();
+            _tableSchemaLoadFailures.Clear();
         }
     }
 
@@ -359,7 +782,41 @@
             _expandedGroups.Add(group);
     }
 
-    private void CollapseAll() => _expandedGroups.Clear();
+    private void CollapseAll()
+    {
+        _expandedGroups.Clear();
+        _expandedTableNodes.Clear();
+    }
+
+    private async Task RefreshObjectsAsync()
+    {
+        await LoadObjects();
+        await InvokeAsync(StateHasChanged);
+    }
+
+    private void SetObjectFilter(string filter)
+    {
+        _objectFilter = filter;
+        if (!string.Equals(filter, "all", StringComparison.OrdinalIgnoreCase))
+            _expandedGroups.Add(filter);
+    }
+
+    private string GetFilterChipClass(string filter)
+        => string.Equals(_objectFilter, filter, StringComparison.OrdinalIgnoreCase)
+            ? "active"
+            : string.Empty;
+
+    private bool ShouldShowGroup(string group)
+        => _objectFilter switch
+        {
+            "all" => true,
+            "tables" => group is "tables" or "views",
+            "collections" => group == "collections",
+            "callbacks" => group == "callbacks",
+            "forms" => group == "forms",
+            "reports" => group == "reports",
+            _ => string.Equals(group, _objectFilter, StringComparison.OrdinalIgnoreCase),
+        };
 
     private IEnumerable<string> FilterItems(IReadOnlyCollection<string> items)
     {
@@ -368,6 +825,154 @@
         return items.Where(n => n.Contains(_searchQuery, StringComparison.OrdinalIgnoreCase));
     }
 
+    private IEnumerable<string> FilterCollections()
+    {
+        if (_collectionNames is null)
+            return Enumerable.Empty<string>();
+
+        return FilterItems(_collectionNames);
+    }
+
+    private IEnumerable<string> FilterTableNames(IReadOnlyCollection<string> tableNames)
+    {
+        if (string.IsNullOrWhiteSpace(_searchQuery))
+            return tableNames;
+
+        return tableNames.Where(TableMatchesSearch);
+    }
+
+    private bool TableMatchesSearch(string tableName)
+    {
+        if (tableName.Contains(_searchQuery, StringComparison.OrdinalIgnoreCase))
+            return true;
+
+        return TableChildMatchesSearch(tableName);
+    }
+
+    private bool TableChildMatchesSearch(string tableName)
+    {
+        if (string.IsNullOrWhiteSpace(_searchQuery))
+            return false;
+
+        if (_tableSchemas.TryGetValue(tableName, out var schema)
+            && schema.Columns.Any(column => column.Name.Contains(_searchQuery, StringComparison.OrdinalIgnoreCase)))
+        {
+            return true;
+        }
+
+        return GetIndexesForTable(tableName).Any(index =>
+                   index.IndexName.Contains(_searchQuery, StringComparison.OrdinalIgnoreCase)
+                   || index.Columns.Any(column => column.Contains(_searchQuery, StringComparison.OrdinalIgnoreCase)))
+               || GetTriggersForTable(tableName).Any(trigger =>
+                   trigger.TriggerName.Contains(_searchQuery, StringComparison.OrdinalIgnoreCase));
+    }
+
+    private bool IsTableNodeExpanded(string tableName)
+        => _expandedTableNodes.Contains(tableName);
+
+    private bool ShouldShowTableChildren(string tableName)
+        => IsTableNodeExpanded(tableName) || TableChildMatchesSearch(tableName);
+
+    private async Task ToggleTableNodeAsync(string tableName)
+    {
+        if (_expandedTableNodes.Remove(tableName))
+            return;
+
+        _expandedTableNodes.Add(tableName);
+        await EnsureTableSchemaLoadedAsync(tableName);
+    }
+
+    private async Task EnsureTableSchemaLoadedAsync(string tableName)
+    {
+        if (_tableSchemas.ContainsKey(tableName))
+            return;
+
+        await TryLoadTableSchemaAsync(tableName);
+    }
+
+    private async Task TryLoadTableSchemaAsync(string tableName)
+    {
+        try
+        {
+            var schema = await DbClient.GetTableSchemaAsync(tableName);
+            if (schema is not null)
+            {
+                _tableSchemas[tableName] = schema;
+                _tableSchemaLoadFailures.Remove(tableName);
+            }
+            else
+            {
+                _tableSchemaLoadFailures.Add(tableName);
+            }
+        }
+        catch
+        {
+            _tableSchemaLoadFailures.Add(tableName);
+        }
+    }
+
+    private string GetSchemaLoadStateText(string tableName)
+        => _tableSchemaLoadFailures.Contains(tableName)
+            ? "Schema unavailable"
+            : IsTableNodeExpanded(tableName)
+                ? "Loading schema..."
+                : "Expand to load columns";
+
+    private IEnumerable<IndexSchema> GetIndexesForTable(string tableName)
+        => _indexes?.Where(index => index.TableName.Equals(tableName, StringComparison.OrdinalIgnoreCase))
+           ?? Enumerable.Empty<IndexSchema>();
+
+    private IEnumerable<TriggerSchema> GetTriggersForTable(string tableName)
+        => _triggers?.Where(trigger => trigger.TableName.Equals(tableName, StringComparison.OrdinalIgnoreCase))
+           ?? Enumerable.Empty<TriggerSchema>();
+
+    private static string GetColumnIconClass(ColumnDefinition column)
+    {
+        if (column.IsPrimaryKey)
+            return "bi-key-fill icon-column-key";
+
+        return column.Type switch
+        {
+            DbType.Integer => "bi-123 icon-column-number",
+            DbType.Real => "bi-123 icon-column-number",
+            DbType.Text => "bi-fonts icon-column-text",
+            DbType.Blob => "bi-file-binary icon-column-blob",
+            _ => "bi-circle icon-column-generic",
+        };
+    }
+
+    private static string GetColumnTypeLabel(ColumnDefinition column)
+        => column.Type switch
+        {
+            DbType.Integer => column.IsPrimaryKey ? "int pk" : "int",
+            DbType.Real => "real",
+            DbType.Text => "text",
+            DbType.Blob => "blob",
+            _ => column.Type.ToString().ToLowerInvariant(),
+        };
+
+    private static string GetIndexTypeLabel(IndexSchema index)
+        => index.IsUnique
+            ? "unique"
+            : index.Columns.Count switch
+            {
+                0 => "index",
+                1 => "index",
+                _ => $"{index.Columns.Count} cols",
+            };
+
+    private static string GetTriggerTypeLabel(TriggerSchema trigger)
+        => trigger.Timing.ToString().ToUpperInvariant();
+
+    private static string GetCallbackKindLabel(CSharpDB.Primitives.AutomationCallbackKind kind)
+        => kind switch
+        {
+            CSharpDB.Primitives.AutomationCallbackKind.ScalarFunction => "scalar",
+            CSharpDB.Primitives.AutomationCallbackKind.Command => "command",
+            CSharpDB.Primitives.AutomationCallbackKind.ValidationRule => "validation",
+            _ => kind.ToString().ToLowerInvariant(),
+        };
+
     private IEnumerable<IndexSchema> FilterIndexes()
     {
         if (_indexes is null) return Enumerable.Empty<IndexSchema>();
@@ -392,6 +997,62 @@
                                    || (p.Description?.Contains(_searchQuery, StringComparison.OrdinalIgnoreCase) ?? false));
     }
 
+    private IEnumerable<HostCallbackCatalogEntry> FilterCallbacks()
+    {
+        if (string.IsNullOrWhiteSpace(_searchQuery))
+            return _callbacks;
+
+        return _callbacks.Where(CallbackMatchesSearch);
+    }
+
+    private IEnumerable<FormulaFunctionDescriptor> FilterInternalCallbackFunctions()
+    {
+        IEnumerable<FormulaFunctionDescriptor> functions = FormulaFunctionCatalog.AllFunctions
+            .OrderBy(static function => function.Category, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static function => function.Name, StringComparer.OrdinalIgnoreCase);
+
+        if (string.IsNullOrWhiteSpace(_searchQuery))
+            return functions;
+
+        return functions.Where(InternalFunctionMatchesSearch);
+    }
+
+    private IEnumerable<HostCallbackCatalogEntry> FilterInternalCallbacks()
+        => FilterCallbacks().Where(IsInternalHostCallback);
+
+    private IEnumerable<HostCallbackCatalogEntry> FilterExternalCallbacks()
+        => FilterCallbacks().Where(callback => !IsInternalHostCallback(callback));
+
+    private bool InternalFunctionMatchesSearch(FormulaFunctionDescriptor function)
+    {
+        string query = _searchQuery.Trim();
+        return function.Name.Contains(query, StringComparison.OrdinalIgnoreCase)
+               || function.Category.Contains(query, StringComparison.OrdinalIgnoreCase)
+               || function.Signature.Contains(query, StringComparison.OrdinalIgnoreCase)
+               || function.Description.Contains(query, StringComparison.OrdinalIgnoreCase)
+               || "internal".Contains(query, StringComparison.OrdinalIgnoreCase)
+               || "built-in".Contains(query, StringComparison.OrdinalIgnoreCase)
+               || "formula".Contains(query, StringComparison.OrdinalIgnoreCase);
+    }
+
+    private bool CallbackMatchesSearch(HostCallbackCatalogEntry callback)
+    {
+        string query = _searchQuery.Trim();
+        return callback.Name.Contains(query, StringComparison.OrdinalIgnoreCase)
+               || callback.Kind.ToString().Contains(query, StringComparison.OrdinalIgnoreCase)
+               || (IsInternalHostCallback(callback) && "internal".Contains(query, StringComparison.OrdinalIgnoreCase))
+               || (!IsInternalHostCallback(callback) && "external".Contains(query, StringComparison.OrdinalIgnoreCase))
+               || (callback.IsMissingRegistration && "missing".Contains(query, StringComparison.OrdinalIgnoreCase))
+               || (callback.Descriptor?.Runtime.ToString().Contains(query, StringComparison.OrdinalIgnoreCase) ?? false)
+               || (callback.Descriptor?.Description?.Contains(query, StringComparison.OrdinalIgnoreCase) ?? false)
+               || (callback.Descriptor?.Capabilities.Any(capability => capability.Name.ToString().Contains(query, StringComparison.OrdinalIgnoreCase)) ?? false)
+               || callback.References.Any(reference =>
+                   reference.OwnerName.Contains(query, StringComparison.OrdinalIgnoreCase)
+                   || reference.OwnerKind.Contains(query, StringComparison.OrdinalIgnoreCase)
+                   || reference.Surface.Contains(query, StringComparison.OrdinalIgnoreCase)
+                   || reference.Location.Contains(query, StringComparison.OrdinalIgnoreCase));
+    }
+
     private IEnumerable<FormDefinition> FilterForms()
     {
         if (_forms is null) return Enumerable.Empty<FormDefinition>();
@@ -423,6 +1084,52 @@
     private void OpenSystemCatalogTab(SystemCatalogItem item)
         => TabManager.OpenSystemCatalogTab(item.Name, item.Sql);
 
+    private void OpenInternalFunction(FormulaFunctionDescriptor function)
+    {
+        TabDescriptor tab = TabManager.OpenCallbacksTab();
+        tab.State["CallbackScope"] = CallbackScopeInternal;
+        tab.State["SelectedBuiltInFunctionName"] = function.Name;
+        tab.State.Remove("SelectedCallbackName");
+        tab.State.Remove("SelectedCallbackKind");
+        tab.State.Remove("SelectedCallbackArity");
+    }
+
+    private void OpenCallbackScope(string scope)
+    {
+        TabDescriptor tab = TabManager.OpenCallbacksTab();
+        tab.State["CallbackScope"] = scope;
+        tab.State.Remove("SelectedBuiltInFunctionName");
+        tab.State.Remove("SelectedCallbackName");
+        tab.State.Remove("SelectedCallbackKind");
+        tab.State.Remove("SelectedCallbackArity");
+        TabManager.ActivateTab(tab.Id);
+    }
+
+    private void OpenCallback(HostCallbackCatalogEntry callback)
+    {
+        TabDescriptor tab = TabManager.OpenCallbacksTab(callback.Name, callback.Kind.ToString(), callback.Arity);
+        tab.State["CallbackScope"] = IsInternalHostCallback(callback) ? CallbackScopeInternal : CallbackScopeExternal;
+        tab.State.Remove("SelectedBuiltInFunctionName");
+    }
+
+    private static bool IsInternalHostCallback(HostCallbackCatalogEntry callback)
+        => callback.Descriptor is { Metadata: { } metadata }
+           && IsSystemGeneratedCallbackMetadata(metadata);
+
+    private static bool IsSystemGeneratedCallbackMetadata(IReadOnlyDictionary<string, string> metadata)
+        => HasMetadataValue(metadata, "origin", "system")
+           || HasMetadataValue(metadata, "source", "system")
+           || HasMetadataValue(metadata, "scope", CallbackScopeInternal)
+           || HasMetadataValue(metadata, "generatedBy", "system")
+           || HasMetadataValue(metadata, "systemGenerated", "true");
+
+    private static bool HasMetadataValue(
+        IReadOnlyDictionary<string, string> metadata,
+        string key,
+        string expectedValue)
+        => metadata.TryGetValue(key, out string? value)
+           && string.Equals(value, expectedValue, StringComparison.OrdinalIgnoreCase);
+
     private bool IsActive(string type, string name)
     {
         var activeTab = TabManager.ActiveTab;
@@ -437,6 +1144,59 @@
         return activeTab.Id == $"{type}:{name}";
     }
 
+    private bool IsActiveCallback(HostCallbackCatalogEntry callback)
+    {
+        var activeTab = TabManager.ActiveTab;
+        if (activeTab?.Id != "callbacks:host")
+            return false;
+
+        if (!activeTab.State.TryGetValue("SelectedCallbackName", out object? nameValue)
+            || nameValue is not string selectedName
+            || !selectedName.Equals(callback.Name, StringComparison.OrdinalIgnoreCase))
+        {
+            return false;
+        }
+
+        if (activeTab.State.TryGetValue("SelectedCallbackKind", out object? kindValue)
+            && kindValue is string selectedKind
+            && !selectedKind.Equals(callback.Kind.ToString(), StringComparison.OrdinalIgnoreCase))
+        {
+            return false;
+        }
+
+        if (activeTab.State.TryGetValue("SelectedCallbackArity", out object? arityValue)
+            && arityValue is int selectedArity)
+        {
+            return callback.Arity == selectedArity;
+        }
+
+        return true;
+    }
+
+    private bool IsActiveInternalFunction(FormulaFunctionDescriptor function)
+    {
+        var activeTab = TabManager.ActiveTab;
+        return activeTab?.Id == "callbacks:host"
+               && activeTab.State.TryGetValue("SelectedBuiltInFunctionName", out object? nameValue)
+               && nameValue is string selectedName
+               && selectedName.Equals(function.Name, StringComparison.OrdinalIgnoreCase);
+    }
+
+    private bool IsActiveCallbackScope(string scope)
+    {
+        var activeTab = TabManager.ActiveTab;
+        if (activeTab?.Id != "callbacks:host")
+            return false;
+
+        string activeScope = activeTab.State.TryGetValue("CallbackScope", out object? scopeValue)
+                             && scopeValue is string value
+                             && !string.IsNullOrWhiteSpace(value)
+            ? value
+            : CallbackScopeExternal;
+
+        return activeScope.Equals(scope, StringComparison.OrdinalIgnoreCase);
+    }
+
     private bool IsActiveForm(string formId)
     {
         var activeTab = TabManager.ActiveTab;
@@ -480,6 +1240,29 @@
         });
     }
 
+    private void ShowCollectionsGroupMenu(MouseEventArgs e)
+    {
+        ShowContextMenu(e, new List<ContextMenuItem>
+        {
+            new() { Label = "New Collection...", Icon = "bi-plus-lg", OnClick = async () => await OpenNewCollectionAsync() },
+            ContextMenuItem.Separator(),
+            new() { Label = "Refresh", Icon = "bi-arrow-clockwise", OnClick = async () => { await LoadObjects(); await InvokeAsync(StateHasChanged); } },
+        });
+    }
+
+    private void ShowCollectionItemMenu(MouseEventArgs e, string collectionName)
+    {
+        ShowContextMenu(e, new List<ContextMenuItem>
+        {
+            new() { Label = "Open", Icon = "bi-braces", OnClick = () => TabManager.OpenCollectionTab(collectionName) },
+            new() { Label = "New Document...", Icon = "bi-plus-lg", OnClick = () => OpenNewDocumentForCollection(collectionName) },
+            ContextMenuItem.Separator(),
+            new() { Label = "Copy Name", Icon = "bi-clipboard", OnClick = async () => await CopyCollectionNameAsync(collectionName) },
+            ContextMenuItem.Separator(),
+            new() { Label = "Drop Collection", Icon = "bi-trash3", IsDanger = true, OnClick = async () => await ConfirmDropCollectionAsync(collectionName) },
+        });
+    }
+
     private void ShowTableItemMenu(MouseEventArgs e, string tableName)
     {
         ShowContextMenu(e, new List<ContextMenuItem>
@@ -603,6 +1386,101 @@
         });
     }
 
+    private void ShowCallbacksGroupMenu(MouseEventArgs e)
+    {
+        ShowContextMenu(e, new List<ContextMenuItem>
+        {
+            new() { Label = "Open", Icon = "bi-plug", OnClick = () => TabManager.OpenCallbacksTab() },
+            ContextMenuItem.Separator(),
+            new() { Label = "Refresh", Icon = "bi-arrow-clockwise", OnClick = async () => { await LoadObjects(); await InvokeAsync(StateHasChanged); } },
+        });
+    }
+
+    private void ShowCallbackItemMenu(MouseEventArgs e, HostCallbackCatalogEntry callback)
+    {
+        ShowContextMenu(e, new List<ContextMenuItem>
+        {
+            new() { Label = "Open", Icon = "bi-plug", OnClick = () => OpenCallback(callback) },
+            ContextMenuItem.Separator(),
+            new() { Label = "Copy Name", Icon = "bi-clipboard", OnClick = async () => await CopyCallbackNameAsync(callback.Name) },
+        });
+    }
+
+    private void ShowInternalFunctionItemMenu(MouseEventArgs e, FormulaFunctionDescriptor function)
+    {
+        ShowContextMenu(e, new List<ContextMenuItem>
+        {
+            new() { Label = "Open", Icon = "bi-code-slash", OnClick = () => OpenInternalFunction(function) },
+            ContextMenuItem.Separator(),
+            new() { Label = "Copy Name", Icon = "bi-clipboard", OnClick = async () => await CopyCallbackNameAsync(function.Name) },
+            new() { Label = "Copy Signature", Icon = "bi-clipboard-plus", OnClick = async () => await CopyCallbackNameAsync(function.Signature) },
+        });
+    }
+
+    private async Task OpenNewCollectionAsync()
+    {
+        string? enteredName = await Modal.PromptAsync(
+            "New Collection",
+            CollectionNameValidator.HelpText,
+            "Create",
+            "collection_name");
+        if (enteredName is null)
+            return;
+
+        string collectionName = CollectionNameValidator.Normalize(enteredName);
+        if (!CollectionNameValidator.IsValid(collectionName))
+        {
+            Toast.Error(CollectionNameValidator.HelpText);
+            return;
+        }
+
+        try
+        {
+            await DbClient.BrowseCollectionAsync(collectionName, page: 1, pageSize: 1);
+            TabManager.OpenCollectionTab(collectionName);
+            Changes.NotifyChanged();
+            await LoadObjects();
+            await InvokeAsync(StateHasChanged);
+        }
+        catch (Exception ex)
+        {
+            Toast.Error(ex.Message);
+        }
+    }
+
+    private void OpenNewDocumentForCollection(string collectionName)
+    {
+        var tab = TabManager.OpenCollectionTab(collectionName);
+        tab.State["StartNewDocument"] = true;
+        TabManager.ActivateTab(tab.Id);
+    }
+
+    private async Task CopyCollectionNameAsync(string collectionName)
+    {
+        try
+        {
+            await JS.InvokeVoidAsync("clipboardInterop.writeText", collectionName);
+            Toast.Success($"Copied '{collectionName}'.");
+        }
+        catch (Exception ex)
+        {
+            Toast.Error(ex.Message);
+        }
+    }
+
+    private async Task CopyCallbackNameAsync(string callbackName)
+    {
+        try
+        {
+            await JS.InvokeVoidAsync("clipboardInterop.writeText", callbackName);
+            Toast.Success($"Copied '{callbackName}'.");
+        }
+        catch (Exception ex)
+        {
+            Toast.Error(ex.Message);
+        }
+    }
+
     private async Task ConfirmDropTableAsync(string tableName)
     {
         var confirmed = await Modal.ConfirmAsync("Drop Table", $"Are you sure you want to drop table '{tableName}'? This action cannot be undone.", "Drop", isDanger: true);
@@ -617,6 +1495,20 @@
         catch (Exception ex) { Toast.Error(ex.Message); }
     }
 
+    private async Task ConfirmDropCollectionAsync(string collectionName)
+    {
+        var confirmed = await Modal.ConfirmAsync("Drop Collection", $"Are you sure you want to drop collection '{collectionName}'? All documents and collection indexes will be deleted. This action cannot be undone.", "Drop", isDanger: true);
+        if (!confirmed) return;
+        try
+        {
+            await DbClient.DropCollectionAsync(collectionName);
+            Toast.Success($"Dropped collection '{collectionName}'.");
+            TabManager.CloseTabsForObject(collectionName);
+            Changes.NotifyChanged();
+        }
+        catch (Exception ex) { Toast.Error(ex.Message); }
+    }
+
     private async Task ConfirmDropViewAsync(string viewName)
     {
         var confirmed = await Modal.ConfirmAsync("Drop View", $"Are you sure you want to drop view '{viewName}'? This action cannot be undone.", "Drop", isDanger: true);
diff --git a/src/CSharpDB.Admin/Components/Layout/TitleBar.razor b/src/CSharpDB.Admin/Components/Layout/TitleBar.razor
index 2ce41369..f2f00423 100644
--- a/src/CSharpDB.Admin/Components/Layout/TitleBar.razor
+++ b/src/CSharpDB.Admin/Components/Layout/TitleBar.razor
@@ -15,12 +15,18 @@
              width="24"
              height="24" />
         <span class="titlebar-brand">CSharpDB Studio</span>
-        <span class="titlebar-dbname">@("\u2014") @DbClient.DataSource</span>
     </div>
+    <button class="db-switcher" @onclick="OpenDatabase" title="Switch database">
+        <i class="bi bi-database"></i>
+        <span>@CurrentDatabaseName</span>
+        <i class="bi bi-caret-down-fill"></i>
+    </button>
+    <button class="palette-launcher" @onclick="OpenCommandPalette" title="Command Palette (Ctrl+K)">
+        <i class="bi bi-search"></i>
+        <span>Search anything...</span>
+        <span class="kbd">Ctrl K</span>
+    </button>
     <div class="titlebar-toolbar">
-        <button class="titlebar-action-btn" @onclick="OpenDatabase" title="Open Database">
-            <i class="bi bi-folder2-open"></i> Open Database
-        </button>
         <button class="titlebar-action-btn" @onclick="() => TabManager.OpenQueryTab()" title="New Query (Ctrl+N)">
             <i class="bi bi-plus"></i> New Query
         </button>
@@ -60,6 +66,26 @@
 @code {
     [Parameter] public EventCallback OnToggleSidebar { get; set; }
     [Parameter] public EventCallback OnShowShortcuts { get; set; }
+    [Parameter] public EventCallback OnOpenCommandPalette { get; set; }
+
+    private string CurrentDatabaseName
+    {
+        get
+        {
+            string source = DbHolder.DataSource ?? DbClient.DataSource ?? string.Empty;
+            if (string.IsNullOrWhiteSpace(source))
+                return "Open database";
+
+            try
+            {
+                return Path.GetFileName(source.TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar));
+            }
+            catch
+            {
+                return source;
+            }
+        }
+    }
 
     protected override void OnInitialized()
     {
@@ -70,6 +96,7 @@
     private async Task ToggleTheme() => await Theme.ToggleAsync();
     private async Task ToggleSidebar() => await OnToggleSidebar.InvokeAsync();
     private async Task ShowShortcuts() => await OnShowShortcuts.InvokeAsync();
+    private async Task OpenCommandPalette() => await OnOpenCommandPalette.InvokeAsync();
 
     private async Task OpenDatabase()
     {
diff --git a/src/CSharpDB.Admin/Components/Samples/FormControls/RatingDesignerPreview.razor b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingDesignerPreview.razor
new file mode 100644
index 00000000..7f8e3baa
--- /dev/null
+++ b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingDesignerPreview.razor
@@ -0,0 +1,43 @@
+@namespace CSharpDB.Admin.Components.Samples.FormControls
+@using System.Globalization
+@using System.Text.Json
+@using CSharpDB.Admin.Forms.Models
+
+<div class="sample-rating-preview" title="@Context.Descriptor.DisplayName">
+    <div class="sample-rating-preview-label">@Label</div>
+    <div class="sample-rating-preview-scale">
+        @for (int value = 1; value <= MaxRating; value++)
+        {
+            <span class="sample-rating-preview-step @(value <= PreviewValue ? "active" : null)">@value</span>
+        }
+    </div>
+</div>
+
+@code {
+    [Parameter, EditorRequired] public FormControlDesignContext Context { get; set; } = default!;
+
+    private string Label
+        => string.IsNullOrWhiteSpace(Context.Control.Binding?.FieldName)
+            ? "Rating"
+            : Context.Control.Binding!.FieldName;
+
+    private int MaxRating => Math.Clamp(ReadIntProp("max", 5), 1, 10);
+
+    private int PreviewValue => Math.Min(3, MaxRating);
+
+    private int ReadIntProp(string key, int fallback)
+    {
+        if (!Context.Control.Props.Values.TryGetValue(key, out object? value) || value is null)
+            return fallback;
+
+        return value switch
+        {
+            int i => i,
+            long l => (int)l,
+            double d => (int)d,
+            JsonElement json when json.ValueKind == JsonValueKind.Number && json.TryGetInt32(out int parsed) => parsed,
+            _ when int.TryParse(value.ToString(), NumberStyles.Integer, CultureInfo.InvariantCulture, out int parsed) => parsed,
+            _ => fallback,
+        };
+    }
+}
diff --git a/src/CSharpDB.Admin/Components/Samples/FormControls/RatingDesignerPreview.razor.css b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingDesignerPreview.razor.css
new file mode 100644
index 00000000..16bb84e9
--- /dev/null
+++ b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingDesignerPreview.razor.css
@@ -0,0 +1,41 @@
+.sample-rating-preview {
+    display: grid;
+    gap: 6px;
+    height: 100%;
+    min-height: 0;
+}
+
+.sample-rating-preview-label {
+    color: var(--cdb-text, #1f2937);
+    font-size: 12px;
+    font-weight: 600;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.sample-rating-preview-scale {
+    display: flex;
+    gap: 4px;
+    min-width: 0;
+}
+
+.sample-rating-preview-step {
+    align-items: center;
+    background: var(--cdb-surface-muted, #f8fafc);
+    border: 1px solid var(--cdb-border, #cbd5e1);
+    border-radius: 4px;
+    color: var(--cdb-text, #1f2937);
+    display: inline-flex;
+    font-size: 12px;
+    font-weight: 600;
+    height: 26px;
+    justify-content: center;
+    min-width: 28px;
+}
+
+.sample-rating-preview-step.active {
+    background: var(--cdb-primary, #2563eb);
+    border-color: var(--cdb-primary, #2563eb);
+    color: var(--cdb-primary-contrast, #fff);
+}
diff --git a/src/CSharpDB.Admin/Components/Samples/FormControls/RatingPropertyEditor.razor b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingPropertyEditor.razor
new file mode 100644
index 00000000..9d659f63
--- /dev/null
+++ b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingPropertyEditor.razor
@@ -0,0 +1,72 @@
+@namespace CSharpDB.Admin.Components.Samples.FormControls
+@using System.Globalization
+@using System.Text.Json
+@using CSharpDB.Admin.Forms.Models
+
+<div class="sample-rating-property-editor">
+    <div class="pi-field">
+        <label>Maximum Rating</label>
+        <input type="number"
+               min="1"
+               max="10"
+               value="@GetIntProp("max", 5)"
+               @onchange="@(e => SetIntPropAsync("max", e.Value, 5))" />
+    </div>
+    <div class="pi-field">
+        <label>Display Mode</label>
+        <select value="@GetStringProp("displayMode", "buttons")"
+                @onchange="@(e => Context.SetPropertyAsync("displayMode", e.Value?.ToString() ?? "buttons"))">
+            <option value="buttons">Buttons</option>
+            <option value="compact">Compact</option>
+        </select>
+    </div>
+    <div class="pi-field">
+        <label>Required</label>
+        <input type="checkbox"
+               checked="@GetBoolProp("required", false)"
+               @onchange="@(e => Context.SetPropertyAsync("required", e.Value is true))" />
+    </div>
+</div>
+
+@code {
+    [Parameter, EditorRequired] public FormControlPropertyContext Context { get; set; } = default!;
+
+    private Task SetIntPropAsync(string key, object? value, int fallback)
+        => Context.SetPropertyAsync(key, Math.Clamp(ReadIntValue(value, fallback), 1, 10));
+
+    private int GetIntProp(string key, int fallback)
+        => Context.Control.Props.Values.TryGetValue(key, out object? value)
+            ? ReadIntValue(value, fallback)
+            : fallback;
+
+    private string GetStringProp(string key, string fallback)
+        => Context.Control.Props.Values.TryGetValue(key, out object? value) && value is not null
+            ? value.ToString() ?? fallback
+            : fallback;
+
+    private bool GetBoolProp(string key, bool fallback)
+    {
+        if (!Context.Control.Props.Values.TryGetValue(key, out object? value) || value is null)
+            return fallback;
+
+        return value switch
+        {
+            bool b => b,
+            JsonElement json when json.ValueKind == JsonValueKind.True => true,
+            JsonElement json when json.ValueKind == JsonValueKind.False => false,
+            _ when bool.TryParse(value.ToString(), out bool parsed) => parsed,
+            _ => fallback,
+        };
+    }
+
+    private static int ReadIntValue(object? value, int fallback)
+        => value switch
+        {
+            int i => i,
+            long l => (int)l,
+            double d => (int)d,
+            JsonElement json when json.ValueKind == JsonValueKind.Number && json.TryGetInt32(out int parsed) => parsed,
+            _ when int.TryParse(value?.ToString(), NumberStyles.Integer, CultureInfo.InvariantCulture, out int parsed) => parsed,
+            _ => fallback,
+        };
+}
diff --git a/src/CSharpDB.Admin/Components/Samples/FormControls/RatingPropertyEditor.razor.css b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingPropertyEditor.razor.css
new file mode 100644
index 00000000..dbef2577
--- /dev/null
+++ b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingPropertyEditor.razor.css
@@ -0,0 +1,4 @@
+.sample-rating-property-editor {
+    display: grid;
+    gap: 8px;
+}
diff --git a/src/CSharpDB.Admin/Components/Samples/FormControls/RatingRuntimeControl.razor b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingRuntimeControl.razor
new file mode 100644
index 00000000..7c7154cf
--- /dev/null
+++ b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingRuntimeControl.razor
@@ -0,0 +1,79 @@
+@namespace CSharpDB.Admin.Components.Samples.FormControls
+@using System.Globalization
+@using System.Text.Json
+@using CSharpDB.Admin.Forms.Models
+
+<div class="@ControlClass">
+    <div class="sample-rating-label">@Label</div>
+    <div class="sample-rating-buttons" role="radiogroup" aria-label="@Label">
+        @for (int value = 1; value <= MaxRating; value++)
+        {
+            int rating = value;
+            <button type="button"
+                    class="sample-rating-button @(rating <= CurrentValue ? "active" : null)"
+                    disabled="@IsLocked"
+                    aria-checked="@(rating == CurrentValue)"
+                    @onclick="@(() => SetRatingAsync(rating))">
+                @rating
+            </button>
+        }
+    </div>
+    @if (!string.IsNullOrWhiteSpace(Context.ValidationError))
+    {
+        <div class="sample-rating-error">@Context.ValidationError</div>
+    }
+</div>
+
+@code {
+    [Parameter, EditorRequired] public FormControlRuntimeContext Context { get; set; } = default!;
+
+    private string Label
+        => string.IsNullOrWhiteSpace(Context.FieldName)
+            ? Context.Descriptor.DisplayName
+            : Context.FieldName!;
+
+    private int MaxRating => Math.Clamp(ReadIntProp("max", 5), 1, 10);
+
+    private int CurrentValue => Math.Clamp(ReadIntValue(Context.BoundValue, 0), 0, MaxRating);
+
+    private bool IsLocked => !Context.IsEnabled || Context.IsReadOnly;
+
+    private string ControlClass
+        => "sample-rating-control"
+           + (IsLocked ? " locked" : "")
+           + (!string.IsNullOrWhiteSpace(Context.ValidationError) ? " invalid" : "");
+
+    private async Task SetRatingAsync(int rating)
+    {
+        if (IsLocked)
+            return;
+
+        await Context.SetValueAsync(rating);
+        await Context.DispatchEventAsync(
+            ControlEventKind.OnClick,
+            new Dictionary<string, object?>
+            {
+                ["rating"] = rating,
+                ["max"] = MaxRating,
+            });
+    }
+
+    private int ReadIntProp(string key, int fallback)
+    {
+        if (!Context.Control.Props.Values.TryGetValue(key, out object? value) || value is null)
+            return fallback;
+
+        return ReadIntValue(value, fallback);
+    }
+
+    private static int ReadIntValue(object? value, int fallback)
+        => value switch
+        {
+            int i => i,
+            long l => (int)l,
+            double d => (int)d,
+            JsonElement json when json.ValueKind == JsonValueKind.Number && json.TryGetInt32(out int parsed) => parsed,
+            _ when int.TryParse(value?.ToString(), NumberStyles.Integer, CultureInfo.InvariantCulture, out int parsed) => parsed,
+            _ => fallback,
+        };
+}
diff --git a/src/CSharpDB.Admin/Components/Samples/FormControls/RatingRuntimeControl.razor.css b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingRuntimeControl.razor.css
new file mode 100644
index 00000000..92ee171a
--- /dev/null
+++ b/src/CSharpDB.Admin/Components/Samples/FormControls/RatingRuntimeControl.razor.css
@@ -0,0 +1,56 @@
+.sample-rating-control {
+    display: grid;
+    gap: 6px;
+    height: 100%;
+    min-height: 0;
+}
+
+.sample-rating-label {
+    color: var(--cdb-text, #1f2937);
+    font-size: 12px;
+    font-weight: 600;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.sample-rating-buttons {
+    display: flex;
+    gap: 4px;
+    min-width: 0;
+}
+
+.sample-rating-button {
+    align-items: center;
+    background: var(--cdb-surface-muted, #f8fafc);
+    border: 1px solid var(--cdb-border, #cbd5e1);
+    border-radius: 4px;
+    color: var(--cdb-text, #1f2937);
+    cursor: pointer;
+    display: inline-flex;
+    font-size: 12px;
+    font-weight: 600;
+    height: 26px;
+    justify-content: center;
+    min-width: 28px;
+}
+
+.sample-rating-button.active {
+    background: var(--cdb-primary, #2563eb);
+    border-color: var(--cdb-primary, #2563eb);
+    color: var(--cdb-primary-contrast, #fff);
+}
+
+.sample-rating-control.locked .sample-rating-button {
+    cursor: default;
+    opacity: 0.72;
+}
+
+.sample-rating-control.invalid .sample-rating-button {
+    border-color: var(--cdb-danger, #dc2626);
+}
+
+.sample-rating-error {
+    color: var(--cdb-danger, #dc2626);
+    font-size: 11px;
+}
diff --git a/src/CSharpDB.Admin/Components/Samples/FormControls/SampleRatingControlRegistration.cs b/src/CSharpDB.Admin/Components/Samples/FormControls/SampleRatingControlRegistration.cs
new file mode 100644
index 00000000..81a24924
--- /dev/null
+++ b/src/CSharpDB.Admin/Components/Samples/FormControls/SampleRatingControlRegistration.cs
@@ -0,0 +1,30 @@
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+
+namespace CSharpDB.Admin.Components.Samples.FormControls;
+
+public static class SampleRatingControlRegistration
+{
+    public static IServiceCollection AddSampleFormControls(this IServiceCollection services)
+        => services.AddCSharpDbAdminFormControls(builder => builder.Add(new FormControlDescriptor
+        {
+            ControlType = "sampleRating",
+            DisplayName = "Rating",
+            ToolboxGroup = "Custom",
+            IconText = "*",
+            Description = "Sample custom scalar rating control.",
+            DefaultWidth = 220,
+            DefaultHeight = 48,
+            SupportsBinding = true,
+            ParticipatesInTabOrder = true,
+            DefaultProps = new Dictionary<string, object?>
+            {
+                ["max"] = 5,
+                ["displayMode"] = "buttons",
+                ["required"] = false,
+            },
+            DesignerPreviewComponentType = typeof(RatingDesignerPreview),
+            RuntimeComponentType = typeof(RatingRuntimeControl),
+            PropertyEditorComponentType = typeof(RatingPropertyEditor),
+        }));
+}
diff --git a/src/CSharpDB.Admin/Components/Shared/DataGrid.razor b/src/CSharpDB.Admin/Components/Shared/DataGrid.razor
index 781f2f96..5b39e3dc 100644
--- a/src/CSharpDB.Admin/Components/Shared/DataGrid.razor
+++ b/src/CSharpDB.Admin/Components/Shared/DataGrid.razor
@@ -39,13 +39,15 @@
                     {
                         var colIdx = c;
                         var sortIndicator = _sortCol == colIdx ? (_sortAsc ? " \u2191" : " \u2193") : "";
-                        <th @onclick="() => SortColumn(colIdx)" class="sortable">
+                        var isPrimaryKeyColumn = PrimaryKeyColumn is not null && Columns[colIdx] == PrimaryKeyColumn;
+                        <th @onclick="() => SortColumn(colIdx)" class="sortable @(_sortCol == colIdx ? "sorted" : "")">
+                            <i class="bi @GetColumnHeaderIconClass(colIdx, isPrimaryKeyColumn)"></i>
                             <span class="col-name">@Columns[colIdx]</span>
                             @if (ColumnTypes is not null && colIdx < ColumnTypes.Length)
                             {
                                 <span class="col-type-badge @GetTypeBadgeClass(ColumnTypes[colIdx])">@ColumnTypes[colIdx]</span>
                             }
-                            @if (PrimaryKeyColumn is not null && Columns[colIdx] == PrimaryKeyColumn)
+                            @if (isPrimaryKeyColumn)
                             {
                                 <span class="col-pk-badge">PK</span>
                             }
@@ -121,7 +123,7 @@
                                 }
                                 else
                                 {
-                                    <td class="@(isPk ? "pk-val" : "") @(row.IsColumnModified(colIdx) ? "modified-cell" : "")"
+                                    <td class="@GetCellClass(colIdx, cellValue, isPk, row.IsColumnModified(colIdx))"
                                         @ondblclick="() => StartEdit(rowIdx, colIdx, isPk)">
                                         @if (cellValue is null)
                                         {
@@ -131,6 +133,10 @@
                                         {
                                             <span class="blob-val">[@bytes.Length bytes]</span>
                                         }
+                                        else if (IsStatusColumn(colIdx))
+                                        {
+                                            <span class="pill-status @GetStatusPillClass(cellValue)">@cellValue</span>
+                                        }
                                         else
                                         {
                                             @cellValue.ToString()
@@ -191,6 +197,7 @@
     [Parameter] public EventCallback<string> OnStatusMessage { get; set; }
     [Parameter] public EventCallback<int> OnSelectionChanged { get; set; }
     [Parameter] public EventCallback<QueryResultsStatus> OnQueryStatusChanged { get; set; }
+    [Parameter] public EventCallback<IReadOnlyList<DataGridFilterSummary>> OnFiltersChanged { get; set; }
 
     private List<DataGridRow> _allRows = new();
     private List<DataGridRow> _rows = new();
@@ -265,6 +272,7 @@
             _hasExactTotal = false;
             _hasNextPage = false;
             _bypassViewCursorForNextLoad = false;
+            await NotifyFiltersChangedAsync();
         }
 
         await LoadDataAsync();
@@ -308,6 +316,7 @@
         {
             _loading = false;
             await NotifyQueryStatusChangedAsync();
+            await NotifyFiltersChangedAsync();
             StateHasChanged();
         }
     }
@@ -336,6 +345,7 @@
 
             ApplyFiltersAndSort();
             await NotifySelectionChangedAsync();
+            await NotifyFiltersChangedAsync();
             StateHasChanged();
             return;
         }
@@ -416,6 +426,45 @@
         await RefreshAfterFilterChangeAsync();
     }
 
+    public async Task ClearFilterAsync(int columnIndex)
+    {
+        _filters.Remove(columnIndex);
+        _filterInputs.Remove(columnIndex);
+        _filterModes.Remove(columnIndex);
+        await RefreshAfterFilterChangeAsync();
+    }
+
+    public async Task ApplyFilterAsync(string columnName, DataGridFilterMatchMode matchMode, string value)
+    {
+        if (Columns is null || Columns.Length == 0)
+            throw new InvalidOperationException("No columns are loaded for filtering.");
+
+        int colIdx = Array.FindIndex(
+            Columns,
+            column => string.Equals(column, columnName, StringComparison.OrdinalIgnoreCase));
+        if (colIdx < 0)
+            throw new InvalidOperationException($"Column '{columnName}' was not found.");
+
+        if (string.IsNullOrWhiteSpace(value))
+        {
+            _filters.Remove(colIdx);
+            _filterInputs.Remove(colIdx);
+            _filterModes.Remove(colIdx);
+        }
+        else
+        {
+            _filters[colIdx] = value;
+            _filterInputs[colIdx] = value;
+
+            if (matchMode == DataGridFilterMatchMode.Contains)
+                _filterModes.Remove(colIdx);
+            else
+                _filterModes[colIdx] = matchMode;
+        }
+
+        await RefreshAfterFilterChangeAsync();
+    }
+
     private void ResetFilterDraft(int colIdx)
     {
         if (_filters.TryGetValue(colIdx, out var activeValue))
@@ -439,6 +488,7 @@
 
             ApplyFiltersAndSort();
             await NotifySelectionChangedAsync();
+            await NotifyFiltersChangedAsync();
             StateHasChanged();
             return;
         }
@@ -512,7 +562,7 @@
     {
         if (_editingCell is null) return;
         var row = _rows[rowIdx];
-        var newValue = ParseCellValue(_editingCell.Value, colIdx);
+        var newValue = ParseCellValue(_editingCell.Value, colIdx, emptyTextAsNull: true);
         row.CurrentValues[colIdx] = newValue;
 
         if (row.State == RowState.Unmodified)
@@ -530,10 +580,14 @@
             _editingCell = null;
     }
 
-    private object? ParseCellValue(string text, int colIdx)
+    private object? ParseCellValue(string text, int colIdx, bool emptyTextAsNull)
     {
-        if (string.IsNullOrEmpty(text) || text.Equals("NULL", StringComparison.OrdinalIgnoreCase))
+        if ((emptyTextAsNull && string.IsNullOrEmpty(text))
+            || text.Equals("NULL", StringComparison.OrdinalIgnoreCase))
+        {
             return null;
+        }
+
         if (ColumnTypes is not null && colIdx < ColumnTypes.Length)
         {
             var type = ColumnTypes[colIdx];
@@ -580,6 +634,51 @@
         await NotifySelectionChangedAsync();
     }
 
+    public async Task<int> BulkEditSelectedRowsAsync(string columnName, string text, bool setNull)
+    {
+        if (IsReadOnly || Columns is null || _selectedRows.Count == 0)
+            return 0;
+
+        int colIdx = Array.FindIndex(
+            Columns,
+            column => string.Equals(column, columnName, StringComparison.OrdinalIgnoreCase));
+        if (colIdx < 0)
+            throw new InvalidOperationException($"Column '{columnName}' was not found.");
+
+        if (PrimaryKeyColumn is not null
+            && string.Equals(Columns[colIdx], PrimaryKeyColumn, StringComparison.OrdinalIgnoreCase))
+        {
+            throw new InvalidOperationException("Primary key columns cannot be bulk edited.");
+        }
+
+        object? newValue = setNull
+            ? null
+            : ParseCellValue(text, colIdx, emptyTextAsNull: false);
+        int changed = 0;
+
+        foreach (var row in _selectedRows.ToList())
+        {
+            if (row.State == RowState.Deleted || colIdx >= row.CurrentValues.Length)
+                continue;
+
+            if (CellValuesEqual(row.CurrentValues[colIdx], newValue))
+                continue;
+
+            row.CurrentValues[colIdx] = newValue;
+            if (row.State == RowState.Unmodified)
+                row.State = RowState.Modified;
+            changed++;
+        }
+
+        _editingCell = null;
+        ApplyFiltersAndSort();
+        await NotifySelectionChangedAsync();
+        await NotifyQueryStatusChangedAsync();
+        await NotifyFiltersChangedAsync();
+        StateHasChanged();
+        return changed;
+    }
+
     public async Task SaveChangesAsync()
     {
         if (TableName is null || PrimaryKeyColumn is null) return;
@@ -646,6 +745,25 @@
     public bool HasSelectedRows => _selectedRows.Count > 0;
     public int SelectedRowCount => _selectedRows.Count;
 
+    public (string[] Columns, IReadOnlyList<object?[]> Rows) GetVisibleRowsSnapshot()
+        => ((Columns ?? Array.Empty<string>()).ToArray(),
+            _rows.Select(row => row.CurrentValues.ToArray()).ToList());
+
+    public (string[] Columns, IReadOnlyList<object?[]> Rows) GetSelectedRowsSnapshot()
+        => ((Columns ?? Array.Empty<string>()).ToArray(),
+            _selectedRows.Select(row => row.CurrentValues.ToArray()).ToList());
+
+    private static bool CellValuesEqual(object? left, object? right)
+    {
+        if (ReferenceEquals(left, right))
+            return true;
+        if (left is null || right is null)
+            return false;
+        if (left is byte[] leftBytes && right is byte[] rightBytes)
+            return leftBytes.SequenceEqual(rightBytes);
+        return left.Equals(right);
+    }
+
     private void ApplyFiltersAndSort()
     {
         if (!_loadedAllRows)
@@ -754,7 +872,34 @@
             await OnSelectionChanged.InvokeAsync(_selectedRows.Count);
     }
 
+    private async Task NotifyFiltersChangedAsync()
+    {
+        if (!OnFiltersChanged.HasDelegate)
+            return;
+
+        await OnFiltersChanged.InvokeAsync(GetActiveFilterSummaries());
+    }
+
+    private IReadOnlyList<DataGridFilterSummary> GetActiveFilterSummaries()
+    {
+        if (Columns is null || Columns.Length == 0)
+            return Array.Empty<DataGridFilterSummary>();
+
+        return _filters
+            .Where(pair => !string.IsNullOrWhiteSpace(pair.Value)
+                           && pair.Key >= 0
+                           && pair.Key < Columns.Length)
+            .OrderBy(pair => pair.Key)
+            .Select(pair => new DataGridFilterSummary(pair.Key, Columns[pair.Key], GetFilterMode(pair.Key), pair.Value))
+            .ToArray();
+    }
+
     // ─── Pagination ─────────────────
+    public Task GoToFirstPageAsync() => GoToPage(1);
+    public Task GoToPreviousPageAsync() => GoToPage(_page - 1);
+    public Task GoToNextPageAsync() => GoToPage(_page + 1);
+    public Task GoToLastPageAsync() => _hasExactTotal ? GoToPage(TotalPages) : Task.CompletedTask;
+
     private async Task GoToPage(int page)
     {
         int currentPage = _page;
@@ -777,6 +922,7 @@
         {
             ApplyFiltersAndSort();
             await NotifySelectionChangedAsync();
+            await NotifyFiltersChangedAsync();
             StateHasChanged();
             return;
         }
@@ -1399,6 +1545,92 @@
         _ => "type-other"
     };
 
+    private string GetColumnHeaderIconClass(int colIdx, bool isPrimaryKeyColumn)
+    {
+        if (isPrimaryKeyColumn)
+            return "bi-key col-icon key";
+
+        if (Columns is not null
+            && colIdx >= 0
+            && colIdx < Columns.Length
+            && IsDateLikeColumnName(Columns[colIdx]))
+        {
+            return "bi-calendar3 col-icon date";
+        }
+
+        return (GetColumnType(colIdx)?.ToUpperInvariant()) switch
+        {
+            "INTEGER" or "INT" => "bi-hash col-icon int",
+            "REAL" => "bi-123 col-icon int",
+            "TEXT" or "VARCHAR" or "CHAR" => "bi-fonts col-icon text",
+            "BLOB" => "bi-file-binary col-icon blob",
+            _ => "bi-circle col-icon",
+        };
+    }
+
+    private string GetCellClass(int colIdx, object? cellValue, bool isPrimaryKey, bool isModified)
+    {
+        var classes = new List<string>();
+        if (isPrimaryKey)
+            classes.Add("pk-val data-id-cell");
+        if (isModified)
+            classes.Add("modified-cell");
+        if (cellValue is null)
+            classes.Add("data-null-cell");
+
+        string? type = GetColumnType(colIdx);
+        if (type is not null && (IsIntegerColumnType(type) || IsRealColumnType(type)))
+            classes.Add("data-number-cell");
+        else if (Columns is not null
+                 && colIdx >= 0
+                 && colIdx < Columns.Length
+                 && IsDateLikeColumnName(Columns[colIdx]))
+        {
+            classes.Add("data-date-cell");
+        }
+
+        return string.Join(" ", classes);
+    }
+
+    private bool IsStatusColumn(int colIdx)
+        => Columns is not null
+           && colIdx >= 0
+           && colIdx < Columns.Length
+           && (Columns[colIdx].Contains("status", StringComparison.OrdinalIgnoreCase)
+               || Columns[colIdx].Contains("state", StringComparison.OrdinalIgnoreCase));
+
+    private static string GetStatusPillClass(object value)
+    {
+        string text = value.ToString() ?? string.Empty;
+        if (text.Contains("inactive", StringComparison.OrdinalIgnoreCase)
+            || text.Contains("closed", StringComparison.OrdinalIgnoreCase)
+            || text.Contains("disabled", StringComparison.OrdinalIgnoreCase))
+        {
+            return "inactive";
+        }
+
+        if (text.Contains("pending", StringComparison.OrdinalIgnoreCase)
+            || text.Contains("waiting", StringComparison.OrdinalIgnoreCase)
+            || text.Contains("draft", StringComparison.OrdinalIgnoreCase))
+        {
+            return "pending";
+        }
+
+        if (text.Contains("active", StringComparison.OrdinalIgnoreCase)
+            || text.Contains("ready", StringComparison.OrdinalIgnoreCase)
+            || text.Contains("open", StringComparison.OrdinalIgnoreCase))
+        {
+            return "active";
+        }
+
+        return "neutral";
+    }
+
+    private static bool IsDateLikeColumnName(string columnName)
+        => columnName.Contains("date", StringComparison.OrdinalIgnoreCase)
+           || columnName.Contains("time", StringComparison.OrdinalIgnoreCase)
+           || columnName.EndsWith("_at", StringComparison.OrdinalIgnoreCase);
+
     public async ValueTask DisposeAsync()
     {
         await DisposeViewCursorAsync();
diff --git a/src/CSharpDB.Admin/Components/Tabs/CallbacksTab.razor b/src/CSharpDB.Admin/Components/Tabs/CallbacksTab.razor
new file mode 100644
index 00000000..4e6a3d20
--- /dev/null
+++ b/src/CSharpDB.Admin/Components/Tabs/CallbacksTab.razor
@@ -0,0 +1,1036 @@
+@using CSharpDB.Admin.Forms.Evaluation
+@using CSharpDB.Primitives
+@implements IDisposable
+@inject HostCallbackCatalogService CallbackCatalog
+@inject HostCallbackPolicyService CallbackPolicy
+@inject HostCallbackReadinessService CallbackReadiness
+@inject HostCallbackDiagnosticsHistoryService CallbackDiagnosticsHistory
+@inject ToastService Toast
+@inject IJSRuntime JS
+
+<div class="callbacks-tab data-tab" @ref="_callbacksLayoutRef">
+    <div class="data-toolbar">
+        <div class="data-crumb">
+            <button type="button">
+                <i class="bi bi-hdd-stack"></i>
+                system
+            </button>
+            <span>/</span>
+            <strong><i class="bi bi-plug icon-system"></i>callbacks</strong>
+            <span>/</span>
+            <strong>@GetScopeLabel(_callbackScope)</strong>
+        </div>
+
+        <div class="data-toolbar-group callbacks-readiness-group">
+            <span class="@GetReadinessBadgeClass()">@GetReadinessText()</span>
+        </div>
+
+        <div class="data-toolbar-group callbacks-actions">
+            <button type="button" class="data-toolbar-btn" @onclick="RefreshAsync">
+                <i class="bi bi-arrow-clockwise"></i> Refresh
+            </button>
+            <button type="button"
+                    class="data-toolbar-btn"
+                    title="Copy missing callback stubs"
+                    @onclick="CopyMissingStubsAsync"
+                    disabled="@(!HasMissingEntries)">
+                <i class="bi bi-clipboard"></i> Stubs
+            </button>
+        </div>
+
+        <div class="data-toolbar-group callbacks-scope-toggle">
+            <button type="button"
+                    class="@GetScopeButtonClass(CallbackScopeInternal)"
+                    @onclick='() => SelectCallbackScope(CallbackScopeInternal)'>
+                Internal
+            </button>
+            <button type="button"
+                    class="@GetScopeButtonClass(CallbackScopeExternal)"
+                    @onclick='() => SelectCallbackScope(CallbackScopeExternal)'>
+                External
+            </button>
+        </div>
+
+        <div class="data-toolbar-group callbacks-filter-bar">
+            <select class="callbacks-filter" value="@_kindFilter" @onchange="OnKindFilterChanged">
+                <option value="">All kinds</option>
+                <option value="@AutomationCallbackKind.ScalarFunction">Scalar functions</option>
+                <option value="@AutomationCallbackKind.Command">Commands</option>
+                <option value="@AutomationCallbackKind.ValidationRule">Validation rules</option>
+            </select>
+            <select class="callbacks-filter status" value="@_statusFilter" @onchange="OnStatusFilterChanged">
+                <option value="">All status</option>
+                <option value="missing">Not registered</option>
+                <option value="registered">Registered</option>
+                <option value="referenced">Referenced</option>
+            </select>
+            <input class="callbacks-search"
+                   value="@_query"
+                   @oninput="OnQueryChanged"
+                   placeholder="Filter callbacks" />
+        </div>
+
+        <div class="data-pager">
+            <span>@GetPagerText()</span>
+        </div>
+    </div>
+
+    @if (IsInternalScope)
+    {
+        <section class="callbacks-builtins-panel">
+            <div class="callbacks-builtins-head">
+                <div>
+                    <div class="callbacks-eyebrow">Internal</div>
+                    <h3>Formula Functions</h3>
+                </div>
+                <span class="callbacks-policy-badge allowed">@FilteredBuiltInFunctions.Count of @FormulaFunctionCatalog.AllFunctions.Count built in</span>
+            </div>
+            <p class="callbacks-description">
+                These functions are available in Admin Forms formulas and do not need host registration.
+            </p>
+            @if (FilteredBuiltInFunctions.Count == 0)
+            {
+                <div class="callbacks-empty small">No matching internal functions.</div>
+            }
+            else
+            {
+                <div class="callbacks-builtins-grid">
+                    @foreach (BuiltInFormulaFunctionGroup group in GetBuiltInFunctionGroups())
+                    {
+                        <div class="callbacks-builtins-group">
+                            <h4>@group.Category</h4>
+                            <div class="callbacks-builtins-list">
+                                @foreach (FormulaFunctionDescriptor function in group.Functions)
+                                {
+                                    <div class="callbacks-builtin-item">
+                                        <strong>@function.Name</strong>
+                                        <code>@function.Signature</code>
+                                        <span>@function.Description</span>
+                                    </div>
+                                }
+                            </div>
+                        </div>
+                    }
+                </div>
+            }
+        </section>
+
+        <div class="callbacks-splitter callbacks-splitter-horizontal"
+             title="Resize built-in functions"
+             @onmousedown="StartBuiltInsResizeAsync"
+             @onmousedown:preventDefault></div>
+    }
+
+    <div class="callbacks-layout">
+        <section class="callbacks-list-panel">
+            @if (ScopedEntries.Count == 0)
+            {
+                <div class="callbacks-empty">@GetEmptyScopeText()</div>
+            }
+            else if (FilteredEntries.Count == 0)
+            {
+                <div class="callbacks-empty">No matching @(GetScopeLabel(_callbackScope).ToLowerInvariant()) callbacks.</div>
+            }
+            else
+            {
+                <table class="schema-table callbacks-table">
+                    <thead>
+                        <tr>
+                            <th>Name</th>
+                            <th>Kind</th>
+                            <th>Runtime</th>
+                            <th>Arity</th>
+                            <th>Refs</th>
+                            <th>Capabilities</th>
+                            <th>Status</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        @foreach (HostCallbackCatalogEntry entry in FilteredEntries)
+                        {
+                            string key = GetEntryKey(entry);
+                            <tr class="callbacks-row @(key == _selectedKey ? "selected" : "") @(entry.IsMissingRegistration ? "missing" : "")"
+                                @onclick="() => SelectEntry(entry)">
+                                <td class="mono-cell">
+                                    @if (entry.IsMissingRegistration)
+                                    {
+                                        <i class="bi bi-exclamation-triangle callbacks-missing-icon"></i>
+                                    }
+                                    @entry.Name
+                                </td>
+                                <td>@GetKindLabel(entry.Kind)</td>
+                                <td>@FormatRuntime(entry)</td>
+                                <td>@FormatArity(entry.Arity)</td>
+                                <td>@entry.References.Count</td>
+                                <td class="callbacks-capability-cell">@FormatCapabilitySummary(entry)</td>
+                                <td><span class="@GetEntryStatusBadgeClass(entry)">@GetEntryStatus(entry)</span></td>
+                            </tr>
+                        }
+                    </tbody>
+                </table>
+            }
+        </section>
+
+        <div class="callbacks-splitter callbacks-splitter-vertical"
+             title="Resize details"
+             @onmousedown="StartDetailResizeAsync"
+             @onmousedown:preventDefault></div>
+
+        <section class="callbacks-detail-panel" @ref="_callbacksDetailRef">
+            @if (SelectedEntry is { } selected)
+            {
+                <div class="callbacks-detail-head">
+                    <div>
+                        <div class="callbacks-eyebrow">@GetKindLabel(selected.Kind)</div>
+                        <h3>@selected.Name</h3>
+                    </div>
+                    <span class="@GetEntryStatusBadgeClass(selected)">@GetEntryStatus(selected)</span>
+                </div>
+
+                @if (selected.Descriptor is { } descriptor)
+                {
+                    DbExtensionPolicyDecision policy = CallbackPolicy.Evaluate(descriptor);
+
+                    @if (!string.IsNullOrWhiteSpace(descriptor.Description))
+                    {
+                        <p class="callbacks-description">@descriptor.Description</p>
+                    }
+
+                    <table class="schema-table callbacks-detail-table">
+                        <tbody>
+                            <tr><th>Registration</th><td>Registered</td></tr>
+                            <tr><th>References</th><td>@selected.References.Count</td></tr>
+                            <tr><th>Policy</th><td><span class="@GetPolicyBadgeClass(policy)">@GetPolicyStatus(policy)</span></td></tr>
+                            <tr><th>Policy Reason</th><td>@(policy.DenialReason ?? "Granted by host policy.")</td></tr>
+                            <tr><th>Runtime</th><td>@descriptor.Runtime</td></tr>
+                            <tr><th>Return Type</th><td>@(descriptor.ReturnType?.ToString() ?? "-")</td></tr>
+                            <tr><th>Arity</th><td>@FormatArity(descriptor.Arity)</td></tr>
+                            <tr><th>Tableless SELECT</th><td>@(descriptor.CanRunWithoutFrom ? "Allowed" : "Not marked")</td></tr>
+                            <tr><th>Timeout</th><td>@FormatTimeout(descriptor.Timeout)</td></tr>
+                            <tr><th>Effective Timeout</th><td>@FormatTimeout(policy.Timeout)</td></tr>
+                            <tr><th>Max Memory</th><td>@FormatBytes(policy.MaxMemoryBytes)</td></tr>
+                            <tr><th>Flags</th><td>@FormatFlags(descriptor)</td></tr>
+                        </tbody>
+                    </table>
+
+                    <div class="callbacks-section">
+                        <h4>Capability Decisions</h4>
+                        @if (policy.Capabilities.Count == 0)
+                        {
+                            <div class="callbacks-empty small">None</div>
+                        }
+                        else
+                        {
+                            <div class="callbacks-policy-list">
+                                @foreach (DbExtensionCapabilityDecision capability in policy.Capabilities)
+                                {
+                                    <div class="callbacks-policy-item">
+                                        <div class="callbacks-policy-main">
+                                            <strong>@capability.Name</strong>
+                                            <span>@(capability.PolicySource ?? "No policy source")</span>
+                                            <p>@(capability.Reason ?? "No policy reason.")</p>
+                                        </div>
+                                        <span class="@GetCapabilityBadgeClass(capability)">@capability.Status</span>
+                                    </div>
+                                }
+                            </div>
+                        }
+                    </div>
+
+                    <div class="callbacks-section">
+                        <h4>Capability Requests</h4>
+                        @if (descriptor.Capabilities.Count == 0)
+                        {
+                            <div class="callbacks-empty small">None</div>
+                        }
+                        else
+                        {
+                            <div class="callbacks-capabilities">
+                                @foreach (DbExtensionCapabilityRequest capability in descriptor.Capabilities)
+                                {
+                                    <span class="callbacks-chip">@FormatCapability(capability)</span>
+                                }
+                            </div>
+                        }
+                    </div>
+
+                    <div class="callbacks-section">
+                        <h4>References</h4>
+                        @if (selected.References.Count == 0)
+                        {
+                            <div class="callbacks-empty small">None</div>
+                        }
+                        else
+                        {
+                            <div class="callbacks-reference-list">
+                                @foreach (HostCallbackReference reference in selected.References)
+                                {
+                                    <div class="callbacks-reference-item">
+                                        <strong>@reference.OwnerKind: @reference.OwnerName</strong>
+                                        <span>@reference.Surface</span>
+                                        <code>@reference.Location</code>
+                                    </div>
+                                }
+                            </div>
+                        }
+                    </div>
+
+                    <div class="callbacks-section">
+                        <h4>Metadata</h4>
+                        @if (descriptor.Metadata is { Count: > 0 } metadata)
+                        {
+                            <table class="schema-table callbacks-metadata-table">
+                                <tbody>
+                                    @foreach (var item in metadata.OrderBy(static pair => pair.Key, StringComparer.OrdinalIgnoreCase))
+                                    {
+                                        <tr>
+                                            <th>@item.Key</th>
+                                            <td class="mono-cell">@item.Value</td>
+                                        </tr>
+                                    }
+                                </tbody>
+                            </table>
+                        }
+                        else
+                        {
+                            <div class="callbacks-empty small">None</div>
+                        }
+                    </div>
+                }
+                else
+                {
+                    <p class="callbacks-description">
+                        This callback is referenced by saved database metadata, but it is not registered in the current Admin host.
+                        Remove it by editing the referenced object below, or register the callback in host code.
+                    </p>
+
+                    <div class="callbacks-detail-actions">
+                        <button type="button" class="data-toolbar-btn" @onclick="() => CopySelectedStubAsync(selected)">
+                            <i class="bi bi-clipboard"></i> Copy Stub
+                        </button>
+                    </div>
+
+                    <table class="schema-table callbacks-detail-table">
+                        <tbody>
+                            <tr><th>Registration</th><td><span class="callbacks-policy-badge missing">Not registered</span></td></tr>
+                            <tr><th>Kind</th><td>@GetKindLabel(selected.Kind)</td></tr>
+                            <tr><th>Arity</th><td>@FormatArity(selected.Arity)</td></tr>
+                            <tr><th>References</th><td>@selected.References.Count</td></tr>
+                        </tbody>
+                    </table>
+
+                    <div class="callbacks-section">
+                        <h4>References</h4>
+                        @if (selected.References.Count == 0)
+                        {
+                            <div class="callbacks-empty small">None</div>
+                        }
+                        else
+                        {
+                            <div class="callbacks-reference-list">
+                                @foreach (HostCallbackReference reference in selected.References)
+                                {
+                                    <div class="callbacks-reference-item">
+                                        <strong>@reference.OwnerKind: @reference.OwnerName</strong>
+                                        <span>@reference.Surface</span>
+                                        <code>@reference.Location</code>
+                                    </div>
+                                }
+                            </div>
+                        }
+                    </div>
+                }
+            }
+            else
+            {
+                <div class="callbacks-empty">Select a callback.</div>
+            }
+        </section>
+    </div>
+
+    <div class="callbacks-splitter callbacks-splitter-horizontal"
+         title="Resize diagnostics"
+         @onmousedown="StartDiagnosticsResizeAsync"
+         @onmousedown:preventDefault></div>
+
+    <section class="callbacks-diagnostics-panel" @ref="_callbacksDiagnosticsRef">
+        <div class="callbacks-diagnostics-head">
+            <div>
+                <div class="callbacks-eyebrow">Runtime</div>
+                <h3>Diagnostics History</h3>
+            </div>
+            <button type="button"
+                    class="data-toolbar-btn"
+                    @onclick="ClearDiagnostics"
+                    disabled="@(_diagnostics.Count == 0)">
+                <i class="bi bi-trash"></i> Clear
+            </button>
+        </div>
+
+        @if (_diagnostics.Count == 0)
+        {
+            <div class="callbacks-empty small">No callback invocations captured.</div>
+        }
+        else
+        {
+            <div class="callbacks-diagnostics-table-wrap">
+                <table class="schema-table callbacks-diagnostics-table">
+                    <thead>
+                        <tr>
+                            <th>Started</th>
+                            <th>Callback</th>
+                            <th>Result</th>
+                            <th>Policy</th>
+                            <th>Error</th>
+                            <th>Exception</th>
+                            <th>Correlation</th>
+                            <th>Owner</th>
+                            <th>Location</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        @foreach (DbCallbackInvocationDiagnostic diagnostic in _diagnostics.Take(50))
+                        {
+                            <tr>
+                                <td>@FormatStartedAt(diagnostic.StartedAtUtc)</td>
+                                <td>
+                                    <strong>@diagnostic.Name</strong>
+                                    <span>@GetKindLabel(diagnostic.CallbackKind) @FormatArity(diagnostic.Arity)</span>
+                                </td>
+                                <td>
+                                    <span class="@GetDiagnosticStatusClass(diagnostic)">@GetDiagnosticStatus(diagnostic)</span>
+                                    @if (!string.IsNullOrWhiteSpace(diagnostic.ResultMessage))
+                                    {
+                                        <small>@diagnostic.ResultMessage</small>
+                                    }
+                                </td>
+                                <td>
+                                    <span class="@GetDiagnosticPolicyClass(diagnostic)">@FormatDiagnosticPolicy(diagnostic)</span>
+                                    @if (!string.IsNullOrWhiteSpace(diagnostic.PolicyDenialReason))
+                                    {
+                                        <small>@diagnostic.PolicyDenialReason</small>
+                                    }
+                                </td>
+                                <td>@(diagnostic.ErrorCode ?? "-")</td>
+                                <td class="mono-cell">@FormatExceptionType(diagnostic.ExceptionType)</td>
+                                <td class="mono-cell">@FormatText(diagnostic.CorrelationId)</td>
+                                <td>@FormatOwner(diagnostic)</td>
+                                <td>
+                                    <span>@FormatText(diagnostic.Surface)</span>
+                                    <code>@FormatText(diagnostic.Location)</code>
+                                    @if (!string.IsNullOrWhiteSpace(diagnostic.EventName))
+                                    {
+                                        <small>@diagnostic.EventName</small>
+                                    }
+                                </td>
+                            </tr>
+                        }
+                    </tbody>
+                </table>
+            </div>
+        }
+    </section>
+</div>
+
+@code {
+    private const string CallbackScopeInternal = "internal";
+    private const string CallbackScopeExternal = "external";
+
+    [Parameter] public TabDescriptor Tab { get; set; } = null!;
+
+    private IReadOnlyList<HostCallbackCatalogEntry> _entries = [];
+    private string _query = string.Empty;
+    private string _kindFilter = string.Empty;
+    private string _statusFilter = string.Empty;
+    private string _callbackScope = CallbackScopeExternal;
+    private string? _selectedKey;
+    private HostCallbackReadinessReport? _readiness;
+    private IReadOnlyList<DbCallbackInvocationDiagnostic> _diagnostics = [];
+    private ElementReference _callbacksLayoutRef;
+    private ElementReference _callbacksDetailRef;
+    private ElementReference _callbacksDiagnosticsRef;
+
+    private sealed record BuiltInFormulaFunctionGroup(string Category, IReadOnlyList<FormulaFunctionDescriptor> Functions);
+
+    private bool IsInternalScope => _callbackScope.Equals(CallbackScopeInternal, StringComparison.OrdinalIgnoreCase);
+
+    private IReadOnlyList<HostCallbackCatalogEntry> ScopedEntries
+        => _entries.Where(IsEntryInSelectedScope).ToArray();
+
+    private IReadOnlyList<HostCallbackCatalogEntry> FilteredEntries
+        => ScopedEntries.Where(MatchesFilter).ToArray();
+
+    private IReadOnlyList<FormulaFunctionDescriptor> FilteredBuiltInFunctions
+        => FormulaFunctionCatalog.AllFunctions
+            .Where(MatchesBuiltInFunctionFilter)
+            .OrderBy(static function => function.Category, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static function => function.Name, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+    private HostCallbackCatalogEntry? SelectedEntry
+        => ScopedEntries.FirstOrDefault(entry => GetEntryKey(entry) == _selectedKey);
+
+    private bool HasMissingEntries => ScopedEntries.Any(static entry => entry.IsMissingRegistration);
+
+    private IReadOnlyList<BuiltInFormulaFunctionGroup> GetBuiltInFunctionGroups()
+        => FilteredBuiltInFunctions
+            .GroupBy(static function => function.Category, StringComparer.OrdinalIgnoreCase)
+            .Select(static group => new BuiltInFormulaFunctionGroup(group.Key, group.ToArray()))
+            .ToArray();
+
+    protected override async Task OnInitializedAsync()
+    {
+        CallbackDiagnosticsHistory.Changed += OnDiagnosticsChanged;
+        LoadDiagnostics();
+        await RefreshAsync();
+    }
+
+    protected override async Task OnAfterRenderAsync(bool firstRender)
+    {
+        if (!firstRender)
+            return;
+
+        try
+        {
+            await JS.InvokeVoidAsync("resizeInterop.initCallbacksLayout", _callbacksLayoutRef);
+        }
+        catch
+        {
+        }
+    }
+
+    protected override void OnParametersSet()
+    {
+        ApplyTabSelection();
+    }
+
+    private async Task RefreshAsync()
+    {
+        _entries = await CallbackCatalog.GetEntriesAsync();
+        _readiness = await CallbackReadiness.GetReadinessAsync();
+        LoadDiagnostics();
+        ApplyTabSelection();
+
+        EnsureSelectedEntryInScope();
+    }
+
+    private void LoadDiagnostics()
+    {
+        _diagnostics = CallbackDiagnosticsHistory.Snapshot();
+    }
+
+    private void OnDiagnosticsChanged()
+    {
+        _ = InvokeAsync(() =>
+        {
+            LoadDiagnostics();
+            StateHasChanged();
+        });
+    }
+
+    private void ClearDiagnostics()
+    {
+        CallbackDiagnosticsHistory.Clear();
+    }
+
+    private void ApplyTabSelection()
+    {
+        if (Tab.State.TryGetValue("CallbackScope", out object? scopeValue)
+            && scopeValue is string scope
+            && !string.IsNullOrWhiteSpace(scope))
+        {
+            _callbackScope = NormalizeCallbackScope(scope);
+        }
+
+        if (Tab.State.TryGetValue("SelectedBuiltInFunctionName", out object? builtInNameValue)
+            && builtInNameValue is string builtInName
+            && !string.IsNullOrWhiteSpace(builtInName))
+        {
+            _callbackScope = CallbackScopeInternal;
+            Tab.State["CallbackScope"] = _callbackScope;
+            _selectedKey = null;
+            return;
+        }
+
+        if (Tab.State.TryGetValue("SelectedCallbackName", out object? nameValue) && nameValue is string name && !string.IsNullOrWhiteSpace(name))
+        {
+            string? kind = Tab.State.TryGetValue("SelectedCallbackKind", out object? kindValue) ? kindValue as string : null;
+            int? arity = Tab.State.TryGetValue("SelectedCallbackArity", out object? arityValue) && arityValue is int value ? value : null;
+
+            HostCallbackCatalogEntry? match = _entries.FirstOrDefault(entry =>
+                entry.Name.Equals(name, StringComparison.OrdinalIgnoreCase)
+                && (string.IsNullOrWhiteSpace(kind) || entry.Kind.ToString().Equals(kind, StringComparison.OrdinalIgnoreCase))
+                && (!arity.HasValue || entry.Arity == arity));
+
+            if (match is not null)
+            {
+                _callbackScope = GetEntryScope(match);
+                Tab.State["CallbackScope"] = _callbackScope;
+                _selectedKey = GetEntryKey(match);
+            }
+        }
+    }
+
+    private void SelectEntry(HostCallbackCatalogEntry entry)
+    {
+        _selectedKey = GetEntryKey(entry);
+        _callbackScope = GetEntryScope(entry);
+        Tab.State["CallbackScope"] = _callbackScope;
+        Tab.State["SelectedCallbackName"] = entry.Name;
+        Tab.State["SelectedCallbackKind"] = entry.Kind.ToString();
+        Tab.State["SelectedCallbackArity"] = entry.Arity;
+        Tab.State.Remove("SelectedBuiltInFunctionName");
+    }
+
+    private void SelectCallbackScope(string scope)
+    {
+        _callbackScope = NormalizeCallbackScope(scope);
+        Tab.State["CallbackScope"] = _callbackScope;
+        Tab.State.Remove("SelectedBuiltInFunctionName");
+
+        if (SelectedEntry is null)
+        {
+            _selectedKey = null;
+            Tab.State.Remove("SelectedCallbackName");
+            Tab.State.Remove("SelectedCallbackKind");
+            Tab.State.Remove("SelectedCallbackArity");
+        }
+
+        EnsureSelectedEntryInScope();
+    }
+
+    private void OnQueryChanged(ChangeEventArgs args)
+    {
+        _query = args.Value?.ToString() ?? string.Empty;
+    }
+
+    private void OnKindFilterChanged(ChangeEventArgs args)
+    {
+        _kindFilter = args.Value?.ToString() ?? string.Empty;
+    }
+
+    private void OnStatusFilterChanged(ChangeEventArgs args)
+    {
+        _statusFilter = args.Value?.ToString() ?? string.Empty;
+    }
+
+    private void EnsureSelectedEntryInScope()
+    {
+        IReadOnlyList<HostCallbackCatalogEntry> scopedEntries = ScopedEntries;
+        if (_selectedKey is null || !scopedEntries.Any(entry => GetEntryKey(entry) == _selectedKey))
+        {
+            _selectedKey = scopedEntries.Count > 0 ? GetEntryKey(scopedEntries[0]) : null;
+        }
+
+        if (_selectedKey is null)
+        {
+            Tab.State.Remove("SelectedCallbackName");
+            Tab.State.Remove("SelectedCallbackKind");
+            Tab.State.Remove("SelectedCallbackArity");
+        }
+    }
+
+    private async Task CopyMissingStubsAsync()
+    {
+        if (!HasMissingEntries)
+        {
+            Toast.Info("All referenced callbacks are registered.");
+            return;
+        }
+
+        try
+        {
+            HostCallbackCatalogEntry[] missingEntries = ScopedEntries
+                .Where(static entry => entry.IsMissingRegistration)
+                .ToArray();
+            string source = CallbackReadiness.GenerateStubSource(missingEntries);
+            await JS.InvokeVoidAsync("clipboardInterop.writeText", source);
+            Toast.Success("Copied missing callback registration stubs.");
+        }
+        catch (Exception ex)
+        {
+            Toast.Error(ex.Message);
+        }
+    }
+
+    private async Task CopySelectedStubAsync(HostCallbackCatalogEntry entry)
+    {
+        try
+        {
+            string source = CallbackReadiness.GenerateStubSource(entry);
+            await JS.InvokeVoidAsync("clipboardInterop.writeText", source);
+            Toast.Success($"Copied stub for '{entry.Name}'.");
+        }
+        catch (Exception ex)
+        {
+            Toast.Error(ex.Message);
+        }
+    }
+
+    private async Task StartBuiltInsResizeAsync(MouseEventArgs e)
+    {
+        await StartCallbacksResizeAsync(
+            e,
+            target: "builtins",
+            variableName: "--callbacks-builtins-height",
+            minSize: 120,
+            maxSize: 520,
+            direction: 1,
+            storageKey: "csharpdb-callbacks-builtins-height");
+    }
+
+    private async Task StartDetailResizeAsync(MouseEventArgs e)
+    {
+        await StartCallbacksResizeAsync(
+            e,
+            target: "detail",
+            variableName: "--callbacks-detail-width",
+            minSize: 320,
+            maxSize: 760,
+            direction: -1,
+            storageKey: "csharpdb-callbacks-detail-width",
+            targetElement: _callbacksDetailRef);
+    }
+
+    private async Task StartDiagnosticsResizeAsync(MouseEventArgs e)
+    {
+        await StartCallbacksResizeAsync(
+            e,
+            target: "diagnostics",
+            variableName: "--callbacks-diagnostics-height",
+            minSize: 140,
+            maxSize: 520,
+            direction: -1,
+            storageKey: "csharpdb-callbacks-diagnostics-height",
+            targetElement: _callbacksDiagnosticsRef);
+    }
+
+    private async Task StartCallbacksResizeAsync(
+        MouseEventArgs e,
+        string target,
+        string variableName,
+        int minSize,
+        int maxSize,
+        int direction,
+        string storageKey,
+        ElementReference targetElement = default)
+    {
+        try
+        {
+            await JS.InvokeVoidAsync(
+                "resizeInterop.startCallbacksResize",
+                new { clientX = e.ClientX, clientY = e.ClientY },
+                _callbacksLayoutRef,
+                targetElement,
+                target,
+                variableName,
+                minSize,
+                maxSize,
+                direction,
+                storageKey);
+        }
+        catch
+        {
+        }
+    }
+
+    private bool MatchesFilter(HostCallbackCatalogEntry entry)
+    {
+        if (!string.IsNullOrWhiteSpace(_kindFilter)
+            && !entry.Kind.ToString().Equals(_kindFilter, StringComparison.OrdinalIgnoreCase))
+        {
+            return false;
+        }
+
+        if (!string.IsNullOrWhiteSpace(_statusFilter))
+        {
+            bool matchesStatus = _statusFilter switch
+            {
+                "missing" => entry.IsMissingRegistration,
+                "registered" => entry.IsRegistered,
+                "referenced" => entry.IsReferenced,
+                _ => true,
+            };
+
+            if (!matchesStatus)
+                return false;
+        }
+
+        if (string.IsNullOrWhiteSpace(_query))
+            return true;
+
+        string query = _query.Trim();
+        return entry.Name.Contains(query, StringComparison.OrdinalIgnoreCase)
+               || entry.Kind.ToString().Contains(query, StringComparison.OrdinalIgnoreCase)
+               || FormatRuntime(entry).Contains(query, StringComparison.OrdinalIgnoreCase)
+               || GetEntryStatus(entry).Contains(query, StringComparison.OrdinalIgnoreCase)
+               || (entry.Descriptor?.Description?.Contains(query, StringComparison.OrdinalIgnoreCase) ?? false)
+               || entry.References.Any(reference => ReferenceMatchesSearch(reference, query))
+               || (entry.Descriptor?.Capabilities.Any(capability => FormatCapability(capability).Contains(query, StringComparison.OrdinalIgnoreCase)) ?? false);
+    }
+
+    private bool MatchesBuiltInFunctionFilter(FormulaFunctionDescriptor function)
+    {
+        if (string.IsNullOrWhiteSpace(_query))
+            return true;
+
+        string query = _query.Trim();
+        return function.Name.Contains(query, StringComparison.OrdinalIgnoreCase)
+               || function.Category.Contains(query, StringComparison.OrdinalIgnoreCase)
+               || function.Signature.Contains(query, StringComparison.OrdinalIgnoreCase)
+               || function.Description.Contains(query, StringComparison.OrdinalIgnoreCase)
+               || "internal".Contains(query, StringComparison.OrdinalIgnoreCase)
+               || "built-in".Contains(query, StringComparison.OrdinalIgnoreCase)
+               || "formula".Contains(query, StringComparison.OrdinalIgnoreCase);
+    }
+
+    private bool IsEntryInSelectedScope(HostCallbackCatalogEntry entry)
+        => GetEntryScope(entry).Equals(_callbackScope, StringComparison.OrdinalIgnoreCase);
+
+    private static string GetEntryScope(HostCallbackCatalogEntry entry)
+        => IsInternalHostCallback(entry) ? CallbackScopeInternal : CallbackScopeExternal;
+
+    private static bool IsInternalHostCallback(HostCallbackCatalogEntry entry)
+        => entry.Descriptor is { Metadata: { } metadata }
+           && IsSystemGeneratedCallbackMetadata(metadata);
+
+    private static bool IsSystemGeneratedCallbackMetadata(IReadOnlyDictionary<string, string> metadata)
+        => HasMetadataValue(metadata, "origin", "system")
+           || HasMetadataValue(metadata, "source", "system")
+           || HasMetadataValue(metadata, "scope", CallbackScopeInternal)
+           || HasMetadataValue(metadata, "generatedBy", "system")
+           || HasMetadataValue(metadata, "systemGenerated", "true");
+
+    private static bool HasMetadataValue(
+        IReadOnlyDictionary<string, string> metadata,
+        string key,
+        string expectedValue)
+        => metadata.TryGetValue(key, out string? value)
+           && string.Equals(value, expectedValue, StringComparison.OrdinalIgnoreCase);
+
+    private static string NormalizeCallbackScope(string? scope)
+        => string.Equals(scope, CallbackScopeInternal, StringComparison.OrdinalIgnoreCase)
+            ? CallbackScopeInternal
+            : CallbackScopeExternal;
+
+    private string GetPagerText()
+    {
+        if (IsInternalScope)
+        {
+            int builtIns = FilteredBuiltInFunctions.Count;
+            int hostCallbacks = FilteredEntries.Count;
+            int totalBuiltIns = FormulaFunctionCatalog.AllFunctions.Count;
+            int totalHostCallbacks = ScopedEntries.Count;
+            return $"{builtIns} of {totalBuiltIns} functions · {hostCallbacks} of {totalHostCallbacks} callbacks";
+        }
+
+        return $"{FilteredEntries.Count} of {ScopedEntries.Count} callbacks";
+    }
+
+    private string GetEmptyScopeText()
+        => IsInternalScope
+            ? "No internal host callbacks registered."
+            : "No external callbacks registered or referenced.";
+
+    private static string GetScopeLabel(string scope)
+        => string.Equals(scope, CallbackScopeInternal, StringComparison.OrdinalIgnoreCase)
+            ? "Internal"
+            : "External";
+
+    private string GetScopeButtonClass(string scope)
+        => _callbackScope.Equals(scope, StringComparison.OrdinalIgnoreCase)
+            ? "callbacks-scope-btn active"
+            : "callbacks-scope-btn";
+
+    private static bool ReferenceMatchesSearch(HostCallbackReference reference, string query)
+        => reference.Surface.Contains(query, StringComparison.OrdinalIgnoreCase)
+           || reference.Location.Contains(query, StringComparison.OrdinalIgnoreCase)
+           || reference.OwnerKind.Contains(query, StringComparison.OrdinalIgnoreCase)
+           || reference.OwnerName.Contains(query, StringComparison.OrdinalIgnoreCase)
+           || reference.OwnerId.Contains(query, StringComparison.OrdinalIgnoreCase);
+
+    private static string GetEntryKey(HostCallbackCatalogEntry entry)
+        => $"{entry.Kind}:{entry.Name}:{entry.Arity?.ToString() ?? "-"}";
+
+    private static string GetKindLabel(AutomationCallbackKind kind)
+        => kind switch
+        {
+            AutomationCallbackKind.ScalarFunction => "Scalar function",
+            AutomationCallbackKind.Command => "Command",
+            AutomationCallbackKind.ValidationRule => "Validation rule",
+            _ => kind.ToString(),
+        };
+
+    private static string FormatRuntime(HostCallbackCatalogEntry entry)
+        => entry.Descriptor?.Runtime.ToString() ?? "Not registered";
+
+    private static string FormatArity(int? arity)
+        => arity?.ToString(System.Globalization.CultureInfo.InvariantCulture) ?? "-";
+
+    private static string FormatTimeout(TimeSpan? timeout)
+    {
+        if (timeout is null)
+            return "-";
+
+        return timeout.Value.TotalMilliseconds < 1000
+            ? $"{timeout.Value.TotalMilliseconds:0.###}ms"
+            : $"{timeout.Value.TotalSeconds:0.###}s";
+    }
+
+    private static string FormatBytes(long? bytes)
+    {
+        if (bytes is null)
+            return "-";
+
+        const decimal kilo = 1024m;
+        decimal value = bytes.Value;
+        string[] units = ["B", "KB", "MB", "GB"];
+        int unitIndex = 0;
+        while (value >= kilo && unitIndex < units.Length - 1)
+        {
+            value /= kilo;
+            unitIndex++;
+        }
+
+        return $"{value:0.##} {units[unitIndex]}";
+    }
+
+    private static string FormatFlags(DbHostCallbackDescriptor callback)
+    {
+        List<string> flags = [];
+        if (callback.IsDeterministic)
+            flags.Add("deterministic");
+        if (callback.NullPropagating)
+            flags.Add("null-propagating");
+        if (callback.CanRunWithoutFrom)
+            flags.Add("tableless SELECT");
+        if (callback.IsLongRunning)
+            flags.Add("long-running");
+
+        return flags.Count == 0 ? "-" : string.Join(", ", flags);
+    }
+
+    private static string FormatCapabilitySummary(HostCallbackCatalogEntry entry)
+        => entry.Descriptor is null || entry.Descriptor.Capabilities.Count == 0
+            ? "-"
+            : string.Join(", ", entry.Descriptor.Capabilities.Select(static capability => capability.Name));
+
+    private static string FormatCapability(DbExtensionCapabilityRequest capability)
+    {
+        List<string> parts = [capability.Name.ToString()];
+
+        if (capability.Exports is { Count: > 0 })
+            parts.Add($"exports={string.Join("|", capability.Exports)}");
+        if (capability.Tables is { Count: > 0 })
+            parts.Add($"tables={string.Join("|", capability.Tables)}");
+        if (capability.Scope is { Count: > 0 })
+            parts.Add($"scope={string.Join("|", capability.Scope.OrderBy(static pair => pair.Key, StringComparer.OrdinalIgnoreCase).Select(static pair => $"{pair.Key}:{pair.Value}"))}");
+
+        return string.Join(" ", parts);
+    }
+
+    private string GetEntryStatus(HostCallbackCatalogEntry entry)
+    {
+        if (entry.IsMissingRegistration)
+            return "Not registered";
+
+        return entry.Descriptor is { } descriptor
+            ? GetPolicyStatus(CallbackPolicy.Evaluate(descriptor))
+            : "Unknown";
+    }
+
+    private string GetEntryStatusBadgeClass(HostCallbackCatalogEntry entry)
+    {
+        if (entry.IsMissingRegistration)
+            return "callbacks-policy-badge missing";
+
+        return entry.Descriptor is { } descriptor
+            ? GetPolicyBadgeClass(CallbackPolicy.Evaluate(descriptor))
+            : "callbacks-policy-badge denied";
+    }
+
+    private string GetReadinessText()
+    {
+        if (_readiness is null)
+            return "Checking";
+
+        return _readiness.Ready
+            ? $"Ready · {_readiness.RegisteredCount} registered"
+            : $"{_readiness.MissingCount} unregistered · {_readiness.ReferencedCount} referenced";
+    }
+
+    private string GetReadinessBadgeClass()
+        => _readiness?.Ready == true
+            ? "callbacks-readiness-badge ready"
+            : "callbacks-readiness-badge missing";
+
+    private static string GetPolicyStatus(DbExtensionPolicyDecision decision)
+        => decision.Allowed ? "Allowed" : "Denied";
+
+    private static string GetPolicyBadgeClass(DbExtensionPolicyDecision decision)
+        => decision.Allowed
+            ? "callbacks-policy-badge allowed"
+            : "callbacks-policy-badge denied";
+
+    private static string GetCapabilityBadgeClass(DbExtensionCapabilityDecision decision)
+        => decision.Status == DbExtensionCapabilityGrantStatus.Granted
+            ? "callbacks-policy-badge allowed"
+            : "callbacks-policy-badge denied";
+
+    private static string FormatStartedAt(DateTimeOffset? startedAt)
+        => startedAt?.ToLocalTime().ToString("HH:mm:ss") ?? "-";
+
+    private static string GetDiagnosticStatus(DbCallbackInvocationDiagnostic diagnostic)
+    {
+        if (diagnostic.TimedOut)
+            return "Timed out";
+        if (diagnostic.Canceled)
+            return "Canceled";
+        return diagnostic.Succeeded ? "Succeeded" : "Failed";
+    }
+
+    private static string GetDiagnosticStatusClass(DbCallbackInvocationDiagnostic diagnostic)
+        => diagnostic.Succeeded
+            ? "callbacks-policy-badge allowed"
+            : "callbacks-policy-badge denied";
+
+    private static string FormatDiagnosticPolicy(DbCallbackInvocationDiagnostic diagnostic)
+        => diagnostic.PolicyAllowed switch
+        {
+            true => "Allowed",
+            false => "Denied",
+            _ => "-",
+        };
+
+    private static string GetDiagnosticPolicyClass(DbCallbackInvocationDiagnostic diagnostic)
+        => diagnostic.PolicyAllowed switch
+        {
+            true => "callbacks-policy-badge allowed",
+            false => "callbacks-policy-badge denied",
+            _ => "callbacks-policy-badge missing",
+        };
+
+    private static string FormatExceptionType(string? exceptionType)
+    {
+        if (string.IsNullOrWhiteSpace(exceptionType))
+            return "-";
+
+        int lastDot = exceptionType.LastIndexOf('.');
+        return lastDot >= 0 && lastDot < exceptionType.Length - 1
+            ? exceptionType[(lastDot + 1)..]
+            : exceptionType;
+    }
+
+    private static string FormatText(string? value)
+        => string.IsNullOrWhiteSpace(value) ? "-" : value;
+
+    private static string FormatOwner(DbCallbackInvocationDiagnostic diagnostic)
+        => string.IsNullOrWhiteSpace(diagnostic.OwnerKind)
+            ? "-"
+            : $"{diagnostic.OwnerKind}: {FormatText(diagnostic.OwnerName ?? diagnostic.OwnerId)}";
+
+    public void Dispose()
+    {
+        CallbackDiagnosticsHistory.Changed -= OnDiagnosticsChanged;
+    }
+}
diff --git a/src/CSharpDB.Admin/Components/Tabs/CollectionTab.razor b/src/CSharpDB.Admin/Components/Tabs/CollectionTab.razor
new file mode 100644
index 00000000..20f7e8e0
--- /dev/null
+++ b/src/CSharpDB.Admin/Components/Tabs/CollectionTab.razor
@@ -0,0 +1,510 @@
+@using System.Text.Json
+@inject ICSharpDbClient DbClient
+@inject DatabaseChangeService Changes
+@inject TabManagerService TabManager
+@inject ToastService Toast
+@inject ModalService Modal
+
+<div class="data-tab collection-tab">
+    <div class="data-toolbar">
+        <div class="data-crumb">
+            <button type="button" @onclick="RefreshAsync">
+                <i class="bi bi-braces"></i>
+                collections
+            </button>
+            <span>/</span>
+            <strong><i class="bi bi-braces icon-view"></i>@CollectionName</strong>
+        </div>
+
+        <div class="data-toolbar-group">
+            <button type="button" class="data-toolbar-btn" @onclick="RefreshAsync" disabled="@_loading">
+                <i class="bi bi-arrow-clockwise"></i> Refresh
+            </button>
+            <button type="button" class="data-toolbar-btn primary" @onclick="StartNewDocumentAsync">
+                <i class="bi bi-plus-lg"></i> New Document
+            </button>
+            <button type="button" class="data-toolbar-btn primary" @onclick="SaveDocumentAsync" disabled="@(!CanSave)">
+                <i class="bi bi-check-lg"></i> Save
+            </button>
+            <button type="button" class="data-toolbar-btn" @onclick="DiscardChangesAsync" disabled="@(!CanDiscard)">
+                <i class="bi bi-x-lg"></i> Discard
+            </button>
+            <button type="button" class="data-toolbar-btn danger" @onclick="DeleteDocumentAsync" disabled="@(!CanDelete)">
+                <i class="bi bi-trash3"></i> Delete
+            </button>
+        </div>
+
+        <div class="collection-key-lookup">
+            <i class="bi bi-key"></i>
+            <input type="text"
+                   placeholder="Find exact key..."
+                   value="@_lookupKey"
+                   @oninput="e => _lookupKey = e.Value?.ToString() ?? string.Empty"
+                   @onkeydown="HandleLookupKeyDown" />
+            <button type="button" title="Find document" @onclick="FindByKeyAsync" disabled="@string.IsNullOrWhiteSpace(_lookupKey)">
+                <i class="bi bi-search"></i>
+            </button>
+        </div>
+
+        <div class="data-pager">
+            <span>@GetRangeText()</span>
+            <select value="@_pageSize" @onchange="ChangePageSizeAsync" disabled="@_loading">
+                <option value="10">10 rows</option>
+                <option value="25">25 rows</option>
+                <option value="50">50 rows</option>
+                <option value="100">100 rows</option>
+            </select>
+            <button type="button" disabled="@(!CanGoToPreviousPage)" @onclick="GoToPreviousPageAsync" title="Previous page">
+                <i class="bi bi-chevron-left"></i>
+            </button>
+            <button type="button" disabled="@(!CanGoToNextPage)" @onclick="GoToNextPageAsync" title="Next page">
+                <i class="bi bi-chevron-right"></i>
+            </button>
+        </div>
+    </div>
+
+    @if (!string.IsNullOrWhiteSpace(_error))
+    {
+        <div class="collection-alert error">
+            <i class="bi bi-exclamation-triangle"></i>
+            <span>@_error</span>
+        </div>
+    }
+
+    <div class="collection-browser">
+        <div class="collection-list">
+            <table class="data-grid collection-grid">
+                <thead>
+                    <tr>
+                        <th class="row-num-header">#</th>
+                        <th>Key</th>
+                        <th>Kind</th>
+                        <th>Preview</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    @if (_loading)
+                    {
+                        <tr>
+                            <td colspan="4" class="empty-cell">Loading documents...</td>
+                        </tr>
+                    }
+                    else if (_documents.Count == 0)
+                    {
+                        <tr>
+                            <td colspan="4" class="empty-cell">No documents in this collection</td>
+                        </tr>
+                    }
+                    else
+                    {
+                        @for (int i = 0; i < _documents.Count; i++)
+                        {
+                            var document = _documents[i];
+                            int rowNumber = ((_page - 1) * _pageSize) + i + 1;
+                            <tr class="@(IsSelected(document.Key) ? "selected" : string.Empty)"
+                                @onclick="() => SelectDocumentAsync(document)">
+                                <td class="row-num">@rowNumber</td>
+                                <td class="collection-key-cell">@document.Key</td>
+                                <td>@CollectionJsonFormatter.GetKindLabel(document.Document)</td>
+                                <td class="collection-preview-cell">@CollectionJsonFormatter.GetPreview(document.Document)</td>
+                            </tr>
+                        }
+                    }
+                </tbody>
+            </table>
+        </div>
+
+        <div class="collection-detail">
+            <div class="collection-detail-header">
+                <div>
+                    <span class="collection-detail-label">@(_isNewDocument ? "New Document" : "Document")</span>
+                    <strong>@(string.IsNullOrWhiteSpace(_editorKey) ? "No document selected" : _editorKey)</strong>
+                </div>
+                @if (_dirty)
+                {
+                    <span class="collection-dirty-badge">Unsaved</span>
+                }
+            </div>
+
+            @if (HasEditor)
+            {
+                <label class="schema-field">
+                    <span>Key</span>
+                    <input type="text"
+                           value="@_editorKey"
+                           readonly="@(!_isNewDocument)"
+                           @oninput="OnEditorKeyChanged" />
+                </label>
+
+                <label class="schema-field collection-json-field">
+                    <span>JSON Document</span>
+                    <textarea class="schema-textarea collection-json-editor"
+                              value="@_editorJson"
+                              @oninput="OnEditorJsonChanged"></textarea>
+                </label>
+
+                @if (!string.IsNullOrWhiteSpace(_validationMessage))
+                {
+                    <div class="collection-alert error">
+                        <i class="bi bi-exclamation-triangle"></i>
+                        <span>@_validationMessage</span>
+                    </div>
+                }
+            }
+            else
+            {
+                <div class="collection-empty-detail">
+                    <i class="bi bi-braces"></i>
+                    <span>Select a document or create a new one.</span>
+                </div>
+            }
+        </div>
+    </div>
+</div>
+
+@code {
+    [Parameter] public TabDescriptor? Tab { get; set; }
+    [Parameter] public string CollectionName { get; set; } = string.Empty;
+
+    private readonly List<CollectionDocument> _documents = new();
+    private string? _loadedCollectionName;
+    private string? _selectedKey;
+    private string _editorKey = string.Empty;
+    private string _editorJson = string.Empty;
+    private string _originalJson = string.Empty;
+    private string _lookupKey = string.Empty;
+    private string? _validationMessage;
+    private string? _error;
+    private bool _loading;
+    private bool _isNewDocument;
+    private bool _dirty;
+    private int _page = 1;
+    private int _pageSize = 25;
+    private int _totalCount;
+
+    private int TotalPages => Math.Max(1, (int)Math.Ceiling(_totalCount / (double)_pageSize));
+    private bool HasEditor => _isNewDocument || !string.IsNullOrWhiteSpace(_selectedKey);
+    private bool CanSave => HasEditor && _dirty && string.IsNullOrWhiteSpace(_validationMessage) && !string.IsNullOrWhiteSpace(_editorKey);
+    private bool CanDiscard => HasEditor && _dirty;
+    private bool CanDelete => HasEditor && !_isNewDocument && !string.IsNullOrWhiteSpace(_selectedKey);
+    private bool CanGoToPreviousPage => !_loading && _page > 1;
+    private bool CanGoToNextPage => !_loading && _page < TotalPages;
+
+    protected override async Task OnParametersSetAsync()
+    {
+        bool startNewDocument = Tab?.State.Remove("StartNewDocument") == true;
+        if (string.Equals(_loadedCollectionName, CollectionName, StringComparison.Ordinal))
+        {
+            if (startNewDocument)
+                await StartNewDocumentAsync();
+            return;
+        }
+
+        _loadedCollectionName = CollectionName;
+        _page = 1;
+        ClearEditor();
+        await LoadPageAsync();
+
+        if (startNewDocument)
+            await StartNewDocumentAsync();
+    }
+
+    private async Task RefreshAsync()
+    {
+        if (!await ConfirmDiscardIfDirtyAsync())
+            return;
+
+        await LoadPageAsync(_selectedKey);
+    }
+
+    private async Task ChangePageSizeAsync(ChangeEventArgs e)
+    {
+        if (!await ConfirmDiscardIfDirtyAsync())
+            return;
+
+        if (!int.TryParse(e.Value?.ToString(), out int pageSize))
+            pageSize = 25;
+
+        _pageSize = pageSize;
+        _page = 1;
+        await LoadPageAsync();
+    }
+
+    private async Task GoToPreviousPageAsync()
+    {
+        if (!CanGoToPreviousPage || !await ConfirmDiscardIfDirtyAsync())
+            return;
+
+        _page--;
+        await LoadPageAsync();
+    }
+
+    private async Task GoToNextPageAsync()
+    {
+        if (!CanGoToNextPage || !await ConfirmDiscardIfDirtyAsync())
+            return;
+
+        _page++;
+        await LoadPageAsync();
+    }
+
+    private async Task LoadPageAsync(string? selectKey = null)
+    {
+        if (string.IsNullOrWhiteSpace(CollectionName))
+        {
+            _error = "Collection name is required.";
+            return;
+        }
+
+        _loading = true;
+        _error = null;
+        try
+        {
+            var result = await DbClient.BrowseCollectionAsync(CollectionName, _page, _pageSize);
+            _totalCount = result.TotalCount;
+            _documents.Clear();
+            _documents.AddRange(result.Documents);
+
+            if (_page > TotalPages)
+            {
+                _page = TotalPages;
+                result = await DbClient.BrowseCollectionAsync(CollectionName, _page, _pageSize);
+                _totalCount = result.TotalCount;
+                _documents.Clear();
+                _documents.AddRange(result.Documents);
+            }
+
+            string? keyToSelect = selectKey ?? _selectedKey;
+            var selected = !string.IsNullOrWhiteSpace(keyToSelect)
+                ? _documents.FirstOrDefault(document => string.Equals(document.Key, keyToSelect, StringComparison.Ordinal))
+                : null;
+
+            selected ??= _documents.FirstOrDefault();
+            if (selected is not null)
+                SelectDocument(selected, isDirty: false);
+            else
+                ClearEditor();
+        }
+        catch (Exception ex)
+        {
+            _error = ex.Message;
+            _documents.Clear();
+            _totalCount = 0;
+            ClearEditor();
+        }
+        finally
+        {
+            _loading = false;
+        }
+    }
+
+    private async Task SelectDocumentAsync(CollectionDocument document)
+    {
+        if (!await ConfirmDiscardIfDirtyAsync())
+            return;
+
+        SelectDocument(document, isDirty: false);
+    }
+
+    private void SelectDocument(CollectionDocument document, bool isDirty)
+    {
+        _selectedKey = document.Key;
+        _editorKey = document.Key;
+        _editorJson = CollectionJsonFormatter.Format(document.Document);
+        _originalJson = _editorJson;
+        _isNewDocument = false;
+        _dirty = isDirty;
+        _validationMessage = null;
+    }
+
+    private async Task StartNewDocumentAsync()
+    {
+        if (!await ConfirmDiscardIfDirtyAsync())
+            return;
+
+        _selectedKey = null;
+        _editorKey = string.Empty;
+        _editorJson = "{}";
+        _originalJson = string.Empty;
+        _isNewDocument = true;
+        _dirty = true;
+        _validationMessage = null;
+    }
+
+    private async Task SaveDocumentAsync()
+    {
+        ValidateEditorJson();
+        if (!CanSave)
+            return;
+
+        string key = _editorKey.Trim();
+        if (!CollectionJsonFormatter.TryClone(_editorJson, out JsonElement document, out string? error))
+        {
+            _validationMessage = error;
+            return;
+        }
+
+        try
+        {
+            await DbClient.PutDocumentAsync(CollectionName, key, document);
+            Toast.Success($"Saved document '{key}'.");
+            Changes.NotifyChanged();
+            _selectedKey = key;
+            _isNewDocument = false;
+            _dirty = false;
+            await LoadPageAsync(key);
+        }
+        catch (Exception ex)
+        {
+            _validationMessage = ex.Message;
+        }
+    }
+
+    private async Task DeleteDocumentAsync()
+    {
+        if (!CanDelete || _selectedKey is null)
+            return;
+
+        string key = _selectedKey;
+        bool confirmed = await Modal.ConfirmAsync(
+            "Delete Document",
+            $"Are you sure you want to delete document '{key}' from collection '{CollectionName}'?",
+            "Delete",
+            isDanger: true);
+        if (!confirmed)
+            return;
+
+        try
+        {
+            bool deleted = await DbClient.DeleteDocumentAsync(CollectionName, key);
+            if (deleted)
+            {
+                Toast.Success($"Deleted document '{key}'.");
+                Changes.NotifyChanged();
+            }
+            else
+            {
+                Toast.Info($"Document '{key}' was not found.");
+            }
+
+            _selectedKey = null;
+            ClearEditor();
+            await LoadPageAsync();
+        }
+        catch (Exception ex)
+        {
+            _error = ex.Message;
+        }
+    }
+
+    private Task DiscardChangesAsync()
+    {
+        if (!HasEditor)
+            return Task.CompletedTask;
+
+        if (_isNewDocument)
+        {
+            ClearEditor();
+            return Task.CompletedTask;
+        }
+
+        _editorJson = _originalJson;
+        _dirty = false;
+        _validationMessage = null;
+        return Task.CompletedTask;
+    }
+
+    private async Task FindByKeyAsync()
+    {
+        if (string.IsNullOrWhiteSpace(_lookupKey) || !await ConfirmDiscardIfDirtyAsync())
+            return;
+
+        string key = _lookupKey.Trim();
+        try
+        {
+            JsonElement? document = await DbClient.GetDocumentAsync(CollectionName, key);
+            if (document is null)
+            {
+                Toast.Info($"Document '{key}' was not found.");
+                return;
+            }
+
+            SelectDocument(new CollectionDocument { Key = key, Document = document.Value }, isDirty: false);
+        }
+        catch (Exception ex)
+        {
+            _error = ex.Message;
+        }
+    }
+
+    private async Task HandleLookupKeyDown(KeyboardEventArgs e)
+    {
+        if (e.Key == "Enter")
+            await FindByKeyAsync();
+    }
+
+    private void OnEditorKeyChanged(ChangeEventArgs e)
+    {
+        _editorKey = e.Value?.ToString() ?? string.Empty;
+        _dirty = true;
+    }
+
+    private void OnEditorJsonChanged(ChangeEventArgs e)
+    {
+        _editorJson = e.Value?.ToString() ?? string.Empty;
+        _dirty = true;
+        ValidateEditorJson();
+    }
+
+    private void ValidateEditorJson()
+    {
+        if (string.IsNullOrWhiteSpace(_editorJson))
+        {
+            _validationMessage = "Document JSON is required.";
+            return;
+        }
+
+        _validationMessage = CollectionJsonFormatter.TryClone(_editorJson, out _, out string? error)
+            ? null
+            : error;
+    }
+
+    private async Task<bool> ConfirmDiscardIfDirtyAsync()
+    {
+        if (!_dirty)
+            return true;
+
+        return await Modal.ConfirmAsync(
+            "Discard Changes",
+            "Discard unsaved collection document changes?",
+            "Discard",
+            isDanger: true);
+    }
+
+    private void ClearEditor()
+    {
+        _selectedKey = null;
+        _editorKey = string.Empty;
+        _editorJson = string.Empty;
+        _originalJson = string.Empty;
+        _validationMessage = null;
+        _isNewDocument = false;
+        _dirty = false;
+    }
+
+    private bool IsSelected(string key)
+        => !_isNewDocument && string.Equals(_selectedKey, key, StringComparison.Ordinal);
+
+    private string GetRangeText()
+    {
+        if (_loading)
+            return "Loading...";
+
+        if (_totalCount == 0)
+            return "0 documents";
+
+        int first = ((_page - 1) * _pageSize) + 1;
+        int last = Math.Min(_totalCount, first + _documents.Count - 1);
+        return $"{first}-{last} of {_totalCount}";
+    }
+}
diff --git a/src/CSharpDB.Admin/Components/Tabs/DataTab.razor b/src/CSharpDB.Admin/Components/Tabs/DataTab.razor
index 6408cda8..feba787a 100644
--- a/src/CSharpDB.Admin/Components/Tabs/DataTab.razor
+++ b/src/CSharpDB.Admin/Components/Tabs/DataTab.razor
@@ -3,49 +3,128 @@
 @inject TabManagerService TabManager
 @inject ToastService Toast
 @inject ModalService Modal
+@inject IJSRuntime JS
 
 <div class="data-tab">
-    <div class="toolbar">
-        <div class="view-switcher">
-            <button class="@(_showData ? "active" : "")" @onclick='() => SwitchView(true)'>
-                <i class="bi bi-grid-3x3"></i> Data
+    <div class="data-toolbar">
+        <div class="data-crumb">
+            <button type="button" @onclick="@OpenObjectListQuery">
+                <i class="bi @(IsView ? "bi-eye" : "bi-table")"></i>
+                @(IsView ? "views" : "tables")
             </button>
-            <button class="@(!_showData ? "active" : "")" @onclick='() => SwitchView(false)'>
-                <i class="bi bi-file-earmark-code"></i> Schema
+            <span>/</span>
+            <strong><i class="bi @(IsView ? "bi-eye icon-view" : "bi-table icon-table")"></i>@ObjectName</strong>
+        </div>
+
+        <div class="data-view-switcher">
+            <button type="button" class="@GetDataViewClass()" @onclick="ShowDataView">
+                <i class="bi bi-grid-3x3-gap"></i> Data
+            </button>
+            <button type="button" class="@GetSchemaViewClass(SchemaPanel.Columns)" @onclick="() => ShowSchemaPanel(SchemaPanel.Columns)">
+                <i class="bi bi-list-columns"></i> Schema <span>@ColumnCount</span>
+            </button>
+            @if (!IsView)
+            {
+                <button type="button" class="@GetSchemaViewClass(SchemaPanel.Indexes)" @onclick="() => ShowSchemaPanel(SchemaPanel.Indexes)">
+                    <i class="bi bi-lightning"></i> Indexes <span>@IndexCount</span>
+                </button>
+                <button type="button" class="@GetSchemaViewClass(SchemaPanel.Triggers)" @onclick="() => ShowSchemaPanel(SchemaPanel.Triggers)">
+                    <i class="bi bi-lightning-charge"></i> Triggers <span>@TriggerCount</span>
+                </button>
+            }
+        </div>
+
+        <div class="data-toolbar-group">
+            <button type="button" class="data-toolbar-btn" @onclick="Refresh">
+                <i class="bi bi-arrow-clockwise"></i> Refresh
             </button>
+            @if (_showData && !IsReadOnly)
+            {
+                <button type="button" class="data-toolbar-btn primary" @onclick="AddRow">
+                    <i class="bi bi-plus-lg"></i> Insert row
+                </button>
+            }
         </div>
 
-        @if (_showData && !IsReadOnly)
+        @if (_showData)
         {
-            <div class="toolbar-separator"></div>
-            <button class="toolbar-btn" @onclick="AddRow">
-                <i class="bi bi-plus-lg"></i> Add Row
+            <div class="data-toolbar-group">
+                <button type="button" class="data-toolbar-btn @(_activeFilters.Count > 0 ? "active" : "")" @onclick="OpenFilterDialogAsync">
+                    <i class="bi bi-funnel"></i> Filter
+                </button>
+                <button type="button" class="data-toolbar-btn" @onclick="ShowSortHint">
+                    <i class="bi bi-sort-down"></i> Sort
+                </button>
+                <button type="button" class="data-toolbar-btn" @onclick="() => ShowSchemaPanel(SchemaPanel.Columns)">
+                    <i class="bi bi-eye"></i> Columns
+                </button>
+            </div>
+        }
+
+        <div class="data-toolbar-group">
+            <button type="button" class="data-toolbar-btn" @onclick="ExportVisibleRowsAsync" disabled="@(!_showData)">
+                <i class="bi bi-download"></i> Export CSV
             </button>
-            <button class="toolbar-btn danger" @onclick="DeleteSelectedAsync" disabled="@(!HasSelection)">
-                <i class="bi bi-trash"></i> Delete Rows (@_selectedRowCount)
+            <button type="button" class="data-toolbar-btn" @onclick="OpenImportPipeline">
+                <i class="bi bi-upload"></i> Import
             </button>
-            <div class="toolbar-separator"></div>
-            <button class="toolbar-btn primary" @onclick="SaveChanges" disabled="@(!_grid?.HasPendingChanges ?? true)">
-                <i class="bi bi-check-lg"></i> Save
+            @if (_showData && !IsReadOnly)
+            {
+                <button type="button" class="data-toolbar-btn primary" @onclick="SaveChanges" disabled="@(!CanSave)">
+                    <i class="bi bi-check-lg"></i> Save
+                </button>
+                <button type="button" class="data-toolbar-btn" @onclick="DiscardChanges" disabled="@(!HasPendingChanges)">
+                    <i class="bi bi-x-lg"></i> Discard
+                </button>
+            }
+            @if (!IsView)
+            {
+                <button type="button" class="data-toolbar-btn danger" @onclick="ConfirmDropTableAsync">
+                    <i class="bi bi-trash3"></i> Drop
+                </button>
+            }
+        </div>
+
+        <div class="data-pager">
+            <span>@GetToolbarRowRangeText()</span>
+            <button type="button" disabled="@(!CanGoToPreviousPage)" @onclick="GoToPreviousPageAsync" title="Previous page">
+                <i class="bi bi-chevron-left"></i>
             </button>
-            <button class="toolbar-btn" @onclick="DiscardChanges" disabled="@(!_grid?.HasPendingChanges ?? true)">
-                <i class="bi bi-x-lg"></i> Discard
+            <button type="button" disabled="@(!CanGoToNextPage)" @onclick="GoToNextPageAsync" title="Next page">
+                <i class="bi bi-chevron-right"></i>
             </button>
-        }
+        </div>
+    </div>
 
-        <div class="toolbar-separator"></div>
-        <button class="toolbar-btn" @onclick="Refresh">
-            <i class="bi bi-arrow-clockwise"></i> Refresh
-        </button>
-        @if (!IsView)
-        {
-            <button class="toolbar-btn danger" @onclick="ConfirmDropTableAsync">
-                <i class="bi bi-trash3"></i> Drop Table
+    @if (_showData)
+    {
+        <div class="data-filter-bar">
+            <span class="data-filter-label">Filters:</span>
+            @if (_activeFilters.Count == 0)
+            {
+                <span class="data-filter-empty">No active filters</span>
+            }
+            else
+            {
+                @foreach (var filter in _activeFilters)
+                {
+                    var currentFilter = filter;
+                    <span class="data-filter-chip">
+                        <span class="col">@currentFilter.ColumnName</span>
+                        <span class="op">@GetFilterOperatorLabel(currentFilter.MatchMode)</span>
+                        <span class="val">@FormatFilterValue(currentFilter.Value)</span>
+                        <button type="button" title="Remove filter" @onclick="() => ClearFilterAsync(currentFilter.ColumnIndex)">
+                            <i class="bi bi-x"></i>
+                        </button>
+                    </span>
+                }
+            }
+            <button type="button" class="data-add-filter" @onclick="OpenFilterDialogAsync">
+                <i class="bi bi-plus-lg"></i> Add filter
             </button>
-        }
-        <div class="toolbar-spacer"></div>
-        <div class="toolbar-info">@ObjectName</div>
-    </div>
+            <span class="data-filter-summary">@GetFilterSummaryText()</span>
+        </div>
+    }
 
     @if (_showData)
     {
@@ -53,7 +132,34 @@
                   TableName="@(IsView ? null : ObjectName)"
                   ViewName="@(IsView ? ObjectName : null)"
                   IsReadOnly="@IsReadOnly"
-                  OnSelectionChanged="OnGridSelectionChanged" />
+                  ShowFilters="false"
+                  OnSelectionChanged="OnGridSelectionChanged"
+                  OnQueryStatusChanged="OnGridStatusChanged"
+                  OnFiltersChanged="OnGridFiltersChanged" />
+        @if (HasSelection)
+        {
+            <div class="data-bulk-bar">
+                <span class="count">@_selectedRowCount selected</span>
+                <span>Apply an action to the selected rows:</span>
+                <div class="actions">
+                    <button type="button" class="data-toolbar-btn" @onclick="OpenBulkEditAsync" disabled="@IsReadOnly">
+                        <i class="bi bi-pencil"></i> Bulk edit
+                    </button>
+                    <button type="button" class="data-toolbar-btn" @onclick="CopySelectedAsInsertAsync" disabled="@IsReadOnly">
+                        <i class="bi bi-clipboard"></i> Copy as INSERT
+                    </button>
+                    <button type="button" class="data-toolbar-btn" @onclick="ExportSelectedRowsAsync">
+                        <i class="bi bi-download"></i> Export
+                    </button>
+                    @if (!IsReadOnly)
+                    {
+                        <button type="button" class="data-toolbar-btn danger" @onclick="DeleteSelectedAsync">
+                            <i class="bi bi-trash3"></i> Delete
+                        </button>
+                    }
+                </div>
+            </div>
+        }
     }
     else
     {
@@ -62,8 +168,44 @@
             {
                 @* ═══ TABLE SCHEMA ═══ *@
 
+                <div class="schema-subnav">
+                    <button class="@GetSchemaPanelClass(SchemaPanel.Overview)" @onclick="() => SetSchemaPanel(SchemaPanel.Overview)">
+                        <i class="bi bi-speedometer2"></i> Overview
+                    </button>
+                    <button class="@GetSchemaPanelClass(SchemaPanel.Columns)" @onclick="() => SetSchemaPanel(SchemaPanel.Columns)">
+                        <i class="bi bi-list-columns"></i> Columns <span>@ColumnCount</span>
+                    </button>
+                    <button class="@GetSchemaPanelClass(SchemaPanel.Indexes)" @onclick="() => SetSchemaPanel(SchemaPanel.Indexes)">
+                        <i class="bi bi-lightning"></i> Indexes <span>@IndexCount</span>
+                    </button>
+                    <button class="@GetSchemaPanelClass(SchemaPanel.Triggers)" @onclick="() => SetSchemaPanel(SchemaPanel.Triggers)">
+                        <i class="bi bi-lightning-charge"></i> Triggers <span>@TriggerCount</span>
+                    </button>
+                </div>
+
+                @if (_schemaPanel == SchemaPanel.Overview)
+                {
+                    <div class="schema-summary-grid">
+                        <button class="schema-summary-card" @onclick="() => SetSchemaPanel(SchemaPanel.Columns)">
+                            <span>Columns</span>
+                            <strong>@ColumnCount</strong>
+                            <small>@PrimaryKeyLabel</small>
+                        </button>
+                        <button class="schema-summary-card" @onclick="() => SetSchemaPanel(SchemaPanel.Indexes)">
+                            <span>Indexes</span>
+                            <strong>@IndexCount</strong>
+                            <small>@UniqueIndexLabel</small>
+                        </button>
+                        <button class="schema-summary-card" @onclick="() => SetSchemaPanel(SchemaPanel.Triggers)">
+                            <span>Triggers</span>
+                            <strong>@TriggerCount</strong>
+                            <small>@TriggerEventsLabel</small>
+                        </button>
+                    </div>
+                }
+
                 @* ─── Columns ─── *@
-                @if (_schema is not null)
+                @if (_schemaPanel == SchemaPanel.Columns && _schema is not null)
                 {
                     <div class="schema-section">
                         <h3>Columns</h3>
@@ -192,6 +334,8 @@
                 }
 
                 @* ─── Indexes ─── *@
+                @if (_schemaPanel == SchemaPanel.Indexes)
+                {
                 <div class="schema-section">
                     <h3>Indexes</h3>
                     @if (_indexes is not null && _indexes.Count > 0)
@@ -286,8 +430,11 @@
                         </div>
                     </div>
                 </div>
+                }
 
                 @* ─── Triggers ─── *@
+                @if (_schemaPanel == SchemaPanel.Triggers)
+                {
                 <div class="schema-section">
                     <h3>Triggers</h3>
                     @if (_triggers is not null && _triggers.Count > 0)
@@ -356,6 +503,7 @@
                         </div>
                     </div>
                 </div>
+                }
             }
             else
             {
@@ -393,6 +541,148 @@
     }
 </div>
 
+@if (_showBulkEdit)
+{
+    <div class="modal-overlay" @onclick="CancelBulkEdit">
+        <div class="modal bulk-edit-modal" @onclick:stopPropagation="true">
+            <div class="modal-header">
+                <h3>Bulk Edit Rows</h3>
+                <button class="modal-close" @onclick="CancelBulkEdit" title="Close">
+                    <i class="bi bi-x-lg"></i>
+                </button>
+            </div>
+            <div class="modal-body">
+                <p class="bulk-edit-summary">
+                    Stage one value across <strong>@_selectedRowCount</strong> selected row@(_selectedRowCount == 1 ? string.Empty : "s") in <strong>@ObjectName</strong>.
+                    Click Save after reviewing the staged changes.
+                </p>
+
+                @if (BulkEditableColumns.Count == 0)
+                {
+                    <div class="empty-state compact">
+                        <i class="bi bi-lock"></i>
+                        <p>This table has no non-key editable columns.</p>
+                    </div>
+                }
+                else
+                {
+                    <div class="bulk-edit-form">
+                        <label>
+                            Column
+                            <select class="modal-input" value="@_bulkEditColumnName" @onchange="OnBulkEditColumnChanged">
+                                @foreach (var column in BulkEditableColumns)
+                                {
+                                    <option value="@column.Name">@column.Name (@column.Type)</option>
+                                }
+                            </select>
+                        </label>
+
+                        <label>
+                            Value
+                            <input type="text"
+                                   class="modal-input"
+                                   placeholder="@GetBulkEditPlaceholder()"
+                                   disabled="@_bulkEditSetNull"
+                                   @bind="_bulkEditValue"
+                                   @bind:event="oninput"
+                                   @onkeydown="OnBulkEditKeyDown" />
+                        </label>
+
+                        <label class="bulk-null-row">
+                            <input type="checkbox"
+                                   checked="@_bulkEditSetNull"
+                                   disabled="@(!CanSetBulkEditNull)"
+                                   @onchange="OnBulkEditNullChanged" />
+                            <span>Set value to NULL</span>
+                        </label>
+
+                        @if (!CanSetBulkEditNull && BulkEditSelectedColumn is not null)
+                        {
+                            <div class="bulk-edit-note">
+                                <i class="bi bi-info-circle"></i>
+                                @($"{BulkEditSelectedColumn.Name} is not nullable.")
+                            </div>
+                        }
+                    </div>
+                }
+            </div>
+            <div class="modal-footer">
+                <button class="btn btn-secondary" @onclick="CancelBulkEdit">Cancel</button>
+                <button class="btn btn-primary" @onclick="ApplyBulkEditAsync" disabled="@(!CanApplyBulkEdit)">
+                    Apply to selected rows
+                </button>
+            </div>
+        </div>
+    </div>
+}
+
+@if (_showFilterDialog)
+{
+    <div class="modal-overlay" @onclick="CancelFilterDialog">
+        <div class="modal table-filter-modal" @onclick:stopPropagation="true">
+            <div class="modal-header">
+                <h3>Add Filter</h3>
+                <button class="modal-close" @onclick="CancelFilterDialog" title="Close">
+                    <i class="bi bi-x-lg"></i>
+                </button>
+            </div>
+            <div class="modal-body">
+                <p class="table-filter-summary">
+                    Filter <strong>@ObjectName</strong> by one column. Active filters appear as chips above the grid.
+                </p>
+
+                @if (FilterColumnNames.Count == 0)
+                {
+                    <div class="empty-state compact">
+                        <i class="bi bi-funnel"></i>
+                        <p>No columns are loaded for filtering yet.</p>
+                    </div>
+                }
+                else
+                {
+                    <div class="table-filter-form">
+                        <label>
+                            Column
+                            <select class="modal-input" value="@_filterColumnName" @onchange="OnFilterColumnChanged">
+                                @foreach (var columnName in FilterColumnNames)
+                                {
+                                    <option value="@columnName">@columnName</option>
+                                }
+                            </select>
+                        </label>
+
+                        <label>
+                            Match
+                            <select class="modal-input" value="@_filterMode" @onchange="OnFilterModeChanged">
+                                <option value="@DataGridFilterMatchMode.Contains">Contains</option>
+                                <option value="@DataGridFilterMatchMode.StartsWith">Starts with</option>
+                                <option value="@DataGridFilterMatchMode.EndsWith">Ends with</option>
+                                <option value="@DataGridFilterMatchMode.Exact">Equals</option>
+                            </select>
+                        </label>
+
+                        <label>
+                            Value
+                            <input type="text"
+                                   class="modal-input"
+                                   placeholder="@GetFilterValuePlaceholder()"
+                                   @bind="_filterValue"
+                                   @bind:event="oninput"
+                                   @onkeydown="OnFilterDialogKeyDown" />
+                        </label>
+                    </div>
+                }
+            </div>
+            <div class="modal-footer">
+                <button class="btn btn-secondary" @onclick="CancelFilterDialog">Cancel</button>
+                <button class="btn btn-primary" @onclick="ApplyFilterDialogAsync" disabled="@(!CanApplyTableFilter)">
+                    Apply filter
+                </button>
+            </div>
+        </div>
+    </div>
+}
+
 @code {
     [Parameter] public TabDescriptor? Tab { get; set; }
     [Parameter] public string ObjectName { get; set; } = string.Empty;
@@ -403,6 +693,81 @@
     private bool IsReadOnly => IsView;
     private int _selectedRowCount;
     private bool HasSelection => _selectedRowCount > 0;
+    private bool HasPendingChanges => _grid?.HasPendingChanges == true;
+    private bool CanSave => HasPendingChanges || HasSelection;
+    private SchemaPanel _schemaPanel = SchemaPanel.Columns;
+    private QueryResultsStatus _gridStatus = new()
+    {
+        Page = 1,
+        PageSize = 25,
+        HasExactTotal = true,
+    };
+    private IReadOnlyList<DataGridFilterSummary> _activeFilters = Array.Empty<DataGridFilterSummary>();
+    private bool _showBulkEdit;
+    private string _bulkEditColumnName = string.Empty;
+    private string _bulkEditValue = string.Empty;
+    private bool _bulkEditSetNull;
+    private bool _showFilterDialog;
+    private string _filterColumnName = string.Empty;
+    private DataGridFilterMatchMode _filterMode = DataGridFilterMatchMode.Contains;
+    private string _filterValue = string.Empty;
+
+    private enum SchemaPanel { Overview, Columns, Indexes, Triggers }
+
+    private int ColumnCount => _schema?.Columns.Count ?? 0;
+    private int IndexCount => _indexes?.Count ?? 0;
+    private int TriggerCount => _triggers?.Count ?? 0;
+    private IReadOnlyList<string> FilterColumnNames
+        => _schema?.Columns.Select(static column => column.Name).ToArray()
+           ?? _grid?.Columns?.ToArray()
+           ?? Array.Empty<string>();
+
+    private bool CanApplyTableFilter
+        => _grid is not null
+           && FilterColumnNames.Count > 0
+           && !string.IsNullOrWhiteSpace(_filterColumnName)
+           && !string.IsNullOrWhiteSpace(_filterValue);
+
+    private IReadOnlyList<ColumnDefinition> BulkEditableColumns
+        => _schema?.Columns
+            .Where(static column => !column.IsPrimaryKey && !column.IsIdentity)
+            .ToArray()
+           ?? Array.Empty<ColumnDefinition>();
+
+    private ColumnDefinition? BulkEditSelectedColumn
+        => BulkEditableColumns.FirstOrDefault(
+            column => string.Equals(column.Name, _bulkEditColumnName, StringComparison.OrdinalIgnoreCase));
+
+    private bool CanSetBulkEditNull => BulkEditSelectedColumn?.Nullable == true;
+
+    private bool CanApplyBulkEdit
+        => _grid is not null
+           && _selectedRowCount > 0
+           && BulkEditSelectedColumn is not null
+           && (!_bulkEditSetNull || CanSetBulkEditNull);
+
+    private string PrimaryKeyLabel
+        => _schema?.Columns.FirstOrDefault(static column => column.IsPrimaryKey)?.Name is { Length: > 0 } name
+            ? $"Primary key: {name}"
+            : "No primary key";
+
+    private string UniqueIndexLabel
+        => _indexes?.Count(index => index.IsUnique) is > 0
+            ? $"{_indexes.Count(index => index.IsUnique)} unique"
+            : "No unique indexes";
+
+    private string TriggerEventsLabel
+        => _triggers is { Count: > 0 }
+            ? string.Join(", ", _triggers.Select(trigger => trigger.Event.ToString()).Distinct().OrderBy(name => name))
+            : "No trigger events";
+
+    private bool CanGoToPreviousPage => _showData && _gridStatus.Page > 1;
+
+    private bool CanGoToNextPage
+        => _showData
+           && (_gridStatus.HasExactTotal
+               ? _gridStatus.Page * _gridStatus.PageSize < _gridStatus.TotalRows
+               : _gridStatus.HasNextPage);
 
     // ─── Schema data ────────────────────
     private TableSchema? _schema;
@@ -461,10 +826,27 @@
         {
             _loadedObjectName = ObjectName;
             _loadedIsView = IsView;
+            _schemaPanel = SchemaPanel.Columns;
             await LoadSchemaAsync();
         }
     }
 
+    private void SetSchemaPanel(SchemaPanel panel) => _schemaPanel = panel;
+
+    private string GetSchemaPanelClass(SchemaPanel panel)
+        => _schemaPanel == panel ? "active" : string.Empty;
+
+    private string GetObjectStatusText()
+    {
+        if (!_showData)
+            return $"{ColumnCount} columns";
+
+        if (HasSelection)
+            return $"{_selectedRowCount} selected";
+
+        return IsReadOnly ? "Read-only data" : "Editable data";
+    }
+
     private async Task LoadSchemaAsync()
     {
         try
@@ -502,7 +884,18 @@
     }
 
     // ─── View switching ─────────────────
-    private void SwitchView(bool showData) => _showData = showData;
+    private void ShowDataView() => _showData = true;
+
+    private void ShowSchemaPanel(SchemaPanel panel)
+    {
+        _showData = false;
+        _schemaPanel = panel;
+    }
+
+    private string GetDataViewClass() => _showData ? "active" : string.Empty;
+
+    private string GetSchemaViewClass(SchemaPanel panel)
+        => !_showData && _schemaPanel == panel ? "active" : string.Empty;
 
     // ─── Data grid actions ──────────────
     private void AddRow() => _grid?.AddNewRow();
@@ -526,8 +919,16 @@
     }
     private async Task SaveChanges()
     {
-        if (_grid is not null)
-            await _grid.SaveChangesAsync();
+        if (_grid is null)
+            return;
+
+        if (!HasPendingChanges)
+        {
+            Toast.Info("Rows are selected. Use Bulk edit or Delete to stage a change before saving.");
+            return;
+        }
+
+        await _grid.SaveChangesAsync();
     }
     private async Task DiscardChanges()
     {
@@ -541,12 +942,399 @@
         await LoadSchemaAsync();
     }
 
+    private void ShowSortHint()
+        => Toast.Info("Click any column header to sort. Click it again to reverse direction.");
+
+    private async Task OpenFilterDialogAsync()
+    {
+        if (_schema is null && !IsView)
+            await LoadSchemaAsync();
+
+        if (FilterColumnNames.Count == 0)
+        {
+            Toast.Info("Columns are still loading. Try again in a moment.");
+            return;
+        }
+
+        if (string.IsNullOrWhiteSpace(_filterColumnName)
+            || !FilterColumnNames.Contains(_filterColumnName, StringComparer.OrdinalIgnoreCase))
+        {
+            _filterColumnName = FilterColumnNames[0];
+        }
+
+        _filterMode = DataGridFilterMatchMode.Contains;
+        _filterValue = string.Empty;
+        _showFilterDialog = true;
+    }
+
+    private void CancelFilterDialog() => _showFilterDialog = false;
+
+    private void OnFilterColumnChanged(ChangeEventArgs e)
+        => _filterColumnName = e.Value?.ToString() ?? string.Empty;
+
+    private void OnFilterModeChanged(ChangeEventArgs e)
+    {
+        if (!Enum.TryParse<DataGridFilterMatchMode>(e.Value?.ToString(), ignoreCase: true, out var mode))
+            mode = DataGridFilterMatchMode.Contains;
+        _filterMode = mode;
+    }
+
+    private async Task OnFilterDialogKeyDown(KeyboardEventArgs e)
+    {
+        if (e.Key == "Enter" && CanApplyTableFilter)
+            await ApplyFilterDialogAsync();
+        else if (e.Key == "Escape")
+            CancelFilterDialog();
+    }
+
+    private async Task ApplyFilterDialogAsync()
+    {
+        if (_grid is null || string.IsNullOrWhiteSpace(_filterColumnName))
+            return;
+
+        try
+        {
+            await _grid.ApplyFilterAsync(_filterColumnName, _filterMode, _filterValue);
+            _showFilterDialog = false;
+            Toast.Success($"Filter applied to {_filterColumnName}.");
+        }
+        catch (Exception ex)
+        {
+            Toast.Error($"Filter failed: {ex.Message}");
+        }
+    }
+
+    private async Task OpenBulkEditAsync()
+    {
+        if (IsReadOnly)
+            return;
+
+        if (_grid is null || _selectedRowCount <= 0)
+        {
+            Toast.Info("Select rows before bulk editing.");
+            return;
+        }
+
+        if (_schema is null)
+            await LoadSchemaAsync();
+
+        if (BulkEditableColumns.Count == 0)
+        {
+            Toast.Warning("This table has no non-key editable columns.");
+            return;
+        }
+
+        if (BulkEditSelectedColumn is null)
+            _bulkEditColumnName = BulkEditableColumns[0].Name;
+
+        _bulkEditValue = string.Empty;
+        _bulkEditSetNull = false;
+        _showBulkEdit = true;
+    }
+
+    private void CancelBulkEdit() => _showBulkEdit = false;
+
+    private void OnBulkEditColumnChanged(ChangeEventArgs e)
+    {
+        _bulkEditColumnName = e.Value?.ToString() ?? string.Empty;
+        if (!CanSetBulkEditNull)
+            _bulkEditSetNull = false;
+    }
+
+    private void OnBulkEditNullChanged(ChangeEventArgs e)
+    {
+        if (e.Value is bool value)
+            _bulkEditSetNull = value && CanSetBulkEditNull;
+        else
+            _bulkEditSetNull = string.Equals(e.Value?.ToString(), "true", StringComparison.OrdinalIgnoreCase) && CanSetBulkEditNull;
+    }
+
+    private async Task OnBulkEditKeyDown(KeyboardEventArgs e)
+    {
+        if (e.Key == "Enter" && CanApplyBulkEdit)
+            await ApplyBulkEditAsync();
+        else if (e.Key == "Escape")
+            CancelBulkEdit();
+    }
+
+    private async Task ApplyBulkEditAsync()
+    {
+        if (_grid is null || BulkEditSelectedColumn is null)
+            return;
+
+        if (_bulkEditSetNull && !CanSetBulkEditNull)
+        {
+            Toast.Warning($"{BulkEditSelectedColumn.Name} is not nullable.");
+            return;
+        }
+
+        try
+        {
+            int changed = await _grid.BulkEditSelectedRowsAsync(
+                BulkEditSelectedColumn.Name,
+                _bulkEditValue,
+                _bulkEditSetNull);
+            _selectedRowCount = _grid.SelectedRowCount;
+            _showBulkEdit = false;
+
+            if (changed == 0)
+                Toast.Info("No selected rows changed.");
+            else
+                Toast.Success($"Staged {changed} bulk edit(s). Click Save to persist.");
+        }
+        catch (Exception ex)
+        {
+            Toast.Error($"Bulk edit failed: {ex.Message}");
+        }
+    }
+
+    private void OpenImportPipeline()
+    {
+        TabManager.OpenPipelineTab();
+        Toast.Info($"Opened a pipeline tab. Set '{ObjectName}' as the destination table to import data.");
+    }
+
+    private void OpenObjectListQuery()
+        => TabManager.OpenSystemCatalogTab(
+            IsView ? "sys.views" : "sys.tables",
+            IsView
+                ? "SELECT * FROM sys.views ORDER BY view_name;"
+                : "SELECT * FROM sys.tables ORDER BY table_name;");
+
     private Task OnGridSelectionChanged(int count)
     {
         _selectedRowCount = count;
         return InvokeAsync(StateHasChanged);
     }
 
+    private Task OnGridStatusChanged(QueryResultsStatus status)
+    {
+        _gridStatus = status;
+        return InvokeAsync(StateHasChanged);
+    }
+
+    private Task OnGridFiltersChanged(IReadOnlyList<DataGridFilterSummary> filters)
+    {
+        _activeFilters = filters;
+        return InvokeAsync(StateHasChanged);
+    }
+
+    private async Task ClearFilterAsync(int columnIndex)
+    {
+        if (_grid is not null)
+            await _grid.ClearFilterAsync(columnIndex);
+    }
+
+    private async Task GoToPreviousPageAsync()
+    {
+        if (_grid is not null)
+            await _grid.GoToPreviousPageAsync();
+    }
+
+    private async Task GoToNextPageAsync()
+    {
+        if (_grid is not null)
+            await _grid.GoToNextPageAsync();
+    }
+
+    private async Task ExportVisibleRowsAsync()
+    {
+        if (_grid is null)
+            return;
+
+        var snapshot = _grid.GetVisibleRowsSnapshot();
+        if (snapshot.Rows.Count == 0)
+        {
+            Toast.Info("There are no visible rows to export.");
+            return;
+        }
+
+        await DownloadCsvAsync(snapshot.Columns, snapshot.Rows, $"{SanitizeFileName(ObjectName)}-visible.csv");
+        Toast.Success($"Exported {snapshot.Rows.Count} visible row(s).");
+    }
+
+    private async Task ExportSelectedRowsAsync()
+    {
+        if (_grid is null)
+            return;
+
+        var snapshot = _grid.GetSelectedRowsSnapshot();
+        if (snapshot.Rows.Count == 0)
+        {
+            Toast.Info("Select rows before exporting.");
+            return;
+        }
+
+        await DownloadCsvAsync(snapshot.Columns, snapshot.Rows, $"{SanitizeFileName(ObjectName)}-selected.csv");
+        Toast.Success($"Exported {snapshot.Rows.Count} selected row(s).");
+    }
+
+    private async Task DownloadCsvAsync(string[] columns, IReadOnlyList<object?[]> rows, string fileName)
+    {
+        string csv = BuildCsv(columns, rows);
+        await JS.InvokeVoidAsync("fileInterop.downloadText", fileName, "text/csv;charset=utf-8", csv);
+    }
+
+    private async Task CopySelectedAsInsertAsync()
+    {
+        if (_grid is null)
+            return;
+
+        var snapshot = _grid.GetSelectedRowsSnapshot();
+        if (snapshot.Rows.Count == 0)
+        {
+            Toast.Info("Select rows before copying INSERT statements.");
+            return;
+        }
+
+        string sql = BuildInsertStatements(ObjectName, snapshot.Columns, snapshot.Rows);
+        await JS.InvokeVoidAsync("clipboardInterop.writeText", sql);
+        Toast.Success($"Copied {snapshot.Rows.Count} INSERT statement(s).");
+    }
+
+    private string GetToolbarRowRangeText()
+    {
+        if (!_showData)
+            return $"{ColumnCount} columns";
+
+        if (_gridStatus.Error is not null)
+            return "Load failed";
+
+        if (_gridStatus.VisibleRows <= 0)
+            return "No rows";
+
+        int firstRow = ((_gridStatus.Page - 1) * _gridStatus.PageSize) + 1;
+        int lastRow = firstRow + _gridStatus.VisibleRows - 1;
+        string total = _gridStatus.HasExactTotal
+            ? _gridStatus.TotalRows.ToString("N0")
+            : $"{lastRow:N0}+";
+
+        return $"Rows {firstRow:N0}-{lastRow:N0} of {total}";
+    }
+
+    private string GetFilterSummaryText()
+    {
+        if (_gridStatus.VisibleRows <= 0)
+            return _activeFilters.Count == 0 ? "No rows visible" : "No matches";
+
+        string visible = _gridStatus.VisibleRows.ToString("N0");
+        if (!_gridStatus.HasExactTotal)
+            return _activeFilters.Count == 0 ? $"{visible} visible" : $"{visible}+ visible";
+
+        return _activeFilters.Count == 0
+            ? $"{visible} visible"
+            : $"Showing {visible} of {_gridStatus.TotalRows:N0} rows";
+    }
+
+    private string GetFilterValuePlaceholder() => _filterMode switch
+    {
+        DataGridFilterMatchMode.Exact => "Exact value",
+        DataGridFilterMatchMode.StartsWith => "Starts with...",
+        DataGridFilterMatchMode.EndsWith => "Ends with...",
+        _ => "Contains...",
+    };
+
+    private string GetBulkEditPlaceholder()
+    {
+        var column = BulkEditSelectedColumn;
+        if (column is null)
+            return "Value";
+
+        return column.Type switch
+        {
+            DbType.Integer => "Integer value",
+            DbType.Real => "Decimal value",
+            DbType.Blob => "Blob value",
+            _ => "Text value",
+        };
+    }
+
+    private static string GetFilterOperatorLabel(DataGridFilterMatchMode mode) => mode switch
+    {
+        DataGridFilterMatchMode.Exact => "=",
+        DataGridFilterMatchMode.StartsWith => "starts",
+        DataGridFilterMatchMode.EndsWith => "ends",
+        _ => "contains",
+    };
+
+    private static string FormatFilterValue(string value)
+        => value.Equals("NULL", StringComparison.OrdinalIgnoreCase)
+            ? "NULL"
+            : $"'{value}'";
+
+    private static string BuildCsv(string[] columns, IReadOnlyList<object?[]> rows)
+    {
+        var builder = new System.Text.StringBuilder();
+        builder.AppendLine(string.Join(",", columns.Select(EscapeCsvField)));
+
+        foreach (object?[] row in rows)
+        {
+            builder.AppendLine(string.Join(",", row.Select(value => EscapeCsvField(FormatExportValue(value)))));
+        }
+
+        return builder.ToString();
+    }
+
+    private static string EscapeCsvField(string value)
+    {
+        bool mustQuote = value.Contains(',', StringComparison.Ordinal)
+                         || value.Contains('"', StringComparison.Ordinal)
+                         || value.Contains('\r', StringComparison.Ordinal)
+                         || value.Contains('\n', StringComparison.Ordinal);
+
+        return mustQuote
+            ? $"\"{value.Replace("\"", "\"\"", StringComparison.Ordinal)}\""
+            : value;
+    }
+
+    private static string BuildInsertStatements(string tableName, string[] columns, IReadOnlyList<object?[]> rows)
+    {
+        string columnList = string.Join(", ", columns.Select(FormatSqlIdentifier));
+        var builder = new System.Text.StringBuilder();
+
+        foreach (object?[] row in rows)
+        {
+            string values = string.Join(", ", row.Select(FormatSqlValue));
+            builder.Append("INSERT INTO ")
+                .Append(FormatSqlIdentifier(tableName))
+                .Append(" (")
+                .Append(columnList)
+                .Append(") VALUES (")
+                .Append(values)
+                .AppendLine(");");
+        }
+
+        return builder.ToString();
+    }
+
+    private static string FormatSqlIdentifier(string identifier)
+        => identifier;
+
+    private static string FormatSqlValue(object? value) => value switch
+    {
+        null => "NULL",
+        byte[] bytes => $"X'{Convert.ToHexString(bytes)}'",
+        string text => $"'{text.Replace("'", "''", StringComparison.Ordinal)}'",
+        bool boolean => boolean ? "1" : "0",
+        IFormattable formattable => formattable.ToString(null, System.Globalization.CultureInfo.InvariantCulture),
+        _ => $"'{value.ToString()?.Replace("'", "''", StringComparison.Ordinal)}'",
+    };
+
+    private static string FormatExportValue(object? value) => value switch
+    {
+        null => string.Empty,
+        byte[] bytes => Convert.ToHexString(bytes),
+        IFormattable formattable => formattable.ToString(null, System.Globalization.CultureInfo.InvariantCulture),
+        _ => value.ToString() ?? string.Empty,
+    };
+
+    private static string SanitizeFileName(string name)
+    {
+        var invalid = Path.GetInvalidFileNameChars().ToHashSet();
+        string sanitized = new(name.Select(ch => invalid.Contains(ch) ? '-' : ch).ToArray());
+        return string.IsNullOrWhiteSpace(sanitized) ? "data" : sanitized;
+    }
+
     // ═══════════════════════════════════════
     // ALTER TABLE
     // ═══════════════════════════════════════
diff --git a/src/CSharpDB.Admin/Components/Tabs/FormEntryTab.razor b/src/CSharpDB.Admin/Components/Tabs/FormEntryTab.razor
index 51d7439e..9a786d9e 100644
--- a/src/CSharpDB.Admin/Components/Tabs/FormEntryTab.razor
+++ b/src/CSharpDB.Admin/Components/Tabs/FormEntryTab.razor
@@ -11,7 +11,15 @@
 }
 else
 {
-    <DataEntry @key="_renderKey" FormId="@Tab.FormId" OnOpenDesigner="OpenDesigner" />
+    <DataEntry @key="_renderKey"
+               FormId="@Tab.FormId"
+               InitialRecordId="@Tab.InitialRecordId"
+               InitialMode="@Tab.InitialFormEntryMode"
+               InitialFilterExpression="@Tab.InitialFilterExpression"
+               InitialFilterParameters="@Tab.InitialFilterParameters"
+               OnOpenDesigner="OpenDesigner"
+               OnOpenForm="OpenForm"
+               OnCloseForm="CloseForm" />
 }
 
 @code {
@@ -35,6 +43,24 @@ else
         return Task.CompletedTask;
     }
 
+    private Task OpenForm(FormOpenRequest request)
+    {
+        TabManager.OpenFormEntryTab(
+            request.FormId,
+            request.FormName,
+            request.RecordId,
+            request.Mode,
+            request.FilterExpression,
+            request.Arguments);
+        return Task.CompletedTask;
+    }
+
+    private Task CloseForm(FormCloseRequest request)
+    {
+        TabManager.CloseTab(Tab.Id);
+        return Task.CompletedTask;
+    }
+
     private void OnDatabaseChanged()
     {
         _renderKey = BuildRenderKey();
diff --git a/src/CSharpDB.Admin/Components/Tabs/PipelineDesigner.razor b/src/CSharpDB.Admin/Components/Tabs/PipelineDesigner.razor
index 49ea1655..f997c8f3 100644
--- a/src/CSharpDB.Admin/Components/Tabs/PipelineDesigner.razor
+++ b/src/CSharpDB.Admin/Components/Tabs/PipelineDesigner.razor
@@ -749,6 +749,7 @@
         _state.IncrementalEnabled = false;
         _state.IncrementalWatermarkColumn = string.Empty;
         _state.IncrementalLastProcessedValue = string.Empty;
+        _state.Hooks = [];
         _state.Transforms.Clear();
         _sourceFileColumns = [];
         _sourcePreviewError = null;
@@ -787,6 +788,7 @@
         _state.IncrementalEnabled = package.Incremental is not null;
         _state.IncrementalWatermarkColumn = package.Incremental?.WatermarkColumn ?? string.Empty;
         _state.IncrementalLastProcessedValue = package.Incremental?.LastProcessedValue ?? string.Empty;
+        _state.Hooks = package.Hooks ?? [];
 
         _state.Transforms.Clear();
         foreach (var transform in transforms)
@@ -1042,6 +1044,7 @@
                     LastProcessedValue = NullIfBlank(_state.IncrementalLastProcessedValue),
                 }
                 : null,
+            Hooks = _state.Hooks,
         };
     }
 
@@ -1748,6 +1751,7 @@
         public bool IncrementalEnabled { get; set; }
         public string IncrementalWatermarkColumn { get; set; } = string.Empty;
         public string IncrementalLastProcessedValue { get; set; } = string.Empty;
+        public IReadOnlyList<PipelineCommandHookDefinition> Hooks { get; set; } = [];
         public string VersionOrDefault => string.IsNullOrWhiteSpace(Version) ? "1.0.0" : Version;
     }
 
diff --git a/src/CSharpDB.Admin/Components/Tabs/QueryTab.razor b/src/CSharpDB.Admin/Components/Tabs/QueryTab.razor
index 72c99ecd..d40ac96d 100644
--- a/src/CSharpDB.Admin/Components/Tabs/QueryTab.razor
+++ b/src/CSharpDB.Admin/Components/Tabs/QueryTab.razor
@@ -5,11 +5,13 @@
 @using CSharpDB.Admin.Helpers
 @using CSharpDB.Admin.Models
 @using CSharpDB.Client.Models
+@using CSharpDB.Primitives
 @using CSharpDB.Sql
 @inject ICSharpDbClient DbClient
 @inject IJSRuntime JS
 @inject DatabaseChangeService Changes
 @inject ToastService Toast
+@inject HostCallbackCatalogService CallbackCatalog
 @implements IDisposable
 
 <div class="query-tab" @ref="_queryTabRef" style="@($"--query-editor-height: {_editorHeightPx}px;")">
@@ -114,98 +116,177 @@
         </div>
 
         <div class="query-workspace">
-            <div class="query-editor-panel">
-                <SqlEditor @ref="_editor"
-                           @bind-Value="_sqlText"
-                           OnExecute="RunQuery"
-                           CompletionCatalog="_completionCatalog"
-                           Height="var(--query-editor-height)"
-                           Placeholder="Enter SQL query..." />
-            </div>
+            <div class="query-main-stack">
+                <div class="query-editor-panel">
+                    <SqlEditor @ref="_editor"
+                               @bind-Value="_sqlText"
+                               OnExecute="RunQuery"
+                               CompletionCatalog="_completionCatalog"
+                               Height="var(--query-editor-height)"
+                               Placeholder="Enter SQL query..." />
+                </div>
 
-            <div class="query-editor-splitter"
-                 title="Resize SQL editor"
-                 @onmousedown="StartEditorResizeAsync"
-                 @onmousedown:preventDefault></div>
+                <div class="query-editor-splitter"
+                     title="Resize SQL editor"
+                     @onmousedown="StartEditorResizeAsync"
+                     @onmousedown:preventDefault></div>
+
+                <div class="query-results-panel">
+                    <div class="query-result-tabs">
+                        <button class="@GetResultViewClass(QueryResultView.Results)" @onclick="() => SetResultView(QueryResultView.Results)">
+                            <i class="bi bi-table"></i> Results <span>@GetResultBadge()</span>
+                        </button>
+                        <button class="@GetResultViewClass(QueryResultView.Messages)" @onclick="() => SetResultView(QueryResultView.Messages)">
+                            <i class="bi bi-card-text"></i> Messages
+                        </button>
+                        <button class="@GetResultViewClass(QueryResultView.Stats)" @onclick="() => SetResultView(QueryResultView.Stats)">
+                            <i class="bi bi-speedometer2"></i> Stats
+                        </button>
+                        <button class="@GetResultViewClass(QueryResultView.Plan)" @onclick="() => SetResultView(QueryResultView.Plan)">
+                            <i class="bi bi-diagram-3"></i> Plan
+                        </button>
+                        <div class="query-result-meta">
+                            @if (_elapsed is not null)
+                            {
+                                <span>@_elapsed.Value.TotalMilliseconds.ToString("F1") ms</span>
+                            }
+                            @if (_loading)
+                            {
+                                <span>Running</span>
+                            }
+                        </div>
+                    </div>
 
-            <div class="query-results-panel">
-                @if (_activeQuerySql is not null && !_loading)
-                {
-                    <DataGrid QuerySql="@_activeQuerySql"
-                              ReloadVersion="_queryReloadVersion"
-                              IsReadOnly="true"
-                              OnQueryStatusChanged="OnQueryResultsChanged" />
-                }
-                else
-                {
-                    <div class="grid-container">
-                        @if (_loading)
+                    <div class="query-result-body">
+                        @if (_resultView == QueryResultView.Results)
                         {
-                            <div class="loading-overlay">
-                                <div class="spinner"></div>
-                            </div>
-                        }
-                        else if (_error is not null)
-                        {
-                            <div class="query-error">
-                                <i class="bi bi-exclamation-triangle"></i> @_error
-                            </div>
-                        }
-                        else if (_resultColumns is not null && _resultRows is not null)
-                        {
-                            <table class="data-grid query-results">
-                                <thead>
-                                    <tr>
-                                        <th class="row-num-header">#</th>
-                                        @foreach (var col in _resultColumns)
-                                        {
-                                            <th>@col</th>
-                                        }
-                                    </tr>
-                                </thead>
-                                <tbody>
-                                    @for (int r = 0; r < _resultRows.Count; r++)
+                            @if (_activeQuerySql is not null && !_loading)
+                            {
+                                <DataGrid QuerySql="@_activeQuerySql"
+                                          ReloadVersion="_queryReloadVersion"
+                                          IsReadOnly="true"
+                                          OnQueryStatusChanged="OnQueryResultsChanged" />
+                            }
+                            else
+                            {
+                                <div class="grid-container">
+                                    @if (_loading)
                                     {
-                                        <tr>
-                                            <td class="row-num">@(r + 1)</td>
-                                            @foreach (var val in _resultRows[r])
-                                            {
-                                                <td>
-                                                    @if (val is null)
-                                                    {
-                                                        <span class="null-val">NULL</span>
-                                                    }
-                                                    else if (val is byte[] bytes)
-                                                    {
-                                                        <span class="blob-val">[@bytes.Length bytes]</span>
-                                                    }
-                                                    else
+                                        <div class="loading-overlay">
+                                            <div class="spinner"></div>
+                                        </div>
+                                    }
+                                    else if (_error is not null)
+                                    {
+                                        <div class="query-error">
+                                            <i class="bi bi-exclamation-triangle"></i> @_error
+                                        </div>
+                                    }
+                                    else if (_resultColumns is not null && _resultRows is not null)
+                                    {
+                                        <table class="data-grid query-results">
+                                            <thead>
+                                                <tr>
+                                                    <th class="row-num-header">#</th>
+                                                    @foreach (var col in _resultColumns)
                                                     {
-                                                        @val.ToString()
+                                                        <th>@col</th>
                                                     }
-                                                </td>
-                                            }
-                                        </tr>
+                                                </tr>
+                                            </thead>
+                                            <tbody>
+                                                @for (int r = 0; r < _resultRows.Count; r++)
+                                                {
+                                                    <tr>
+                                                        <td class="row-num">@(r + 1)</td>
+                                                        @foreach (var val in _resultRows[r])
+                                                        {
+                                                            <td>
+                                                                @if (val is null)
+                                                                {
+                                                                    <span class="null-val">NULL</span>
+                                                                }
+                                                                else if (val is byte[] bytes)
+                                                                {
+                                                                    <span class="blob-val">[@bytes.Length bytes]</span>
+                                                                }
+                                                                else
+                                                                {
+                                                                    @val.ToString()
+                                                                }
+                                                            </td>
+                                                        }
+                                                    </tr>
+                                                }
+                                            </tbody>
+                                        </table>
+                                    }
+                                    else if (_nonQueryMessage is not null)
+                                    {
+                                        <div class="query-message">
+                                            <i class="bi bi-check-circle"></i> @_nonQueryMessage
+                                        </div>
+                                    }
+                                    else
+                                    {
+                                        <div class="empty-state">
+                                            <i class="bi bi-terminal"></i>
+                                            <p>Run a query to see results</p>
+                                        </div>
                                     }
-                                </tbody>
-                            </table>
+                                </div>
+                            }
                         }
-                        else if (_nonQueryMessage is not null)
+                        else if (_resultView == QueryResultView.Messages)
                         {
-                            <div class="query-message">
-                                <i class="bi bi-check-circle"></i> @_nonQueryMessage
+                            <div class="query-detail-pane">
+                                <h3>Messages</h3>
+                                <p class="@(_error is null ? "ok" : "danger")">@GetMessageText()</p>
+                            </div>
+                        }
+                        else if (_resultView == QueryResultView.Stats)
+                        {
+                            <div class="query-stat-grid">
+                                <div><span>Elapsed</span><strong>@(_elapsed?.TotalMilliseconds.ToString("F1") ?? "-") ms</strong></div>
+                                <div><span>Rows</span><strong>@GetResultSummary()</strong></div>
+                                <div><span>Mode</span><strong>@(_activeQuerySql is not null ? "Paged" : "Direct")</strong></div>
+                                <div><span>Status</span><strong>@(_error is null ? "Ready" : "Error")</strong></div>
                             </div>
                         }
                         else
                         {
-                            <div class="empty-state">
-                                <i class="bi bi-terminal"></i>
-                                <p>Run a query to see results</p>
+                            <div class="query-detail-pane">
+                                <h3>Plan</h3>
+                                <p>Planner output is not generated automatically from this panel. Use the stats shortcuts above for persisted table and column statistics before comparing plans.</p>
                             </div>
                         }
                     </div>
-                }
+                </div>
             </div>
+
+            <aside class="query-history-rail">
+                <header>
+                    <span>History</span>
+                    <button title="Clear history" @onclick="ClearHistory" disabled="@(_queryHistory.Count == 0)">
+                        <i class="bi bi-trash"></i>
+                    </button>
+                </header>
+                @if (_queryHistory.Count == 0)
+                {
+                    <p class="query-history-empty">Run SQL to build local history.</p>
+                }
+                else
+                {
+                    @foreach (QueryHistoryItem item in _queryHistory)
+                    {
+                        <button class="query-history-item" @onclick="() => LoadSql(item.Sql)">
+                            <strong>@item.Title</strong>
+                            <span>@item.Summary</span>
+                            <small>@item.ElapsedText</small>
+                        </button>
+                    }
+                }
+            </aside>
         </div>
     }
     else
@@ -216,8 +297,10 @@
 
 @code {
     private enum QueryMode { Sql, Designer }
+    private enum QueryResultView { Results, Messages, Stats, Plan }
 
     private QueryMode _mode = QueryMode.Sql;
+    private QueryResultView _resultView = QueryResultView.Results;
 
     private void SetMode(QueryMode mode)
     {
@@ -277,6 +360,9 @@
     private bool _editorHeightInitialized;
     private ElementReference _queryTabRef;
     private DotNetObjectReference<QueryTab>? _dotNetRef;
+    private readonly List<QueryHistoryItem> _queryHistory = [];
+
+    private sealed record QueryHistoryItem(string Title, string Summary, string ElapsedText, string Sql);
 
     protected override async Task OnInitializedAsync()
     {
@@ -337,12 +423,15 @@
         if (string.IsNullOrWhiteSpace(_sqlText)) return;
 
         _loading = true;
+        _resultView = QueryResultView.Results;
+        string? executedSql = null;
         ResetResultState(resetActiveQuery: true);
         StateHasChanged();
 
         try
         {
             string trimmedSql = _sqlText.Trim();
+            executedSql = trimmedSql;
             if (TryParseExecuteCommand(trimmedSql, out var procedureName, out var args, out var parseError))
             {
                 if (parseError is not null)
@@ -380,6 +469,8 @@
             _loading = false;
             // Save SQL text back to tab state for preservation
             if (Tab is not null) Tab.SqlText = _sqlText;
+            if (executedSql is not null)
+                AddQueryHistory(executedSql);
             StateHasChanged();
         }
     }
@@ -518,6 +609,7 @@
             var tableNamesTask = DbClient.GetTableNamesAsync();
             var viewNamesTask = DbClient.GetViewNamesAsync();
             var proceduresTask = DbClient.GetProceduresAsync(includeDisabled: false);
+            IReadOnlyList<DbHostCallbackDescriptor> callbacks = CallbackCatalog.GetCallbacks();
 
             await Task.WhenAll(tableNamesTask, viewNamesTask, proceduresTask);
 
@@ -554,6 +646,17 @@
                     .Select(procedure => procedure.Name)
                     .OrderBy(name => name, StringComparer.OrdinalIgnoreCase)
                     .ToArray(),
+                Functions = callbacks
+                    .Where(callback => callback.Kind == AutomationCallbackKind.ScalarFunction
+                        && callback.CanRunWithoutFrom)
+                    .Select(callback => new SqlCompletionFunction(
+                        callback.Name,
+                        callback.Arity,
+                        callback.ReturnType?.ToString().ToUpperInvariant(),
+                        callback.Description,
+                        callback.CanRunWithoutFrom))
+                    .OrderBy(function => function.Name, StringComparer.OrdinalIgnoreCase)
+                    .ToArray(),
             };
         }
         catch
@@ -605,6 +708,59 @@
             Tab.SqlText = _sqlText;
     }
 
+    private void SetResultView(QueryResultView view) => _resultView = view;
+
+    private string GetResultViewClass(QueryResultView view)
+        => _resultView == view ? "active" : string.Empty;
+
+    private string GetResultBadge()
+    {
+        if (_activeQuerySql is not null)
+            return _queryResultsStatus.VisibleRows > 0 ? _queryResultsStatus.VisibleRows.ToString(CultureInfo.InvariantCulture) : string.Empty;
+
+        return _resultRows is { Count: > 0 } rows ? rows.Count.ToString(CultureInfo.InvariantCulture) : string.Empty;
+    }
+
+    private string GetMessageText()
+    {
+        if (_error is not null)
+            return _error;
+
+        if (_nonQueryMessage is not null)
+            return _nonQueryMessage;
+
+        if (_loading)
+            return "Query is running.";
+
+        if (_elapsed is not null)
+            return "Query completed.";
+
+        return "No messages yet.";
+    }
+
+    private void AddQueryHistory(string sql)
+    {
+        string normalized = sql.ReplaceLineEndings(" ").Trim();
+        if (normalized.Length > 86)
+            normalized = normalized[..83] + "...";
+
+        string summary = _error is not null
+            ? "Error"
+            : _nonQueryMessage
+                ?? (_activeQuerySql is not null ? "Paged results" : GetResultSummary());
+
+        string elapsedText = _elapsed is null
+            ? "pending"
+            : $"{_elapsed.Value.TotalMilliseconds:F1} ms";
+
+        _queryHistory.RemoveAll(item => string.Equals(item.Sql, sql, StringComparison.Ordinal));
+        _queryHistory.Insert(0, new QueryHistoryItem(normalized, summary, elapsedText, sql));
+        if (_queryHistory.Count > 12)
+            _queryHistory.RemoveRange(12, _queryHistory.Count - 12);
+    }
+
+    private void ClearHistory() => _queryHistory.Clear();
+
     private async Task RunSqlWithoutPagingAsync(string sql)
     {
         var result = await DbClient.ExecuteSqlAsync(sql);
diff --git a/src/CSharpDB.Admin/Components/Tabs/StorageTab.razor b/src/CSharpDB.Admin/Components/Tabs/StorageTab.razor
index 29e2944d..cec394a6 100644
--- a/src/CSharpDB.Admin/Components/Tabs/StorageTab.razor
+++ b/src/CSharpDB.Admin/Components/Tabs/StorageTab.razor
@@ -25,6 +25,33 @@
         <div class="toolbar-info">@(_dbReport?.DatabasePath ?? DbClient.DataSource)</div>
     </div>
 
+    <div class="heavy-layout">
+        <aside class="heavy-rail">
+            <div class="heavy-rail-head">Storage Inspector</div>
+            <div class="heavy-rail-section">
+                <div class="heavy-rail-label">Overview</div>
+                <a class="heavy-rail-item active" href="#storage-summary"><i class="bi bi-speedometer2"></i><span>Summary</span></a>
+            </div>
+            <div class="heavy-rail-section">
+                <div class="heavy-rail-label">Inspect</div>
+                <a class="heavy-rail-item" href="#storage-header"><i class="bi bi-file-binary"></i><span>Database header</span></a>
+                <a class="heavy-rail-item" href="#storage-wal"><i class="bi bi-journal-text"></i><span>WAL</span></a>
+                <a class="heavy-rail-item" href="#storage-space"><i class="bi bi-pie-chart"></i><span>Space usage</span></a>
+                <a class="heavy-rail-item" href="#storage-histogram"><i class="bi bi-bar-chart-steps"></i><span>Page histogram</span></a>
+                <a class="heavy-rail-item" href="#storage-page"><i class="bi bi-search"></i><span>Page drill-down</span></a>
+            </div>
+            <div class="heavy-rail-section">
+                <div class="heavy-rail-label">Health</div>
+                <a class="heavy-rail-item" href="#storage-indexes"><i class="bi bi-shield-check"></i><span>Index checks</span><span class="badge">@IndexIssueBadge</span></a>
+                <a class="heavy-rail-item" href="#storage-issues"><i class="bi bi-exclamation-triangle"></i><span>Integrity issues</span><span class="badge @(_combinedIssues.Count > 0 ? "warn" : "")">@_combinedIssues.Count</span></a>
+            </div>
+            <div class="heavy-rail-section">
+                <div class="heavy-rail-label">Operations</div>
+                <a class="heavy-rail-item" href="#storage-maintenance"><i class="bi bi-tools"></i><span>Maintenance</span></a>
+            </div>
+        </aside>
+
+        <main class="heavy-pane">
     @if (_loading)
     {
         <div class="loading-overlay">
@@ -33,9 +60,16 @@
     }
     else
     {
-        <div class="storage-content">
+        <div class="storage-content" id="storage-summary">
+            <div class="heavy-summary-strip">
+                <div><span>File</span><strong>@FormatBytes(_maintenanceReport?.SpaceUsage.DatabaseFileBytes ?? 0)</strong></div>
+                <div><span>Pages</span><strong>@(_dbReport?.Header.PhysicalPageCount.ToString() ?? "-")</strong></div>
+                <div><span>Page size</span><strong>@(_dbReport?.Header.PageSize.ToString() ?? "-")</strong></div>
+                <div><span>Issues</span><strong>@_combinedIssues.Count</strong></div>
+            </div>
+
             <div class="storage-grid">
-                <section class="storage-card">
+                <section class="storage-card" id="storage-header">
                     <h3>Database Header</h3>
                     @if (_dbReport is not null)
                     {
@@ -55,7 +89,7 @@
                     }
                 </section>
 
-                <section class="storage-card">
+                <section class="storage-card" id="storage-wal">
                     <h3>WAL</h3>
                     @if (_walReport is not null)
                     {
@@ -77,7 +111,7 @@
             </div>
 
             <div class="storage-grid">
-                <section class="storage-card">
+                <section class="storage-card" id="storage-space">
                     <h3>Space Usage</h3>
                     @if (_maintenanceReport is not null)
                     {
@@ -95,7 +129,7 @@
                     }
                 </section>
 
-                <section class="storage-card">
+                <section class="storage-card" id="storage-fragmentation">
                     <h3>Fragmentation</h3>
                     @if (_maintenanceReport is not null)
                     {
@@ -111,7 +145,7 @@
                 </section>
             </div>
 
-            <section class="storage-card">
+            <section class="storage-card" id="storage-maintenance">
                 <h3>Maintenance</h3>
                 <div class="storage-subsection">
                     <div class="toolbar">
@@ -336,7 +370,7 @@
                 </div>
             </section>
 
-            <section class="storage-card">
+            <section class="storage-card" id="storage-histogram">
                 <h3>Page Type Histogram</h3>
                 @if (_dbReport?.PageTypeHistogram is not null && _dbReport.PageTypeHistogram.Count > 0)
                 {
@@ -364,7 +398,7 @@
                 }
             </section>
 
-            <section class="storage-card">
+            <section class="storage-card" id="storage-indexes">
                 <h3>Index Checks</h3>
                 @if (_indexReport?.Indexes is not null && _indexReport.Indexes.Count > 0)
                 {
@@ -402,7 +436,7 @@
                 }
             </section>
 
-            <section class="storage-card">
+            <section class="storage-card" id="storage-issues">
                 <h3>Integrity Issues</h3>
                 @if (_combinedIssues.Count > 0)
                 {
@@ -438,7 +472,7 @@
                 }
             </section>
 
-            <section class="storage-card">
+            <section class="storage-card" id="storage-page">
                 <h3>Page Drill-Down</h3>
                 @if (_pageReport is null)
                 {
@@ -488,6 +522,8 @@
             </section>
         </div>
     }
+        </main>
+    </div>
 </div>
 
 @code {
@@ -535,6 +571,12 @@
     private IReadOnlyList<string> _availableIndexes = [];
 
     private readonly List<IntegrityIssue> _combinedIssues = new();
+    private string IndexIssueBadge
+        => _indexReport?.Indexes is null
+            ? "-"
+            : _indexReport.Indexes.All(index => index.RootPageValid && index.TableExists && index.ColumnsExistInTable && index.RootTreeReachable)
+                ? "OK"
+                : "Check";
 
     protected override async Task OnInitializedAsync()
     {
diff --git a/src/CSharpDB.Admin/Components/Tabs/WelcomeTab.razor b/src/CSharpDB.Admin/Components/Tabs/WelcomeTab.razor
index bf9c203a..2b15265f 100644
--- a/src/CSharpDB.Admin/Components/Tabs/WelcomeTab.razor
+++ b/src/CSharpDB.Admin/Components/Tabs/WelcomeTab.razor
@@ -1,140 +1,303 @@
 @inject ICSharpDbClient DbClient
+@inject IFormRepository FormRepository
+@inject IReportRepository ReportRepository
 @inject DatabaseChangeService Changes
 @inject TabManagerService TabManager
 @implements IDisposable
 
-<div class="welcome-tab">
-    <div class="empty-state">
-        <img src="icon2.png?v=20260310"
-             alt="CSharpDB Studio"
-             class="welcome-brand-image"
-             width="96"
-             height="96" />
-        <h2>Welcome to CSharpDB Studio</h2>
-        <p class="text-secondary">Select a table from the sidebar to browse data, or open a new query tab.</p>
-
-        <div class="welcome-shortcuts">
-            <div class="shortcut-item">
-                <span class="kbd">Ctrl+N</span> New query tab
-            </div>
-            <div class="shortcut-item">
-                <span class="kbd">Ctrl+B</span> Toggle sidebar
-            </div>
-            <div class="shortcut-item">
-                <span class="kbd">Ctrl+Enter</span> Run query
-            </div>
-            <div class="shortcut-item">
-                <span class="kbd">Ctrl+Shift+L</span> Toggle theme
-            </div>
+<div class="dashboard-tab">
+    <header class="dashboard-header">
+        <div>
+            <div class="dashboard-crumb">@DbClient.DataSource</div>
+            <h1>Dashboard</h1>
         </div>
-    </div>
+        <div class="dashboard-actions">
+            <button class="toolbar-btn" @onclick="LoadDashboardAsync" disabled="@_loading">
+                <i class="bi bi-arrow-clockwise"></i> Refresh
+            </button>
+            <button class="toolbar-btn primary" @onclick="() => TabManager.OpenQueryTab()">
+                <i class="bi bi-plus-lg"></i> New Query
+            </button>
+        </div>
+    </header>
 
-    @if (_tableNames is not null && _tableNames.Count > 0)
+    @if (_loading)
     {
-        <div class="welcome-tables">
-            <div class="d-flex align-items-center justify-content-between gap-2 mb-3">
-                <h3 class="mb-0">Tables</h3>
-                <button class="btn btn-sm btn-outline-secondary"
-                        @onclick="LoadRowCountsAsync"
-                        disabled="@(_loadingRowCounts || _tableNames.Count == 0)">
-                    @(_loadingRowCounts ? "Loading counts..." : "Load row counts")
-                </button>
-            </div>
-            <div class="welcome-table-grid">
-                @foreach (var name in _tableNames)
+        <div class="loading-overlay"><span class="spinner"></span></div>
+    }
+    else
+    {
+        <section class="dashboard-stats">
+            <button class="dashboard-stat" @onclick="OpenFirstTable">
+                <span class="label">Tables</span>
+                <strong>@_userTables.Count</strong>
+                <span class="meta">@_rowCounts.Count counted</span>
+                <i class="bi bi-table icon-table"></i>
+            </button>
+            <button class="dashboard-stat" @onclick="OpenFirstView">
+                <span class="label">Views</span>
+                <strong>@_viewCount</strong>
+                <span class="meta">query sources</span>
+                <i class="bi bi-eye icon-view"></i>
+            </button>
+            <button class="dashboard-stat" @onclick="() => TabManager.OpenNewProcedureTab()">
+                <span class="label">Procedures</span>
+                <strong>@_procedureCount</strong>
+                <span class="meta">stored SQL</span>
+                <i class="bi bi-gear-wide-connected icon-trigger"></i>
+            </button>
+            <button class="dashboard-stat" @onclick="() => TabManager.OpenFormDesignerTab()">
+                <span class="label">Forms</span>
+                <strong>@_formCount</strong>
+                <span class="meta">data entry</span>
+                <i class="bi bi-ui-checks-grid icon-form"></i>
+            </button>
+            <button class="dashboard-stat" @onclick="() => TabManager.OpenReportDesignerTab()">
+                <span class="label">Reports</span>
+                <strong>@_reportCount</strong>
+                <span class="meta">print layouts</span>
+                <i class="bi bi-file-earmark-richtext icon-report"></i>
+            </button>
+        </section>
+
+        <div class="dashboard-grid">
+            <section class="dashboard-panel dashboard-main-panel">
+                <header>
+                    <div class="dashboard-panel-title">
+                        <h3>Top Tables</h3>
+                        <span>@TopTablesScopeText</span>
+                    </div>
+                    <button class="panel-link" @onclick="LoadRowCountsAsync" disabled="@_loadingRowCounts">
+                        @(_loadingRowCounts ? "Counting..." : "Refresh counts")
+                    </button>
+                </header>
+                @if (_userTables.Count == 0)
                 {
-                    <button class="welcome-table-card" @onclick="() => TabManager.OpenTableTab(name)">
-                        <i class="bi bi-table"></i>
-                        <span>@name</span>
-                        @if (_rowCounts.TryGetValue(name, out var count))
+                    <p class="dashboard-empty">No user tables yet.</p>
+                }
+                else
+                {
+                    @foreach (string tableName in TopTables)
+                    {
+                        <button class="dashboard-table-row" @onclick="() => TabManager.OpenTableTab(tableName)">
+                            <span class="table-name"><i class="bi bi-table icon-table"></i>@tableName</span>
+                            <span class="row-count">@FormatRows(tableName)</span>
+                            <span class="row-meter" title="@GetRowMeterTitle(tableName)" aria-hidden="true">
+                                <span style="@($"width:{GetRowMeterWidth(tableName).ToString(System.Globalization.CultureInfo.InvariantCulture)}%")"></span>
+                            </span>
+                            <i class="bi bi-arrow-right-short"></i>
+                        </button>
+                    }
+                }
+            </section>
+
+            <div class="dashboard-side">
+                <section class="dashboard-panel">
+                    <header><h3>Quick Actions</h3></header>
+                    <div class="dashboard-actions-grid">
+                        <button @onclick="() => TabManager.OpenQueryTab()">
+                            <i class="bi bi-terminal icon-system"></i>
+                            <strong>New Query</strong>
+                            <small>Ctrl+N</small>
+                        </button>
+                        <button @onclick="() => TabManager.OpenTableDesignerTab()">
+                            <i class="bi bi-table icon-table"></i>
+                            <strong>New Table</strong>
+                            <small>Design schema</small>
+                        </button>
+                        <button @onclick="() => TabManager.OpenFormDesignerTab()">
+                            <i class="bi bi-ui-checks-grid icon-form"></i>
+                            <strong>New Form</strong>
+                            <small>Data entry</small>
+                        </button>
+                        <button @onclick="() => TabManager.OpenReportDesignerTab()">
+                            <i class="bi bi-file-earmark-richtext icon-report"></i>
+                            <strong>New Report</strong>
+                            <small>Preview/print</small>
+                        </button>
+                    </div>
+                </section>
+
+                <section class="dashboard-panel">
+                    <header><h3>Recent Tabs</h3></header>
+                    @if (RecentTabs.Count == 0)
+                    {
+                        <p class="dashboard-empty">No recent tabs yet.</p>
+                    }
+                    else
+                    {
+                        @foreach (TabDescriptor tab in RecentTabs)
                         {
-                            <span class="welcome-row-count">@count rows</span>
+                            <button class="dashboard-recent-row" @onclick="() => TabManager.ActivateTab(tab.Id)">
+                                <i class="bi @tab.Icon"></i>
+                                <span>@tab.Title</span>
+                                <small>@tab.Kind</small>
+                            </button>
                         }
-                    </button>
-                }
+                    }
+                </section>
+
+                <section class="dashboard-panel">
+                    <header><h3>Health</h3></header>
+                    <div class="dashboard-health-row"><span>Connection</span><strong class="ok">Connected</strong></div>
+                    <div class="dashboard-health-row"><span>Database</span><strong>@DatabaseName</strong></div>
+                    <div class="dashboard-health-row"><span>Objects</span><strong>@(_userTables.Count + _viewCount + _procedureCount)</strong></div>
+                    <div class="dashboard-health-row"><span>Forms/Reports</span><strong>@(_formCount + _reportCount)</strong></div>
+                </section>
             </div>
         </div>
     }
 </div>
 
 @code {
-    private IReadOnlyCollection<string>? _tableNames;
-    private readonly Dictionary<string, int> _rowCounts = new();
-    private CancellationTokenSource? _countLoadCts;
+    private const int RowCountLimit = 12;
+    private const int TopTablesDisplayLimit = 8;
+
+    private readonly Dictionary<string, int> _rowCounts = new(StringComparer.OrdinalIgnoreCase);
+    private IReadOnlyList<string> _userTables = [];
+    private IReadOnlyList<string> _views = [];
+    private int _viewCount;
+    private int _procedureCount;
+    private int _formCount;
+    private int _reportCount;
+    private bool _loading;
     private bool _loadingRowCounts;
 
+    private string DatabaseName => Path.GetFileName(DbClient.DataSource) is { Length: > 0 } name ? name : DbClient.DataSource;
+
+    private IReadOnlyList<TabDescriptor> RecentTabs
+        => TabManager.Tabs
+            .Where(tab => tab.Kind != TabKind.Welcome)
+            .Reverse()
+            .Take(5)
+            .ToList();
+
+    private IReadOnlyList<string> TopTables
+        => _userTables
+            .OrderByDescending(name => _rowCounts.TryGetValue(name, out int count) ? count : -1)
+            .ThenBy(name => name, StringComparer.OrdinalIgnoreCase)
+            .Take(TopTablesDisplayLimit)
+            .ToList();
+
+    private int MaxCountedRows
+        => _rowCounts.Values.Count == 0 ? 0 : _rowCounts.Values.Max();
+
+    private string TopTablesScopeText
+    {
+        get
+        {
+            if (_userTables.Count == 0)
+                return "No user tables";
+
+            int displayed = Math.Min(TopTablesDisplayLimit, _userTables.Count);
+            int countLimit = Math.Min(RowCountLimit, _userTables.Count);
+            return $"Showing {displayed:n0} of {_userTables.Count:n0} tables; row counts loaded for {_rowCounts.Count:n0} of {countLimit:n0}.";
+        }
+    }
+
     protected override async Task OnInitializedAsync()
     {
         Changes.Changed += OnChanged;
-        await LoadTablesAsync();
+        await LoadDashboardAsync();
     }
 
     private async void OnChanged()
     {
-        await LoadTablesAsync();
+        await LoadDashboardAsync();
         await InvokeAsync(StateHasChanged);
     }
 
-    private async Task LoadTablesAsync()
+    private async Task LoadDashboardAsync()
     {
-        CancelCountLoad();
-
+        _loading = true;
         try
         {
-            _tableNames = (await DbClient.GetTableNamesAsync())
-                .Where(n => !n.StartsWith("_", StringComparison.Ordinal))
-                .OrderBy(n => n).ToList();
+            IReadOnlyCollection<string> tables = await DbClient.GetTableNamesAsync();
+            _userTables = tables
+                .Where(static name => !name.StartsWith("_", StringComparison.Ordinal))
+                .OrderBy(name => name, StringComparer.OrdinalIgnoreCase)
+                .ToList();
             _rowCounts.Clear();
-            _loadingRowCounts = false;
+            _views = (await DbClient.GetViewNamesAsync()).OrderBy(name => name, StringComparer.OrdinalIgnoreCase).ToList();
+            _viewCount = _views.Count;
+            _procedureCount = (await DbClient.GetProceduresAsync()).Count;
+            _formCount = (await FormRepository.ListAsync()).Count;
+            _reportCount = (await ReportRepository.ListAsync()).Count;
+            await LoadRowCountsAsync();
+        }
+        catch
+        {
+            _userTables = [];
+            _rowCounts.Clear();
+            _views = [];
+            _viewCount = 0;
+            _procedureCount = 0;
+            _formCount = 0;
+            _reportCount = 0;
+        }
+        finally
+        {
+            _loading = false;
         }
-        catch { /* ignore */ }
     }
 
     private async Task LoadRowCountsAsync()
     {
-        if (_loadingRowCounts || _tableNames is not { Count: > 0 } tableNames)
+        if (_loadingRowCounts)
             return;
 
-        CancelCountLoad();
-        _countLoadCts = new CancellationTokenSource();
         _loadingRowCounts = true;
-
         try
         {
-            foreach (var name in tableNames)
+            foreach (string tableName in _userTables.Take(RowCountLimit))
             {
                 try
                 {
-                    _rowCounts[name] = await DbClient.GetRowCountAsync(name, _countLoadCts.Token);
-                    await InvokeAsync(StateHasChanged);
-                }
-                catch (OperationCanceledException)
-                {
-                    break;
+                    _rowCounts[tableName] = await DbClient.GetRowCountAsync(tableName);
                 }
                 catch
                 {
-                    // Ignore per-table count failures so one bad object does not block the rest.
                 }
             }
         }
         finally
         {
             _loadingRowCounts = false;
-            await InvokeAsync(StateHasChanged);
         }
     }
 
-    private void CancelCountLoad()
+    private void OpenFirstTable()
+    {
+        if (_userTables.Count > 0)
+            TabManager.OpenTableTab(_userTables[0]);
+    }
+
+    private void OpenFirstView()
     {
-        _countLoadCts?.Cancel();
-        _countLoadCts?.Dispose();
-        _countLoadCts = null;
+        if (_views.Count > 0)
+            TabManager.OpenViewTab(_views[0]);
     }
 
+    private string FormatRows(string tableName)
+        => _rowCounts.TryGetValue(tableName, out int count)
+            ? $"{count:n0} rows"
+            : "not counted";
+
+    private double GetRowMeterWidth(string tableName)
+    {
+        if (!_rowCounts.TryGetValue(tableName, out int count) || MaxCountedRows <= 0)
+            return 0;
+
+        return Math.Max(4, count * 100d / MaxCountedRows);
+    }
+
+    private string GetRowMeterTitle(string tableName)
+        => _rowCounts.TryGetValue(tableName, out int count) && MaxCountedRows > 0
+            ? $"{count:n0} of {MaxCountedRows:n0} rows among shown tables"
+            : "Row count not available";
+
     public void Dispose()
     {
         Changes.Changed -= OnChanged;
-        CancelCountLoad();
     }
 }
diff --git a/src/CSharpDB.Admin/Configuration/AdminHostDatabaseOptions.cs b/src/CSharpDB.Admin/Configuration/AdminHostDatabaseOptions.cs
index f4c7f08a..48b70a49 100644
--- a/src/CSharpDB.Admin/Configuration/AdminHostDatabaseOptions.cs
+++ b/src/CSharpDB.Admin/Configuration/AdminHostDatabaseOptions.cs
@@ -1,5 +1,6 @@
 using CSharpDB.Client;
 using CSharpDB.Engine;
+using CSharpDB.Primitives;
 using Microsoft.Extensions.Configuration;
 
 namespace CSharpDB.Admin.Configuration;
@@ -49,7 +50,8 @@ public static CSharpDbClientOptions Build(
         IConfiguration configuration,
         AdminHostDatabaseOptions hostDatabaseOptions,
         CSharpDbTransport? transport,
-        string? endpoint)
+        string? endpoint,
+        DbFunctionRegistry? functions = null)
     {
         ArgumentNullException.ThrowIfNull(configuration);
         ArgumentNullException.ThrowIfNull(hostDatabaseOptions);
@@ -58,7 +60,7 @@ public static CSharpDbClientOptions Build(
         {
             if (transport == CSharpDbTransport.Direct || (transport is null && EndpointLooksLikeDirectPath(endpoint)))
             {
-                return BuildDirectEndpoint(endpoint, hostDatabaseOptions, transport);
+                return BuildDirectEndpoint(endpoint, hostDatabaseOptions, transport, functions);
             }
 
             return new CSharpDbClientOptions
@@ -79,12 +81,14 @@ public static CSharpDbClientOptions Build(
         return BuildDirectConnectionString(
             configuration.GetConnectionString("CSharpDB") ?? FallbackConnectionString,
             hostDatabaseOptions,
-            transport);
+            transport,
+            functions);
     }
 
     public static CSharpDbClientOptions BuildDirectDataSource(
         string dataSource,
-        AdminHostDatabaseOptions hostDatabaseOptions)
+        AdminHostDatabaseOptions hostDatabaseOptions,
+        DbFunctionRegistry? functions = null)
     {
         ArgumentException.ThrowIfNullOrWhiteSpace(dataSource);
         ArgumentNullException.ThrowIfNull(hostDatabaseOptions);
@@ -93,17 +97,20 @@ public static CSharpDbClientOptions BuildDirectDataSource(
         {
             Transport = CSharpDbTransport.Direct,
             DataSource = dataSource,
-            DirectDatabaseOptions = BuildDirectDatabaseOptions(hostDatabaseOptions),
+            DirectDatabaseOptions = BuildDirectDatabaseOptions(hostDatabaseOptions, functions),
             HybridDatabaseOptions = BuildHybridDatabaseOptionsOrNull(hostDatabaseOptions),
         };
     }
 
-    public static DatabaseOptions BuildDirectDatabaseOptions(AdminHostDatabaseOptions hostDatabaseOptions)
+    public static DatabaseOptions BuildDirectDatabaseOptions(
+        AdminHostDatabaseOptions hostDatabaseOptions,
+        DbFunctionRegistry? functions = null)
     {
         ArgumentNullException.ThrowIfNull(hostDatabaseOptions);
 
         var options = new DatabaseOptions
         {
+            Functions = functions ?? DbFunctionRegistry.Empty,
             ImplicitInsertExecutionMode = hostDatabaseOptions.ImplicitInsertExecutionMode,
         };
 
@@ -131,13 +138,14 @@ public static DatabaseOptions BuildDirectDatabaseOptions(AdminHostDatabaseOption
     private static CSharpDbClientOptions BuildDirectConnectionString(
         string connectionString,
         AdminHostDatabaseOptions hostDatabaseOptions,
-        CSharpDbTransport? transport)
+        CSharpDbTransport? transport,
+        DbFunctionRegistry? functions)
     {
         return new CSharpDbClientOptions
         {
             Transport = transport,
             ConnectionString = connectionString,
-            DirectDatabaseOptions = BuildDirectDatabaseOptions(hostDatabaseOptions),
+            DirectDatabaseOptions = BuildDirectDatabaseOptions(hostDatabaseOptions, functions),
             HybridDatabaseOptions = BuildHybridDatabaseOptionsOrNull(hostDatabaseOptions),
         };
     }
@@ -145,13 +153,14 @@ private static CSharpDbClientOptions BuildDirectConnectionString(
     private static CSharpDbClientOptions BuildDirectEndpoint(
         string endpoint,
         AdminHostDatabaseOptions hostDatabaseOptions,
-        CSharpDbTransport? transport)
+        CSharpDbTransport? transport,
+        DbFunctionRegistry? functions)
     {
         return new CSharpDbClientOptions
         {
             Transport = transport,
             Endpoint = endpoint,
-            DirectDatabaseOptions = BuildDirectDatabaseOptions(hostDatabaseOptions),
+            DirectDatabaseOptions = BuildDirectDatabaseOptions(hostDatabaseOptions, functions),
             HybridDatabaseOptions = BuildHybridDatabaseOptionsOrNull(hostDatabaseOptions),
         };
     }
diff --git a/src/CSharpDB.Admin/Helpers/CollectionJsonFormatter.cs b/src/CSharpDB.Admin/Helpers/CollectionJsonFormatter.cs
new file mode 100644
index 00000000..068e7629
--- /dev/null
+++ b/src/CSharpDB.Admin/Helpers/CollectionJsonFormatter.cs
@@ -0,0 +1,127 @@
+using System.Text.Json;
+
+namespace CSharpDB.Admin.Helpers;
+
+public static class CollectionJsonFormatter
+{
+    private static readonly JsonSerializerOptions s_indentedOptions = new()
+    {
+        WriteIndented = true,
+    };
+
+    public static string Format(JsonElement document)
+        => JsonSerializer.Serialize(document, s_indentedOptions);
+
+    public static bool TryFormat(string json, out string formatted, out string? error)
+    {
+        try
+        {
+            using var document = JsonDocument.Parse(json);
+            formatted = Format(document.RootElement);
+            error = null;
+            return true;
+        }
+        catch (JsonException ex)
+        {
+            formatted = json;
+            error = ex.Message;
+            return false;
+        }
+    }
+
+    public static bool TryClone(string json, out JsonElement document, out string? error)
+    {
+        try
+        {
+            using var parsed = JsonDocument.Parse(json);
+            document = parsed.RootElement.Clone();
+            error = null;
+            return true;
+        }
+        catch (JsonException ex)
+        {
+            document = default;
+            error = ex.Message;
+            return false;
+        }
+    }
+
+    public static string GetKindLabel(JsonElement document)
+        => document.ValueKind switch
+        {
+            JsonValueKind.Object => "object",
+            JsonValueKind.Array => "array",
+            JsonValueKind.String => "string",
+            JsonValueKind.Number => "number",
+            JsonValueKind.True => "boolean",
+            JsonValueKind.False => "boolean",
+            JsonValueKind.Null => "null",
+            _ => "value",
+        };
+
+    public static string GetPreview(JsonElement document, int maxLength = 120)
+    {
+        string preview = document.ValueKind switch
+        {
+            JsonValueKind.Object => BuildObjectPreview(document),
+            JsonValueKind.Array => BuildArrayPreview(document),
+            JsonValueKind.String => document.GetString() ?? string.Empty,
+            JsonValueKind.Number => document.GetRawText(),
+            JsonValueKind.True => "true",
+            JsonValueKind.False => "false",
+            JsonValueKind.Null => "null",
+            _ => document.GetRawText(),
+        };
+
+        preview = NormalizeWhitespace(preview);
+        if (preview.Length <= maxLength)
+            return preview;
+
+        return maxLength <= 3
+            ? preview[..maxLength]
+            : string.Concat(preview.AsSpan(0, maxLength - 3), "...");
+    }
+
+    private static string BuildObjectPreview(JsonElement document)
+    {
+        var parts = new List<string>();
+        foreach (var property in document.EnumerateObject().Take(4))
+            parts.Add($"{property.Name}: {GetScalarPreview(property.Value)}");
+
+        return parts.Count == 0
+            ? "{}"
+            : string.Join(", ", parts);
+    }
+
+    private static string BuildArrayPreview(JsonElement document)
+    {
+        int count = 0;
+        var parts = new List<string>();
+        foreach (var item in document.EnumerateArray())
+        {
+            count++;
+            if (parts.Count < 4)
+                parts.Add(GetScalarPreview(item));
+        }
+
+        return count == 0
+            ? "[]"
+            : $"{count} item{(count == 1 ? string.Empty : "s")}: {string.Join(", ", parts)}";
+    }
+
+    private static string GetScalarPreview(JsonElement value)
+        => value.ValueKind switch
+        {
+            JsonValueKind.Object => "{...}",
+            JsonValueKind.Array => "[...]",
+            JsonValueKind.String => value.GetString() ?? string.Empty,
+            JsonValueKind.Number => value.GetRawText(),
+            JsonValueKind.True => "true",
+            JsonValueKind.False => "false",
+            JsonValueKind.Null => "null",
+            _ => value.GetRawText(),
+        };
+
+    private static string NormalizeWhitespace(string value)
+        => string.Join(" ", value.Split((char[]?)null, StringSplitOptions.RemoveEmptyEntries));
+}
diff --git a/src/CSharpDB.Admin/Helpers/CollectionNameValidator.cs b/src/CSharpDB.Admin/Helpers/CollectionNameValidator.cs
new file mode 100644
index 00000000..84d5e623
--- /dev/null
+++ b/src/CSharpDB.Admin/Helpers/CollectionNameValidator.cs
@@ -0,0 +1,16 @@
+using System.Text.RegularExpressions;
+
+namespace CSharpDB.Admin.Helpers;
+
+public static partial class CollectionNameValidator
+{
+    public static bool IsValid(string? name)
+        => !string.IsNullOrWhiteSpace(name) && CollectionNamePattern().IsMatch(name.Trim());
+
+    public static string Normalize(string name) => name.Trim();
+
+    public const string HelpText = "Use letters, numbers, and underscores. The first character must be a letter or underscore.";
+
+    [GeneratedRegex("^[A-Za-z_][A-Za-z0-9_]*$")]
+    private static partial Regex CollectionNamePattern();
+}
diff --git a/src/CSharpDB.Admin/Helpers/QueryPagingSqlBuilder.cs b/src/CSharpDB.Admin/Helpers/QueryPagingSqlBuilder.cs
index 2c1cc8a7..ab87f636 100644
--- a/src/CSharpDB.Admin/Helpers/QueryPagingSqlBuilder.cs
+++ b/src/CSharpDB.Admin/Helpers/QueryPagingSqlBuilder.cs
@@ -729,8 +729,11 @@ private static string WriteSelect(SelectStatement statement)
             parts.Add("DISTINCT");
 
         parts.Add(string.Join(", ", statement.Columns.Select(WriteSelectColumn)));
-        parts.Add("FROM");
-        parts.Add(WriteTableRef(statement.From));
+        if (statement.From is not SingleRowTableRef)
+        {
+            parts.Add("FROM");
+            parts.Add(WriteTableRef(statement.From));
+        }
 
         if (statement.Where is not null)
         {
@@ -804,6 +807,7 @@ private static void AppendOrderingAndPagination(
     private static string WriteTableRef(TableRef tableRef)
         => tableRef switch
         {
+            SingleRowTableRef => string.Empty,
             SimpleTableRef simple => simple.Alias is null
                 ? simple.TableName
                 : $"{simple.TableName} AS {simple.Alias}",
diff --git a/src/CSharpDB.Admin/Helpers/SqlCompletionProvider.cs b/src/CSharpDB.Admin/Helpers/SqlCompletionProvider.cs
index 23bb7d24..99073f38 100644
--- a/src/CSharpDB.Admin/Helpers/SqlCompletionProvider.cs
+++ b/src/CSharpDB.Admin/Helpers/SqlCompletionProvider.cs
@@ -22,6 +22,13 @@ public sealed record SqlCompletionSource(string Name, SqlCompletionSourceKind Ki
 
 public sealed record SqlCompletionColumn(string Name, string? Type, string SourceName);
 
+public sealed record SqlCompletionFunction(
+    string Name,
+    int? Arity,
+    string? ReturnType,
+    string? Description,
+    bool CanRunWithoutFrom);
+
 public sealed class SqlCompletionCatalog
 {
     public static readonly SqlCompletionCatalog Empty = new();
@@ -33,6 +40,8 @@ public sealed class SqlCompletionCatalog
 
     public IReadOnlyList<string> Procedures { get; init; } = [];
 
+    public IReadOnlyList<SqlCompletionFunction> Functions { get; init; } = [];
+
     public IReadOnlyList<SqlCompletionColumn> GetColumnsForSource(string sourceName)
         => ColumnsBySource.TryGetValue(sourceName, out var columns) ? columns : [];
 }
@@ -92,8 +101,16 @@ public static partial class SqlCompletionProvider
         new("AVG", "AVG()", "aggregate"),
         new("MIN", "MIN()", "aggregate"),
         new("MAX", "MAX()", "aggregate"),
+        new("ABS", "ABS()", "function"),
         new("COALESCE", "COALESCE()", "function"),
+        new("DATE", "DATE()", "function"),
+        new("DATETIME", "DATETIME()", "function"),
+        new("IFNULL", "IFNULL()", "function"),
+        new("LEN", "LEN()", "function"),
         new("LOWER", "LOWER()", "function"),
+        new("NOW", "NOW()", "function"),
+        new("ROUND", "ROUND()", "function"),
+        new("TIME", "TIME()", "function"),
         new("UPPER", "UPPER()", "function"),
         new("LENGTH", "LENGTH()", "function"),
     ];
@@ -192,11 +209,25 @@ private static bool TryGetSelectListCompletions(
 
         if (TryFindSourceAfterCaret(statement, relativeCaret, out string sourceAfterCaret))
         {
-            result = BuildColumnSuggestions(catalog, sourceAfterCaret, token.Prefix, token.Start, caret);
+            result = BuildSelectListSuggestions(
+                BuildColumnSuggestions(catalog, sourceAfterCaret, token.Prefix, token.Start, caret),
+                BuildFunctionSuggestions(catalog, token.Prefix, token.Start, caret),
+                token.Prefix,
+                token.Start,
+                caret,
+                includeSources: false,
+                catalog);
             return result.Suggestions.Count > 0;
         }
 
-        result = BuildSourceSuggestions(catalog, token.Prefix, token.Start, caret, sourceForSelectList: true);
+        result = BuildSelectListSuggestions(
+            SqlCompletionResult.Empty,
+            BuildFunctionSuggestions(catalog, token.Prefix, token.Start, caret),
+            token.Prefix,
+            token.Start,
+            caret,
+            includeSources: true,
+            catalog);
         return result.Suggestions.Count > 0;
     }
 
@@ -268,6 +299,34 @@ private static SqlCompletionResult BuildKeywordSuggestions(
         return suggestions.Length == 0 ? SqlCompletionResult.Empty : new SqlCompletionResult(suggestions);
     }
 
+    private static SqlCompletionResult BuildSelectListSuggestions(
+        SqlCompletionResult columns,
+        SqlCompletionResult functions,
+        string prefix,
+        int replacementStart,
+        int replacementEnd,
+        bool includeSources,
+        SqlCompletionCatalog catalog)
+    {
+        var suggestions = new List<SqlCompletionSuggestion>(MaxSuggestions);
+
+        if (columns.Suggestions.Count > 0)
+            suggestions.AddRange(columns.Suggestions);
+
+        if (includeSources)
+            suggestions.AddRange(BuildSourceSuggestions(catalog, prefix, replacementStart, replacementEnd, sourceForSelectList: true).Suggestions);
+
+        suggestions.AddRange(functions.Suggestions);
+
+        SqlCompletionSuggestion[] distinct = suggestions
+            .GroupBy(static suggestion => $"{(int)suggestion.Kind}\u001f{suggestion.Label}", StringComparer.OrdinalIgnoreCase)
+            .Select(static group => group.First())
+            .Take(MaxSuggestions)
+            .ToArray();
+
+        return distinct.Length == 0 ? SqlCompletionResult.Empty : new SqlCompletionResult(distinct);
+    }
+
     private static SqlCompletionResult BuildSourceSuggestions(
         SqlCompletionCatalog catalog,
         string prefix,
@@ -369,6 +428,72 @@ private static SqlCompletionResult BuildProcedureSuggestions(
         return suggestions.Length == 0 ? SqlCompletionResult.Empty : new SqlCompletionResult(suggestions);
     }
 
+    private static SqlCompletionResult BuildFunctionSuggestions(
+        SqlCompletionCatalog catalog,
+        string prefix,
+        int replacementStart,
+        int replacementEnd)
+    {
+        var catalogFunctions = catalog.Functions
+            .Where(function => function.CanRunWithoutFrom && MatchesPrefix(function.Name, prefix))
+            .OrderBy(function => function.Name, StringComparer.OrdinalIgnoreCase)
+            .Select(function =>
+            {
+                string insertText = $"{function.Name}()";
+                int caretOffset = function.Arity == 0 ? insertText.Length : insertText.Length - 1;
+                string detail = BuildFunctionDetail(function);
+                return new SqlCompletionSuggestion(
+                    function.Name,
+                    insertText,
+                    detail,
+                    SqlCompletionSuggestionKind.Function,
+                    replacementStart,
+                    replacementEnd,
+                    caretOffset);
+            });
+
+        var builtIns = s_functions
+            .Where(function => MatchesPrefix(function.Label, prefix))
+            .OrderBy(function => function.Label, StringComparer.OrdinalIgnoreCase)
+            .Select(function =>
+            {
+                int caretOffset = function.InsertText.EndsWith("()", StringComparison.Ordinal)
+                    ? function.InsertText.Length - 1
+                    : function.InsertText.Length;
+                return new SqlCompletionSuggestion(
+                    function.Label,
+                    function.InsertText,
+                    function.Detail,
+                    SqlCompletionSuggestionKind.Function,
+                    replacementStart,
+                    replacementEnd,
+                    caretOffset);
+            });
+
+        SqlCompletionSuggestion[] suggestions = builtIns
+            .Concat(catalogFunctions)
+            .GroupBy(static suggestion => suggestion.Label, StringComparer.OrdinalIgnoreCase)
+            .Select(static group => group.First())
+            .Take(MaxSuggestions)
+            .ToArray();
+
+        return suggestions.Length == 0 ? SqlCompletionResult.Empty : new SqlCompletionResult(suggestions);
+    }
+
+    private static string BuildFunctionDetail(SqlCompletionFunction function)
+    {
+        string arity = function.Arity switch
+        {
+            0 => "0 args",
+            1 => "1 arg",
+            int count => $"{count} args",
+            _ => "scalar",
+        };
+        string type = string.IsNullOrWhiteSpace(function.ReturnType) ? "scalar" : function.ReturnType;
+        string description = string.IsNullOrWhiteSpace(function.Description) ? string.Empty : $" - {function.Description}";
+        return $"host function - {type} - {arity}{description}";
+    }
+
     private static SqlCompletionToken ReadCurrentToken(string sql, int caret)
     {
         int start = caret;
diff --git a/src/CSharpDB.Admin/Models/DataGridFilterSummary.cs b/src/CSharpDB.Admin/Models/DataGridFilterSummary.cs
new file mode 100644
index 00000000..bfedeb12
--- /dev/null
+++ b/src/CSharpDB.Admin/Models/DataGridFilterSummary.cs
@@ -0,0 +1,7 @@
+namespace CSharpDB.Admin.Models;
+
+public sealed record DataGridFilterSummary(
+    int ColumnIndex,
+    string ColumnName,
+    DataGridFilterMatchMode MatchMode,
+    string Value);
diff --git a/src/CSharpDB.Admin/Models/TabDescriptor.cs b/src/CSharpDB.Admin/Models/TabDescriptor.cs
index 4bd80d54..c2848441 100644
--- a/src/CSharpDB.Admin/Models/TabDescriptor.cs
+++ b/src/CSharpDB.Admin/Models/TabDescriptor.cs
@@ -6,6 +6,8 @@ public enum TabKind
     Query,
     TableData,
     ViewData,
+    CollectionData,
+    HostCallbacks,
     Procedure,
     Pipeline,
     Storage,
@@ -34,7 +36,7 @@ public TabDescriptor(string id, string title, string icon, TabKind kind, bool cl
         Closable = closable;
     }
 
-    /// <summary>Get the object name for data/view tabs (e.g. table name, view name).</summary>
+    /// <summary>Get the object name for table, view, collection, and other object-backed tabs.</summary>
     public string? ObjectName
     {
         get => State.TryGetValue("ObjectName", out var v) ? v as string : null;
@@ -73,6 +75,30 @@ public string? InitialTableName
         set => State["InitialTableName"] = value;
     }
 
+    public object? InitialRecordId
+    {
+        get => State.TryGetValue("InitialRecordId", out var v) ? v : null;
+        set => State["InitialRecordId"] = value;
+    }
+
+    public string? InitialFormEntryMode
+    {
+        get => State.TryGetValue("InitialFormEntryMode", out var v) ? v as string : null;
+        set => State["InitialFormEntryMode"] = value;
+    }
+
+    public string? InitialFilterExpression
+    {
+        get => State.TryGetValue("InitialFilterExpression", out var v) ? v as string : null;
+        set => State["InitialFilterExpression"] = value;
+    }
+
+    public IReadOnlyDictionary<string, object?>? InitialFilterParameters
+    {
+        get => State.TryGetValue("InitialFilterParameters", out var v) ? v as IReadOnlyDictionary<string, object?> : null;
+        set => State["InitialFilterParameters"] = value;
+    }
+
     public string? ReportId
     {
         get => State.TryGetValue("ReportId", out var v) ? v as string : null;
diff --git a/src/CSharpDB.Admin/Program.cs b/src/CSharpDB.Admin/Program.cs
index 0adde517..4896c433 100644
--- a/src/CSharpDB.Admin/Program.cs
+++ b/src/CSharpDB.Admin/Program.cs
@@ -1,9 +1,11 @@
 using CSharpDB.Admin.Configuration;
 using CSharpDB.Admin.Components;
+using CSharpDB.Admin.Components.Samples.FormControls;
 using CSharpDB.Admin.Forms.Services;
 using CSharpDB.Admin.Reports.Services;
 using CSharpDB.Admin.Services;
 using CSharpDB.Client;
+using CSharpDB.Primitives;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -12,10 +14,14 @@
 
 builder.Services.AddSingleton(sp =>
     AdminClientOptionsBuilder.BindHostDatabaseOptions(sp.GetRequiredService<IConfiguration>()));
+builder.Services.AddSingleton(AdminHostCallbacks.CreateFunctionRegistry());
+builder.Services.AddSingleton(AdminHostCallbacks.CreateCommandRegistry());
+builder.Services.AddSingleton(AdminHostCallbacks.CreatePolicy());
 builder.Services.AddSingleton<DatabaseClientHolder>(sp =>
 {
     var configuration = sp.GetRequiredService<IConfiguration>();
     var hostDatabaseOptions = sp.GetRequiredService<AdminHostDatabaseOptions>();
+    var functions = sp.GetRequiredService<DbFunctionRegistry>();
     string? endpoint = configuration["CSharpDB:Endpoint"];
     CSharpDbTransport? transport = ParseTransport(configuration["CSharpDB:Transport"]);
 
@@ -23,9 +29,10 @@
         configuration,
         hostDatabaseOptions,
         transport,
-        endpoint);
+        endpoint,
+        functions);
 
-    return new DatabaseClientHolder(CSharpDbClient.Create(options), hostDatabaseOptions);
+    return new DatabaseClientHolder(CSharpDbClient.Create(options), hostDatabaseOptions, functions);
 });
 builder.Services.AddSingleton<ICSharpDbClient>(sp => sp.GetRequiredService<DatabaseClientHolder>());
 builder.Services.AddScoped<TabManagerService>();
@@ -33,10 +40,17 @@
 builder.Services.AddScoped<ToastService>();
 builder.Services.AddScoped<ModalService>();
 builder.Services.AddScoped<DatabaseChangeService>();
+builder.Services.AddScoped<HostCallbackCatalogService>();
+builder.Services.AddScoped<HostCallbackPolicyService>();
+builder.Services.AddScoped<HostCallbackReadinessService>();
+builder.Services.AddSingleton<HostCallbackDiagnosticsHistoryService>();
 builder.Services.AddCSharpDbAdminForms();
+if (builder.Configuration.GetValue<bool>("AdminForms:EnableSampleControls"))
+    builder.Services.AddSampleFormControls();
 builder.Services.AddCSharpDbAdminReports();
 
 var app = builder.Build();
+_ = app.Services.GetRequiredService<HostCallbackDiagnosticsHistoryService>();
 
 // Warm the in-process database instance before any requests arrive.
 await using (var scope = app.Services.CreateAsyncScope())
diff --git a/src/CSharpDB.Admin/README.md b/src/CSharpDB.Admin/README.md
index 2d72b59a..74905a91 100644
--- a/src/CSharpDB.Admin/README.md
+++ b/src/CSharpDB.Admin/README.md
@@ -8,10 +8,12 @@ database objects.
 
 ## What This Project Provides
 
-- object explorer for user tables, system tables, forms, reports, views,
+- object explorer for user tables, system tables, document collections, forms, reports, views,
   triggers, saved queries, and procedures
 - table browsing with insert, update, delete, per-column `LIKE` placement and `=` filters,
   and schema views
+- collection browsing with paged JSON document inspection, create, update,
+  delete, and exact-key lookup
 - table designer for creating tables
 - SQL query tabs with paged results and guided SQL completions
 - procedure editor and execution surface
@@ -105,8 +107,8 @@ dotnet run --project src/CSharpDB.Admin/CSharpDB.Admin.csproj
 
 - `Program.cs` - Blazor host startup and database client wiring
 - `Components/Layout` - shell layout, object explorer, tabs, and status UI
-- `Components/Tabs` - table, query, procedure, storage, pipeline, form, and
-  report tab surfaces
+- `Components/Tabs` - table, collection, query, procedure, storage, pipeline,
+  form, and report tab surfaces
 - `Components/Shared` - shared grid, editor, modal, context menu, and toast UI
 - `Services` - tab manager, database holder, change notifications, modal, toast,
   and theme services
diff --git a/src/CSharpDB.Admin/Services/AdminHostCallbacks.cs b/src/CSharpDB.Admin/Services/AdminHostCallbacks.cs
new file mode 100644
index 00000000..7d3c43ef
--- /dev/null
+++ b/src/CSharpDB.Admin/Services/AdminHostCallbacks.cs
@@ -0,0 +1,105 @@
+using System.Text;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Services;
+
+public static class AdminHostCallbacks
+{
+    private const string PolicySource = "CSharpDB.Admin host callback policy";
+
+    public static DbFunctionRegistry CreateFunctionRegistry()
+        => DbFunctionRegistry.Create(functions =>
+        {
+            functions.AddScalar(
+                "Slugify",
+                arity: 1,
+                options: new DbScalarFunctionOptions(
+                    ReturnType: DbType.Text,
+                    IsDeterministic: true,
+                    NullPropagating: true,
+                    Description: "Formats text as a lowercase URL slug.",
+                    Metadata: CreateMetadata("CSharpDB.Admin"),
+                    CanRunWithoutFrom: true),
+                invoke: static (_, args) => DbValue.FromText(Slugify(args[0].AsText)));
+        });
+
+    public static DbCommandRegistry CreateCommandRegistry()
+        => DbCommandRegistry.Create(commands =>
+        {
+            commands.AddCommand(
+                "EchoAutomationEvent",
+                new DbCommandOptions(
+                    Description: "Returns a small host-owned acknowledgement for automation command wiring.",
+                    Metadata: CreateMetadata("CSharpDB.Admin")),
+                static context =>
+                {
+                    string eventName = context.Metadata.TryGetValue("event", out string? value)
+                        ? value
+                        : "manual";
+                    string surface = context.Metadata.TryGetValue("surface", out string? surfaceValue)
+                        ? surfaceValue
+                        : "unknown";
+                    string message = $"Received {surface}.{eventName}.";
+
+                    return DbCommandResult.Success(message, DbValue.FromText(message));
+                });
+        });
+
+    public static DbExtensionPolicy CreatePolicy()
+        => new(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ScalarFunctions,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    Reason: "Admin host registered scalar functions.",
+                    PolicySource: PolicySource),
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    Reason: "Admin host registered trusted commands.",
+                    PolicySource: PolicySource),
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ValidationRules,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    Reason: "Admin host registered validation rules.",
+                    PolicySource: PolicySource),
+            ],
+            DefaultTimeout: TimeSpan.FromSeconds(5),
+            RequireSignature: true,
+            AllowedHostModes: DbExtensionHostMode.Embedded);
+
+    private static Dictionary<string, string> CreateMetadata(string value)
+        => new(StringComparer.OrdinalIgnoreCase)
+        {
+            ["host"] = value,
+        };
+
+    private static string Slugify(string text)
+    {
+        var builder = new StringBuilder(text.Length);
+        bool wroteSeparator = false;
+
+        foreach (char ch in text.Trim().ToLowerInvariant())
+        {
+            if (char.IsLetterOrDigit(ch))
+            {
+                builder.Append(ch);
+                wroteSeparator = false;
+                continue;
+            }
+
+            if (builder.Length == 0 || wroteSeparator)
+                continue;
+
+            builder.Append('-');
+            wroteSeparator = true;
+        }
+
+        if (builder.Length > 0 && builder[^1] == '-')
+            builder.Length--;
+
+        return builder.ToString();
+    }
+}
diff --git a/src/CSharpDB.Admin/Services/DatabaseClientHolder.cs b/src/CSharpDB.Admin/Services/DatabaseClientHolder.cs
index 3c3652c3..17676d45 100644
--- a/src/CSharpDB.Admin/Services/DatabaseClientHolder.cs
+++ b/src/CSharpDB.Admin/Services/DatabaseClientHolder.cs
@@ -3,6 +3,7 @@
 using CSharpDB.Client;
 using CSharpDB.Client.Models;
 using CSharpDB.Storage.Diagnostics;
+using DbFunctionRegistry = CSharpDB.Primitives.DbFunctionRegistry;
 
 namespace CSharpDB.Admin.Services;
 
@@ -15,20 +16,25 @@ public sealed class DatabaseClientHolder : ICSharpDbClient
 {
     private ICSharpDbClient _inner;
     private readonly AdminHostDatabaseOptions _hostDatabaseOptions;
+    private readonly DbFunctionRegistry _functions;
     private readonly object _lock = new();
 
     public event Action? DatabaseChanged;
 
-    public DatabaseClientHolder(ICSharpDbClient initial, AdminHostDatabaseOptions hostDatabaseOptions)
+    public DatabaseClientHolder(
+        ICSharpDbClient initial,
+        AdminHostDatabaseOptions hostDatabaseOptions,
+        DbFunctionRegistry functions)
     {
         _inner = initial;
         _hostDatabaseOptions = hostDatabaseOptions;
+        _functions = functions;
     }
 
     public async Task SwitchAsync(string databasePath)
     {
         var newClient = CSharpDbClient.Create(
-            AdminClientOptionsBuilder.BuildDirectDataSource(databasePath, _hostDatabaseOptions));
+            AdminClientOptionsBuilder.BuildDirectDataSource(databasePath, _hostDatabaseOptions, _functions));
 
         // Verify the new database is accessible before swapping.
         await newClient.GetInfoAsync();
@@ -105,6 +111,7 @@ public async Task SwitchAsync(string databasePath)
     public Task<JsonElement?> GetDocumentAsync(string collectionName, string key, CancellationToken ct = default) => _inner.GetDocumentAsync(collectionName, key, ct);
     public Task PutDocumentAsync(string collectionName, string key, JsonElement document, CancellationToken ct = default) => _inner.PutDocumentAsync(collectionName, key, document, ct);
     public Task<bool> DeleteDocumentAsync(string collectionName, string key, CancellationToken ct = default) => _inner.DeleteDocumentAsync(collectionName, key, ct);
+    public Task DropCollectionAsync(string collectionName, CancellationToken ct = default) => _inner.DropCollectionAsync(collectionName, ct);
     public Task CheckpointAsync(CancellationToken ct = default) => _inner.CheckpointAsync(ct);
     public Task<BackupResult> BackupAsync(BackupRequest request, CancellationToken ct = default) => _inner.BackupAsync(request, ct);
     public Task<RestoreResult> RestoreAsync(RestoreRequest request, CancellationToken ct = default) => _inner.RestoreAsync(request, ct);
diff --git a/src/CSharpDB.Admin/Services/HostCallbackCatalogService.cs b/src/CSharpDB.Admin/Services/HostCallbackCatalogService.cs
new file mode 100644
index 00000000..c27f8959
--- /dev/null
+++ b/src/CSharpDB.Admin/Services/HostCallbackCatalogService.cs
@@ -0,0 +1,650 @@
+using System.Globalization;
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Admin.Reports.Contracts;
+using CSharpDB.Admin.Reports.Models;
+using CSharpDB.Admin.Reports.Services;
+using CSharpDB.Client;
+using CSharpDB.Client.Models;
+using CSharpDB.Client.Pipelines;
+using CSharpDB.Pipelines.Models;
+using CSharpDB.Primitives;
+using Microsoft.Extensions.DependencyInjection;
+using ClientTriggerSchema = CSharpDB.Client.Models.TriggerSchema;
+
+namespace CSharpDB.Admin.Services;
+
+public sealed record HostCallbackReference(
+    AutomationCallbackKind Kind,
+    string Name,
+    int? Arity,
+    string Surface,
+    string Location,
+    string OwnerKind,
+    string OwnerId,
+    string OwnerName);
+
+public sealed record HostCallbackCatalogEntry(
+    AutomationCallbackKind Kind,
+    string Name,
+    int? Arity,
+    DbHostCallbackDescriptor? Descriptor,
+    IReadOnlyList<HostCallbackReference> References)
+{
+    public bool IsRegistered => Descriptor is not null;
+    public bool IsReferenced => References.Count > 0;
+    public bool IsMissingRegistration => IsReferenced && !IsRegistered;
+}
+
+public sealed class HostCallbackCatalogService
+{
+    private static readonly string[] SqlFunctionIgnoreList =
+    [
+        "ABS",
+        "AND",
+        "AS",
+        "AVG",
+        "BETWEEN",
+        "CAST",
+        "CBOOL",
+        "CDATE",
+        "CDBL",
+        "CHECK",
+        "CHOOSE",
+        "CINT",
+        "CLNG",
+        "COALESCE",
+        "COUNT",
+        "CSTR",
+        "DATE",
+        "DATEADD",
+        "DATEDIFF",
+        "DATEPART",
+        "DATESERIAL",
+        "DATETIME",
+        "DAY",
+        "DAVG",
+        "DCOUNT",
+        "DEFAULT",
+        "DLOOKUP",
+        "DMAX",
+        "DMIN",
+        "DSUM",
+        "EXISTS",
+        "FILTER",
+        "FIX",
+        "FOREIGN",
+        "FORMAT",
+        "FROM",
+        "GROUP",
+        "HOUR",
+        "IFNULL",
+        "IIF",
+        "IN",
+        "INTO",
+        "INSTR",
+        "INT",
+        "ISEMPTY",
+        "ISNULL",
+        "JULIANDAY",
+        "KEY",
+        "LCASE",
+        "LEFT",
+        "LEN",
+        "LENGTH",
+        "LOWER",
+        "LTRIM",
+        "MAX",
+        "MID",
+        "MIN",
+        "MINUTE",
+        "MONTH",
+        "MONTHNAME",
+        "NOT",
+        "NULLIF",
+        "NOW",
+        "NZ",
+        "ON",
+        "OR",
+        "OVER",
+        "PRIMARY",
+        "PRINTF",
+        "RAISE",
+        "RANDOM",
+        "REFERENCES",
+        "REPLACE",
+        "RIGHT",
+        "ROUND",
+        "RTRIM",
+        "SECOND",
+        "SELECT",
+        "SGN",
+        "STRFTIME",
+        "STRCOMP",
+        "SUBSTR",
+        "SUBSTRING",
+        "SUM",
+        "SWITCH",
+        "TIME",
+        "TIMESERIAL",
+        "TRIM",
+        "TYPEOF",
+        "UCASE",
+        "UNIQUE",
+        "UPPER",
+        "VAL",
+        "VALUES",
+        "WEEKDAY",
+        "WHERE",
+        "YEAR",
+    ];
+
+    private readonly IServiceProvider _services;
+
+    public HostCallbackCatalogService(IServiceProvider services)
+    {
+        _services = services;
+    }
+
+    public IReadOnlyList<DbHostCallbackDescriptor> GetCallbacks()
+    {
+        DbFunctionRegistry functions = _services.GetService<DbFunctionRegistry>() ?? DbFunctionRegistry.Empty;
+        DbCommandRegistry commands = _services.GetService<DbCommandRegistry>() ?? DbCommandRegistry.Empty;
+        DbValidationRuleRegistry validationRules = _services.GetService<DbValidationRuleRegistry>() ?? DbValidationRuleRegistry.Empty;
+
+        return functions.Callbacks
+            .Concat(commands.Callbacks)
+            .Concat(validationRules.Callbacks)
+            .OrderBy(static callback => callback.Kind)
+            .ThenBy(static callback => callback.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static callback => callback.Arity ?? -1)
+            .ToArray();
+    }
+
+    public async Task<IReadOnlyList<HostCallbackCatalogEntry>> GetEntriesAsync()
+    {
+        IReadOnlyList<DbHostCallbackDescriptor> registered = GetCallbacks();
+        IReadOnlyList<HostCallbackReference> references = await GetReferencesAsync();
+
+        var entries = new Dictionary<string, HostCallbackCatalogEntry>(StringComparer.OrdinalIgnoreCase);
+        foreach (DbHostCallbackDescriptor descriptor in registered)
+        {
+            string key = GetEntryKey(descriptor.Kind, descriptor.Name, descriptor.Arity);
+            entries[key] = new HostCallbackCatalogEntry(
+                descriptor.Kind,
+                descriptor.Name,
+                descriptor.Arity,
+                descriptor,
+                []);
+        }
+
+        foreach (HostCallbackReference reference in references)
+        {
+            string key = GetEntryKey(reference.Kind, reference.Name, reference.Arity);
+            if (entries.TryGetValue(key, out HostCallbackCatalogEntry? existing))
+            {
+                entries[key] = existing with
+                {
+                    References = existing.References.Concat([reference]).ToArray()
+                };
+                continue;
+            }
+
+            entries[key] = new HostCallbackCatalogEntry(
+                reference.Kind,
+                reference.Name,
+                reference.Arity,
+                Descriptor: null,
+                References: [reference]);
+        }
+
+        return entries.Values
+            .Select(static entry => entry with
+            {
+                References = entry.References
+                    .OrderBy(static reference => reference.OwnerKind, StringComparer.OrdinalIgnoreCase)
+                    .ThenBy(static reference => reference.OwnerName, StringComparer.OrdinalIgnoreCase)
+                    .ThenBy(static reference => reference.Surface, StringComparer.OrdinalIgnoreCase)
+                    .ThenBy(static reference => reference.Location, StringComparer.OrdinalIgnoreCase)
+                    .ToArray()
+            })
+            .OrderByDescending(static entry => entry.IsMissingRegistration)
+            .ThenBy(static entry => entry.Kind)
+            .ThenBy(static entry => entry.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static entry => entry.Arity ?? -1)
+            .ToArray();
+    }
+
+    private async Task<IReadOnlyList<HostCallbackReference>> GetReferencesAsync()
+    {
+        var references = new List<HostCallbackReference>();
+
+        if (_services.GetService<IFormRepository>() is { } formRepository)
+        {
+            try
+            {
+                IReadOnlyList<FormDefinition> forms = await formRepository.ListAsync();
+                foreach (FormDefinition form in forms)
+                    AddReferences(
+                        references,
+                        form.Automation ?? FormAutomationMetadata.Build(form),
+                        "Form",
+                        form.FormId,
+                        form.Name);
+            }
+            catch
+            {
+                // Keep the host callback catalog usable even if saved form metadata is unavailable.
+            }
+        }
+
+        if (_services.GetService<IReportRepository>() is { } reportRepository)
+        {
+            try
+            {
+                IReadOnlyList<ReportDefinition> reports = await reportRepository.ListAsync();
+                foreach (ReportDefinition report in reports)
+                    AddReferences(
+                        references,
+                        report.Automation ?? ReportAutomationMetadata.Build(report),
+                        "Report",
+                        report.ReportId,
+                        report.Name);
+            }
+            catch
+            {
+                // Keep the host callback catalog usable even if saved report metadata is unavailable.
+            }
+        }
+
+        if (_services.GetService<ICSharpDbClient>() is { } dbClient)
+            await AddDatabaseReferencesAsync(references, dbClient);
+
+        return references
+            .GroupBy(
+                static reference => GetReferenceKey(reference),
+                StringComparer.OrdinalIgnoreCase)
+            .Select(static group => group.First())
+            .ToArray();
+    }
+
+    private static async Task AddDatabaseReferencesAsync(List<HostCallbackReference> references, ICSharpDbClient dbClient)
+    {
+        try
+        {
+            IReadOnlyList<SavedQueryDefinition> savedQueries = await dbClient.GetSavedQueriesAsync();
+            foreach (SavedQueryDefinition query in savedQueries)
+            {
+                AddSqlScalarFunctionReferences(
+                    references,
+                    query.SqlText,
+                    surface: "savedQueries",
+                    locationPrefix: "sqlText",
+                    ownerKind: "SavedQuery",
+                    ownerId: query.Id.ToString(CultureInfo.InvariantCulture),
+                    ownerName: query.Name);
+            }
+        }
+        catch
+        {
+            // Keep the host callback catalog usable even if saved query metadata is unavailable.
+        }
+
+        try
+        {
+            IReadOnlyList<ProcedureDefinition> procedures = await dbClient.GetProceduresAsync(includeDisabled: true);
+            foreach (ProcedureDefinition procedure in procedures)
+            {
+                AddSqlScalarFunctionReferences(
+                    references,
+                    procedure.BodySql,
+                    surface: "procedures",
+                    locationPrefix: "bodySql",
+                    ownerKind: "Procedure",
+                    ownerId: procedure.Name,
+                    ownerName: procedure.Name);
+            }
+        }
+        catch
+        {
+            // Keep the host callback catalog usable even if procedure metadata is unavailable.
+        }
+
+        try
+        {
+            IReadOnlyList<ClientTriggerSchema> triggers = await dbClient.GetTriggersAsync();
+            foreach (ClientTriggerSchema trigger in triggers)
+            {
+                AddSqlScalarFunctionReferences(
+                    references,
+                    trigger.BodySql,
+                    surface: "triggers",
+                    locationPrefix: "bodySql",
+                    ownerKind: "Trigger",
+                    ownerId: trigger.TriggerName,
+                    ownerName: trigger.TriggerName);
+            }
+        }
+        catch
+        {
+            // Keep the host callback catalog usable even if trigger metadata is unavailable.
+        }
+
+        await AddPipelineReferencesAsync(references, dbClient);
+    }
+
+    private static async Task AddPipelineReferencesAsync(List<HostCallbackReference> references, ICSharpDbClient dbClient)
+    {
+        try
+        {
+            IReadOnlyList<string> tableNames = await dbClient.GetTableNamesAsync();
+            if (!tableNames.Contains("_etl_pipelines", StringComparer.OrdinalIgnoreCase)
+                || !tableNames.Contains("_etl_pipeline_versions", StringComparer.OrdinalIgnoreCase))
+            {
+                return;
+            }
+
+            var pipelines = new CSharpDbPipelineCatalogClient(dbClient);
+            IReadOnlyList<PipelineDefinitionSummary> summaries = await pipelines.ListPipelinesAsync(limit: 500);
+            foreach (PipelineDefinitionSummary summary in summaries)
+            {
+                PipelinePackageDefinition? package = await pipelines.GetPipelineAsync(summary.Name);
+                if (package is null)
+                    continue;
+
+                DbAutomationMetadata automation = package.Automation ?? PipelineAutomationMetadata.Build(package);
+                AddReferences(
+                    references,
+                    automation,
+                    ownerKind: "Pipeline",
+                    ownerId: summary.Name,
+                    ownerName: summary.Name);
+            }
+        }
+        catch
+        {
+            // Keep the host callback catalog usable even if pipeline metadata is unavailable.
+        }
+    }
+
+    private static void AddSqlScalarFunctionReferences(
+        List<HostCallbackReference> references,
+        string? sql,
+        string surface,
+        string locationPrefix,
+        string ownerKind,
+        string ownerId,
+        string ownerName)
+    {
+        string? inspectedSql = MaskSqlTableColumnListTargets(sql);
+        int index = 0;
+        foreach (DbAutomationScalarFunctionCall call in DbAutomationExpressionInspector.FindScalarFunctionCalls(inspectedSql, SqlFunctionIgnoreList))
+        {
+            references.Add(new HostCallbackReference(
+                AutomationCallbackKind.ScalarFunction,
+                call.Name,
+                call.Arity,
+                surface,
+                $"{locationPrefix}.functions[{index}]",
+                ownerKind,
+                ownerId,
+                ownerName));
+            index++;
+        }
+    }
+
+    private static string? MaskSqlTableColumnListTargets(string? sql)
+    {
+        if (string.IsNullOrWhiteSpace(sql))
+            return sql;
+
+        ReadOnlySpan<char> input = sql.AsSpan();
+        char[] output = sql.ToCharArray();
+        for (int i = 0; i < input.Length; i++)
+        {
+            char current = input[i];
+            if (current is '\'' or '"')
+            {
+                i = SkipQuoted(input, i, current);
+                continue;
+            }
+
+            if (current == '[')
+            {
+                i = SkipBracketed(input, i);
+                continue;
+            }
+
+            if (!IsIdentifierStart(current))
+                continue;
+
+            int start = i;
+            i++;
+            while (i < input.Length && IsIdentifierPart(input[i]))
+                i++;
+
+            int end = i;
+            int cursor = SkipWhitespaceForward(input, end);
+            if (cursor < input.Length
+                && input[cursor] == '('
+                && IsSqlTableColumnListTarget(input, start))
+            {
+                for (int j = start; j < end; j++)
+                    output[j] = ' ';
+            }
+
+            i = end - 1;
+        }
+
+        return new string(output);
+    }
+
+    private static bool IsSqlTableColumnListTarget(ReadOnlySpan<char> input, int identifierStart)
+    {
+        int qualifiedStart = GetQualifiedIdentifierStart(input, identifierStart);
+        string? previous = GetPreviousIdentifier(input, qualifiedStart);
+        if (previous is null)
+            return false;
+
+        if (previous.Equals("INTO", StringComparison.OrdinalIgnoreCase)
+            || previous.Equals("TABLE", StringComparison.OrdinalIgnoreCase)
+            || previous.Equals("REFERENCES", StringComparison.OrdinalIgnoreCase)
+            || previous.Equals("WITH", StringComparison.OrdinalIgnoreCase))
+        {
+            return true;
+        }
+
+        if (previous.Equals("EXISTS", StringComparison.OrdinalIgnoreCase))
+            return HasEarlierStatementKeyword(input, qualifiedStart, "CREATE", "TABLE");
+
+        if (previous.Equals("ON", StringComparison.OrdinalIgnoreCase))
+            return HasEarlierStatementKeyword(input, qualifiedStart, "CREATE", "INDEX");
+
+        return false;
+    }
+
+    private static int GetQualifiedIdentifierStart(ReadOnlySpan<char> input, int identifierStart)
+    {
+        int result = identifierStart;
+        while (true)
+        {
+            int dot = SkipWhitespaceBackward(input, result - 1);
+            if (dot < 0 || input[dot] != '.')
+                return result;
+
+            int previousEnd = SkipWhitespaceBackward(input, dot - 1);
+            if (previousEnd < 0 || !IsIdentifierPart(input[previousEnd]))
+                return result;
+
+            int previousStart = previousEnd;
+            while (previousStart > 0 && IsIdentifierPart(input[previousStart - 1]))
+                previousStart--;
+
+            result = previousStart;
+        }
+    }
+
+    private static bool HasEarlierStatementKeyword(ReadOnlySpan<char> input, int beforeIndex, params string[] required)
+    {
+        var found = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+        int cursor = beforeIndex - 1;
+        while (cursor >= 0)
+        {
+            char current = input[cursor];
+            if (current == ';')
+                break;
+
+            if (!IsIdentifierPart(current))
+            {
+                cursor--;
+                continue;
+            }
+
+            int end = cursor + 1;
+            while (cursor >= 0 && IsIdentifierPart(input[cursor]))
+                cursor--;
+
+            string keyword = input[(cursor + 1)..end].ToString();
+            foreach (string value in required)
+            {
+                if (keyword.Equals(value, StringComparison.OrdinalIgnoreCase))
+                    found.Add(value);
+            }
+
+            if (found.Count == required.Length)
+                return true;
+        }
+
+        return false;
+    }
+
+    private static string? GetPreviousIdentifier(ReadOnlySpan<char> input, int beforeIndex)
+    {
+        int end = SkipWhitespaceBackward(input, beforeIndex - 1);
+        if (end < 0)
+            return null;
+
+        if (input[end] == ']')
+        {
+            int start = end - 1;
+            while (start >= 0 && input[start] != '[')
+                start--;
+
+            return start >= 0
+                ? input[(start + 1)..end].ToString()
+                : null;
+        }
+
+        if (!IsIdentifierPart(input[end]))
+            return null;
+
+        int identifierStart = end;
+        while (identifierStart > 0 && IsIdentifierPart(input[identifierStart - 1]))
+            identifierStart--;
+
+        return input[identifierStart..(end + 1)].ToString();
+    }
+
+    private static int SkipWhitespaceForward(ReadOnlySpan<char> input, int start)
+    {
+        int cursor = start;
+        while (cursor < input.Length && char.IsWhiteSpace(input[cursor]))
+            cursor++;
+
+        return cursor;
+    }
+
+    private static int SkipWhitespaceBackward(ReadOnlySpan<char> input, int start)
+    {
+        int cursor = start;
+        while (cursor >= 0 && char.IsWhiteSpace(input[cursor]))
+            cursor--;
+
+        return cursor;
+    }
+
+    private static int SkipQuoted(ReadOnlySpan<char> input, int start, char quote)
+    {
+        for (int i = start + 1; i < input.Length; i++)
+        {
+            if (input[i] == quote)
+                return i;
+        }
+
+        return input.Length - 1;
+    }
+
+    private static int SkipBracketed(ReadOnlySpan<char> input, int start)
+    {
+        for (int i = start + 1; i < input.Length; i++)
+        {
+            if (input[i] == ']')
+                return i;
+        }
+
+        return input.Length - 1;
+    }
+
+    private static bool IsIdentifierStart(char value)
+        => char.IsLetter(value) || value == '_';
+
+    private static bool IsIdentifierPart(char value)
+        => char.IsLetterOrDigit(value) || value == '_';
+
+    private static void AddReferences(
+        List<HostCallbackReference> references,
+        DbAutomationMetadata? metadata,
+        string ownerKind,
+        string ownerId,
+        string ownerName)
+    {
+        if (metadata is null)
+            return;
+
+        foreach (DbAutomationCommandReference command in metadata.Commands ?? [])
+        {
+            references.Add(new HostCallbackReference(
+                AutomationCallbackKind.Command,
+                command.Name,
+                Arity: null,
+                command.Surface,
+                command.Location,
+                ownerKind,
+                ownerId,
+                ownerName));
+        }
+
+        foreach (DbAutomationScalarFunctionReference function in metadata.ScalarFunctions ?? [])
+        {
+            references.Add(new HostCallbackReference(
+                AutomationCallbackKind.ScalarFunction,
+                function.Name,
+                function.Arity,
+                function.Surface,
+                function.Location,
+                ownerKind,
+                ownerId,
+                ownerName));
+        }
+
+        foreach (DbAutomationValidationRuleReference validationRule in metadata.ValidationRules ?? [])
+        {
+            references.Add(new HostCallbackReference(
+                AutomationCallbackKind.ValidationRule,
+                validationRule.Name,
+                Arity: null,
+                validationRule.Surface,
+                validationRule.Location,
+                ownerKind,
+                ownerId,
+                ownerName));
+        }
+    }
+
+    private static string GetEntryKey(AutomationCallbackKind kind, string name, int? arity)
+        => $"{kind}\u001f{name.Trim()}\u001f{arity?.ToString(System.Globalization.CultureInfo.InvariantCulture) ?? "-"}";
+
+    private static string GetReferenceKey(HostCallbackReference reference)
+        => $"{GetEntryKey(reference.Kind, reference.Name, reference.Arity)}\u001f{reference.Surface}\u001f{reference.Location}\u001f{reference.OwnerKind}\u001f{reference.OwnerId}";
+}
diff --git a/src/CSharpDB.Admin/Services/HostCallbackDiagnosticsHistoryService.cs b/src/CSharpDB.Admin/Services/HostCallbackDiagnosticsHistoryService.cs
new file mode 100644
index 00000000..620d052a
--- /dev/null
+++ b/src/CSharpDB.Admin/Services/HostCallbackDiagnosticsHistoryService.cs
@@ -0,0 +1,63 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Services;
+
+public sealed class HostCallbackDiagnosticsHistoryService : IObserver<KeyValuePair<string, object?>>, IDisposable
+{
+    private const int MaxEntries = 200;
+    private readonly object _gate = new();
+    private readonly IDisposable _subscription;
+    private readonly List<DbCallbackInvocationDiagnostic> _entries = [];
+
+    public HostCallbackDiagnosticsHistoryService()
+    {
+        _subscription = DbCallbackDiagnostics.Listener.Subscribe(this);
+    }
+
+    public event Action? Changed;
+
+    public IReadOnlyList<DbCallbackInvocationDiagnostic> Snapshot()
+    {
+        lock (_gate)
+            return _entries.ToArray();
+    }
+
+    public void Clear()
+    {
+        lock (_gate)
+            _entries.Clear();
+
+        Changed?.Invoke();
+    }
+
+    public void OnCompleted()
+    {
+    }
+
+    public void OnError(Exception error)
+    {
+    }
+
+    public void OnNext(KeyValuePair<string, object?> value)
+    {
+        if (value.Key != DbCallbackDiagnostics.InvocationEventName ||
+            value.Value is not DbCallbackInvocationDiagnostic diagnostic)
+        {
+            return;
+        }
+
+        lock (_gate)
+        {
+            _entries.Insert(0, diagnostic);
+            if (_entries.Count > MaxEntries)
+                _entries.RemoveRange(MaxEntries, _entries.Count - MaxEntries);
+        }
+
+        Changed?.Invoke();
+    }
+
+    public void Dispose()
+    {
+        _subscription.Dispose();
+    }
+}
diff --git a/src/CSharpDB.Admin/Services/HostCallbackPolicyService.cs b/src/CSharpDB.Admin/Services/HostCallbackPolicyService.cs
new file mode 100644
index 00000000..e8863b3a
--- /dev/null
+++ b/src/CSharpDB.Admin/Services/HostCallbackPolicyService.cs
@@ -0,0 +1,25 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Services;
+
+public sealed class HostCallbackPolicyService
+{
+    private readonly DbExtensionPolicy _policy;
+
+    public HostCallbackPolicyService(DbExtensionPolicy policy)
+    {
+        _policy = policy;
+    }
+
+    public DbExtensionPolicy Policy => _policy;
+
+    public DbExtensionPolicyDecision Evaluate(DbHostCallbackDescriptor callback)
+    {
+        ArgumentNullException.ThrowIfNull(callback);
+
+        return DbExtensionPolicyEvaluator.Evaluate(
+            callback,
+            _policy,
+            DbExtensionHostMode.Embedded);
+    }
+}
diff --git a/src/CSharpDB.Admin/Services/HostCallbackReadinessService.cs b/src/CSharpDB.Admin/Services/HostCallbackReadinessService.cs
new file mode 100644
index 00000000..799f1810
--- /dev/null
+++ b/src/CSharpDB.Admin/Services/HostCallbackReadinessService.cs
@@ -0,0 +1,163 @@
+using System.Globalization;
+using System.Text;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Services;
+
+public sealed record HostCallbackReadinessReport(
+    int RegisteredCount,
+    int ReferencedCount,
+    IReadOnlyList<HostCallbackCatalogEntry> MissingEntries)
+{
+    public int MissingCount => MissingEntries.Count;
+    public bool Ready => MissingCount == 0;
+}
+
+public sealed class HostCallbackReadinessService
+{
+    private static readonly AutomationStubGenerationOptions s_missingStubOptions = new(
+        Namespace: "CSharpDbAutomation",
+        ClassName: "MissingHostCallbackRegistration");
+
+    private readonly HostCallbackCatalogService _catalog;
+
+    public HostCallbackReadinessService(HostCallbackCatalogService catalog)
+    {
+        _catalog = catalog;
+    }
+
+    public async Task<HostCallbackReadinessReport> GetReadinessAsync()
+    {
+        IReadOnlyList<HostCallbackCatalogEntry> entries = await _catalog.GetEntriesAsync();
+        HostCallbackCatalogEntry[] missingEntries = entries
+            .Where(static entry => entry.IsMissingRegistration)
+            .ToArray();
+
+        return new HostCallbackReadinessReport(
+            RegisteredCount: entries.Count(static entry => entry.IsRegistered),
+            ReferencedCount: entries.Count(static entry => entry.IsReferenced),
+            MissingEntries: missingEntries);
+    }
+
+    public async Task<string> GenerateMissingStubSourceAsync()
+    {
+        HostCallbackReadinessReport report = await GetReadinessAsync();
+        return GenerateStubSource(report.MissingEntries, s_missingStubOptions);
+    }
+
+    public string GenerateStubSource(HostCallbackCatalogEntry entry)
+    {
+        ArgumentNullException.ThrowIfNull(entry);
+
+        return GenerateStubSource(
+            [entry],
+            new AutomationStubGenerationOptions(
+                Namespace: "CSharpDbAutomation",
+                ClassName: CreateStubClassName(entry),
+                MethodName: "Register"));
+    }
+
+    public string GenerateStubSource(IReadOnlyList<HostCallbackCatalogEntry> entries)
+    {
+        ArgumentNullException.ThrowIfNull(entries);
+
+        return GenerateStubSource(entries, s_missingStubOptions);
+    }
+
+    private static string GenerateStubSource(
+        IReadOnlyList<HostCallbackCatalogEntry> entries,
+        AutomationStubGenerationOptions options)
+    {
+        DbAutomationMetadata metadata = BuildMetadata(entries);
+        return AutomationStubGenerator.GenerateCSharp(metadata, options);
+    }
+
+    private static DbAutomationMetadata BuildMetadata(IReadOnlyList<HostCallbackCatalogEntry> entries)
+    {
+        var commands = new List<DbAutomationCommandReference>();
+        var scalarFunctions = new List<DbAutomationScalarFunctionReference>();
+        var validationRules = new List<DbAutomationValidationRuleReference>();
+
+        foreach (HostCallbackCatalogEntry entry in entries)
+        {
+            foreach (HostCallbackReference reference in entry.References)
+            {
+                string location = FormatReferenceLocation(reference);
+                if (entry.Kind == AutomationCallbackKind.Command)
+                {
+                    commands.Add(new DbAutomationCommandReference(
+                        entry.Name,
+                        reference.Surface,
+                        location));
+                }
+                else if (entry.Kind == AutomationCallbackKind.ScalarFunction && entry.Arity.HasValue)
+                {
+                    scalarFunctions.Add(new DbAutomationScalarFunctionReference(
+                        entry.Name,
+                        entry.Arity.Value,
+                        reference.Surface,
+                        location));
+                }
+                else if (entry.Kind == AutomationCallbackKind.ValidationRule)
+                {
+                    validationRules.Add(new DbAutomationValidationRuleReference(
+                        entry.Name,
+                        reference.Surface,
+                        location));
+                }
+            }
+        }
+
+        return new DbAutomationMetadata(
+            DbAutomationMetadata.CurrentMetadataVersion,
+            commands,
+            scalarFunctions,
+            validationRules);
+    }
+
+    private static string FormatReferenceLocation(HostCallbackReference reference)
+    {
+        string owner = string.IsNullOrWhiteSpace(reference.OwnerName)
+            ? reference.OwnerId
+            : reference.OwnerName;
+
+        return $"{reference.OwnerKind} {owner} ({reference.OwnerId}): {reference.Location}";
+    }
+
+    private static string CreateStubClassName(HostCallbackCatalogEntry entry)
+    {
+        StringBuilder builder = new("Register");
+        foreach (string part in entry.Name.Split(['_', '-', '.', ' '], StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries))
+        {
+            builder.Append(char.ToUpperInvariant(part[0]));
+            if (part.Length > 1)
+                builder.Append(part[1..]);
+        }
+
+        if (builder.Length == "Register".Length)
+            builder.Append(entry.Kind.ToString());
+
+        if (entry.Arity.HasValue)
+            builder.Append("Arity").Append(entry.Arity.Value.ToString(CultureInfo.InvariantCulture));
+
+        builder.Append("Callback");
+        return SanitizeIdentifier(builder.ToString());
+    }
+
+    private static string SanitizeIdentifier(string candidate)
+    {
+        var builder = new StringBuilder(candidate.Length);
+        for (int i = 0; i < candidate.Length; i++)
+        {
+            char ch = candidate[i];
+            bool valid = i == 0
+                ? char.IsLetter(ch) || ch == '_'
+                : char.IsLetterOrDigit(ch) || ch == '_';
+            builder.Append(valid ? ch : '_');
+        }
+
+        return builder.Length == 0 || char.IsDigit(builder[0])
+            ? "_" + builder
+            : builder.ToString();
+    }
+}
diff --git a/src/CSharpDB.Admin/Services/TabManagerService.cs b/src/CSharpDB.Admin/Services/TabManagerService.cs
index e9671f29..179fac0f 100644
--- a/src/CSharpDB.Admin/Services/TabManagerService.cs
+++ b/src/CSharpDB.Admin/Services/TabManagerService.cs
@@ -90,6 +90,33 @@ public TabDescriptor OpenViewTab(string viewName)
         return _tabs.First(t => t.Id == tab.Id);
     }
 
+    public TabDescriptor OpenCollectionTab(string collectionName)
+    {
+        var tab = new TabDescriptor($"collection:{collectionName}", collectionName, "bi-braces", TabKind.CollectionData)
+        {
+            ObjectName = collectionName
+        };
+        OpenTab(tab);
+        return _tabs.First(t => t.Id == tab.Id);
+    }
+
+    public TabDescriptor OpenCallbacksTab(string? selectedCallbackName = null, string? selectedCallbackKind = null, int? selectedCallbackArity = null)
+    {
+        const string tabId = "callbacks:host";
+        TabDescriptor? existing = _tabs.FirstOrDefault(t => t.Id == tabId);
+        if (existing is not null)
+        {
+            ApplyCallbackSelection(existing, selectedCallbackName, selectedCallbackKind, selectedCallbackArity);
+            ActivateTab(existing.Id);
+            return existing;
+        }
+
+        var tab = new TabDescriptor(tabId, "Callbacks", "bi-plug", TabKind.HostCallbacks);
+        ApplyCallbackSelection(tab, selectedCallbackName, selectedCallbackKind, selectedCallbackArity);
+        OpenTab(tab);
+        return _tabs.First(t => t.Id == tab.Id);
+    }
+
     public TabDescriptor OpenQueryTab(string? initialSql = null)
     {
         int num = Interlocked.Increment(ref _queryCounter);
@@ -180,17 +207,60 @@ public TabDescriptor OpenFormDesignerTab(string? formId = null, string? initialT
         return _tabs.First(t => t.Id == tab.Id);
     }
 
-    public TabDescriptor OpenFormEntryTab(string formId, string? title = null)
+    public TabDescriptor OpenFormEntryTab(
+        string formId,
+        string? title = null,
+        object? initialRecordId = null,
+        string? initialMode = null,
+        string? initialFilterExpression = null,
+        IReadOnlyDictionary<string, object?>? initialFilterParameters = null)
     {
-        var tab = new TabDescriptor($"form-entry:{formId}", title ?? "Form Entry", "bi-file-earmark-text", TabKind.FormEntry)
+        string tabId = $"form-entry:{formId}";
+        TabDescriptor? existing = _tabs.FirstOrDefault(t => t.Id == tabId);
+        if (existing is not null)
+        {
+            ApplyFormEntryInitialState(existing, initialRecordId, initialMode, initialFilterExpression, initialFilterParameters);
+            ActivateTab(existing.Id);
+            return existing;
+        }
+
+        var tab = new TabDescriptor(tabId, title ?? "Form Entry", "bi-file-earmark-text", TabKind.FormEntry)
         {
             FormId = formId,
         };
+        ApplyFormEntryInitialState(tab, initialRecordId, initialMode, initialFilterExpression, initialFilterParameters);
 
         OpenTab(tab);
         return _tabs.First(t => t.Id == tab.Id);
     }
 
+    private static void ApplyFormEntryInitialState(
+        TabDescriptor tab,
+        object? initialRecordId,
+        string? initialMode,
+        string? initialFilterExpression,
+        IReadOnlyDictionary<string, object?>? initialFilterParameters)
+    {
+        tab.InitialRecordId = initialRecordId;
+        tab.InitialFormEntryMode = string.IsNullOrWhiteSpace(initialMode) ? null : initialMode.Trim();
+        tab.InitialFilterExpression = string.IsNullOrWhiteSpace(initialFilterExpression) ? null : initialFilterExpression.Trim();
+        tab.InitialFilterParameters = initialFilterParameters;
+    }
+
+    private static void ApplyCallbackSelection(
+        TabDescriptor tab,
+        string? selectedCallbackName,
+        string? selectedCallbackKind,
+        int? selectedCallbackArity)
+    {
+        if (string.IsNullOrWhiteSpace(selectedCallbackName))
+            return;
+
+        tab.State["SelectedCallbackName"] = selectedCallbackName.Trim();
+        tab.State["SelectedCallbackKind"] = string.IsNullOrWhiteSpace(selectedCallbackKind) ? null : selectedCallbackKind.Trim();
+        tab.State["SelectedCallbackArity"] = selectedCallbackArity;
+    }
+
     /// <summary>Open a table tab and switch it to Schema view.</summary>
     public TabDescriptor OpenTableSchemaTab(string tableName)
     {
diff --git a/src/CSharpDB.Admin/appsettings.json b/src/CSharpDB.Admin/appsettings.json
index d76efd9d..a50885f7 100644
--- a/src/CSharpDB.Admin/appsettings.json
+++ b/src/CSharpDB.Admin/appsettings.json
@@ -10,7 +10,7 @@
     }
   },
   "ConnectionStrings": {
-    "CSharpDB": "Data Source=fulfillment-hub-demo"
+    "CSharpDB": "Data Source=fulfillment-hub-demo.db"
   },
   "Logging": {
     "LogLevel": {
diff --git a/src/CSharpDB.Admin/wwwroot/css/app.css b/src/CSharpDB.Admin/wwwroot/css/app.css
index 558035a6..5075c46e 100644
--- a/src/CSharpDB.Admin/wwwroot/css/app.css
+++ b/src/CSharpDB.Admin/wwwroot/css/app.css
@@ -811,6 +811,23 @@ body {
 
 .data-grid th.sortable { cursor: pointer; }
 .data-grid th.sortable:hover { color: var(--text-primary); background: var(--bg-hover); }
+.data-grid th.sorted {
+    color: var(--text-primary);
+    box-shadow: inset 0 2px 0 var(--accent-blue);
+}
+
+.data-grid .col-icon {
+    width: 13px;
+    margin-right: 6px;
+    color: var(--text-muted);
+    font-size: 10px;
+}
+
+.data-grid .col-icon.key,
+.data-grid .col-icon.date { color: var(--accent-yellow); }
+.data-grid .col-icon.text { color: var(--accent-cyan); }
+.data-grid .col-icon.int { color: var(--accent-orange); }
+.data-grid .col-icon.blob { color: var(--accent-magenta); }
 
 .col-name { margin-right: 6px; }
 
@@ -884,6 +901,26 @@ body {
 }
 
 .pk-val { color: var(--accent-yellow); font-weight: 600; }
+.data-id-cell { color: var(--accent-blue); }
+.data-number-cell { text-align: right; color: var(--accent-orange); }
+.data-date-cell { color: var(--accent-yellow); }
+.data-null-cell { color: var(--text-muted); }
+
+.pill-status {
+    display: inline-flex;
+    align-items: center;
+    min-height: 18px;
+    padding: 1px 8px;
+    border-radius: 999px;
+    font-family: var(--font-ui);
+    font-size: 10.5px;
+    line-height: 1;
+}
+
+.pill-status.active { background: rgba(158, 206, 106, 0.12); color: var(--accent-green); }
+.pill-status.pending { background: rgba(224, 175, 104, 0.12); color: var(--accent-yellow); }
+.pill-status.inactive { background: rgba(120, 130, 169, 0.12); color: var(--text-muted); }
+.pill-status.neutral { background: var(--bg-tertiary); color: var(--text-secondary); }
 
 /* Row states */
 .new-row { background: rgba(158,206,106,0.08) !important; border-left: 3px solid var(--accent-green); }
@@ -1836,6 +1873,14 @@ body {
     letter-spacing: 0.3px;
 }
 
+.schema-field > span {
+    font-size: 11px;
+    font-weight: 600;
+    color: var(--text-muted);
+    text-transform: uppercase;
+    letter-spacing: 0.3px;
+}
+
 /* Input / select / textarea */
 .schema-input {
     width: 100%;
@@ -3255,3 +3300,2403 @@ body {
     letter-spacing: 0.3px;
     margin-bottom: 8px;
 }
+
+/* ═══════════════════════════════════════════════════
+   ADMIN UI MOCKUP INTEGRATION
+   ═══════════════════════════════════════════════════ */
+
+.db-switcher,
+.palette-launcher {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    height: 28px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-md);
+    background: var(--bg-tertiary);
+    color: var(--text-secondary);
+    font-size: 12px;
+    font-family: var(--font-ui);
+    cursor: pointer;
+    white-space: nowrap;
+}
+
+.db-switcher {
+    padding: 0 10px;
+    color: var(--text-primary);
+}
+
+.db-switcher .bi-caret-down-fill {
+    color: var(--text-muted);
+    font-size: 9px;
+}
+
+.palette-launcher {
+    min-width: 240px;
+    max-width: 340px;
+    padding: 0 8px 0 10px;
+}
+
+.palette-launcher span:not(.kbd) {
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+.palette-launcher .kbd {
+    margin-left: auto;
+    flex-shrink: 0;
+}
+
+.tree-empty,
+.tree-child-empty {
+    color: var(--sidebar-text-muted);
+    font-size: 11px;
+}
+
+.tree-empty {
+    padding: 8px 14px 8px 34px;
+}
+
+.tree-child-empty {
+    padding: 5px 12px 6px 26px;
+}
+
+.db-switcher:hover,
+.palette-launcher:hover {
+    border-color: var(--border-light);
+    color: var(--text-primary);
+    background: var(--bg-hover);
+}
+
+.titlebar-toolbar {
+    overflow: hidden;
+}
+
+.icon-form { color: var(--accent-teal); }
+.icon-report { color: var(--accent-yellow); }
+.icon-pin { color: var(--accent-yellow); }
+.icon-recent { color: var(--accent-cyan); }
+
+.command-palette-backdrop {
+    position: fixed;
+    inset: 0;
+    z-index: 2000;
+    display: flex;
+    justify-content: center;
+    align-items: flex-start;
+    padding-top: 12vh;
+    background: rgba(0, 0, 0, 0.46);
+}
+
+.command-palette {
+    width: min(720px, calc(100vw - 32px));
+    max-height: min(620px, calc(100vh - 96px));
+    display: flex;
+    flex-direction: column;
+    overflow: hidden;
+    background: var(--bg-elevated);
+    border: 1px solid var(--border-light);
+    border-radius: var(--radius-lg);
+    box-shadow: var(--shadow-popup);
+}
+
+.command-palette-search {
+    display: flex;
+    align-items: center;
+    gap: 10px;
+    padding: 12px 14px;
+    border-bottom: 1px solid var(--border-color);
+    background: var(--bg-secondary);
+}
+
+.command-palette-search i {
+    color: var(--text-muted);
+    font-size: 16px;
+}
+
+.command-palette-search input {
+    flex: 1;
+    min-width: 0;
+    border: none;
+    outline: none;
+    background: transparent;
+    color: var(--text-primary);
+    font-family: var(--font-ui);
+    font-size: 15px;
+}
+
+.command-palette-body {
+    padding: 6px;
+    overflow-y: auto;
+}
+
+.command-palette-item {
+    width: 100%;
+    display: grid;
+    grid-template-columns: 32px minmax(0, 1fr) auto;
+    align-items: center;
+    gap: 10px;
+    padding: 8px 10px;
+    border: 0;
+    border-radius: var(--radius-md);
+    background: transparent;
+    color: var(--text-primary);
+    text-align: left;
+    font-family: var(--font-ui);
+    cursor: pointer;
+}
+
+.command-palette-item:hover {
+    background: var(--bg-hover);
+}
+
+.command-palette-icon {
+    width: 28px;
+    height: 28px;
+    display: grid;
+    place-items: center;
+    border-radius: var(--radius-md);
+    background: var(--bg-tertiary);
+}
+
+.command-palette-copy {
+    min-width: 0;
+    display: flex;
+    flex-direction: column;
+}
+
+.command-palette-copy strong,
+.command-palette-copy small {
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.command-palette-copy strong {
+    font-size: 13px;
+    font-weight: 600;
+}
+
+.command-palette-copy small,
+.command-palette-kind,
+.command-palette-empty {
+    color: var(--text-muted);
+    font-size: 11px;
+}
+
+.command-palette-kind {
+    padding: 2px 8px;
+    border-radius: 999px;
+    background: var(--bg-tertiary);
+}
+
+.command-palette-empty {
+    padding: 28px 16px;
+    text-align: center;
+}
+
+.sidebar-header-actions {
+    display: flex;
+    align-items: center;
+    gap: 4px;
+}
+
+.sidebar-clear-btn {
+    width: 22px;
+    height: 22px;
+    display: grid;
+    place-items: center;
+    border: 0;
+    border-radius: var(--radius-sm);
+    background: transparent;
+    color: var(--sidebar-text-muted);
+    cursor: pointer;
+}
+
+.sidebar-clear-btn:hover {
+    color: var(--sidebar-text);
+    background: var(--sidebar-item-hover-bg);
+}
+
+.sidebar-filter-chips {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 6px;
+    padding: 8px 12px;
+    border-bottom: 1px solid var(--sidebar-border);
+}
+
+.sidebar-filter-chips button {
+    min-width: 0;
+    width: 100%;
+    height: 24px;
+    padding: 0 8px;
+    border: 1px solid var(--sidebar-btn-border);
+    border-radius: 999px;
+    background: transparent;
+    color: var(--sidebar-text-muted);
+    font-size: 11px;
+    font-family: var(--font-ui);
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    cursor: pointer;
+}
+
+.sidebar-filter-chips button:hover,
+.sidebar-filter-chips button.active {
+    color: var(--sidebar-text);
+    background: var(--sidebar-active-bg);
+    border-color: var(--sidebar-btn-hover-border);
+}
+
+.tree-group.utility-group {
+    margin: 4px 0 8px;
+}
+
+.tree-group-header.compact {
+    padding-top: 5px;
+    padding-bottom: 5px;
+    font-size: 11px;
+}
+
+.tree-item.command-item {
+    width: 100%;
+    border-top: 0;
+    border-right: 0;
+    border-bottom: 0;
+    background: transparent;
+    font-family: var(--font-ui);
+    text-align: left;
+}
+
+.tree-item.table-tree-item {
+    display: grid;
+    grid-template-columns: 16px 16px minmax(0, 1fr);
+    gap: 8px;
+    padding-left: 14px;
+}
+
+.tree-disclosure {
+    width: 16px;
+    height: 18px;
+    display: grid;
+    place-items: center;
+    border: 0;
+    border-radius: var(--radius-sm);
+    background: transparent;
+    color: var(--sidebar-text-muted);
+    cursor: pointer;
+    padding: 0;
+}
+
+.tree-disclosure:hover {
+    color: var(--sidebar-text);
+    background: var(--sidebar-item-hover-bg);
+}
+
+.tree-disclosure i {
+    font-size: 9px;
+}
+
+.tree-child-group {
+    margin-left: 22px;
+    padding: 2px 0 5px;
+    border-left: 2px solid var(--sidebar-border);
+    background: rgba(255, 255, 255, 0.015);
+}
+
+.tree-child-head {
+    padding: 5px 12px 2px 26px;
+    color: var(--sidebar-text-muted);
+    font-size: 10px;
+    font-weight: 600;
+    text-transform: uppercase;
+    letter-spacing: 0.7px;
+}
+
+.tree-child-item,
+.tree-child-more {
+    width: 100%;
+    min-height: 24px;
+    border: 0;
+    border-left: 2px solid transparent;
+    background: transparent;
+    color: var(--sidebar-text-secondary);
+    cursor: pointer;
+    font-family: var(--font-ui);
+    text-align: left;
+}
+
+.tree-child-item {
+    display: grid;
+    grid-template-columns: 16px minmax(0, 1fr) 48px;
+    align-items: center;
+    gap: 7px;
+    padding: 3px 12px 3px 26px;
+    font-size: 11.5px;
+}
+
+.tree-child-item:hover,
+.tree-child-more:hover {
+    color: var(--sidebar-text);
+    background: var(--sidebar-item-hover-bg);
+}
+
+.tree-child-item.active {
+    color: var(--sidebar-text);
+    background: var(--sidebar-active-bg);
+    border-left-color: var(--accent-blue);
+}
+
+.callback-tree-section {
+    margin-top: 2px;
+    margin-bottom: 4px;
+}
+
+.callback-tree-item {
+    grid-template-columns: 16px minmax(0, 1fr) minmax(54px, auto);
+}
+
+.tree-child-label {
+    min-width: 0;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.tree-child-type {
+    overflow: hidden;
+    text-align: right;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    color: var(--accent-cyan);
+    font-family: var(--font-mono);
+    font-size: 10px;
+    opacity: 0.9;
+}
+
+.tree-child-more,
+.tree-child-state {
+    display: block;
+    padding: 4px 12px 4px 42px;
+    color: var(--sidebar-text-muted);
+    font-size: 11px;
+}
+
+.tree-child-more {
+    color: var(--accent-blue);
+}
+
+.icon-column-key { color: var(--accent-yellow); }
+.icon-column-number { color: var(--accent-green); }
+.icon-column-text { color: var(--accent-cyan); }
+.icon-column-blob,
+.icon-column-generic { color: var(--accent-magenta); }
+
+.item-pin {
+    margin-left: auto;
+    color: var(--accent-yellow);
+    font-size: 10px;
+    opacity: 0.75;
+}
+
+.dashboard-tab {
+    height: 100%;
+    overflow: auto;
+    padding: 22px;
+}
+
+.dashboard-header,
+.object-header {
+    display: flex;
+    justify-content: space-between;
+    gap: 18px;
+    align-items: flex-start;
+    margin-bottom: 16px;
+}
+
+.dashboard-header h1,
+.object-title h2 {
+    margin: 2px 0 0;
+    color: var(--text-primary);
+    font-size: 22px;
+    font-weight: 700;
+    letter-spacing: 0;
+}
+
+.object-title h2 {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    font-size: 18px;
+}
+
+.dashboard-crumb,
+.object-crumb {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    color: var(--text-muted);
+    font-size: 12px;
+    min-width: 0;
+}
+
+.dashboard-crumb {
+    display: block;
+    max-width: 720px;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.dashboard-actions,
+.object-facts {
+    display: flex;
+    flex-wrap: wrap;
+    align-items: center;
+    gap: 8px;
+}
+
+.object-facts span {
+    display: inline-flex;
+    flex-direction: column;
+    gap: 1px;
+    min-width: 88px;
+    padding: 7px 10px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-md);
+    background: var(--bg-secondary);
+    color: var(--text-muted);
+    font-size: 10px;
+    text-transform: uppercase;
+    letter-spacing: 0.3px;
+}
+
+.object-facts strong {
+    color: var(--text-primary);
+    font-size: 13px;
+    text-transform: none;
+    letter-spacing: 0;
+}
+
+.dashboard-stats {
+    display: grid;
+    grid-template-columns: repeat(5, minmax(120px, 1fr));
+    gap: 10px;
+    margin-bottom: 14px;
+}
+
+.dashboard-stat,
+.dashboard-panel,
+.schema-summary-card,
+.heavy-summary-strip > div {
+    background: var(--bg-elevated);
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-md);
+}
+
+.dashboard-stat {
+    min-height: 92px;
+    position: relative;
+    display: flex;
+    flex-direction: column;
+    gap: 4px;
+    padding: 12px;
+    color: var(--text-secondary);
+    text-align: left;
+    font-family: var(--font-ui);
+    cursor: pointer;
+}
+
+.dashboard-stat:hover,
+.dashboard-panel button:hover,
+.schema-summary-card:hover {
+    border-color: var(--border-light);
+    background: var(--bg-hover);
+}
+
+.dashboard-stat .label,
+.dashboard-panel header h3 {
+    color: var(--text-secondary);
+    font-size: 11px;
+    font-weight: 700;
+    text-transform: uppercase;
+    letter-spacing: 0.45px;
+}
+
+.dashboard-stat strong {
+    color: var(--text-primary);
+    font-size: 26px;
+    line-height: 1;
+}
+
+.dashboard-stat .meta {
+    color: var(--text-muted);
+    font-size: 11px;
+}
+
+.dashboard-stat i {
+    position: absolute;
+    right: 12px;
+    bottom: 10px;
+    font-size: 18px;
+    opacity: 0.78;
+}
+
+.dashboard-grid {
+    display: grid;
+    grid-template-columns: minmax(0, 1.6fr) minmax(300px, 0.8fr);
+    gap: 14px;
+}
+
+.dashboard-panel {
+    padding: 12px;
+    margin-bottom: 12px;
+}
+
+.dashboard-panel header {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    gap: 10px;
+    margin-bottom: 10px;
+}
+
+.dashboard-panel-title {
+    display: flex;
+    min-width: 0;
+    flex-direction: column;
+    gap: 2px;
+}
+
+.dashboard-panel-title span {
+    color: var(--text-muted);
+    font-size: 11px;
+    line-height: 1.3;
+}
+
+.panel-link {
+    border: 0;
+    background: transparent;
+    color: var(--accent-blue);
+    font-size: 12px;
+    cursor: pointer;
+}
+
+.dashboard-table-row,
+.dashboard-recent-row,
+.dashboard-actions-grid button {
+    width: 100%;
+    border: 1px solid transparent;
+    border-radius: var(--radius-md);
+    background: transparent;
+    color: var(--text-primary);
+    font-family: var(--font-ui);
+    cursor: pointer;
+}
+
+.dashboard-table-row {
+    display: grid;
+    grid-template-columns: minmax(0, 1fr) auto 120px 20px;
+    gap: 12px;
+    align-items: center;
+    padding: 9px 8px;
+}
+
+.dashboard-table-row .table-name {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    min-width: 0;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.dashboard-table-row .row-count,
+.dashboard-empty {
+    color: var(--text-muted);
+    font-size: 12px;
+}
+
+.row-meter {
+    height: 8px;
+    display: block;
+    overflow: hidden;
+    border-radius: 999px;
+    background: var(--bg-tertiary);
+    border: 1px solid var(--border-color);
+}
+
+.row-meter span {
+    display: block;
+    height: 100%;
+    min-width: 0;
+    border-radius: inherit;
+    background: var(--accent-blue);
+    opacity: 0.86;
+}
+
+.dashboard-actions-grid {
+    display: grid;
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+    gap: 8px;
+}
+
+.dashboard-actions-grid button {
+    display: grid;
+    grid-template-columns: 24px minmax(0, 1fr);
+    grid-template-rows: auto auto;
+    gap: 2px 8px;
+    align-items: center;
+    padding: 10px;
+    text-align: left;
+    background: var(--bg-tertiary);
+}
+
+.dashboard-actions-grid i {
+    grid-row: 1 / span 2;
+    font-size: 17px;
+}
+
+.dashboard-actions-grid small,
+.dashboard-recent-row small {
+    color: var(--text-muted);
+    font-size: 11px;
+}
+
+.dashboard-recent-row {
+    display: grid;
+    grid-template-columns: 18px minmax(0, 1fr) auto;
+    align-items: center;
+    gap: 8px;
+    padding: 7px 8px;
+    text-align: left;
+}
+
+.dashboard-recent-row span {
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.dashboard-health-row {
+    display: flex;
+    justify-content: space-between;
+    gap: 12px;
+    padding: 6px 0;
+    border-top: 1px solid var(--border-color);
+    color: var(--text-secondary);
+}
+
+.dashboard-health-row:first-of-type {
+    border-top: 0;
+}
+
+.dashboard-health-row strong.ok {
+    color: var(--accent-green);
+}
+
+.object-header {
+    padding: 14px 16px 0;
+    margin-bottom: 0;
+}
+
+.data-toolbar {
+    min-height: 48px;
+    display: flex;
+    align-items: center;
+    gap: 12px;
+    padding: 8px 16px;
+    border-bottom: 1px solid var(--border-color);
+    background: var(--bg-secondary);
+    flex-shrink: 0;
+    overflow-x: auto;
+}
+
+.data-crumb {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    min-width: 190px;
+    color: var(--text-muted);
+    font-size: 12px;
+}
+
+.data-crumb button {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    min-width: 0;
+    border: 0;
+    background: transparent;
+    color: var(--text-muted);
+    font: inherit;
+    cursor: pointer;
+}
+
+.data-crumb button:hover { color: var(--text-primary); }
+
+.data-crumb strong {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    min-width: 0;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    color: var(--text-primary);
+    font-weight: 700;
+}
+
+.data-view-switcher {
+    display: inline-flex;
+    overflow: hidden;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-sm);
+    background: var(--bg-tertiary);
+    flex-shrink: 0;
+}
+
+.data-view-switcher button {
+    min-height: 28px;
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    padding: 0 11px;
+    border: 0;
+    border-right: 1px solid var(--border-color);
+    background: transparent;
+    color: var(--text-muted);
+    font-family: var(--font-ui);
+    font-size: 11px;
+    cursor: pointer;
+}
+
+.data-view-switcher button:last-child { border-right: 0; }
+
+.data-view-switcher button:hover,
+.data-view-switcher button.active {
+    color: var(--text-primary);
+    background: var(--bg-hover);
+}
+
+.data-view-switcher button.active {
+    color: var(--accent-blue);
+    font-weight: 700;
+}
+
+.data-view-switcher button span {
+    color: var(--text-muted);
+    font-size: 10px;
+}
+
+.data-toolbar-group {
+    display: inline-flex;
+    align-items: center;
+    gap: 4px;
+    padding-left: 10px;
+    border-left: 1px solid var(--border-color);
+    flex-shrink: 0;
+}
+
+.data-toolbar-btn {
+    min-height: 28px;
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    gap: 6px;
+    padding: 0 10px;
+    border: 1px solid transparent;
+    border-radius: var(--radius-sm);
+    background: transparent;
+    color: var(--text-secondary);
+    font-family: var(--font-ui);
+    font-size: 11px;
+    cursor: pointer;
+    white-space: nowrap;
+}
+
+.data-toolbar-btn:hover:not(:disabled),
+.data-toolbar-btn.active {
+    color: var(--text-primary);
+    border-color: var(--border-color);
+    background: var(--bg-hover);
+}
+
+.data-toolbar-btn.primary {
+    color: #0a0b13;
+    border-color: var(--accent-blue);
+    background: var(--accent-blue);
+    font-weight: 700;
+}
+
+.data-toolbar-btn.danger {
+    color: var(--accent-red);
+}
+
+.data-toolbar-btn.danger:hover:not(:disabled) {
+    border-color: rgba(247, 118, 142, 0.35);
+    background: rgba(247, 118, 142, 0.12);
+}
+
+.data-toolbar-btn:disabled {
+    opacity: 0.42;
+    cursor: not-allowed;
+}
+
+.data-pager {
+    margin-left: auto;
+    display: inline-flex;
+    align-items: center;
+    gap: 8px;
+    color: var(--text-muted);
+    font-size: 11px;
+    white-space: nowrap;
+    flex-shrink: 0;
+}
+
+.data-pager span {
+    color: var(--text-secondary);
+    font-variant-numeric: tabular-nums;
+}
+
+.data-pager button {
+    width: 24px;
+    height: 24px;
+    display: grid;
+    place-items: center;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-sm);
+    background: var(--bg-tertiary);
+    color: var(--text-secondary);
+    cursor: pointer;
+}
+
+.data-pager button:hover:not(:disabled) {
+    color: var(--text-primary);
+    border-color: var(--border-light);
+}
+
+.data-pager button:disabled {
+    opacity: 0.42;
+    cursor: not-allowed;
+}
+
+.collection-tab {
+    gap: 12px;
+}
+
+.collection-key-lookup {
+    min-height: 28px;
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    min-width: 220px;
+    padding: 0 8px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-sm);
+    background: var(--bg-tertiary);
+    color: var(--text-secondary);
+    flex-shrink: 0;
+}
+
+.collection-key-lookup input {
+    min-width: 0;
+    width: 150px;
+    border: 0;
+    outline: 0;
+    color: var(--text-primary);
+    background: transparent;
+    font: inherit;
+    font-size: 11px;
+}
+
+.collection-key-lookup button {
+    width: 22px;
+    height: 22px;
+    display: grid;
+    place-items: center;
+    border: 0;
+    color: var(--text-secondary);
+    background: transparent;
+    cursor: pointer;
+}
+
+.collection-key-lookup button:hover:not(:disabled) {
+    color: var(--text-primary);
+}
+
+.collection-key-lookup button:disabled {
+    opacity: 0.42;
+    cursor: not-allowed;
+}
+
+.data-pager select {
+    min-height: 24px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-sm);
+    background: var(--bg-tertiary);
+    color: var(--text-secondary);
+    font-family: var(--font-ui);
+    font-size: 11px;
+}
+
+.collection-browser {
+    min-height: 0;
+    flex: 1;
+    display: grid;
+    grid-template-columns: minmax(360px, 1fr) minmax(360px, 0.8fr);
+    gap: 12px;
+    padding: 0 16px 16px;
+}
+
+.collection-list,
+.collection-detail {
+    min-height: 0;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-md);
+    background: var(--bg-secondary);
+    overflow: hidden;
+}
+
+.collection-list {
+    overflow: auto;
+}
+
+.collection-grid tbody tr {
+    cursor: pointer;
+}
+
+.collection-key-cell {
+    width: 28%;
+    font-family: var(--font-mono);
+    color: var(--accent-cyan);
+}
+
+.collection-preview-cell {
+    max-width: 520px;
+    overflow: hidden;
+    color: var(--text-secondary);
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.collection-detail {
+    display: flex;
+    flex-direction: column;
+    gap: 12px;
+    padding: 14px;
+}
+
+.collection-detail-header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    gap: 12px;
+}
+
+.collection-detail-header > div {
+    min-width: 0;
+    display: grid;
+    gap: 2px;
+}
+
+.collection-detail-header strong {
+    overflow: hidden;
+    font-family: var(--font-mono);
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.collection-detail-label {
+    color: var(--text-muted);
+    font-size: 10px;
+    font-weight: 700;
+    text-transform: uppercase;
+    letter-spacing: 0.6px;
+}
+
+.collection-dirty-badge {
+    flex: 0 0 auto;
+    padding: 2px 8px;
+    border: 1px solid rgba(224, 175, 104, 0.35);
+    border-radius: var(--radius-sm);
+    color: var(--accent-yellow);
+    background: rgba(224, 175, 104, 0.1);
+    font-size: 11px;
+}
+
+.collection-json-field {
+    flex: 1;
+    min-height: 0;
+}
+
+.collection-json-editor {
+    flex: 1;
+    min-height: 280px;
+    font-family: var(--font-mono);
+}
+
+.collection-alert {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    margin: 0 16px;
+    padding: 8px 12px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-sm);
+    color: var(--text-secondary);
+    background: var(--bg-secondary);
+}
+
+.collection-alert.error {
+    border-color: rgba(247, 118, 142, 0.35);
+    color: var(--accent-red);
+    background: rgba(247, 118, 142, 0.08);
+}
+
+.collection-detail .collection-alert {
+    margin: 0;
+}
+
+.collection-empty-detail {
+    min-height: 220px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 8px;
+    color: var(--text-muted);
+}
+
+@media (max-width: 980px) {
+    .collection-browser {
+        grid-template-columns: 1fr;
+    }
+
+    .collection-key-lookup {
+        min-width: 0;
+        width: 100%;
+    }
+}
+
+.data-filter-bar {
+    min-height: 36px;
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    padding: 6px 16px;
+    border-bottom: 1px solid var(--border-color);
+    background: var(--bg-primary);
+    flex-wrap: wrap;
+    flex-shrink: 0;
+}
+
+.data-filter-label {
+    color: var(--text-muted);
+    font-size: 11px;
+    font-weight: 700;
+    text-transform: uppercase;
+    letter-spacing: 0.55px;
+}
+
+.data-filter-empty {
+    color: var(--text-muted);
+    font-size: 11px;
+}
+
+.data-filter-chip {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    min-height: 24px;
+    padding: 2px 4px 2px 10px;
+    border: 1px solid var(--border-color);
+    border-radius: 999px;
+    background: var(--bg-tertiary);
+    color: var(--text-primary);
+    font-size: 11.5px;
+}
+
+.data-filter-chip .col {
+    color: var(--accent-blue);
+    font-weight: 700;
+}
+
+.data-filter-chip .op {
+    color: var(--text-muted);
+    font-family: var(--font-mono);
+}
+
+.data-filter-chip .val {
+    color: var(--accent-green);
+    font-family: var(--font-mono);
+}
+
+.data-filter-chip button {
+    width: 18px;
+    height: 18px;
+    display: grid;
+    place-items: center;
+    border: 0;
+    border-radius: 999px;
+    background: transparent;
+    color: var(--text-muted);
+    cursor: pointer;
+}
+
+.data-filter-chip button:hover {
+    color: var(--text-primary);
+    background: var(--bg-hover);
+}
+
+.data-add-filter {
+    min-height: 24px;
+    display: inline-flex;
+    align-items: center;
+    gap: 5px;
+    padding: 0 10px;
+    border: 1px dashed var(--border-color);
+    border-radius: 999px;
+    background: transparent;
+    color: var(--text-muted);
+    font-size: 11px;
+    cursor: pointer;
+}
+
+.data-add-filter:hover {
+    color: var(--text-primary);
+    border-color: var(--border-light);
+}
+
+.data-filter-summary {
+    margin-left: auto;
+    color: var(--text-muted);
+    font-size: 11px;
+}
+
+.data-bulk-bar {
+    position: sticky;
+    bottom: 0;
+    z-index: 5;
+    display: flex;
+    align-items: center;
+    gap: 12px;
+    min-height: 44px;
+    padding: 8px 16px;
+    border-top: 1px solid var(--border-light);
+    background: var(--bg-elevated);
+    box-shadow: 0 -8px 24px rgba(0, 0, 0, 0.28);
+    color: var(--text-secondary);
+    font-size: 12px;
+    flex-shrink: 0;
+}
+
+.data-bulk-bar .count {
+    padding: 2px 9px;
+    border-radius: 999px;
+    background: var(--accent-blue);
+    color: #0a0b13;
+    font-weight: 700;
+}
+
+.data-bulk-bar .actions {
+    margin-left: auto;
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+}
+
+.bulk-edit-modal,
+.table-filter-modal {
+    max-width: 520px;
+}
+
+.bulk-edit-modal .modal-body,
+.table-filter-modal .modal-body {
+    white-space: normal;
+}
+
+.bulk-edit-summary,
+.table-filter-summary {
+    margin: 0 0 14px;
+    color: var(--text-secondary);
+}
+
+.bulk-edit-summary strong,
+.table-filter-summary strong {
+    color: var(--text-primary);
+}
+
+.bulk-edit-form,
+.table-filter-form {
+    display: flex;
+    flex-direction: column;
+    gap: 12px;
+}
+
+.bulk-edit-form label,
+.table-filter-form label {
+    display: flex;
+    flex-direction: column;
+    gap: 6px;
+    color: var(--text-secondary);
+    font-size: 11px;
+    font-weight: 700;
+    text-transform: uppercase;
+    letter-spacing: 0.45px;
+}
+
+.bulk-edit-form .modal-input,
+.table-filter-form .modal-input {
+    margin-top: 0;
+    font-family: var(--font-mono);
+}
+
+.bulk-null-row {
+    flex-direction: row !important;
+    align-items: center;
+    gap: 8px !important;
+    min-height: 26px;
+    color: var(--text-primary) !important;
+    font-size: 12px !important;
+    font-weight: 500 !important;
+    text-transform: none !important;
+    letter-spacing: 0 !important;
+}
+
+.bulk-null-row input {
+    width: 14px;
+    height: 14px;
+    accent-color: var(--accent-blue);
+}
+
+.bulk-null-row input:disabled,
+.bulk-null-row input:disabled + span {
+    opacity: 0.5;
+}
+
+.bulk-edit-note {
+    display: inline-flex;
+    align-items: center;
+    gap: 7px;
+    padding: 8px 10px;
+    border: 1px solid rgba(224, 175, 104, 0.25);
+    border-radius: var(--radius-sm);
+    background: rgba(224, 175, 104, 0.08);
+    color: var(--accent-yellow);
+    font-size: 12px;
+}
+
+.schema-subnav {
+    position: sticky;
+    top: 0;
+    z-index: 2;
+    display: flex;
+    gap: 6px;
+    padding: 0 0 12px;
+    background: var(--bg-primary);
+}
+
+.schema-subnav button {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    height: 30px;
+    padding: 0 11px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-md);
+    background: var(--bg-secondary);
+    color: var(--text-secondary);
+    font-size: 12px;
+    font-family: var(--font-ui);
+    cursor: pointer;
+}
+
+.schema-subnav button:hover,
+.schema-subnav button.active {
+    color: var(--text-primary);
+    border-color: var(--border-light);
+    background: var(--bg-hover);
+}
+
+.schema-subnav button.active {
+    box-shadow: inset 0 2px 0 var(--accent-blue);
+}
+
+.schema-subnav button span {
+    color: var(--text-muted);
+    font-size: 11px;
+}
+
+.schema-summary-grid {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(160px, 1fr));
+    gap: 10px;
+    margin-bottom: 12px;
+}
+
+.schema-summary-card {
+    display: flex;
+    flex-direction: column;
+    gap: 4px;
+    min-height: 96px;
+    padding: 12px;
+    color: var(--text-secondary);
+    text-align: left;
+    font-family: var(--font-ui);
+    cursor: pointer;
+}
+
+.schema-summary-card span {
+    color: var(--text-muted);
+    font-size: 11px;
+    text-transform: uppercase;
+    letter-spacing: 0.4px;
+}
+
+.schema-summary-card strong {
+    color: var(--text-primary);
+    font-size: 28px;
+    line-height: 1;
+}
+
+.schema-summary-card small {
+    color: var(--text-secondary);
+    font-size: 12px;
+}
+
+.query-workspace {
+    display: grid;
+    grid-template-columns: minmax(0, 1fr) 280px;
+    flex: 1;
+    min-height: 0;
+    overflow: hidden;
+}
+
+.query-main-stack {
+    min-width: 0;
+    min-height: 0;
+    display: flex;
+    flex-direction: column;
+    overflow: hidden;
+}
+
+.query-result-tabs {
+    display: flex;
+    align-items: stretch;
+    border-bottom: 1px solid var(--border-color);
+    background: var(--bg-secondary);
+    flex-shrink: 0;
+}
+
+.query-result-tabs button {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    min-height: 34px;
+    padding: 0 13px;
+    border: 0;
+    border-right: 1px solid var(--border-color);
+    border-top: 2px solid transparent;
+    background: transparent;
+    color: var(--text-muted);
+    font-family: var(--font-ui);
+    font-size: 12px;
+    cursor: pointer;
+}
+
+.query-result-tabs button:hover,
+.query-result-tabs button.active {
+    color: var(--text-primary);
+    background: var(--bg-primary);
+}
+
+.query-result-tabs button.active {
+    border-top-color: var(--accent-blue);
+}
+
+.query-result-tabs button span:not(:empty) {
+    min-width: 18px;
+    padding: 1px 6px;
+    border-radius: 999px;
+    background: rgba(122, 162, 247, 0.16);
+    color: var(--accent-blue);
+    font-size: 10px;
+    text-align: center;
+}
+
+.query-result-meta {
+    margin-left: auto;
+    display: flex;
+    align-items: center;
+    gap: 12px;
+    padding: 0 12px;
+    color: var(--text-muted);
+    font-size: 11px;
+}
+
+.query-result-body {
+    flex: 1;
+    min-height: 0;
+    overflow: auto;
+}
+
+.query-result-body > .grid-container {
+    height: 100%;
+}
+
+.query-detail-pane {
+    padding: 18px;
+    color: var(--text-secondary);
+}
+
+.query-detail-pane h3 {
+    margin-bottom: 8px;
+    color: var(--text-primary);
+    font-size: 13px;
+}
+
+.query-detail-pane .ok {
+    color: var(--accent-green);
+}
+
+.query-detail-pane .danger {
+    color: var(--accent-red);
+}
+
+.query-stat-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(160px, 1fr));
+    gap: 10px;
+    padding: 14px;
+}
+
+.query-stat-grid > div {
+    display: flex;
+    flex-direction: column;
+    gap: 4px;
+    padding: 12px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-md);
+    background: var(--bg-elevated);
+}
+
+.query-stat-grid span {
+    color: var(--text-muted);
+    font-size: 11px;
+    text-transform: uppercase;
+    letter-spacing: 0.4px;
+}
+
+.query-stat-grid strong {
+    color: var(--text-primary);
+    font-size: 16px;
+}
+
+.query-history-rail {
+    display: flex;
+    flex-direction: column;
+    min-width: 0;
+    border-left: 1px solid var(--border-color);
+    background: var(--bg-secondary);
+}
+
+.query-history-rail header {
+    height: 34px;
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    padding: 0 10px 0 12px;
+    border-bottom: 1px solid var(--border-color);
+    color: var(--text-secondary);
+    font-size: 11px;
+    font-weight: 700;
+    text-transform: uppercase;
+    letter-spacing: 0.45px;
+}
+
+.query-history-rail header button {
+    width: 24px;
+    height: 24px;
+    border: 0;
+    border-radius: var(--radius-sm);
+    background: transparent;
+    color: var(--text-muted);
+    cursor: pointer;
+}
+
+.query-history-rail header button:hover:not(:disabled) {
+    color: var(--text-primary);
+    background: var(--bg-hover);
+}
+
+.query-history-empty {
+    padding: 12px;
+    color: var(--text-muted);
+    font-size: 12px;
+}
+
+.query-history-item {
+    display: flex;
+    flex-direction: column;
+    gap: 3px;
+    width: 100%;
+    padding: 9px 12px;
+    border: 0;
+    border-bottom: 1px solid var(--border-color);
+    background: transparent;
+    color: var(--text-primary);
+    text-align: left;
+    font-family: var(--font-ui);
+    cursor: pointer;
+}
+
+.query-history-item:hover {
+    background: var(--bg-hover);
+}
+
+.query-history-item strong,
+.query-history-item span {
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.query-history-item strong {
+    font-family: var(--font-mono);
+    font-size: 11px;
+    font-weight: 500;
+}
+
+.query-history-item span,
+.query-history-item small {
+    color: var(--text-muted);
+    font-size: 11px;
+}
+
+.heavy-layout {
+    display: grid;
+    grid-template-columns: 220px minmax(0, 1fr);
+    flex: 1;
+    min-height: 0;
+    overflow: hidden;
+}
+
+.heavy-rail {
+    display: flex;
+    flex-direction: column;
+    overflow-y: auto;
+    border-right: 1px solid var(--border-color);
+    background: var(--bg-secondary);
+}
+
+.heavy-rail-head {
+    padding: 12px 14px 9px;
+    border-bottom: 1px solid var(--border-color);
+    color: var(--text-muted);
+    font-size: 11px;
+    font-weight: 700;
+    text-transform: uppercase;
+    letter-spacing: 0.55px;
+}
+
+.heavy-rail-section {
+    padding: 8px 0 4px;
+}
+
+.heavy-rail-label {
+    padding: 4px 14px;
+    color: var(--text-muted);
+    font-size: 10px;
+    font-weight: 700;
+    text-transform: uppercase;
+    letter-spacing: 0.55px;
+}
+
+.heavy-rail-item {
+    display: flex;
+    align-items: center;
+    gap: 9px;
+    min-height: 32px;
+    padding: 0 12px;
+    border-left: 2px solid transparent;
+    color: var(--text-secondary);
+    font-size: 12px;
+    text-decoration: none;
+}
+
+.heavy-rail-item:hover,
+.heavy-rail-item.active {
+    color: var(--text-primary);
+    background: var(--bg-hover);
+    text-decoration: none;
+}
+
+.heavy-rail-item.active {
+    border-left-color: var(--accent-blue);
+    background: var(--sidebar-active-bg);
+}
+
+.heavy-rail-item i {
+    width: 16px;
+    color: var(--text-muted);
+    text-align: center;
+}
+
+.heavy-rail-item.active i {
+    color: var(--accent-blue);
+}
+
+.heavy-rail-item .badge {
+    margin-left: auto;
+    padding: 1px 7px;
+    border-radius: 999px;
+    background: var(--bg-tertiary);
+    color: var(--text-muted);
+    font-size: 10px;
+}
+
+.heavy-rail-item .badge.warn {
+    background: rgba(224, 175, 104, 0.16);
+    color: var(--accent-yellow);
+}
+
+.heavy-pane {
+    overflow-y: auto;
+    min-width: 0;
+}
+
+.storage-tab .toolbar-info {
+    min-width: 0;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.storage-tab .schema-table td,
+.storage-tab .schema-table th {
+    overflow-wrap: anywhere;
+}
+
+.storage-tab .schema-table .mono-cell {
+    word-break: break-all;
+}
+
+.heavy-summary-strip {
+    display: grid;
+    grid-template-columns: repeat(4, minmax(120px, 1fr));
+    gap: 10px;
+}
+
+.heavy-summary-strip > div {
+    display: flex;
+    flex-direction: column;
+    gap: 4px;
+    padding: 11px 12px;
+}
+
+.heavy-summary-strip span {
+    color: var(--text-muted);
+    font-size: 11px;
+    text-transform: uppercase;
+    letter-spacing: 0.4px;
+}
+
+.heavy-summary-strip strong {
+    color: var(--text-primary);
+    font-size: 18px;
+}
+
+/* Host callback catalog */
+.callbacks-tab {
+    --callbacks-builtins-height: 240px;
+    --callbacks-detail-width: 420px;
+    --callbacks-diagnostics-height: 240px;
+    height: 100%;
+    display: flex;
+    flex-direction: column;
+    min-height: 0;
+}
+
+.callbacks-tab .data-toolbar {
+    display: grid;
+    grid-template-columns: minmax(0, 1fr);
+    justify-content: start;
+    align-items: start;
+    gap: 8px 12px;
+    overflow-x: visible;
+}
+
+.callbacks-tab .data-crumb {
+    min-width: 0;
+}
+
+.callbacks-tab .data-pager {
+    grid-column: 1;
+    margin-left: 0;
+    justify-self: start;
+}
+
+.callbacks-readiness-group {
+    grid-column: 1;
+    justify-self: start;
+    padding-left: 0;
+    border-left: 0;
+}
+
+.callbacks-actions {
+    grid-column: 1;
+    padding-left: 0;
+    border-left: 0;
+}
+
+.callbacks-scope-toggle {
+    grid-column: 1;
+    justify-self: start;
+    display: inline-flex;
+    gap: 2px;
+    padding: 2px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-sm);
+    background: var(--bg-tertiary);
+}
+
+.callbacks-scope-btn {
+    height: 24px;
+    padding: 0 10px;
+    border: 0;
+    border-radius: 4px;
+    background: transparent;
+    color: var(--text-secondary);
+    font-size: 12px;
+    font-weight: 700;
+    cursor: pointer;
+}
+
+.callbacks-scope-btn:hover,
+.callbacks-scope-btn.active {
+    background: var(--bg-elevated);
+    color: var(--text-primary);
+}
+
+.callbacks-filter-bar {
+    grid-column: 1;
+    width: min(100%, 360px);
+    min-width: 0;
+    flex: 1;
+    flex-wrap: wrap;
+    padding-left: 0;
+    border-left: 0;
+}
+
+.callbacks-filter,
+.callbacks-search {
+    height: 28px;
+    min-width: 0;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-sm);
+    background: var(--bg-tertiary);
+    color: var(--text-primary);
+    font-size: 12px;
+}
+
+.callbacks-filter {
+    width: 150px;
+    padding: 0 8px;
+}
+
+.callbacks-filter.status {
+    width: 128px;
+}
+
+.callbacks-search {
+    width: min(360px, 100%);
+    padding: 0 10px;
+}
+
+.callbacks-readiness-badge {
+    display: inline-flex;
+    align-items: center;
+    min-height: 24px;
+    max-width: 220px;
+    padding: 2px 8px;
+    border: 1px solid var(--border-color);
+    border-radius: 999px;
+    background: var(--bg-tertiary);
+    color: var(--text-secondary);
+    font-size: 11px;
+    font-weight: 700;
+    white-space: nowrap;
+}
+
+.callbacks-readiness-badge.ready {
+    border-color: rgba(158, 206, 106, 0.35);
+    background: rgba(158, 206, 106, 0.1);
+    color: var(--accent-green);
+}
+
+.callbacks-readiness-badge.missing {
+    border-color: rgba(224, 175, 104, 0.4);
+    background: rgba(224, 175, 104, 0.12);
+    color: var(--accent-yellow);
+}
+
+.callbacks-builtins-panel {
+    flex: 0 0 var(--callbacks-builtins-height);
+    min-height: 120px;
+    max-height: 520px;
+    overflow: auto;
+    padding: 14px;
+    border-top: 1px solid var(--border-color);
+    background: var(--bg-secondary);
+}
+
+.callbacks-splitter {
+    flex: 0 0 auto;
+    position: relative;
+    background: var(--bg-primary);
+    user-select: none;
+    z-index: 2;
+}
+
+.callbacks-splitter::before {
+    content: "";
+    position: absolute;
+    background: var(--border-color);
+    transition: background 0.15s ease, box-shadow 0.15s ease;
+}
+
+.callbacks-splitter:hover::before {
+    background: var(--accent-blue);
+    box-shadow: 0 0 0 1px rgba(122, 162, 247, 0.16);
+}
+
+.callbacks-splitter-horizontal {
+    height: 8px;
+    cursor: row-resize;
+}
+
+.callbacks-splitter-horizontal::before {
+    left: 12px;
+    right: 12px;
+    top: 50%;
+    height: 1px;
+    transform: translateY(-50%);
+}
+
+.callbacks-splitter-vertical {
+    width: 8px;
+    cursor: col-resize;
+    background: var(--bg-primary);
+}
+
+.callbacks-splitter-vertical::before {
+    top: 12px;
+    bottom: 12px;
+    left: 50%;
+    width: 1px;
+    transform: translateX(-50%);
+}
+
+.callbacks-builtins-head {
+    display: flex;
+    align-items: flex-start;
+    justify-content: space-between;
+    gap: 12px;
+    margin-bottom: 6px;
+}
+
+.callbacks-builtins-head h3 {
+    margin: 2px 0 0;
+    color: var(--text-primary);
+    font-size: 15px;
+}
+
+.callbacks-builtins-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
+    gap: 12px;
+}
+
+.callbacks-builtins-group {
+    min-width: 0;
+}
+
+.callbacks-builtins-group h4 {
+    margin: 0 0 6px;
+    color: var(--text-secondary);
+    font-size: 11px;
+    font-weight: 700;
+    letter-spacing: 0.5px;
+    text-transform: uppercase;
+}
+
+.callbacks-builtins-list {
+    display: grid;
+    gap: 6px;
+}
+
+.callbacks-builtin-item {
+    min-width: 0;
+    padding: 8px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-sm);
+    background: var(--bg-tertiary);
+}
+
+.callbacks-builtin-item strong,
+.callbacks-builtin-item code,
+.callbacks-builtin-item span {
+    display: block;
+}
+
+.callbacks-builtin-item strong {
+    color: var(--accent-blue);
+    font-size: 12px;
+}
+
+.callbacks-builtin-item code {
+    margin-top: 3px;
+    color: var(--text-primary);
+    font-size: 11px;
+    white-space: normal;
+}
+
+.callbacks-builtin-item span {
+    margin-top: 3px;
+    color: var(--text-muted);
+    font-size: 11px;
+    line-height: 1.35;
+}
+
+.callbacks-layout {
+    display: grid;
+    grid-template-columns: minmax(360px, 1fr) 8px minmax(320px, var(--callbacks-detail-width));
+    flex: 1;
+    min-height: 0;
+    border-top: 1px solid var(--border-color);
+}
+
+.callbacks-list-panel,
+.callbacks-detail-panel {
+    min-width: 0;
+    min-height: 0;
+    overflow: auto;
+    background: var(--bg-secondary);
+}
+
+.callbacks-detail-panel {
+    padding: 14px;
+}
+
+.callbacks-empty {
+    padding: 28px 16px;
+    color: var(--text-muted);
+    font-size: 12px;
+    text-align: center;
+}
+
+.callbacks-empty.small {
+    padding: 8px 0;
+    text-align: left;
+}
+
+.callbacks-table {
+    border: none;
+    border-radius: 0;
+    min-width: 760px;
+}
+
+.callbacks-table th,
+.callbacks-table td {
+    overflow-wrap: normal;
+    word-break: normal;
+}
+
+.callbacks-table th {
+    white-space: nowrap;
+}
+
+.callbacks-table .mono-cell {
+    overflow-wrap: anywhere;
+}
+
+.callbacks-row {
+    cursor: pointer;
+}
+
+.callbacks-row:hover td,
+.callbacks-row.selected td {
+    background: var(--bg-hover);
+}
+
+.callbacks-row.missing td:first-child {
+    color: var(--accent-yellow);
+}
+
+.callbacks-row.selected td:first-child {
+    box-shadow: inset 3px 0 0 var(--accent-blue);
+}
+
+.callbacks-missing-icon {
+    margin-right: 6px;
+    color: var(--accent-yellow);
+}
+
+.callbacks-capability-cell {
+    color: var(--text-secondary);
+    font-size: 11px;
+}
+
+.callbacks-policy-badge {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    min-height: 20px;
+    padding: 2px 7px;
+    border: 1px solid var(--border-color);
+    border-radius: 999px;
+    font-size: 10px;
+    font-weight: 700;
+    text-transform: uppercase;
+    white-space: nowrap;
+}
+
+.callbacks-policy-badge.allowed {
+    border-color: rgba(158, 206, 106, 0.4);
+    background: rgba(158, 206, 106, 0.12);
+    color: var(--accent-green);
+}
+
+.callbacks-policy-badge.denied {
+    border-color: rgba(247, 118, 142, 0.4);
+    background: rgba(247, 118, 142, 0.12);
+    color: var(--accent-red);
+}
+
+.callbacks-policy-badge.missing {
+    border-color: rgba(224, 175, 104, 0.45);
+    background: rgba(224, 175, 104, 0.14);
+    color: var(--accent-yellow);
+}
+
+.callbacks-detail-head {
+    display: flex;
+    align-items: flex-start;
+    justify-content: space-between;
+    gap: 12px;
+    padding-bottom: 12px;
+    border-bottom: 1px solid var(--border-color);
+}
+
+.callbacks-detail-head h3 {
+    margin: 2px 0 0;
+    color: var(--text-primary);
+    font-size: 16px;
+    font-weight: 600;
+    overflow-wrap: anywhere;
+}
+
+.callbacks-eyebrow,
+.callbacks-runtime {
+    color: var(--text-muted);
+    font-size: 11px;
+    text-transform: uppercase;
+}
+
+.callbacks-runtime {
+    padding: 3px 8px;
+    border: 1px solid var(--border-color);
+    border-radius: 999px;
+    background: var(--bg-tertiary);
+    white-space: nowrap;
+}
+
+.callbacks-description {
+    margin: 12px 0;
+    color: var(--text-secondary);
+    font-size: 12px;
+    line-height: 1.45;
+}
+
+.callbacks-detail-actions {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 8px;
+    margin: 12px 0;
+}
+
+.callbacks-detail-table {
+    margin-top: 12px;
+}
+
+.callbacks-section {
+    margin-top: 16px;
+}
+
+.callbacks-section h4 {
+    margin: 0 0 8px;
+    color: var(--text-secondary);
+    font-size: 11px;
+    font-weight: 700;
+    text-transform: uppercase;
+}
+
+.callbacks-capabilities {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 6px;
+}
+
+.callbacks-chip {
+    max-width: 100%;
+    padding: 4px 7px;
+    border: 1px solid var(--border-color);
+    border-radius: 999px;
+    background: var(--bg-tertiary);
+    color: var(--text-secondary);
+    font-size: 11px;
+    overflow-wrap: anywhere;
+}
+
+.callbacks-policy-list {
+    display: grid;
+    gap: 8px;
+}
+
+.callbacks-policy-item {
+    display: grid;
+    grid-template-columns: minmax(0, 1fr) auto;
+    align-items: start;
+    gap: 10px;
+    padding: 9px 10px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-sm);
+    background: var(--bg-tertiary);
+}
+
+.callbacks-policy-main {
+    min-width: 0;
+}
+
+.callbacks-policy-main strong {
+    display: block;
+    color: var(--text-primary);
+    font-size: 12px;
+    overflow-wrap: anywhere;
+}
+
+.callbacks-policy-main span {
+    display: block;
+    margin-top: 2px;
+    color: var(--text-muted);
+    font-size: 11px;
+    overflow-wrap: anywhere;
+}
+
+.callbacks-policy-main p {
+    margin: 6px 0 0;
+    color: var(--text-secondary);
+    font-size: 11px;
+    line-height: 1.4;
+    overflow-wrap: anywhere;
+}
+
+.callbacks-reference-list {
+    display: grid;
+    gap: 8px;
+}
+
+.callbacks-reference-item {
+    display: grid;
+    gap: 4px;
+    padding: 9px 10px;
+    border: 1px solid var(--border-color);
+    border-radius: var(--radius-sm);
+    background: var(--bg-tertiary);
+}
+
+.callbacks-reference-item strong {
+    color: var(--text-primary);
+    font-size: 12px;
+    font-weight: 600;
+    overflow-wrap: anywhere;
+}
+
+.callbacks-reference-item span {
+    color: var(--text-muted);
+    font-size: 11px;
+}
+
+.callbacks-reference-item code {
+    color: var(--text-secondary);
+    font-size: 11px;
+    white-space: normal;
+    overflow-wrap: anywhere;
+}
+
+.callbacks-metadata-table th,
+.callbacks-metadata-table td {
+    overflow-wrap: anywhere;
+}
+
+.callbacks-diagnostics-panel {
+    border-top: 1px solid var(--border-color);
+    background: var(--bg-secondary);
+    flex: 0 0 var(--callbacks-diagnostics-height);
+    min-height: 140px;
+    max-height: 520px;
+    overflow: hidden;
+    display: flex;
+    flex-direction: column;
+}
+
+.callbacks-diagnostics-head {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    gap: 12px;
+    padding: 10px 14px;
+    border-bottom: 1px solid var(--border-color);
+}
+
+.callbacks-diagnostics-head h3 {
+    margin: 2px 0 0;
+    color: var(--text-primary);
+    font-size: 14px;
+    font-weight: 600;
+}
+
+.callbacks-diagnostics-table-wrap {
+    min-height: 0;
+    overflow: auto;
+}
+
+.callbacks-diagnostics-table {
+    min-width: 1180px;
+    border: none;
+    border-radius: 0;
+}
+
+.callbacks-diagnostics-table th,
+.callbacks-diagnostics-table td {
+    vertical-align: top;
+    overflow-wrap: anywhere;
+}
+
+.callbacks-diagnostics-table td {
+    font-size: 11px;
+}
+
+.callbacks-diagnostics-table td strong,
+.callbacks-diagnostics-table td span,
+.callbacks-diagnostics-table td small,
+.callbacks-diagnostics-table td code {
+    display: block;
+}
+
+.callbacks-diagnostics-table td strong {
+    color: var(--text-primary);
+    font-size: 12px;
+}
+
+.callbacks-diagnostics-table td span,
+.callbacks-diagnostics-table td small {
+    color: var(--text-muted);
+    margin-top: 3px;
+}
+
+.callbacks-diagnostics-table td code {
+    color: var(--text-secondary);
+    font-size: 11px;
+    white-space: normal;
+}
+
+.callbacks-diagnostics-table .callbacks-policy-badge {
+    display: inline-flex;
+    margin-top: 0;
+}
+
+@media (max-width: 1200px) {
+    .titlebar-toolbar .titlebar-action-btn span,
+    .titlebar-action-btn {
+        font-size: 0;
+    }
+
+    .titlebar-action-btn i {
+        font-size: 13px;
+    }
+
+    .dashboard-stats {
+        grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
+    }
+
+    .dashboard-grid {
+        grid-template-columns: 1fr;
+    }
+
+}
+
+@media (max-width: 980px) {
+    .query-workspace {
+        grid-template-columns: minmax(0, 1fr);
+    }
+
+    .query-history-rail {
+        display: none;
+    }
+}
+
+@media (max-width: 820px) {
+    .palette-launcher {
+        min-width: 44px;
+        width: 44px;
+        justify-content: center;
+    }
+
+    .palette-launcher span {
+        display: none;
+    }
+
+    .object-header,
+    .dashboard-header {
+        flex-direction: column;
+    }
+
+    .object-facts,
+    .schema-summary-grid,
+    .heavy-summary-strip {
+        grid-template-columns: 1fr;
+    }
+
+    .object-facts span {
+        flex: 1 1 140px;
+    }
+
+    .schema-subnav {
+        overflow-x: auto;
+    }
+
+    .heavy-layout {
+        grid-template-columns: minmax(0, 1fr);
+    }
+
+    .heavy-rail {
+        display: none;
+    }
+
+    .callbacks-layout {
+        grid-template-columns: minmax(0, 1fr);
+    }
+
+    .callbacks-layout > .callbacks-splitter-vertical {
+        display: none;
+    }
+
+    .callbacks-detail-panel {
+        border-left: none;
+        border-top: 1px solid var(--border-color);
+    }
+}
diff --git a/src/CSharpDB.Admin/wwwroot/js/interop.js b/src/CSharpDB.Admin/wwwroot/js/interop.js
index 43fa7b20..18fe975f 100644
--- a/src/CSharpDB.Admin/wwwroot/js/interop.js
+++ b/src/CSharpDB.Admin/wwwroot/js/interop.js
@@ -7,6 +7,24 @@ window.themeInterop = {
     }
 };
 
+window.fileInterop = {
+    downloadText: (fileName, contentType, content) => {
+        const blob = new Blob([content || ''], { type: contentType || 'text/plain;charset=utf-8' });
+        const url = URL.createObjectURL(blob);
+        const link = document.createElement('a');
+        link.href = url;
+        link.download = fileName || 'export.txt';
+        document.body.appendChild(link);
+        link.click();
+        document.body.removeChild(link);
+        URL.revokeObjectURL(url);
+    }
+};
+
+window.clipboardInterop = {
+    writeText: (text) => navigator.clipboard.writeText(text || '')
+};
+
 // Keyboard shortcut listener - invokes .NET methods
 window.keyboardInterop = {
     _dotNetRef: null,
@@ -35,6 +53,11 @@ window.keyboardInterop = {
             e.preventDefault();
             ref.invokeMethodAsync('OnKeyboardShortcut', 'NewQuery');
         }
+        // Ctrl+K: command palette
+        else if (e.ctrlKey && !e.shiftKey && e.key.toLowerCase() === 'k') {
+            e.preventDefault();
+            ref.invokeMethodAsync('OnKeyboardShortcut', 'OpenCommandPalette');
+        }
         // Ctrl+B: Toggle sidebar
         else if (e.ctrlKey && e.key === 'b') {
             e.preventDefault();
@@ -74,6 +97,19 @@ window.resizeInterop = {
     _queryEditorMax: 560,
     _queryEditorLayout: null,
     _queryEditorDotNetRef: null,
+    _callbacksActive: false,
+    _callbacksStartX: 0,
+    _callbacksStartY: 0,
+    _callbacksStartSize: 0,
+    _callbacksLayout: null,
+    _callbacksTarget: null,
+    _callbacksVariableName: '',
+    _callbacksMin: 0,
+    _callbacksMax: 0,
+    _callbacksDirection: 1,
+    _callbacksStorageKey: '',
+    _callbacksAxis: 'y',
+    _callbacksTargetName: '',
 
     initSidebar: (dotNetRef, minWidth, maxWidth) => {
         window.resizeInterop._dotNetRef = dotNetRef;
@@ -236,6 +272,170 @@ window.resizeInterop = {
         document.body.style.userSelect = '';
         document.removeEventListener('mousemove', window.resizeInterop._onQueryEditorMove);
         document.removeEventListener('mouseup', window.resizeInterop._onQueryEditorUp);
+    },
+
+    initCallbacksLayout: (layout) => {
+        if (!layout) return;
+
+        const storedSizes = [
+            ['--callbacks-builtins-height', 'csharpdb-callbacks-builtins-height'],
+            ['--callbacks-detail-width', 'csharpdb-callbacks-detail-width'],
+            ['--callbacks-diagnostics-height', 'csharpdb-callbacks-diagnostics-height']
+        ];
+
+        for (const [variableName, storageKey] of storedSizes) {
+            const storedValue = localStorage.getItem(storageKey);
+            const size = parseInt(storedValue || '', 10);
+            if (Number.isFinite(size) && size > 0) {
+                layout.style.setProperty(variableName, size + 'px');
+            }
+        }
+    },
+
+    startCallbacksResize: (e, layout, targetElement, targetName, variableName, minSize, maxSize, direction, storageKey) => {
+        if (!layout || !variableName) return;
+
+        if (window.resizeInterop._callbacksActive) {
+            window.resizeInterop._onCallbacksResizeUp();
+        }
+
+        const target = window.resizeInterop._resolveCallbacksResizeTarget(layout, targetElement, targetName);
+        const axis = targetName === 'detail' ? 'x' : 'y';
+        const startSize = window.resizeInterop._getCallbacksResizeSize(layout, target, targetName, variableName, axis);
+
+        window.resizeInterop._callbacksActive = true;
+        window.resizeInterop._callbacksStartX = e?.clientX || 0;
+        window.resizeInterop._callbacksStartY = e?.clientY || 0;
+        window.resizeInterop._callbacksStartSize = startSize;
+        window.resizeInterop._callbacksLayout = layout;
+        window.resizeInterop._callbacksTarget = target;
+        window.resizeInterop._callbacksTargetName = targetName || '';
+        window.resizeInterop._callbacksVariableName = variableName;
+        window.resizeInterop._callbacksMin = minSize || 0;
+        window.resizeInterop._callbacksMax = maxSize || 1000;
+        window.resizeInterop._callbacksDirection = direction || 1;
+        window.resizeInterop._callbacksStorageKey = storageKey || '';
+        window.resizeInterop._callbacksAxis = axis;
+
+        document.body.style.cursor = axis === 'x' ? 'col-resize' : 'row-resize';
+        document.body.style.userSelect = 'none';
+
+        document.addEventListener('mousemove', window.resizeInterop._onCallbacksResizeMove);
+        document.addEventListener('mouseup', window.resizeInterop._onCallbacksResizeUp);
+    },
+
+    _resolveCallbacksResizeTarget: (layout, targetElement, targetName) => {
+        if (targetElement && typeof targetElement.getBoundingClientRect === 'function') {
+            return targetElement;
+        }
+
+        if (!layout || typeof layout.querySelector !== 'function') {
+            return null;
+        }
+
+        if (targetName === 'builtins') {
+            return layout.querySelector('.callbacks-builtins-panel');
+        }
+
+        if (targetName === 'diagnostics') {
+            return layout.querySelector('.callbacks-diagnostics-panel');
+        }
+
+        if (targetName === 'detail') {
+            return layout.querySelector('.callbacks-detail-panel');
+        }
+
+        return null;
+    },
+
+    _getCallbacksResizeSize: (layout, target, targetName, variableName, axis) => {
+        const targetSize = axis === 'x'
+            ? target?.offsetWidth
+            : target?.offsetHeight;
+
+        if (Number.isFinite(targetSize) && targetSize > 0) {
+            return targetSize;
+        }
+
+        const cssSize = parseInt(getComputedStyle(layout).getPropertyValue(variableName) || '', 10);
+        if (Number.isFinite(cssSize) && cssSize > 0) {
+            return cssSize;
+        }
+
+        if (targetName === 'detail') return 420;
+        if (targetName === 'diagnostics') return 240;
+        return 240;
+    },
+
+    _getCallbacksResizeMax: () => {
+        const layout = window.resizeInterop._callbacksLayout;
+        const min = window.resizeInterop._callbacksMin;
+        const configuredMax = window.resizeInterop._callbacksMax;
+        const targetName = window.resizeInterop._callbacksTargetName;
+        const axis = window.resizeInterop._callbacksAxis;
+
+        if (!layout) {
+            return Math.max(min, configuredMax);
+        }
+
+        if (axis === 'x') {
+            const content = layout.querySelector?.('.callbacks-layout');
+            const contentWidth = content?.clientWidth || layout.clientWidth || window.innerWidth;
+            const layoutMax = Math.max(min, contentWidth - 368);
+            return Math.max(min, Math.min(configuredMax, layoutMax));
+        }
+
+        const toolbar = layout.querySelector?.('.data-toolbar');
+        const builtins = layout.querySelector?.('.callbacks-builtins-panel');
+        const diagnostics = layout.querySelector?.('.callbacks-diagnostics-panel');
+        const toolbarHeight = toolbar?.offsetHeight || 0;
+        const builtinsHeight = builtins?.offsetHeight || 0;
+        const diagnosticsHeight = diagnostics?.offsetHeight || 0;
+        const reservedMainHeight = 180;
+        const splitterHeight = 16;
+        const otherResizableHeight = targetName === 'builtins' ? diagnosticsHeight : builtinsHeight;
+        const layoutMax = Math.max(min, (layout.clientHeight || window.innerHeight) - toolbarHeight - splitterHeight - otherResizableHeight - reservedMainHeight);
+
+        return Math.max(min, Math.min(configuredMax, layoutMax));
+    },
+
+    _onCallbacksResizeMove: (e) => {
+        if (!window.resizeInterop._callbacksActive || !window.resizeInterop._callbacksLayout) return;
+
+        const axis = window.resizeInterop._callbacksAxis;
+        const delta = axis === 'x'
+            ? e.clientX - window.resizeInterop._callbacksStartX
+            : e.clientY - window.resizeInterop._callbacksStartY;
+        const min = window.resizeInterop._callbacksMin;
+        const max = window.resizeInterop._getCallbacksResizeMax();
+        let nextSize = window.resizeInterop._callbacksStartSize + (delta * window.resizeInterop._callbacksDirection);
+
+        nextSize = Math.max(min, Math.min(max, nextSize));
+        window.resizeInterop._callbacksLayout.style.setProperty(window.resizeInterop._callbacksVariableName, Math.round(nextSize) + 'px');
+    },
+
+    _onCallbacksResizeUp: () => {
+        const layout = window.resizeInterop._callbacksLayout;
+        const variableName = window.resizeInterop._callbacksVariableName;
+        const storageKey = window.resizeInterop._callbacksStorageKey;
+
+        if (layout && variableName && storageKey) {
+            const value = parseInt(getComputedStyle(layout).getPropertyValue(variableName) || '', 10);
+            if (Number.isFinite(value)) {
+                localStorage.setItem(storageKey, value + 'px');
+            }
+        }
+
+        window.resizeInterop._callbacksActive = false;
+        window.resizeInterop._callbacksLayout = null;
+        window.resizeInterop._callbacksTarget = null;
+        window.resizeInterop._callbacksVariableName = '';
+        window.resizeInterop._callbacksStorageKey = '';
+        window.resizeInterop._callbacksTargetName = '';
+        document.body.style.cursor = '';
+        document.body.style.userSelect = '';
+        document.removeEventListener('mousemove', window.resizeInterop._onCallbacksResizeMove);
+        document.removeEventListener('mouseup', window.resizeInterop._onCallbacksResizeUp);
     }
 };
 
diff --git a/src/CSharpDB.Api/Endpoints/CollectionEndpoints.cs b/src/CSharpDB.Api/Endpoints/CollectionEndpoints.cs
index e21b121b..22ef3121 100644
--- a/src/CSharpDB.Api/Endpoints/CollectionEndpoints.cs
+++ b/src/CSharpDB.Api/Endpoints/CollectionEndpoints.cs
@@ -14,6 +14,7 @@ public static RouteGroupBuilder MapCollectionEndpoints(this RouteGroupBuilder gr
         group.MapGet("/collections/{name}/document", GetDocument);
         group.MapPut("/collections/{name}/document", PutDocument);
         group.MapDelete("/collections/{name}/document", DeleteDocument);
+        group.MapDelete("/collections/{name}", DropCollection);
         return group;
     }
 
@@ -65,4 +66,10 @@ private static async Task<IResult> DeleteDocument(string name, string key, ICSha
             ? Results.NoContent()
             : Results.NotFound(new { error = $"Document '{key}' was not found in collection '{name}'." });
     }
+
+    private static async Task<IResult> DropCollection(string name, ICSharpDbClient db)
+    {
+        await db.DropCollectionAsync(name);
+        return Results.NoContent();
+    }
 }
diff --git a/src/CSharpDB.Client/CSharpDbClient.cs b/src/CSharpDB.Client/CSharpDbClient.cs
index e237a6fb..545c95bd 100644
--- a/src/CSharpDB.Client/CSharpDbClient.cs
+++ b/src/CSharpDB.Client/CSharpDbClient.cs
@@ -75,6 +75,7 @@ public static ICSharpDbClient Create(CSharpDbClientOptions options)
     public Task<System.Text.Json.JsonElement?> GetDocumentAsync(string collectionName, string key, CancellationToken ct = default) => _inner.GetDocumentAsync(collectionName, key, ct);
     public Task PutDocumentAsync(string collectionName, string key, System.Text.Json.JsonElement document, CancellationToken ct = default) => _inner.PutDocumentAsync(collectionName, key, document, ct);
     public Task<bool> DeleteDocumentAsync(string collectionName, string key, CancellationToken ct = default) => _inner.DeleteDocumentAsync(collectionName, key, ct);
+    public Task DropCollectionAsync(string collectionName, CancellationToken ct = default) => _inner.DropCollectionAsync(collectionName, ct);
     public Task CheckpointAsync(CancellationToken ct = default) => _inner.CheckpointAsync(ct);
     public Task<BackupResult> BackupAsync(BackupRequest request, CancellationToken ct = default) => _inner.BackupAsync(request, ct);
     public Task<RestoreResult> RestoreAsync(RestoreRequest request, CancellationToken ct = default) => _inner.RestoreAsync(request, ct);
diff --git a/src/CSharpDB.Client/ICSharpDbClient.cs b/src/CSharpDB.Client/ICSharpDbClient.cs
index 7eb8c5d5..c510af90 100644
--- a/src/CSharpDB.Client/ICSharpDbClient.cs
+++ b/src/CSharpDB.Client/ICSharpDbClient.cs
@@ -72,6 +72,7 @@ public interface ICSharpDbClient : IAsyncDisposable
     Task<JsonElement?> GetDocumentAsync(string collectionName, string key, CancellationToken ct = default);
     Task PutDocumentAsync(string collectionName, string key, JsonElement document, CancellationToken ct = default);
     Task<bool> DeleteDocumentAsync(string collectionName, string key, CancellationToken ct = default);
+    Task DropCollectionAsync(string collectionName, CancellationToken ct = default);
 
     Task CheckpointAsync(CancellationToken ct = default);
     Task<BackupResult> BackupAsync(BackupRequest request, CancellationToken ct = default);
diff --git a/src/CSharpDB.Client/Internal/EngineTransportClient.cs b/src/CSharpDB.Client/Internal/EngineTransportClient.cs
index 650e3ee1..213a90e2 100644
--- a/src/CSharpDB.Client/Internal/EngineTransportClient.cs
+++ b/src/CSharpDB.Client/Internal/EngineTransportClient.cs
@@ -415,6 +415,12 @@ public async Task<bool> DeleteDocumentAsync(string collectionName, string key, C
         return await collection.DeleteAsync(key, ct);
     }
 
+    public async Task DropCollectionAsync(string collectionName, CancellationToken ct = default)
+    {
+        string normalizedName = RequireIdentifier(collectionName, nameof(collectionName));
+        await (await GetDatabaseAsync(ct)).DropCollectionAsync(normalizedName, ct);
+    }
+
     public async Task CheckpointAsync(CancellationToken ct = default)
         => await (await GetDatabaseAsync(ct)).CheckpointAsync(ct);
 
@@ -1013,7 +1019,7 @@ private static string FormatSqlLiteral(object? value)
             long integer => integer.ToString(CultureInfo.InvariantCulture),
             double real => real.ToString(CultureInfo.InvariantCulture),
             string text => $"'{text.Replace("'", "''", StringComparison.Ordinal)}'",
-            byte[] => throw new CSharpDbClientException("Blob parameters are not supported by the engine-only client."),
+            byte[] blob => $"X'{Convert.ToHexString(blob)}'",
             _ => $"'{Convert.ToString(normalized, CultureInfo.InvariantCulture)?.Replace("'", "''", StringComparison.Ordinal) ?? string.Empty}'",
         };
     }
diff --git a/src/CSharpDB.Client/Internal/GrpcTransportClient.cs b/src/CSharpDB.Client/Internal/GrpcTransportClient.cs
index 85ab777f..4d9c3f02 100644
--- a/src/CSharpDB.Client/Internal/GrpcTransportClient.cs
+++ b/src/CSharpDB.Client/Internal/GrpcTransportClient.cs
@@ -344,6 +344,9 @@ public Task<bool> DeleteDocumentAsync(string collectionName, string key, Cancell
             Key = key,
         }, cancellationToken: ct), response => response.Value, ct);
 
+    public Task DropCollectionAsync(string collectionName, CancellationToken ct = default)
+        => CallEmptyAsync(_client.DropCollectionAsync(new CollectionNameRequest { CollectionName = collectionName }, cancellationToken: ct), ct);
+
     public Task CheckpointAsync(CancellationToken ct = default)
         => CallEmptyAsync(_client.CheckpointAsync(EmptyRequest, cancellationToken: ct), ct);
 
diff --git a/src/CSharpDB.Client/Internal/HttpTransportClient.cs b/src/CSharpDB.Client/Internal/HttpTransportClient.cs
index 949e150a..cae3aa88 100644
--- a/src/CSharpDB.Client/Internal/HttpTransportClient.cs
+++ b/src/CSharpDB.Client/Internal/HttpTransportClient.cs
@@ -550,6 +550,16 @@ public async Task<bool> DeleteDocumentAsync(string collectionName, string key, C
         return true;
     }
 
+    public async Task DropCollectionAsync(string collectionName, CancellationToken ct = default)
+    {
+        using var response = await SendAsync(
+            HttpMethod.Delete,
+            BuildUri($"api/collections/{Escape(collectionName)}"),
+            payload: null,
+            ct);
+        await EnsureSuccessAsync(response, ct);
+    }
+
     public async Task CheckpointAsync(CancellationToken ct = default)
     {
         using var response = await SendAsync(HttpMethod.Post, BuildUri("api/maintenance/checkpoint"), payload: null, ct);
diff --git a/src/CSharpDB.Client/Pipelines/CSharpDbPipelineComponents.cs b/src/CSharpDB.Client/Pipelines/CSharpDbPipelineComponents.cs
index baf7bcba..58883c82 100644
--- a/src/CSharpDB.Client/Pipelines/CSharpDbPipelineComponents.cs
+++ b/src/CSharpDB.Client/Pipelines/CSharpDbPipelineComponents.cs
@@ -4,17 +4,23 @@
 using CSharpDB.Pipelines.Runtime.BuiltIns;
 using System.Globalization;
 using System.Text.RegularExpressions;
+using DbExtensionPolicy = CSharpDB.Primitives.DbExtensionPolicy;
+using DbFunctionRegistry = CSharpDB.Primitives.DbFunctionRegistry;
 
 namespace CSharpDB.Client.Pipelines;
 
 public sealed class CSharpDbPipelineComponentFactory : IPipelineComponentFactory
 {
     private readonly ICSharpDbClient _client;
-    private readonly DefaultPipelineComponentFactory _fallback = new();
+    private readonly DefaultPipelineComponentFactory _fallback;
 
-    public CSharpDbPipelineComponentFactory(ICSharpDbClient client)
+    public CSharpDbPipelineComponentFactory(
+        ICSharpDbClient client,
+        DbFunctionRegistry? functions = null,
+        DbExtensionPolicy? callbackPolicy = null)
     {
         _client = client;
+        _fallback = new DefaultPipelineComponentFactory(functions, callbackPolicy);
     }
 
     public IPipelineSource CreateSource(PipelineSourceDefinition definition) => definition.Kind switch
diff --git a/src/CSharpDB.Client/Pipelines/CSharpDbPipelineRunner.cs b/src/CSharpDB.Client/Pipelines/CSharpDbPipelineRunner.cs
index 4ee14a02..3aea41a0 100644
--- a/src/CSharpDB.Client/Pipelines/CSharpDbPipelineRunner.cs
+++ b/src/CSharpDB.Client/Pipelines/CSharpDbPipelineRunner.cs
@@ -1,6 +1,7 @@
 using CSharpDB.Pipelines.Models;
 using CSharpDB.Pipelines.Runtime;
 using CSharpDB.Pipelines.Serialization;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Client.Pipelines;
 
@@ -8,11 +9,17 @@ public sealed class CSharpDbPipelineRunner
 {
     private readonly IPipelineOrchestrator _orchestrator;
 
-    public CSharpDbPipelineRunner(ICSharpDbClient client)
+    public CSharpDbPipelineRunner(
+        ICSharpDbClient client,
+        DbFunctionRegistry? functions = null,
+        DbCommandRegistry? commands = null,
+        DbExtensionPolicy? callbackPolicy = null)
         : this(new PipelineOrchestrator(
-            new CSharpDbPipelineComponentFactory(client),
+            new CSharpDbPipelineComponentFactory(client, functions, callbackPolicy),
             new CSharpDbPipelineCheckpointStore(client),
-            new CSharpDbPipelineRunLogger(client)))
+            new CSharpDbPipelineRunLogger(client),
+            commands,
+            callbackPolicy))
     {
     }
 
diff --git a/src/CSharpDB.Client/Pipelines/CSharpDbPipelineStorage.cs b/src/CSharpDB.Client/Pipelines/CSharpDbPipelineStorage.cs
index c70d185e..e3c71133 100644
--- a/src/CSharpDB.Client/Pipelines/CSharpDbPipelineStorage.cs
+++ b/src/CSharpDB.Client/Pipelines/CSharpDbPipelineStorage.cs
@@ -493,6 +493,7 @@ public async Task<PipelineDefinitionSummary> SavePipelineAsync(PipelinePackageDe
             Destination = package.Destination,
             Options = package.Options,
             Incremental = package.Incremental,
+            Hooks = package.Hooks,
         };
 
         string packageJson = PipelinePackageSerializer.Serialize(normalized);
diff --git a/src/CSharpDB.Client/Protos/csharpdb_rpc.proto b/src/CSharpDB.Client/Protos/csharpdb_rpc.proto
index dc6b4fd8..027594a1 100644
--- a/src/CSharpDB.Client/Protos/csharpdb_rpc.proto
+++ b/src/CSharpDB.Client/Protos/csharpdb_rpc.proto
@@ -71,6 +71,7 @@ service CSharpDbRpc {
   rpc GetDocument (GetDocumentRequest) returns (OptionalVariantValueResponse);
   rpc PutDocument (PutDocumentRequest) returns (google.protobuf.Empty);
   rpc DeleteDocument (DeleteDocumentRequest) returns (google.protobuf.BoolValue);
+  rpc DropCollection (CollectionNameRequest) returns (google.protobuf.Empty);
 
   rpc Checkpoint (google.protobuf.Empty) returns (google.protobuf.Empty);
   rpc Backup (BackupRequestMessage) returns (BackupResultMessage);
diff --git a/src/CSharpDB.Daemon/Grpc/CSharpDbRpcService.cs b/src/CSharpDB.Daemon/Grpc/CSharpDbRpcService.cs
index fbfc5fbd..ac421966 100644
--- a/src/CSharpDB.Daemon/Grpc/CSharpDbRpcService.cs
+++ b/src/CSharpDB.Daemon/Grpc/CSharpDbRpcService.cs
@@ -257,6 +257,9 @@ public override Task<Empty> PutDocument(PutDocumentRequest request, ServerCallCo
     public override Task<BoolValue> DeleteDocument(DeleteDocumentRequest request, ServerCallContext context)
         => ExecuteAsync(context, ct => client.DeleteDocumentAsync(request.CollectionName, request.Key, ct), value => new BoolValue { Value = value });
 
+    public override Task<Empty> DropCollection(CollectionNameRequest request, ServerCallContext context)
+        => ExecuteEmptyAsync(context, ct => client.DropCollectionAsync(request.CollectionName, ct));
+
     public override Task<Empty> Checkpoint(Empty request, ServerCallContext context)
         => ExecuteEmptyAsync(context, ct => client.CheckpointAsync(ct));
 
diff --git a/src/CSharpDB.Engine/CollectionDocumentCodec.cs b/src/CSharpDB.Engine/CollectionDocumentCodec.cs
index 65c8795b..05320c5a 100644
--- a/src/CSharpDB.Engine/CollectionDocumentCodec.cs
+++ b/src/CSharpDB.Engine/CollectionDocumentCodec.cs
@@ -86,10 +86,7 @@ public byte[] Encode(string key, T document)
 
             try
             {
-                T document = header.Format == CollectionPayloadCodec.CollectionPayloadFormat.Binary
-                    ? CollectionBinaryDocumentCodec.Decode<T>(documentPayload)
-                    : JsonSerializer.Deserialize<T>(documentPayload, s_jsonOptions)!;
-
+                T document = DecodeDirectDocumentPayload(documentPayload, header.Format);
                 return (key, document);
             }
             catch (Exception ex) when (IsFastHeaderFallbackCandidate(ex))
@@ -112,28 +109,14 @@ public T DecodeDocument(ReadOnlySpan<byte> payload)
             CollectionPayloadCodec.TryReadFastHeader(payload, out var header))
         {
             ReadOnlySpan<byte> documentPayload = CollectionPayloadCodec.GetDocumentPayload(payload, header);
-            if (header.Format == CollectionPayloadCodec.CollectionPayloadFormat.Binary)
+            try
             {
-                try
-                {
-                    return CollectionBinaryDocumentCodec.Decode<T>(documentPayload);
-                }
-                catch (Exception ex) when (IsFastHeaderFallbackCandidate(ex))
-                {
-                    // Fall through to the slower validated / legacy path if the fast binary probe
-                    // was triggered by a non-direct payload that happens to share the marker bytes.
-                }
+                return DecodeDirectDocumentPayload(documentPayload, header.Format);
             }
-            else
+            catch (Exception ex) when (IsFastHeaderFallbackCandidate(ex))
             {
-                try
-                {
-                    return JsonSerializer.Deserialize<T>(documentPayload, s_jsonOptions)!;
-                }
-                catch (Exception ex) when (IsFastHeaderFallbackCandidate(ex))
-                {
-                    // Fall through to the slower validated / legacy path.
-                }
+                // Fall through to the slower validated / legacy path if the fast probe
+                // was triggered by a non-direct payload that happens to share the marker bytes.
             }
         }
 
@@ -141,10 +124,7 @@ public T DecodeDocument(ReadOnlySpan<byte> payload)
             CollectionPayloadCodec.TryReadValidatedHeader(payload, out header))
         {
             ReadOnlySpan<byte> documentPayload = CollectionPayloadCodec.GetDocumentPayload(payload, header);
-            if (header.Format == CollectionPayloadCodec.CollectionPayloadFormat.Binary)
-                return CollectionBinaryDocumentCodec.Decode<T>(documentPayload);
-
-            return JsonSerializer.Deserialize<T>(documentPayload, s_jsonOptions)!;
+            return DecodeDirectDocumentPayload(documentPayload, header.Format);
         }
 
         return DecodeLegacy(payload).Document;
@@ -254,6 +234,30 @@ private string DecodeLegacyKey(ReadOnlySpan<byte> payload)
         return values[0].AsText;
     }
 
+    [RequiresUnreferencedCode("Collection<T> JSON deserialization requires reflection. Use SQL API for NativeAOT scenarios.")]
+    [RequiresDynamicCode("Collection<T> JSON deserialization requires runtime code generation. Use SQL API for NativeAOT scenarios.")]
+    private static T DecodeDirectDocumentPayload(
+        ReadOnlySpan<byte> documentPayload,
+        CollectionPayloadCodec.CollectionPayloadFormat format)
+    {
+        if (format == CollectionPayloadCodec.CollectionPayloadFormat.Binary)
+        {
+            if (typeof(T) == typeof(JsonElement))
+                return (T)(object)DecodeBinaryDocumentAsJsonElement(documentPayload);
+
+            return CollectionBinaryDocumentCodec.Decode<T>(documentPayload);
+        }
+
+        return JsonSerializer.Deserialize<T>(documentPayload, s_jsonOptions)!;
+    }
+
+    private static JsonElement DecodeBinaryDocumentAsJsonElement(ReadOnlySpan<byte> documentPayload)
+    {
+        byte[] jsonUtf8 = CollectionBinaryDocumentCodec.EncodeJsonUtf8(documentPayload);
+        using JsonDocument document = JsonDocument.Parse(jsonUtf8);
+        return document.RootElement.Clone();
+    }
+
     private static bool IsFastHeaderFallbackCandidate(Exception ex)
         => ex is CSharpDbException or JsonException or DecoderFallbackException or ArgumentOutOfRangeException or IndexOutOfRangeException or OverflowException;
 }
diff --git a/src/CSharpDB.Engine/Database.cs b/src/CSharpDB.Engine/Database.cs
index d35afbe4..e357faca 100644
--- a/src/CSharpDB.Engine/Database.cs
+++ b/src/CSharpDB.Engine/Database.cs
@@ -36,6 +36,7 @@ public sealed class Database : IAsyncDisposable
     private readonly IIndexProvider _indexProvider;
     private readonly ICatalogStore _catalogStore;
     private readonly AdvisoryStatisticsPersistenceMode _advisoryStatisticsPersistenceMode;
+    private readonly DbFunctionRegistry _functions;
     private readonly StatementCache _statementCache;
     private readonly HybridDatabasePersistenceCoordinator? _hybridPersistenceCoordinator;
     private readonly Dictionary<string, object> _collectionCache = new(StringComparer.Ordinal);
@@ -90,6 +91,7 @@ private Database(
         ICatalogStore catalogStore,
         AdvisoryStatisticsPersistenceMode advisoryStatisticsPersistenceMode,
         ImplicitInsertExecutionMode implicitInsertExecutionMode = ImplicitInsertExecutionMode.Serialized,
+        DbFunctionRegistry? functions = null,
         HybridDatabasePersistenceCoordinator? hybridPersistenceCoordinator = null)
     {
         _pager = pager;
@@ -99,6 +101,7 @@ private Database(
         _indexProvider = indexProvider;
         _catalogStore = catalogStore;
         _advisoryStatisticsPersistenceMode = advisoryStatisticsPersistenceMode;
+        _functions = functions ?? DbFunctionRegistry.Empty;
         _implicitInsertExecutionMode = implicitInsertExecutionMode;
         _hybridPersistenceCoordinator = hybridPersistenceCoordinator;
         _planner = new QueryPlanner(
@@ -107,7 +110,8 @@ private Database(
             _recordSerializer,
             nextRowIdHintProvider: TryGetSharedNextRowIdHint,
             nextRowIdReservationProvider: ReserveSharedNextRowId,
-            nextRowIdObservationProvider: ObserveSharedNextRowId);
+            nextRowIdObservationProvider: ObserveSharedNextRowId,
+            functions: _functions);
         _statementCache = new StatementCache(DefaultStatementCacheCapacity);
         _observedSchemaVersion = catalog.SchemaVersion;
         RefreshSharedNextRowIdHintsFromCatalog();
@@ -139,7 +143,8 @@ public async ValueTask<WriteTransaction> BeginWriteTransactionAsync(Cancellation
                 nextRowIdHintProvider: TryGetSharedNextRowIdHint,
                 nextRowIdReservationProvider: ReserveSharedNextRowId,
                 nextRowIdObservationProvider: ObserveSharedNextRowId,
-                useTransientNextRowIdHints: true)
+                useTransientNextRowIdHints: true,
+                functions: _functions)
             {
                 PreferSyncPointLookups = PreferSyncPointLookups,
             };
@@ -462,7 +467,8 @@ public static async ValueTask<Database> OpenInMemoryAsync(
             context.IndexProvider,
             context.CatalogStore,
             context.AdvisoryStatisticsPersistenceMode,
-            options.ImplicitInsertExecutionMode);
+            options.ImplicitInsertExecutionMode,
+            options.Functions);
     }
 
     /// <summary>
@@ -525,6 +531,7 @@ public static async ValueTask<Database> OpenHybridAsync(
                 snapshotContext.CatalogStore,
                 snapshotContext.AdvisoryStatisticsPersistenceMode,
                 options.ImplicitInsertExecutionMode,
+                options.Functions,
                 new HybridDatabasePersistenceCoordinator(fullPath, hybridOptions.PersistenceTriggers));
             return snapshotDatabase;
         }
@@ -538,7 +545,8 @@ public static async ValueTask<Database> OpenHybridAsync(
             context.IndexProvider,
             context.CatalogStore,
             context.AdvisoryStatisticsPersistenceMode,
-            options.ImplicitInsertExecutionMode);
+            options.ImplicitInsertExecutionMode,
+            options.Functions);
         try
         {
             await database.WarmHybridHotSetAsync(hybridOptions, ct);
@@ -596,7 +604,8 @@ public static async ValueTask<Database> LoadIntoMemoryAsync(
             context.IndexProvider,
             context.CatalogStore,
             context.AdvisoryStatisticsPersistenceMode,
-            options.ImplicitInsertExecutionMode);
+            options.ImplicitInsertExecutionMode,
+            options.Functions);
     }
 
     /// <summary>
@@ -618,7 +627,8 @@ public static async ValueTask<Database> OpenAsync(
             context.IndexProvider,
             context.CatalogStore,
             context.AdvisoryStatisticsPersistenceMode,
-            options.ImplicitInsertExecutionMode);
+            options.ImplicitInsertExecutionMode,
+            options.Functions);
     }
 
     /// <summary>
@@ -1014,6 +1024,7 @@ public ReaderSession CreateReaderSession()
             _recordSerializer,
             snapshot,
             _statementCache,
+            _functions,
             snapshotRowCounts);
     }
 
@@ -1399,6 +1410,12 @@ private static string BuildCollectionCacheKey(string catalogName, bool generated
             ? catalogName + GeneratedCollectionCacheSuffix
             : catalogName;
 
+    private void RemoveCachedCollection(string catalogName)
+    {
+        _collectionCache.Remove(catalogName);
+        _collectionCache.Remove(catalogName + GeneratedCollectionCacheSuffix);
+    }
+
     /// <summary>
     /// Returns the names of all document collections in the database.
     /// </summary>
@@ -1410,6 +1427,69 @@ public IReadOnlyCollection<string> GetCollectionNames()
             .ToArray();
     }
 
+    /// <summary>
+    /// Drop a document collection and its collection indexes.
+    /// </summary>
+    public async ValueTask DropCollectionAsync(string name, CancellationToken ct = default)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+
+        IDisposable? writeScope = _inTransaction
+            ? WriteOperationScope.NoOp
+            : await AcquireWriteOperationScopeAsync(ct);
+        try
+        {
+            InvalidateCachesIfSchemaChanged();
+
+            string catalogName = $"{CollectionPrefix}{name}";
+            if (_catalog.GetTable(catalogName) is null)
+            {
+                throw new CSharpDbException(
+                    ErrorCode.TableNotFound,
+                    $"Collection '{name}' not found.");
+            }
+
+            PagerCommitResult commit = PagerCommitResult.Completed;
+            bool completeCommit = false;
+            bool needsTx = !_inTransaction;
+            if (needsTx)
+                await _pager.BeginTransactionAsync(ct);
+
+            try
+            {
+                await _catalog.DropTableAsync(catalogName, ct);
+                _pendingCollectionCatalogMutations.Remove(catalogName);
+                RemoveCachedCollection(catalogName);
+                _statementCache.Clear();
+                _observedSchemaVersion = _catalog.SchemaVersion;
+
+                if (needsTx)
+                {
+                    commit = await BeginCommitWithCatalogSyncAsync(ct);
+                    completeCommit = true;
+                    writeScope?.Dispose();
+                    writeScope = WriteOperationScope.NoOp;
+                }
+            }
+            catch
+            {
+                if (needsTx)
+                    await RecoverCatalogStateAfterFailedCommitAsync();
+                throw;
+            }
+
+            if (completeCommit)
+            {
+                await WaitForCommitOrRecoverAsync(commit);
+                await PersistHybridStateAsync(HybridPersistenceTriggers.Commit, ct);
+            }
+        }
+        finally
+        {
+            writeScope?.Dispose();
+        }
+    }
+
     private Statement ParseCached(string sql) =>
         _statementCache.GetOrAdd(
             sql,
@@ -1845,6 +1925,7 @@ public sealed class ReaderSession : IDisposable
         private readonly SchemaCatalog _catalog;
         private readonly IRecordSerializer _recordSerializer;
         private readonly IRecordSerializer? _collectionReadSerializer;
+        private readonly DbFunctionRegistry _functions;
         private readonly Func<ValueTask> _releaseActiveQueryCallback;
         private readonly StatementCache _statementCache;
         private readonly WalSnapshot _snapshot;
@@ -1862,6 +1943,7 @@ internal ReaderSession(
             IRecordSerializer recordSerializer,
             WalSnapshot snapshot,
             StatementCache statementCache,
+            DbFunctionRegistry functions,
             IReadOnlyDictionary<string, long> snapshotRowCounts)
         {
             _pager = pager;
@@ -1870,6 +1952,7 @@ internal ReaderSession(
             _collectionReadSerializer = recordSerializer is DefaultRecordSerializer
                 ? new CollectionAwareRecordSerializer(recordSerializer)
                 : null;
+            _functions = functions;
             _releaseActiveQueryCallback = ReleaseActiveQueryAsync;
             _statementCache = statementCache;
             _snapshot = snapshot;
@@ -1944,7 +2027,7 @@ public ValueTask<QueryResult> ExecuteReadAsync(Statement stmt, CancellationToken
                     }
                 }
 
-                _planner ??= new QueryPlanner(GetOrCreateSnapshotPager(), _catalog, _recordSerializer);
+                _planner ??= new QueryPlanner(GetOrCreateSnapshotPager(), _catalog, _recordSerializer, functions: _functions);
                 ValueTask<QueryResult> plannerTask = _planner.ExecuteAsync(stmt, ct);
                 if (plannerTask.IsCompletedSuccessfully)
                 {
@@ -1992,7 +2075,7 @@ private async ValueTask<QueryResult> CompleteReadWithPrimaryKeyFastPathAsync(
                     return fastLookupResult;
                 }
 
-                _planner ??= new QueryPlanner(GetOrCreateSnapshotPager(), _catalog, _recordSerializer);
+                _planner ??= new QueryPlanner(GetOrCreateSnapshotPager(), _catalog, _recordSerializer, functions: _functions);
                 QueryResult plannerResult = await _planner.ExecuteAsync(stmt, ct);
                 plannerResult.SetDisposeCallback(_releaseActiveQueryCallback);
                 return plannerResult;
diff --git a/src/CSharpDB.Engine/DatabaseOptions.cs b/src/CSharpDB.Engine/DatabaseOptions.cs
index 1378d98f..36304f59 100644
--- a/src/CSharpDB.Engine/DatabaseOptions.cs
+++ b/src/CSharpDB.Engine/DatabaseOptions.cs
@@ -1,4 +1,6 @@
 
+using CSharpDB.Primitives;
+
 namespace CSharpDB.Engine;
 
 /// <summary>
@@ -16,6 +18,11 @@ public sealed class DatabaseOptions
     /// </summary>
     public ImplicitInsertExecutionMode ImplicitInsertExecutionMode { get; init; } = ImplicitInsertExecutionMode.Serialized;
 
+    /// <summary>
+    /// Trusted in-process scalar functions available to SQL and embedded expression surfaces.
+    /// </summary>
+    public DbFunctionRegistry Functions { get; init; } = DbFunctionRegistry.Empty;
+
     /// <summary>
     /// Factory used to compose storage engine components.
     /// </summary>
diff --git a/src/CSharpDB.Engine/DatabaseOptionsExtensions.cs b/src/CSharpDB.Engine/DatabaseOptionsExtensions.cs
index 317aabd5..11988a5e 100644
--- a/src/CSharpDB.Engine/DatabaseOptionsExtensions.cs
+++ b/src/CSharpDB.Engine/DatabaseOptionsExtensions.cs
@@ -1,3 +1,4 @@
+using CSharpDB.Primitives;
 using CSharpDB.Storage.StorageEngine;
 
 namespace CSharpDB.Engine;
@@ -16,9 +17,29 @@ public static DatabaseOptions ConfigureStorageEngine(
 
         return new DatabaseOptions
         {
+            Functions = options.Functions,
             ImplicitInsertExecutionMode = options.ImplicitInsertExecutionMode,
             StorageEngineFactory = options.StorageEngineFactory,
             StorageEngineOptions = options.StorageEngineOptions.Configure(configure),
         };
     }
+
+    /// <summary>
+    /// Registers trusted in-process scalar functions and returns a new DatabaseOptions instance.
+    /// </summary>
+    public static DatabaseOptions ConfigureFunctions(
+        this DatabaseOptions options,
+        Action<DbFunctionRegistryBuilder> configure)
+    {
+        ArgumentNullException.ThrowIfNull(options);
+        ArgumentNullException.ThrowIfNull(configure);
+
+        return new DatabaseOptions
+        {
+            Functions = DbFunctionRegistry.Create(configure),
+            ImplicitInsertExecutionMode = options.ImplicitInsertExecutionMode,
+            StorageEngineFactory = options.StorageEngineFactory,
+            StorageEngineOptions = options.StorageEngineOptions,
+        };
+    }
 }
diff --git a/src/CSharpDB.Execution/ExpressionCompiler.cs b/src/CSharpDB.Execution/ExpressionCompiler.cs
index 928b4f69..1ad9d555 100644
--- a/src/CSharpDB.Execution/ExpressionCompiler.cs
+++ b/src/CSharpDB.Execution/ExpressionCompiler.cs
@@ -12,13 +12,13 @@ namespace CSharpDB.Execution;
 /// </summary>
 internal static class ExpressionCompiler
 {
-    public static Func<DbValue[], DbValue> Compile(Expression expr, TableSchema schema)
+    public static Func<DbValue[], DbValue> Compile(Expression expr, TableSchema schema, DbFunctionRegistry? functions = null)
     {
-        var spanEvaluator = CompileSpan(expr, schema);
+        var spanEvaluator = CompileSpan(expr, schema, functions);
         return row => spanEvaluator(row);
     }
 
-    public static SpanExpressionEvaluator CompileSpan(Expression expr, TableSchema schema)
+    public static SpanExpressionEvaluator CompileSpan(Expression expr, TableSchema schema, DbFunctionRegistry? functions = null)
     {
         var evaluator = CompileMappedCore(
             expr,
@@ -26,20 +26,22 @@ public static SpanExpressionEvaluator CompileSpan(Expression expr, TableSchema s
             leftColumnCount: schema.Columns.Count,
             leftColumnMap: null,
             rightColumnMap: null,
-            singleRowOnly: true);
+            singleRowOnly: true,
+            functions: functions);
         return row => evaluator(row, default);
     }
 
-    public static JoinSpanExpressionEvaluator CompileJoinSpan(Expression expr, TableSchema schema, int leftColumnCount)
-        => CompileJoinSpan(expr, schema, leftColumnCount, leftColumnMap: null, rightColumnMap: null);
+    public static JoinSpanExpressionEvaluator CompileJoinSpan(Expression expr, TableSchema schema, int leftColumnCount, DbFunctionRegistry? functions = null)
+        => CompileJoinSpan(expr, schema, leftColumnCount, leftColumnMap: null, rightColumnMap: null, functions: functions);
 
     public static JoinSpanExpressionEvaluator CompileJoinSpan(
         Expression expr,
         TableSchema schema,
         int leftColumnCount,
         int[]? leftColumnMap,
-        int[]? rightColumnMap)
-        => CompileMappedCore(expr, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly: false);
+        int[]? rightColumnMap,
+        DbFunctionRegistry? functions = null)
+        => CompileMappedCore(expr, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly: false, functions: functions);
 
     /// <summary>
     /// Shared compiler for row spans and join spans. Single-row mode treats the left span
@@ -52,22 +54,23 @@ private static JoinSpanExpressionEvaluator CompileMappedCore(
         int leftColumnCount,
         int[]? leftColumnMap,
         int[]? rightColumnMap,
-        bool singleRowOnly)
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
     {
         return expr switch
         {
             LiteralExpression lit => CompileMappedLiteral(lit),
             ParameterExpression param => CompileMappedParameter(param),
             ColumnRefExpression col => CompileMappedColumn(col, schema, leftColumnCount, leftColumnMap, rightColumnMap),
-            BinaryExpression bin => CompileMappedBinary(bin, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
-            UnaryExpression un => CompileMappedUnary(un, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
-            CollateExpression collate => CompileMappedCore(collate.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
-            FunctionCallExpression func => CompileMappedFunction(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
-            LikeExpression like => CompileMappedLike(like, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
-            InExpression inExpr => CompileMappedIn(inExpr, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
-            BetweenExpression between => CompileMappedBetween(between, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
-            IsNullExpression isNull => CompileMappedIsNull(isNull, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
-            _ => CompileMappedFallback(expr, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
+            BinaryExpression bin => CompileMappedBinary(bin, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
+            UnaryExpression un => CompileMappedUnary(un, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
+            CollateExpression collate => CompileMappedCore(collate.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
+            FunctionCallExpression func => CompileMappedFunction(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
+            LikeExpression like => CompileMappedLike(like, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
+            InExpression inExpr => CompileMappedIn(inExpr, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
+            BetweenExpression between => CompileMappedBetween(between, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
+            IsNullExpression isNull => CompileMappedIsNull(isNull, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
+            _ => CompileMappedFallback(expr, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
         };
     }
 
@@ -108,10 +111,11 @@ private static JoinSpanExpressionEvaluator CompileMappedBinary(
         int leftColumnCount,
         int[]? leftColumnMap,
         int[]? rightColumnMap,
-        bool singleRowOnly)
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
     {
-        var left = CompileMappedCore(bin.Left, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
-        var right = CompileMappedCore(bin.Right, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
+        var left = CompileMappedCore(bin.Left, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
+        var right = CompileMappedCore(bin.Right, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
         string? collation = CollationSupport.ResolveComparisonCollation(bin.Left, bin.Right, schema);
 
         return (leftRow, rightRow) =>
@@ -148,9 +152,10 @@ private static JoinSpanExpressionEvaluator CompileMappedUnary(
         int leftColumnCount,
         int[]? leftColumnMap,
         int[]? rightColumnMap,
-        bool singleRowOnly)
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
     {
-        var operand = CompileMappedCore(un.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
+        var operand = CompileMappedCore(un.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
 
         return (leftRow, rightRow) =>
         {
@@ -175,16 +180,17 @@ private static JoinSpanExpressionEvaluator CompileMappedFunction(
         int leftColumnCount,
         int[]? leftColumnMap,
         int[]? rightColumnMap,
-        bool singleRowOnly)
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
     {
         string functionName = func.FunctionName.ToUpperInvariant();
         if (ScalarFunctionEvaluator.IsAggregateFunction(functionName))
-            return CompileMappedFallback(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
+            return CompileMappedFallback(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
 
         return functionName switch
         {
-            "TEXT" => CompileMappedTextFunction(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
-            _ => CompileMappedFallback(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly),
+            "TEXT" => CompileMappedTextFunction(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
+            _ => CompileMappedUserFunction(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions),
         };
     }
 
@@ -194,27 +200,55 @@ private static JoinSpanExpressionEvaluator CompileMappedTextFunction(
         int leftColumnCount,
         int[]? leftColumnMap,
         int[]? rightColumnMap,
-        bool singleRowOnly)
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
     {
         if (func.IsStarArg || func.IsDistinct || func.Arguments.Count != 1)
-            return CompileMappedFallback(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
+            return CompileMappedFallback(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
 
-        var argumentEvaluator = CompileMappedCore(func.Arguments[0], schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
+        var argumentEvaluator = CompileMappedCore(func.Arguments[0], schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
         return (leftRow, rightRow) => ScalarFunctionEvaluator.EvaluateTextValue(argumentEvaluator(leftRow, rightRow));
     }
 
+    private static JoinSpanExpressionEvaluator CompileMappedUserFunction(
+        FunctionCallExpression func,
+        TableSchema schema,
+        int leftColumnCount,
+        int[]? leftColumnMap,
+        int[]? rightColumnMap,
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
+    {
+        if (func.IsStarArg || func.IsDistinct)
+            return CompileMappedFallback(func, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
+
+        var argumentEvaluators = new JoinSpanExpressionEvaluator[func.Arguments.Count];
+        for (int i = 0; i < argumentEvaluators.Length; i++)
+            argumentEvaluators[i] = CompileMappedCore(func.Arguments[i], schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
+
+        return (leftRow, rightRow) =>
+        {
+            var arguments = new DbValue[argumentEvaluators.Length];
+            for (int i = 0; i < argumentEvaluators.Length; i++)
+                arguments[i] = argumentEvaluators[i](leftRow, rightRow);
+
+            return ScalarFunctionEvaluator.Evaluate(func, arguments, functions);
+        };
+    }
+
     private static JoinSpanExpressionEvaluator CompileMappedLike(
         LikeExpression like,
         TableSchema schema,
         int leftColumnCount,
         int[]? leftColumnMap,
         int[]? rightColumnMap,
-        bool singleRowOnly)
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
     {
-        var operandEval = CompileMappedCore(like.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
-        var patternEval = CompileMappedCore(like.Pattern, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
+        var operandEval = CompileMappedCore(like.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
+        var patternEval = CompileMappedCore(like.Pattern, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
         var escapeEval = like.EscapeChar != null
-            ? CompileMappedCore(like.EscapeChar, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly)
+            ? CompileMappedCore(like.EscapeChar, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions)
             : null;
 
         return (leftRow, rightRow) =>
@@ -247,12 +281,13 @@ private static JoinSpanExpressionEvaluator CompileMappedIn(
         int leftColumnCount,
         int[]? leftColumnMap,
         int[]? rightColumnMap,
-        bool singleRowOnly)
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
     {
-        var operandEval = CompileMappedCore(inExpr.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
+        var operandEval = CompileMappedCore(inExpr.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
         var valueEvals = new JoinSpanExpressionEvaluator[inExpr.Values.Count];
         for (int i = 0; i < inExpr.Values.Count; i++)
-            valueEvals[i] = CompileMappedCore(inExpr.Values[i], schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
+            valueEvals[i] = CompileMappedCore(inExpr.Values[i], schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
         string? collation = CollationSupport.ResolveExpressionCollation(inExpr.Operand, schema);
 
         return (leftRow, rightRow) =>
@@ -293,11 +328,12 @@ private static JoinSpanExpressionEvaluator CompileMappedBetween(
         int leftColumnCount,
         int[]? leftColumnMap,
         int[]? rightColumnMap,
-        bool singleRowOnly)
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
     {
-        var operandEval = CompileMappedCore(between.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
-        var lowEval = CompileMappedCore(between.Low, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
-        var highEval = CompileMappedCore(between.High, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
+        var operandEval = CompileMappedCore(between.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
+        var lowEval = CompileMappedCore(between.Low, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
+        var highEval = CompileMappedCore(between.High, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
         string? collation = CollationSupport.ResolveExpressionCollation(between.Operand, schema);
 
         return (leftRow, rightRow) =>
@@ -321,9 +357,10 @@ private static JoinSpanExpressionEvaluator CompileMappedIsNull(
         int leftColumnCount,
         int[]? leftColumnMap,
         int[]? rightColumnMap,
-        bool singleRowOnly)
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
     {
-        var operandEval = CompileMappedCore(isNull.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly);
+        var operandEval = CompileMappedCore(isNull.Operand, schema, leftColumnCount, leftColumnMap, rightColumnMap, singleRowOnly, functions);
         return (leftRow, rightRow) =>
         {
             var operand = operandEval(leftRow, rightRow);
@@ -338,7 +375,8 @@ private static JoinSpanExpressionEvaluator CompileMappedFallback(
         int leftColumnCount,
         int[]? leftColumnMap,
         int[]? rightColumnMap,
-        bool singleRowOnly)
+        bool singleRowOnly,
+        DbFunctionRegistry? functions)
     {
         return (leftRow, rightRow) =>
         {
@@ -350,7 +388,7 @@ private static JoinSpanExpressionEvaluator CompileMappedFallback(
                 leftColumnMap,
                 rightColumnMap,
                 singleRowOnly);
-            return ExpressionEvaluator.Evaluate(expr, materializedRow, schema);
+            return ExpressionEvaluator.Evaluate(expr, materializedRow, schema, functions);
         };
     }
 
diff --git a/src/CSharpDB.Execution/ExpressionEvaluator.cs b/src/CSharpDB.Execution/ExpressionEvaluator.cs
index f12dbb7d..e41bea6e 100644
--- a/src/CSharpDB.Execution/ExpressionEvaluator.cs
+++ b/src/CSharpDB.Execution/ExpressionEvaluator.cs
@@ -6,23 +6,29 @@ namespace CSharpDB.Execution;
 public static class ExpressionEvaluator
 {
     public static DbValue Evaluate(Expression expr, DbValue[] row, TableSchema schema)
-        => Evaluate(expr, row.AsSpan(), schema);
+        => Evaluate(expr, row.AsSpan(), schema, DbFunctionRegistry.Empty);
+
+    public static DbValue Evaluate(Expression expr, DbValue[] row, TableSchema schema, DbFunctionRegistry? functions)
+        => Evaluate(expr, row.AsSpan(), schema, functions);
 
     public static DbValue Evaluate(Expression expr, ReadOnlySpan<DbValue> row, TableSchema schema)
+        => Evaluate(expr, row, schema, DbFunctionRegistry.Empty);
+
+    public static DbValue Evaluate(Expression expr, ReadOnlySpan<DbValue> row, TableSchema schema, DbFunctionRegistry? functions)
     {
         return expr switch
         {
             LiteralExpression lit => EvalLiteral(lit),
             ParameterExpression param => EvalParameter(param),
             ColumnRefExpression col => EvalColumn(col, row, schema),
-            BinaryExpression bin => EvalBinary(bin, row, schema),
-            UnaryExpression un => EvalUnary(un, row, schema),
-            CollateExpression collate => Evaluate(collate.Operand, row, schema),
-            FunctionCallExpression func => EvalFunction(func, row, schema),
-            LikeExpression like => EvalLike(like, row, schema),
-            InExpression inExpr => EvalIn(inExpr, row, schema),
-            BetweenExpression bet => EvalBetween(bet, row, schema),
-            IsNullExpression isNull => EvalIsNull(isNull, row, schema),
+            BinaryExpression bin => EvalBinary(bin, row, schema, functions),
+            UnaryExpression un => EvalUnary(un, row, schema, functions),
+            CollateExpression collate => Evaluate(collate.Operand, row, schema, functions),
+            FunctionCallExpression func => EvalFunction(func, row, schema, functions),
+            LikeExpression like => EvalLike(like, row, schema, functions),
+            InExpression inExpr => EvalIn(inExpr, row, schema, functions),
+            BetweenExpression bet => EvalBetween(bet, row, schema, functions),
+            IsNullExpression isNull => EvalIsNull(isNull, row, schema, functions),
             _ => throw new CSharpDbException(ErrorCode.Unknown, $"Unknown expression type: {expr.GetType().Name}"),
         };
     }
@@ -63,10 +69,10 @@ private static DbValue EvalColumn(ColumnRefExpression col, ReadOnlySpan<DbValue>
         return idx < row.Length ? row[idx] : DbValue.Null;
     }
 
-    private static DbValue EvalBinary(BinaryExpression bin, ReadOnlySpan<DbValue> row, TableSchema schema)
+    private static DbValue EvalBinary(BinaryExpression bin, ReadOnlySpan<DbValue> row, TableSchema schema, DbFunctionRegistry? functions)
     {
-        var left = Evaluate(bin.Left, row, schema);
-        var right = Evaluate(bin.Right, row, schema);
+        var left = Evaluate(bin.Left, row, schema, functions);
+        var right = Evaluate(bin.Right, row, schema, functions);
         string? collation = CollationSupport.ResolveComparisonCollation(bin.Left, bin.Right, schema);
 
         return bin.Op switch
@@ -87,9 +93,9 @@ private static DbValue EvalBinary(BinaryExpression bin, ReadOnlySpan<DbValue> ro
         };
     }
 
-    private static DbValue EvalUnary(UnaryExpression un, ReadOnlySpan<DbValue> row, TableSchema schema)
+    private static DbValue EvalUnary(UnaryExpression un, ReadOnlySpan<DbValue> row, TableSchema schema, DbFunctionRegistry? functions)
     {
-        var operand = Evaluate(un.Operand, row, schema);
+        var operand = Evaluate(un.Operand, row, schema, functions);
         return un.Op switch
         {
             TokenType.Not => BoolToDb(!operand.IsTruthy),
@@ -103,17 +109,17 @@ private static DbValue EvalUnary(UnaryExpression un, ReadOnlySpan<DbValue> row,
         };
     }
 
-    private static DbValue EvalFunction(FunctionCallExpression func, ReadOnlySpan<DbValue> row, TableSchema schema)
+    private static DbValue EvalFunction(FunctionCallExpression func, ReadOnlySpan<DbValue> row, TableSchema schema, DbFunctionRegistry? functions)
     {
         string functionName = func.FunctionName.ToUpperInvariant();
         if (ScalarFunctionEvaluator.IsAggregateFunction(functionName))
             throw new CSharpDbException(ErrorCode.Unknown, $"Aggregate function '{func.FunctionName}' requires aggregate context.");
 
-        return functionName switch
-        {
-            "TEXT" => EvalTextFunction(func, row, schema),
-            _ => throw new CSharpDbException(ErrorCode.Unknown, $"Unknown scalar function: {func.FunctionName}"),
-        };
+        var materializedRow = row.ToArray();
+        return ScalarFunctionEvaluator.Evaluate(
+            func,
+            arg => Evaluate(arg, materializedRow, schema, functions),
+            functions);
     }
 
     private static DbValue BoolToDb(bool value) => DbValue.FromInteger(value ? 1 : 0);
@@ -135,24 +141,16 @@ private static DbValue ArithmeticOp(DbValue left, DbValue right,
     private static Exception DivZero() =>
         new CSharpDbException(ErrorCode.Unknown, "Division by zero.");
 
-    private static DbValue EvalTextFunction(FunctionCallExpression func, ReadOnlySpan<DbValue> row, TableSchema schema)
-    {
-        if (func.IsStarArg || func.IsDistinct || func.Arguments.Count != 1)
-            throw new CSharpDbException(ErrorCode.SyntaxError, "TEXT() requires exactly one argument.");
-
-        return ScalarFunctionEvaluator.EvaluateTextValue(Evaluate(func.Arguments[0], row, schema));
-    }
-
-    private static DbValue EvalLike(LikeExpression like, ReadOnlySpan<DbValue> row, TableSchema schema)
+    private static DbValue EvalLike(LikeExpression like, ReadOnlySpan<DbValue> row, TableSchema schema, DbFunctionRegistry? functions)
     {
-        var operand = Evaluate(like.Operand, row, schema);
-        var pattern = Evaluate(like.Pattern, row, schema);
+        var operand = Evaluate(like.Operand, row, schema, functions);
+        var pattern = Evaluate(like.Pattern, row, schema, functions);
         if (operand.IsNull || pattern.IsNull) return DbValue.Null;
 
         char? escape = null;
         if (like.EscapeChar != null)
         {
-            var esc = Evaluate(like.EscapeChar, row, schema);
+            var esc = Evaluate(like.EscapeChar, row, schema, functions);
             if (!esc.IsNull)
             {
                 string escStr = esc.AsText;
@@ -164,9 +162,9 @@ private static DbValue EvalLike(LikeExpression like, ReadOnlySpan<DbValue> row,
         return BoolToDb(like.Negated ? !match : match);
     }
 
-    private static DbValue EvalIn(InExpression inExpr, ReadOnlySpan<DbValue> row, TableSchema schema)
+    private static DbValue EvalIn(InExpression inExpr, ReadOnlySpan<DbValue> row, TableSchema schema, DbFunctionRegistry? functions)
     {
-        var operand = Evaluate(inExpr.Operand, row, schema);
+        var operand = Evaluate(inExpr.Operand, row, schema, functions);
         if (operand.IsNull) return DbValue.Null;
 
         string? collation = CollationSupport.ResolveExpressionCollation(inExpr.Operand, schema);
@@ -174,7 +172,7 @@ private static DbValue EvalIn(InExpression inExpr, ReadOnlySpan<DbValue> row, Ta
         bool hasNull = false;
         foreach (var valExpr in inExpr.Values)
         {
-            var val = Evaluate(valExpr, row, schema);
+            var val = Evaluate(valExpr, row, schema, functions);
             if (val.IsNull) { hasNull = true; continue; }
             if (CollationSupport.Compare(operand, val, collation) == 0) { found = true; break; }
         }
@@ -184,11 +182,11 @@ private static DbValue EvalIn(InExpression inExpr, ReadOnlySpan<DbValue> row, Ta
         return BoolToDb(inExpr.Negated);
     }
 
-    private static DbValue EvalBetween(BetweenExpression bet, ReadOnlySpan<DbValue> row, TableSchema schema)
+    private static DbValue EvalBetween(BetweenExpression bet, ReadOnlySpan<DbValue> row, TableSchema schema, DbFunctionRegistry? functions)
     {
-        var operand = Evaluate(bet.Operand, row, schema);
-        var low = Evaluate(bet.Low, row, schema);
-        var high = Evaluate(bet.High, row, schema);
+        var operand = Evaluate(bet.Operand, row, schema, functions);
+        var low = Evaluate(bet.Low, row, schema, functions);
+        var high = Evaluate(bet.High, row, schema, functions);
         if (operand.IsNull || low.IsNull || high.IsNull) return DbValue.Null;
 
         string? collation = CollationSupport.ResolveExpressionCollation(bet.Operand, schema);
@@ -197,9 +195,9 @@ private static DbValue EvalBetween(BetweenExpression bet, ReadOnlySpan<DbValue>
         return BoolToDb(bet.Negated ? !inRange : inRange);
     }
 
-    private static DbValue EvalIsNull(IsNullExpression isNull, ReadOnlySpan<DbValue> row, TableSchema schema)
+    private static DbValue EvalIsNull(IsNullExpression isNull, ReadOnlySpan<DbValue> row, TableSchema schema, DbFunctionRegistry? functions)
     {
-        var operand = Evaluate(isNull.Operand, row, schema);
+        var operand = Evaluate(isNull.Operand, row, schema, functions);
         bool result = operand.IsNull;
         return BoolToDb(isNull.Negated ? !result : result);
     }
diff --git a/src/CSharpDB.Execution/Operators.cs b/src/CSharpDB.Execution/Operators.cs
index 02d8fe94..b85e160a 100644
--- a/src/CSharpDB.Execution/Operators.cs
+++ b/src/CSharpDB.Execution/Operators.cs
@@ -817,8 +817,8 @@ public sealed class FilterOperator : IOperator, IBatchOperator, IRowBufferReuseC
     public DbValue[] Current => _source.Current;
     IOperator IUnaryOperatorSource.Source => _source;
 
-    public FilterOperator(IOperator source, Expression predicate, TableSchema schema)
-        : this(source, ExpressionCompiler.CompileSpan(predicate, schema))
+    public FilterOperator(IOperator source, Expression predicate, TableSchema schema, DbFunctionRegistry? functions = null)
+        : this(source, ExpressionCompiler.CompileSpan(predicate, schema, functions))
     {
     }
 
@@ -1042,7 +1042,13 @@ public sealed class ProjectionOperator : IOperator, IBatchOperator, IRowBufferRe
     public DbValue[] Current { get; private set; } = Array.Empty<DbValue>();
     IOperator IUnaryOperatorSource.Source => _source;
 
-    public ProjectionOperator(IOperator source, int[] columnIndices, ColumnDefinition[] outputSchema, TableSchema schema, Expression[]? expressions = null)
+    public ProjectionOperator(
+        IOperator source,
+        int[] columnIndices,
+        ColumnDefinition[] outputSchema,
+        TableSchema schema,
+        Expression[]? expressions = null,
+        DbFunctionRegistry? functions = null)
     {
         _source = source;
         _columnIndices = columnIndices;
@@ -1050,7 +1056,7 @@ public ProjectionOperator(IOperator source, int[] columnIndices, ColumnDefinitio
         {
             _spanExpressionEvaluators = new SpanExpressionEvaluator[expressions.Length];
             for (int i = 0; i < expressions.Length; i++)
-                _spanExpressionEvaluators[i] = ExpressionCompiler.CompileSpan(expressions[i], schema);
+                _spanExpressionEvaluators[i] = ExpressionCompiler.CompileSpan(expressions[i], schema, functions);
         }
         OutputSchema = outputSchema;
     }
@@ -3615,6 +3621,7 @@ public SimpleGroupedBatchKeyPlan(BatchProjectionTerm[] groupKeyTerms)
     private readonly List<Expression>? _groupByExprs;
     private readonly Expression? _havingExpr;
     private readonly TableSchema _inputSchema;
+    private readonly DbFunctionRegistry _functions;
     private readonly List<FunctionCallExpression> _aggregateFunctions = new();
     private readonly Dictionary<FunctionCallExpression, int> _aggregateIndices = new();
     private readonly SpanExpressionEvaluator[]? _groupByEvaluators;
@@ -3638,17 +3645,19 @@ public HashAggregateOperator(
         List<Expression>? groupByExprs,
         Expression? havingExpr,
         TableSchema inputSchema,
-        ColumnDefinition[] outputSchema)
+        ColumnDefinition[] outputSchema,
+        DbFunctionRegistry? functions = null)
     {
         _source = source;
         _selectColumns = selectColumns;
         _groupByExprs = groupByExprs;
         _havingExpr = havingExpr;
         _inputSchema = inputSchema;
+        _functions = functions ?? DbFunctionRegistry.Empty;
         OutputSchema = outputSchema;
         if (_groupByExprs is { Count: > 0 })
         {
-            _groupByEvaluators = BuildGroupByEvaluators(_groupByExprs, _inputSchema);
+            _groupByEvaluators = BuildGroupByEvaluators(_groupByExprs, _inputSchema, _functions);
             _groupByIsConstant = _groupByExprs.All(e => e is LiteralExpression);
         }
 
@@ -4175,7 +4184,7 @@ private AggregateState[] CreateAggregateStates()
     {
         var states = new AggregateState[_aggregateFunctions.Count];
         for (int i = 0; i < states.Length; i++)
-            states[i] = new AggregateState(_aggregateFunctions[i], _inputSchema);
+            states[i] = new AggregateState(_aggregateFunctions[i], _inputSchema, _functions);
         return states;
     }
 
@@ -4216,17 +4225,17 @@ private GroupKey BuildGroupKey(ReadOnlySpan<DbValue> row)
         return new GroupKey(values, hash.ToHashCode());
     }
 
-    private static SpanExpressionEvaluator[] BuildGroupByEvaluators(List<Expression> expressions, TableSchema schema)
+    private static SpanExpressionEvaluator[] BuildGroupByEvaluators(List<Expression> expressions, TableSchema schema, DbFunctionRegistry functions)
     {
         var evaluators = new SpanExpressionEvaluator[expressions.Count];
         for (int i = 0; i < expressions.Count; i++)
-            evaluators[i] = BuildGroupByEvaluator(expressions[i], schema);
+            evaluators[i] = BuildGroupByEvaluator(expressions[i], schema, functions);
         return evaluators;
     }
 
-    private static SpanExpressionEvaluator BuildGroupByEvaluator(Expression expr, TableSchema schema)
+    private static SpanExpressionEvaluator BuildGroupByEvaluator(Expression expr, TableSchema schema, DbFunctionRegistry functions)
     {
-        return ExpressionCompiler.CompileSpan(expr, schema);
+        return ExpressionCompiler.CompileSpan(expr, schema, functions);
     }
 
     private static Func<DbValue[], DbValue> BuildColumnEvaluator(ColumnRefExpression col, TableSchema schema)
@@ -4273,12 +4282,12 @@ private DbValue EvalWithAggregates(Expression expr, GroupState group)
         {
             FunctionCallExpression func => ScalarFunctionEvaluator.IsAggregateFunction(func.FunctionName)
                 ? EvaluateAggregate(func, group)
-                : ScalarFunctionEvaluator.Evaluate(func, arg => EvalWithAggregates(arg, group)),
+                : ScalarFunctionEvaluator.Evaluate(func, arg => EvalWithAggregates(arg, group), _functions),
             BinaryExpression bin => EvalBinaryWithAgg(bin, group),
             UnaryExpression un => EvalUnaryWithAgg(un, group),
             CollateExpression collate => EvalWithAggregates(collate.Operand, group),
             _ => group.FirstRow != null
-                ? ExpressionEvaluator.Evaluate(expr, group.FirstRow, _inputSchema)
+                ? ExpressionEvaluator.Evaluate(expr, group.FirstRow, _inputSchema, _functions)
                 : DbValue.Null,
         };
     }
@@ -4415,10 +4424,10 @@ private sealed class AggregateState
         private bool _hasAny;
         private DbValue? _best;
 
-        public AggregateState(FunctionCallExpression func, TableSchema schema)
+        public AggregateState(FunctionCallExpression func, TableSchema schema, DbFunctionRegistry functions)
         {
             _name = func.FunctionName;
-            _argumentEvaluator = BuildAggregateArgumentEvaluator(func, schema);
+            _argumentEvaluator = BuildAggregateArgumentEvaluator(func, schema, functions);
             _isDistinct = func.IsDistinct;
             _isStarArg = func.IsStarArg;
             _directColumnIndex = TryResolveDirectColumnIndex(func, schema);
@@ -4604,12 +4613,12 @@ private DbValue EvaluateArgument(ReadOnlySpan<DbValue> row, ref DbValue[]? rowBu
         private static DbValue GetValue(ReadOnlySpan<DbValue> row, int columnIndex)
             => (uint)columnIndex < (uint)row.Length ? row[columnIndex] : DbValue.Null;
 
-        private static SpanExpressionEvaluator? BuildAggregateArgumentEvaluator(FunctionCallExpression func, TableSchema schema)
+        private static SpanExpressionEvaluator? BuildAggregateArgumentEvaluator(FunctionCallExpression func, TableSchema schema, DbFunctionRegistry functions)
         {
             if (func.IsStarArg || func.Arguments.Count == 0)
                 return null;
 
-            return ExpressionCompiler.CompileSpan(func.Arguments[0], schema);
+            return ExpressionCompiler.CompileSpan(func.Arguments[0], schema, functions);
         }
 
         private static int TryResolveDirectColumnIndex(FunctionCallExpression func, TableSchema schema)
@@ -4721,6 +4730,7 @@ public sealed class ScalarAggregateOperator : IOperator, IEstimatedRowCountProvi
     private readonly List<SelectColumn> _selectColumns;
     private readonly Expression? _havingExpr;
     private readonly TableSchema _inputSchema;
+    private readonly DbFunctionRegistry _functions;
     private readonly Dictionary<FunctionCallExpression, AggregateState> _aggregateStates = new();
     private readonly List<FunctionCallExpression> _aggregateFunctions = new();
     private readonly AggregateState[] _aggregateStateList;
@@ -4739,12 +4749,14 @@ public ScalarAggregateOperator(
         List<SelectColumn> selectColumns,
         Expression? havingExpr,
         TableSchema inputSchema,
-        ColumnDefinition[] outputSchema)
+        ColumnDefinition[] outputSchema,
+        DbFunctionRegistry? functions = null)
     {
         _source = source;
         _selectColumns = selectColumns;
         _havingExpr = havingExpr;
         _inputSchema = inputSchema;
+        _functions = functions ?? DbFunctionRegistry.Empty;
         OutputSchema = outputSchema;
 
         foreach (var col in _selectColumns)
@@ -4760,7 +4772,7 @@ public ScalarAggregateOperator(
         for (int i = 0; i < _aggregateFunctions.Count; i++)
         {
             var func = _aggregateFunctions[i];
-            var state = new AggregateState(func, _inputSchema);
+            var state = new AggregateState(func, _inputSchema, _functions);
             _aggregateStateList[i] = state;
             _aggregateStates[func] = state;
         }
@@ -4900,7 +4912,7 @@ private void CollectAggregates(Expression expr)
                 {
                     if (!_aggregateStates.ContainsKey(func))
                     {
-                        _aggregateStates.Add(func, new AggregateState(func, _inputSchema));
+                        _aggregateStates.Add(func, new AggregateState(func, _inputSchema, _functions));
                         _aggregateFunctions.Add(func);
                     }
                 }
@@ -4929,12 +4941,12 @@ private DbValue EvalWithAggregates(Expression expr, DbValue[]? firstRow)
         {
             FunctionCallExpression func => ScalarFunctionEvaluator.IsAggregateFunction(func.FunctionName)
                 ? EvaluateAggregate(func)
-                : ScalarFunctionEvaluator.Evaluate(func, arg => EvalWithAggregates(arg, firstRow)),
+                : ScalarFunctionEvaluator.Evaluate(func, arg => EvalWithAggregates(arg, firstRow), _functions),
             BinaryExpression bin => EvalBinaryWithAgg(bin, firstRow),
             UnaryExpression un => EvalUnaryWithAgg(un, firstRow),
             CollateExpression collate => EvalWithAggregates(collate.Operand, firstRow),
             _ => firstRow != null
-                ? ExpressionEvaluator.Evaluate(expr, firstRow, _inputSchema)
+                ? ExpressionEvaluator.Evaluate(expr, firstRow, _inputSchema, _functions)
                 : DbValue.Null,
         };
     }
@@ -5009,10 +5021,10 @@ private sealed class AggregateState
         private bool _hasAny;
         private DbValue? _best;
 
-        public AggregateState(FunctionCallExpression func, TableSchema schema)
+        public AggregateState(FunctionCallExpression func, TableSchema schema, DbFunctionRegistry functions)
         {
             _name = func.FunctionName;
-            _argumentEvaluator = BuildAggregateArgumentEvaluator(func, schema);
+            _argumentEvaluator = BuildAggregateArgumentEvaluator(func, schema, functions);
             _isDistinct = func.IsDistinct;
             _isStarArg = func.IsStarArg;
             _directColumnIndex = TryResolveDirectColumnIndex(func, schema);
@@ -5139,12 +5151,12 @@ private DbValue EvaluateArgument(ReadOnlySpan<DbValue> row, ref DbValue[]? rowBu
             return _argumentEvaluator!(row);
         }
 
-        private static SpanExpressionEvaluator? BuildAggregateArgumentEvaluator(FunctionCallExpression func, TableSchema schema)
+        private static SpanExpressionEvaluator? BuildAggregateArgumentEvaluator(FunctionCallExpression func, TableSchema schema, DbFunctionRegistry functions)
         {
             if (func.IsStarArg || func.Arguments.Count == 0)
                 return null;
 
-            return ExpressionCompiler.CompileSpan(func.Arguments[0], schema);
+            return ExpressionCompiler.CompileSpan(func.Arguments[0], schema, functions);
         }
 
         private static int TryResolveDirectColumnIndex(FunctionCallExpression func, TableSchema schema)
@@ -5351,11 +5363,11 @@ public DbValue EvaluateSortKey(DbValue[] row)
     public DbValue[] Current { get; private set; } = Array.Empty<DbValue>();
     public int? EstimatedRowCount => _sortedRows?.Count ?? _lateMaterializedRowIds?.Length;
 
-    public SortOperator(IOperator source, List<OrderByClause> orderBy, TableSchema schema)
+    public SortOperator(IOperator source, List<OrderByClause> orderBy, TableSchema schema, DbFunctionRegistry? functions = null)
     {
         _source = source;
         _schema = schema;
-        _compiledOrderBy = CompileOrderBy(orderBy, schema, out _precomputedKeyCount);
+        _compiledOrderBy = CompileOrderBy(orderBy, schema, out _precomputedKeyCount, functions);
         if (_compiledOrderBy.Length == 1)
         {
             var clause = _compiledOrderBy[0];
@@ -5826,7 +5838,11 @@ private int CompareRowIndices(int aIndex, int bIndex)
         return 0;
     }
 
-    private static CompiledSortClause[] CompileOrderBy(List<OrderByClause> orderBy, TableSchema schema, out int precomputedKeyCount)
+    private static CompiledSortClause[] CompileOrderBy(
+        List<OrderByClause> orderBy,
+        TableSchema schema,
+        out int precomputedKeyCount,
+        DbFunctionRegistry? functions)
     {
         precomputedKeyCount = 0;
         var compiled = new CompiledSortClause[orderBy.Count];
@@ -5838,7 +5854,7 @@ private static CompiledSortClause[] CompileOrderBy(List<OrderByClause> orderBy,
             int keyIndex = columnIndex >= 0 ? -1 : precomputedKeyCount++;
             string? collation = CollationSupport.ResolveExpressionCollation(clause.Expression, schema);
             Func<DbValue[], DbValue>? keyEvaluator = keyIndex >= 0
-                ? ExpressionCompiler.Compile(clause.Expression, schema)
+                ? ExpressionCompiler.Compile(clause.Expression, schema, functions)
                 : null;
             compiled[i] = new CompiledSortClause(clause.Expression, columnIndex, keyIndex, clause.Descending, collation, keyEvaluator);
         }
@@ -6371,10 +6387,15 @@ public SingleKeyRowIdRankedRow(DbValue key, long rowId)
     public DbValue[] Current { get; private set; } = Array.Empty<DbValue>();
     public int? EstimatedRowCount => _topN;
 
-    public TopNSortOperator(IOperator source, List<OrderByClause> orderBy, TableSchema schema, int topN)
+    public TopNSortOperator(
+        IOperator source,
+        List<OrderByClause> orderBy,
+        TableSchema schema,
+        int topN,
+        DbFunctionRegistry? functions = null)
     {
         _source = source;
-        _compiledOrderBy = CompileOrderBy(orderBy, schema, out _precomputedKeyCount);
+        _compiledOrderBy = CompileOrderBy(orderBy, schema, out _precomputedKeyCount, functions);
         _singleComputedKeyClauseIndex = FindSingleComputedKeyClauseIndex(_compiledOrderBy, _precomputedKeyCount);
         _singleComputedKeyFastPath = _singleComputedKeyClauseIndex >= 0;
         _topN = Math.Max(0, topN);
@@ -6814,7 +6835,11 @@ private static RankedRow EnsureOwnedRow(RankedRow row, bool sourceReusesCurrentR
             : new RankedRow((DbValue[])row.Row.Clone(), row.Keys);
     }
 
-    private static CompiledSortClause[] CompileOrderBy(List<OrderByClause> orderBy, TableSchema schema, out int precomputedKeyCount)
+    private static CompiledSortClause[] CompileOrderBy(
+        List<OrderByClause> orderBy,
+        TableSchema schema,
+        out int precomputedKeyCount,
+        DbFunctionRegistry? functions)
     {
         precomputedKeyCount = 0;
         var compiled = new CompiledSortClause[orderBy.Count];
@@ -6831,7 +6856,7 @@ private static CompiledSortClause[] CompileOrderBy(List<OrderByClause> orderBy,
             int keyIndex = columnIndex >= 0 ? -1 : precomputedKeyCount++;
             string? collation = CollationSupport.ResolveExpressionCollation(clause.Expression, schema);
             Func<DbValue[], DbValue>? keyEvaluator = keyIndex >= 0
-                ? ExpressionCompiler.Compile(clause.Expression, schema)
+                ? ExpressionCompiler.Compile(clause.Expression, schema, functions)
                 : null;
             compiled[i] = new CompiledSortClause(
                 clause.Expression,
@@ -6970,6 +6995,7 @@ public sealed class HashJoinOperator : IOperator, IBatchOperator, IBatchBackedRo
     private readonly int[] _rightKeyIndices;
     private readonly Expression? _residualConditionExpression;
     private readonly TableSchema _compositeSchema;
+    private readonly DbFunctionRegistry _functions;
     private readonly JoinSpanExpressionEvaluator? _residualPredicate;
     private JoinSpanExpressionEvaluator? _compactedResidualPredicate;
     private readonly int _leftColCount;
@@ -7022,7 +7048,8 @@ public HashJoinOperator(
         int[] rightKeyIndices,
         bool buildRightSide = true,
         int? buildRowCapacityHint = null,
-        int? estimatedOutputRowCount = null)
+        int? estimatedOutputRowCount = null,
+        DbFunctionRegistry? functions = null)
     {
         _left = left;
         _right = right;
@@ -7032,8 +7059,9 @@ public HashJoinOperator(
         _rightKeyIndices = rightKeyIndices;
         _residualConditionExpression = residualCondition;
         _compositeSchema = compositeSchema;
+        _functions = functions ?? DbFunctionRegistry.Empty;
         _residualPredicate = residualCondition != null
-            ? ExpressionCompiler.CompileJoinSpan(residualCondition, compositeSchema, leftColCount)
+            ? ExpressionCompiler.CompileJoinSpan(residualCondition, compositeSchema, leftColCount, _functions)
             : null;
         _compactedResidualPredicate = null;
         _leftColCount = leftColCount;
@@ -7119,7 +7147,8 @@ public async ValueTask OpenAsync(CancellationToken ct = default)
                 _compositeSchema,
                 _leftColCount,
                 leftColumnMap: _buildRightSide ? null : _buildColumnToCompactIndexMap,
-                rightColumnMap: _buildRightSide ? _buildColumnToCompactIndexMap : null);
+                rightColumnMap: _buildRightSide ? _buildColumnToCompactIndexMap : null,
+                functions: _functions);
         }
 
         await ConsumeBuildRowsAsync(ct);
@@ -8615,7 +8644,8 @@ public IndexNestedLoopJoinOperator(
         Expression? residualCondition,
         TableSchema compositeSchema,
         IRecordSerializer? recordSerializer = null,
-        int? estimatedOutputRowCount = null)
+        int? estimatedOutputRowCount = null,
+        DbFunctionRegistry? functions = null)
     {
         _outer = outer;
         _innerTableTree = innerTableTree;
@@ -8628,7 +8658,7 @@ public IndexNestedLoopJoinOperator(
         _estimatedRowCount = estimatedOutputRowCount > 0 ? estimatedOutputRowCount : null;
         _residualConditionExpression = residualCondition;
         _residualPredicate = residualCondition != null
-            ? ExpressionCompiler.CompileJoinSpan(residualCondition, compositeSchema, leftColCount)
+            ? ExpressionCompiler.CompileJoinSpan(residualCondition, compositeSchema, leftColCount, functions)
             : null;
         _compositeSchema = compositeSchema;
         _recordSerializer = recordSerializer ?? new DefaultRecordSerializer();
@@ -9478,7 +9508,8 @@ internal HashedIndexNestedLoopJoinOperator(
         SqlIndexStorageMode storageMode = SqlIndexStorageMode.Hashed,
         bool usesOrderedTextPayload = false,
         IRecordSerializer? recordSerializer = null,
-        int? estimatedOutputRowCount = null)
+        int? estimatedOutputRowCount = null,
+        DbFunctionRegistry? functions = null)
     {
         _outer = outer;
         _innerTableTree = innerTableTree;
@@ -9494,7 +9525,7 @@ internal HashedIndexNestedLoopJoinOperator(
         _rightPrimaryKeyColumnIndex = rightPrimaryKeyColumnIndex;
         _estimatedRowCount = estimatedOutputRowCount > 0 ? estimatedOutputRowCount : null;
         _residualPredicate = residualCondition != null
-            ? ExpressionCompiler.CompileJoinSpan(residualCondition, compositeSchema, leftColCount)
+            ? ExpressionCompiler.CompileJoinSpan(residualCondition, compositeSchema, leftColCount, functions)
             : null;
         _recordSerializer = recordSerializer ?? new DefaultRecordSerializer();
         OutputSchema = compositeSchema.Columns as ColumnDefinition[] ?? compositeSchema.Columns.ToArray();
@@ -10481,14 +10512,15 @@ public NestedLoopJoinOperator(
         TableSchema compositeSchema,
         int leftColCount, int rightColCount,
         int? estimatedOutputRowCount = null,
-        int? rightRowCapacityHint = null)
+        int? rightRowCapacityHint = null,
+        DbFunctionRegistry? functions = null)
     {
         _left = left;
         _right = right;
         _joinType = joinType;
         _conditionExpression = condition;
         _conditionEvaluator = condition != null
-            ? ExpressionCompiler.CompileJoinSpan(condition, compositeSchema, leftColCount)
+            ? ExpressionCompiler.CompileJoinSpan(condition, compositeSchema, leftColCount, functions)
             : null;
         _compositeSchema = compositeSchema;
         _leftColCount = leftColCount;
diff --git a/src/CSharpDB.Execution/QueryPlanner.cs b/src/CSharpDB.Execution/QueryPlanner.cs
index 69de5b9d..90bc3821 100644
--- a/src/CSharpDB.Execution/QueryPlanner.cs
+++ b/src/CSharpDB.Execution/QueryPlanner.cs
@@ -203,6 +203,7 @@ public override int GetHashCode() =>
     private readonly SchemaCatalog _catalog;
     private readonly IRecordSerializer _recordSerializer;
     private readonly IRecordSerializer? _collectionReadSerializer;
+    private readonly DbFunctionRegistry _functions;
     private readonly Func<string, long?>? _tableRowCountProvider;
 
     /// <summary>
@@ -358,7 +359,8 @@ public QueryPlanner(
         Func<string, long?>? nextRowIdHintProvider = null,
         Func<string, long, long>? nextRowIdReservationProvider = null,
         Action<string, long>? nextRowIdObservationProvider = null,
-        bool useTransientNextRowIdHints = false)
+        bool useTransientNextRowIdHints = false,
+        DbFunctionRegistry? functions = null)
     {
         _pager = pager;
         _catalog = catalog;
@@ -366,6 +368,7 @@ public QueryPlanner(
         _collectionReadSerializer = _recordSerializer is DefaultRecordSerializer
             ? new CollectionAwareRecordSerializer(_recordSerializer)
             : null;
+        _functions = functions ?? DbFunctionRegistry.Empty;
         _tableRowCountProvider = tableRowCountProvider;
         _nextRowIdHintProvider = nextRowIdHintProvider;
         _nextRowIdReservationProvider = nextRowIdReservationProvider;
@@ -980,8 +983,11 @@ private static string SelectToSql(SelectStatement stmt)
         parts.Add(string.Join(", ", colParts));
 
         // FROM
-        parts.Add("FROM");
-        parts.Add(TableRefToSql(stmt.From));
+        if (stmt.From is not SingleRowTableRef)
+        {
+            parts.Add("FROM");
+            parts.Add(TableRefToSql(stmt.From));
+        }
 
         // WHERE
         if (stmt.Where != null)
@@ -1045,6 +1051,7 @@ private static void AppendOrderingAndPagination(
 
     private static string TableRefToSql(TableRef tableRef) => tableRef switch
     {
+        SingleRowTableRef => string.Empty,
         SimpleTableRef s => s.Alias != null ? $"{s.TableName} AS {s.Alias}" : s.TableName,
         JoinTableRef j => $"{TableRefToSql(j.Left)} {JoinTypeToSql(j.JoinType)} {TableRefToSql(j.Right)}"
                           + (j.Condition != null ? $" ON {ExprToSql(j.Condition)}" : ""),
@@ -1749,6 +1756,9 @@ private TableSchema ResolveCorrelationTableRefSchema(TableRef tableRef)
         TableSchema resolved;
         switch (tableRef)
         {
+            case SingleRowTableRef:
+                resolved = CreateSingleRowSchema();
+                break;
             case SimpleTableRef simple:
                 resolved = ResolveCorrelationSimpleTableSchema(simple);
                 break;
@@ -1852,6 +1862,14 @@ private static TableSchema CreateQualifiedSchema(
         };
     }
 
+    private static TableSchema CreateSingleRowSchema()
+        => new()
+        {
+            TableName = string.Empty,
+            Columns = Array.Empty<ColumnDefinition>(),
+            QualifiedMappings = new Dictionary<string, int>(StringComparer.OrdinalIgnoreCase),
+        };
+
     private TableSchema CreateQueryOutputScope(QueryStatement query)
         => new()
         {
@@ -2814,11 +2832,11 @@ private async ValueTask<QueryResult> ExecuteSelectWithCorrelatedSubqueriesAsync(
             var outputCols = BuildAggregateOutputSchema(stmt.Columns, sourceSchema);
             if (stmt.GroupBy is { Count: > 0 })
             {
-                op = new HashAggregateOperator(op, stmt.Columns, stmt.GroupBy, stmt.Having, sourceSchema, outputCols);
+                op = new HashAggregateOperator(op, stmt.Columns, stmt.GroupBy, stmt.Having, sourceSchema, outputCols, _functions);
             }
             else
             {
-                op = new ScalarAggregateOperator(op, stmt.Columns, stmt.Having, sourceSchema, outputCols);
+                op = new ScalarAggregateOperator(op, stmt.Columns, stmt.Having, sourceSchema, outputCols, _functions);
             }
 
             var aggregateSchema = new TableSchema
@@ -3038,11 +3056,11 @@ private async ValueTask<DbValue> EvaluateExpressionWithSubqueriesAsync(
         CancellationToken ct)
     {
         if (!ContainsSubqueries(expression))
-            return ExpressionEvaluator.Evaluate(expression, row, schema);
+            return ExpressionEvaluator.Evaluate(expression, row, schema, _functions);
 
         var correlationScopes = CreateCorrelationScopes(row, schema, outerScopes);
         var rewritten = await RewriteCorrelatedExpressionAsync(expression, correlationScopes, ct);
-        return ExpressionEvaluator.Evaluate(rewritten, row, schema);
+        return ExpressionEvaluator.Evaluate(rewritten, row, schema, _functions);
     }
 
     private async ValueTask<bool?> TryEvaluateExistsFilterFastAsync(
@@ -3069,7 +3087,7 @@ private async ValueTask<DbValue> EvaluateExpressionWithSubqueriesAsync(
         if (ContainsSubqueries(boundOperand))
             return null;
 
-        var operandValue = ExpressionEvaluator.Evaluate(boundOperand, row, schema);
+        var operandValue = ExpressionEvaluator.Evaluate(boundOperand, row, schema, _functions);
         if (operandValue.IsNull)
             return false;
 
@@ -3093,7 +3111,7 @@ private async ValueTask<DbValue> EvaluateExpressionWithSubqueriesAsync(
             while (await source.MoveNextAsync(ct))
             {
                 if (residualPredicate == null ||
-                    ExpressionEvaluator.Evaluate(residualPredicate, source.Current, sourceSchema).IsTruthy)
+                    ExpressionEvaluator.Evaluate(residualPredicate, source.Current, sourceSchema, _functions).IsTruthy)
                 {
                     return true;
                 }
@@ -3165,7 +3183,7 @@ private async ValueTask<DbValue> EvaluateExpressionWithSubqueriesAsync(
             while (await source.MoveNextAsync(ct))
             {
                 if (residualPredicate != null &&
-                    !ExpressionEvaluator.Evaluate(residualPredicate, source.Current, sourceSchema).IsTruthy)
+                    !ExpressionEvaluator.Evaluate(residualPredicate, source.Current, sourceSchema, _functions).IsTruthy)
                 {
                     continue;
                 }
@@ -3706,12 +3724,12 @@ private QueryResult ExecuteSelectGeneral(SelectStatement stmt)
             if (hasGroupBy)
             {
                 op = new HashAggregateOperator(
-                    op, stmt.Columns, stmt.GroupBy, stmt.Having, schema, outputCols);
+                    op, stmt.Columns, stmt.GroupBy, stmt.Having, schema, outputCols, _functions);
             }
             else
             {
                 op = new ScalarAggregateOperator(
-                    op, stmt.Columns, stmt.Having, schema, outputCols);
+                    op, stmt.Columns, stmt.Having, schema, outputCols, _functions);
             }
 
             // After aggregate, we need a synthetic schema for Sort to work with
@@ -3894,7 +3912,7 @@ column.Expression is not ColumnRefExpression projectedColumn ||
         return topN >= int.MaxValue ? int.MaxValue : (int)topN;
     }
 
-    private static IOperator ApplyOrdering(
+    private IOperator ApplyOrdering(
         IOperator source,
         List<OrderByClause>? orderBy,
         TableSchema schema,
@@ -3904,9 +3922,9 @@ private static IOperator ApplyOrdering(
             return source;
 
         if (topN.HasValue)
-            return new TopNSortOperator(source, orderBy, schema, topN.Value);
+            return new TopNSortOperator(source, orderBy, schema, topN.Value, _functions);
 
-        return new SortOperator(source, orderBy, schema);
+        return new SortOperator(source, orderBy, schema, _functions);
     }
 
     private static bool TryPushDownColumnProjection(
@@ -6119,7 +6137,7 @@ private async ValueTask<QueryResult> ExecuteDeleteAsync(DeleteStatement stmt, Ca
                         schema,
                         Array.Empty<CorrelationScope>(),
                         ct)
-                    : ExpressionEvaluator.Evaluate(stmt.Where, scan.Current, schema);
+                    : ExpressionEvaluator.Evaluate(stmt.Where, scan.Current, schema, _functions);
                 if (!result.IsTruthy) continue;
             }
             rowsToDelete.Add((scan.CurrentRowId, (DbValue[])scan.Current.Clone()));
@@ -6208,7 +6226,7 @@ private async ValueTask<QueryResult> ExecuteUpdateAsync(UpdateStatement stmt, Ca
                         schema,
                         Array.Empty<CorrelationScope>(),
                         ct)
-                    : ExpressionEvaluator.Evaluate(stmt.Where, scan.Current, schema);
+                    : ExpressionEvaluator.Evaluate(stmt.Where, scan.Current, schema, _functions);
                 if (!result.IsTruthy) continue;
             }
 
@@ -6226,7 +6244,7 @@ private async ValueTask<QueryResult> ExecuteUpdateAsync(UpdateStatement stmt, Ca
                         schema,
                         Array.Empty<CorrelationScope>(),
                         ct)
-                    : ExpressionEvaluator.Evaluate(set.Value, scan.Current, schema);
+                    : ExpressionEvaluator.Evaluate(set.Value, scan.Current, schema, _functions);
             }
             updates.Add((scan.CurrentRowId, oldRow, newRow));
         }
@@ -6330,6 +6348,12 @@ private async ValueTask<QueryResult> ExecuteUpdateAsync(UpdateStatement stmt, Ca
         bool allowJoinReorder = true,
         HashSet<Expression>? consumedOuterPredicates = null)
     {
+        if (tableRef is SingleRowTableRef)
+        {
+            var schema = CreateSingleRowSchema();
+            return (new MaterializedOperator(new List<DbValue[]> { Array.Empty<DbValue>() }, schema.Columns.ToArray()), schema);
+        }
+
         if (tableRef is SimpleTableRef simple)
         {
             // Check if this is a CTE reference
@@ -6400,12 +6424,12 @@ private async ValueTask<QueryResult> ExecuteUpdateAsync(UpdateStatement stmt, Ca
                         if (hasGroupBy)
                         {
                             viewOp = new HashAggregateOperator(
-                                viewOp, viewStmt.Columns, viewStmt.GroupBy, viewStmt.Having, viewSchema, outputCols);
+                                viewOp, viewStmt.Columns, viewStmt.GroupBy, viewStmt.Having, viewSchema, outputCols, _functions);
                         }
                         else
                         {
                             viewOp = new ScalarAggregateOperator(
-                                viewOp, viewStmt.Columns, viewStmt.Having, viewSchema, outputCols);
+                                viewOp, viewStmt.Columns, viewStmt.Having, viewSchema, outputCols, _functions);
                         }
 
                         viewSchema = new TableSchema
@@ -6594,7 +6618,8 @@ private async ValueTask<QueryResult> ExecuteUpdateAsync(UpdateStatement stmt, Ca
                         rightSchema.Columns.Count,
                         leftSchema.Columns.Count,
                         swappedEstimatedOutputRowCount,
-                        swappedRightRowCapacityHint);
+                        swappedRightRowCapacityHint,
+                        _functions);
                 }
 
                 // Swapped execution produces [original right | original left];
@@ -6640,7 +6665,7 @@ private async ValueTask<QueryResult> ExecuteUpdateAsync(UpdateStatement stmt, Ca
             var joinOp = new NestedLoopJoinOperator(
                 leftOp, rightOp, join.JoinType, join.Condition,
                 compositeSchema, leftSchema.Columns.Count, rightSchema.Columns.Count,
-                estimatedOutputRowCount, rightRowCapacityHint);
+                estimatedOutputRowCount, rightRowCapacityHint, _functions);
 
             return (joinOp, compositeSchema);
         }
@@ -7927,7 +7952,8 @@ private bool TryBuildIndexNestedLoopJoinOperator(
                 residualCondition,
                 compositeSchema,
                 GetReadSerializer(rightSchema),
-                estimatedOutputRowCount);
+                estimatedOutputRowCount,
+                _functions);
         }
         else
         {
@@ -7947,7 +7973,8 @@ private bool TryBuildIndexNestedLoopJoinOperator(
                 storageMode: lookupStorageMode,
                 usesOrderedTextPayload: usesOrderedTextLookupPayload,
                 recordSerializer: GetReadSerializer(rightSchema),
-                estimatedOutputRowCount: estimatedOutputRowCount);
+                estimatedOutputRowCount: estimatedOutputRowCount,
+                functions: _functions);
         }
 
         return true;
@@ -8076,6 +8103,12 @@ private bool TryEstimateTableRefRowCount(TableRef tableRef, out long count)
             }
         }
 
+        if (tableRef is SingleRowTableRef)
+        {
+            count = 1;
+            return true;
+        }
+
         if (tableRef is not JoinTableRef join)
             return false;
 
@@ -8208,7 +8241,8 @@ private bool TryBuildHashJoinOperator(
             rightKeyIndices,
             buildRightSide,
             buildRowCapacityHint,
-            estimatedOutputRowCount);
+            estimatedOutputRowCount,
+            _functions);
 
         return true;
     }
@@ -12359,10 +12393,16 @@ private static ColumnDefinition InferColumnDef(Expression expr, string? alias, T
 
         if (expr is FunctionCallExpression func)
         {
+            string argumentText = func.IsStarArg
+                ? "*"
+                : $"{(func.IsDistinct ? "DISTINCT " : "")}{string.Join(", ", func.Arguments.Select(ExprToSql))}";
             string name = func.IsStarArg
                 ? $"{func.FunctionName}(*)"
-                : $"{func.FunctionName}({(func.IsDistinct ? "DISTINCT " : "")}{func.Arguments[0]})";
-            return new ColumnDefinition { Name = name, Type = DbType.Null, Nullable = true };
+                : $"{func.FunctionName}({argumentText})";
+            DbType type = DbBuiltInScalarFunctions.TryGetReturnType(func.FunctionName, out DbType builtInType)
+                ? builtInType
+                : DbType.Null;
+            return new ColumnDefinition { Name = name, Type = type, Nullable = true };
         }
 
         return new ColumnDefinition { Name = $"expr{index}", Type = DbType.Null, Nullable = true };
@@ -12779,7 +12819,7 @@ private Func<DbValue[], DbValue> GetOrCompileExpression(Expression expression, T
             _requiresQualifiedMappingCache.Clear();
         }
 
-        evaluator = ExpressionCompiler.Compile(expression, schema);
+        evaluator = ExpressionCompiler.Compile(expression, schema, _functions);
         _compiledExpressionCache[key] = evaluator;
         return evaluator;
     }
@@ -12811,7 +12851,7 @@ private SpanExpressionEvaluator GetOrCompileSpanExpression(Expression expression
             _requiresQualifiedMappingCache.Clear();
         }
 
-        evaluator = ExpressionCompiler.CompileSpan(expression, schema);
+        evaluator = ExpressionCompiler.CompileSpan(expression, schema, _functions);
         _compiledSpanExpressionCache[key] = evaluator;
         return evaluator;
     }
@@ -14184,12 +14224,12 @@ private static void ValidateInsertValueCount(int expectedCount, int actualCount)
         }
     }
 
-    private static DbValue ResolveInsertValue(Expression valueExpression, TableSchema schema)
+    private DbValue ResolveInsertValue(Expression valueExpression, TableSchema schema)
     {
         if (valueExpression is LiteralExpression literal)
             return ResolveInsertLiteral(literal);
 
-        return ExpressionEvaluator.Evaluate(valueExpression, Array.Empty<DbValue>(), schema);
+        return ExpressionEvaluator.Evaluate(valueExpression, Array.Empty<DbValue>(), schema, _functions);
     }
 
     private static DbValue ResolveInsertLiteral(LiteralExpression literal)
diff --git a/src/CSharpDB.Execution/ScalarFunctionEvaluator.cs b/src/CSharpDB.Execution/ScalarFunctionEvaluator.cs
index df78f3f7..58186099 100644
--- a/src/CSharpDB.Execution/ScalarFunctionEvaluator.cs
+++ b/src/CSharpDB.Execution/ScalarFunctionEvaluator.cs
@@ -1,4 +1,3 @@
-using System.Globalization;
 using CSharpDB.Primitives;
 using CSharpDB.Sql;
 
@@ -10,34 +9,123 @@ public static bool IsAggregateFunction(string functionName)
         => functionName.ToUpperInvariant() is "COUNT" or "SUM" or "AVG" or "MIN" or "MAX";
 
     public static DbValue Evaluate(FunctionCallExpression func, Func<Expression, DbValue> evaluateArgument)
+        => Evaluate(func, evaluateArgument, DbFunctionRegistry.Empty);
+
+    public static DbValue Evaluate(
+        FunctionCallExpression func,
+        Func<Expression, DbValue> evaluateArgument,
+        DbFunctionRegistry? functions)
     {
         string functionName = func.FunctionName.ToUpperInvariant();
-        return functionName switch
+        if (DbBuiltInScalarFunctions.IsBuiltInFunctionName(functionName))
         {
-            "TEXT" => EvaluateText(func, evaluateArgument),
-            _ => throw new CSharpDbException(ErrorCode.Unknown, $"Unknown scalar function: {func.FunctionName}"),
-        };
+            if (func.IsStarArg || func.IsDistinct)
+                throw new CSharpDbException(ErrorCode.SyntaxError, $"Scalar function '{func.FunctionName}' does not support DISTINCT or * arguments.");
+
+            var arguments = new DbValue[func.Arguments.Count];
+            for (int i = 0; i < arguments.Length; i++)
+                arguments[i] = evaluateArgument(func.Arguments[i]);
+
+            if (DbBuiltInScalarFunctions.TryEvaluate(functionName, arguments, out DbValue builtInValue))
+                return builtInValue;
+        }
+
+        return EvaluateUserFunction(func, evaluateArgument, functions ?? DbFunctionRegistry.Empty);
     }
 
-    private static DbValue EvaluateText(FunctionCallExpression func, Func<Expression, DbValue> evaluateArgument)
+    public static DbValue Evaluate(
+        FunctionCallExpression func,
+        DbValue[] arguments,
+        DbFunctionRegistry? functions)
     {
-        if (func.IsStarArg || func.IsDistinct || func.Arguments.Count != 1)
-            throw new CSharpDbException(ErrorCode.SyntaxError, "TEXT() requires exactly one argument.");
+        string functionName = func.FunctionName.ToUpperInvariant();
+        if (DbBuiltInScalarFunctions.IsBuiltInFunctionName(functionName))
+        {
+            if (func.IsStarArg || func.IsDistinct)
+                throw new CSharpDbException(ErrorCode.SyntaxError, $"Scalar function '{func.FunctionName}' does not support DISTINCT or * arguments.");
+
+            if (DbBuiltInScalarFunctions.TryEvaluate(functionName, arguments, out DbValue builtInValue))
+                return builtInValue;
+        }
 
-        DbValue value = evaluateArgument(func.Arguments[0]);
-        return EvaluateTextValue(value);
+        return EvaluateUserFunction(func, arguments, functions ?? DbFunctionRegistry.Empty);
     }
 
     internal static DbValue EvaluateTextValue(DbValue value)
-        => DbValue.FromText(ToDisplayText(value));
+        => DbValue.FromText(DbBuiltInScalarFunctions.ToDisplayText(value));
 
-    private static string ToDisplayText(DbValue value) => value.Type switch
+    private static DbValue EvaluateUserFunction(
+        FunctionCallExpression func,
+        Func<Expression, DbValue> evaluateArgument,
+        DbFunctionRegistry functions)
     {
-        DbType.Null => "NULL",
-        DbType.Integer => value.AsInteger.ToString(CultureInfo.InvariantCulture),
-        DbType.Real => value.AsReal.ToString(CultureInfo.InvariantCulture),
-        DbType.Text => value.AsText,
-        DbType.Blob => $"[{value.AsBlob.Length} bytes]",
-        _ => throw new CSharpDbException(ErrorCode.Unknown, $"Unsupported DbValue type '{value.Type}'."),
-    };
+        if (func.IsStarArg || func.IsDistinct)
+            throw new CSharpDbException(ErrorCode.SyntaxError, $"Scalar function '{func.FunctionName}' does not support DISTINCT or * arguments.");
+
+        if (!functions.TryGetScalar(func.FunctionName, func.Arguments.Count, out var definition))
+        {
+            throw new CSharpDbException(
+                ErrorCode.Unknown,
+                $"Unknown scalar function: {func.FunctionName}");
+        }
+
+        var arguments = new DbValue[func.Arguments.Count];
+        for (int i = 0; i < arguments.Length; i++)
+            arguments[i] = evaluateArgument(func.Arguments[i]);
+
+        if (definition.Options.NullPropagating && arguments.Any(static value => value.IsNull))
+            return DbValue.Null;
+
+        try
+        {
+            return definition.Invoke(arguments, CreateSqlCallbackMetadata(func.FunctionName));
+        }
+        catch (Exception ex)
+        {
+            throw new CSharpDbException(
+                ErrorCode.Unknown,
+                $"Scalar function '{definition.Name}' failed: {ex.Message}",
+                ex);
+        }
+    }
+
+    private static DbValue EvaluateUserFunction(
+        FunctionCallExpression func,
+        DbValue[] arguments,
+        DbFunctionRegistry functions)
+    {
+        if (func.IsStarArg || func.IsDistinct)
+            throw new CSharpDbException(ErrorCode.SyntaxError, $"Scalar function '{func.FunctionName}' does not support DISTINCT or * arguments.");
+
+        if (!functions.TryGetScalar(func.FunctionName, arguments.Length, out var definition))
+        {
+            throw new CSharpDbException(
+                ErrorCode.Unknown,
+                $"Unknown scalar function: {func.FunctionName}");
+        }
+
+        if (definition.Options.NullPropagating && arguments.Any(static value => value.IsNull))
+            return DbValue.Null;
+
+        try
+        {
+            return definition.Invoke(arguments, CreateSqlCallbackMetadata(func.FunctionName));
+        }
+        catch (Exception ex)
+        {
+            throw new CSharpDbException(
+                ErrorCode.Unknown,
+                $"Scalar function '{definition.Name}' failed: {ex.Message}",
+                ex);
+        }
+    }
+
+    private static IReadOnlyDictionary<string, string>? CreateSqlCallbackMetadata(string functionName)
+        => DbCallbackDiagnostics.IsInvocationEnabled
+            ? new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["surface"] = "SQL",
+                ["location"] = $"functions.{functionName}",
+            }
+            : null;
 }
diff --git a/src/CSharpDB.Pipelines/Models/PipelineAutomationMetadata.cs b/src/CSharpDB.Pipelines/Models/PipelineAutomationMetadata.cs
new file mode 100644
index 00000000..181bc9af
--- /dev/null
+++ b/src/CSharpDB.Pipelines/Models/PipelineAutomationMetadata.cs
@@ -0,0 +1,68 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Pipelines.Models;
+
+public static class PipelineAutomationMetadata
+{
+    private const string Surface = "pipelines";
+
+    public static PipelinePackageDefinition NormalizeForExport(PipelinePackageDefinition package)
+    {
+        ArgumentNullException.ThrowIfNull(package);
+
+        DbAutomationMetadata metadata = Build(package);
+        return WithAutomation(package, metadata.IsEmpty ? null : metadata);
+    }
+
+    public static DbAutomationMetadata Build(PipelinePackageDefinition package)
+    {
+        ArgumentNullException.ThrowIfNull(package);
+
+        var builder = new DbAutomationMetadataBuilder();
+        for (int i = 0; i < package.Hooks.Count; i++)
+        {
+            PipelineCommandHookDefinition hook = package.Hooks[i];
+            builder.AddCommand(hook.CommandName, Surface, $"hooks[{i}].{hook.Event}");
+        }
+
+        for (int i = 0; i < package.Transforms.Count; i++)
+        {
+            PipelineTransformDefinition transform = package.Transforms[i];
+            string transformLocation = $"transforms[{i}]";
+            if (transform.Kind == PipelineTransformKind.Filter)
+                AddScalarFunctions(builder, transform.FilterExpression, $"{transformLocation}.filterExpression");
+
+            if (transform.Kind == PipelineTransformKind.Derive && transform.DerivedColumns is not null)
+            {
+                for (int columnIndex = 0; columnIndex < transform.DerivedColumns.Count; columnIndex++)
+                {
+                    PipelineDerivedColumn column = transform.DerivedColumns[columnIndex];
+                    AddScalarFunctions(builder, column.Expression, $"{transformLocation}.derivedColumns[{columnIndex}].expression");
+                }
+            }
+        }
+
+        return builder.Build();
+    }
+
+    private static PipelinePackageDefinition WithAutomation(PipelinePackageDefinition package, DbAutomationMetadata? automation)
+        => new()
+        {
+            Name = package.Name,
+            Version = package.Version,
+            Description = package.Description,
+            Source = package.Source,
+            Transforms = package.Transforms,
+            Destination = package.Destination,
+            Options = package.Options,
+            Incremental = package.Incremental,
+            Hooks = package.Hooks,
+            Automation = automation,
+        };
+
+    private static void AddScalarFunctions(DbAutomationMetadataBuilder builder, string? expression, string location)
+    {
+        foreach (DbAutomationScalarFunctionCall call in DbAutomationExpressionInspector.FindScalarFunctionCalls(expression))
+            builder.AddScalarFunction(call.Name, call.Arity, Surface, location);
+    }
+}
diff --git a/src/CSharpDB.Pipelines/Models/PipelinePackageDefinition.cs b/src/CSharpDB.Pipelines/Models/PipelinePackageDefinition.cs
index ed1bb8de..1186db89 100644
--- a/src/CSharpDB.Pipelines/Models/PipelinePackageDefinition.cs
+++ b/src/CSharpDB.Pipelines/Models/PipelinePackageDefinition.cs
@@ -12,6 +12,24 @@ public sealed class PipelinePackageDefinition
     public PipelineDestinationDefinition Destination { get; init; } = new();
     public PipelineExecutionOptions Options { get; init; } = new();
     public PipelineIncrementalOptions? Incremental { get; init; }
+    public IReadOnlyList<PipelineCommandHookDefinition> Hooks { get; init; } = [];
+    public DbAutomationMetadata? Automation { get; init; }
+}
+
+public enum PipelineCommandHookEvent
+{
+    OnRunStarted,
+    OnBatchCompleted,
+    OnRunSucceeded,
+    OnRunFailed,
+}
+
+public sealed class PipelineCommandHookDefinition
+{
+    public PipelineCommandHookEvent Event { get; init; }
+    public string CommandName { get; init; } = string.Empty;
+    public IReadOnlyDictionary<string, object?>? Arguments { get; init; }
+    public bool StopOnFailure { get; init; } = true;
 }
 
 public enum PipelineSourceKind
diff --git a/src/CSharpDB.Pipelines/README.md b/src/CSharpDB.Pipelines/README.md
index a91b3fc7..78a55a9f 100644
--- a/src/CSharpDB.Pipelines/README.md
+++ b/src/CSharpDB.Pipelines/README.md
@@ -14,6 +14,10 @@ runtime for batch ETL work. A pipeline package describes the source,
 transformations, destination, execution options, and optional incremental state.
 The built-in runtime can validate packages, serialize them to JSON, execute them
 in batches, capture checkpoints, and report rejects and run metrics.
+Packages can also name trusted host commands for lifecycle hooks; command bodies
+are registered by the process that runs the pipeline and are not serialized into
+the package. Package JSON includes generated automation metadata that lists the
+trusted commands and scalar functions a host must register.
 
 Current boundary:
 - Built-in runtime components currently support CSV and JSON file sources/destinations
@@ -29,6 +33,8 @@ Current boundary:
 - **Built-in connectors**: CSV and JSON file readers/writers
 - **Built-in transforms**: select, rename, cast, filter, derive, deduplicate
 - **Checkpointing hooks**: pluggable checkpoint store and run logger abstractions
+- **Trusted command hooks**: host-registered commands for run started, batch completed, run succeeded, and run failed events
+- **Automation metadata**: generated import/export manifest for trusted command and scalar function names
 - **Batch metrics**: rows read/written/rejected plus batch counts
 
 ## Usage
@@ -118,6 +124,18 @@ var package = new PipelinePackageDefinition
         CheckpointInterval = 1,
         ErrorMode = PipelineErrorMode.FailFast,
     },
+    Hooks =
+    [
+        new PipelineCommandHookDefinition
+        {
+            Event = PipelineCommandHookEvent.OnRunSucceeded,
+            CommandName = "NotifyPipeline",
+            Arguments = new Dictionary<string, object?>
+            {
+                ["channel"] = "ops",
+            },
+        },
+    ],
 };
 
 PipelineValidationResult validation = PipelinePackageValidator.Validate(package);
@@ -135,7 +153,23 @@ PipelinePackageDefinition loadedPackage =
 var orchestrator = new PipelineOrchestrator(
     new DefaultPipelineComponentFactory(),
     new NullPipelineCheckpointStore(),
-    new NullPipelineRunLogger());
+    new NullPipelineRunLogger(),
+    DbCommandRegistry.Create(commands =>
+    {
+        commands.AddAsyncCommand(
+            "NotifyPipeline",
+            new DbCommandOptions(
+                Description: "Publishes pipeline run metrics.",
+                Timeout: TimeSpan.FromSeconds(10),
+                IsLongRunning: true),
+            static async (context, ct) =>
+            {
+                string pipelineName = context.Metadata["pipelineName"];
+                long rowsWritten = context.Arguments["rowsWritten"].AsInteger;
+                await NotifyOpsAsync(pipelineName, rowsWritten, ct);
+                return DbCommandResult.Success();
+            });
+    }));
 
 PipelineRunResult result = await orchestrator.ExecuteAsync(new PipelineRunRequest
 {
@@ -184,6 +218,9 @@ The output file contains the active customers only, with duplicate IDs removed:
 - Use `NullPipelineCheckpointStore` and `NullPipelineRunLogger` when you want a minimal in-process setup
 - Relative source file paths are searched from the current directory and app base directory; relative output paths are written relative to the current directory
 - `Derive` expressions are intentionally simple today: use a source column name or a literal such as `'csv'`, `123`, `true`, or `null`
+- Trusted command hooks are skipped in `Validate` mode. Missing command registration, a timed-out command, or a failing hook with `StopOnFailure = true` fails the run through `PipelineRunResult`.
+- Pipeline command callbacks receive the run cancellation token; hosts should pass it to async I/O and set `DbCommandOptions.Timeout` for hooks that call external systems.
+- `PipelinePackageSerializer` regenerates `Automation` during save/load and string serialization. Validation accepts legacy packages without automation metadata, but reports stale manifests when present.
 
 ## Installation
 
diff --git a/src/CSharpDB.Pipelines/Runtime/BuiltIns/DefaultPipelineComponentFactory.cs b/src/CSharpDB.Pipelines/Runtime/BuiltIns/DefaultPipelineComponentFactory.cs
index 1bcb6456..f33230cd 100644
--- a/src/CSharpDB.Pipelines/Runtime/BuiltIns/DefaultPipelineComponentFactory.cs
+++ b/src/CSharpDB.Pipelines/Runtime/BuiltIns/DefaultPipelineComponentFactory.cs
@@ -1,9 +1,19 @@
 using CSharpDB.Pipelines.Models;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Pipelines.Runtime.BuiltIns;
 
 public sealed class DefaultPipelineComponentFactory : IPipelineComponentFactory
 {
+    private readonly DbFunctionRegistry _functions;
+    private readonly DbExtensionPolicy _callbackPolicy;
+
+    public DefaultPipelineComponentFactory(DbFunctionRegistry? functions = null, DbExtensionPolicy? callbackPolicy = null)
+    {
+        _functions = functions ?? DbFunctionRegistry.Empty;
+        _callbackPolicy = callbackPolicy ?? DbExtensionPolicies.DefaultHostCallbackPolicy;
+    }
+
     public IPipelineSource CreateSource(PipelineSourceDefinition definition) => definition.Kind switch
     {
         PipelineSourceKind.CsvFile => new CsvPipelineSource(definition),
@@ -27,13 +37,13 @@ public IReadOnlyList<IPipelineTransform> CreateTransforms(IReadOnlyList<Pipeline
         _ => throw new ArgumentOutOfRangeException(nameof(definition)),
     };
 
-    private static IPipelineTransform CreateTransform(PipelineTransformDefinition definition) => definition.Kind switch
+    private IPipelineTransform CreateTransform(PipelineTransformDefinition definition) => definition.Kind switch
     {
         PipelineTransformKind.Select => new SelectPipelineTransform(definition),
         PipelineTransformKind.Rename => new RenamePipelineTransform(definition),
         PipelineTransformKind.Cast => new CastPipelineTransform(definition),
-        PipelineTransformKind.Filter => new FilterPipelineTransform(definition),
-        PipelineTransformKind.Derive => new DerivePipelineTransform(definition),
+        PipelineTransformKind.Filter => new FilterPipelineTransform(definition, _functions, _callbackPolicy),
+        PipelineTransformKind.Derive => new DerivePipelineTransform(definition, _functions, _callbackPolicy),
         PipelineTransformKind.Deduplicate => new DeduplicatePipelineTransform(definition),
         _ => throw new ArgumentOutOfRangeException(nameof(definition)),
     };
diff --git a/src/CSharpDB.Pipelines/Runtime/BuiltIns/TransformSupport.cs b/src/CSharpDB.Pipelines/Runtime/BuiltIns/TransformSupport.cs
index 00e8ae74..145ce55c 100644
--- a/src/CSharpDB.Pipelines/Runtime/BuiltIns/TransformSupport.cs
+++ b/src/CSharpDB.Pipelines/Runtime/BuiltIns/TransformSupport.cs
@@ -50,7 +50,11 @@ internal static class TransformSupport
         };
     }
 
-    public static bool EvaluateFilter(string expression, IReadOnlyDictionary<string, object?> row)
+    public static bool EvaluateFilter(
+        string expression,
+        IReadOnlyDictionary<string, object?> row,
+        DbFunctionRegistry? functions = null,
+        DbExtensionPolicy? callbackPolicy = null)
     {
         string[] operators = ["==", "!=", ">=", "<=", ">", "<"];
         foreach (string op in operators)
@@ -63,8 +67,8 @@ public static bool EvaluateFilter(string expression, IReadOnlyDictionary<string,
 
             string left = expression[..index].Trim();
             string right = expression[(index + op.Length)..].Trim();
-            object? leftValue = row.TryGetValue(left, out var value) ? value : null;
-            object? rightValue = ParseLiteral(right, row);
+            object? leftValue = EvaluateFilterLeft(left, row, functions, callbackPolicy);
+            object? rightValue = ParseLiteral(right, row, functions, callbackPolicy);
             int comparison = Compare(leftValue, rightValue);
 
             return op switch
@@ -82,7 +86,11 @@ public static bool EvaluateFilter(string expression, IReadOnlyDictionary<string,
         throw new InvalidOperationException($"Unsupported filter expression '{expression}'.");
     }
 
-    public static object? EvaluateDerivedExpression(string expression, IReadOnlyDictionary<string, object?> row)
+    public static object? EvaluateDerivedExpression(
+        string expression,
+        IReadOnlyDictionary<string, object?> row,
+        DbFunctionRegistry? functions = null,
+        DbExtensionPolicy? callbackPolicy = null)
     {
         string trimmed = expression.Trim();
         if (row.TryGetValue(trimmed, out var columnValue))
@@ -90,11 +98,45 @@ public static bool EvaluateFilter(string expression, IReadOnlyDictionary<string,
             return columnValue;
         }
 
-        return ParseLiteral(trimmed, row);
+        return ParseLiteral(trimmed, row, functions, callbackPolicy);
     }
 
-    private static object? ParseLiteral(string token, IReadOnlyDictionary<string, object?> row)
+    private static object? EvaluateValue(
+        string token,
+        IReadOnlyDictionary<string, object?> row,
+        DbFunctionRegistry? functions,
+        DbExtensionPolicy? callbackPolicy)
     {
+        if (row.TryGetValue(token, out var columnValue))
+            return columnValue;
+
+        return ParseLiteral(token, row, functions, callbackPolicy);
+    }
+
+    private static object? EvaluateFilterLeft(
+        string token,
+        IReadOnlyDictionary<string, object?> row,
+        DbFunctionRegistry? functions,
+        DbExtensionPolicy? callbackPolicy)
+    {
+        if (row.TryGetValue(token, out var columnValue))
+            return columnValue;
+
+        if (TryEvaluateFunctionCall(token, row, functions, callbackPolicy, out object? functionValue))
+            return functionValue;
+
+        return null;
+    }
+
+    private static object? ParseLiteral(
+        string token,
+        IReadOnlyDictionary<string, object?> row,
+        DbFunctionRegistry? functions,
+        DbExtensionPolicy? callbackPolicy)
+    {
+        if (TryEvaluateFunctionCall(token, row, functions, callbackPolicy, out object? functionValue))
+            return functionValue;
+
         if (token.StartsWith('\'') && token.EndsWith('\'') && token.Length >= 2)
         {
             return token[1..^1];
@@ -133,6 +175,150 @@ public static bool EvaluateFilter(string expression, IReadOnlyDictionary<string,
         return token;
     }
 
+    private static bool TryEvaluateFunctionCall(
+        string expression,
+        IReadOnlyDictionary<string, object?> row,
+        DbFunctionRegistry? functions,
+        DbExtensionPolicy? callbackPolicy,
+        out object? value)
+    {
+        value = null;
+        int openParen = expression.IndexOf('(');
+        if (openParen <= 0 || !expression.EndsWith(')'))
+            return false;
+
+        string name = expression[..openParen].Trim();
+        if (!IsIdentifier(name))
+            return false;
+
+        string argumentsText = expression[(openParen + 1)..^1];
+        string[] argumentTokens = SplitArguments(argumentsText);
+
+        DbFunctionRegistry registry = functions ?? DbFunctionRegistry.Empty;
+        if (!registry.TryGetScalar(name, argumentTokens.Length, out var definition))
+        {
+            IReadOnlyDictionary<string, string>? metadata = CreatePipelineCallbackMetadata(name);
+            DbCallbackDiagnostics.WriteMissingScalarInvocation(
+                name,
+                argumentTokens.Length,
+                metadata,
+                $"Unknown pipeline scalar function '{name}'.");
+            throw new InvalidOperationException($"Unknown scalar function '{name}'.");
+        }
+
+        var arguments = new DbValue[argumentTokens.Length];
+        for (int i = 0; i < argumentTokens.Length; i++)
+            arguments[i] = ToDbValue(ParseLiteral(argumentTokens[i].Trim(), row, functions, callbackPolicy));
+
+        if (definition.Options.NullPropagating && arguments.Any(static argument => argument.IsNull))
+        {
+            value = null;
+            return true;
+        }
+
+        try
+        {
+            IReadOnlyDictionary<string, string>? metadata = CreatePipelineCallbackMetadata(name);
+            DbValue result = callbackPolicy is null
+                ? definition.Invoke(arguments, metadata)
+                : definition.Invoke(arguments, metadata, callbackPolicy, DbExtensionHostMode.Embedded);
+            value = FromDbValue(result);
+            return true;
+        }
+        catch (Exception ex)
+        {
+            throw new InvalidOperationException($"Scalar function '{definition.Name}' failed: {ex.Message}", ex);
+        }
+    }
+
+    private static string[] SplitArguments(string argumentsText)
+    {
+        if (string.IsNullOrWhiteSpace(argumentsText))
+            return [];
+
+        var arguments = new List<string>();
+        int start = 0;
+        int depth = 0;
+        bool inString = false;
+        for (int i = 0; i < argumentsText.Length; i++)
+        {
+            char ch = argumentsText[i];
+            if (ch == '\'')
+            {
+                inString = !inString;
+                continue;
+            }
+
+            if (inString)
+                continue;
+
+            if (ch == '(')
+            {
+                depth++;
+                continue;
+            }
+
+            if (ch == ')')
+            {
+                depth--;
+                if (depth < 0)
+                    throw new InvalidOperationException($"Malformed function expression '{argumentsText}'.");
+                continue;
+            }
+
+            if (ch == ',' && depth == 0)
+            {
+                arguments.Add(argumentsText[start..i].Trim());
+                start = i + 1;
+            }
+        }
+
+        if (inString || depth != 0)
+            throw new InvalidOperationException($"Malformed function expression '{argumentsText}'.");
+
+        arguments.Add(argumentsText[start..].Trim());
+        if (arguments.Any(static argument => argument.Length == 0))
+            throw new InvalidOperationException($"Malformed function expression '{argumentsText}'.");
+
+        return arguments.ToArray();
+    }
+
+    private static DbValue ToDbValue(object? value) => value switch
+    {
+        null => DbValue.Null,
+        DbValue dbValue => dbValue,
+        bool boolValue => DbValue.FromInteger(boolValue ? 1 : 0),
+        byte or sbyte or short or ushort or int or uint or long => DbValue.FromInteger(Convert.ToInt64(value, CultureInfo.InvariantCulture)),
+        float or double or decimal => DbValue.FromReal(Convert.ToDouble(value, CultureInfo.InvariantCulture)),
+        string text => DbValue.FromText(text),
+        byte[] bytes => DbValue.FromBlob(bytes),
+        _ => DbValue.FromText(Convert.ToString(value, CultureInfo.InvariantCulture) ?? string.Empty),
+    };
+
+    private static object? FromDbValue(DbValue value) => value.Type switch
+    {
+        DbType.Null => null,
+        DbType.Integer => value.AsInteger,
+        DbType.Real => value.AsReal,
+        DbType.Text => value.AsText,
+        DbType.Blob => value.AsBlob,
+        _ => null,
+    };
+
+    private static bool IsIdentifier(string value)
+    {
+        if (value.Length == 0 || (!char.IsLetter(value[0]) && value[0] != '_'))
+            return false;
+
+        for (int i = 1; i < value.Length; i++)
+        {
+            if (!char.IsLetterOrDigit(value[i]) && value[i] != '_')
+                return false;
+        }
+
+        return true;
+    }
+
     private static int Compare(object? left, object? right)
     {
         if (left is null && right is null)
@@ -164,4 +350,12 @@ private static int Compare(object? left, object? right)
 
         return string.CompareOrdinal(left.ToString(), right.ToString());
     }
+
+    private static IReadOnlyDictionary<string, string>? CreatePipelineCallbackMetadata(string functionName)
+        => new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+        {
+            ["surface"] = "Pipelines",
+            ["location"] = $"transforms.functions.{functionName}",
+            ["correlationId"] = Guid.NewGuid().ToString("N"),
+        };
 }
diff --git a/src/CSharpDB.Pipelines/Runtime/BuiltIns/Transforms.cs b/src/CSharpDB.Pipelines/Runtime/BuiltIns/Transforms.cs
index c9a3c435..5e7a87b3 100644
--- a/src/CSharpDB.Pipelines/Runtime/BuiltIns/Transforms.cs
+++ b/src/CSharpDB.Pipelines/Runtime/BuiltIns/Transforms.cs
@@ -1,4 +1,5 @@
 using CSharpDB.Pipelines.Models;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Pipelines.Runtime.BuiltIns;
 
@@ -104,11 +105,18 @@ public ValueTask<PipelineRowBatch> TransformAsync(PipelineRowBatch batch, Pipeli
 public sealed class FilterPipelineTransform : IPipelineTransform
 {
     private readonly string _expression;
+    private readonly DbFunctionRegistry _functions;
+    private readonly DbExtensionPolicy _callbackPolicy;
 
-    public FilterPipelineTransform(PipelineTransformDefinition definition)
+    public FilterPipelineTransform(
+        PipelineTransformDefinition definition,
+        DbFunctionRegistry? functions = null,
+        DbExtensionPolicy? callbackPolicy = null)
     {
         _expression = definition.FilterExpression
             ?? throw new InvalidOperationException("Filter transform requires an expression.");
+        _functions = functions ?? DbFunctionRegistry.Empty;
+        _callbackPolicy = callbackPolicy ?? DbExtensionPolicies.DefaultHostCallbackPolicy;
     }
 
     public string Name => "filter";
@@ -116,7 +124,7 @@ public FilterPipelineTransform(PipelineTransformDefinition definition)
     public ValueTask<PipelineRowBatch> TransformAsync(PipelineRowBatch batch, PipelineExecutionContext context, CancellationToken ct = default)
     {
         var rows = batch.Rows
-            .Where(row => TransformSupport.EvaluateFilter(_expression, row))
+            .Where(row => TransformSupport.EvaluateFilter(_expression, row, _functions, _callbackPolicy))
             .Select(row => new Dictionary<string, object?>(row, StringComparer.OrdinalIgnoreCase))
             .ToArray();
 
@@ -127,11 +135,18 @@ public ValueTask<PipelineRowBatch> TransformAsync(PipelineRowBatch batch, Pipeli
 public sealed class DerivePipelineTransform : IPipelineTransform
 {
     private readonly IReadOnlyList<PipelineDerivedColumn> _columns;
+    private readonly DbFunctionRegistry _functions;
+    private readonly DbExtensionPolicy _callbackPolicy;
 
-    public DerivePipelineTransform(PipelineTransformDefinition definition)
+    public DerivePipelineTransform(
+        PipelineTransformDefinition definition,
+        DbFunctionRegistry? functions = null,
+        DbExtensionPolicy? callbackPolicy = null)
     {
         _columns = definition.DerivedColumns
             ?? throw new InvalidOperationException("Derive transform requires derived columns.");
+        _functions = functions ?? DbFunctionRegistry.Empty;
+        _callbackPolicy = callbackPolicy ?? DbExtensionPolicies.DefaultHostCallbackPolicy;
     }
 
     public string Name => "derive";
@@ -143,7 +158,7 @@ public ValueTask<PipelineRowBatch> TransformAsync(PipelineRowBatch batch, Pipeli
             var output = new Dictionary<string, object?>(row, StringComparer.OrdinalIgnoreCase);
             foreach (var column in _columns)
             {
-                output[column.Name] = TransformSupport.EvaluateDerivedExpression(column.Expression, output);
+                output[column.Name] = TransformSupport.EvaluateDerivedExpression(column.Expression, output, _functions, _callbackPolicy);
             }
 
             return output;
diff --git a/src/CSharpDB.Pipelines/Runtime/PipelineOrchestrator.cs b/src/CSharpDB.Pipelines/Runtime/PipelineOrchestrator.cs
index 3f77aa05..9c4b15aa 100644
--- a/src/CSharpDB.Pipelines/Runtime/PipelineOrchestrator.cs
+++ b/src/CSharpDB.Pipelines/Runtime/PipelineOrchestrator.cs
@@ -1,5 +1,6 @@
 using CSharpDB.Pipelines.Models;
 using CSharpDB.Pipelines.Validation;
+using CSharpDB.Primitives;
 using System.Text.Json;
 
 namespace CSharpDB.Pipelines.Runtime;
@@ -9,15 +10,21 @@ public sealed class PipelineOrchestrator : IPipelineOrchestrator
     private readonly IPipelineComponentFactory _componentFactory;
     private readonly IPipelineCheckpointStore _checkpointStore;
     private readonly IPipelineRunLogger _runLogger;
+    private readonly DbCommandRegistry _commands;
+    private readonly DbExtensionPolicy _callbackPolicy;
 
     public PipelineOrchestrator(
         IPipelineComponentFactory componentFactory,
         IPipelineCheckpointStore checkpointStore,
-        IPipelineRunLogger runLogger)
+        IPipelineRunLogger runLogger,
+        DbCommandRegistry? commands = null,
+        DbExtensionPolicy? callbackPolicy = null)
     {
         _componentFactory = componentFactory;
         _checkpointStore = checkpointStore;
         _runLogger = runLogger;
+        _commands = commands ?? DbCommandRegistry.Empty;
+        _callbackPolicy = callbackPolicy ?? DbExtensionPolicies.DefaultHostCallbackPolicy;
     }
 
     public async Task<PipelineRunResult> ExecuteAsync(PipelineRunRequest request, CancellationToken ct = default)
@@ -87,6 +94,16 @@ public async Task<PipelineRunResult> ExecuteAsync(PipelineRunRequest request, Ca
                 return validateResult;
             }
 
+            currentStep = "command-hook";
+            currentComponent = PipelineCommandHookEvent.OnRunStarted.ToString();
+            await DispatchHooksAsync(
+                request.Package,
+                PipelineCommandHookEvent.OnRunStarted,
+                context,
+                metrics,
+                status: PipelineRunStatus.Running.ToString(),
+                ct: ct);
+
             var source = _componentFactory.CreateSource(request.Package.Source);
             var transforms = _componentFactory.CreateTransforms(request.Package.Transforms);
             var destination = _componentFactory.CreateDestination(request.Package.Destination);
@@ -208,6 +225,18 @@ public async Task<PipelineRunResult> ExecuteAsync(PipelineRunRequest request, Ca
                         $"Pipeline rejected {metrics.RowsRejected} row(s), exceeding MaxRejects={request.Package.Options.MaxRejects}.");
                 }
 
+                currentStep = "command-hook";
+                currentComponent = PipelineCommandHookEvent.OnBatchCompleted.ToString();
+                currentBatch = sourceBatch;
+                await DispatchHooksAsync(
+                    request.Package,
+                    PipelineCommandHookEvent.OnBatchCompleted,
+                    context,
+                    metrics,
+                    sourceBatch,
+                    PipelineRunStatus.Running.ToString(),
+                    ct: ct);
+
                 await _runLogger.StatusChangedAsync(runId, PipelineRunStatus.Running, metrics, ct);
             }
 
@@ -230,6 +259,17 @@ public async Task<PipelineRunResult> ExecuteAsync(PipelineRunRequest request, Ca
                 Checkpoint = latestCheckpoint,
             };
 
+            currentStep = "command-hook";
+            currentComponent = PipelineCommandHookEvent.OnRunSucceeded.ToString();
+            currentBatch = null;
+            await DispatchHooksAsync(
+                request.Package,
+                PipelineCommandHookEvent.OnRunSucceeded,
+                context,
+                metrics,
+                status: PipelineRunStatus.Succeeded.ToString(),
+                ct: ct);
+
             await _runLogger.RunCompletedAsync(result, ct);
             return result;
         }
@@ -239,6 +279,27 @@ public async Task<PipelineRunResult> ExecuteAsync(PipelineRunRequest request, Ca
         }
         catch (Exception ex)
         {
+            string errorSummary = FormatErrorSummary(currentStep, currentComponent, currentBatch, ex);
+            try
+            {
+                await DispatchHooksAsync(
+                    request.Package,
+                    PipelineCommandHookEvent.OnRunFailed,
+                    context,
+                    metrics,
+                    currentBatch,
+                    PipelineRunStatus.Failed.ToString(),
+                    errorSummary,
+                    ct);
+            }
+            catch (Exception hookEx)
+            {
+                errorSummary = string.Join(
+                    Environment.NewLine,
+                    errorSummary,
+                    $"Run-failed hook error: {hookEx.Message}");
+            }
+
             var failedResult = new PipelineRunResult
             {
                 RunId = runId,
@@ -249,7 +310,7 @@ public async Task<PipelineRunResult> ExecuteAsync(PipelineRunRequest request, Ca
                 CompletedUtc = DateTimeOffset.UtcNow,
                 Metrics = metrics,
                 Checkpoint = latestCheckpoint,
-                ErrorSummary = FormatErrorSummary(currentStep, currentComponent, currentBatch, ex),
+                ErrorSummary = errorSummary,
             };
 
             await _runLogger.RunCompletedAsync(failedResult, ct);
@@ -257,6 +318,125 @@ public async Task<PipelineRunResult> ExecuteAsync(PipelineRunRequest request, Ca
         }
     }
 
+    private async Task DispatchHooksAsync(
+        PipelinePackageDefinition package,
+        PipelineCommandHookEvent eventKind,
+        PipelineExecutionContext context,
+        PipelineRunMetrics metrics,
+        PipelineRowBatch? batch = null,
+        string? status = null,
+        string? errorSummary = null,
+        CancellationToken ct = default)
+    {
+        IReadOnlyList<PipelineCommandHookDefinition> hooks = package.Hooks ?? [];
+        foreach (PipelineCommandHookDefinition hook in hooks.Where(hook => hook.Event == eventKind))
+        {
+            if (string.IsNullOrWhiteSpace(hook.CommandName))
+                throw new InvalidOperationException($"Pipeline hook '{eventKind}' has an empty command name.");
+
+            if (!_commands.TryGetCommand(hook.CommandName, out DbCommandDefinition definition))
+            {
+                Dictionary<string, string> missingMetadata = BuildHookMetadata(package, eventKind, context.RunId, context.Mode);
+                string message = $"Unknown pipeline command '{hook.CommandName}' for hook '{eventKind}'.";
+                DbCallbackDiagnostics.WriteMissingCommandInvocation(hook.CommandName, missingMetadata, message);
+                throw new InvalidOperationException($"Unknown pipeline command '{hook.CommandName}' for hook '{eventKind}'.");
+            }
+
+            Dictionary<string, DbValue> arguments = DbCommandArguments.FromObjectDictionary(
+                BuildHookArguments(package, eventKind, context.RunId, context.Mode, metrics, batch, status, errorSummary),
+                hook.Arguments);
+            Dictionary<string, string> metadata = BuildHookMetadata(package, eventKind, context.RunId, context.Mode);
+
+            DbCommandResult result;
+            try
+            {
+                result = await definition.InvokeAsync(
+                    arguments,
+                    metadata,
+                    _callbackPolicy,
+                    DbExtensionHostMode.Embedded,
+                    ct);
+            }
+            catch (OperationCanceledException) when (ct.IsCancellationRequested)
+            {
+                throw;
+            }
+            catch (Exception ex)
+            {
+                throw new InvalidOperationException(
+                    $"Pipeline hook '{eventKind}' command '{definition.Name}' failed: {ex.Message}",
+                    ex);
+            }
+
+            if (!result.Succeeded && hook.StopOnFailure)
+            {
+                string message = string.IsNullOrWhiteSpace(result.Message)
+                    ? $"Pipeline hook '{eventKind}' command '{definition.Name}' failed."
+                    : result.Message;
+                throw new InvalidOperationException(message);
+            }
+        }
+    }
+
+    private static Dictionary<string, object?> BuildHookArguments(
+        PipelinePackageDefinition package,
+        PipelineCommandHookEvent eventKind,
+        string runId,
+        PipelineExecutionMode mode,
+        PipelineRunMetrics metrics,
+        PipelineRowBatch? batch,
+        string? status,
+        string? errorSummary)
+    {
+        var arguments = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+        {
+            ["runId"] = runId,
+            ["pipelineName"] = package.Name,
+            ["pipelineVersion"] = package.Version,
+            ["mode"] = mode.ToString(),
+            ["event"] = eventKind.ToString(),
+            ["rowsRead"] = metrics.RowsRead,
+            ["rowsWritten"] = metrics.RowsWritten,
+            ["rowsRejected"] = metrics.RowsRejected,
+            ["batchesCompleted"] = metrics.BatchesCompleted,
+        };
+
+        if (!string.IsNullOrWhiteSpace(status))
+            arguments["status"] = status;
+
+        if (!string.IsNullOrWhiteSpace(errorSummary))
+            arguments["errorSummary"] = errorSummary;
+
+        if (batch is not null)
+        {
+            arguments["batchNumber"] = batch.BatchNumber;
+            arguments["startingRowNumber"] = batch.StartingRowNumber;
+            arguments["batchRowCount"] = batch.Rows.Count;
+        }
+
+        return arguments;
+    }
+
+    private static Dictionary<string, string> BuildHookMetadata(
+        PipelinePackageDefinition package,
+        PipelineCommandHookEvent eventKind,
+        string runId,
+        PipelineExecutionMode mode)
+        => new(StringComparer.OrdinalIgnoreCase)
+        {
+            ["surface"] = "Pipelines",
+            ["pipelineName"] = package.Name,
+            ["pipelineVersion"] = package.Version,
+            ["runId"] = runId,
+            ["mode"] = mode.ToString(),
+            ["event"] = eventKind.ToString(),
+            ["location"] = $"hooks.{eventKind}",
+            ["ownerKind"] = "Pipeline",
+            ["ownerId"] = package.Name,
+            ["ownerName"] = package.Name,
+            ["correlationId"] = runId,
+        };
+
     private static string FormatErrorSummary(string step, string? component, PipelineRowBatch? batch, Exception exception)
     {
         var segments = new List<string>
diff --git a/src/CSharpDB.Pipelines/Serialization/ObjectDictionaryConverter.cs b/src/CSharpDB.Pipelines/Serialization/ObjectDictionaryConverter.cs
new file mode 100644
index 00000000..e3092904
--- /dev/null
+++ b/src/CSharpDB.Pipelines/Serialization/ObjectDictionaryConverter.cs
@@ -0,0 +1,111 @@
+using System.Globalization;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+namespace CSharpDB.Pipelines.Serialization;
+
+internal sealed class ObjectDictionaryConverter : JsonConverter<IReadOnlyDictionary<string, object?>>
+{
+    public override IReadOnlyDictionary<string, object?> Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+    {
+        if (reader.TokenType != JsonTokenType.StartObject)
+            throw new JsonException("Expected StartObject.");
+
+        return ReadDictionary(ref reader);
+    }
+
+    public override void Write(Utf8JsonWriter writer, IReadOnlyDictionary<string, object?> value, JsonSerializerOptions options)
+    {
+        writer.WriteStartObject();
+        foreach ((string key, object? item) in value)
+        {
+            writer.WritePropertyName(key);
+            WriteValue(writer, item, options);
+        }
+
+        writer.WriteEndObject();
+    }
+
+    private static void WriteValue(Utf8JsonWriter writer, object? value, JsonSerializerOptions options)
+    {
+        switch (value)
+        {
+            case null:
+                writer.WriteNullValue();
+                break;
+            case bool boolValue:
+                writer.WriteBooleanValue(boolValue);
+                break;
+            case byte or sbyte or short or ushort or int or uint or long:
+                writer.WriteNumberValue(Convert.ToInt64(value, CultureInfo.InvariantCulture));
+                break;
+            case float or double or decimal:
+                writer.WriteNumberValue(Convert.ToDouble(value, CultureInfo.InvariantCulture));
+                break;
+            case string text:
+                writer.WriteStringValue(text);
+                break;
+            default:
+                JsonSerializer.Serialize(writer, value, options);
+                break;
+        }
+    }
+
+    private static Dictionary<string, object?> ReadDictionary(ref Utf8JsonReader reader)
+    {
+        var dict = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+
+        while (reader.Read())
+        {
+            if (reader.TokenType == JsonTokenType.EndObject)
+                return dict;
+
+            if (reader.TokenType != JsonTokenType.PropertyName)
+                throw new JsonException("Expected PropertyName.");
+
+            string key = reader.GetString() ?? string.Empty;
+            reader.Read();
+            dict[key] = ReadValue(ref reader);
+        }
+
+        throw new JsonException("Unexpected end of JSON.");
+    }
+
+    private static object? ReadValue(ref Utf8JsonReader reader)
+    {
+        return reader.TokenType switch
+        {
+            JsonTokenType.Null => null,
+            JsonTokenType.True => true,
+            JsonTokenType.False => false,
+            JsonTokenType.String => reader.GetString(),
+            JsonTokenType.Number => ReadNumber(ref reader),
+            JsonTokenType.StartObject => ReadDictionary(ref reader),
+            JsonTokenType.StartArray => ReadArray(ref reader),
+            _ => throw new JsonException($"Unexpected token {reader.TokenType}."),
+        };
+    }
+
+    private static object ReadNumber(ref Utf8JsonReader reader)
+    {
+        decimal number = reader.GetDecimal();
+        if (number >= long.MinValue && number <= long.MaxValue && decimal.Truncate(number) == number)
+            return (long)number;
+
+        return (double)number;
+    }
+
+    private static object?[] ReadArray(ref Utf8JsonReader reader)
+    {
+        var values = new List<object?>();
+        while (reader.Read())
+        {
+            if (reader.TokenType == JsonTokenType.EndArray)
+                return values.ToArray();
+
+            values.Add(ReadValue(ref reader));
+        }
+
+        throw new JsonException("Unexpected end of JSON in array.");
+    }
+}
diff --git a/src/CSharpDB.Pipelines/Serialization/PipelinePackageSerializer.cs b/src/CSharpDB.Pipelines/Serialization/PipelinePackageSerializer.cs
index 72c2809b..f8488161 100644
--- a/src/CSharpDB.Pipelines/Serialization/PipelinePackageSerializer.cs
+++ b/src/CSharpDB.Pipelines/Serialization/PipelinePackageSerializer.cs
@@ -13,6 +13,7 @@ public static class PipelinePackageSerializer
         PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
         Converters =
         {
+            new ObjectDictionaryConverter(),
             new JsonStringEnumConverter(JsonNamingPolicy.CamelCase),
         },
     };
@@ -20,15 +21,16 @@ public static class PipelinePackageSerializer
     public static string Serialize(PipelinePackageDefinition package)
     {
         ArgumentNullException.ThrowIfNull(package);
-        return JsonSerializer.Serialize(package, s_options);
+        return JsonSerializer.Serialize(PipelineAutomationMetadata.NormalizeForExport(package), s_options);
     }
 
     public static PipelinePackageDefinition Deserialize(string json)
     {
         ArgumentException.ThrowIfNullOrWhiteSpace(json);
 
-        var package = JsonSerializer.Deserialize<PipelinePackageDefinition>(json, s_options);
-        return package ?? throw new InvalidOperationException("Pipeline package JSON did not deserialize into a package definition.");
+        var package = JsonSerializer.Deserialize<PipelinePackageDefinition>(json, s_options)
+            ?? throw new InvalidOperationException("Pipeline package JSON did not deserialize into a package definition.");
+        return PipelineAutomationMetadata.NormalizeForExport(package);
     }
 
     public static async Task<PipelinePackageDefinition> LoadFromFileAsync(string path, CancellationToken ct = default)
@@ -36,8 +38,9 @@ public static async Task<PipelinePackageDefinition> LoadFromFileAsync(string pat
         ArgumentException.ThrowIfNullOrWhiteSpace(path);
 
         await using var stream = File.OpenRead(path);
-        var package = await JsonSerializer.DeserializeAsync<PipelinePackageDefinition>(stream, s_options, ct);
-        return package ?? throw new InvalidOperationException($"Pipeline package file '{path}' did not deserialize into a package definition.");
+        var package = await JsonSerializer.DeserializeAsync<PipelinePackageDefinition>(stream, s_options, ct)
+            ?? throw new InvalidOperationException($"Pipeline package file '{path}' did not deserialize into a package definition.");
+        return PipelineAutomationMetadata.NormalizeForExport(package);
     }
 
     public static async Task SaveToFileAsync(PipelinePackageDefinition package, string path, CancellationToken ct = default)
@@ -52,6 +55,6 @@ public static async Task SaveToFileAsync(PipelinePackageDefinition package, stri
         }
 
         await using var stream = File.Create(path);
-        await JsonSerializer.SerializeAsync(stream, package, s_options, ct);
+        await JsonSerializer.SerializeAsync(stream, PipelineAutomationMetadata.NormalizeForExport(package), s_options, ct);
     }
 }
diff --git a/src/CSharpDB.Pipelines/Validation/PipelinePackageValidator.cs b/src/CSharpDB.Pipelines/Validation/PipelinePackageValidator.cs
index d127672d..5efb19eb 100644
--- a/src/CSharpDB.Pipelines/Validation/PipelinePackageValidator.cs
+++ b/src/CSharpDB.Pipelines/Validation/PipelinePackageValidator.cs
@@ -1,4 +1,5 @@
 using CSharpDB.Pipelines.Models;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Pipelines.Validation;
 
@@ -25,6 +26,8 @@ public static PipelineValidationResult Validate(PipelinePackageDefinition packag
         ValidateOptions(package.Options, errors);
         ValidateIncremental(package.Incremental, errors);
         ValidateTransforms(package.Transforms, errors);
+        ValidateHooks(package.Hooks, errors);
+        ValidateAutomation(package, errors);
 
         return errors.Count == 0
             ? PipelineValidationResult.Success
@@ -179,6 +182,10 @@ private static void ValidateTransforms(IReadOnlyList<PipelineTransformDefinition
                     {
                         errors.Add(Error("pipeline.transform.filter.expression.required", $"{path}.filterExpression", "Filter transforms require an expression."));
                     }
+                    else
+                    {
+                        ValidateFunctionSyntax(transform.FilterExpression, $"{path}.filterExpression", errors);
+                    }
                     break;
 
                 case PipelineTransformKind.Derive:
@@ -195,6 +202,10 @@ private static void ValidateTransforms(IReadOnlyList<PipelineTransformDefinition
                         {
                             errors.Add(Error("pipeline.transform.derive.column.invalid", $"{path}.derivedColumns[{derivedIndex}]", "Derived columns require both a name and an expression."));
                         }
+                        else
+                        {
+                            ValidateFunctionSyntax(derived.Expression, $"{path}.derivedColumns[{derivedIndex}].expression", errors);
+                        }
                     }
                     break;
 
@@ -208,6 +219,201 @@ private static void ValidateTransforms(IReadOnlyList<PipelineTransformDefinition
         }
     }
 
+    private static void ValidateHooks(IReadOnlyList<PipelineCommandHookDefinition>? hooks, List<PipelineValidationIssue> errors)
+    {
+        if (hooks is null)
+            return;
+
+        for (int i = 0; i < hooks.Count; i++)
+        {
+            PipelineCommandHookDefinition hook = hooks[i];
+            string path = $"hooks[{i}]";
+
+            if (string.IsNullOrWhiteSpace(hook.CommandName))
+            {
+                errors.Add(Error("pipeline.hook.command.required", $"{path}.commandName", "Pipeline command hooks require a command name."));
+            }
+
+            if (hook.Arguments is null)
+                continue;
+
+            foreach (string key in hook.Arguments.Keys)
+            {
+                if (string.IsNullOrWhiteSpace(key))
+                {
+                    errors.Add(Error("pipeline.hook.argument.name.required", $"{path}.arguments", "Pipeline command hook arguments require non-empty names."));
+                    break;
+                }
+            }
+        }
+    }
+
+    private static void ValidateAutomation(PipelinePackageDefinition package, List<PipelineValidationIssue> errors)
+    {
+        DbAutomationMetadata? automation = package.Automation;
+        if (automation is null)
+            return;
+
+        if (automation.MetadataVersion != DbAutomationMetadata.CurrentMetadataVersion)
+        {
+            errors.Add(Error(
+                "pipeline.automation.version.unsupported",
+                "automation.metadataVersion",
+                $"Automation metadata version {automation.MetadataVersion} is not supported."));
+        }
+
+        DbAutomationMetadata expected = PipelineAutomationMetadata.Build(package);
+        HashSet<string> expectedCommands = CommandKeys(expected.Commands);
+        HashSet<string> actualCommands = CommandKeys(automation.Commands);
+        HashSet<string> expectedFunctions = ScalarFunctionKeys(expected.ScalarFunctions);
+        HashSet<string> actualFunctions = ScalarFunctionKeys(automation.ScalarFunctions);
+
+        if (!expectedCommands.SetEquals(actualCommands))
+        {
+            errors.Add(Error(
+                "pipeline.automation.commands.outOfDate",
+                "automation.commands",
+                "Automation command metadata is out of date. Re-export the package to refresh it."));
+        }
+
+        if (!expectedFunctions.SetEquals(actualFunctions))
+        {
+            errors.Add(Error(
+                "pipeline.automation.scalarFunctions.outOfDate",
+                "automation.scalarFunctions",
+                "Automation scalar function metadata is out of date. Re-export the package to refresh it."));
+        }
+    }
+
+    private static HashSet<string> CommandKeys(IReadOnlyList<DbAutomationCommandReference>? commands)
+        => commands is null
+            ? new HashSet<string>(StringComparer.OrdinalIgnoreCase)
+            : commands
+                .Select(static command => $"{command.Name}|{command.Surface}|{command.Location}")
+                .ToHashSet(StringComparer.OrdinalIgnoreCase);
+
+    private static HashSet<string> ScalarFunctionKeys(IReadOnlyList<DbAutomationScalarFunctionReference>? functions)
+        => functions is null
+            ? new HashSet<string>(StringComparer.OrdinalIgnoreCase)
+            : functions
+                .Select(static function => $"{function.Name}|{function.Arity}|{function.Surface}|{function.Location}")
+                .ToHashSet(StringComparer.OrdinalIgnoreCase);
+
+    private static void ValidateFunctionSyntax(string expression, string path, List<PipelineValidationIssue> errors)
+    {
+        bool inString = false;
+        for (int i = 0; i < expression.Length; i++)
+        {
+            if (expression[i] == '\'')
+            {
+                inString = !inString;
+                continue;
+            }
+
+            if (inString)
+                continue;
+
+            if (!IsIdentifierStart(expression[i]))
+                continue;
+
+            int nameStart = i;
+            i++;
+            while (i < expression.Length && IsIdentifierPart(expression[i]))
+                i++;
+
+            int cursor = i;
+            while (cursor < expression.Length && char.IsWhiteSpace(expression[cursor]))
+                cursor++;
+
+            if (cursor >= expression.Length || expression[cursor] != '(')
+                continue;
+
+            if (!TryValidateFunctionArguments(expression, cursor, out int closeParen))
+            {
+                errors.Add(Error(
+                    "pipeline.expression.function.syntax",
+                    path,
+                    $"Function call '{expression[nameStart..Math.Min(expression.Length, cursor + 1)]}...' is malformed."));
+                return;
+            }
+
+            i = closeParen;
+        }
+    }
+
+    private static bool TryValidateFunctionArguments(string expression, int openParen, out int closeParen)
+    {
+        closeParen = -1;
+        int depth = 0;
+        bool inString = false;
+        bool expectingArgument = true;
+        bool sawArgument = false;
+
+        for (int i = openParen; i < expression.Length; i++)
+        {
+            char ch = expression[i];
+            if (ch == '\'')
+            {
+                inString = !inString;
+                expectingArgument = false;
+                sawArgument = true;
+                continue;
+            }
+
+            if (inString)
+                continue;
+
+            if (ch == '(')
+            {
+                depth++;
+                if (depth > 1)
+                {
+                    expectingArgument = false;
+                    sawArgument = true;
+                }
+                continue;
+            }
+
+            if (ch == ')')
+            {
+                depth--;
+                if (depth < 0)
+                    return false;
+
+                if (depth == 0)
+                {
+                    closeParen = i;
+                    return !inString && (!expectingArgument || !sawArgument);
+                }
+
+                continue;
+            }
+
+            if (ch == ',' && depth == 1)
+            {
+                if (expectingArgument)
+                    return false;
+
+                expectingArgument = true;
+                continue;
+            }
+
+            if (!char.IsWhiteSpace(ch))
+            {
+                expectingArgument = false;
+                sawArgument = true;
+            }
+        }
+
+        return false;
+    }
+
+    private static bool IsIdentifierStart(char value)
+        => char.IsLetter(value) || value == '_';
+
+    private static bool IsIdentifierPart(char value)
+        => char.IsLetterOrDigit(value) || value == '_';
+
     private static PipelineValidationIssue Error(string code, string path, string message) => new()
     {
         Code = code,
diff --git a/src/CSharpDB.Primitives/AutomationManifestValidation.cs b/src/CSharpDB.Primitives/AutomationManifestValidation.cs
new file mode 100644
index 00000000..8eaa5b21
--- /dev/null
+++ b/src/CSharpDB.Primitives/AutomationManifestValidation.cs
@@ -0,0 +1,406 @@
+namespace CSharpDB.Primitives;
+
+public sealed record AutomationValidationResult(
+    bool Succeeded,
+    IReadOnlyList<AutomationValidationIssue> Issues);
+
+public sealed record AutomationValidationIssue(
+    AutomationValidationSeverity Severity,
+    AutomationCallbackKind CallbackKind,
+    string Name,
+    string Surface,
+    string Location,
+    string Message,
+    int? ExpectedArity = null);
+
+public sealed record AutomationManifestValidationOptions(bool RequireMetadata = false)
+{
+    public static AutomationManifestValidationOptions Default { get; } = new();
+}
+
+public enum AutomationValidationSeverity
+{
+    Warning,
+    Error,
+}
+
+public enum AutomationCallbackKind
+{
+    Unknown,
+    ScalarFunction,
+    Command,
+    ValidationRule,
+}
+
+public static class AutomationManifestValidator
+{
+    private const string UnknownSurface = "unknown";
+    private const string UnknownLocation = "$";
+
+    public static AutomationValidationResult Validate(
+        DbAutomationMetadata? metadata,
+        DbFunctionRegistry functions,
+        DbCommandRegistry commands)
+        => Validate(metadata, functions, commands, DbValidationRuleRegistry.Empty, AutomationManifestValidationOptions.Default);
+
+    public static AutomationValidationResult Validate(
+        DbAutomationMetadata? metadata,
+        DbFunctionRegistry functions,
+        DbCommandRegistry commands,
+        DbValidationRuleRegistry validationRules)
+        => Validate(metadata, functions, commands, validationRules, AutomationManifestValidationOptions.Default);
+
+    public static AutomationValidationResult Validate(
+        DbAutomationMetadata? metadata,
+        DbFunctionRegistry functions,
+        DbCommandRegistry commands,
+        AutomationManifestValidationOptions? options)
+        => Validate(metadata, functions, commands, DbValidationRuleRegistry.Empty, options);
+
+    public static AutomationValidationResult Validate(
+        DbAutomationMetadata? metadata,
+        DbFunctionRegistry functions,
+        DbCommandRegistry commands,
+        DbValidationRuleRegistry validationRules,
+        AutomationManifestValidationOptions? options)
+    {
+        ArgumentNullException.ThrowIfNull(functions);
+        ArgumentNullException.ThrowIfNull(commands);
+        ArgumentNullException.ThrowIfNull(validationRules);
+
+        options ??= AutomationManifestValidationOptions.Default;
+        var issues = new List<AutomationValidationIssue>();
+
+        if (metadata is null)
+        {
+            if (options.RequireMetadata)
+            {
+                issues.Add(new AutomationValidationIssue(
+                    AutomationValidationSeverity.Error,
+                    AutomationCallbackKind.Unknown,
+                    string.Empty,
+                    UnknownSurface,
+                    UnknownLocation,
+                    "Automation metadata is missing. Export or build automation metadata before validating callbacks."));
+            }
+
+            return CreateResult(issues);
+        }
+
+        AddDuplicateCommandIssues(metadata.Commands, issues);
+        AddDuplicateScalarFunctionIssues(metadata.ScalarFunctions, issues);
+        AddDuplicateValidationRuleIssues(metadata.ValidationRules, issues);
+        ValidateCommands(metadata.Commands, commands, issues);
+        ValidateScalarFunctions(metadata.ScalarFunctions, functions, issues);
+        ValidateValidationRules(metadata.ValidationRules, validationRules, issues);
+
+        return CreateResult(issues);
+    }
+
+    private static void AddDuplicateCommandIssues(
+        IReadOnlyList<DbAutomationCommandReference>? references,
+        List<AutomationValidationIssue> issues)
+    {
+        if (references is null || references.Count == 0)
+            return;
+
+        var occurrences = new Dictionary<string, DuplicateOccurrence>(StringComparer.OrdinalIgnoreCase);
+        foreach (DbAutomationCommandReference reference in references)
+        {
+            string name = NormalizeName(reference.Name);
+            string surface = NormalizeSurface(reference.Surface);
+            string location = NormalizeLocation(reference.Location);
+            string key = CreateKey(name, surface, location);
+
+            occurrences[key] = occurrences.TryGetValue(key, out DuplicateOccurrence? occurrence)
+                ? occurrence.Increment()
+                : new DuplicateOccurrence(name, surface, location, Count: 1, Arity: null);
+        }
+
+        foreach (DuplicateOccurrence occurrence in occurrences.Values
+            .Where(static occurrence => occurrence.Count > 1)
+            .OrderBy(static occurrence => occurrence.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static occurrence => occurrence.Surface, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static occurrence => occurrence.Location, StringComparer.OrdinalIgnoreCase))
+        {
+            issues.Add(new AutomationValidationIssue(
+                AutomationValidationSeverity.Warning,
+                AutomationCallbackKind.Command,
+                occurrence.Name,
+                occurrence.Surface,
+                occurrence.Location,
+                $"Command '{occurrence.Name}' is referenced {occurrence.Count} times at {occurrence.Surface}:{occurrence.Location}. Remove duplicate metadata entries."));
+        }
+    }
+
+    private static void AddDuplicateScalarFunctionIssues(
+        IReadOnlyList<DbAutomationScalarFunctionReference>? references,
+        List<AutomationValidationIssue> issues)
+    {
+        if (references is null || references.Count == 0)
+            return;
+
+        var occurrences = new Dictionary<string, DuplicateOccurrence>(StringComparer.OrdinalIgnoreCase);
+        foreach (DbAutomationScalarFunctionReference reference in references)
+        {
+            string name = NormalizeName(reference.Name);
+            string surface = NormalizeSurface(reference.Surface);
+            string location = NormalizeLocation(reference.Location);
+            string key = CreateKey(name, reference.Arity.ToString(System.Globalization.CultureInfo.InvariantCulture), surface, location);
+
+            occurrences[key] = occurrences.TryGetValue(key, out DuplicateOccurrence? occurrence)
+                ? occurrence.Increment()
+                : new DuplicateOccurrence(name, surface, location, Count: 1, reference.Arity);
+        }
+
+        foreach (DuplicateOccurrence occurrence in occurrences.Values
+            .Where(static occurrence => occurrence.Count > 1)
+            .OrderBy(static occurrence => occurrence.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static occurrence => occurrence.Arity)
+            .ThenBy(static occurrence => occurrence.Surface, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static occurrence => occurrence.Location, StringComparer.OrdinalIgnoreCase))
+        {
+            issues.Add(new AutomationValidationIssue(
+                AutomationValidationSeverity.Warning,
+                AutomationCallbackKind.ScalarFunction,
+                occurrence.Name,
+                occurrence.Surface,
+                occurrence.Location,
+                $"Scalar function '{occurrence.Name}' with arity {occurrence.Arity} is referenced {occurrence.Count} times at {occurrence.Surface}:{occurrence.Location}. Remove duplicate metadata entries.",
+                occurrence.Arity));
+        }
+    }
+
+    private static void AddDuplicateValidationRuleIssues(
+        IReadOnlyList<DbAutomationValidationRuleReference>? references,
+        List<AutomationValidationIssue> issues)
+    {
+        if (references is null || references.Count == 0)
+            return;
+
+        var occurrences = new Dictionary<string, DuplicateOccurrence>(StringComparer.OrdinalIgnoreCase);
+        foreach (DbAutomationValidationRuleReference reference in references)
+        {
+            string name = NormalizeName(reference.Name);
+            string surface = NormalizeSurface(reference.Surface);
+            string location = NormalizeLocation(reference.Location);
+            string key = CreateKey(name, surface, location);
+
+            occurrences[key] = occurrences.TryGetValue(key, out DuplicateOccurrence? occurrence)
+                ? occurrence.Increment()
+                : new DuplicateOccurrence(name, surface, location, Count: 1, Arity: null);
+        }
+
+        foreach (DuplicateOccurrence occurrence in occurrences.Values
+            .Where(static occurrence => occurrence.Count > 1)
+            .OrderBy(static occurrence => occurrence.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static occurrence => occurrence.Surface, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static occurrence => occurrence.Location, StringComparer.OrdinalIgnoreCase))
+        {
+            issues.Add(new AutomationValidationIssue(
+                AutomationValidationSeverity.Warning,
+                AutomationCallbackKind.ValidationRule,
+                occurrence.Name,
+                occurrence.Surface,
+                occurrence.Location,
+                $"Validation rule '{occurrence.Name}' is referenced {occurrence.Count} times at {occurrence.Surface}:{occurrence.Location}. Remove duplicate metadata entries."));
+        }
+    }
+
+    private static void ValidateCommands(
+        IReadOnlyList<DbAutomationCommandReference>? references,
+        DbCommandRegistry commands,
+        List<AutomationValidationIssue> issues)
+    {
+        if (references is null || references.Count == 0)
+            return;
+
+        var seen = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+        foreach (DbAutomationCommandReference reference in references)
+        {
+            string name = NormalizeName(reference.Name);
+            string surface = NormalizeSurface(reference.Surface);
+            string location = NormalizeLocation(reference.Location);
+            if (!seen.Add(CreateKey(name, surface, location)))
+                continue;
+
+            if (string.IsNullOrWhiteSpace(name))
+            {
+                issues.Add(new AutomationValidationIssue(
+                    AutomationValidationSeverity.Error,
+                    AutomationCallbackKind.Command,
+                    name,
+                    surface,
+                    location,
+                    $"Command reference at {surface}:{location} has no command name."));
+                continue;
+            }
+
+            if (!commands.ContainsCommandName(name))
+            {
+                issues.Add(new AutomationValidationIssue(
+                    AutomationValidationSeverity.Error,
+                    AutomationCallbackKind.Command,
+                    name,
+                    surface,
+                    location,
+                    $"Command '{name}' is referenced by {surface} at {location}, but it is not registered in the host command registry."));
+            }
+        }
+    }
+
+    private static void ValidateScalarFunctions(
+        IReadOnlyList<DbAutomationScalarFunctionReference>? references,
+        DbFunctionRegistry functions,
+        List<AutomationValidationIssue> issues)
+    {
+        if (references is null || references.Count == 0)
+            return;
+
+        var seen = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+        foreach (DbAutomationScalarFunctionReference reference in references)
+        {
+            string name = NormalizeName(reference.Name);
+            string surface = NormalizeSurface(reference.Surface);
+            string location = NormalizeLocation(reference.Location);
+            string key = CreateKey(name, reference.Arity.ToString(System.Globalization.CultureInfo.InvariantCulture), surface, location);
+            if (!seen.Add(key))
+                continue;
+
+            if (string.IsNullOrWhiteSpace(name))
+            {
+                issues.Add(new AutomationValidationIssue(
+                    AutomationValidationSeverity.Error,
+                    AutomationCallbackKind.ScalarFunction,
+                    name,
+                    surface,
+                    location,
+                    $"Scalar function reference at {surface}:{location} has no function name.",
+                    reference.Arity));
+                continue;
+            }
+
+            if (reference.Arity < 0)
+            {
+                issues.Add(new AutomationValidationIssue(
+                    AutomationValidationSeverity.Error,
+                    AutomationCallbackKind.ScalarFunction,
+                    name,
+                    surface,
+                    location,
+                    $"Scalar function '{name}' is referenced by {surface} at {location} with invalid arity {reference.Arity}. Arity must be zero or greater.",
+                    reference.Arity));
+                continue;
+            }
+
+            if (functions.TryGetScalar(name, reference.Arity, out _))
+                continue;
+
+            if (functions.ContainsScalarName(name))
+            {
+                string registeredArities = FormatRegisteredArities(functions, name);
+                issues.Add(new AutomationValidationIssue(
+                    AutomationValidationSeverity.Error,
+                    AutomationCallbackKind.ScalarFunction,
+                    name,
+                    surface,
+                    location,
+                    $"Scalar function '{name}' is referenced by {surface} at {location} with arity {reference.Arity}, but the host registry has {registeredArities}. Register it with arity {reference.Arity} or update the metadata expression.",
+                    reference.Arity));
+                continue;
+            }
+
+            issues.Add(new AutomationValidationIssue(
+                AutomationValidationSeverity.Error,
+                AutomationCallbackKind.ScalarFunction,
+                name,
+                surface,
+                location,
+                $"Scalar function '{name}' is referenced by {surface} at {location} with arity {reference.Arity}, but it is not registered in the host function registry.",
+                reference.Arity));
+        }
+    }
+
+    private static void ValidateValidationRules(
+        IReadOnlyList<DbAutomationValidationRuleReference>? references,
+        DbValidationRuleRegistry validationRules,
+        List<AutomationValidationIssue> issues)
+    {
+        if (references is null || references.Count == 0)
+            return;
+
+        var seen = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+        foreach (DbAutomationValidationRuleReference reference in references)
+        {
+            string name = NormalizeName(reference.Name);
+            string surface = NormalizeSurface(reference.Surface);
+            string location = NormalizeLocation(reference.Location);
+            if (!seen.Add(CreateKey(name, surface, location)))
+                continue;
+
+            if (string.IsNullOrWhiteSpace(name))
+            {
+                issues.Add(new AutomationValidationIssue(
+                    AutomationValidationSeverity.Error,
+                    AutomationCallbackKind.ValidationRule,
+                    name,
+                    surface,
+                    location,
+                    $"Validation rule reference at {surface}:{location} has no rule name."));
+                continue;
+            }
+
+            if (!validationRules.ContainsRuleName(name))
+            {
+                issues.Add(new AutomationValidationIssue(
+                    AutomationValidationSeverity.Error,
+                    AutomationCallbackKind.ValidationRule,
+                    name,
+                    surface,
+                    location,
+                    $"Validation rule '{name}' is referenced by {surface} at {location}, but it is not registered in the host validation rule registry."));
+            }
+        }
+    }
+
+    private static AutomationValidationResult CreateResult(IReadOnlyList<AutomationValidationIssue> issues)
+        => new(
+            !issues.Any(static issue => issue.Severity == AutomationValidationSeverity.Error),
+            issues.ToArray());
+
+    private static string FormatRegisteredArities(DbFunctionRegistry functions, string name)
+    {
+        int[] arities = functions.ScalarFunctions
+            .Where(function => string.Equals(function.Name, name, StringComparison.OrdinalIgnoreCase))
+            .Select(static function => function.Arity)
+            .Order()
+            .ToArray();
+
+        return arities.Length == 1
+            ? $"arity {arities[0]}"
+            : $"arities {string.Join(", ", arities)}";
+    }
+
+    private static string NormalizeName(string? value)
+        => value?.Trim() ?? string.Empty;
+
+    private static string NormalizeSurface(string? value)
+        => string.IsNullOrWhiteSpace(value) ? UnknownSurface : value.Trim();
+
+    private static string NormalizeLocation(string? value)
+        => string.IsNullOrWhiteSpace(value) ? UnknownLocation : value.Trim();
+
+    private static string CreateKey(params string[] parts)
+        => string.Join('\u001f', parts);
+
+    private sealed record DuplicateOccurrence(
+        string Name,
+        string Surface,
+        string Location,
+        int Count,
+        int? Arity)
+    {
+        public DuplicateOccurrence Increment()
+            => this with { Count = Count + 1 };
+    }
+}
diff --git a/src/CSharpDB.Primitives/AutomationStubGeneration.cs b/src/CSharpDB.Primitives/AutomationStubGeneration.cs
new file mode 100644
index 00000000..6c007304
--- /dev/null
+++ b/src/CSharpDB.Primitives/AutomationStubGeneration.cs
@@ -0,0 +1,372 @@
+using System.Globalization;
+using System.Text;
+
+namespace CSharpDB.Primitives;
+
+public sealed record AutomationStubGenerationOptions(
+    string Namespace = "CSharpDbAutomation",
+    string ClassName = "CSharpDbAutomationRegistration",
+    string MethodName = "Register");
+
+public static class AutomationStubGenerator
+{
+    public static string GenerateCSharp(
+        DbAutomationMetadata metadata,
+        AutomationStubGenerationOptions? options = null)
+    {
+        ArgumentNullException.ThrowIfNull(metadata);
+
+        options ??= new AutomationStubGenerationOptions();
+        ValidateOptions(options);
+
+        CallbackGroup[] scalarFunctions = GetScalarFunctionGroups(metadata);
+        CallbackGroup[] commands = GetCommandGroups(metadata);
+        CallbackGroup[] validationRules = GetValidationRuleGroups(metadata);
+
+        var source = new StringBuilder();
+        source.AppendLine("using System;");
+        source.AppendLine("using System.Threading.Tasks;");
+        source.AppendLine("using CSharpDB.Primitives;");
+        source.AppendLine();
+        source.Append("namespace ");
+        source.Append(options.Namespace);
+        source.AppendLine(";");
+        source.AppendLine();
+        source.Append("public static class ");
+        source.AppendLine(options.ClassName);
+        source.AppendLine("{");
+        source.Append("    public static void ");
+        source.Append(options.MethodName);
+        source.AppendLine("(DbFunctionRegistryBuilder functions, DbCommandRegistryBuilder commands, DbValidationRuleRegistryBuilder validationRules)");
+        source.AppendLine("    {");
+        source.AppendLine("        ArgumentNullException.ThrowIfNull(functions);");
+        source.AppendLine("        ArgumentNullException.ThrowIfNull(commands);");
+        source.AppendLine("        ArgumentNullException.ThrowIfNull(validationRules);");
+
+        bool wroteRegistration = false;
+        foreach (CallbackGroup function in scalarFunctions)
+        {
+            source.AppendLine();
+            AppendScalarFunction(source, function);
+            wroteRegistration = true;
+        }
+
+        foreach (CallbackGroup command in commands)
+        {
+            source.AppendLine();
+            AppendCommand(source, command);
+            wroteRegistration = true;
+        }
+
+        foreach (CallbackGroup validationRule in validationRules)
+        {
+            source.AppendLine();
+            AppendValidationRule(source, validationRule);
+            wroteRegistration = true;
+        }
+
+        if (!wroteRegistration)
+        {
+            source.AppendLine();
+            source.AppendLine("        // No trusted C# callbacks were found in the automation metadata.");
+        }
+
+        source.AppendLine("    }");
+        source.AppendLine("}");
+
+        return source.ToString();
+    }
+
+    private static void AppendScalarFunction(StringBuilder source, CallbackGroup function)
+    {
+        source.AppendLine("        functions.AddScalar(");
+        source.Append("            ");
+        source.Append(ToStringLiteral(function.Name));
+        source.AppendLine(",");
+        source.Append("            arity: ");
+        source.Append(function.Arity!.Value.ToString(CultureInfo.InvariantCulture));
+        source.AppendLine(",");
+        source.AppendLine("            options: new DbScalarFunctionOptions(DbType.Text),");
+        source.AppendLine("            invoke: static (context, args) =>");
+        source.AppendLine("            {");
+        AppendReferenceComments(source, function);
+        source.Append("                throw new NotImplementedException(");
+        source.Append(ToStringLiteral($"Implement trusted scalar function '{function.Name}'."));
+        source.AppendLine(");");
+        source.AppendLine("            });");
+    }
+
+    private static void AppendCommand(StringBuilder source, CallbackGroup command)
+    {
+        source.AppendLine("        commands.AddAsyncCommand(");
+        source.Append("            ");
+        source.Append(ToStringLiteral(command.Name));
+        source.AppendLine(",");
+        source.AppendLine("            static async (context, ct) =>");
+        source.AppendLine("            {");
+        AppendReferenceComments(source, command);
+        source.AppendLine("                await Task.CompletedTask;");
+        source.Append("                throw new NotImplementedException(");
+        source.Append(ToStringLiteral($"Implement trusted command '{command.Name}'."));
+        source.AppendLine(");");
+        source.AppendLine("            });");
+    }
+
+    private static void AppendValidationRule(StringBuilder source, CallbackGroup validationRule)
+    {
+        source.AppendLine("        validationRules.AddRule(");
+        source.Append("            ");
+        source.Append(ToStringLiteral(validationRule.Name));
+        source.AppendLine(",");
+        source.AppendLine("            static async (context, ct) =>");
+        source.AppendLine("            {");
+        AppendReferenceComments(source, validationRule);
+        source.AppendLine("                await Task.CompletedTask;");
+        source.Append("                throw new NotImplementedException(");
+        source.Append(ToStringLiteral($"Implement trusted validation rule '{validationRule.Name}'."));
+        source.AppendLine(");");
+        source.AppendLine("            });");
+    }
+
+    private static void AppendReferenceComments(StringBuilder source, CallbackGroup callback)
+    {
+        source.AppendLine("                // References:");
+        foreach (CallbackLocation location in callback.Locations)
+        {
+            source.Append("                // - ");
+            source.Append(SanitizeComment(location.Surface));
+            source.Append(": ");
+            source.AppendLine(SanitizeComment(location.Location));
+        }
+    }
+
+    private static CallbackGroup[] GetScalarFunctionGroups(DbAutomationMetadata metadata)
+        => (metadata.ScalarFunctions ?? [])
+            .Where(static reference => !string.IsNullOrWhiteSpace(reference.Name))
+            .GroupBy(
+                static reference => $"{reference.Name.Trim()}|{reference.Arity}",
+                StringComparer.OrdinalIgnoreCase)
+            .Select(static group =>
+            {
+                DbAutomationScalarFunctionReference first = group.First();
+                return new CallbackGroup(
+                    first.Name.Trim(),
+                    first.Arity,
+                    GetLocations(group.Select(static reference => new CallbackLocation(reference.Surface, reference.Location))));
+            })
+            .OrderBy(static group => group.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static group => group.Arity)
+            .ToArray();
+
+    private static CallbackGroup[] GetCommandGroups(DbAutomationMetadata metadata)
+        => (metadata.Commands ?? [])
+            .Where(static reference => !string.IsNullOrWhiteSpace(reference.Name))
+            .GroupBy(
+                static reference => reference.Name.Trim(),
+                StringComparer.OrdinalIgnoreCase)
+            .Select(static group =>
+            {
+                DbAutomationCommandReference first = group.First();
+                return new CallbackGroup(
+                    first.Name.Trim(),
+                    Arity: null,
+                    GetLocations(group.Select(static reference => new CallbackLocation(reference.Surface, reference.Location))));
+            })
+            .OrderBy(static group => group.Name, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+    private static CallbackGroup[] GetValidationRuleGroups(DbAutomationMetadata metadata)
+        => (metadata.ValidationRules ?? [])
+            .Where(static reference => !string.IsNullOrWhiteSpace(reference.Name))
+            .GroupBy(
+                static reference => reference.Name.Trim(),
+                StringComparer.OrdinalIgnoreCase)
+            .Select(static group =>
+            {
+                DbAutomationValidationRuleReference first = group.First();
+                return new CallbackGroup(
+                    first.Name.Trim(),
+                    Arity: null,
+                    GetLocations(group.Select(static reference => new CallbackLocation(reference.Surface, reference.Location))));
+            })
+            .OrderBy(static group => group.Name, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+    private static CallbackLocation[] GetLocations(IEnumerable<CallbackLocation> locations)
+        => locations
+            .Select(static location => new CallbackLocation(
+                NormalizeCommentValue(location.Surface, "unknown"),
+                NormalizeCommentValue(location.Location, "$")))
+            .GroupBy(
+                static location => $"{location.Surface}|{location.Location}",
+                StringComparer.OrdinalIgnoreCase)
+            .Select(static group => group.First())
+            .OrderBy(static location => location.Surface, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static location => location.Location, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+    private static string ToStringLiteral(string value)
+    {
+        var literal = new StringBuilder(value.Length + 2);
+        literal.Append('"');
+        foreach (char ch in value)
+        {
+            literal.Append(ch switch
+            {
+                '\\' => "\\\\",
+                '"' => "\\\"",
+                '\0' => "\\0",
+                '\a' => "\\a",
+                '\b' => "\\b",
+                '\f' => "\\f",
+                '\n' => "\\n",
+                '\r' => "\\r",
+                '\t' => "\\t",
+                '\v' => "\\v",
+                _ when char.IsControl(ch) => "\\u" + ((int)ch).ToString("X4", CultureInfo.InvariantCulture),
+                _ => ch.ToString(),
+            });
+        }
+
+        literal.Append('"');
+        return literal.ToString();
+    }
+
+    private static string SanitizeComment(string value)
+    {
+        var sanitized = new StringBuilder(value.Length);
+        foreach (char ch in value)
+            sanitized.Append(char.IsControl(ch) ? ' ' : ch);
+
+        return sanitized.ToString().Trim();
+    }
+
+    private static string NormalizeCommentValue(string? value, string fallback)
+        => string.IsNullOrWhiteSpace(value) ? fallback : value.Trim();
+
+    private static void ValidateOptions(AutomationStubGenerationOptions options)
+    {
+        ValidateNamespace(options.Namespace);
+        ValidateIdentifier(options.ClassName, nameof(options.ClassName));
+        ValidateIdentifier(options.MethodName, nameof(options.MethodName));
+    }
+
+    private static void ValidateNamespace(string value)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(value);
+
+        foreach (string part in value.Split('.'))
+            ValidateIdentifier(part, nameof(AutomationStubGenerationOptions.Namespace));
+    }
+
+    private static void ValidateIdentifier(string value, string parameterName)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(value, parameterName);
+
+        if (s_csharpKeywords.Contains(value))
+            throw new ArgumentException($"'{value}' is a reserved C# keyword.", parameterName);
+
+        if (!IsIdentifierStart(value[0]))
+            throw new ArgumentException($"'{value}' is not a valid C# identifier.", parameterName);
+
+        for (int i = 1; i < value.Length; i++)
+        {
+            if (!IsIdentifierPart(value[i]))
+                throw new ArgumentException($"'{value}' is not a valid C# identifier.", parameterName);
+        }
+    }
+
+    private static bool IsIdentifierStart(char value)
+        => char.IsLetter(value) || value == '_';
+
+    private static bool IsIdentifierPart(char value)
+        => char.IsLetterOrDigit(value) || value == '_';
+
+    private static readonly HashSet<string> s_csharpKeywords = new(StringComparer.Ordinal)
+    {
+        "abstract",
+        "as",
+        "base",
+        "bool",
+        "break",
+        "byte",
+        "case",
+        "catch",
+        "char",
+        "checked",
+        "class",
+        "const",
+        "continue",
+        "decimal",
+        "default",
+        "delegate",
+        "do",
+        "double",
+        "else",
+        "enum",
+        "event",
+        "explicit",
+        "extern",
+        "false",
+        "finally",
+        "fixed",
+        "float",
+        "for",
+        "foreach",
+        "goto",
+        "if",
+        "implicit",
+        "in",
+        "int",
+        "interface",
+        "internal",
+        "is",
+        "lock",
+        "long",
+        "namespace",
+        "new",
+        "null",
+        "object",
+        "operator",
+        "out",
+        "override",
+        "params",
+        "private",
+        "protected",
+        "public",
+        "readonly",
+        "ref",
+        "return",
+        "sbyte",
+        "sealed",
+        "short",
+        "sizeof",
+        "stackalloc",
+        "static",
+        "string",
+        "struct",
+        "switch",
+        "this",
+        "throw",
+        "true",
+        "try",
+        "typeof",
+        "uint",
+        "ulong",
+        "unchecked",
+        "unsafe",
+        "ushort",
+        "using",
+        "virtual",
+        "void",
+        "volatile",
+        "while",
+    };
+
+    private sealed record CallbackGroup(
+        string Name,
+        int? Arity,
+        IReadOnlyList<CallbackLocation> Locations);
+
+    private sealed record CallbackLocation(string Surface, string Location);
+}
diff --git a/src/CSharpDB.Primitives/DbActions.cs b/src/CSharpDB.Primitives/DbActions.cs
new file mode 100644
index 00000000..b94ad11a
--- /dev/null
+++ b/src/CSharpDB.Primitives/DbActions.cs
@@ -0,0 +1,42 @@
+namespace CSharpDB.Primitives;
+
+public enum DbActionKind
+{
+    RunCommand,
+    SetFieldValue,
+    ShowMessage,
+    Stop,
+    NewRecord,
+    SaveRecord,
+    DeleteRecord,
+    RefreshRecords,
+    PreviousRecord,
+    NextRecord,
+    GoToRecord,
+    RunActionSequence,
+    OpenForm,
+    CloseForm,
+    ApplyFilter,
+    ClearFilter,
+    RunSql,
+    RunProcedure,
+    SetControlProperty,
+    SetControlVisibility,
+    SetControlEnabled,
+    SetControlReadOnly,
+}
+
+public sealed record DbActionSequence(
+    IReadOnlyList<DbActionStep> Steps,
+    string? Name = null);
+
+public sealed record DbActionStep(
+    DbActionKind Kind,
+    string? CommandName = null,
+    string? Target = null,
+    object? Value = null,
+    string? Message = null,
+    IReadOnlyDictionary<string, object?>? Arguments = null,
+    bool StopOnFailure = true,
+    string? Condition = null,
+    string? SequenceName = null);
diff --git a/src/CSharpDB.Primitives/DbAutomationMetadata.cs b/src/CSharpDB.Primitives/DbAutomationMetadata.cs
new file mode 100644
index 00000000..b53e4c99
--- /dev/null
+++ b/src/CSharpDB.Primitives/DbAutomationMetadata.cs
@@ -0,0 +1,282 @@
+namespace CSharpDB.Primitives;
+
+public sealed record DbAutomationMetadata(
+    int MetadataVersion = DbAutomationMetadata.CurrentMetadataVersion,
+    IReadOnlyList<DbAutomationCommandReference>? Commands = null,
+    IReadOnlyList<DbAutomationScalarFunctionReference>? ScalarFunctions = null,
+    IReadOnlyList<DbAutomationValidationRuleReference>? ValidationRules = null)
+{
+    public const int CurrentMetadataVersion = 1;
+
+    public bool IsEmpty => (Commands is null || Commands.Count == 0)
+        && (ScalarFunctions is null || ScalarFunctions.Count == 0)
+        && (ValidationRules is null || ValidationRules.Count == 0);
+}
+
+public sealed record DbAutomationCommandReference(
+    string Name,
+    string Surface,
+    string Location);
+
+public sealed record DbAutomationScalarFunctionReference(
+    string Name,
+    int Arity,
+    string Surface,
+    string Location);
+
+public sealed record DbAutomationValidationRuleReference(
+    string Name,
+    string Surface,
+    string Location);
+
+public sealed record DbAutomationScalarFunctionCall(string Name, int Arity);
+
+public sealed class DbAutomationMetadataBuilder
+{
+    private readonly List<DbAutomationCommandReference> _commands = [];
+    private readonly List<DbAutomationScalarFunctionReference> _scalarFunctions = [];
+    private readonly List<DbAutomationValidationRuleReference> _validationRules = [];
+
+    public DbAutomationMetadataBuilder AddCommand(string? name, string surface, string location)
+    {
+        if (string.IsNullOrWhiteSpace(name))
+            return this;
+
+        ArgumentException.ThrowIfNullOrWhiteSpace(surface);
+        ArgumentException.ThrowIfNullOrWhiteSpace(location);
+        _commands.Add(new DbAutomationCommandReference(name.Trim(), surface.Trim(), location.Trim()));
+        return this;
+    }
+
+    public DbAutomationMetadataBuilder AddScalarFunction(string? name, int arity, string surface, string location)
+    {
+        if (string.IsNullOrWhiteSpace(name))
+            return this;
+
+        ArgumentOutOfRangeException.ThrowIfNegative(arity);
+        ArgumentException.ThrowIfNullOrWhiteSpace(surface);
+        ArgumentException.ThrowIfNullOrWhiteSpace(location);
+        _scalarFunctions.Add(new DbAutomationScalarFunctionReference(name.Trim(), arity, surface.Trim(), location.Trim()));
+        return this;
+    }
+
+    public DbAutomationMetadataBuilder AddValidationRule(string? name, string surface, string location)
+    {
+        if (string.IsNullOrWhiteSpace(name))
+            return this;
+
+        ArgumentException.ThrowIfNullOrWhiteSpace(surface);
+        ArgumentException.ThrowIfNullOrWhiteSpace(location);
+        _validationRules.Add(new DbAutomationValidationRuleReference(name.Trim(), surface.Trim(), location.Trim()));
+        return this;
+    }
+
+    public DbAutomationMetadata Build()
+        => new(
+            DbAutomationMetadata.CurrentMetadataVersion,
+            SortCommands(_commands),
+            SortScalarFunctions(_scalarFunctions),
+            SortValidationRules(_validationRules));
+
+    private static IReadOnlyList<DbAutomationCommandReference> SortCommands(IEnumerable<DbAutomationCommandReference> commands)
+        => commands
+            .GroupBy(
+                static command => $"{command.Name}|{command.Surface}|{command.Location}",
+                StringComparer.OrdinalIgnoreCase)
+            .Select(static group => group.First())
+            .OrderBy(static command => command.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static command => command.Surface, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static command => command.Location, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+    private static IReadOnlyList<DbAutomationScalarFunctionReference> SortScalarFunctions(IEnumerable<DbAutomationScalarFunctionReference> functions)
+        => functions
+            .GroupBy(
+                static function => $"{function.Name}|{function.Arity}|{function.Surface}|{function.Location}",
+                StringComparer.OrdinalIgnoreCase)
+            .Select(static group => group.First())
+            .OrderBy(static function => function.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static function => function.Arity)
+            .ThenBy(static function => function.Surface, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static function => function.Location, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+
+    private static IReadOnlyList<DbAutomationValidationRuleReference> SortValidationRules(IEnumerable<DbAutomationValidationRuleReference> rules)
+        => rules
+            .GroupBy(
+                static rule => $"{rule.Name}|{rule.Surface}|{rule.Location}",
+                StringComparer.OrdinalIgnoreCase)
+            .Select(static group => group.First())
+            .OrderBy(static rule => rule.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static rule => rule.Surface, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static rule => rule.Location, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+}
+
+public static class DbAutomationExpressionInspector
+{
+    public static IReadOnlyList<DbAutomationScalarFunctionCall> FindScalarFunctionCalls(
+        string? expression,
+        IEnumerable<string>? ignoredNames = null)
+    {
+        if (string.IsNullOrWhiteSpace(expression))
+            return [];
+
+        HashSet<string> ignored = ignoredNames is null
+            ? []
+            : new HashSet<string>(ignoredNames, StringComparer.OrdinalIgnoreCase);
+        var calls = new List<DbAutomationScalarFunctionCall>();
+        ReadOnlySpan<char> input = expression.AsSpan();
+        for (int i = 0; i < input.Length; i++)
+        {
+            char current = input[i];
+            if (current is '\'' or '"')
+            {
+                i = SkipQuoted(input, i, current);
+                continue;
+            }
+
+            if (current == '[')
+            {
+                i = SkipBracketed(input, i);
+                continue;
+            }
+
+            if (!IsIdentifierStart(current))
+                continue;
+
+            int start = i;
+            i++;
+            while (i < input.Length && IsIdentifierPart(input[i]))
+                i++;
+
+            string name = input[start..i].ToString();
+            int cursor = i;
+            while (cursor < input.Length && char.IsWhiteSpace(input[cursor]))
+                cursor++;
+
+            if (cursor >= input.Length || input[cursor] != '(')
+            {
+                i--;
+                continue;
+            }
+
+            if (!ignored.Contains(name) && TryCountArguments(input, cursor, out int arity))
+                calls.Add(new DbAutomationScalarFunctionCall(name, arity));
+
+            i--;
+        }
+
+        return calls
+            .GroupBy(
+                static call => $"{call.Name}|{call.Arity}",
+                StringComparer.OrdinalIgnoreCase)
+            .Select(static group => group.First())
+            .OrderBy(static call => call.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static call => call.Arity)
+            .ToArray();
+    }
+
+    private static bool TryCountArguments(ReadOnlySpan<char> input, int openParen, out int arity)
+    {
+        arity = 0;
+        int depth = 0;
+        bool sawArgument = false;
+        bool expectingArgument = true;
+        for (int i = openParen; i < input.Length; i++)
+        {
+            char current = input[i];
+            if (current is '\'' or '"')
+            {
+                i = SkipQuoted(input, i, current);
+                sawArgument = true;
+                expectingArgument = false;
+                continue;
+            }
+
+            if (current == '[')
+            {
+                i = SkipBracketed(input, i);
+                sawArgument = true;
+                expectingArgument = false;
+                continue;
+            }
+
+            if (current == '(')
+            {
+                depth++;
+                if (depth > 1)
+                {
+                    sawArgument = true;
+                    expectingArgument = false;
+                }
+
+                continue;
+            }
+
+            if (current == ')')
+            {
+                depth--;
+                if (depth < 0)
+                    return false;
+
+                if (depth == 0)
+                {
+                    if (expectingArgument && sawArgument)
+                        return false;
+
+                    arity = sawArgument ? arity + 1 : 0;
+                    return true;
+                }
+
+                continue;
+            }
+
+            if (current == ',' && depth == 1)
+            {
+                if (expectingArgument)
+                    return false;
+
+                arity++;
+                expectingArgument = true;
+                continue;
+            }
+
+            if (depth == 1 && !char.IsWhiteSpace(current))
+            {
+                sawArgument = true;
+                expectingArgument = false;
+            }
+        }
+
+        return false;
+    }
+
+    private static int SkipQuoted(ReadOnlySpan<char> input, int start, char quote)
+    {
+        for (int i = start + 1; i < input.Length; i++)
+        {
+            if (input[i] == quote)
+                return i;
+        }
+
+        return input.Length - 1;
+    }
+
+    private static int SkipBracketed(ReadOnlySpan<char> input, int start)
+    {
+        for (int i = start + 1; i < input.Length; i++)
+        {
+            if (input[i] == ']')
+                return i;
+        }
+
+        return input.Length - 1;
+    }
+
+    private static bool IsIdentifierStart(char value)
+        => char.IsLetter(value) || value == '_';
+
+    private static bool IsIdentifierPart(char value)
+        => char.IsLetterOrDigit(value) || value == '_';
+}
diff --git a/src/CSharpDB.Primitives/DbBuiltInScalarFunctions.cs b/src/CSharpDB.Primitives/DbBuiltInScalarFunctions.cs
new file mode 100644
index 00000000..14813158
--- /dev/null
+++ b/src/CSharpDB.Primitives/DbBuiltInScalarFunctions.cs
@@ -0,0 +1,829 @@
+using System.Globalization;
+
+namespace CSharpDB.Primitives;
+
+public static class DbBuiltInScalarFunctions
+{
+    public static bool IsBuiltInFunctionName(string functionName)
+        => functionName.ToUpperInvariant() switch
+        {
+            "TEXT" or
+            "NZ" or "ISNULL" or "ISEMPTY" or "IIF" or "SWITCH" or "CHOOSE" or
+            "COALESCE" or "IFNULL" or "NULLIF" or
+            "LEN" or "LENGTH" or "LEFT" or "RIGHT" or "MID" or "SUBSTR" or "SUBSTRING" or
+            "TRIM" or "LTRIM" or "RTRIM" or "UCASE" or "LCASE" or "UPPER" or "LOWER" or
+            "INSTR" or "REPLACE" or "STRCOMP" or "VAL" or
+            "DATE" or "TIME" or "NOW" or "DATETIME" or
+            "YEAR" or "MONTH" or "DAY" or "HOUR" or "MINUTE" or "SECOND" or
+            "DATEADD" or "DATEDIFF" or "DATEPART" or "DATESERIAL" or "TIMESERIAL" or
+            "WEEKDAY" or "MONTHNAME" or
+            "ABS" or "ROUND" or "INT" or "FIX" or "SGN" or
+            "CSTR" or "CINT" or "CLNG" or "CDBL" or "CBOOL" or "CDATE" or "FORMAT" => true,
+            _ => false,
+        };
+
+    public static bool TryGetReturnType(string functionName, out DbType type)
+    {
+        type = functionName.ToUpperInvariant() switch
+        {
+            "TEXT" or "CSTR" or
+            "LEFT" or "RIGHT" or "MID" or "SUBSTR" or "SUBSTRING" or
+            "TRIM" or "LTRIM" or "RTRIM" or "UCASE" or "LCASE" or "UPPER" or "LOWER" or "REPLACE" or
+            "DATE" or "TIME" or "NOW" or "DATETIME" or "DATEADD" or "DATESERIAL" or "TIMESERIAL" or
+            "MONTHNAME" or "CDATE" or "FORMAT" => DbType.Text,
+            "ISNULL" or "ISEMPTY" or "CBOOL" or
+            "LEN" or "LENGTH" or "INSTR" or "STRCOMP" or
+            "YEAR" or "MONTH" or "DAY" or "HOUR" or "MINUTE" or "SECOND" or
+            "DATEDIFF" or "DATEPART" or "WEEKDAY" or "SGN" or "CINT" or "CLNG" => DbType.Integer,
+            "ABS" or "ROUND" or "INT" or "FIX" or "CDBL" or "VAL" => DbType.Real,
+            _ => DbType.Null,
+        };
+
+        return type != DbType.Null;
+    }
+
+    public static bool TryEvaluate(string functionName, IReadOnlyList<DbValue> args, out DbValue value)
+    {
+        value = DbValue.Null;
+        string name = functionName.ToUpperInvariant();
+
+        switch (name)
+        {
+            case "TEXT":
+                RequireArgumentCount(name, args, 1);
+                value = DbValue.FromText(ToDisplayText(args[0]));
+                return true;
+            case "NZ":
+                RequireArgumentCount(name, args, 1, 2);
+                value = IsNullOrEmpty(args[0])
+                    ? args.Count == 2 ? args[1] : DbValue.FromText(string.Empty)
+                    : args[0];
+                return true;
+            case "ISNULL":
+                RequireArgumentCount(name, args, 1);
+                value = FromBoolean(args[0].IsNull);
+                return true;
+            case "ISEMPTY":
+                RequireArgumentCount(name, args, 1);
+                value = FromBoolean(IsNullOrEmpty(args[0]));
+                return true;
+            case "IIF":
+                RequireArgumentCount(name, args, 3);
+                value = IsTruthy(args[0]) ? args[1] : args[2];
+                return true;
+            case "SWITCH":
+                if (args.Count == 0 || args.Count % 2 != 0)
+                    throw WrongArgumentCount(name, "an even number of arguments.");
+                for (int i = 0; i < args.Count; i += 2)
+                {
+                    if (IsTruthy(args[i]))
+                    {
+                        value = args[i + 1];
+                        return true;
+                    }
+                }
+
+                return true;
+            case "CHOOSE":
+                if (args.Count < 2)
+                    throw WrongArgumentCount(name, "at least two arguments.");
+                value = TryConvertLong(args[0], out long chooseIndex) && chooseIndex >= 1 && chooseIndex < args.Count
+                    ? args[(int)chooseIndex]
+                    : DbValue.Null;
+                return true;
+            case "COALESCE":
+                if (args.Count == 0)
+                    throw WrongArgumentCount(name, "at least one argument.");
+                value = args.FirstOrDefault(static argument => !argument.IsNull);
+                return true;
+            case "IFNULL":
+                RequireArgumentCount(name, args, 2);
+                value = args[0].IsNull ? args[1] : args[0];
+                return true;
+            case "NULLIF":
+                RequireArgumentCount(name, args, 2);
+                value = DbValue.Compare(args[0], args[1]) == 0 ? DbValue.Null : args[0];
+                return true;
+            case "LEN":
+            case "LENGTH":
+                RequireArgumentCount(name, args, 1);
+                value = args[0].IsNull ? DbValue.Null : DbValue.FromInteger(ToScalarString(args[0]).Length);
+                return true;
+            case "LEFT":
+                RequireArgumentCount(name, args, 2);
+                value = !args[0].IsNull && TryConvertLong(args[1], out long leftCount)
+                    ? DbValue.FromText(Left(ToScalarString(args[0]), leftCount))
+                    : DbValue.Null;
+                return true;
+            case "RIGHT":
+                RequireArgumentCount(name, args, 2);
+                value = !args[0].IsNull && TryConvertLong(args[1], out long rightCount)
+                    ? DbValue.FromText(Right(ToScalarString(args[0]), rightCount))
+                    : DbValue.Null;
+                return true;
+            case "MID":
+            case "SUBSTR":
+            case "SUBSTRING":
+                RequireArgumentCount(name, args, 2, 3);
+                value = EvaluateMid(args);
+                return true;
+            case "TRIM":
+                RequireArgumentCount(name, args, 1);
+                value = args[0].IsNull ? DbValue.Null : DbValue.FromText(ToScalarString(args[0]).Trim());
+                return true;
+            case "LTRIM":
+                RequireArgumentCount(name, args, 1);
+                value = args[0].IsNull ? DbValue.Null : DbValue.FromText(ToScalarString(args[0]).TrimStart());
+                return true;
+            case "RTRIM":
+                RequireArgumentCount(name, args, 1);
+                value = args[0].IsNull ? DbValue.Null : DbValue.FromText(ToScalarString(args[0]).TrimEnd());
+                return true;
+            case "UCASE":
+            case "UPPER":
+                RequireArgumentCount(name, args, 1);
+                value = args[0].IsNull ? DbValue.Null : DbValue.FromText(ToScalarString(args[0]).ToUpperInvariant());
+                return true;
+            case "LCASE":
+            case "LOWER":
+                RequireArgumentCount(name, args, 1);
+                value = args[0].IsNull ? DbValue.Null : DbValue.FromText(ToScalarString(args[0]).ToLowerInvariant());
+                return true;
+            case "INSTR":
+                RequireArgumentCount(name, args, 2, 3);
+                value = EvaluateInStr(args);
+                return true;
+            case "REPLACE":
+                RequireArgumentCount(name, args, 3);
+                value = !args[0].IsNull && !args[1].IsNull
+                    ? DbValue.FromText(ToScalarString(args[0]).Replace(ToScalarString(args[1]), ToScalarString(args[2]), StringComparison.Ordinal))
+                    : DbValue.Null;
+                return true;
+            case "STRCOMP":
+                RequireArgumentCount(name, args, 2, 3);
+                value = EvaluateStrComp(args);
+                return true;
+            case "VAL":
+                RequireArgumentCount(name, args, 1);
+                value = DbValue.FromReal(ParseLeadingNumber(ToScalarString(args[0])));
+                return true;
+            case "DATE":
+                RequireArgumentCount(name, args, 0);
+                value = DbValue.FromText(DateTime.Now.ToString("yyyy-MM-dd", CultureInfo.InvariantCulture));
+                return true;
+            case "TIME":
+                RequireArgumentCount(name, args, 0);
+                value = DbValue.FromText(DateTime.Now.ToString("HH:mm:ss", CultureInfo.InvariantCulture));
+                return true;
+            case "NOW":
+            case "DATETIME":
+                RequireArgumentCount(name, args, 0);
+                value = DbValue.FromText(DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture));
+                return true;
+            case "YEAR":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertDateTime(args[0], out DateTime yearDate) ? DbValue.FromInteger(yearDate.Year) : DbValue.Null;
+                return true;
+            case "MONTH":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertDateTime(args[0], out DateTime monthDate) ? DbValue.FromInteger(monthDate.Month) : DbValue.Null;
+                return true;
+            case "DAY":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertDateTime(args[0], out DateTime dayDate) ? DbValue.FromInteger(dayDate.Day) : DbValue.Null;
+                return true;
+            case "HOUR":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertTime(args[0], out TimeSpan hourTime) ? DbValue.FromInteger(hourTime.Hours) : DbValue.Null;
+                return true;
+            case "MINUTE":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertTime(args[0], out TimeSpan minuteTime) ? DbValue.FromInteger(minuteTime.Minutes) : DbValue.Null;
+                return true;
+            case "SECOND":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertTime(args[0], out TimeSpan secondTime) ? DbValue.FromInteger(secondTime.Seconds) : DbValue.Null;
+                return true;
+            case "DATEADD":
+                RequireArgumentCount(name, args, 3);
+                value = EvaluateDateAdd(args);
+                return true;
+            case "DATEDIFF":
+                RequireArgumentCount(name, args, 3);
+                value = EvaluateDateDiff(args);
+                return true;
+            case "DATEPART":
+                RequireArgumentCount(name, args, 2);
+                value = EvaluateDatePart(args);
+                return true;
+            case "DATESERIAL":
+                RequireArgumentCount(name, args, 3);
+                value = EvaluateDateSerial(args);
+                return true;
+            case "TIMESERIAL":
+                RequireArgumentCount(name, args, 3);
+                value = EvaluateTimeSerial(args);
+                return true;
+            case "WEEKDAY":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertDateTime(args[0], out DateTime weekdayDate)
+                    ? DbValue.FromInteger(((int)weekdayDate.DayOfWeek) + 1)
+                    : DbValue.Null;
+                return true;
+            case "MONTHNAME":
+                RequireArgumentCount(name, args, 1, 2);
+                value = EvaluateMonthName(args);
+                return true;
+            case "ABS":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertDouble(args[0], out double absValue) ? FromReal(Math.Abs(absValue)) : DbValue.Null;
+                return true;
+            case "ROUND":
+                RequireArgumentCount(name, args, 1, 2);
+                value = EvaluateRound(args);
+                return true;
+            case "INT":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertDouble(args[0], out double intValue) ? FromReal(Math.Floor(intValue)) : DbValue.Null;
+                return true;
+            case "FIX":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertDouble(args[0], out double fixValue) ? FromReal(Math.Truncate(fixValue)) : DbValue.Null;
+                return true;
+            case "SGN":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertDouble(args[0], out double sgnValue) ? DbValue.FromInteger(Math.Sign(sgnValue)) : DbValue.Null;
+                return true;
+            case "CSTR":
+                RequireArgumentCount(name, args, 1);
+                value = DbValue.FromText(ToScalarString(args[0]));
+                return true;
+            case "CINT":
+            case "CLNG":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertLong(args[0], out long integerValue) ? DbValue.FromInteger(integerValue) : DbValue.Null;
+                return true;
+            case "CDBL":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertDouble(args[0], out double doubleValue) ? FromReal(doubleValue) : DbValue.Null;
+                return true;
+            case "CBOOL":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertBoolean(args[0], out bool boolValue) ? FromBoolean(boolValue) : DbValue.Null;
+                return true;
+            case "CDATE":
+                RequireArgumentCount(name, args, 1);
+                value = TryConvertDateTime(args[0], out DateTime dateValue)
+                    ? DbValue.FromText(FormatDateTime(dateValue))
+                    : DbValue.Null;
+                return true;
+            case "FORMAT":
+                RequireArgumentCount(name, args, 2);
+                value = args[1].IsNull ? DbValue.Null : FormatValue(args[0], ToScalarString(args[1]));
+                return true;
+            default:
+                return false;
+        }
+    }
+
+    public static string ToDisplayText(DbValue value) => value.Type switch
+    {
+        DbType.Null => "NULL",
+        DbType.Integer => value.AsInteger.ToString(CultureInfo.InvariantCulture),
+        DbType.Real => value.AsReal.ToString(CultureInfo.InvariantCulture),
+        DbType.Text => value.AsText,
+        DbType.Blob => $"[{value.AsBlob.Length} bytes]",
+        _ => throw new CSharpDbException(ErrorCode.Unknown, $"Unsupported DbValue type '{value.Type}'."),
+    };
+
+    private static DbValue EvaluateMid(IReadOnlyList<DbValue> args)
+    {
+        if (args[0].IsNull || !TryConvertLong(args[1], out long start))
+            return DbValue.Null;
+
+        string text = ToScalarString(args[0]);
+        int zeroBasedStart = ClampToStringStart(start - 1, text.Length);
+        if (zeroBasedStart >= text.Length)
+            return DbValue.FromText(string.Empty);
+
+        if (args.Count == 2)
+            return DbValue.FromText(text[zeroBasedStart..]);
+
+        if (!TryConvertLong(args[2], out long count))
+            return DbValue.Null;
+
+        int length = ClampLength(count, text.Length - zeroBasedStart);
+        return DbValue.FromText(text.Substring(zeroBasedStart, length));
+    }
+
+    private static DbValue EvaluateInStr(IReadOnlyList<DbValue> args)
+    {
+        long start = 1;
+        DbValue source = args[0];
+        DbValue search = args[1];
+        if (args.Count == 3)
+        {
+            if (!TryConvertLong(args[0], out start))
+                return DbValue.Null;
+
+            source = args[1];
+            search = args[2];
+        }
+
+        if (source.IsNull || search.IsNull)
+            return DbValue.Null;
+
+        string sourceText = ToScalarString(source);
+        string searchText = ToScalarString(search);
+        int zeroBasedStart = ClampToStringStart(start - 1, sourceText.Length);
+        int index = sourceText.IndexOf(searchText, zeroBasedStart, StringComparison.OrdinalIgnoreCase);
+        return DbValue.FromInteger(index < 0 ? 0 : index + 1);
+    }
+
+    private static DbValue EvaluateStrComp(IReadOnlyList<DbValue> args)
+    {
+        if (args[0].IsNull || args[1].IsNull)
+            return DbValue.Null;
+
+        StringComparison comparison = StringComparison.Ordinal;
+        if (args.Count == 3)
+        {
+            string mode = ToScalarString(args[2]);
+            if (string.Equals(mode, "text", StringComparison.OrdinalIgnoreCase) ||
+                string.Equals(mode, "1", StringComparison.OrdinalIgnoreCase))
+            {
+                comparison = StringComparison.OrdinalIgnoreCase;
+            }
+        }
+
+        int result = string.Compare(ToScalarString(args[0]), ToScalarString(args[1]), comparison);
+        return DbValue.FromInteger(result < 0 ? -1 : result > 0 ? 1 : 0);
+    }
+
+    private static DbValue EvaluateDateAdd(IReadOnlyList<DbValue> args)
+    {
+        if (!TryConvertLong(args[1], out long amount) ||
+            !TryConvertDateTime(args[2], out DateTime date))
+        {
+            return DbValue.Null;
+        }
+
+        DateTime? result = AddDateInterval(ToScalarString(args[0]), date, amount);
+        return result.HasValue ? DbValue.FromText(FormatDateTime(result.Value)) : DbValue.Null;
+    }
+
+    private static DbValue EvaluateDateDiff(IReadOnlyList<DbValue> args)
+    {
+        if (!TryConvertDateTime(args[1], out DateTime start) ||
+            !TryConvertDateTime(args[2], out DateTime end))
+        {
+            return DbValue.Null;
+        }
+
+        long? result = DiffDateInterval(ToScalarString(args[0]), start, end);
+        return result.HasValue ? DbValue.FromInteger(result.Value) : DbValue.Null;
+    }
+
+    private static DbValue EvaluateDatePart(IReadOnlyList<DbValue> args)
+    {
+        if (!TryConvertDateTime(args[1], out DateTime date))
+            return DbValue.Null;
+
+        long? result = GetDatePart(ToScalarString(args[0]), date);
+        return result.HasValue ? DbValue.FromInteger(result.Value) : DbValue.Null;
+    }
+
+    private static DbValue EvaluateDateSerial(IReadOnlyList<DbValue> args)
+    {
+        if (!TryConvertLong(args[0], out long year) ||
+            !TryConvertLong(args[1], out long month) ||
+            !TryConvertLong(args[2], out long day) ||
+            year is < 1 or > 9999 ||
+            month is < int.MinValue or > int.MaxValue ||
+            day is < int.MinValue or > int.MaxValue)
+        {
+            return DbValue.Null;
+        }
+
+        try
+        {
+            var date = new DateTime((int)year, 1, 1).AddMonths((int)month - 1).AddDays((int)day - 1);
+            return DbValue.FromText(FormatDateTime(date));
+        }
+        catch
+        {
+            return DbValue.Null;
+        }
+    }
+
+    private static DbValue EvaluateTimeSerial(IReadOnlyList<DbValue> args)
+    {
+        if (!TryConvertLong(args[0], out long hour) ||
+            !TryConvertLong(args[1], out long minute) ||
+            !TryConvertLong(args[2], out long second))
+        {
+            return DbValue.Null;
+        }
+
+        try
+        {
+            TimeSpan time = TimeSpan.FromHours(hour) + TimeSpan.FromMinutes(minute) + TimeSpan.FromSeconds(second);
+            return DbValue.FromText(time.ToString(@"hh\:mm\:ss", CultureInfo.InvariantCulture));
+        }
+        catch
+        {
+            return DbValue.Null;
+        }
+    }
+
+    private static DbValue EvaluateMonthName(IReadOnlyList<DbValue> args)
+    {
+        if (!TryConvertLong(args[0], out long month) || month is < 1 or > 12)
+            return DbValue.Null;
+
+        bool abbreviate = args.Count == 2 && TryConvertBoolean(args[1], out bool abbreviated) && abbreviated;
+        DateTimeFormatInfo format = CultureInfo.InvariantCulture.DateTimeFormat;
+        return DbValue.FromText(abbreviate ? format.GetAbbreviatedMonthName((int)month) : format.GetMonthName((int)month));
+    }
+
+    private static DbValue EvaluateRound(IReadOnlyList<DbValue> args)
+    {
+        if (!TryConvertDouble(args[0], out double value))
+            return DbValue.Null;
+
+        int digits = 0;
+        if (args.Count == 2)
+        {
+            if (!TryConvertLong(args[1], out long parsedDigits) || parsedDigits is < 0 or > 15)
+                return DbValue.Null;
+
+            digits = (int)parsedDigits;
+        }
+
+        return FromReal(Math.Round(value, digits, MidpointRounding.ToEven));
+    }
+
+    private static DbValue FormatValue(DbValue value, string format)
+    {
+        if (value.IsNull)
+            return DbValue.Null;
+
+        try
+        {
+            if (TryConvertDouble(value, out double number))
+                return DbValue.FromText(number.ToString(format, CultureInfo.InvariantCulture));
+        }
+        catch
+        {
+            return DbValue.FromText(ToScalarString(value));
+        }
+
+        return DbValue.FromText(ToScalarString(value));
+    }
+
+    private static DateTime? AddDateInterval(string interval, DateTime date, long amount)
+    {
+        try
+        {
+            return NormalizeInterval(interval) switch
+            {
+                "yyyy" => date.AddYears(checked((int)amount)),
+                "q" => date.AddMonths(checked((int)amount * 3)),
+                "m" => date.AddMonths(checked((int)amount)),
+                "y" or "d" or "w" => date.AddDays(amount),
+                "ww" => date.AddDays(checked(amount * 7)),
+                "h" => date.AddHours(amount),
+                "n" => date.AddMinutes(amount),
+                "s" => date.AddSeconds(amount),
+                _ => null,
+            };
+        }
+        catch
+        {
+            return null;
+        }
+    }
+
+    private static long? DiffDateInterval(string interval, DateTime start, DateTime end)
+        => NormalizeInterval(interval) switch
+        {
+            "yyyy" => end.Year - start.Year,
+            "q" => ((end.Year - start.Year) * 4) + ((end.Month - 1) / 3) - ((start.Month - 1) / 3),
+            "m" => ((end.Year - start.Year) * 12) + end.Month - start.Month,
+            "y" or "d" or "w" => (long)(end.Date - start.Date).TotalDays,
+            "ww" => (long)Math.Floor((end.Date - start.Date).TotalDays / 7),
+            "h" => (long)(end - start).TotalHours,
+            "n" => (long)(end - start).TotalMinutes,
+            "s" => (long)(end - start).TotalSeconds,
+            _ => null,
+        };
+
+    private static long? GetDatePart(string interval, DateTime date)
+        => NormalizeInterval(interval) switch
+        {
+            "yyyy" => date.Year,
+            "q" => ((date.Month - 1) / 3) + 1,
+            "m" => date.Month,
+            "y" => date.DayOfYear,
+            "d" => date.Day,
+            "w" => ((int)date.DayOfWeek) + 1,
+            "ww" => ISOWeek.GetWeekOfYear(date),
+            "h" => date.Hour,
+            "n" => date.Minute,
+            "s" => date.Second,
+            _ => null,
+        };
+
+    private static string NormalizeInterval(string interval)
+        => interval.Trim().Trim('"', '\'').ToLowerInvariant();
+
+    private static string Left(string text, long count)
+        => text[..ClampLength(count, text.Length)];
+
+    private static string Right(string text, long count)
+    {
+        int length = ClampLength(count, text.Length);
+        return text[(text.Length - length)..];
+    }
+
+    private static double ParseLeadingNumber(string text)
+    {
+        text = text.TrimStart();
+        if (text.Length == 0)
+            return 0;
+
+        int index = 0;
+        if (text[index] is '+' or '-')
+            index++;
+
+        bool hasDigit = false;
+        bool hasDecimal = false;
+        while (index < text.Length)
+        {
+            char ch = text[index];
+            if (char.IsDigit(ch))
+            {
+                hasDigit = true;
+                index++;
+                continue;
+            }
+
+            if (ch == '.' && !hasDecimal)
+            {
+                hasDecimal = true;
+                index++;
+                continue;
+            }
+
+            break;
+        }
+
+        if (!hasDigit)
+            return 0;
+
+        if (index < text.Length && text[index] is 'e' or 'E')
+        {
+            int exponentStart = index;
+            index++;
+            if (index < text.Length && text[index] is '+' or '-')
+                index++;
+
+            bool hasExponentDigit = false;
+            while (index < text.Length && char.IsDigit(text[index]))
+            {
+                hasExponentDigit = true;
+                index++;
+            }
+
+            if (!hasExponentDigit)
+                index = exponentStart;
+        }
+
+        return double.TryParse(text[..index], NumberStyles.Float, CultureInfo.InvariantCulture, out double result)
+            ? result
+            : 0;
+    }
+
+    private static bool TryConvertDouble(DbValue value, out double result)
+    {
+        switch (value.Type)
+        {
+            case DbType.Integer:
+                result = value.AsInteger;
+                return true;
+            case DbType.Real:
+                result = value.AsReal;
+                return true;
+            case DbType.Text:
+                return double.TryParse(
+                    value.AsText,
+                    NumberStyles.Float | NumberStyles.AllowThousands,
+                    CultureInfo.InvariantCulture,
+                    out result);
+            default:
+                result = 0;
+                return false;
+        }
+    }
+
+    private static bool TryConvertLong(DbValue value, out long result)
+    {
+        switch (value.Type)
+        {
+            case DbType.Integer:
+                result = value.AsInteger;
+                return true;
+            case DbType.Real:
+                return TryRoundToLong(value.AsReal, out result);
+            case DbType.Text when long.TryParse(value.AsText, NumberStyles.Integer, CultureInfo.InvariantCulture, out long integer):
+                result = integer;
+                return true;
+            case DbType.Text when double.TryParse(value.AsText, NumberStyles.Float | NumberStyles.AllowThousands, CultureInfo.InvariantCulture, out double real):
+                return TryRoundToLong(real, out result);
+            default:
+                result = 0;
+                return false;
+        }
+    }
+
+    private static bool TryRoundToLong(double value, out long result)
+    {
+        if (double.IsNaN(value) || double.IsInfinity(value))
+        {
+            result = 0;
+            return false;
+        }
+
+        double rounded = Math.Round(value, MidpointRounding.ToEven);
+        if (rounded < long.MinValue || rounded > long.MaxValue)
+        {
+            result = 0;
+            return false;
+        }
+
+        result = Convert.ToInt64(rounded, CultureInfo.InvariantCulture);
+        return true;
+    }
+
+    private static bool TryConvertBoolean(DbValue value, out bool result)
+    {
+        switch (value.Type)
+        {
+            case DbType.Integer:
+                result = value.AsInteger != 0;
+                return true;
+            case DbType.Real:
+                result = Math.Abs(value.AsReal) > double.Epsilon;
+                return true;
+            case DbType.Text:
+                string text = value.AsText;
+                if (bool.TryParse(text, out result))
+                    return true;
+                if (string.Equals(text, "yes", StringComparison.OrdinalIgnoreCase) ||
+                    string.Equals(text, "y", StringComparison.OrdinalIgnoreCase))
+                {
+                    result = true;
+                    return true;
+                }
+                if (string.Equals(text, "no", StringComparison.OrdinalIgnoreCase) ||
+                    string.Equals(text, "n", StringComparison.OrdinalIgnoreCase))
+                {
+                    result = false;
+                    return true;
+                }
+                if (TryConvertDouble(value, out double numericText))
+                {
+                    result = Math.Abs(numericText) > double.Epsilon;
+                    return true;
+                }
+                break;
+        }
+
+        result = false;
+        return false;
+    }
+
+    private static bool TryConvertDateTime(DbValue value, out DateTime result)
+    {
+        switch (value.Type)
+        {
+            case DbType.Text:
+                if (DateTime.TryParse(value.AsText, CultureInfo.InvariantCulture, DateTimeStyles.AllowWhiteSpaces, out result) ||
+                    DateTime.TryParse(value.AsText, CultureInfo.CurrentCulture, DateTimeStyles.AllowWhiteSpaces, out result))
+                {
+                    return true;
+                }
+                break;
+            case DbType.Integer:
+            case DbType.Real:
+                if (TryConvertDouble(value, out double numeric))
+                {
+                    try
+                    {
+                        result = DateTime.FromOADate(numeric);
+                        return true;
+                    }
+                    catch
+                    {
+                    }
+                }
+                break;
+        }
+
+        result = default;
+        return false;
+    }
+
+    private static bool TryConvertTime(DbValue value, out TimeSpan result)
+    {
+        switch (value.Type)
+        {
+            case DbType.Text:
+                if (TimeSpan.TryParse(value.AsText, CultureInfo.InvariantCulture, out result))
+                    return true;
+                if (DateTime.TryParse(value.AsText, CultureInfo.InvariantCulture, DateTimeStyles.AllowWhiteSpaces, out DateTime parsedDate))
+                {
+                    result = parsedDate.TimeOfDay;
+                    return true;
+                }
+                break;
+        }
+
+        result = default;
+        return false;
+    }
+
+    private static string ToScalarString(DbValue value) => value.Type switch
+    {
+        DbType.Null => string.Empty,
+        DbType.Integer => value.AsInteger.ToString(CultureInfo.InvariantCulture),
+        DbType.Real => value.AsReal.ToString(CultureInfo.InvariantCulture),
+        DbType.Text => value.AsText,
+        DbType.Blob => Convert.ToBase64String(value.AsBlob),
+        _ => string.Empty,
+    };
+
+    private static string FormatDateTime(DateTime dateTime)
+        => dateTime.TimeOfDay == TimeSpan.Zero
+            ? dateTime.ToString("yyyy-MM-dd", CultureInfo.InvariantCulture)
+            : dateTime.ToString("yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture);
+
+    private static DbValue FromBoolean(bool value)
+        => DbValue.FromInteger(value ? 1 : 0);
+
+    private static DbValue FromReal(double value)
+        => double.IsNaN(value) || double.IsInfinity(value)
+            ? DbValue.Null
+            : DbValue.FromReal(value);
+
+    private static bool IsTruthy(DbValue value)
+    {
+        if (value.IsNull)
+            return false;
+
+        if (TryConvertDouble(value, out double number))
+            return Math.Abs(number) > double.Epsilon;
+
+        string text = ToScalarString(value);
+        if (bool.TryParse(text, out bool parsed))
+            return parsed;
+
+        return !string.IsNullOrWhiteSpace(text);
+    }
+
+    private static bool IsNullOrEmpty(DbValue value)
+        => value.IsNull || value.Type == DbType.Text && value.AsText.Length == 0;
+
+    private static int ClampToStringStart(long value, int textLength)
+    {
+        if (value <= 0)
+            return 0;
+        if (value >= textLength)
+            return textLength;
+        return (int)value;
+    }
+
+    private static int ClampLength(long value, int maxLength)
+    {
+        if (value <= 0)
+            return 0;
+        if (value >= maxLength)
+            return maxLength;
+        return (int)value;
+    }
+
+    private static void RequireArgumentCount(string functionName, IReadOnlyList<DbValue> args, int count)
+    {
+        if (args.Count != count)
+            throw WrongArgumentCount(functionName, count == 1 ? "exactly one argument." : $"exactly {count} arguments.");
+    }
+
+    private static void RequireArgumentCount(string functionName, IReadOnlyList<DbValue> args, int count1, int count2)
+    {
+        if (args.Count != count1 && args.Count != count2)
+            throw WrongArgumentCount(functionName, $"{count1} or {count2} arguments.");
+    }
+
+    private static CSharpDbException WrongArgumentCount(string functionName, string expectation)
+        => new(ErrorCode.SyntaxError, $"{functionName}() requires {expectation}");
+}
diff --git a/src/CSharpDB.Primitives/DbCallbackDiagnostics.cs b/src/CSharpDB.Primitives/DbCallbackDiagnostics.cs
new file mode 100644
index 00000000..ac8554ed
--- /dev/null
+++ b/src/CSharpDB.Primitives/DbCallbackDiagnostics.cs
@@ -0,0 +1,368 @@
+using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
+
+namespace CSharpDB.Primitives;
+
+public sealed record DbCallbackInvocationDiagnostic(
+    AutomationCallbackKind CallbackKind,
+    string Name,
+    int? Arity,
+    string? Surface,
+    string? Location,
+    string? EventName,
+    DateTimeOffset? StartedAtUtc,
+    string? CorrelationId,
+    string? OwnerKind,
+    string? OwnerId,
+    string? OwnerName,
+    TimeSpan Elapsed,
+    bool Succeeded,
+    bool TimedOut,
+    bool Canceled,
+    bool? PolicyAllowed,
+    string? PolicyDenialReason,
+    string? ErrorCode,
+    string? ExceptionType,
+    string? ResultMessage,
+    string? ExceptionMessage,
+    IReadOnlyDictionary<string, string> Metadata);
+
+public static class DbCallbackDiagnostics
+{
+    public const string ListenerName = "CSharpDB.TrustedCallbacks";
+    public const string InvocationEventName = "CSharpDB.TrustedCallbacks.Invocation";
+
+    public static DiagnosticListener Listener { get; } = new(ListenerName);
+
+    public static bool IsInvocationEnabled
+        => Listener.IsEnabled(InvocationEventName);
+
+    internal static long GetTimestamp()
+        => Stopwatch.GetTimestamp();
+
+    internal static TimeSpan GetElapsedTime(long startingTimestamp)
+        => Stopwatch.GetElapsedTime(startingTimestamp);
+
+    public static void WriteMissingScalarInvocation(
+        string name,
+        int arity,
+        IReadOnlyDictionary<string, string>? metadata,
+        string message)
+        => WriteScalarInvocation(
+            name,
+            arity,
+            metadata,
+            elapsed: TimeSpan.Zero,
+            succeeded: false,
+            canceled: false,
+            exceptionMessage: message,
+            policyDecision: null,
+            errorCode: "MissingCallback",
+            exceptionType: null);
+
+    public static void WriteMissingCommandInvocation(
+        string name,
+        IReadOnlyDictionary<string, string>? metadata,
+        string message)
+        => WriteCommandInvocation(
+            name,
+            metadata,
+            elapsed: TimeSpan.Zero,
+            succeeded: false,
+            timedOut: false,
+            canceled: false,
+            resultMessage: null,
+            exceptionMessage: message,
+            policyDecision: null,
+            errorCode: "MissingCallback",
+            exceptionType: null);
+
+    public static void WriteMissingValidationInvocation(
+        string name,
+        IReadOnlyDictionary<string, string>? metadata,
+        string message)
+        => WriteValidationInvocation(
+            name,
+            metadata,
+            elapsed: TimeSpan.Zero,
+            succeeded: false,
+            timedOut: false,
+            canceled: false,
+            resultMessage: null,
+            exceptionMessage: message,
+            policyDecision: null,
+            errorCode: "MissingCallback",
+            exceptionType: null);
+
+    public static void WritePolicyDeniedInvocation(
+        DbHostCallbackDescriptor callback,
+        IReadOnlyDictionary<string, string>? metadata,
+        DbExtensionPolicyDecision decision)
+    {
+        ArgumentNullException.ThrowIfNull(callback);
+        ArgumentNullException.ThrowIfNull(decision);
+
+        if (callback.Kind == AutomationCallbackKind.Command)
+        {
+            WriteCommandInvocation(
+                callback.Name,
+                metadata,
+                elapsed: TimeSpan.Zero,
+                succeeded: false,
+                timedOut: false,
+                canceled: false,
+                resultMessage: null,
+                exceptionMessage: decision.DenialReason,
+                decision,
+                errorCode: "PolicyDenied",
+                exceptionType: typeof(DbCallbackPolicyException).FullName);
+            return;
+        }
+
+        if (callback.Kind == AutomationCallbackKind.ValidationRule)
+        {
+            WriteValidationInvocation(
+                callback.Name,
+                metadata,
+                elapsed: TimeSpan.Zero,
+                succeeded: false,
+                timedOut: false,
+                canceled: false,
+                resultMessage: null,
+                exceptionMessage: decision.DenialReason,
+                decision,
+                errorCode: "PolicyDenied",
+                exceptionType: typeof(DbCallbackPolicyException).FullName);
+            return;
+        }
+
+        WriteScalarInvocation(
+            callback.Name,
+            callback.Arity ?? 0,
+            metadata,
+            elapsed: TimeSpan.Zero,
+            succeeded: false,
+            canceled: false,
+            exceptionMessage: decision.DenialReason,
+            decision,
+            errorCode: "PolicyDenied",
+            exceptionType: typeof(DbCallbackPolicyException).FullName);
+    }
+
+    [UnconditionalSuppressMessage(
+        "Trimming",
+        "IL2026",
+        Justification = "Callback diagnostics are emitted only for subscribed hosts; the strongly typed event payload is part of the public diagnostics contract.")]
+    internal static void WriteScalarInvocation(
+        string name,
+        int arity,
+        IReadOnlyDictionary<string, string>? metadata,
+        TimeSpan elapsed,
+        bool succeeded,
+        bool canceled,
+        string? exceptionMessage,
+        DbExtensionPolicyDecision? policyDecision = null,
+        string? errorCode = null,
+        string? exceptionType = null)
+    {
+        if (!IsInvocationEnabled)
+            return;
+
+        IReadOnlyDictionary<string, string> metadataSnapshot = CopyMetadata(metadata);
+        Listener.Write(
+            InvocationEventName,
+            new DbCallbackInvocationDiagnostic(
+                AutomationCallbackKind.ScalarFunction,
+                name,
+                arity,
+                ReadMetadata(metadataSnapshot, "surface"),
+                BuildLocation(metadataSnapshot),
+                ReadMetadata(metadataSnapshot, "event"),
+                ReadStartedAt(metadataSnapshot, elapsed),
+                ReadMetadata(metadataSnapshot, "correlationId") ?? ReadMetadata(metadataSnapshot, "correlation"),
+                ReadMetadata(metadataSnapshot, "ownerKind"),
+                ReadMetadata(metadataSnapshot, "ownerId"),
+                ReadMetadata(metadataSnapshot, "ownerName"),
+                elapsed,
+                succeeded,
+                TimedOut: false,
+                canceled,
+                policyDecision?.Allowed,
+                policyDecision?.DenialReason,
+                errorCode,
+                exceptionType,
+                ResultMessage: null,
+                exceptionMessage,
+                metadataSnapshot));
+    }
+
+    [UnconditionalSuppressMessage(
+        "Trimming",
+        "IL2026",
+        Justification = "Callback diagnostics are emitted only for subscribed hosts; the strongly typed event payload is part of the public diagnostics contract.")]
+    internal static void WriteCommandInvocation(
+        string name,
+        IReadOnlyDictionary<string, string>? metadata,
+        TimeSpan elapsed,
+        bool succeeded,
+        bool timedOut,
+        bool canceled,
+        string? resultMessage,
+        string? exceptionMessage,
+        DbExtensionPolicyDecision? policyDecision = null,
+        string? errorCode = null,
+        string? exceptionType = null)
+    {
+        if (!IsInvocationEnabled)
+            return;
+
+        IReadOnlyDictionary<string, string> metadataSnapshot = CopyMetadata(metadata);
+        Listener.Write(
+            InvocationEventName,
+            new DbCallbackInvocationDiagnostic(
+                AutomationCallbackKind.Command,
+                name,
+                Arity: null,
+                ReadMetadata(metadataSnapshot, "surface"),
+                BuildLocation(metadataSnapshot),
+                ReadMetadata(metadataSnapshot, "event"),
+                ReadStartedAt(metadataSnapshot, elapsed),
+                ReadMetadata(metadataSnapshot, "correlationId") ?? ReadMetadata(metadataSnapshot, "correlation"),
+                ReadMetadata(metadataSnapshot, "ownerKind"),
+                ReadMetadata(metadataSnapshot, "ownerId"),
+                ReadMetadata(metadataSnapshot, "ownerName"),
+                elapsed,
+                succeeded,
+                timedOut,
+                canceled,
+                policyDecision?.Allowed,
+                policyDecision?.DenialReason,
+                errorCode,
+                exceptionType,
+                resultMessage,
+                exceptionMessage,
+                metadataSnapshot));
+    }
+
+    [UnconditionalSuppressMessage(
+        "Trimming",
+        "IL2026",
+        Justification = "Callback diagnostics are emitted only for subscribed hosts; the strongly typed event payload is part of the public diagnostics contract.")]
+    internal static void WriteValidationInvocation(
+        string name,
+        IReadOnlyDictionary<string, string>? metadata,
+        TimeSpan elapsed,
+        bool succeeded,
+        bool timedOut,
+        bool canceled,
+        string? resultMessage,
+        string? exceptionMessage,
+        DbExtensionPolicyDecision? policyDecision = null,
+        string? errorCode = null,
+        string? exceptionType = null)
+    {
+        if (!IsInvocationEnabled)
+            return;
+
+        IReadOnlyDictionary<string, string> metadataSnapshot = CopyMetadata(metadata);
+        Listener.Write(
+            InvocationEventName,
+            new DbCallbackInvocationDiagnostic(
+                AutomationCallbackKind.ValidationRule,
+                name,
+                Arity: null,
+                ReadMetadata(metadataSnapshot, "surface"),
+                BuildLocation(metadataSnapshot),
+                ReadMetadata(metadataSnapshot, "event"),
+                ReadStartedAt(metadataSnapshot, elapsed),
+                ReadMetadata(metadataSnapshot, "correlationId") ?? ReadMetadata(metadataSnapshot, "correlation"),
+                ReadMetadata(metadataSnapshot, "ownerKind"),
+                ReadMetadata(metadataSnapshot, "ownerId"),
+                ReadMetadata(metadataSnapshot, "ownerName"),
+                elapsed,
+                succeeded,
+                timedOut,
+                canceled,
+                policyDecision?.Allowed,
+                policyDecision?.DenialReason,
+                errorCode,
+                exceptionType,
+                resultMessage,
+                exceptionMessage,
+                metadataSnapshot));
+    }
+
+    private static IReadOnlyDictionary<string, string> CopyMetadata(
+        IReadOnlyDictionary<string, string>? metadata)
+    {
+        if (metadata is null || metadata.Count == 0)
+            return EmptyStringDictionary.Instance;
+
+        return new Dictionary<string, string>(metadata, StringComparer.OrdinalIgnoreCase);
+    }
+
+    private static string? BuildLocation(IReadOnlyDictionary<string, string> metadata)
+    {
+        if (TryReadMetadata(metadata, "location", out string? location))
+            return location;
+
+        string? eventName = ReadMetadata(metadata, "event");
+        string? actionSequence = ReadMetadata(metadata, "actionSequence");
+        string? actionStep = ReadMetadata(metadata, "actionStep");
+        if (!string.IsNullOrWhiteSpace(actionSequence) && !string.IsNullOrWhiteSpace(actionStep))
+            return $"actionSequences.{actionSequence}.steps[{actionStep}]";
+
+        string? controlId = ReadMetadata(metadata, "controlId");
+        if (!string.IsNullOrWhiteSpace(controlId) && !string.IsNullOrWhiteSpace(eventName))
+            return $"controls.{controlId}.events.{eventName}";
+
+        if (!string.IsNullOrWhiteSpace(eventName))
+            return $"events.{eventName}";
+
+        if (!string.IsNullOrWhiteSpace(actionStep))
+            return $"action.steps[{actionStep}]";
+
+        return null;
+    }
+
+    private static DateTimeOffset ReadStartedAt(
+        IReadOnlyDictionary<string, string> metadata,
+        TimeSpan elapsed)
+    {
+        if (TryReadMetadata(metadata, "startedAtUtc", out string? rawStartedAt) &&
+            DateTimeOffset.TryParse(
+                rawStartedAt,
+                System.Globalization.CultureInfo.InvariantCulture,
+                System.Globalization.DateTimeStyles.AssumeUniversal | System.Globalization.DateTimeStyles.AdjustToUniversal,
+                out DateTimeOffset parsed))
+        {
+            return parsed;
+        }
+
+        return DateTimeOffset.UtcNow - elapsed;
+    }
+
+    private static string? ReadMetadata(IReadOnlyDictionary<string, string> metadata, string key)
+        => TryReadMetadata(metadata, key, out string? value) ? value : null;
+
+    private static bool TryReadMetadata(
+        IReadOnlyDictionary<string, string> metadata,
+        string key,
+        out string? value)
+    {
+        if (metadata.TryGetValue(key, out string? raw) && !string.IsNullOrWhiteSpace(raw))
+        {
+            value = raw;
+            return true;
+        }
+
+        value = null;
+        return false;
+    }
+
+    private static class EmptyStringDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, string> Instance =
+            new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+    }
+}
diff --git a/src/CSharpDB.Primitives/DbCommandArguments.cs b/src/CSharpDB.Primitives/DbCommandArguments.cs
new file mode 100644
index 00000000..ce6269e6
--- /dev/null
+++ b/src/CSharpDB.Primitives/DbCommandArguments.cs
@@ -0,0 +1,65 @@
+using System.Globalization;
+
+namespace CSharpDB.Primitives;
+
+public static class DbCommandArguments
+{
+    public static Dictionary<string, DbValue> FromObjectDictionary(
+        IReadOnlyDictionary<string, object?>? first,
+        IReadOnlyDictionary<string, object?>? second = null)
+        => FromObjectDictionaries(first, second);
+
+    public static Dictionary<string, DbValue> FromObjectDictionaries(
+        params IReadOnlyDictionary<string, object?>?[] sources)
+    {
+        var arguments = new Dictionary<string, DbValue>(StringComparer.OrdinalIgnoreCase);
+        foreach (IReadOnlyDictionary<string, object?>? source in sources)
+            AddDictionary(arguments, source);
+        return arguments;
+    }
+
+    public static DbValue FromObject(object? value) => value switch
+    {
+        null => DbValue.Null,
+        DbValue dbValue => dbValue,
+        bool boolValue => DbValue.FromInteger(boolValue ? 1 : 0),
+        byte or sbyte or short or ushort or int or uint or long => DbValue.FromInteger(Convert.ToInt64(value, CultureInfo.InvariantCulture)),
+        float floatValue when IsIntegerLike(floatValue) => DbValue.FromInteger((long)floatValue),
+        double doubleValue when IsIntegerLike(doubleValue) => DbValue.FromInteger((long)doubleValue),
+        decimal decimalValue when IsIntegerLike(decimalValue) => DbValue.FromInteger((long)decimalValue),
+        float or double or decimal => DbValue.FromReal(Convert.ToDouble(value, CultureInfo.InvariantCulture)),
+        string text => DbValue.FromText(text),
+        Guid guid => DbValue.FromText(guid.ToString("D")),
+        DateOnly date => DbValue.FromText(date.ToString("yyyy-MM-dd", CultureInfo.InvariantCulture)),
+        DateTime dateTime => DbValue.FromText(dateTime.ToString("O", CultureInfo.InvariantCulture)),
+        DateTimeOffset dateTimeOffset => DbValue.FromText(dateTimeOffset.ToString("O", CultureInfo.InvariantCulture)),
+        byte[] bytes => DbValue.FromBlob(bytes),
+        _ => DbValue.FromText(Convert.ToString(value, CultureInfo.InvariantCulture) ?? string.Empty),
+    };
+
+    private static bool IsIntegerLike(double value)
+        => !double.IsNaN(value)
+            && !double.IsInfinity(value)
+            && value >= long.MinValue
+            && value <= long.MaxValue
+            && Math.Truncate(value) == value;
+
+    private static bool IsIntegerLike(decimal value)
+        => value >= long.MinValue
+            && value <= long.MaxValue
+            && decimal.Truncate(value) == value;
+
+    private static void AddDictionary(
+        Dictionary<string, DbValue> arguments,
+        IReadOnlyDictionary<string, object?>? source)
+    {
+        if (source is null)
+            return;
+
+        foreach ((string key, object? value) in source)
+        {
+            if (!string.IsNullOrWhiteSpace(key))
+                arguments[key] = FromObject(value);
+        }
+    }
+}
diff --git a/src/CSharpDB.Primitives/DbCommands.cs b/src/CSharpDB.Primitives/DbCommands.cs
new file mode 100644
index 00000000..5438378b
--- /dev/null
+++ b/src/CSharpDB.Primitives/DbCommands.cs
@@ -0,0 +1,390 @@
+namespace CSharpDB.Primitives;
+
+public delegate ValueTask<DbCommandResult> DbCommandDelegate(
+    DbCommandContext context,
+    CancellationToken ct);
+
+public sealed record DbCommandContext(
+    string CommandName,
+    IReadOnlyDictionary<string, DbValue> Arguments,
+    IReadOnlyDictionary<string, string> Metadata);
+
+public sealed record DbCommandOptions(
+    string? Description = null,
+    TimeSpan? Timeout = null,
+    bool IsLongRunning = false,
+    IReadOnlyList<DbExtensionCapabilityRequest>? AdditionalCapabilities = null,
+    IReadOnlyDictionary<string, string>? Metadata = null);
+
+public sealed record DbCommandResult(
+    bool Succeeded,
+    string? Message = null,
+    DbValue Value = default)
+{
+    public static DbCommandResult Success(string? message = null, DbValue value = default)
+        => new(true, message, value);
+
+    public static DbCommandResult Failure(string message, DbValue value = default)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(message);
+        return new(false, message, value);
+    }
+}
+
+public sealed class DbCommandDefinition
+{
+    private const string CommandTimeoutDataKey = "CSharpDB.CommandTimedOut";
+    private readonly DbCommandDelegate _invoke;
+
+    internal DbCommandDefinition(
+        string name,
+        DbCommandOptions options,
+        DbCommandDelegate invoke)
+    {
+        Name = name;
+        Options = options;
+        Descriptor = DbHostCallbackDescriptorFactory.CreateCommand(name, options);
+        _invoke = invoke;
+    }
+
+    public string Name { get; }
+
+    public DbCommandOptions Options { get; }
+
+    public DbHostCallbackDescriptor Descriptor { get; }
+
+    public ValueTask<DbCommandResult> InvokeAsync(
+        IReadOnlyDictionary<string, DbValue>? arguments = null,
+        IReadOnlyDictionary<string, string>? metadata = null,
+        CancellationToken ct = default)
+    {
+        var context = new DbCommandContext(
+            Name,
+            arguments ?? EmptyDbValueDictionary.Instance,
+            metadata ?? EmptyStringDictionary.Instance);
+        if (DbCallbackDiagnostics.IsInvocationEnabled)
+            return InvokeWithDiagnosticsAsync(context, ct);
+
+        return InvokeCoreAsync(context, ct);
+    }
+
+    public ValueTask<DbCommandResult> InvokeAsync(
+        IReadOnlyDictionary<string, DbValue>? arguments,
+        IReadOnlyDictionary<string, string>? metadata,
+        DbExtensionPolicy policy,
+        DbExtensionHostMode hostMode = DbExtensionHostMode.Embedded,
+        CancellationToken ct = default)
+    {
+        ArgumentNullException.ThrowIfNull(policy);
+
+        var context = new DbCommandContext(
+            Name,
+            arguments ?? EmptyDbValueDictionary.Instance,
+            metadata ?? EmptyStringDictionary.Instance);
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            Descriptor,
+            policy,
+            hostMode);
+
+        if (!decision.Allowed)
+        {
+            DbCallbackDiagnostics.WritePolicyDeniedInvocation(Descriptor, context.Metadata, decision);
+            throw new DbCallbackPolicyException(Descriptor, decision);
+        }
+
+        if (DbCallbackDiagnostics.IsInvocationEnabled)
+            return InvokeWithDiagnosticsAsync(context, ct, decision.Timeout, decision);
+
+        return InvokeCoreAsync(context, ct, decision.Timeout);
+    }
+
+    private ValueTask<DbCommandResult> InvokeCoreAsync(
+        DbCommandContext context,
+        CancellationToken ct,
+        TimeSpan? timeoutOverride = null)
+    {
+        TimeSpan? timeout = timeoutOverride ?? Options.Timeout;
+        return timeout is { } value
+            ? InvokeWithTimeoutAsync(context, value, ct)
+            : _invoke(context, ct);
+    }
+
+    private async ValueTask<DbCommandResult> InvokeWithDiagnosticsAsync(
+        DbCommandContext context,
+        CancellationToken ct,
+        TimeSpan? timeoutOverride = null,
+        DbExtensionPolicyDecision? policyDecision = null)
+    {
+        long started = DbCallbackDiagnostics.GetTimestamp();
+        try
+        {
+            DbCommandResult result = await InvokeCoreAsync(context, ct, timeoutOverride).ConfigureAwait(false);
+            DbCallbackDiagnostics.WriteCommandInvocation(
+                Name,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: result.Succeeded,
+                timedOut: false,
+                canceled: false,
+                result.Message,
+                exceptionMessage: null,
+                policyDecision: policyDecision);
+            return result;
+        }
+        catch (TimeoutException ex) when (IsCommandTimeoutException(ex))
+        {
+            DbCallbackDiagnostics.WriteCommandInvocation(
+                Name,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: false,
+                timedOut: true,
+                canceled: false,
+                resultMessage: null,
+                exceptionMessage: ex.Message,
+                policyDecision: policyDecision,
+                errorCode: "Timeout",
+                exceptionType: ex.GetType().FullName);
+            throw;
+        }
+        catch (OperationCanceledException ex)
+        {
+            DbCallbackDiagnostics.WriteCommandInvocation(
+                Name,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: false,
+                timedOut: false,
+                canceled: true,
+                resultMessage: null,
+                exceptionMessage: ex.Message,
+                policyDecision: policyDecision,
+                errorCode: "Canceled",
+                exceptionType: ex.GetType().FullName);
+            throw;
+        }
+        catch (Exception ex)
+        {
+            DbCallbackDiagnostics.WriteCommandInvocation(
+                Name,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: false,
+                timedOut: false,
+                canceled: false,
+                resultMessage: null,
+                exceptionMessage: ex.Message,
+                policyDecision: policyDecision,
+                errorCode: "Exception",
+                exceptionType: ex.GetType().FullName);
+            throw;
+        }
+    }
+
+    private async ValueTask<DbCommandResult> InvokeWithTimeoutAsync(
+        DbCommandContext context,
+        TimeSpan timeout,
+        CancellationToken ct)
+    {
+        using var timeoutCts = new CancellationTokenSource(timeout);
+        using var linkedCts = CancellationTokenSource.CreateLinkedTokenSource(ct, timeoutCts.Token);
+
+        try
+        {
+            ValueTask<DbCommandResult> invocation = _invoke(context, linkedCts.Token);
+            if (invocation.IsCompletedSuccessfully)
+                return invocation.Result;
+
+            return await invocation.AsTask().WaitAsync(linkedCts.Token).ConfigureAwait(false);
+        }
+        catch (OperationCanceledException ex) when (timeoutCts.IsCancellationRequested && !ct.IsCancellationRequested)
+        {
+            throw CreateTimeoutException(timeout, ex);
+        }
+    }
+
+    private TimeoutException CreateTimeoutException(TimeSpan timeout, Exception inner)
+    {
+        var exception = new TimeoutException($"Command '{Name}' timed out after {FormatTimeout(timeout)}.", inner);
+        exception.Data[CommandTimeoutDataKey] = true;
+        return exception;
+    }
+
+    private static bool IsCommandTimeoutException(TimeoutException exception)
+        => exception.Data[CommandTimeoutDataKey] is true;
+
+    private static string FormatTimeout(TimeSpan timeout)
+        => timeout.TotalMilliseconds < 1000
+            ? $"{timeout.TotalMilliseconds:0.###}ms"
+            : $"{timeout.TotalSeconds:0.###}s";
+
+    private static class EmptyDbValueDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, DbValue> Instance =
+            new Dictionary<string, DbValue>(StringComparer.OrdinalIgnoreCase);
+    }
+
+    private static class EmptyStringDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, string> Instance =
+            new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+    }
+}
+
+public sealed class DbCommandRegistry
+{
+    private readonly Dictionary<string, DbCommandDefinition> _commands;
+    private readonly DbCommandDefinition[] _commandList;
+    private readonly DbHostCallbackDescriptor[] _callbackList;
+
+    public static DbCommandRegistry Empty { get; } = new();
+
+    private DbCommandRegistry()
+    {
+        _commands = new Dictionary<string, DbCommandDefinition>(StringComparer.OrdinalIgnoreCase);
+        _commandList = [];
+        _callbackList = [];
+    }
+
+    internal DbCommandRegistry(Dictionary<string, DbCommandDefinition> commands)
+    {
+        _commands = commands;
+        _commandList = commands.Values
+            .OrderBy(static definition => definition.Name, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+        _callbackList = _commandList
+            .Select(static definition => definition.Descriptor)
+            .ToArray();
+    }
+
+    public IReadOnlyCollection<DbCommandDefinition> Commands => _commandList;
+
+    public IReadOnlyCollection<DbHostCallbackDescriptor> Callbacks => _callbackList;
+
+    public static DbCommandRegistry Create(Action<DbCommandRegistryBuilder> configure)
+    {
+        ArgumentNullException.ThrowIfNull(configure);
+
+        var builder = new DbCommandRegistryBuilder();
+        configure(builder);
+        return builder.Build();
+    }
+
+    public bool TryGetCommand(string name, out DbCommandDefinition definition)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+
+        if (_commands.TryGetValue(name, out definition!))
+            return true;
+
+        definition = null!;
+        return false;
+    }
+
+    public bool ContainsCommandName(string name)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+        return _commands.ContainsKey(name);
+    }
+}
+
+public sealed class DbCommandRegistryBuilder
+{
+    private readonly Dictionary<string, DbCommandDefinition> _commands =
+        new(StringComparer.OrdinalIgnoreCase);
+
+    public DbCommandRegistryBuilder AddCommand(
+        string name,
+        DbCommandOptions? options,
+        DbCommandDelegate invoke)
+    {
+        string normalizedName = ValidateCommandName(name);
+        ValidateCommandOptions(options);
+        ArgumentNullException.ThrowIfNull(invoke);
+
+        if (_commands.ContainsKey(normalizedName))
+            throw new ArgumentException($"Command '{name}' is already registered.", nameof(name));
+
+        _commands.Add(
+            normalizedName,
+            new DbCommandDefinition(
+                normalizedName,
+                options ?? new DbCommandOptions(),
+                invoke));
+        return this;
+    }
+
+    public DbCommandRegistryBuilder AddAsyncCommand(
+        string name,
+        DbCommandOptions? options,
+        Func<DbCommandContext, CancellationToken, Task<DbCommandResult>> invoke)
+    {
+        ArgumentNullException.ThrowIfNull(invoke);
+        return AddCommand(
+            name,
+            options,
+            (context, ct) => new ValueTask<DbCommandResult>(invoke(context, ct)));
+    }
+
+    public DbCommandRegistryBuilder AddAsyncCommand(
+        string name,
+        Func<DbCommandContext, CancellationToken, Task<DbCommandResult>> invoke)
+        => AddAsyncCommand(name, options: null, invoke);
+
+    public DbCommandRegistryBuilder AddCommand(
+        string name,
+        DbCommandDelegate invoke)
+        => AddCommand(name, options: null, invoke);
+
+    public DbCommandRegistryBuilder AddCommand(
+        string name,
+        DbCommandOptions? options,
+        Func<DbCommandContext, DbCommandResult> invoke)
+    {
+        ArgumentNullException.ThrowIfNull(invoke);
+        return AddCommand(
+            name,
+            options,
+            (context, _) => ValueTask.FromResult(invoke(context)));
+    }
+
+    public DbCommandRegistryBuilder AddCommand(
+        string name,
+        Func<DbCommandContext, DbCommandResult> invoke)
+        => AddCommand(name, options: null, invoke);
+
+    public DbCommandRegistry Build()
+    {
+        if (_commands.Count == 0)
+            return DbCommandRegistry.Empty;
+
+        return new DbCommandRegistry(new Dictionary<string, DbCommandDefinition>(_commands, StringComparer.OrdinalIgnoreCase));
+    }
+
+    private static string ValidateCommandName(string name)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+
+        string trimmed = name.Trim();
+        if (!IsIdentifierStart(trimmed[0]))
+            throw new ArgumentException($"Command name '{name}' is not a valid identifier.", nameof(name));
+
+        for (int i = 1; i < trimmed.Length; i++)
+        {
+            char ch = trimmed[i];
+            if (!char.IsLetterOrDigit(ch) && ch != '_')
+                throw new ArgumentException($"Command name '{name}' is not a valid identifier.", nameof(name));
+        }
+
+        return trimmed;
+    }
+
+    private static void ValidateCommandOptions(DbCommandOptions? options)
+    {
+        if (options?.Timeout is { } timeout && timeout <= TimeSpan.Zero)
+            throw new ArgumentOutOfRangeException(nameof(options), timeout, "Command timeout must be greater than zero.");
+    }
+
+    private static bool IsIdentifierStart(char value)
+        => char.IsLetter(value) || value == '_';
+}
diff --git a/src/CSharpDB.Primitives/DbExtensions.cs b/src/CSharpDB.Primitives/DbExtensions.cs
new file mode 100644
index 00000000..fc69230b
--- /dev/null
+++ b/src/CSharpDB.Primitives/DbExtensions.cs
@@ -0,0 +1,395 @@
+namespace CSharpDB.Primitives;
+
+public enum DbExtensionRuntimeKind
+{
+    HostCallback = 0,
+    OutOfProcess = 1,
+}
+
+public enum DbExtensionExportKind
+{
+    ScalarFunction = 0,
+    Command = 1,
+    PipelineTransform = 2,
+    ValidationRule = 3,
+}
+
+public enum DbExtensionCapability
+{
+    ScalarFunctions = 0,
+    Commands = 1,
+    PipelineTransforms = 2,
+    ValidationRules = 3,
+    ReadDatabase = 4,
+    WriteDatabase = 5,
+    RunSql = 6,
+    Network = 7,
+    FileRead = 8,
+    FileWrite = 9,
+    Clock = 10,
+    Random = 11,
+    EnvironmentVariables = 12,
+}
+
+public enum DbExtensionCapabilityGrantStatus
+{
+    Denied = 0,
+    Granted = 1,
+}
+
+[Flags]
+public enum DbExtensionHostMode
+{
+    None = 0,
+    Embedded = 1,
+    Daemon = 2,
+    All = Embedded | Daemon,
+}
+
+public sealed record DbExtensionManifest(
+    string Id,
+    string Name,
+    string Version,
+    DbExtensionRuntimeKind Runtime,
+    string Entrypoint,
+    IReadOnlyList<DbExtensionExport> Exports,
+    IReadOnlyList<DbExtensionCapabilityRequest> Capabilities,
+    string? RequiredCSharpDbVersion = null,
+    string? ArtifactSha256 = null,
+    string? Signature = null,
+    string? Publisher = null,
+    IReadOnlyDictionary<string, string>? Metadata = null);
+
+public sealed record DbExtensionExport(
+    DbExtensionExportKind Kind,
+    string Name,
+    int? Arity = null,
+    DbType? ReturnType = null,
+    IReadOnlyDictionary<string, string>? Metadata = null);
+
+public sealed record DbExtensionCapabilityRequest(
+    DbExtensionCapability Name,
+    string? Reason = null,
+    IReadOnlyList<string>? Exports = null,
+    IReadOnlyList<string>? Tables = null,
+    IReadOnlyDictionary<string, string>? Scope = null);
+
+public sealed record DbExtensionCapabilityGrant(
+    DbExtensionCapability Name,
+    DbExtensionCapabilityGrantStatus Status,
+    string? Reason = null,
+    IReadOnlyList<string>? Exports = null,
+    IReadOnlyList<string>? Tables = null,
+    IReadOnlyDictionary<string, string>? Scope = null,
+    string? PolicySource = null,
+    DateTimeOffset? GrantedAt = null);
+
+public sealed record DbExtensionPolicy(
+    bool AllowExtensions,
+    IReadOnlyList<DbExtensionCapabilityGrant>? Grants = null,
+    TimeSpan? DefaultTimeout = null,
+    long? MaxMemoryBytes = null,
+    bool RequireSignature = true,
+    DbExtensionHostMode AllowedHostModes = DbExtensionHostMode.All);
+
+public sealed record DbExtensionPolicyDecision(
+    bool Allowed,
+    string? DenialReason,
+    IReadOnlyList<DbExtensionCapabilityDecision> Capabilities,
+    TimeSpan Timeout,
+    long? MaxMemoryBytes);
+
+public sealed record DbExtensionCapabilityDecision(
+    DbExtensionCapability Name,
+    DbExtensionCapabilityGrantStatus Status,
+    string? Reason,
+    string? PolicySource);
+
+public static class DbExtensionPolicies
+{
+    public const string DefaultHostCallbackPolicySource = "CSharpDB default host callback policy";
+
+    public static DbExtensionPolicy DefaultHostCallbackPolicy { get; } = new(
+        AllowExtensions: true,
+        Grants:
+        [
+            new DbExtensionCapabilityGrant(
+                DbExtensionCapability.ScalarFunctions,
+                DbExtensionCapabilityGrantStatus.Granted,
+                Reason: "Host-registered scalar functions are allowed by default.",
+                PolicySource: DefaultHostCallbackPolicySource),
+            new DbExtensionCapabilityGrant(
+                DbExtensionCapability.Commands,
+                DbExtensionCapabilityGrantStatus.Granted,
+                Reason: "Host-registered commands are allowed by default.",
+                PolicySource: DefaultHostCallbackPolicySource),
+            new DbExtensionCapabilityGrant(
+                DbExtensionCapability.ValidationRules,
+                DbExtensionCapabilityGrantStatus.Granted,
+                Reason: "Host-registered validation rules are allowed by default.",
+                PolicySource: DefaultHostCallbackPolicySource),
+        ],
+        DefaultTimeout: TimeSpan.FromSeconds(5),
+        RequireSignature: true,
+        AllowedHostModes: DbExtensionHostMode.Embedded);
+}
+
+public sealed class DbCallbackPolicyException : InvalidOperationException
+{
+    public DbCallbackPolicyException(
+        DbHostCallbackDescriptor callback,
+        DbExtensionPolicyDecision decision)
+        : base(CreateMessage(callback, decision))
+    {
+        Callback = callback;
+        Decision = decision;
+    }
+
+    public DbHostCallbackDescriptor Callback { get; }
+
+    public DbExtensionPolicyDecision Decision { get; }
+
+    private static string CreateMessage(
+        DbHostCallbackDescriptor callback,
+        DbExtensionPolicyDecision decision)
+        => $"Host callback '{callback.Name}' was denied by policy: {decision.DenialReason ?? "No denial reason was provided."}";
+}
+
+public sealed record DbExtensionInvocationRequest(
+    string ExtensionId,
+    DbExtensionExportKind Kind,
+    string Name,
+    IReadOnlyDictionary<string, DbValue> Arguments,
+    IReadOnlyDictionary<string, string>? Metadata = null,
+    string? CorrelationId = null,
+    DateTimeOffset? Deadline = null,
+    string? UserIdentity = null);
+
+public sealed record DbExtensionInvocationResult(
+    bool Succeeded,
+    string? Message = null,
+    DbValue Value = default,
+    IReadOnlyList<string>? Diagnostics = null,
+    IReadOnlyList<string>? Logs = null,
+    string? ErrorCode = null);
+
+public static class DbExtensionPolicyEvaluator
+{
+    private static readonly TimeSpan DefaultExecutionTimeout = TimeSpan.FromSeconds(5);
+
+    public static DbExtensionPolicyDecision Evaluate(
+        DbExtensionManifest manifest,
+        DbExtensionPolicy policy,
+        DbExtensionHostMode hostMode)
+    {
+        ArgumentNullException.ThrowIfNull(manifest);
+        ArgumentNullException.ThrowIfNull(policy);
+
+        IReadOnlyList<DbExtensionCapabilityDecision> capabilityDecisions =
+            EvaluateCapabilities(manifest.Capabilities, policy.Grants);
+
+        string? denialReason = null;
+        if (!policy.AllowExtensions)
+        {
+            denialReason = "Extension execution is disabled by host policy.";
+        }
+        else if ((policy.AllowedHostModes & hostMode) == 0)
+        {
+            denialReason = $"Extension execution is not allowed in {hostMode} mode.";
+        }
+        else if (RequiresArtifactSignature(manifest) &&
+            policy.RequireSignature &&
+            string.IsNullOrWhiteSpace(manifest.Signature))
+        {
+            denialReason = "Extension policy requires a signature.";
+        }
+        else
+        {
+            DbExtensionCapabilityDecision? deniedCapability = capabilityDecisions
+                .FirstOrDefault(static decision => decision.Status != DbExtensionCapabilityGrantStatus.Granted);
+            if (deniedCapability is not null)
+                denialReason = deniedCapability.Reason ?? $"Capability '{deniedCapability.Name}' is not granted.";
+        }
+
+        return new DbExtensionPolicyDecision(
+            Allowed: denialReason is null,
+            denialReason,
+            capabilityDecisions,
+            policy.DefaultTimeout ?? DefaultExecutionTimeout,
+            policy.MaxMemoryBytes);
+    }
+
+    public static DbExtensionPolicyDecision Evaluate(
+        DbHostCallbackDescriptor callback,
+        DbExtensionPolicy policy,
+        DbExtensionHostMode hostMode)
+    {
+        ArgumentNullException.ThrowIfNull(callback);
+        ArgumentNullException.ThrowIfNull(policy);
+
+        IReadOnlyList<DbExtensionCapabilityDecision> capabilityDecisions =
+            EvaluateCapabilities(callback.Capabilities, policy.Grants);
+
+        string? denialReason = null;
+        if (!policy.AllowExtensions)
+        {
+            denialReason = "Extension execution is disabled by host policy.";
+        }
+        else if ((policy.AllowedHostModes & hostMode) == 0)
+        {
+            denialReason = $"Extension execution is not allowed in {hostMode} mode.";
+        }
+        else
+        {
+            DbExtensionCapabilityDecision? deniedCapability = capabilityDecisions
+                .FirstOrDefault(static decision => decision.Status != DbExtensionCapabilityGrantStatus.Granted);
+            if (deniedCapability is not null)
+                denialReason = deniedCapability.Reason ?? $"Capability '{deniedCapability.Name}' is not granted.";
+        }
+
+        TimeSpan timeout = callback.Timeout ?? policy.DefaultTimeout ?? DefaultExecutionTimeout;
+        return new DbExtensionPolicyDecision(
+            Allowed: denialReason is null,
+            denialReason,
+            capabilityDecisions,
+            timeout,
+            policy.MaxMemoryBytes);
+    }
+
+    private static bool RequiresArtifactSignature(DbExtensionManifest manifest)
+        => manifest.Runtime == DbExtensionRuntimeKind.OutOfProcess;
+
+    private static IReadOnlyList<DbExtensionCapabilityDecision> EvaluateCapabilities(
+        IReadOnlyList<DbExtensionCapabilityRequest>? requests,
+        IReadOnlyList<DbExtensionCapabilityGrant>? grants)
+    {
+        if (requests is null || requests.Count == 0)
+            return [];
+
+        var decisions = new DbExtensionCapabilityDecision[requests.Count];
+        for (int i = 0; i < requests.Count; i++)
+        {
+            DbExtensionCapabilityRequest request = requests[i];
+            DbExtensionCapabilityGrant[] candidateGrants = (grants ?? [])
+                .Where(grant => grant.Name == request.Name)
+                .ToArray();
+            if (candidateGrants.Length == 0)
+            {
+                decisions[i] = new DbExtensionCapabilityDecision(
+                    request.Name,
+                    DbExtensionCapabilityGrantStatus.Denied,
+                    $"No grant exists for capability '{request.Name}'.",
+                    PolicySource: null);
+                continue;
+            }
+
+            DbExtensionCapabilityGrant? deniedGrant = candidateGrants
+                .Where(grant => grant.Status == DbExtensionCapabilityGrantStatus.Denied)
+                .FirstOrDefault(grant => GrantMatchesRequest(grant, request));
+            if (deniedGrant is not null)
+            {
+                decisions[i] = new DbExtensionCapabilityDecision(
+                    request.Name,
+                    DbExtensionCapabilityGrantStatus.Denied,
+                    deniedGrant.Reason ?? $"Capability '{request.Name}' is denied for {FormatRequestScope(request)}.",
+                    deniedGrant.PolicySource);
+                continue;
+            }
+
+            DbExtensionCapabilityGrant? grantedGrant = candidateGrants
+                .Where(grant => grant.Status == DbExtensionCapabilityGrantStatus.Granted)
+                .FirstOrDefault(grant => GrantMatchesRequest(grant, request));
+            if (grantedGrant is not null)
+            {
+                decisions[i] = new DbExtensionCapabilityDecision(
+                    request.Name,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    grantedGrant.Reason,
+                    grantedGrant.PolicySource);
+                continue;
+            }
+
+            decisions[i] = new DbExtensionCapabilityDecision(
+                request.Name,
+                DbExtensionCapabilityGrantStatus.Denied,
+                $"No grant for capability '{request.Name}' matches requested {FormatRequestScope(request)}.",
+                PolicySource: null);
+        }
+
+        return decisions;
+    }
+
+    private static bool GrantMatchesRequest(
+        DbExtensionCapabilityGrant grant,
+        DbExtensionCapabilityRequest request)
+        => MatchesStringScope(grant.Exports, request.Exports)
+            && MatchesStringScope(grant.Tables, request.Tables)
+            && MatchesDictionaryScope(grant.Scope, request.Scope);
+
+    private static bool MatchesStringScope(
+        IReadOnlyList<string>? grantValues,
+        IReadOnlyList<string>? requestValues)
+    {
+        if (grantValues is null || grantValues.Count == 0)
+            return true;
+
+        if (requestValues is null || requestValues.Count == 0)
+            return false;
+
+        var allowed = new HashSet<string>(
+            grantValues.Where(static value => !string.IsNullOrWhiteSpace(value)),
+            StringComparer.OrdinalIgnoreCase);
+        if (allowed.Contains("*"))
+            return true;
+
+        return requestValues
+            .Where(static value => !string.IsNullOrWhiteSpace(value))
+            .All(allowed.Contains);
+    }
+
+    private static bool MatchesDictionaryScope(
+        IReadOnlyDictionary<string, string>? grantScope,
+        IReadOnlyDictionary<string, string>? requestScope)
+    {
+        if (grantScope is null || grantScope.Count == 0)
+            return true;
+
+        if (requestScope is null || requestScope.Count == 0)
+            return false;
+
+        foreach ((string key, string expectedValue) in grantScope)
+        {
+            if (string.IsNullOrWhiteSpace(key))
+                continue;
+
+            if (!requestScope.TryGetValue(key, out string? actualValue))
+                return false;
+
+            if (!string.Equals(expectedValue, "*", StringComparison.Ordinal) &&
+                !string.Equals(expectedValue, actualValue, StringComparison.OrdinalIgnoreCase))
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private static string FormatRequestScope(DbExtensionCapabilityRequest request)
+    {
+        string exports = FormatScopeList(request.Exports);
+        string tables = FormatScopeList(request.Tables);
+        string scope = request.Scope is { Count: > 0 }
+            ? string.Join(", ", request.Scope
+                .OrderBy(static item => item.Key, StringComparer.OrdinalIgnoreCase)
+                .Select(static item => $"{item.Key}={item.Value}"))
+            : "*";
+
+        return $"exports [{exports}], tables [{tables}], scope [{scope}]";
+    }
+
+    private static string FormatScopeList(IReadOnlyList<string>? values)
+        => values is { Count: > 0 }
+            ? string.Join(", ", values)
+            : "*";
+}
diff --git a/src/CSharpDB.Primitives/DbFunctions.cs b/src/CSharpDB.Primitives/DbFunctions.cs
new file mode 100644
index 00000000..d4436c9f
--- /dev/null
+++ b/src/CSharpDB.Primitives/DbFunctions.cs
@@ -0,0 +1,293 @@
+namespace CSharpDB.Primitives;
+
+public delegate DbValue DbScalarFunctionDelegate(
+    DbScalarFunctionContext context,
+    ReadOnlySpan<DbValue> arguments);
+
+public sealed record DbScalarFunctionContext(string FunctionName)
+{
+    public IReadOnlyDictionary<string, string> Metadata { get; init; } = EmptyStringDictionary.Instance;
+
+    internal static DbScalarFunctionContext Create(
+        string functionName,
+        IReadOnlyDictionary<string, string>? metadata)
+        => new(functionName)
+        {
+            Metadata = metadata ?? EmptyStringDictionary.Instance,
+        };
+
+    private static class EmptyStringDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, string> Instance =
+            new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+    }
+}
+
+public sealed record DbScalarFunctionOptions(
+    DbType? ReturnType = null,
+    bool IsDeterministic = false,
+    bool NullPropagating = false,
+    string? Description = null,
+    IReadOnlyList<DbExtensionCapabilityRequest>? AdditionalCapabilities = null,
+    IReadOnlyDictionary<string, string>? Metadata = null,
+    bool CanRunWithoutFrom = false);
+
+public sealed class DbScalarFunctionDefinition
+{
+    private readonly DbScalarFunctionDelegate _invoke;
+
+    internal DbScalarFunctionDefinition(
+        string name,
+        int arity,
+        DbScalarFunctionOptions options,
+        DbScalarFunctionDelegate invoke)
+    {
+        Name = name;
+        Arity = arity;
+        Options = options;
+        Descriptor = DbHostCallbackDescriptorFactory.CreateScalar(name, arity, options);
+        _invoke = invoke;
+    }
+
+    public string Name { get; }
+
+    public int Arity { get; }
+
+    public DbScalarFunctionOptions Options { get; }
+
+    public DbHostCallbackDescriptor Descriptor { get; }
+
+    public DbValue Invoke(ReadOnlySpan<DbValue> arguments)
+        => Invoke(arguments, metadata: null);
+
+    public DbValue Invoke(
+        ReadOnlySpan<DbValue> arguments,
+        IReadOnlyDictionary<string, string>? metadata)
+        => InvokeCore(arguments, metadata, policyDecision: null);
+
+    public DbValue Invoke(
+        ReadOnlySpan<DbValue> arguments,
+        IReadOnlyDictionary<string, string>? metadata,
+        DbExtensionPolicy policy,
+        DbExtensionHostMode hostMode = DbExtensionHostMode.Embedded)
+    {
+        ArgumentNullException.ThrowIfNull(policy);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            Descriptor,
+            policy,
+            hostMode);
+        if (!decision.Allowed)
+        {
+            DbCallbackDiagnostics.WritePolicyDeniedInvocation(Descriptor, metadata, decision);
+            throw new DbCallbackPolicyException(Descriptor, decision);
+        }
+
+        return InvokeCore(arguments, metadata, decision);
+    }
+
+    private DbValue InvokeCore(
+        ReadOnlySpan<DbValue> arguments,
+        IReadOnlyDictionary<string, string>? metadata,
+        DbExtensionPolicyDecision? policyDecision)
+    {
+        DbScalarFunctionContext context = DbScalarFunctionContext.Create(Name, metadata);
+        if (!DbCallbackDiagnostics.IsInvocationEnabled)
+            return _invoke(context, arguments);
+
+        long started = DbCallbackDiagnostics.GetTimestamp();
+        try
+        {
+            DbValue result = _invoke(context, arguments);
+            DbCallbackDiagnostics.WriteScalarInvocation(
+                Name,
+                Arity,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: true,
+                canceled: false,
+                exceptionMessage: null,
+                policyDecision: policyDecision);
+            return result;
+        }
+        catch (OperationCanceledException ex)
+        {
+            DbCallbackDiagnostics.WriteScalarInvocation(
+                Name,
+                Arity,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: false,
+                canceled: true,
+                exceptionMessage: ex.Message,
+                policyDecision: policyDecision,
+                errorCode: "Canceled",
+                exceptionType: ex.GetType().FullName);
+            throw;
+        }
+        catch (Exception ex)
+        {
+            DbCallbackDiagnostics.WriteScalarInvocation(
+                Name,
+                Arity,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: false,
+                canceled: false,
+                exceptionMessage: ex.Message,
+                policyDecision: policyDecision,
+                errorCode: "Exception",
+                exceptionType: ex.GetType().FullName);
+            throw;
+        }
+    }
+}
+
+public sealed class DbFunctionRegistry
+{
+    private readonly Dictionary<string, Dictionary<int, DbScalarFunctionDefinition>> _scalarFunctions;
+    private readonly DbScalarFunctionDefinition[] _scalarFunctionList;
+    private readonly DbHostCallbackDescriptor[] _callbackList;
+
+    public static DbFunctionRegistry Empty { get; } = new();
+
+    private DbFunctionRegistry()
+    {
+        _scalarFunctions = new Dictionary<string, Dictionary<int, DbScalarFunctionDefinition>>(StringComparer.OrdinalIgnoreCase);
+        _scalarFunctionList = [];
+        _callbackList = [];
+    }
+
+    internal DbFunctionRegistry(Dictionary<string, Dictionary<int, DbScalarFunctionDefinition>> scalarFunctions)
+    {
+        _scalarFunctions = scalarFunctions;
+        _scalarFunctionList = scalarFunctions.Values
+            .SelectMany(static byArity => byArity.Values)
+            .OrderBy(static definition => definition.Name, StringComparer.OrdinalIgnoreCase)
+            .ThenBy(static definition => definition.Arity)
+            .ToArray();
+        _callbackList = _scalarFunctionList
+            .Select(static definition => definition.Descriptor)
+            .ToArray();
+    }
+
+    public IReadOnlyCollection<DbScalarFunctionDefinition> ScalarFunctions => _scalarFunctionList;
+
+    public IReadOnlyCollection<DbHostCallbackDescriptor> Callbacks => _callbackList;
+
+    public static DbFunctionRegistry Create(Action<DbFunctionRegistryBuilder> configure)
+    {
+        ArgumentNullException.ThrowIfNull(configure);
+
+        var builder = new DbFunctionRegistryBuilder();
+        configure(builder);
+        return builder.Build();
+    }
+
+    public bool TryGetScalar(string name, int arity, out DbScalarFunctionDefinition definition)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+
+        if (_scalarFunctions.TryGetValue(name, out var byArity) &&
+            byArity.TryGetValue(arity, out definition!))
+        {
+            return true;
+        }
+
+        definition = null!;
+        return false;
+    }
+
+    public bool ContainsScalarName(string name)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+        return _scalarFunctions.ContainsKey(name);
+    }
+}
+
+public sealed class DbFunctionRegistryBuilder
+{
+    private static readonly HashSet<string> s_reservedFunctionNames = new(StringComparer.OrdinalIgnoreCase)
+    {
+        "TEXT",
+        "COUNT",
+        "SUM",
+        "AVG",
+        "MIN",
+        "MAX",
+    };
+
+    private readonly Dictionary<string, Dictionary<int, DbScalarFunctionDefinition>> _scalarFunctions =
+        new(StringComparer.OrdinalIgnoreCase);
+
+    public DbFunctionRegistryBuilder AddScalar(
+        string name,
+        int arity,
+        DbScalarFunctionOptions? options,
+        DbScalarFunctionDelegate invoke)
+    {
+        string normalizedName = ValidateFunctionName(name);
+        ArgumentOutOfRangeException.ThrowIfNegative(arity);
+        ArgumentNullException.ThrowIfNull(invoke);
+
+        if (s_reservedFunctionNames.Contains(normalizedName))
+            throw new ArgumentException($"Function name '{name}' is reserved and cannot be overridden.", nameof(name));
+
+        if (_scalarFunctions.ContainsKey(normalizedName))
+            throw new ArgumentException($"Scalar function '{name}' is already registered.", nameof(name));
+
+        var byArity = new Dictionary<int, DbScalarFunctionDefinition>();
+        _scalarFunctions.Add(normalizedName, byArity);
+
+        byArity.Add(
+            arity,
+            new DbScalarFunctionDefinition(
+                normalizedName,
+                arity,
+                options ?? new DbScalarFunctionOptions(),
+                invoke));
+        return this;
+    }
+
+    public DbFunctionRegistryBuilder AddScalar(
+        string name,
+        int arity,
+        DbScalarFunctionDelegate invoke)
+        => AddScalar(name, arity, options: null, invoke);
+
+    public DbFunctionRegistry Build()
+    {
+        if (_scalarFunctions.Count == 0)
+            return DbFunctionRegistry.Empty;
+
+        var copy = new Dictionary<string, Dictionary<int, DbScalarFunctionDefinition>>(StringComparer.OrdinalIgnoreCase);
+        foreach ((string name, Dictionary<int, DbScalarFunctionDefinition> byArity) in _scalarFunctions)
+            copy[name] = new Dictionary<int, DbScalarFunctionDefinition>(byArity);
+
+        return new DbFunctionRegistry(copy);
+    }
+
+    internal static bool IsReservedFunctionName(string name)
+        => s_reservedFunctionNames.Contains(name);
+
+    private static string ValidateFunctionName(string name)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+
+        string trimmed = name.Trim();
+        if (!IsIdentifierStart(trimmed[0]))
+            throw new ArgumentException($"Function name '{name}' is not a valid SQL identifier.", nameof(name));
+
+        for (int i = 1; i < trimmed.Length; i++)
+        {
+            char ch = trimmed[i];
+            if (!char.IsLetterOrDigit(ch) && ch != '_')
+                throw new ArgumentException($"Function name '{name}' is not a valid SQL identifier.", nameof(name));
+        }
+
+        return trimmed;
+    }
+
+    private static bool IsIdentifierStart(char value)
+        => char.IsLetter(value) || value == '_';
+}
diff --git a/src/CSharpDB.Primitives/DbHostCallbacks.cs b/src/CSharpDB.Primitives/DbHostCallbacks.cs
new file mode 100644
index 00000000..9548ecd7
--- /dev/null
+++ b/src/CSharpDB.Primitives/DbHostCallbacks.cs
@@ -0,0 +1,78 @@
+namespace CSharpDB.Primitives;
+
+public sealed record DbHostCallbackDescriptor(
+    AutomationCallbackKind Kind,
+    string Name,
+    DbExtensionRuntimeKind Runtime,
+    IReadOnlyList<DbExtensionCapabilityRequest> Capabilities,
+    int? Arity = null,
+    DbType? ReturnType = null,
+    string? Description = null,
+    bool IsDeterministic = false,
+    bool NullPropagating = false,
+    TimeSpan? Timeout = null,
+    bool IsLongRunning = false,
+    IReadOnlyDictionary<string, string>? Metadata = null,
+    bool CanRunWithoutFrom = false);
+
+internal static class DbHostCallbackDescriptorFactory
+{
+    public static DbHostCallbackDescriptor CreateScalar(
+        string name,
+        int arity,
+        DbScalarFunctionOptions options)
+        => new(
+            AutomationCallbackKind.ScalarFunction,
+            name,
+            DbExtensionRuntimeKind.HostCallback,
+            CreateCapabilities(DbExtensionCapability.ScalarFunctions, name, options.AdditionalCapabilities),
+            Arity: arity,
+            ReturnType: options.ReturnType,
+            Description: options.Description,
+            IsDeterministic: options.IsDeterministic,
+            NullPropagating: options.NullPropagating,
+            Metadata: options.Metadata,
+            CanRunWithoutFrom: options.CanRunWithoutFrom);
+
+    public static DbHostCallbackDescriptor CreateCommand(
+        string name,
+        DbCommandOptions options)
+        => new(
+            AutomationCallbackKind.Command,
+            name,
+            DbExtensionRuntimeKind.HostCallback,
+            CreateCapabilities(DbExtensionCapability.Commands, name, options.AdditionalCapabilities),
+            Description: options.Description,
+            Timeout: options.Timeout,
+            IsLongRunning: options.IsLongRunning,
+            Metadata: options.Metadata);
+
+    public static DbHostCallbackDescriptor CreateValidationRule(
+        string name,
+        DbValidationRuleOptions options)
+        => new(
+            AutomationCallbackKind.ValidationRule,
+            name,
+            DbExtensionRuntimeKind.HostCallback,
+            CreateCapabilities(DbExtensionCapability.ValidationRules, name, options.AdditionalCapabilities),
+            Description: options.Description,
+            Timeout: options.Timeout,
+            IsLongRunning: options.IsLongRunning,
+            Metadata: options.Metadata);
+
+    private static IReadOnlyList<DbExtensionCapabilityRequest> CreateCapabilities(
+        DbExtensionCapability baseCapability,
+        string exportName,
+        IReadOnlyList<DbExtensionCapabilityRequest>? additionalCapabilities)
+    {
+        var capabilities = new List<DbExtensionCapabilityRequest>
+        {
+            new(baseCapability, Exports: [exportName]),
+        };
+
+        if (additionalCapabilities is { Count: > 0 })
+            capabilities.AddRange(additionalCapabilities);
+
+        return capabilities;
+    }
+}
diff --git a/src/CSharpDB.Primitives/DbValidationRules.cs b/src/CSharpDB.Primitives/DbValidationRules.cs
new file mode 100644
index 00000000..c11f0820
--- /dev/null
+++ b/src/CSharpDB.Primitives/DbValidationRules.cs
@@ -0,0 +1,411 @@
+namespace CSharpDB.Primitives;
+
+public enum DbValidationRuleScope
+{
+    Field = 0,
+    Form = 1,
+}
+
+public delegate ValueTask<DbValidationRuleResult> DbValidationRuleDelegate(
+    DbValidationRuleContext context,
+    CancellationToken ct);
+
+public sealed record DbValidationFailure(
+    string? FieldName,
+    string Message,
+    string? RuleId = null);
+
+public sealed record DbValidationRuleResult(
+    bool Succeeded,
+    IReadOnlyList<DbValidationFailure>? Failures = null,
+    string? Message = null)
+{
+    public static DbValidationRuleResult Success(string? message = null)
+        => new(true, Failures: [], message);
+
+    public static DbValidationRuleResult Failure(string message, string? fieldName = null, string? ruleId = null)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(message);
+        return new(false, [new DbValidationFailure(fieldName, message, ruleId)], message);
+    }
+
+    public static DbValidationRuleResult Failure(IEnumerable<DbValidationFailure> failures, string? message = null)
+    {
+        ArgumentNullException.ThrowIfNull(failures);
+        DbValidationFailure[] failureList = failures
+            .Where(static failure => !string.IsNullOrWhiteSpace(failure.Message))
+            .ToArray();
+
+        return new(false, failureList, message);
+    }
+}
+
+public sealed record DbValidationRuleContext(
+    string RuleName,
+    DbValidationRuleScope Scope,
+    IReadOnlyDictionary<string, DbValue> Record,
+    IReadOnlyDictionary<string, DbValue> Parameters,
+    IReadOnlyDictionary<string, string> Metadata)
+{
+    public string? FormId { get; init; }
+    public string? FormName { get; init; }
+    public string? TableName { get; init; }
+    public string? ControlId { get; init; }
+    public string? FieldName { get; init; }
+    public DbValue Value { get; init; } = DbValue.Null;
+    public string? FallbackMessage { get; init; }
+
+    public static DbValidationRuleContext Create(
+        string ruleName,
+        DbValidationRuleScope scope,
+        IReadOnlyDictionary<string, DbValue>? record = null,
+        IReadOnlyDictionary<string, DbValue>? parameters = null,
+        IReadOnlyDictionary<string, string>? metadata = null)
+        => new(
+            ruleName,
+            scope,
+            record ?? EmptyDbValueDictionary.Instance,
+            parameters ?? EmptyDbValueDictionary.Instance,
+            metadata ?? EmptyStringDictionary.Instance);
+
+    private static class EmptyDbValueDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, DbValue> Instance =
+            new Dictionary<string, DbValue>(StringComparer.OrdinalIgnoreCase);
+    }
+
+    private static class EmptyStringDictionary
+    {
+        public static readonly IReadOnlyDictionary<string, string> Instance =
+            new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+    }
+}
+
+public sealed record DbValidationRuleOptions(
+    string? Description = null,
+    TimeSpan? Timeout = null,
+    bool IsLongRunning = false,
+    IReadOnlyList<DbExtensionCapabilityRequest>? AdditionalCapabilities = null,
+    IReadOnlyDictionary<string, string>? Metadata = null);
+
+public sealed class DbValidationRuleDefinition
+{
+    private const string ValidationTimeoutDataKey = "CSharpDB.ValidationRuleTimedOut";
+    private readonly DbValidationRuleDelegate _invoke;
+
+    internal DbValidationRuleDefinition(
+        string name,
+        DbValidationRuleOptions options,
+        DbValidationRuleDelegate invoke)
+    {
+        Name = name;
+        Options = options;
+        Descriptor = DbHostCallbackDescriptorFactory.CreateValidationRule(name, options);
+        _invoke = invoke;
+    }
+
+    public string Name { get; }
+
+    public DbValidationRuleOptions Options { get; }
+
+    public DbHostCallbackDescriptor Descriptor { get; }
+
+    public ValueTask<DbValidationRuleResult> InvokeAsync(
+        DbValidationRuleContext context,
+        CancellationToken ct = default)
+    {
+        ArgumentNullException.ThrowIfNull(context);
+
+        if (DbCallbackDiagnostics.IsInvocationEnabled)
+            return InvokeWithDiagnosticsAsync(context, ct);
+
+        return InvokeCoreAsync(context, ct);
+    }
+
+    public ValueTask<DbValidationRuleResult> InvokeAsync(
+        DbValidationRuleContext context,
+        DbExtensionPolicy policy,
+        DbExtensionHostMode hostMode = DbExtensionHostMode.Embedded,
+        CancellationToken ct = default)
+    {
+        ArgumentNullException.ThrowIfNull(context);
+        ArgumentNullException.ThrowIfNull(policy);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            Descriptor,
+            policy,
+            hostMode);
+
+        if (!decision.Allowed)
+        {
+            DbCallbackDiagnostics.WritePolicyDeniedInvocation(Descriptor, context.Metadata, decision);
+            throw new DbCallbackPolicyException(Descriptor, decision);
+        }
+
+        if (DbCallbackDiagnostics.IsInvocationEnabled)
+            return InvokeWithDiagnosticsAsync(context, ct, decision.Timeout, decision);
+
+        return InvokeCoreAsync(context, ct, decision.Timeout);
+    }
+
+    private ValueTask<DbValidationRuleResult> InvokeCoreAsync(
+        DbValidationRuleContext context,
+        CancellationToken ct,
+        TimeSpan? timeoutOverride = null)
+    {
+        TimeSpan? timeout = timeoutOverride ?? Options.Timeout;
+        return timeout is { } value
+            ? InvokeWithTimeoutAsync(context, value, ct)
+            : _invoke(context, ct);
+    }
+
+    private async ValueTask<DbValidationRuleResult> InvokeWithDiagnosticsAsync(
+        DbValidationRuleContext context,
+        CancellationToken ct,
+        TimeSpan? timeoutOverride = null,
+        DbExtensionPolicyDecision? policyDecision = null)
+    {
+        long started = DbCallbackDiagnostics.GetTimestamp();
+        try
+        {
+            DbValidationRuleResult result = await InvokeCoreAsync(context, ct, timeoutOverride).ConfigureAwait(false);
+            DbCallbackDiagnostics.WriteValidationInvocation(
+                Name,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: result.Succeeded,
+                timedOut: false,
+                canceled: false,
+                result.Message,
+                exceptionMessage: null,
+                policyDecision: policyDecision);
+            return result;
+        }
+        catch (TimeoutException ex) when (IsValidationTimeoutException(ex))
+        {
+            DbCallbackDiagnostics.WriteValidationInvocation(
+                Name,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: false,
+                timedOut: true,
+                canceled: false,
+                resultMessage: null,
+                exceptionMessage: ex.Message,
+                policyDecision: policyDecision,
+                errorCode: "Timeout",
+                exceptionType: ex.GetType().FullName);
+            throw;
+        }
+        catch (OperationCanceledException ex)
+        {
+            DbCallbackDiagnostics.WriteValidationInvocation(
+                Name,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: false,
+                timedOut: false,
+                canceled: true,
+                resultMessage: null,
+                exceptionMessage: ex.Message,
+                policyDecision: policyDecision,
+                errorCode: "Canceled",
+                exceptionType: ex.GetType().FullName);
+            throw;
+        }
+        catch (Exception ex)
+        {
+            DbCallbackDiagnostics.WriteValidationInvocation(
+                Name,
+                context.Metadata,
+                DbCallbackDiagnostics.GetElapsedTime(started),
+                succeeded: false,
+                timedOut: false,
+                canceled: false,
+                resultMessage: null,
+                exceptionMessage: ex.Message,
+                policyDecision: policyDecision,
+                errorCode: "Exception",
+                exceptionType: ex.GetType().FullName);
+            throw;
+        }
+    }
+
+    private async ValueTask<DbValidationRuleResult> InvokeWithTimeoutAsync(
+        DbValidationRuleContext context,
+        TimeSpan timeout,
+        CancellationToken ct)
+    {
+        using var timeoutCts = new CancellationTokenSource(timeout);
+        using var linkedCts = CancellationTokenSource.CreateLinkedTokenSource(ct, timeoutCts.Token);
+
+        try
+        {
+            ValueTask<DbValidationRuleResult> invocation = _invoke(context, linkedCts.Token);
+            if (invocation.IsCompletedSuccessfully)
+                return invocation.Result;
+
+            return await invocation.AsTask().WaitAsync(linkedCts.Token).ConfigureAwait(false);
+        }
+        catch (OperationCanceledException ex) when (timeoutCts.IsCancellationRequested && !ct.IsCancellationRequested)
+        {
+            throw CreateTimeoutException(timeout, ex);
+        }
+    }
+
+    private TimeoutException CreateTimeoutException(TimeSpan timeout, Exception inner)
+    {
+        var exception = new TimeoutException($"Validation rule '{Name}' timed out after {FormatTimeout(timeout)}.", inner);
+        exception.Data[ValidationTimeoutDataKey] = true;
+        return exception;
+    }
+
+    private static bool IsValidationTimeoutException(TimeoutException exception)
+        => exception.Data[ValidationTimeoutDataKey] is true;
+
+    private static string FormatTimeout(TimeSpan timeout)
+        => timeout.TotalMilliseconds < 1000
+            ? $"{timeout.TotalMilliseconds:0.###}ms"
+            : $"{timeout.TotalSeconds:0.###}s";
+}
+
+public sealed class DbValidationRuleRegistry
+{
+    private readonly Dictionary<string, DbValidationRuleDefinition> _rules;
+    private readonly DbValidationRuleDefinition[] _ruleList;
+    private readonly DbHostCallbackDescriptor[] _callbackList;
+
+    public static DbValidationRuleRegistry Empty { get; } = new();
+
+    private DbValidationRuleRegistry()
+    {
+        _rules = new Dictionary<string, DbValidationRuleDefinition>(StringComparer.OrdinalIgnoreCase);
+        _ruleList = [];
+        _callbackList = [];
+    }
+
+    internal DbValidationRuleRegistry(Dictionary<string, DbValidationRuleDefinition> rules)
+    {
+        _rules = rules;
+        _ruleList = rules.Values
+            .OrderBy(static definition => definition.Name, StringComparer.OrdinalIgnoreCase)
+            .ToArray();
+        _callbackList = _ruleList
+            .Select(static definition => definition.Descriptor)
+            .ToArray();
+    }
+
+    public IReadOnlyCollection<DbValidationRuleDefinition> Rules => _ruleList;
+
+    public IReadOnlyCollection<DbHostCallbackDescriptor> Callbacks => _callbackList;
+
+    public static DbValidationRuleRegistry Create(Action<DbValidationRuleRegistryBuilder> configure)
+    {
+        ArgumentNullException.ThrowIfNull(configure);
+
+        var builder = new DbValidationRuleRegistryBuilder();
+        configure(builder);
+        return builder.Build();
+    }
+
+    public bool TryGetRule(string name, out DbValidationRuleDefinition definition)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+
+        if (_rules.TryGetValue(name, out definition!))
+            return true;
+
+        definition = null!;
+        return false;
+    }
+
+    public bool ContainsRuleName(string name)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+        return _rules.ContainsKey(name);
+    }
+}
+
+public sealed class DbValidationRuleRegistryBuilder
+{
+    private readonly Dictionary<string, DbValidationRuleDefinition> _rules =
+        new(StringComparer.OrdinalIgnoreCase);
+
+    public DbValidationRuleRegistryBuilder AddRule(
+        string name,
+        DbValidationRuleOptions? options,
+        DbValidationRuleDelegate invoke)
+    {
+        string normalizedName = ValidateRuleName(name);
+        ValidateRuleOptions(options);
+        ArgumentNullException.ThrowIfNull(invoke);
+
+        if (_rules.ContainsKey(normalizedName))
+            throw new ArgumentException($"Validation rule '{name}' is already registered.", nameof(name));
+
+        _rules.Add(
+            normalizedName,
+            new DbValidationRuleDefinition(
+                normalizedName,
+                options ?? new DbValidationRuleOptions(),
+                invoke));
+        return this;
+    }
+
+    public DbValidationRuleRegistryBuilder AddRule(
+        string name,
+        DbValidationRuleDelegate invoke)
+        => AddRule(name, options: null, invoke);
+
+    public DbValidationRuleRegistryBuilder AddRule(
+        string name,
+        DbValidationRuleOptions? options,
+        Func<DbValidationRuleContext, DbValidationRuleResult> invoke)
+    {
+        ArgumentNullException.ThrowIfNull(invoke);
+        return AddRule(
+            name,
+            options,
+            (context, _) => ValueTask.FromResult(invoke(context)));
+    }
+
+    public DbValidationRuleRegistryBuilder AddRule(
+        string name,
+        Func<DbValidationRuleContext, DbValidationRuleResult> invoke)
+        => AddRule(name, options: null, invoke);
+
+    public DbValidationRuleRegistry Build()
+    {
+        if (_rules.Count == 0)
+            return DbValidationRuleRegistry.Empty;
+
+        return new DbValidationRuleRegistry(new Dictionary<string, DbValidationRuleDefinition>(_rules, StringComparer.OrdinalIgnoreCase));
+    }
+
+    private static string ValidateRuleName(string name)
+    {
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+
+        string trimmed = name.Trim();
+        if (!IsIdentifierStart(trimmed[0]))
+            throw new ArgumentException($"Validation rule name '{name}' is not a valid identifier.", nameof(name));
+
+        for (int i = 1; i < trimmed.Length; i++)
+        {
+            char ch = trimmed[i];
+            if (!char.IsLetterOrDigit(ch) && ch != '_')
+                throw new ArgumentException($"Validation rule name '{name}' is not a valid identifier.", nameof(name));
+        }
+
+        return trimmed;
+    }
+
+    private static void ValidateRuleOptions(DbValidationRuleOptions? options)
+    {
+        if (options?.Timeout is { } timeout && timeout <= TimeSpan.Zero)
+            throw new ArgumentOutOfRangeException(nameof(options), timeout, "Validation rule timeout must be greater than zero.");
+    }
+
+    private static bool IsIdentifierStart(char value)
+        => char.IsLetter(value) || value == '_';
+}
diff --git a/src/CSharpDB.Primitives/README.md b/src/CSharpDB.Primitives/README.md
index ad5c9645..6b705df6 100644
--- a/src/CSharpDB.Primitives/README.md
+++ b/src/CSharpDB.Primitives/README.md
@@ -27,6 +27,9 @@ dotnet add package CSharpDB
 | `ColumnDefinition` | Column metadata: name, type, nullability, primary key flag, and identity flag |
 | `IndexSchema` | Index metadata: name, table, columns, uniqueness |
 | `TriggerSchema` | Trigger metadata: name, table, timing, event, and body SQL |
+| `DbFunctionRegistry` | Host-registered trusted scalar functions for SQL and expression surfaces |
+| `DbCommandRegistry` | Host-registered trusted commands for Forms, Reports, and pipeline automation surfaces |
+| `DbCommandOptions` | Command description plus optional timeout and long-running metadata |
 | `CSharpDbException` | Typed exception with `ErrorCode` covering 15+ error conditions |
 
 ## Usage
diff --git a/src/CSharpDB.Sql/Ast.cs b/src/CSharpDB.Sql/Ast.cs
index 368a16fa..11aed7d6 100644
--- a/src/CSharpDB.Sql/Ast.cs
+++ b/src/CSharpDB.Sql/Ast.cs
@@ -85,6 +85,10 @@ public sealed class SimpleTableRef : TableRef
     public string? Alias { get; init; }
 }
 
+public sealed class SingleRowTableRef : TableRef
+{
+}
+
 public sealed class JoinTableRef : TableRef
 {
     public required TableRef Left { get; init; }
diff --git a/src/CSharpDB.Sql/Parser.cs b/src/CSharpDB.Sql/Parser.cs
index 2710cdb8..aa4b19e4 100644
--- a/src/CSharpDB.Sql/Parser.cs
+++ b/src/CSharpDB.Sql/Parser.cs
@@ -1908,8 +1908,9 @@ private SelectStatement ParseSelectCore()
             } while (TryConsume(TokenType.Comma));
         }
 
-        Expect(TokenType.From);
-        var from = ParseTableRef();
+        TableRef from = TryConsume(TokenType.From)
+            ? ParseTableRef()
+            : new SingleRowTableRef();
 
         Expression? where = null;
         if (Peek().Type == TokenType.Where)
@@ -2428,7 +2429,14 @@ private Expression ParseFunctionCall(Token token, bool allowAggregateModifiers)
         bool isDistinct = false;
         var args = new List<Expression>();
 
-        if (allowAggregateModifiers && Peek().Type == TokenType.Star)
+        if (Peek().Type == TokenType.RightParen)
+        {
+            if (allowAggregateModifiers)
+                throw Error($"{funcName}() requires an argument.");
+
+            // Zero-argument scalar functions, e.g. Date().
+        }
+        else if (allowAggregateModifiers && Peek().Type == TokenType.Star)
         {
             Advance();
             isStar = true;
@@ -2444,7 +2452,10 @@ private Expression ParseFunctionCall(Token token, bool allowAggregateModifiers)
                 isDistinct = true;
             }
 
-            args.Add(ParseExpression());
+            do
+            {
+                args.Add(ParseExpression());
+            } while (TryConsume(TokenType.Comma));
         }
 
         Expect(TokenType.RightParen);
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Admin/AdminClientOptionsBuilderTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Admin/AdminClientOptionsBuilderTests.cs
index 52e90d92..b1598985 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Admin/AdminClientOptionsBuilderTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Admin/AdminClientOptionsBuilderTests.cs
@@ -1,6 +1,7 @@
 using CSharpDB.Admin.Configuration;
 using CSharpDB.Client;
 using CSharpDB.Engine;
+using CSharpDB.Primitives;
 using Microsoft.Extensions.Configuration;
 
 namespace CSharpDB.Admin.Forms.Tests.Admin;
@@ -97,6 +98,26 @@ public void Build_DirectEndpointUsesHybridOptions()
         Assert.NotNull(options.HybridDatabaseOptions);
     }
 
+    [Fact]
+    public void Build_DirectConnectionStringAttachesFunctionRegistry()
+    {
+        IConfiguration configuration = CreateConfiguration(new Dictionary<string, string?>
+        {
+            ["ConnectionStrings:CSharpDB"] = "Data Source=admin.db",
+        });
+        AdminHostDatabaseOptions hostOptions = AdminClientOptionsBuilder.BindHostDatabaseOptions(configuration);
+        DbFunctionRegistry functions = CreateFunctionRegistry();
+
+        CSharpDbClientOptions options = AdminClientOptionsBuilder.Build(
+            configuration,
+            hostOptions,
+            CSharpDbTransport.Direct,
+            endpoint: null,
+            functions);
+
+        Assert.Same(functions, options.DirectDatabaseOptions!.Functions);
+    }
+
     [Fact]
     public void BuildDirectDataSource_UsesHybridOptionsForDatabaseSwitches()
     {
@@ -113,8 +134,46 @@ public void BuildDirectDataSource_UsesHybridOptionsForDatabaseSwitches()
         Assert.Equal(HybridPersistenceMode.IncrementalDurable, options.HybridDatabaseOptions.PersistenceMode);
     }
 
+    [Fact]
+    public void BuildDirectDataSource_AttachesFunctionRegistry()
+    {
+        AdminHostDatabaseOptions hostOptions = new();
+        DbFunctionRegistry functions = CreateFunctionRegistry();
+
+        CSharpDbClientOptions options = AdminClientOptionsBuilder.BuildDirectDataSource(
+            @"C:\data\switched.db",
+            hostOptions,
+            functions);
+
+        Assert.Same(functions, options.DirectDatabaseOptions!.Functions);
+    }
+
+    [Fact]
+    public void Build_RemoteEndpointIgnoresFunctionRegistry()
+    {
+        IConfiguration configuration = CreateConfiguration(new Dictionary<string, string?>());
+        AdminHostDatabaseOptions hostOptions = AdminClientOptionsBuilder.BindHostDatabaseOptions(configuration);
+
+        CSharpDbClientOptions options = AdminClientOptionsBuilder.Build(
+            configuration,
+            hostOptions,
+            CSharpDbTransport.Grpc,
+            "http://127.0.0.1:5820",
+            CreateFunctionRegistry());
+
+        Assert.Null(options.DirectDatabaseOptions);
+    }
+
     private static IConfiguration CreateConfiguration(Dictionary<string, string?> values)
         => new ConfigurationBuilder()
             .AddInMemoryCollection(values)
             .Build();
+
+    private static DbFunctionRegistry CreateFunctionRegistry()
+        => DbFunctionRegistry.Create(functions =>
+            functions.AddScalar(
+                "AddOne",
+                1,
+                new DbScalarFunctionOptions(DbType.Integer),
+                static (_, args) => DbValue.FromInteger(args[0].AsInteger + 1)));
 }
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Admin/AdminHostCallbacksTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Admin/AdminHostCallbacksTests.cs
new file mode 100644
index 00000000..f3a07aef
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Admin/AdminHostCallbacksTests.cs
@@ -0,0 +1,65 @@
+using CSharpDB.Admin.Configuration;
+using CSharpDB.Admin.Services;
+using CSharpDB.Client;
+
+namespace CSharpDB.Admin.Forms.Tests.Admin;
+
+public sealed class AdminHostCallbacksTests
+{
+    [Fact]
+    public async Task DefaultFunctionRegistry_IsAvailableToDirectClientSql()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        string dbPath = Path.Combine(Path.GetTempPath(), $"csharpdb_admin_callbacks_{Guid.NewGuid():N}.db");
+
+        try
+        {
+            await using ICSharpDbClient client = CSharpDbClient.Create(
+                AdminClientOptionsBuilder.BuildDirectDataSource(
+                    dbPath,
+                    new AdminHostDatabaseOptions { OpenMode = AdminHostOpenMode.Direct },
+                    AdminHostCallbacks.CreateFunctionRegistry()));
+
+            Assert.Null((await client.ExecuteSqlAsync("CREATE TABLE inputs (value TEXT);", ct)).Error);
+            Assert.Null((await client.ExecuteSqlAsync("INSERT INTO inputs VALUES ('Hello From Admin');", ct)).Error);
+
+            var result = await client.ExecuteSqlAsync("SELECT Slugify(value) FROM inputs;", ct);
+
+            Assert.Null(result.Error);
+            Assert.NotNull(result.Rows);
+            Assert.Equal("hello-from-admin", result.Rows![0][0]);
+        }
+        finally
+        {
+            DeleteIfExists(dbPath);
+            DeleteIfExists(dbPath + ".wal");
+        }
+    }
+
+    [Fact]
+    public async Task DefaultCommandRegistry_ProvidesExecutableEchoCommand()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        var registry = AdminHostCallbacks.CreateCommandRegistry();
+
+        Assert.True(registry.TryGetCommand("EchoAutomationEvent", out var command));
+
+        var result = await command.InvokeAsync(
+            metadata: new Dictionary<string, string>
+            {
+                ["surface"] = "AdminForms",
+                ["event"] = "BeforeInsert",
+            },
+            ct: ct);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal("Received AdminForms.BeforeInsert.", result.Message);
+        Assert.Equal("Received AdminForms.BeforeInsert.", result.Value.AsText);
+    }
+
+    private static void DeleteIfExists(string path)
+    {
+        if (File.Exists(path))
+            File.Delete(path);
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Admin/HostCallbackCatalogServiceTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Admin/HostCallbackCatalogServiceTests.cs
new file mode 100644
index 00000000..238dc43d
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Admin/HostCallbackCatalogServiceTests.cs
@@ -0,0 +1,567 @@
+using System.Text.Json;
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Reports.Contracts;
+using CSharpDB.Admin.Reports.Models;
+using CSharpDB.Admin.Services;
+using CSharpDB.Client;
+using CSharpDB.Primitives;
+using Microsoft.Extensions.DependencyInjection;
+using FormPropertyBag = CSharpDB.Admin.Forms.Models.PropertyBag;
+using FormRect = CSharpDB.Admin.Forms.Models.Rect;
+using ReportPropertyBag = CSharpDB.Admin.Reports.Models.PropertyBag;
+using ReportRect = CSharpDB.Admin.Reports.Models.Rect;
+
+namespace CSharpDB.Admin.Forms.Tests.Admin;
+
+public class HostCallbackCatalogServiceTests
+{
+    [Fact]
+    public void GetCallbacks_ReturnsRegisteredFunctionsAndCommandsInStableOrder()
+    {
+        DbFunctionRegistry functions = DbFunctionRegistry.Create(builder =>
+            builder.AddScalar(
+                "normalize_name",
+                1,
+                new DbScalarFunctionOptions(
+                    ReturnType: DbType.Text,
+                    IsDeterministic: true,
+                    Description: "Normalize a display name."),
+                static (_, _) => DbValue.Null));
+
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+            builder.AddCommand(
+                "refresh_cache",
+                new DbCommandOptions(
+                    Description: "Refresh cached projections.",
+                    Timeout: TimeSpan.FromSeconds(2),
+                    AdditionalCapabilities:
+                    [
+                        new DbExtensionCapabilityRequest(DbExtensionCapability.ReadDatabase, Reason: "Read source rows.")
+                    ]),
+                static _ => DbCommandResult.Success()));
+
+        using ServiceProvider provider = new ServiceCollection()
+            .AddSingleton(functions)
+            .AddSingleton(commands)
+            .AddScoped<HostCallbackCatalogService>()
+            .BuildServiceProvider();
+
+        HostCallbackCatalogService catalog = provider.GetRequiredService<HostCallbackCatalogService>();
+
+        IReadOnlyList<DbHostCallbackDescriptor> callbacks = catalog.GetCallbacks();
+
+        Assert.Collection(
+            callbacks,
+            scalar =>
+            {
+                Assert.Equal(AutomationCallbackKind.ScalarFunction, scalar.Kind);
+                Assert.Equal("normalize_name", scalar.Name);
+                Assert.Equal(1, scalar.Arity);
+                Assert.Equal(DbType.Text, scalar.ReturnType);
+                Assert.True(scalar.IsDeterministic);
+                Assert.Contains(scalar.Capabilities, capability =>
+                    capability.Name == DbExtensionCapability.ScalarFunctions
+                    && capability.Exports is not null
+                    && capability.Exports.Contains("normalize_name"));
+            },
+            command =>
+            {
+                Assert.Equal(AutomationCallbackKind.Command, command.Kind);
+                Assert.Equal("refresh_cache", command.Name);
+                Assert.Equal(TimeSpan.FromSeconds(2), command.Timeout);
+                Assert.Contains(command.Capabilities, capability => capability.Name == DbExtensionCapability.Commands);
+                Assert.Contains(command.Capabilities, capability => capability.Name == DbExtensionCapability.ReadDatabase);
+            });
+    }
+
+    [Fact]
+    public void GetCallbacks_AdminHostDefaultsExposeScalarAndCommandCallbacks()
+    {
+        using ServiceProvider provider = new ServiceCollection()
+            .AddSingleton(AdminHostCallbacks.CreateFunctionRegistry())
+            .AddSingleton(AdminHostCallbacks.CreateCommandRegistry())
+            .AddScoped<HostCallbackCatalogService>()
+            .BuildServiceProvider();
+
+        HostCallbackCatalogService catalog = provider.GetRequiredService<HostCallbackCatalogService>();
+
+        IReadOnlyList<DbHostCallbackDescriptor> callbacks = catalog.GetCallbacks();
+
+        DbHostCallbackDescriptor slugify = Assert.Single(
+            callbacks,
+            callback => callback.Kind == AutomationCallbackKind.ScalarFunction
+                && callback.Name == "Slugify");
+        Assert.Equal(DbExtensionRuntimeKind.HostCallback, slugify.Runtime);
+        Assert.Equal(DbType.Text, slugify.ReturnType);
+        Assert.True(slugify.IsDeterministic);
+        Assert.True(slugify.NullPropagating);
+        Assert.True(slugify.CanRunWithoutFrom);
+
+        DbHostCallbackDescriptor echo = Assert.Single(
+            callbacks,
+            callback => callback.Kind == AutomationCallbackKind.Command
+                && callback.Name == "EchoAutomationEvent");
+        Assert.Equal(DbExtensionRuntimeKind.HostCallback, echo.Runtime);
+        Assert.Contains(echo.Capabilities, capability => capability.Name == DbExtensionCapability.Commands);
+    }
+
+    [Fact]
+    public void GetCallbacks_WhenRegistriesAreMissing_ReturnsEmptyList()
+    {
+        using ServiceProvider provider = new ServiceCollection().BuildServiceProvider();
+        var catalog = new HostCallbackCatalogService(provider);
+
+        Assert.Empty(catalog.GetCallbacks());
+    }
+
+    [Fact]
+    public void GetCallbacks_IncludesRegisteredValidationRules()
+    {
+        DbValidationRuleRegistry validationRules = DbValidationRuleRegistry.Create(builder =>
+            builder.AddRule(
+                "CreditLimit",
+                new DbValidationRuleOptions(Description: "Checks customer credit limit."),
+                static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success())));
+
+        using ServiceProvider provider = new ServiceCollection()
+            .AddSingleton(validationRules)
+            .AddScoped<HostCallbackCatalogService>()
+            .BuildServiceProvider();
+
+        HostCallbackCatalogService catalog = provider.GetRequiredService<HostCallbackCatalogService>();
+
+        DbHostCallbackDescriptor callback = Assert.Single(catalog.GetCallbacks());
+
+        Assert.Equal(AutomationCallbackKind.ValidationRule, callback.Kind);
+        Assert.Equal("CreditLimit", callback.Name);
+        Assert.Contains(callback.Capabilities, capability =>
+            capability.Name == DbExtensionCapability.ValidationRules
+            && capability.Exports is not null
+            && capability.Exports.Contains("CreditLimit"));
+    }
+
+    [Fact]
+    public async Task GetEntriesAsync_ReturnsRegisteredAndReferencedCallbacks()
+    {
+        DbFunctionRegistry functions = DbFunctionRegistry.Create(builder =>
+            builder.AddScalar("Slugify", 1, (_, _) => DbValue.Null));
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+            builder.AddCommand("EchoAutomationEvent", _ => DbCommandResult.Success()));
+        DbValidationRuleRegistry validationRules = DbValidationRuleRegistry.Create(builder =>
+            builder.AddRule("CreditLimit", static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success())));
+
+        using ServiceProvider provider = new ServiceCollection()
+            .AddSingleton(functions)
+            .AddSingleton(commands)
+            .AddSingleton(validationRules)
+            .AddSingleton<IFormRepository>(new StubFormRepository(
+            [
+                CreateForm("orders-form", "Orders") with
+                {
+                    Automation = new DbAutomationMetadata(
+                        Commands:
+                        [
+                            new DbAutomationCommandReference("EchoAutomationEvent", "admin.forms", "form.events.OnLoad"),
+                            new DbAutomationCommandReference("MissingFormCommand", "admin.forms", "controls.submit.commandButton.click"),
+                        ],
+                        ScalarFunctions:
+                        [
+                            new DbAutomationScalarFunctionReference("Slugify", 1, "admin.forms", "controls.slug.formula"),
+                        ],
+                        ValidationRules:
+                        [
+                            new DbAutomationValidationRuleReference("CreditLimit", "admin.forms", "controls.credit.validationRules.CreditLimit"),
+                            new DbAutomationValidationRuleReference("MissingValidationRule", "admin.forms", "form.validationRules.MissingValidationRule"),
+                        ]),
+                },
+            ]))
+            .AddSingleton<IReportRepository>(new StubReportRepository(
+            [
+                CreateReport("orders-report", "Orders") with
+                {
+                    Automation = new DbAutomationMetadata(
+                        ScalarFunctions:
+                        [
+                            new DbAutomationScalarFunctionReference("MissingReportFunction", 2, "admin.reports", "bands.detail.controls.total.expression"),
+                        ]),
+                },
+            ]))
+            .AddScoped<HostCallbackCatalogService>()
+            .BuildServiceProvider();
+
+        HostCallbackCatalogService catalog = provider.GetRequiredService<HostCallbackCatalogService>();
+
+        IReadOnlyList<HostCallbackCatalogEntry> entries = await catalog.GetEntriesAsync();
+
+        HostCallbackCatalogEntry missingCommand = Assert.Single(entries, entry => entry.Name == "MissingFormCommand");
+        Assert.True(missingCommand.IsMissingRegistration);
+        Assert.Equal(AutomationCallbackKind.Command, missingCommand.Kind);
+        HostCallbackReference commandReference = Assert.Single(missingCommand.References);
+        Assert.Equal("Form", commandReference.OwnerKind);
+        Assert.Equal("orders-form", commandReference.OwnerId);
+        Assert.Equal("controls.submit.commandButton.click", commandReference.Location);
+
+        HostCallbackCatalogEntry missingFunction = Assert.Single(entries, entry => entry.Name == "MissingReportFunction");
+        Assert.True(missingFunction.IsMissingRegistration);
+        Assert.Equal(2, missingFunction.Arity);
+        HostCallbackReference functionReference = Assert.Single(missingFunction.References);
+        Assert.Equal("Report", functionReference.OwnerKind);
+        Assert.Equal("bands.detail.controls.total.expression", functionReference.Location);
+
+        HostCallbackCatalogEntry registeredFunction = Assert.Single(entries, entry => entry.Name == "Slugify");
+        Assert.True(registeredFunction.IsRegistered);
+        Assert.False(registeredFunction.IsMissingRegistration);
+        Assert.Single(registeredFunction.References);
+
+        HostCallbackCatalogEntry registeredCommand = Assert.Single(entries, entry => entry.Name == "EchoAutomationEvent");
+        Assert.True(registeredCommand.IsRegistered);
+        Assert.False(registeredCommand.IsMissingRegistration);
+        Assert.Single(registeredCommand.References);
+
+        HostCallbackCatalogEntry registeredValidationRule = Assert.Single(entries, entry => entry.Name == "CreditLimit");
+        Assert.Equal(AutomationCallbackKind.ValidationRule, registeredValidationRule.Kind);
+        Assert.True(registeredValidationRule.IsRegistered);
+        Assert.False(registeredValidationRule.IsMissingRegistration);
+        Assert.Equal("controls.credit.validationRules.CreditLimit", Assert.Single(registeredValidationRule.References).Location);
+
+        HostCallbackCatalogEntry missingValidationRule = Assert.Single(entries, entry => entry.Name == "MissingValidationRule");
+        Assert.Equal(AutomationCallbackKind.ValidationRule, missingValidationRule.Kind);
+        Assert.True(missingValidationRule.IsMissingRegistration);
+        Assert.Equal("form.validationRules.MissingValidationRule", Assert.Single(missingValidationRule.References).Location);
+    }
+
+    [Fact]
+    public async Task GetEntriesAsync_DeduplicatesRepeatedReferences()
+    {
+        using ServiceProvider provider = new ServiceCollection()
+            .AddSingleton(DbFunctionRegistry.Empty)
+            .AddSingleton(DbCommandRegistry.Empty)
+            .AddSingleton<IFormRepository>(new StubFormRepository(
+            [
+                CreateForm("orders-form", "Orders") with
+                {
+                    Automation = new DbAutomationMetadata(
+                        Commands:
+                        [
+                            new DbAutomationCommandReference("AuditOrder", "admin.forms", "form.events.OnLoad"),
+                            new DbAutomationCommandReference("AuditOrder", "admin.forms", "form.events.OnLoad"),
+                        ]),
+                },
+            ]))
+            .AddScoped<HostCallbackCatalogService>()
+            .BuildServiceProvider();
+
+        HostCallbackCatalogService catalog = provider.GetRequiredService<HostCallbackCatalogService>();
+
+        HostCallbackCatalogEntry entry = Assert.Single(await catalog.GetEntriesAsync());
+
+        Assert.Equal("AuditOrder", entry.Name);
+        Assert.True(entry.IsMissingRegistration);
+        Assert.Single(entry.References);
+    }
+
+    [Fact]
+    public async Task GetEntriesAsync_RebuildsFormAndReportReferencesWhenAutomationMetadataIsMissing()
+    {
+        FormDefinition form = CreateForm("orders-form", "Orders") with
+        {
+            Controls =
+            [
+                new ControlDefinition(
+                    "slug",
+                    "computed",
+                    new FormRect(0, 0, 120, 24),
+                    null,
+                    new FormPropertyBag(new Dictionary<string, object?>
+                    {
+                        ["formula"] = "Slugify(Name)",
+                    }),
+                    null),
+                new ControlDefinition(
+                    "send",
+                    "commandButton",
+                    new FormRect(0, 32, 120, 24),
+                    null,
+                    new FormPropertyBag(new Dictionary<string, object?>
+                    {
+                        ["commandName"] = "SendReceipt",
+                    }),
+                    null),
+            ],
+        };
+
+        ReportDefinition report = CreateReport("orders-report", "Orders") with
+        {
+            Bands =
+            [
+                new ReportBandDefinition(
+                    "detail",
+                    ReportBandKind.Detail,
+                    28,
+                    GroupId: null,
+                    Controls:
+                    [
+                        new ReportControlDefinition(
+                            "risk",
+                            ReportControlType.CalculatedText,
+                            "detail",
+                            new ReportRect(0, 0, 120, 20),
+                            null,
+                            "RiskScore(Total, Region)",
+                            null,
+                            ReportPropertyBag.Empty),
+                    ]),
+            ],
+        };
+
+        using ServiceProvider provider = new ServiceCollection()
+            .AddSingleton(DbFunctionRegistry.Empty)
+            .AddSingleton(DbCommandRegistry.Empty)
+            .AddSingleton<IFormRepository>(new StubFormRepository([form]))
+            .AddSingleton<IReportRepository>(new StubReportRepository([report]))
+            .AddScoped<HostCallbackCatalogService>()
+            .BuildServiceProvider();
+
+        HostCallbackCatalogService catalog = provider.GetRequiredService<HostCallbackCatalogService>();
+
+        IReadOnlyList<HostCallbackCatalogEntry> entries = await catalog.GetEntriesAsync();
+
+        HostCallbackCatalogEntry slugify = Assert.Single(entries, entry => entry.Name == "Slugify");
+        Assert.Equal(AutomationCallbackKind.ScalarFunction, slugify.Kind);
+        Assert.Equal("Form", Assert.Single(slugify.References).OwnerKind);
+
+        HostCallbackCatalogEntry sendReceipt = Assert.Single(entries, entry => entry.Name == "SendReceipt");
+        Assert.Equal(AutomationCallbackKind.Command, sendReceipt.Kind);
+        Assert.Equal("controls.send.commandButton.click", Assert.Single(sendReceipt.References).Location);
+
+        HostCallbackCatalogEntry riskScore = Assert.Single(entries, entry => entry.Name == "RiskScore");
+        Assert.Equal(2, riskScore.Arity);
+        Assert.Equal("Report", Assert.Single(riskScore.References).OwnerKind);
+    }
+
+    [Fact]
+    public async Task GetEntriesAsync_DiscoversSavedQueryProcedureAndTriggerScalarReferences()
+    {
+        using ServiceProvider provider = new ServiceCollection()
+            .AddSingleton(DbFunctionRegistry.Empty)
+            .AddSingleton(DbCommandRegistry.Empty)
+            .AddSingleton<ICSharpDbClient>(new StubDbClient(
+                savedQueries:
+                [
+                    new CSharpDB.Client.Models.SavedQueryDefinition
+                    {
+                        Id = 12,
+                        Name = "Customer Score Query",
+                        SqlText = """
+                            SELECT NormalizeName(Name), COUNT(*)
+                            FROM Customers
+                            WHERE Status IN ('Open', 'Ready')
+                              AND EXISTS (SELECT 1 FROM Regions WHERE Regions.Id = Customers.RegionId)
+                            GROUP BY NormalizeName(Name);
+                            """,
+                    },
+                ],
+                procedures:
+                [
+                    new CSharpDB.Client.Models.ProcedureDefinition
+                    {
+                        Name = "RefreshCustomerRisk",
+                        BodySql = """
+                            CREATE INDEX idx_ops_events_entity_date ON ops_events (entity_type, event_date);
+                            INSERT INTO ops_events (entity_type, entity_id, event_type)
+                            VALUES ('customer', @customerId, 'risk-refreshed');
+                            UPDATE Customers SET Risk = RiskScore(Total, Region);
+                            """,
+                    },
+                ],
+                triggers:
+                [
+                    new CSharpDB.Client.Models.TriggerSchema
+                    {
+                        TriggerName = "Customers_Audit",
+                        TableName = "Customers",
+                        Timing = CSharpDB.Client.Models.TriggerTiming.After,
+                        Event = CSharpDB.Client.Models.TriggerEvent.Update,
+                        BodySql = """
+                            INSERT INTO Audit(Value) VALUES(AuditScore(new.Risk));
+                            INSERT INTO ops_events (entity_type, entity_id, event_type)
+                            VALUES ('customer', new.Id, 'updated');
+                            """,
+                    },
+                ]))
+            .AddScoped<HostCallbackCatalogService>()
+            .BuildServiceProvider();
+
+        HostCallbackCatalogService catalog = provider.GetRequiredService<HostCallbackCatalogService>();
+
+        IReadOnlyList<HostCallbackCatalogEntry> entries = await catalog.GetEntriesAsync();
+
+        HostCallbackCatalogEntry normalizeName = Assert.Single(entries, entry => entry.Name == "NormalizeName");
+        Assert.Equal(1, normalizeName.Arity);
+        HostCallbackReference savedQueryReference = Assert.Single(normalizeName.References);
+        Assert.Equal("SavedQuery", savedQueryReference.OwnerKind);
+        Assert.Equal("12", savedQueryReference.OwnerId);
+        Assert.Equal("savedQueries", savedQueryReference.Surface);
+
+        HostCallbackCatalogEntry riskScore = Assert.Single(entries, entry => entry.Name == "RiskScore");
+        Assert.Equal(2, riskScore.Arity);
+        Assert.Equal("Procedure", Assert.Single(riskScore.References).OwnerKind);
+
+        HostCallbackCatalogEntry auditScore = Assert.Single(entries, entry => entry.Name == "AuditScore");
+        Assert.Equal(1, auditScore.Arity);
+        Assert.Equal("Trigger", Assert.Single(auditScore.References).OwnerKind);
+
+        Assert.DoesNotContain(entries, entry => entry.Name == "COUNT");
+        Assert.DoesNotContain(entries, entry => entry.Name == "EXISTS");
+        Assert.DoesNotContain(entries, entry => entry.Name == "IN");
+        Assert.DoesNotContain(entries, entry => entry.Name == "INTO");
+        Assert.DoesNotContain(entries, entry => entry.Name == "Audit");
+        Assert.DoesNotContain(entries, entry => entry.Name == "ops_events");
+        Assert.DoesNotContain(entries, entry => entry.Name == "VALUES");
+    }
+
+    private static FormDefinition CreateForm(string formId, string tableName)
+        => new(
+            formId,
+            $"{tableName} Form",
+            tableName,
+            1,
+            $"sig:{tableName}:v1",
+            new LayoutDefinition("absolute", 8, true, [new Breakpoint("md", 0, null)]),
+            []);
+
+    private static ReportDefinition CreateReport(string reportId, string sourceName)
+        => new(
+            reportId,
+            $"{sourceName} Report",
+            new ReportSourceReference(ReportSourceKind.Table, sourceName),
+            1,
+            $"sig:{sourceName}:v1",
+            ReportPageSettings.DefaultLetterPortrait,
+            [],
+            [],
+            [new ReportBandDefinition("detail", ReportBandKind.Detail, 28, null, [])]);
+
+    private sealed class StubFormRepository : IFormRepository
+    {
+        private readonly IReadOnlyList<FormDefinition> _forms;
+
+        public StubFormRepository(IReadOnlyList<FormDefinition> forms)
+        {
+            _forms = forms;
+        }
+
+        public Task<FormDefinition?> GetAsync(string formId) => throw new NotSupportedException();
+        public Task<FormDefinition> CreateAsync(FormDefinition form) => throw new NotSupportedException();
+        public Task<UpdateResult> TryUpdateAsync(string formId, int expectedVersion, FormDefinition updated) => throw new NotSupportedException();
+        public Task<IReadOnlyList<FormDefinition>> ListAsync(string? tableName = null) => Task.FromResult(_forms);
+        public Task<bool> DeleteAsync(string formId) => throw new NotSupportedException();
+    }
+
+    private sealed class StubReportRepository : IReportRepository
+    {
+        private readonly IReadOnlyList<ReportDefinition> _reports;
+
+        public StubReportRepository(IReadOnlyList<ReportDefinition> reports)
+        {
+            _reports = reports;
+        }
+
+        public Task<ReportDefinition?> GetAsync(string reportId) => throw new NotSupportedException();
+        public Task<ReportDefinition> CreateAsync(ReportDefinition report) => throw new NotSupportedException();
+        public Task<ReportUpdateResult> TryUpdateAsync(string reportId, int expectedVersion, ReportDefinition updated) => throw new NotSupportedException();
+        public Task<IReadOnlyList<ReportDefinition>> ListAsync(ReportSourceKind? sourceKind = null, string? sourceName = null) => Task.FromResult(_reports);
+        public Task<bool> DeleteAsync(string reportId) => throw new NotSupportedException();
+    }
+
+    private sealed class StubDbClient : ICSharpDbClient
+    {
+        private readonly IReadOnlyList<CSharpDB.Client.Models.SavedQueryDefinition> _savedQueries;
+        private readonly IReadOnlyList<CSharpDB.Client.Models.ProcedureDefinition> _procedures;
+        private readonly IReadOnlyList<CSharpDB.Client.Models.TriggerSchema> _triggers;
+        private readonly IReadOnlyList<string> _tableNames;
+
+        public StubDbClient(
+            IReadOnlyList<CSharpDB.Client.Models.SavedQueryDefinition>? savedQueries = null,
+            IReadOnlyList<CSharpDB.Client.Models.ProcedureDefinition>? procedures = null,
+            IReadOnlyList<CSharpDB.Client.Models.TriggerSchema>? triggers = null,
+            IReadOnlyList<string>? tableNames = null)
+        {
+            _savedQueries = savedQueries ?? [];
+            _procedures = procedures ?? [];
+            _triggers = triggers ?? [];
+            _tableNames = tableNames ?? [];
+        }
+
+        public string DataSource => "stub";
+
+        public ValueTask DisposeAsync() => ValueTask.CompletedTask;
+        public Task<CSharpDB.Client.Models.DatabaseInfo> GetInfoAsync(CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<IReadOnlyList<string>> GetTableNamesAsync(CancellationToken ct = default) => Task.FromResult(_tableNames);
+        public Task<CSharpDB.Client.Models.TableSchema?> GetTableSchemaAsync(string tableName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<int> GetRowCountAsync(string tableName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.TableBrowseResult> BrowseTableAsync(string tableName, int page = 1, int pageSize = 50, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<Dictionary<string, object?>?> GetRowByPkAsync(string tableName, string pkColumn, object pkValue, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<int> InsertRowAsync(string tableName, Dictionary<string, object?> values, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<int> UpdateRowAsync(string tableName, string pkColumn, object pkValue, Dictionary<string, object?> values, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<int> DeleteRowAsync(string tableName, string pkColumn, object pkValue, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task DropTableAsync(string tableName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task RenameTableAsync(string tableName, string newTableName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task AddColumnAsync(string tableName, string columnName, CSharpDB.Client.Models.DbType type, bool notNull, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task AddColumnAsync(string tableName, string columnName, CSharpDB.Client.Models.DbType type, bool notNull, string? collation, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task DropColumnAsync(string tableName, string columnName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task RenameColumnAsync(string tableName, string oldColumnName, string newColumnName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<IReadOnlyList<CSharpDB.Client.Models.IndexSchema>> GetIndexesAsync(CancellationToken ct = default) => throw new NotSupportedException();
+        public Task CreateIndexAsync(string indexName, string tableName, string columnName, bool isUnique, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task CreateIndexAsync(string indexName, string tableName, string columnName, bool isUnique, string? collation, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task UpdateIndexAsync(string existingIndexName, string newIndexName, string tableName, string columnName, bool isUnique, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task UpdateIndexAsync(string existingIndexName, string newIndexName, string tableName, string columnName, bool isUnique, string? collation, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task DropIndexAsync(string indexName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<IReadOnlyList<string>> GetViewNamesAsync(CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<IReadOnlyList<CSharpDB.Client.Models.ViewDefinition>> GetViewsAsync(CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.ViewDefinition?> GetViewAsync(string viewName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<string?> GetViewSqlAsync(string viewName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.ViewBrowseResult> BrowseViewAsync(string viewName, int page = 1, int pageSize = 50, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task CreateViewAsync(string viewName, string selectSql, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task UpdateViewAsync(string existingViewName, string newViewName, string selectSql, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task DropViewAsync(string viewName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<IReadOnlyList<CSharpDB.Client.Models.TriggerSchema>> GetTriggersAsync(CancellationToken ct = default) => Task.FromResult(_triggers);
+        public Task CreateTriggerAsync(string triggerName, string tableName, CSharpDB.Client.Models.TriggerTiming timing, CSharpDB.Client.Models.TriggerEvent triggerEvent, string bodySql, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task UpdateTriggerAsync(string existingTriggerName, string newTriggerName, string tableName, CSharpDB.Client.Models.TriggerTiming timing, CSharpDB.Client.Models.TriggerEvent triggerEvent, string bodySql, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task DropTriggerAsync(string triggerName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<IReadOnlyList<CSharpDB.Client.Models.SavedQueryDefinition>> GetSavedQueriesAsync(CancellationToken ct = default) => Task.FromResult(_savedQueries);
+        public Task<CSharpDB.Client.Models.SavedQueryDefinition?> GetSavedQueryAsync(string name, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.SavedQueryDefinition> UpsertSavedQueryAsync(string name, string sqlText, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task DeleteSavedQueryAsync(string name, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<IReadOnlyList<CSharpDB.Client.Models.ProcedureDefinition>> GetProceduresAsync(bool includeDisabled = true, CancellationToken ct = default) => Task.FromResult(_procedures);
+        public Task<CSharpDB.Client.Models.ProcedureDefinition?> GetProcedureAsync(string name, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task CreateProcedureAsync(CSharpDB.Client.Models.ProcedureDefinition definition, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task UpdateProcedureAsync(string existingName, CSharpDB.Client.Models.ProcedureDefinition definition, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task DeleteProcedureAsync(string name, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.ProcedureExecutionResult> ExecuteProcedureAsync(string name, IReadOnlyDictionary<string, object?> args, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.SqlExecutionResult> ExecuteSqlAsync(string sql, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.TransactionSessionInfo> BeginTransactionAsync(CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.SqlExecutionResult> ExecuteInTransactionAsync(string transactionId, string sql, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task CommitTransactionAsync(string transactionId, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task RollbackTransactionAsync(string transactionId, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<IReadOnlyList<string>> GetCollectionNamesAsync(CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<int> GetCollectionCountAsync(string collectionName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.CollectionBrowseResult> BrowseCollectionAsync(string collectionName, int page = 1, int pageSize = 50, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<JsonElement?> GetDocumentAsync(string collectionName, string key, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task PutDocumentAsync(string collectionName, string key, JsonElement document, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<bool> DeleteDocumentAsync(string collectionName, string key, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task DropCollectionAsync(string collectionName, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task CheckpointAsync(CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.BackupResult> BackupAsync(CSharpDB.Client.Models.BackupRequest request, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.RestoreResult> RestoreAsync(CSharpDB.Client.Models.RestoreRequest request, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.ForeignKeyMigrationResult> MigrateForeignKeysAsync(CSharpDB.Client.Models.ForeignKeyMigrationRequest request, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.DatabaseMaintenanceReport> GetMaintenanceReportAsync(CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.ReindexResult> ReindexAsync(CSharpDB.Client.Models.ReindexRequest request, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Client.Models.VacuumResult> VacuumAsync(CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Storage.Diagnostics.DatabaseInspectReport> InspectStorageAsync(string? databasePath = null, bool includePages = false, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Storage.Diagnostics.WalInspectReport> CheckWalAsync(string? databasePath = null, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Storage.Diagnostics.PageInspectReport> InspectPageAsync(uint pageId, bool includeHex = false, string? databasePath = null, CancellationToken ct = default) => throw new NotSupportedException();
+        public Task<CSharpDB.Storage.Diagnostics.IndexInspectReport> CheckIndexesAsync(string? databasePath = null, string? indexName = null, int? sampleSize = null, CancellationToken ct = default) => throw new NotSupportedException();
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Admin/HostCallbackPolicyServiceTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Admin/HostCallbackPolicyServiceTests.cs
new file mode 100644
index 00000000..363f0253
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Admin/HostCallbackPolicyServiceTests.cs
@@ -0,0 +1,83 @@
+using CSharpDB.Admin.Services;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Tests.Admin;
+
+public sealed class HostCallbackPolicyServiceTests
+{
+    [Fact]
+    public void Evaluate_DefaultPolicyAllowsAdminHostCallbacks()
+    {
+        var service = new HostCallbackPolicyService(AdminHostCallbacks.CreatePolicy());
+        DbHostCallbackDescriptor[] callbacks =
+        [
+            .. AdminHostCallbacks.CreateFunctionRegistry().Callbacks,
+            .. AdminHostCallbacks.CreateCommandRegistry().Callbacks,
+            .. CreateValidationRuleRegistry().Callbacks,
+        ];
+
+        Assert.NotEmpty(callbacks);
+        Assert.All(callbacks, callback =>
+        {
+            DbExtensionPolicyDecision decision = service.Evaluate(callback);
+
+            Assert.True(decision.Allowed, decision.DenialReason);
+            Assert.Null(decision.DenialReason);
+            Assert.All(decision.Capabilities, capability =>
+                Assert.Equal(DbExtensionCapabilityGrantStatus.Granted, capability.Status));
+        });
+    }
+
+    [Fact]
+    public void Evaluate_DefaultPolicyDeniesUnapprovedAdditionalCapabilities()
+    {
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+            builder.AddCommand(
+                "NotifyExternalSystem",
+                new DbCommandOptions(
+                    AdditionalCapabilities:
+                    [
+                        new DbExtensionCapabilityRequest(DbExtensionCapability.Network),
+                    ]),
+                static _ => DbCommandResult.Success()));
+        DbHostCallbackDescriptor callback = Assert.Single(commands.Callbacks);
+        var service = new HostCallbackPolicyService(AdminHostCallbacks.CreatePolicy());
+
+        DbExtensionPolicyDecision decision = service.Evaluate(callback);
+
+        Assert.False(decision.Allowed);
+        Assert.Equal("No grant exists for capability 'Network'.", decision.DenialReason);
+        Assert.Contains(decision.Capabilities, capability =>
+            capability.Name == DbExtensionCapability.Commands
+            && capability.Status == DbExtensionCapabilityGrantStatus.Granted);
+        Assert.Contains(decision.Capabilities, capability =>
+            capability.Name == DbExtensionCapability.Network
+            && capability.Status == DbExtensionCapabilityGrantStatus.Denied);
+    }
+
+    [Fact]
+    public void Evaluate_UsesCallbackTimeoutBeforeDefaultPolicyTimeout()
+    {
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+            builder.AddCommand(
+                "LongCommand",
+                new DbCommandOptions(Timeout: TimeSpan.FromSeconds(17)),
+                static _ => DbCommandResult.Success()));
+        DbHostCallbackDescriptor callback = Assert.Single(commands.Callbacks);
+        var service = new HostCallbackPolicyService(AdminHostCallbacks.CreatePolicy());
+
+        DbExtensionPolicyDecision decision = service.Evaluate(callback);
+
+        Assert.True(decision.Allowed);
+        Assert.Equal(TimeSpan.FromSeconds(17), decision.Timeout);
+    }
+
+    private static DbValidationRuleRegistry CreateValidationRuleRegistry()
+        => DbValidationRuleRegistry.Create(builder =>
+        {
+            builder.AddRule(
+                "AdminHostValidationRule",
+                new DbValidationRuleOptions(Description: "Test validation rule for Admin host policy."),
+                static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success()));
+        });
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Admin/HostCallbackReadinessServiceTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Admin/HostCallbackReadinessServiceTests.cs
new file mode 100644
index 00000000..6aba0c11
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Admin/HostCallbackReadinessServiceTests.cs
@@ -0,0 +1,234 @@
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Reports.Contracts;
+using CSharpDB.Admin.Reports.Models;
+using CSharpDB.Admin.Services;
+using CSharpDB.Primitives;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace CSharpDB.Admin.Forms.Tests.Admin;
+
+public sealed class HostCallbackReadinessServiceTests
+{
+    [Fact]
+    public async Task GetReadinessAsync_ReturnsMissingReferencedCallbacks()
+    {
+        using ServiceProvider provider = CreateProvider(
+            functions: DbFunctionRegistry.Empty,
+            commands: DbCommandRegistry.Empty,
+            forms:
+            [
+                CreateForm("orders-form", "Orders") with
+                {
+                    Automation = new DbAutomationMetadata(
+                        Commands:
+                        [
+                            new DbAutomationCommandReference("AuditOrder", "admin.forms", "form.events.OnLoad"),
+                        ]),
+                },
+            ],
+            reports:
+            [
+                CreateReport("orders-report", "Orders") with
+                {
+                    Automation = new DbAutomationMetadata(
+                        ScalarFunctions:
+                        [
+                            new DbAutomationScalarFunctionReference("FormatTotal", 1, "admin.reports", "bands.detail.controls.total.expression"),
+                        ]),
+                },
+            ]);
+
+        HostCallbackReadinessService readiness = provider.GetRequiredService<HostCallbackReadinessService>();
+
+        HostCallbackReadinessReport report = await readiness.GetReadinessAsync();
+
+        Assert.False(report.Ready);
+        Assert.Equal(0, report.RegisteredCount);
+        Assert.Equal(2, report.ReferencedCount);
+        Assert.Equal(2, report.MissingCount);
+        Assert.Contains(report.MissingEntries, entry => entry.Name == "AuditOrder" && entry.Kind == AutomationCallbackKind.Command);
+        Assert.Contains(report.MissingEntries, entry => entry.Name == "FormatTotal" && entry.Kind == AutomationCallbackKind.ScalarFunction);
+    }
+
+    [Fact]
+    public async Task GetReadinessAsync_IsReadyWhenReferencedCallbacksAreRegistered()
+    {
+        DbFunctionRegistry functions = DbFunctionRegistry.Create(builder =>
+            builder.AddScalar("FormatTotal", 1, (_, _) => DbValue.Null));
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+            builder.AddCommand("AuditOrder", _ => DbCommandResult.Success()));
+
+        using ServiceProvider provider = CreateProvider(
+            functions,
+            commands,
+            forms:
+            [
+                CreateForm("orders-form", "Orders") with
+                {
+                    Automation = new DbAutomationMetadata(
+                        Commands:
+                        [
+                            new DbAutomationCommandReference("AuditOrder", "admin.forms", "form.events.OnLoad"),
+                        ],
+                        ScalarFunctions:
+                        [
+                            new DbAutomationScalarFunctionReference("FormatTotal", 1, "admin.forms", "controls.total.formula"),
+                        ]),
+                },
+            ],
+            reports: []);
+
+        HostCallbackReadinessService readiness = provider.GetRequiredService<HostCallbackReadinessService>();
+
+        HostCallbackReadinessReport report = await readiness.GetReadinessAsync();
+
+        Assert.True(report.Ready);
+        Assert.Equal(2, report.RegisteredCount);
+        Assert.Equal(2, report.ReferencedCount);
+        Assert.Empty(report.MissingEntries);
+    }
+
+    [Fact]
+    public async Task GenerateMissingStubSourceAsync_ProducesCSharpForMissingReferencesOnly()
+    {
+        DbFunctionRegistry functions = DbFunctionRegistry.Create(builder =>
+            builder.AddScalar("RegisteredFunction", 1, (_, _) => DbValue.Null));
+
+        using ServiceProvider provider = CreateProvider(
+            functions,
+            DbCommandRegistry.Empty,
+            forms:
+            [
+                CreateForm("orders-form", "Orders") with
+                {
+                    Automation = new DbAutomationMetadata(
+                        Commands:
+                        [
+                            new DbAutomationCommandReference("AuditOrder", "admin.forms", "form.events.OnLoad"),
+                        ],
+                        ScalarFunctions:
+                        [
+                            new DbAutomationScalarFunctionReference("RegisteredFunction", 1, "admin.forms", "controls.slug.formula"),
+                            new DbAutomationScalarFunctionReference("MissingFunction", 2, "admin.forms", "controls.total.formula"),
+                        ],
+                        ValidationRules:
+                        [
+                            new DbAutomationValidationRuleReference("MissingValidationRule", "admin.forms", "form.validationRules.MissingValidationRule"),
+                        ]),
+                },
+            ],
+            reports: []);
+
+        HostCallbackReadinessService readiness = provider.GetRequiredService<HostCallbackReadinessService>();
+
+        string source = await readiness.GenerateMissingStubSourceAsync();
+
+        Assert.Contains("class MissingHostCallbackRegistration", source);
+        Assert.Contains("commands.AddAsyncCommand", source);
+        Assert.Contains("\"AuditOrder\"", source);
+        Assert.Contains("functions.AddScalar", source);
+        Assert.Contains("\"MissingFunction\"", source);
+        Assert.Contains("validationRules.AddRule", source);
+        Assert.Contains("\"MissingValidationRule\"", source);
+        Assert.Contains("Form Orders Form (orders-form): form.events.OnLoad", source);
+        Assert.DoesNotContain("\"RegisteredFunction\"", source);
+    }
+
+    [Fact]
+    public void GenerateStubSource_ProducesSourceForSelectedEntry()
+    {
+        var entry = new HostCallbackCatalogEntry(
+            AutomationCallbackKind.Command,
+            "Send_Invoice",
+            Arity: null,
+            Descriptor: null,
+            References:
+            [
+                new HostCallbackReference(
+                    AutomationCallbackKind.Command,
+                    "Send_Invoice",
+                    Arity: null,
+                    "admin.forms",
+                    "controls.send.commandButton.click",
+                    "Form",
+                    "invoice-form",
+                    "Invoice Form"),
+            ]);
+        var readiness = new HostCallbackReadinessService(new HostCallbackCatalogService(new ServiceCollection().BuildServiceProvider()));
+
+        string source = readiness.GenerateStubSource(entry);
+
+        Assert.Contains("class RegisterSendInvoiceCallback", source);
+        Assert.Contains("\"Send_Invoice\"", source);
+        Assert.Contains("Form Invoice Form (invoice-form): controls.send.commandButton.click", source);
+    }
+
+    private static ServiceProvider CreateProvider(
+        DbFunctionRegistry functions,
+        DbCommandRegistry commands,
+        IReadOnlyList<FormDefinition> forms,
+        IReadOnlyList<ReportDefinition> reports)
+        => new ServiceCollection()
+            .AddSingleton(functions)
+            .AddSingleton(commands)
+            .AddSingleton<IFormRepository>(new StubFormRepository(forms))
+            .AddSingleton<IReportRepository>(new StubReportRepository(reports))
+            .AddScoped<HostCallbackCatalogService>()
+            .AddScoped<HostCallbackReadinessService>()
+            .BuildServiceProvider();
+
+    private static FormDefinition CreateForm(string formId, string tableName)
+        => new(
+            formId,
+            $"{tableName} Form",
+            tableName,
+            1,
+            $"sig:{tableName}:v1",
+            new LayoutDefinition("absolute", 8, true, [new Breakpoint("md", 0, null)]),
+            []);
+
+    private static ReportDefinition CreateReport(string reportId, string sourceName)
+        => new(
+            reportId,
+            $"{sourceName} Report",
+            new ReportSourceReference(ReportSourceKind.Table, sourceName),
+            1,
+            $"sig:{sourceName}:v1",
+            ReportPageSettings.DefaultLetterPortrait,
+            [],
+            [],
+            [new ReportBandDefinition("detail", ReportBandKind.Detail, 28, null, [])]);
+
+    private sealed class StubFormRepository : IFormRepository
+    {
+        private readonly IReadOnlyList<FormDefinition> _forms;
+
+        public StubFormRepository(IReadOnlyList<FormDefinition> forms)
+        {
+            _forms = forms;
+        }
+
+        public Task<FormDefinition?> GetAsync(string formId) => throw new NotSupportedException();
+        public Task<FormDefinition> CreateAsync(FormDefinition form) => throw new NotSupportedException();
+        public Task<UpdateResult> TryUpdateAsync(string formId, int expectedVersion, FormDefinition updated) => throw new NotSupportedException();
+        public Task<IReadOnlyList<FormDefinition>> ListAsync(string? tableName = null) => Task.FromResult(_forms);
+        public Task<bool> DeleteAsync(string formId) => throw new NotSupportedException();
+    }
+
+    private sealed class StubReportRepository : IReportRepository
+    {
+        private readonly IReadOnlyList<ReportDefinition> _reports;
+
+        public StubReportRepository(IReadOnlyList<ReportDefinition> reports)
+        {
+            _reports = reports;
+        }
+
+        public Task<ReportDefinition?> GetAsync(string reportId) => throw new NotSupportedException();
+        public Task<ReportDefinition> CreateAsync(ReportDefinition report) => throw new NotSupportedException();
+        public Task<ReportUpdateResult> TryUpdateAsync(string reportId, int expectedVersion, ReportDefinition updated) => throw new NotSupportedException();
+        public Task<IReadOnlyList<ReportDefinition>> ListAsync(ReportSourceKind? sourceKind = null, string? sourceName = null) => Task.FromResult(_reports);
+        public Task<bool> DeleteAsync(string reportId) => throw new NotSupportedException();
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Admin/SampleFormControlsTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Admin/SampleFormControlsTests.cs
new file mode 100644
index 00000000..64b1ddff
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Admin/SampleFormControlsTests.cs
@@ -0,0 +1,29 @@
+using CSharpDB.Admin.Components.Samples.FormControls;
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace CSharpDB.Admin.Forms.Tests.Admin;
+
+public sealed class SampleFormControlsTests
+{
+    [Fact]
+    public void AddSampleFormControls_RegistersCompiledRatingControl()
+    {
+        var services = new ServiceCollection();
+        services.AddCSharpDbAdminForms();
+        services.AddSampleFormControls();
+
+        using ServiceProvider provider = services.BuildServiceProvider();
+        IFormControlRegistry registry = provider.GetRequiredService<IFormControlRegistry>();
+
+        Assert.True(registry.TryGetControl("sampleRating", out FormControlDescriptor descriptor));
+        Assert.Equal("Rating", descriptor.DisplayName);
+        Assert.Equal("Custom", descriptor.ToolboxGroup);
+        Assert.Equal(typeof(RatingDesignerPreview), descriptor.DesignerPreviewComponentType);
+        Assert.Equal(typeof(RatingRuntimeControl), descriptor.RuntimeComponentType);
+        Assert.Equal(typeof(RatingPropertyEditor), descriptor.PropertyEditorComponentType);
+        Assert.Equal(5, descriptor.CreateDefaultProps()["max"]);
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Admin/TabManagerServiceTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Admin/TabManagerServiceTests.cs
index acb400d7..b3e86962 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Admin/TabManagerServiceTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Admin/TabManagerServiceTests.cs
@@ -55,6 +55,98 @@ public void OpenFormEntryTab_DeduplicatesByFormId()
         Assert.Equal(TabKind.FormEntry, second.Kind);
     }
 
+    [Fact]
+    public void OpenCollectionTab_CreatesCollectionDataTab()
+    {
+        var manager = new TabManagerService();
+
+        TabDescriptor tab = manager.OpenCollectionTab("profiles");
+
+        Assert.Equal("collection:profiles", tab.Id);
+        Assert.Equal("profiles", tab.Title);
+        Assert.Equal("profiles", tab.ObjectName);
+        Assert.Equal(TabKind.CollectionData, tab.Kind);
+        Assert.Equal(tab, manager.ActiveTab);
+    }
+
+    [Fact]
+    public void OpenCollectionTab_DeduplicatesByCollectionName()
+    {
+        var manager = new TabManagerService();
+
+        TabDescriptor first = manager.OpenCollectionTab("profiles");
+        TabDescriptor second = manager.OpenCollectionTab("profiles");
+
+        Assert.Same(first, second);
+        Assert.Equal(2, manager.Tabs.Count);
+        Assert.Equal(second, manager.ActiveTab);
+    }
+
+    [Fact]
+    public void OpenCallbacksTab_CreatesHostCallbacksTab()
+    {
+        var manager = new TabManagerService();
+
+        TabDescriptor tab = manager.OpenCallbacksTab("normalize_name", "ScalarFunction", 1);
+
+        Assert.Equal("callbacks:host", tab.Id);
+        Assert.Equal("Callbacks", tab.Title);
+        Assert.Equal(TabKind.HostCallbacks, tab.Kind);
+        Assert.Equal("normalize_name", tab.State["SelectedCallbackName"]);
+        Assert.Equal("ScalarFunction", tab.State["SelectedCallbackKind"]);
+        Assert.Equal(1, tab.State["SelectedCallbackArity"]);
+        Assert.Equal(tab, manager.ActiveTab);
+    }
+
+    [Fact]
+    public void OpenCallbacksTab_DeduplicatesAndUpdatesSelection()
+    {
+        var manager = new TabManagerService();
+
+        TabDescriptor first = manager.OpenCallbacksTab("normalize_name", "ScalarFunction", 1);
+        TabDescriptor second = manager.OpenCallbacksTab("refresh_cache", "Command");
+
+        Assert.Same(first, second);
+        Assert.Equal(2, manager.Tabs.Count);
+        Assert.Equal("refresh_cache", second.State["SelectedCallbackName"]);
+        Assert.Equal("Command", second.State["SelectedCallbackKind"]);
+        Assert.Equal(second, manager.ActiveTab);
+    }
+
+    [Fact]
+    public void CloseTabsForObject_ClosesCollectionTab()
+    {
+        var manager = new TabManagerService();
+        manager.OpenCollectionTab("profiles");
+        manager.OpenTableTab("customers");
+
+        manager.CloseTabsForObject("profiles");
+
+        Assert.Equal(["welcome", "table:customers"], manager.Tabs.Select(tab => tab.Id).ToArray());
+        Assert.Equal("table:customers", manager.ActiveTab!.Id);
+    }
+
+    [Fact]
+    public void OpenFormEntryTab_UpdatesInitialStateWhenExistingTabIsReopened()
+    {
+        var manager = new TabManagerService();
+
+        TabDescriptor first = manager.OpenFormEntryTab("form-1", "Customer Form", initialRecordId: 10L);
+        TabDescriptor second = manager.OpenFormEntryTab(
+            "form-1",
+            "Customer Form",
+            initialRecordId: 42L,
+            initialMode: "view",
+            initialFilterExpression: "[Status] = @status",
+            initialFilterParameters: new Dictionary<string, object?> { ["status"] = "Open" });
+
+        Assert.Same(first, second);
+        Assert.Equal(42L, second.InitialRecordId);
+        Assert.Equal("view", second.InitialFormEntryMode);
+        Assert.Equal("[Status] = @status", second.InitialFilterExpression);
+        Assert.Equal("Open", second.InitialFilterParameters!["status"]);
+    }
+
     [Fact]
     public void CloseTabsForForm_ClosesDesignerAndEntryTabs()
     {
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/ChildDataGridTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/ChildDataGridTests.cs
index e2b17b0c..c5320acc 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/ChildDataGridTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/ChildDataGridTests.cs
@@ -35,13 +35,122 @@ public async Task OnParametersSetAsync_ReloadsWhenChildTableChangesForSameParent
         Assert.Equal([201L], ReadRows(component).Select(row => (long)row["PaymentId"]!).ToArray());
     }
 
+    [Fact]
+    public async Task OnParametersSetAsync_StandaloneGridLoadsFirstPage()
+    {
+        var service = new TableSpecificRecordService();
+        var component = new ChildDataGrid();
+        SetProperty(component, "RecordService", service);
+
+        SetProperty(component, nameof(ChildDataGrid.ChildTableName), "Orders");
+        SetProperty(component, nameof(ChildDataGrid.ForeignKeyField), "");
+        SetProperty(component, nameof(ChildDataGrid.ParentKeyValue), null);
+        SetProperty(component, nameof(ChildDataGrid.IsStandalone), true);
+        SetProperty(component, nameof(ChildDataGrid.ChildFormTableDefinition), CreateTableDefinition("Orders", "OrderId", "CustomerId"));
+
+        await InvokeNonPublicAsync(component, "OnParametersSetAsync");
+
+        Assert.Empty(service.RequestedTables);
+        Assert.Empty(service.RequestedAllTables);
+        Assert.Equal([("Orders", 1, 25)], service.RequestedPages);
+        Assert.Equal(30, ReadIntField(component, "_totalCount"));
+        Assert.Equal(1, ReadIntField(component, "_pageNumber"));
+        Assert.Equal(Enumerable.Range(101, 25).Select(i => (long)i).ToArray(), ReadRows(component).Select(row => (long)row["OrderId"]!).ToArray());
+    }
+
+    [Fact]
+    public async Task GoToPageAsync_StandaloneGridLoadsRequestedPage()
+    {
+        var service = new TableSpecificRecordService();
+        var component = new ChildDataGrid();
+        SetProperty(component, "RecordService", service);
+
+        SetProperty(component, nameof(ChildDataGrid.ChildTableName), "Orders");
+        SetProperty(component, nameof(ChildDataGrid.ForeignKeyField), "");
+        SetProperty(component, nameof(ChildDataGrid.ParentKeyValue), null);
+        SetProperty(component, nameof(ChildDataGrid.IsStandalone), true);
+        SetProperty(component, nameof(ChildDataGrid.ChildFormTableDefinition), CreateTableDefinition("Orders", "OrderId", "CustomerId"));
+
+        await InvokeNonPublicAsync(component, "OnParametersSetAsync");
+        await InvokeNonPublicAsync(component, "GoToPageAsync", 2);
+
+        Assert.Equal([("Orders", 1, 25), ("Orders", 2, 25)], service.RequestedPages);
+        Assert.Equal(2, ReadIntField(component, "_pageNumber"));
+        Assert.Equal(Enumerable.Range(126, 5).Select(i => (long)i).ToArray(), ReadRows(component).Select(row => (long)row["OrderId"]!).ToArray());
+    }
+
+    [Fact]
+    public async Task OnParametersSetAsync_StandaloneGridAppliesFilterExpression()
+    {
+        var service = new TableSpecificRecordService();
+        var component = new ChildDataGrid();
+        SetProperty(component, "RecordService", service);
+
+        SetProperty(component, nameof(ChildDataGrid.ChildTableName), "Orders");
+        SetProperty(component, nameof(ChildDataGrid.ForeignKeyField), "");
+        SetProperty(component, nameof(ChildDataGrid.ParentKeyValue), null);
+        SetProperty(component, nameof(ChildDataGrid.IsStandalone), true);
+        SetProperty(component, nameof(ChildDataGrid.ChildFormTableDefinition), CreateTableDefinition("Orders", "OrderId", "CustomerId"));
+        SetProperty(component, nameof(ChildDataGrid.FilterExpression), "[CustomerId] = @customerId");
+        SetProperty(
+            component,
+            nameof(ChildDataGrid.FilterParameters),
+            new Dictionary<string, object?> { ["customerId"] = 7L });
+
+        await InvokeNonPublicAsync(component, "OnParametersSetAsync");
+
+        Assert.Empty(service.RequestedPages);
+        Assert.Equal(["Orders"], service.RequestedAllTables);
+        Assert.Equal(15, ReadIntField(component, "_totalCount"));
+        Assert.Equal(Enumerable.Range(101, 30).Where(id => id % 2 != 0).Select(id => (long)id).ToArray(),
+            ReadRows(component).Select(row => (long)row["OrderId"]!).ToArray());
+    }
+
+    [Fact]
+    public async Task AddRow_StandaloneGridDoesNotSeedForeignKey()
+    {
+        var service = new TableSpecificRecordService();
+        var component = new ChildDataGrid();
+        SetProperty(component, "RecordService", service);
+
+        SetProperty(component, nameof(ChildDataGrid.ChildTableName), "Orders");
+        SetProperty(component, nameof(ChildDataGrid.ForeignKeyField), "");
+        SetProperty(component, nameof(ChildDataGrid.ParentKeyValue), null);
+        SetProperty(component, nameof(ChildDataGrid.IsStandalone), true);
+        SetProperty(component, nameof(ChildDataGrid.ChildFormTableDefinition), CreateTableDefinition("Orders", "OrderId", "CustomerId"));
+
+        await InvokeNonPublicAsync(component, "AddRow");
+
+        Dictionary<string, object?> createdValues = Assert.Single(service.CreatedValues);
+        Assert.Empty(createdValues);
+    }
+
+    [Fact]
+    public async Task AddRow_RelatedGridSeedsForeignKey()
+    {
+        var service = new TableSpecificRecordService();
+        var component = new ChildDataGrid();
+        SetProperty(component, "RecordService", service);
+
+        SetProperty(component, nameof(ChildDataGrid.ChildTableName), "Orders");
+        SetProperty(component, nameof(ChildDataGrid.ForeignKeyField), "CustomerId");
+        SetProperty(component, nameof(ChildDataGrid.ParentKeyValue), 7L);
+        SetProperty(component, nameof(ChildDataGrid.ChildFormTableDefinition), CreateTableDefinition("Orders", "OrderId", "CustomerId"));
+
+        await InvokeNonPublicAsync(component, "AddRow");
+
+        Dictionary<string, object?> createdValues = Assert.Single(service.CreatedValues);
+        Assert.Equal(7L, createdValues["CustomerId"]);
+    }
+
     private static FormTableDefinition CreateTableDefinition(string tableName, string primaryKeyField, string foreignKeyField)
         => new(
             tableName,
             $"sig:{tableName}",
             [
                 new FormFieldDefinition(primaryKeyField, FieldDataType.Int64, false, false),
-                new FormFieldDefinition(foreignKeyField, FieldDataType.Int64, false, false)
+                new FormFieldDefinition(foreignKeyField, FieldDataType.Int64, false, false),
+                new FormFieldDefinition("Status", FieldDataType.String, false, false)
             ],
             [primaryKeyField],
             []);
@@ -49,6 +158,9 @@ private static FormTableDefinition CreateTableDefinition(string tableName, strin
     private static List<Dictionary<string, object?>> ReadRows(ChildDataGrid component)
         => GetField<List<Dictionary<string, object?>>>(component, "_rows");
 
+    private static int ReadIntField(ChildDataGrid component, string fieldName)
+        => GetField<int>(component, fieldName);
+
     private static T GetField<T>(object instance, string fieldName)
     {
         FieldInfo field = instance.GetType().GetField(fieldName, BindingFlags.Instance | BindingFlags.NonPublic)
@@ -63,11 +175,11 @@ private static void SetProperty(object instance, string propertyName, object? va
         property.SetValue(instance, value);
     }
 
-    private static async Task InvokeNonPublicAsync(object instance, string methodName)
+    private static async Task InvokeNonPublicAsync(object instance, string methodName, params object?[] args)
     {
         MethodInfo method = instance.GetType().GetMethod(methodName, BindingFlags.Instance | BindingFlags.NonPublic)
             ?? throw new InvalidOperationException($"Method '{methodName}' was not found.");
-        var task = (Task?)method.Invoke(instance, null)
+        var task = (Task?)method.Invoke(instance, args)
             ?? throw new InvalidOperationException($"Method '{methodName}' did not return a task.");
         await task;
     }
@@ -75,6 +187,9 @@ private static async Task InvokeNonPublicAsync(object instance, string methodNam
     private sealed class TableSpecificRecordService : IFormRecordService
     {
         public List<string> RequestedTables { get; } = [];
+        public List<string> RequestedAllTables { get; } = [];
+        public List<(string TableName, int PageNumber, int PageSize)> RequestedPages { get; } = [];
+        public List<Dictionary<string, object?>> CreatedValues { get; } = [];
 
         public string GetPrimaryKeyColumn(FormTableDefinition table) => table.PrimaryKey[0];
 
@@ -88,13 +203,30 @@ private sealed class TableSpecificRecordService : IFormRecordService
             => Task.FromResult<Dictionary<string, object?>?>(null);
 
         public Task<FormRecordPage> ListRecordPageAsync(FormTableDefinition table, int pageNumber, int pageSize, CancellationToken ct = default)
-            => throw new NotSupportedException();
+        {
+            RequestedPages.Add((table.TableName, pageNumber, pageSize));
+
+            List<Dictionary<string, object?>> allRows = GetAllRows(table.TableName);
+            int totalCount = allRows.Count;
+            int totalPages = totalCount == 0 ? 1 : (int)Math.Ceiling(totalCount / (double)pageSize);
+            int effectivePage = Math.Min(Math.Max(1, pageNumber), totalPages);
+            List<Dictionary<string, object?>> pageRows = allRows
+                .Skip((effectivePage - 1) * pageSize)
+                .Take(pageSize)
+                .ToList();
+
+            return Task.FromResult(new FormRecordPage(effectivePage, pageSize, totalCount, pageRows));
+        }
 
         public Task<FormRecordPage> SearchRecordPageAsync(FormTableDefinition table, string searchField, string searchValue, int pageNumber, int pageSize, CancellationToken ct = default)
             => throw new NotSupportedException();
 
         public Task<List<Dictionary<string, object?>>> ListRecordsAsync(FormTableDefinition table, CancellationToken ct = default)
-            => throw new NotSupportedException();
+        {
+            RequestedAllTables.Add(table.TableName);
+
+            return Task.FromResult(GetAllRows(table.TableName));
+        }
 
         public Task<int?> GetRecordOrdinalAsync(FormTableDefinition table, object pkValue, CancellationToken ct = default)
             => throw new NotSupportedException();
@@ -113,7 +245,8 @@ public Task<FormRecordPage> SearchRecordPageAsync(FormTableDefinition table, str
                     new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
                     {
                         ["OrderId"] = 101L,
-                        [filterField] = filterValue
+                        [filterField] = filterValue,
+                        ["Status"] = "Open"
                     }
                 ],
                 "Payments" =>
@@ -121,7 +254,8 @@ public Task<FormRecordPage> SearchRecordPageAsync(FormTableDefinition table, str
                     new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
                     {
                         ["PaymentId"] = 201L,
-                        [filterField] = filterValue
+                        [filterField] = filterValue,
+                        ["Status"] = "Open"
                     }
                 ],
                 _ => []
@@ -131,12 +265,36 @@ public Task<FormRecordPage> SearchRecordPageAsync(FormTableDefinition table, str
         }
 
         public Task<Dictionary<string, object?>> CreateRecordAsync(FormTableDefinition table, Dictionary<string, object?> values, CancellationToken ct = default)
-            => throw new NotSupportedException();
+        {
+            CreatedValues.Add(new Dictionary<string, object?>(values, StringComparer.OrdinalIgnoreCase));
+            var created = new Dictionary<string, object?>(values, StringComparer.OrdinalIgnoreCase)
+            {
+                [table.PrimaryKey[0]] = 301L
+            };
+            return Task.FromResult(created);
+        }
 
         public Task<Dictionary<string, object?>> UpdateRecordAsync(FormTableDefinition table, object pkValue, Dictionary<string, object?> values, CancellationToken ct = default)
             => throw new NotSupportedException();
 
+        public Task SaveAttachmentAsync(FormAttachmentTableBinding binding, object parentValue, FormAttachmentValue attachment, CancellationToken ct = default)
+            => throw new NotSupportedException();
+
         public Task DeleteRecordAsync(FormTableDefinition table, object pkValue, CancellationToken ct = default)
             => throw new NotSupportedException();
+
+        private static List<Dictionary<string, object?>> GetAllRows(string tableName)
+            => tableName switch
+            {
+                "Orders" => Enumerable.Range(101, 30)
+                    .Select(id => new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+                    {
+                        ["OrderId"] = (long)id,
+                        ["CustomerId"] = id % 2 == 0 ? 9L : 7L,
+                        ["Status"] = id % 3 == 0 ? "Closed" : "Open"
+                    })
+                    .ToList(),
+                _ => []
+            };
     }
 }
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/DesignerStateTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/DesignerStateTests.cs
new file mode 100644
index 00000000..74cfd85c
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/DesignerStateTests.cs
@@ -0,0 +1,423 @@
+using CSharpDB.Admin.Forms.Components.Designer;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Tests.Components.Designer;
+
+public sealed class DesignerStateTests
+{
+    [Fact]
+    public void ToFormDefinition_PreservesEventBindings()
+    {
+        var state = new DesignerState();
+        var form = CreateForm() with
+        {
+            EventBindings =
+            [
+                new FormEventBinding(
+                    FormEventKind.AfterUpdate,
+                    "AuditChange",
+                    new Dictionary<string, object?> { ["reason"] = "manual" }),
+            ],
+        };
+
+        state.LoadForm(form);
+
+        FormDefinition saved = state.ToFormDefinition();
+
+        Assert.NotNull(saved.EventBindings);
+        FormEventBinding binding = Assert.Single(saved.EventBindings);
+        Assert.Equal(FormEventKind.AfterUpdate, binding.Event);
+        Assert.Equal("AuditChange", binding.CommandName);
+        Assert.Equal("manual", binding.Arguments!["reason"]);
+    }
+
+    [Fact]
+    public void ToFormDefinition_PreservesFormActionSequences()
+    {
+        var state = new DesignerState();
+        var form = CreateForm() with
+        {
+            EventBindings =
+            [
+                new FormEventBinding(
+                    FormEventKind.BeforeInsert,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.SetFieldValue, Target: "Status", Value: "Ready"),
+                        new DbActionStep(DbActionKind.RunCommand, CommandName: "AuditChange"),
+                    ],
+                    Name: "PrepareRecord")),
+            ],
+        };
+
+        state.LoadForm(form);
+
+        FormDefinition saved = state.ToFormDefinition();
+
+        FormEventBinding binding = Assert.Single(saved.EventBindings!);
+        Assert.NotNull(binding.ActionSequence);
+        Assert.Equal("PrepareRecord", binding.ActionSequence!.Name);
+        Assert.Equal(DbActionKind.SetFieldValue, binding.ActionSequence.Steps[0].Kind);
+        Assert.Equal("Status", binding.ActionSequence.Steps[0].Target);
+        Assert.Equal("Ready", binding.ActionSequence.Steps[0].Value);
+        Assert.Equal(DbActionKind.RunCommand, binding.ActionSequence.Steps[1].Kind);
+        Assert.Equal("AuditChange", binding.ActionSequence.Steps[1].CommandName);
+    }
+
+    [Fact]
+    public void ToFormDefinition_PreservesReusableActionSequences()
+    {
+        var state = new DesignerState();
+        var form = CreateForm() with
+        {
+            EventBindings =
+            [
+                new FormEventBinding(
+                    FormEventKind.BeforeInsert,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.RunActionSequence, SequenceName: "PrepareRecord"),
+                    ])),
+            ],
+            ActionSequences =
+            [
+                new DbActionSequence(
+                [
+                    new DbActionStep(DbActionKind.SetFieldValue, Target: "Status", Value: "Ready"),
+                    new DbActionStep(DbActionKind.RunCommand, CommandName: "AuditPrepared"),
+                ],
+                Name: "PrepareRecord"),
+            ],
+        };
+
+        state.LoadForm(form);
+
+        FormDefinition saved = state.ToFormDefinition();
+
+        DbActionSequence reusable = Assert.Single(saved.ActionSequences!);
+        Assert.Equal("PrepareRecord", reusable.Name);
+        Assert.Equal(DbActionKind.SetFieldValue, reusable.Steps[0].Kind);
+        Assert.Equal("Status", reusable.Steps[0].Target);
+        Assert.Equal("Ready", reusable.Steps[0].Value);
+        Assert.Equal(DbActionKind.RunCommand, reusable.Steps[1].Kind);
+        Assert.Equal("AuditPrepared", reusable.Steps[1].CommandName);
+
+        FormEventBinding binding = Assert.Single(saved.EventBindings!);
+        Assert.Equal(DbActionKind.RunActionSequence, binding.ActionSequence!.Steps[0].Kind);
+        Assert.Equal("PrepareRecord", binding.ActionSequence.Steps[0].SequenceName);
+    }
+
+    [Fact]
+    public void UpdateActionSequences_ReplacesReusableActionSequences()
+    {
+        var state = new DesignerState();
+        state.LoadForm(CreateForm());
+
+        state.UpdateActionSequences(
+        [
+            new DbActionSequence(
+            [
+                new DbActionStep(DbActionKind.ShowMessage, Message: "Ready."),
+            ],
+            Name: "NotifyReady"),
+        ]);
+
+        FormDefinition saved = state.ToFormDefinition();
+
+        DbActionSequence sequence = Assert.Single(saved.ActionSequences!);
+        Assert.Equal("NotifyReady", sequence.Name);
+        DbActionStep step = Assert.Single(sequence.Steps);
+        Assert.Equal(DbActionKind.ShowMessage, step.Kind);
+        Assert.Equal("Ready.", step.Message);
+    }
+
+    [Fact]
+    public void ToFormDefinition_PreservesControlRules()
+    {
+        var state = new DesignerState();
+        var form = CreateForm() with
+        {
+            Rules =
+            [
+                new ControlRuleDefinition(
+                    "closed-state",
+                    "[Status] = 'Closed'",
+                    [new ControlRuleEffect("status", "visible", false)]),
+            ],
+        };
+
+        state.LoadForm(form);
+
+        FormDefinition saved = state.ToFormDefinition();
+
+        ControlRuleDefinition rule = Assert.Single(saved.Rules!);
+        Assert.Equal("closed-state", rule.RuleId);
+        Assert.Equal("[Status] = 'Closed'", rule.Condition);
+        ControlRuleEffect effect = Assert.Single(rule.Effects);
+        Assert.Equal("status", effect.ControlId);
+        Assert.Equal("visible", effect.Property);
+        Assert.False(Assert.IsType<bool>(effect.Value));
+    }
+
+    [Fact]
+    public void UpdateRules_ReplacesControlRules()
+    {
+        var state = new DesignerState();
+        state.LoadForm(CreateForm());
+
+        state.UpdateRules(
+        [
+            new ControlRuleDefinition(
+                "readonly-closed",
+                "[Status] = 'Closed'",
+                [new ControlRuleEffect("status", "readOnly", true)]),
+        ]);
+
+        FormDefinition saved = state.ToFormDefinition();
+
+        ControlRuleDefinition rule = Assert.Single(saved.Rules!);
+        Assert.Equal("readonly-closed", rule.RuleId);
+        Assert.Equal("readOnly", Assert.Single(rule.Effects).Property);
+    }
+
+    [Fact]
+    public void SetLayoutMode_UpdatesSavedLayout()
+    {
+        var state = new DesignerState();
+        state.LoadForm(CreateForm());
+
+        state.SetLayoutMode("elastic");
+
+        FormDefinition saved = state.ToFormDefinition();
+        Assert.Equal("elastic", saved.Layout.LayoutMode);
+    }
+
+    [Fact]
+    public void SetFormName_TrimsAndPersistsName()
+    {
+        var state = new DesignerState();
+        state.LoadForm(CreateForm());
+
+        state.SetFormName("  Customer Entry  ");
+
+        FormDefinition saved = state.ToFormDefinition();
+        Assert.Equal("Customer Entry", saved.Name);
+    }
+
+    [Fact]
+    public void SetFormName_BlankNameFallsBackToUntitled()
+    {
+        var state = new DesignerState();
+        state.LoadForm(CreateForm());
+
+        state.SetFormName("   ");
+
+        FormDefinition saved = state.ToFormDefinition();
+        Assert.Equal("Untitled Form", saved.Name);
+    }
+
+    [Fact]
+    public void UpdateEventBindings_ReplacesFormLevelBindings()
+    {
+        var state = new DesignerState();
+        state.LoadForm(CreateForm());
+
+        state.UpdateEventBindings(
+        [
+            new FormEventBinding(FormEventKind.BeforeDelete, "ConfirmDelete", StopOnFailure: false),
+        ]);
+
+        FormDefinition saved = state.ToFormDefinition();
+
+        FormEventBinding binding = Assert.Single(saved.EventBindings!);
+        Assert.Equal(FormEventKind.BeforeDelete, binding.Event);
+        Assert.Equal("ConfirmDelete", binding.CommandName);
+        Assert.False(binding.StopOnFailure);
+    }
+
+    [Fact]
+    public void UpdateControlEventBindings_ReplacesSelectedControlBindings()
+    {
+        var state = new DesignerState();
+        ControlDefinition textControl = new(
+            "name",
+            "text",
+            new Rect(0, 0, 120, 24),
+            new BindingDefinition("Name", "TwoWay"),
+            PropertyBag.Empty,
+            null);
+        state.LoadForm(CreateForm() with { Controls = [textControl] });
+
+        state.UpdateControlEventBindings(
+            "name",
+            [
+                new ControlEventBinding(
+                    ControlEventKind.OnChange,
+                    "NormalizeName",
+                    new Dictionary<string, object?> { ["source"] = "designer" },
+                    StopOnFailure: false),
+            ]);
+
+        FormDefinition saved = state.ToFormDefinition();
+
+        ControlEventBinding binding = Assert.Single(saved.Controls[0].EventBindings!);
+        Assert.Equal(ControlEventKind.OnChange, binding.Event);
+        Assert.Equal("NormalizeName", binding.CommandName);
+        Assert.Equal("designer", binding.Arguments!["source"]);
+        Assert.False(binding.StopOnFailure);
+    }
+
+    [Fact]
+    public void UpdateControlEventBindings_ReplacesActionSequences()
+    {
+        var state = new DesignerState();
+        ControlDefinition button = new(
+            "ship",
+            "commandButton",
+            new Rect(0, 0, 120, 32),
+            null,
+            PropertyBag.Empty,
+            null);
+        state.LoadForm(CreateForm() with { Controls = [button] });
+
+        state.UpdateControlEventBindings(
+            "ship",
+            [
+                new ControlEventBinding(
+                    ControlEventKind.OnClick,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.ShowMessage, Message: "Queued."),
+                    ],
+                    Name: "NotifyClick")),
+            ]);
+
+        FormDefinition saved = state.ToFormDefinition();
+
+        ControlEventBinding binding = Assert.Single(saved.Controls[0].EventBindings!);
+        Assert.NotNull(binding.ActionSequence);
+        Assert.Equal("NotifyClick", binding.ActionSequence!.Name);
+        DbActionStep step = Assert.Single(binding.ActionSequence.Steps);
+        Assert.Equal(DbActionKind.ShowMessage, step.Kind);
+        Assert.Equal("Queued.", step.Message);
+    }
+
+    [Fact]
+    public void UpdateControlProps_UpdatesMultiplePropertiesWithOneUndoSnapshot()
+    {
+        var state = new DesignerState();
+        ControlDefinition text = new(
+            "status",
+            "text",
+            new Rect(0, 0, 160, 32),
+            new BindingDefinition("Status", "TwoWay"),
+            PropertyBag.Empty,
+            null);
+        state.LoadForm(CreateForm() with { Controls = [text] });
+
+        state.UpdateControlProps(
+            "status",
+            new Dictionary<string, object?>
+            {
+                ["anchorLeft"] = true,
+                ["anchorRight"] = true,
+                ["minWidth"] = 120L,
+            });
+
+        ControlDefinition updated = Assert.Single(state.ToFormDefinition().Controls);
+        Assert.Equal(true, updated.Props.Values["anchorLeft"]);
+        Assert.Equal(true, updated.Props.Values["anchorRight"]);
+        Assert.Equal(120L, updated.Props.Values["minWidth"]);
+
+        state.Undo();
+
+        ControlDefinition reverted = Assert.Single(state.ToFormDefinition().Controls);
+        Assert.Empty(reverted.Props.Values);
+    }
+
+    [Fact]
+    public void DeleteSelected_RemovesTabChildren()
+    {
+        var state = new DesignerState();
+        state.LoadForm(CreateForm() with
+        {
+            Controls =
+            [
+                CreateTabControl("tabs"),
+                CreateTabChild("child", "tabs", "main"),
+            ],
+        });
+
+        state.SelectControl("tabs", addToSelection: false);
+        state.DeleteSelected();
+
+        Assert.Empty(state.ToFormDefinition().Controls);
+    }
+
+    [Fact]
+    public void CopyPaste_RemapsCopiedTabChildrenToCopiedParent()
+    {
+        var state = new DesignerState();
+        state.LoadForm(CreateForm() with
+        {
+            Controls =
+            [
+                CreateTabControl("tabs"),
+                CreateTabChild("child", "tabs", "main"),
+            ],
+        });
+
+        state.SelectControl("tabs", addToSelection: false);
+        state.CopySelected();
+        state.PasteClipboard();
+
+        FormDefinition saved = state.ToFormDefinition();
+        Assert.Equal(4, saved.Controls.Count);
+        ControlDefinition pastedParent = Assert.Single(saved.Controls, control => control.ControlType == "tabControl" && control.ControlId != "tabs");
+        ControlDefinition pastedChild = Assert.Single(saved.Controls, control => control.ControlId is not "child" && control.ControlType == "text");
+        Assert.Equal(pastedParent.ControlId, pastedChild.Props.Values["parentControlId"]);
+        Assert.Equal("main", pastedChild.Props.Values["parentTabId"]);
+    }
+
+    private static FormDefinition CreateForm()
+        => new(
+            "customers-form",
+            "Customers",
+            "Customers",
+            1,
+            "sig:customers",
+            new LayoutDefinition("absolute", 8, true, [new Breakpoint("md", 0, null)]),
+            []);
+
+    private static ControlDefinition CreateTabControl(string controlId)
+        => new(
+            controlId,
+            "tabControl",
+            new Rect(0, 0, 400, 240),
+            null,
+            new PropertyBag(new Dictionary<string, object?>
+            {
+                ["tabs"] = new object?[]
+                {
+                    new Dictionary<string, object?> { ["id"] = "main", ["label"] = "Main" },
+                },
+            }),
+            null);
+
+    private static ControlDefinition CreateTabChild(string controlId, string parentControlId, string parentTabId)
+        => new(
+            controlId,
+            "text",
+            new Rect(16, 48, 160, 32),
+            new BindingDefinition("Name", "TwoWay"),
+            new PropertyBag(new Dictionary<string, object?>
+            {
+                ["parentControlId"] = parentControlId,
+                ["parentTabId"] = parentTabId,
+            }),
+            null);
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/FormControlRegistryDesignerTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/FormControlRegistryDesignerTests.cs
new file mode 100644
index 00000000..ddf27ea2
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/FormControlRegistryDesignerTests.cs
@@ -0,0 +1,305 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using CSharpDB.Admin.Forms.Components.Designer;
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using Microsoft.AspNetCore.Components;
+using Microsoft.AspNetCore.Components.Web;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace CSharpDB.Admin.Forms.Tests.Components.Designer;
+
+public sealed class FormControlRegistryDesignerTests
+{
+    [Fact]
+    public void Toolbox_GroupsCustomControlsFromRegistry()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateRatingDescriptor()));
+        var toolbox = new Toolbox
+        {
+            State = new DesignerState(),
+            ControlRegistry = registry,
+        };
+
+        var groups = InvokeNonPublic<IReadOnlyList<(string Name, IReadOnlyList<FormControlDescriptor> Controls)>>(
+            toolbox,
+            "GetToolboxGroups");
+
+        Assert.Contains(
+            groups,
+            group => group.Name == "Custom" && group.Controls.Any(control => control.ControlType == "rating"));
+    }
+
+    [Fact]
+    public void DesignCanvas_PlacesRegisteredControlWithDefaultSizePropsAndBinding()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateRatingDescriptor()));
+        var state = new DesignerState();
+        state.LoadForm(CreateForm([]));
+        state.ActiveTool = "rating";
+        var canvas = new DesignCanvas
+        {
+            State = state,
+            ControlRegistry = registry,
+        };
+
+        InvokeNonPublic(
+            canvas,
+            "PlaceNewControl",
+            new PointerEventArgs
+            {
+                OffsetX = 13,
+                OffsetY = 21,
+            });
+
+        ControlDefinition control = Assert.Single(state.ToFormDefinition().Controls);
+        Assert.Equal("rating", control.ControlType);
+        Assert.Equal(new Rect(16, 24, 180, 42), control.Rect);
+        Assert.NotNull(control.Binding);
+        Assert.Equal(string.Empty, control.Binding!.FieldName);
+        Assert.Equal("star", control.Props.Values["displayMode"]);
+        Assert.Null(state.ActiveTool);
+    }
+
+    [Fact]
+    public void DesignCanvas_PlacesNonBindingRegisteredControlWithoutBinding()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateBadgeDescriptor()));
+        var state = new DesignerState();
+        state.LoadForm(CreateForm([]));
+        state.ActiveTool = "badge";
+        var canvas = new DesignCanvas
+        {
+            State = state,
+            ControlRegistry = registry,
+        };
+
+        InvokeNonPublic(
+            canvas,
+            "PlaceNewControl",
+            new PointerEventArgs
+            {
+                OffsetX = 8,
+                OffsetY = 8,
+            });
+
+        ControlDefinition control = Assert.Single(state.ToFormDefinition().Controls);
+        Assert.Equal("badge", control.ControlType);
+        Assert.Null(control.Binding);
+        Assert.Equal("info", control.Props.Values["tone"]);
+    }
+
+    [Fact]
+    public void DesignCanvas_UsesRegisteredDesignerPreviewComponent()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateRatingDescriptor()));
+        ControlDefinition control = CreateRatingControl();
+        var canvas = new DesignCanvas
+        {
+            State = new DesignerState(),
+            ControlRegistry = registry,
+        };
+
+        object?[] args = [control, null];
+        bool resolved = InvokeNonPublic<bool>(canvas, "TryGetDesignerPreviewComponent", args);
+        Type componentType = Assert.IsAssignableFrom<Type>(args[1]);
+        Dictionary<string, object?> parameters = InvokeNonPublic<Dictionary<string, object?>>(
+            canvas,
+            "GetDesignerPreviewParameters",
+            control,
+            true,
+            control.Rect);
+
+        Assert.True(resolved);
+        Assert.Equal(typeof(RatingPreviewComponent), componentType);
+        var context = Assert.IsType<FormControlDesignContext>(parameters["Context"]);
+        Assert.Equal(control.ControlId, context.Control.ControlId);
+        Assert.True(context.IsSelected);
+        Assert.Equal("Rating", context.Descriptor.DisplayName);
+    }
+
+    [Fact]
+    public void PropertyInspector_TypeDropdownUsesRegistry()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateRatingDescriptor()));
+        var inspector = new PropertyInspector
+        {
+            State = new DesignerState(),
+            ControlRegistry = registry,
+        };
+
+        IReadOnlyList<FormControlDescriptor> controls = InvokeNonPublic<IReadOnlyList<FormControlDescriptor>>(
+            inspector,
+            "GetTypeDropdownControls");
+
+        Assert.Contains(controls, control => control.ControlType == "rating");
+    }
+
+    [Fact]
+    public void PropertyInspector_GenericPropertyEditingUpdatesSelectedControlProps()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateRatingDescriptor()));
+        ControlDefinition rating = CreateRatingControl();
+        var state = new DesignerState();
+        state.LoadForm(CreateForm([rating]));
+        state.SelectControl(rating.ControlId, addToSelection: false);
+        var inspector = new PropertyInspector
+        {
+            State = state,
+            ControlRegistry = registry,
+        };
+        SetField(inspector, "_selected", rating);
+
+        FormControlDescriptor descriptor = registry.Controls.Single(control => control.ControlType == "rating");
+        FormControlPropertyDescriptor maxProperty = descriptor.PropertyDescriptors.Single(property => property.Name == "max");
+        FormControlPropertyDescriptor requiredProperty = descriptor.PropertyDescriptors.Single(property => property.Name == "required");
+
+        InvokeNonPublic(inspector, "OnRegisteredPropertyChanged", maxProperty, "7");
+        InvokeNonPublic(inspector, "OnRegisteredPropertyChanged", requiredProperty, true);
+
+        ControlDefinition updated = Assert.Single(state.ToFormDefinition().Controls);
+        Assert.Equal(7L, updated.Props.Values["max"]);
+        Assert.Equal(true, updated.Props.Values["required"]);
+    }
+
+    [Fact]
+    public async Task PropertyInspector_CustomPropertyEditorContextUpdatesProps()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateRatingDescriptor()));
+        ControlDefinition rating = CreateRatingControl();
+        var state = new DesignerState();
+        state.LoadForm(CreateForm([rating]));
+        state.SelectControl(rating.ControlId, addToSelection: false);
+        var inspector = new PropertyInspector
+        {
+            State = state,
+            ControlRegistry = registry,
+        };
+        SetField(inspector, "_selected", rating);
+        FormControlDescriptor descriptor = registry.Controls.Single(control => control.ControlType == "rating");
+
+        Dictionary<string, object?> parameters = InvokeNonPublic<Dictionary<string, object?>>(
+            inspector,
+            "GetPropertyEditorParameters",
+            descriptor);
+        var context = Assert.IsType<FormControlPropertyContext>(parameters["Context"]);
+
+        await context.SetPropertyAsync("displayMode", "compact");
+
+        ControlDefinition updated = Assert.Single(state.ToFormDefinition().Controls);
+        Assert.Equal("compact", updated.Props.Values["displayMode"]);
+    }
+
+    private static IFormControlRegistry CreateRegistry(Action<FormControlRegistryBuilder> configure)
+    {
+        var services = new ServiceCollection();
+        services.AddCSharpDbAdminForms();
+        services.AddCSharpDbAdminFormControls(configure);
+        using ServiceProvider provider = services.BuildServiceProvider();
+        return provider.GetRequiredService<IFormControlRegistry>();
+    }
+
+    private static FormControlDescriptor CreateRatingDescriptor()
+        => new()
+        {
+            ControlType = "rating",
+            DisplayName = "Rating",
+            ToolboxGroup = "Custom",
+            IconText = "*",
+            DefaultWidth = 180,
+            DefaultHeight = 42,
+            SupportsBinding = true,
+            ParticipatesInTabOrder = true,
+            DefaultProps = new Dictionary<string, object?> { ["displayMode"] = "star" },
+            DesignerPreviewComponentType = typeof(RatingPreviewComponent),
+            RuntimeComponentType = typeof(RatingRuntimeComponent),
+            PropertyEditorComponentType = typeof(RatingPropertyEditorComponent),
+            PropertyDescriptors =
+            [
+                new FormControlPropertyDescriptor
+                {
+                    Name = "max",
+                    Label = "Max",
+                    Editor = FormControlPropertyEditor.Number,
+                    DefaultValue = 5L,
+                },
+                new FormControlPropertyDescriptor
+                {
+                    Name = "required",
+                    Label = "Required",
+                    Editor = FormControlPropertyEditor.Checkbox,
+                    DefaultValue = false,
+                },
+            ],
+        };
+
+    private static FormControlDescriptor CreateBadgeDescriptor()
+        => new()
+        {
+            ControlType = "badge",
+            DisplayName = "Badge",
+            ToolboxGroup = "Custom",
+            IconText = "B",
+            DefaultWidth = 96,
+            DefaultHeight = 28,
+            SupportsBinding = false,
+            ParticipatesInTabOrder = false,
+            DefaultProps = new Dictionary<string, object?> { ["tone"] = "info" },
+        };
+
+    private static ControlDefinition CreateRatingControl()
+        => new(
+            "rating1",
+            "rating",
+            new Rect(0, 0, 180, 42),
+            new BindingDefinition("Rating", "TwoWay"),
+            new PropertyBag(new Dictionary<string, object?> { ["displayMode"] = "star" }),
+            null);
+
+    private static FormDefinition CreateForm(IReadOnlyList<ControlDefinition> controls)
+        => new(
+            "custom-form",
+            "Custom Form",
+            "Orders",
+            1,
+            "orders:v1",
+            new LayoutDefinition("absolute", 8, true, [new Breakpoint("md", 0, null)]),
+            controls);
+
+    private static void InvokeNonPublic(object instance, string methodName, params object?[] args)
+    {
+        MethodInfo method = instance.GetType().GetMethod(methodName, BindingFlags.Instance | BindingFlags.NonPublic)
+            ?? throw new InvalidOperationException($"Method '{methodName}' was not found.");
+        method.Invoke(instance, args);
+    }
+
+    private static T InvokeNonPublic<T>(object instance, string methodName, params object?[] args)
+    {
+        MethodInfo method = instance.GetType().GetMethod(methodName, BindingFlags.Instance | BindingFlags.NonPublic)
+            ?? throw new InvalidOperationException($"Method '{methodName}' was not found.");
+        return (T)method.Invoke(instance, args)!;
+    }
+
+    private static void SetField(object instance, string fieldName, object? value)
+    {
+        FieldInfo field = instance.GetType().GetField(fieldName, BindingFlags.Instance | BindingFlags.NonPublic)
+            ?? throw new InvalidOperationException($"Field '{fieldName}' was not found.");
+        field.SetValue(instance, value);
+    }
+
+    private sealed class RatingPreviewComponent : ComponentBase
+    {
+        [Parameter] public FormControlDesignContext Context { get; set; } = default!;
+    }
+
+    private sealed class RatingRuntimeComponent : ComponentBase
+    {
+        [Parameter] public FormControlRuntimeContext Context { get; set; } = default!;
+    }
+
+    private sealed class RatingPropertyEditorComponent : ComponentBase
+    {
+        [Parameter] public FormControlPropertyContext Context { get; set; } = default!;
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/FormControlRegistryRuntimeTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/FormControlRegistryRuntimeTests.cs
new file mode 100644
index 00000000..19fc0000
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/FormControlRegistryRuntimeTests.cs
@@ -0,0 +1,255 @@
+using System.Reflection;
+using CSharpDB.Admin.Forms.Components.Designer;
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
+using Microsoft.AspNetCore.Components;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace CSharpDB.Admin.Forms.Tests.Components.Designer;
+
+public sealed class FormControlRegistryRuntimeTests
+{
+    [Fact]
+    public void FormRenderer_ResolvesCustomRuntimeComponent()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateRatingDescriptor()));
+        ControlDefinition control = CreateRatingControl();
+        var renderer = CreateRenderer(registry, DbCommandRegistry.Empty, CreateForm(control));
+
+        object?[] args = [control, null];
+        bool resolved = InvokeNonPublic<bool>(renderer, "TryGetRuntimeComponent", args);
+
+        Assert.True(resolved);
+        Assert.Equal(typeof(RatingRuntimeComponent), Assert.IsAssignableFrom<Type>(args[1]));
+    }
+
+    [Fact]
+    public void FormRenderer_KeepsBuiltInRendererUnlessReplacementIsOptedIn()
+    {
+        IFormControlRegistry registry = CreateRegistry();
+        ControlDefinition control = new(
+            "name",
+            "text",
+            new Rect(0, 0, 180, 32),
+            new BindingDefinition("Name", "TwoWay"),
+            PropertyBag.Empty,
+            null);
+        var renderer = CreateRenderer(registry, DbCommandRegistry.Empty, CreateForm(control));
+
+        object?[] args = [control, null];
+        bool resolved = InvokeNonPublic<bool>(renderer, "TryGetRuntimeComponent", args);
+
+        Assert.False(resolved);
+        Assert.Null(args[1]);
+    }
+
+    [Fact]
+    public void FormRenderer_ResolvesBuiltInRuntimeReplacementWhenOptedIn()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(new FormControlDescriptor
+        {
+            ControlType = "text",
+            DisplayName = "Text Replacement",
+            RuntimeComponentType = typeof(RatingRuntimeComponent),
+            ReplaceBuiltInRuntime = true,
+        }));
+        ControlDefinition control = new(
+            "name",
+            "text",
+            new Rect(0, 0, 180, 32),
+            new BindingDefinition("Name", "TwoWay"),
+            PropertyBag.Empty,
+            null);
+        var renderer = CreateRenderer(registry, DbCommandRegistry.Empty, CreateForm(control));
+
+        object?[] args = [control, null];
+        bool resolved = InvokeNonPublic<bool>(renderer, "TryGetRuntimeComponent", args);
+
+        Assert.True(resolved);
+        Assert.Equal(typeof(RatingRuntimeComponent), Assert.IsAssignableFrom<Type>(args[1]));
+    }
+
+    [Fact]
+    public void FormRenderer_BuildsRuntimeContextForCustomComponent()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateRatingDescriptor()));
+        ControlDefinition control = CreateRatingControl() with
+        {
+            Props = new PropertyBag(new Dictionary<string, object?>
+            {
+                ["enabled"] = false,
+                ["readOnly"] = true,
+            }),
+        };
+        var renderer = CreateRenderer(
+            registry,
+            DbCommandRegistry.Empty,
+            CreateForm(control),
+            record: new Dictionary<string, object?> { ["Rating"] = "3" },
+            choices: new Dictionary<string, IReadOnlyList<EnumChoice>>
+            {
+                ["Rating"] = [new EnumChoice("3", "Three")],
+            });
+
+        Dictionary<string, object?> parameters = InvokeNonPublic<Dictionary<string, object?>>(
+            renderer,
+            "GetRuntimeComponentParameters",
+            control,
+            "Rating",
+            "Rating is required.",
+            4);
+        var context = Assert.IsType<FormControlRuntimeContext>(parameters["Context"]);
+
+        Assert.Equal("custom-form", context.Form.FormId);
+        Assert.Equal(control.ControlId, context.Control.ControlId);
+        Assert.Equal("Rating", context.FieldName);
+        Assert.Equal("3", context.BoundValue);
+        Assert.Single(context.Choices);
+        Assert.False(context.IsEnabled);
+        Assert.True(context.IsReadOnly);
+        Assert.Equal("Rating is required.", context.ValidationError);
+        Assert.Equal(4, context.TabIndex);
+    }
+
+    [Fact]
+    public async Task RuntimeContext_SetValueAndDispatchEventUseRendererRuntimePath()
+    {
+        List<DbCommandContext> captured = [];
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("CaptureChange", context =>
+            {
+                captured.Add(context);
+                return DbCommandResult.Success();
+            });
+            builder.AddCommand("CaptureClick", context =>
+            {
+                captured.Add(context);
+                return DbCommandResult.Success();
+            });
+        });
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateRatingDescriptor()));
+        ControlDefinition control = CreateRatingControl() with
+        {
+            EventBindings =
+            [
+                new ControlEventBinding(ControlEventKind.OnChange, "CaptureChange"),
+                new ControlEventBinding(
+                    ControlEventKind.OnClick,
+                    "CaptureClick",
+                    new Dictionary<string, object?> { ["configured"] = "yes" }),
+            ],
+        };
+        var record = new Dictionary<string, object?> { ["Rating"] = "2" };
+        var renderer = CreateRenderer(registry, commands, CreateForm(control), record);
+        FormControlRuntimeContext context = GetRuntimeContext(renderer, control, "Rating");
+
+        await context.SetValueAsync("4");
+        await context.DispatchEventAsync(
+            ControlEventKind.OnClick,
+            new Dictionary<string, object?> { ["source"] = "custom-runtime" });
+
+        Assert.Equal("4", record["Rating"]);
+        Assert.Equal(2, captured.Count);
+        Assert.Equal("CaptureChange", captured[0].CommandName);
+        Assert.Equal("OnChange", captured[0].Metadata["event"]);
+        Assert.Equal("4", captured[0].Arguments["value"].AsText);
+        Assert.Equal("2", captured[0].Arguments["oldValue"].AsText);
+        Assert.Equal("CaptureClick", captured[1].CommandName);
+        Assert.Equal("OnClick", captured[1].Metadata["event"]);
+        Assert.Equal("custom-runtime", captured[1].Arguments["source"].AsText);
+        Assert.Equal("yes", captured[1].Arguments["configured"].AsText);
+    }
+
+    private static FormControlRuntimeContext GetRuntimeContext(FormRenderer renderer, ControlDefinition control, string fieldName)
+    {
+        Dictionary<string, object?> parameters = InvokeNonPublic<Dictionary<string, object?>>(
+            renderer,
+            "GetRuntimeComponentParameters",
+            control,
+            fieldName,
+            null,
+            1);
+        return Assert.IsType<FormControlRuntimeContext>(parameters["Context"]);
+    }
+
+    private static FormRenderer CreateRenderer(
+        IFormControlRegistry registry,
+        DbCommandRegistry commands,
+        FormDefinition form,
+        Dictionary<string, object?>? record = null,
+        IReadOnlyDictionary<string, IReadOnlyList<EnumChoice>>? choices = null)
+    {
+        var renderer = new FormRenderer();
+        SetProperty(renderer, nameof(FormRenderer.Form), form);
+        SetProperty(renderer, nameof(FormRenderer.Record), record ?? new Dictionary<string, object?>());
+        SetProperty(renderer, nameof(FormRenderer.Choices), choices);
+        SetProperty(renderer, nameof(FormRenderer.ControlRegistry), registry);
+        SetProperty(renderer, "Commands", commands);
+        return renderer;
+    }
+
+    private static IFormControlRegistry CreateRegistry(Action<FormControlRegistryBuilder>? configure = null)
+    {
+        var services = new ServiceCollection();
+        services.AddCSharpDbAdminForms();
+        if (configure is not null)
+            services.AddCSharpDbAdminFormControls(configure);
+
+        using ServiceProvider provider = services.BuildServiceProvider();
+        return provider.GetRequiredService<IFormControlRegistry>();
+    }
+
+    private static FormControlDescriptor CreateRatingDescriptor()
+        => new()
+        {
+            ControlType = "rating",
+            DisplayName = "Rating",
+            ToolboxGroup = "Custom",
+            IconText = "*",
+            DefaultWidth = 180,
+            DefaultHeight = 42,
+            SupportsBinding = true,
+            RuntimeComponentType = typeof(RatingRuntimeComponent),
+        };
+
+    private static ControlDefinition CreateRatingControl()
+        => new(
+            "rating1",
+            "rating",
+            new Rect(0, 0, 180, 42),
+            new BindingDefinition("Rating", "TwoWay"),
+            PropertyBag.Empty,
+            null);
+
+    private static FormDefinition CreateForm(ControlDefinition control)
+        => new(
+            "custom-form",
+            "Custom Form",
+            "Orders",
+            1,
+            "orders:v1",
+            new LayoutDefinition("absolute", 8, true, [new Breakpoint("md", 0, null)]),
+            [control]);
+
+    private static void SetProperty(object instance, string propertyName, object? value)
+    {
+        PropertyInfo property = instance.GetType().GetProperty(propertyName, BindingFlags.Instance | BindingFlags.Public | BindingFlags.NonPublic)
+            ?? throw new InvalidOperationException($"Property '{propertyName}' was not found.");
+        property.SetValue(instance, value);
+    }
+
+    private static T InvokeNonPublic<T>(object instance, string methodName, params object?[] args)
+    {
+        MethodInfo method = instance.GetType().GetMethod(methodName, BindingFlags.Instance | BindingFlags.NonPublic)
+            ?? throw new InvalidOperationException($"Method '{methodName}' was not found.");
+        return (T)method.Invoke(instance, args)!;
+    }
+
+    private sealed class RatingRuntimeComponent : ComponentBase
+    {
+        [Parameter] public FormControlRuntimeContext Context { get; set; } = default!;
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/FormRendererCommandButtonTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/FormRendererCommandButtonTests.cs
new file mode 100644
index 00000000..094045bd
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Components/Designer/FormRendererCommandButtonTests.cs
@@ -0,0 +1,529 @@
+using System.Reflection;
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Components.Designer;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Primitives;
+using Microsoft.AspNetCore.Components;
+
+namespace CSharpDB.Admin.Forms.Tests.Components.Designer;
+
+public sealed class FormRendererCommandButtonTests
+{
+    [Fact]
+    public async Task CommandButton_InvokesRegisteredCommandWithRecordAndConfiguredArguments()
+    {
+        DbCommandContext? captured = null;
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("ShipOrder", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+
+        ControlDefinition button = CreateCommandButton("ShipOrder");
+        var renderer = CreateRenderer(commands, CreateForm(button));
+
+        await InvokeNonPublicAsync(renderer, "InvokeCommandButtonAsync", button);
+
+        Assert.NotNull(captured);
+        Assert.Equal("ShipOrder", captured.CommandName);
+        Assert.Equal(42, captured.Arguments["OrderId"].AsInteger);
+        Assert.Equal("manual", captured.Arguments["reason"].AsText);
+        Assert.Equal("AdminForms", captured.Metadata["surface"]);
+        Assert.Equal("orders-form", captured.Metadata["formId"]);
+        Assert.Equal("Click", captured.Metadata["event"]);
+        Assert.Equal("button1", captured.Metadata["controlId"]);
+    }
+
+    [Fact]
+    public async Task CommandButton_ReportsMissingCommand()
+    {
+        string? error = null;
+        ControlDefinition button = CreateCommandButton("MissingCommand");
+        var renderer = CreateRenderer(DbCommandRegistry.Empty, CreateForm(button), message => error = message);
+
+        await InvokeNonPublicAsync(renderer, "InvokeCommandButtonAsync", button);
+
+        Assert.Equal("Unknown form command 'MissingCommand'.", error);
+    }
+
+    [Fact]
+    public async Task ControlOnChange_InvokesRegisteredCommandWithFieldRuntimeArguments()
+    {
+        DbCommandContext? captured = null;
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("AuditStatus", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+
+        ControlDefinition text = new(
+            "status",
+            "text",
+            new Rect(10, 20, 180, 34),
+            new BindingDefinition("Status", "TwoWay"),
+            PropertyBag.Empty,
+            null,
+            EventBindings:
+            [
+                new ControlEventBinding(
+                    ControlEventKind.OnChange,
+                    "AuditStatus",
+                    new Dictionary<string, object?> { ["source"] = "control-event" }),
+            ]);
+        var renderer = CreateRenderer(commands, CreateForm(text));
+
+        await InvokeNonPublicAsync(renderer, "SetFieldValueAsync", text, "Status", "Shipped");
+
+        Assert.NotNull(captured);
+        Assert.Equal("AuditStatus", captured.CommandName);
+        Assert.Equal("AdminForms", captured.Metadata["surface"]);
+        Assert.Equal("OnChange", captured.Metadata["event"]);
+        Assert.Equal("status", captured.Metadata["controlId"]);
+        Assert.Equal("Status", captured.Metadata["fieldName"]);
+        Assert.Equal("Shipped", captured.Arguments["Status"].AsText);
+        Assert.Equal("Status", captured.Arguments["fieldName"].AsText);
+        Assert.Equal("Shipped", captured.Arguments["value"].AsText);
+        Assert.Equal("Ready", captured.Arguments["oldValue"].AsText);
+        Assert.Equal("control-event", captured.Arguments["source"].AsText);
+    }
+
+    [Fact]
+    public async Task CommandButton_UsesOnClickBindingWhenNoDirectCommandIsConfigured()
+    {
+        DbCommandContext? captured = null;
+        string? error = null;
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("ShipOrder", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+
+        ControlDefinition button = new(
+            "button1",
+            "commandButton",
+            new Rect(10, 20, 120, 34),
+            null,
+            new PropertyBag(new Dictionary<string, object?> { ["text"] = "Ship" }),
+            null,
+            EventBindings:
+            [
+                new ControlEventBinding(ControlEventKind.OnClick, "ShipOrder"),
+            ]);
+        var renderer = CreateRenderer(commands, CreateForm(button), message => error = message);
+
+        await InvokeNonPublicAsync(renderer, "InvokeCommandButtonAsync", button);
+
+        Assert.Null(error);
+        Assert.NotNull(captured);
+        Assert.Equal("OnClick", captured!.Metadata["event"]);
+        Assert.Equal("button1", captured.Metadata["controlId"]);
+        Assert.Equal(42, captured.Arguments["OrderId"].AsInteger);
+    }
+
+    [Fact]
+    public async Task CommandButton_ExecutesOnClickActionSequenceWhenNoDirectCommandIsConfigured()
+    {
+        DbCommandContext? captured = null;
+        string? error = null;
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("AuditButtonAction", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+
+        ControlDefinition button = new(
+            "button1",
+            "commandButton",
+            new Rect(10, 20, 120, 34),
+            null,
+            new PropertyBag(new Dictionary<string, object?> { ["text"] = "Ship" }),
+            null,
+            EventBindings:
+            [
+                new ControlEventBinding(
+                    ControlEventKind.OnClick,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.SetFieldValue, Target: "Status", Value: "Shipped"),
+                        new DbActionStep(DbActionKind.RunCommand, CommandName: "AuditButtonAction"),
+                    ],
+                    Name: "ShipButtonActions")),
+            ]);
+        var renderer = CreateRenderer(commands, CreateForm(button), message => error = message);
+
+        await InvokeNonPublicAsync(renderer, "InvokeCommandButtonAsync", button);
+
+        var record = (Dictionary<string, object?>)GetProperty(renderer, nameof(FormRenderer.Record))!;
+        Assert.Null(error);
+        Assert.Equal("Shipped", record["Status"]);
+        Assert.NotNull(captured);
+        Assert.Equal("Shipped", captured!.Arguments["Status"].AsText);
+        Assert.Equal("RunCommand", captured.Metadata["actionKind"]);
+        Assert.Equal("1", captured.Metadata["actionStep"]);
+        Assert.Equal("ShipButtonActions", captured.Metadata["actionSequence"]);
+    }
+
+    [Fact]
+    public async Task CommandButton_ExecutesReusableActionSequence()
+    {
+        DbCommandContext? captured = null;
+        string? error = null;
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("AuditReusableAction", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+
+        ControlDefinition button = new(
+            "button1",
+            "commandButton",
+            new Rect(10, 20, 120, 34),
+            null,
+            new PropertyBag(new Dictionary<string, object?> { ["text"] = "Ship" }),
+            null,
+            EventBindings:
+            [
+                new ControlEventBinding(
+                    ControlEventKind.OnClick,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(
+                            DbActionKind.RunActionSequence,
+                            SequenceName: "ReusableShip",
+                            Arguments: new Dictionary<string, object?> { ["source"] = "button" }),
+                    ])),
+            ]);
+        FormDefinition form = CreateForm(
+            button,
+            [
+                new DbActionSequence(
+                [
+                    new DbActionStep(DbActionKind.SetFieldValue, Target: "Status", Value: "Shipped"),
+                    new DbActionStep(DbActionKind.RunCommand, CommandName: "AuditReusableAction"),
+                ],
+                Name: "ReusableShip"),
+            ]);
+        var renderer = CreateRenderer(commands, form, message => error = message);
+
+        await InvokeNonPublicAsync(renderer, "InvokeCommandButtonAsync", button);
+
+        var record = (Dictionary<string, object?>)GetProperty(renderer, nameof(FormRenderer.Record))!;
+        Assert.Null(error);
+        Assert.Equal("Shipped", record["Status"]);
+        Assert.NotNull(captured);
+        Assert.Equal("AuditReusableAction", captured!.CommandName);
+        Assert.Equal("button", captured.Arguments["source"].AsText);
+        Assert.Equal("ReusableShip", captured.Metadata["actionSequence"]);
+    }
+
+    [Fact]
+    public async Task CommandButton_ExecutesBuiltInFormAction()
+    {
+        DbActionStep? captured = null;
+        string? error = null;
+        ControlDefinition button = new(
+            "button1",
+            "commandButton",
+            new Rect(10, 20, 120, 34),
+            null,
+            new PropertyBag(new Dictionary<string, object?> { ["text"] = "Next" }),
+            null,
+            EventBindings:
+            [
+                new ControlEventBinding(
+                    ControlEventKind.OnClick,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.NextRecord),
+                    ])),
+            ]);
+        var renderer = CreateRenderer(DbCommandRegistry.Empty, CreateForm(button), message => error = message);
+        SetProperty(
+            renderer,
+            nameof(FormRenderer.OnBuiltInAction),
+            new Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>((step, _) =>
+            {
+                captured = step;
+                return Task.FromResult(FormEventDispatchResult.Success());
+            }));
+
+        await InvokeNonPublicAsync(renderer, "InvokeCommandButtonAsync", button);
+
+        Assert.Null(error);
+        Assert.NotNull(captured);
+        Assert.Equal(DbActionKind.NextRecord, captured!.Kind);
+    }
+
+    [Fact]
+    public async Task CommandButton_SkipsBuiltInFormActionWhenConditionIsFalse()
+    {
+        bool invoked = false;
+        string? error = null;
+        ControlDefinition button = new(
+            "button1",
+            "commandButton",
+            new Rect(10, 20, 120, 34),
+            null,
+            new PropertyBag(new Dictionary<string, object?> { ["text"] = "Next" }),
+            null,
+            EventBindings:
+            [
+                new ControlEventBinding(
+                    ControlEventKind.OnClick,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.NextRecord, Condition: "Status = 'Archived'"),
+                    ])),
+            ]);
+        var renderer = CreateRenderer(DbCommandRegistry.Empty, CreateForm(button), message => error = message);
+        SetProperty(
+            renderer,
+            nameof(FormRenderer.OnBuiltInAction),
+            new Func<DbActionStep, CancellationToken, Task<FormEventDispatchResult>>((_, _) =>
+            {
+                invoked = true;
+                return Task.FromResult(FormEventDispatchResult.Success());
+            }));
+
+        await InvokeNonPublicAsync(renderer, "InvokeCommandButtonAsync", button);
+
+        Assert.Null(error);
+        Assert.False(invoked);
+    }
+
+    [Fact]
+    public void ControlRules_ApplyVisibilityAndTextEffects()
+    {
+        ControlDefinition label = new(
+            "statusLabel",
+            "label",
+            new Rect(10, 20, 120, 34),
+            null,
+            new PropertyBag(new Dictionary<string, object?> { ["text"] = "Ready" }),
+            null);
+        FormDefinition form = CreateForm(
+            label,
+            rules:
+            [
+                new ControlRuleDefinition(
+                    "closed-state",
+                    "[Status] = 'Ready'",
+                    [
+                        new ControlRuleEffect("statusLabel", "visible", false),
+                        new ControlRuleEffect("statusLabel", "text", "Matched"),
+                    ]),
+            ]);
+        var renderer = CreateRenderer(DbCommandRegistry.Empty, form);
+
+        string style = InvokeNonPublic<string>(renderer, "GetControlStyle", label);
+        string text = InvokeNonPublic<string>(renderer, "GetProp", label, "text", "Fallback");
+
+        Assert.Contains("display: none", style, StringComparison.Ordinal);
+        Assert.Equal("Matched", text);
+    }
+
+    [Fact]
+    public void FixedLayout_EmitsAnchorAndMinimumSizeVariables()
+    {
+        ControlDefinition stretched = new(
+            "status",
+            "text",
+            new Rect(100, 50, 200, 32),
+            new BindingDefinition("Status", "TwoWay"),
+            new PropertyBag(new Dictionary<string, object?>
+            {
+                ["anchorLeft"] = true,
+                ["anchorTop"] = true,
+                ["anchorRight"] = true,
+                ["anchorBottom"] = false,
+                ["minWidth"] = 120L,
+                ["minHeight"] = 24L,
+            }),
+            null);
+        ControlDefinition bottomRight = new(
+            "notes",
+            "textarea",
+            new Rect(100, 50, 200, 32),
+            new BindingDefinition("Notes", "TwoWay"),
+            new PropertyBag(new Dictionary<string, object?>
+            {
+                ["anchorLeft"] = false,
+                ["anchorTop"] = false,
+                ["anchorRight"] = true,
+                ["anchorBottom"] = true,
+            }),
+            null);
+        var renderer = CreateRenderer(DbCommandRegistry.Empty, CreateForm(stretched));
+        SetProperty(renderer, nameof(FormRenderer.AnchorCanvasWidth), 800d);
+        SetProperty(renderer, nameof(FormRenderer.AnchorCanvasHeight), 500d);
+
+        string stretchedStyle = InvokeNonPublic<string>(renderer, "GetControlStyle", stretched);
+        string bottomRightStyle = InvokeNonPublic<string>(renderer, "GetControlStyle", bottomRight);
+
+        Assert.Contains("--fr-left: 100px", stretchedStyle, StringComparison.Ordinal);
+        Assert.Contains("--fr-right: 500px", stretchedStyle, StringComparison.Ordinal);
+        Assert.Contains("--fr-width: auto", stretchedStyle, StringComparison.Ordinal);
+        Assert.Contains("--fr-height: 32px", stretchedStyle, StringComparison.Ordinal);
+        Assert.Contains("--fr-min-width: 120px", stretchedStyle, StringComparison.Ordinal);
+        Assert.Contains("--fr-min-height: 24px", stretchedStyle, StringComparison.Ordinal);
+        Assert.Contains("--fr-left: auto", bottomRightStyle, StringComparison.Ordinal);
+        Assert.Contains("--fr-top: auto", bottomRightStyle, StringComparison.Ordinal);
+        Assert.Contains("--fr-right: 500px", bottomRightStyle, StringComparison.Ordinal);
+        Assert.Contains("--fr-bottom: 418px", bottomRightStyle, StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public void FixedLayout_ScaleResizeModeEmitsPercentVariables()
+    {
+        ControlDefinition scaled = new(
+            "status",
+            "text",
+            new Rect(120, 50, 240, 100),
+            new BindingDefinition("Status", "TwoWay"),
+            new PropertyBag(new Dictionary<string, object?> { ["resizeMode"] = "scale" }),
+            null);
+        var renderer = CreateRenderer(DbCommandRegistry.Empty, CreateForm(scaled));
+        SetProperty(renderer, nameof(FormRenderer.AnchorCanvasWidth), 1200d);
+        SetProperty(renderer, nameof(FormRenderer.AnchorCanvasHeight), 500d);
+
+        string style = InvokeNonPublic<string>(renderer, "GetControlStyle", scaled);
+
+        Assert.Contains("--fr-left: 10%", style, StringComparison.Ordinal);
+        Assert.Contains("--fr-top: 10%", style, StringComparison.Ordinal);
+        Assert.Contains("--fr-width: 20%", style, StringComparison.Ordinal);
+        Assert.Contains("--fr-height: 20%", style, StringComparison.Ordinal);
+        Assert.Contains("--fr-right: auto", style, StringComparison.Ordinal);
+        Assert.Contains("--fr-bottom: auto", style, StringComparison.Ordinal);
+    }
+
+    [Fact]
+    public async Task ListBox_MultiSelectStoresDelimitedValues()
+    {
+        ControlDefinition listBox = new(
+            "statusList",
+            "listBox",
+            new Rect(10, 20, 160, 120),
+            new BindingDefinition("Status", "TwoWay"),
+            new PropertyBag(new Dictionary<string, object?>
+            {
+                ["multiSelect"] = true,
+                ["multiValueDelimiter"] = "|",
+            }),
+            null);
+        EnumChoice[] choices =
+        [
+            new("A", "Active"),
+            new("P", "Pending"),
+            new("C", "Closed"),
+        ];
+        var renderer = CreateRenderer(DbCommandRegistry.Empty, CreateForm(listBox));
+
+        await InvokeNonPublicAsync(renderer, "SetListBoxValueAsync", listBox, "Status", new[] { "A", "C" }, choices);
+
+        var record = (Dictionary<string, object?>)GetProperty(renderer, nameof(FormRenderer.Record))!;
+        Assert.Equal("A|C", record["Status"]);
+        Assert.True(InvokeNonPublic<bool>(renderer, "IsListBoxChoiceSelected", listBox, "Status", "A", choices));
+        Assert.False(InvokeNonPublic<bool>(renderer, "IsListBoxChoiceSelected", listBox, "Status", "P", choices));
+    }
+
+    private static FormRenderer CreateRenderer(
+        DbCommandRegistry commands,
+        FormDefinition form,
+        Action<string>? onCommandError = null)
+    {
+        var renderer = new FormRenderer();
+        SetProperty(renderer, nameof(FormRenderer.Form), form);
+        SetProperty(renderer, nameof(FormRenderer.Record), new Dictionary<string, object?>
+        {
+            ["OrderId"] = 42L,
+            ["Status"] = "Ready",
+        });
+        SetProperty(renderer, "Commands", commands);
+
+        if (onCommandError is not null)
+        {
+            EventCallback<string> callback = EventCallback.Factory.Create(new object(), onCommandError);
+            SetProperty(renderer, nameof(FormRenderer.OnCommandError), callback);
+        }
+
+        return renderer;
+    }
+
+    private static ControlDefinition CreateCommandButton(string commandName)
+        => new(
+            "button1",
+            "commandButton",
+            new Rect(10, 20, 120, 34),
+            null,
+            new PropertyBag(new Dictionary<string, object?>
+            {
+                ["text"] = "Ship",
+                ["commandName"] = commandName,
+                ["commandArguments"] = new Dictionary<string, object?> { ["reason"] = "manual" },
+            }),
+            null);
+
+    private static FormDefinition CreateForm(
+        ControlDefinition button,
+        IReadOnlyList<DbActionSequence>? actionSequences = null,
+        IReadOnlyList<ControlRuleDefinition>? rules = null)
+        => new(
+            "orders-form",
+            "Orders",
+            "Orders",
+            1,
+            "sig:orders",
+            new LayoutDefinition("absolute", 8, true, [new Breakpoint("md", 0, null)]),
+            [button],
+            ActionSequences: actionSequences,
+            Rules: rules);
+
+    private static void SetProperty(object instance, string propertyName, object? value)
+    {
+        PropertyInfo property = instance.GetType().GetProperty(propertyName, BindingFlags.Instance | BindingFlags.Public | BindingFlags.NonPublic)
+            ?? throw new InvalidOperationException($"Property '{propertyName}' was not found.");
+        property.SetValue(instance, value);
+    }
+
+    private static object? GetProperty(object instance, string propertyName)
+    {
+        PropertyInfo property = instance.GetType().GetProperty(propertyName, BindingFlags.Instance | BindingFlags.Public | BindingFlags.NonPublic)
+            ?? throw new InvalidOperationException($"Property '{propertyName}' was not found.");
+        return property.GetValue(instance);
+    }
+
+    private static async Task InvokeNonPublicAsync(object instance, string methodName, params object?[] args)
+    {
+        MethodInfo method = instance.GetType().GetMethod(methodName, BindingFlags.Instance | BindingFlags.NonPublic)
+            ?? throw new InvalidOperationException($"Method '{methodName}' was not found.");
+        var task = (Task?)method.Invoke(instance, args)
+            ?? throw new InvalidOperationException($"Method '{methodName}' did not return a task.");
+        await task;
+    }
+
+    private static T InvokeNonPublic<T>(object instance, string methodName, params object?[] args)
+    {
+        MethodInfo method = instance.GetType().GetMethod(methodName, BindingFlags.Instance | BindingFlags.NonPublic)
+            ?? throw new InvalidOperationException($"Method '{methodName}' was not found.");
+        return (T)method.Invoke(instance, args)!;
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Components/Shared/SqlCompletionProviderTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Components/Shared/SqlCompletionProviderTests.cs
index 24486101..09fc21ca 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Components/Shared/SqlCompletionProviderTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Components/Shared/SqlCompletionProviderTests.cs
@@ -123,6 +123,41 @@ public void GetCompletions_SelectListWithSourceAfterCaret_SuggestsColumns()
         Assert.Contains(result.Suggestions, s => s.Label == "Name" && s.Detail == "Customers - TEXT");
     }
 
+    [Fact]
+    public void GetCompletions_SelectListSuggestsTablelessCallbackFunction()
+    {
+        string sql = "SELECT Slu";
+
+        var result = SqlCompletionProvider.GetCompletions(sql, sql.Length, CreateCatalog());
+
+        var suggestion = Assert.Single(result.Suggestions, s => s.Label == "Slugify");
+        Assert.Equal("Slugify()", suggestion.InsertText);
+        Assert.Equal("host function - TEXT - 1 arg - Formats a slug.", suggestion.Detail);
+        Assert.Equal("SELECT Slugify(".Length, suggestion.CaretPosition);
+    }
+
+    [Fact]
+    public void GetCompletions_SelectListSuggestsZeroArgTablelessCallbackFunction()
+    {
+        string sql = "SELECT Host";
+
+        var result = SqlCompletionProvider.GetCompletions(sql, sql.Length, CreateCatalog());
+
+        var suggestion = Assert.Single(result.Suggestions, s => s.Label == "HostName");
+        Assert.Equal("HostName()", suggestion.InsertText);
+        Assert.Equal("SELECT HostName()".Length, suggestion.CaretPosition);
+    }
+
+    [Fact]
+    public void GetCompletions_SelectListDoesNotSuggestCallbackWithoutTablelessFlag()
+    {
+        string sql = "SELECT Row";
+
+        var result = SqlCompletionProvider.GetCompletions(sql, sql.Length, CreateCatalog());
+
+        Assert.DoesNotContain(result.Suggestions, s => s.Label == "RowAudit");
+    }
+
     [Fact]
     public void GetCompletions_FromContextFiltersSources()
     {
@@ -240,5 +275,11 @@ private static SqlCompletionCatalog CreateCatalog()
                 ],
             },
             Procedures = ["RefreshCustomerStats"],
+            Functions =
+            [
+                new SqlCompletionFunction("HostName", 0, "TEXT", "Returns the host name.", CanRunWithoutFrom: true),
+                new SqlCompletionFunction("Slugify", 1, "TEXT", "Formats a slug.", CanRunWithoutFrom: true),
+                new SqlCompletionFunction("RowAudit", 1, "TEXT", "Requires row context.", CanRunWithoutFrom: false),
+            ],
         };
 }
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Evaluation/FormulaEvaluatorTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Evaluation/FormulaEvaluatorTests.cs
index 0f5fcdc3..b947bde0 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Evaluation/FormulaEvaluatorTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Evaluation/FormulaEvaluatorTests.cs
@@ -1,4 +1,8 @@
+using System.Globalization;
 using CSharpDB.Admin.Forms.Evaluation;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Admin.Forms.Tests.Evaluation;
 
@@ -78,6 +82,25 @@ public void FieldReference()
         Assert.Equal(50.0, result);
     }
 
+    [Fact]
+    public void RegisteredScalarFunction()
+    {
+        var registry = DbFunctionRegistry.Create(functions =>
+            functions.AddScalar(
+                "Markup",
+                2,
+                new DbScalarFunctionOptions(DbType.Real, IsDeterministic: true, NullPropagating: true),
+                static (_, args) => DbValue.FromReal(args[0].AsReal * args[1].AsReal)));
+
+        var result = FormulaEvaluator.Evaluate("=Markup(Price, 1.25)", field => field switch
+        {
+            "Price" => 10.0,
+            _ => null,
+        }, registry);
+
+        Assert.Equal(12.5, result);
+    }
+
     [Fact]
     public void ComplexExpression_WithFields()
     {
@@ -328,4 +351,190 @@ public void EvaluateAggregate_AllNulls_ReturnsNull()
         var result = FormulaEvaluator.EvaluateAggregate("SUM", values);
         Assert.Null(result);
     }
+
+    // ===== Access-style built-in functions =====
+
+    [Fact]
+    public void AccessBuiltIns_NullAndConditional()
+    {
+        Dictionary<string, object?> record = new(StringComparer.OrdinalIgnoreCase)
+        {
+            ["Qty"] = 3,
+            ["Blank"] = "",
+        };
+
+        Assert.Equal("fallback", Eval("=Nz(Missing, 'fallback')", record));
+        Assert.Equal("", Eval("=Nz(Missing)", record));
+        Assert.True(AsBool(Eval("=IsNull(Missing)", record)));
+        Assert.True(AsBool(Eval("=IsEmpty(Blank)", record)));
+        Assert.Equal("high", Eval("=IIf(Qty > 2, 'high', 'low')", record));
+        Assert.Equal("matched", Eval("=Switch(Qty = 1, 'one', Qty = 3, 'matched')", record));
+        Assert.Equal("second", Eval("=Choose(2, 'first', 'second', 'third')", record));
+    }
+
+    [Fact]
+    public void AccessBuiltIns_Text()
+    {
+        Assert.Equal(5, AsInt(Eval("=Len('Hello')")));
+        Assert.Equal("Hel", Eval("=Left('Hello', 3)"));
+        Assert.Equal("llo", Eval("=Right('Hello', 3)"));
+        Assert.Equal("ell", Eval("=Mid('Hello', 2, 3)"));
+        Assert.Equal("trim", Eval("=Trim('  trim  ')"));
+        Assert.Equal("left  ", Eval("=LTrim('  left  ')"));
+        Assert.Equal("  right", Eval("=RTrim('  right  ')"));
+        Assert.Equal("HELLO", Eval("=UCase('Hello')"));
+        Assert.Equal("hello", Eval("=LCase('Hello')"));
+        Assert.Equal(3, AsInt(Eval("=InStr('Hello', 'l')")));
+        Assert.Equal("HaLlo", Eval("=Replace('Hello', 'el', 'aL')"));
+        Assert.Equal(0, AsInt(Eval("=StrComp('abc', 'ABC', 'text')")));
+        Assert.Equal(12.75, AsDouble(Eval("=Val('12.75 kg')")));
+    }
+
+    [Fact]
+    public void AccessBuiltIns_DateAndTime()
+    {
+        Assert.IsType<DateTime>(Eval("=Date()"));
+        Assert.IsType<TimeSpan>(Eval("=Time()"));
+        Assert.IsType<DateTime>(Eval("=Now()"));
+
+        Assert.Equal(2026, AsInt(Eval("=Year('2026-05-02')")));
+        Assert.Equal(5, AsInt(Eval("=Month('2026-05-02')")));
+        Assert.Equal(2, AsInt(Eval("=Day('2026-05-02')")));
+        Assert.Equal(14, AsInt(Eval("=Hour('2026-05-02 14:30:15')")));
+        Assert.Equal(30, AsInt(Eval("=Minute('2026-05-02 14:30:15')")));
+        Assert.Equal(15, AsInt(Eval("=Second('2026-05-02 14:30:15')")));
+
+        Assert.Equal(new DateTime(2026, 5, 7), Eval("=DateAdd('d', 5, '2026-05-02')"));
+        Assert.Equal(5, AsInt(Eval("=DateDiff('d', '2026-05-02', '2026-05-07')")));
+        Assert.Equal(2, AsInt(Eval("=DatePart('q', '2026-05-02')")));
+        Assert.Equal(new DateTime(2026, 5, 2), Eval("=DateSerial(2026, 5, 2)"));
+        Assert.Equal(new TimeSpan(14, 30, 15), Eval("=TimeSerial(14, 30, 15)"));
+        Assert.Equal(7, AsInt(Eval("=Weekday('2026-05-02')")));
+        Assert.Equal("May", Eval("=MonthName(5, true)"));
+    }
+
+    [Fact]
+    public void AccessBuiltIns_NumberAndConversion()
+    {
+        Assert.Equal(5.0, AsDouble(Eval("=Abs(-5)")));
+        Assert.Equal(12.34, AsDouble(Eval("=Round(12.345, 2)")));
+        Assert.Equal(-2.0, AsDouble(Eval("=Int(-1.2)")));
+        Assert.Equal(-1.0, AsDouble(Eval("=Fix(-1.2)")));
+        Assert.Equal(-1, AsInt(Eval("=Sgn(-12)")));
+        Assert.Equal("42", Eval("=CStr(42)"));
+        Assert.Equal(12, AsInt(Eval("=CInt(12.4)")));
+        Assert.Equal(13, AsInt(Eval("=CLng(12.6)")));
+        Assert.Equal(12.5, AsDouble(Eval("=CDbl('12.5')")));
+        Assert.True(AsBool(Eval("=CBool(1)")));
+        Assert.Equal(new DateTime(2026, 5, 2), Eval("=CDate('2026-05-02')"));
+        Assert.Equal("12.35", Eval("=Format(12.345, '0.00')"));
+    }
+
+    [Fact]
+    public void AccessBuiltIns_DomainFunctions_InvokeResolver()
+    {
+        var calls = new List<FormulaDomainFunctionRequest>();
+        object? Resolver(FormulaDomainFunctionRequest request)
+        {
+            calls.Add(request);
+            return request.FunctionName switch
+            {
+                "DLOOKUP" => "Contoso",
+                "DCOUNT" => 2,
+                "DSUM" => 42.5,
+                "DAVG" => 21.25,
+                "DMIN" => 10,
+                "DMAX" => 50,
+                _ => null,
+            };
+        }
+
+        Assert.Equal("Contoso", Eval("=DLookup('Name', 'Customers', 'Id = 1')", domainResolver: Resolver));
+        Assert.Equal(2, AsInt(Eval("=DCount('*', 'Customers')", domainResolver: Resolver)));
+        Assert.Equal(42.5, AsDouble(Eval("=DSum('Amount', 'Orders')", domainResolver: Resolver)));
+        Assert.Equal(21.25, AsDouble(Eval("=DAvg('Amount', 'Orders')", domainResolver: Resolver)));
+        Assert.Equal(10, AsInt(Eval("=DMin('Amount', 'Orders')", domainResolver: Resolver)));
+        Assert.Equal(50, AsInt(Eval("=DMax('Amount', 'Orders')", domainResolver: Resolver)));
+
+        Assert.Contains(calls, call =>
+            call.FunctionName == "DLOOKUP" &&
+            call.Expression == "Name" &&
+            call.Domain == "Customers" &&
+            call.Criteria == "Id = 1");
+    }
+
+    [Fact]
+    public void FormulaFunctionCatalog_MatchesEvaluatorBuiltIns()
+    {
+        Assert.All(FormulaFunctionCatalog.ExpressionFunctions, function =>
+            Assert.True(FormulaEvaluator.IsBuiltInFunctionName(function.Name), function.Name));
+
+        string[] duplicates = FormulaFunctionCatalog.AllFunctions
+            .GroupBy(function => function.Name, StringComparer.OrdinalIgnoreCase)
+            .Where(group => group.Count() > 1)
+            .Select(group => group.Key)
+            .ToArray();
+
+        Assert.Empty(duplicates);
+        Assert.Contains(FormulaFunctionCatalog.AllFunctions, function => function.Name == "Nz" && function.Example.StartsWith('='));
+        Assert.Contains(FormulaFunctionCatalog.AllFunctions, function => function.Name == "DLookup" && function.Category == "Domain");
+        Assert.Contains(FormulaFunctionCatalog.AllFunctions, function => function.Name == "SUM" && function.Category == "Child Aggregates");
+    }
+
+    [Fact]
+    public void GetDomainReferences_ReturnsLiteralDomains()
+    {
+        IReadOnlyList<string> domains = FormulaEvaluator.GetDomainReferences(
+            "=DLookup('Name', 'Customers', 'Id = 1') & DSum('Amount', Orders)");
+
+        Assert.Equal(["Customers", "Orders"], domains);
+    }
+
+    [Fact]
+    public void FormAutomationMetadata_DoesNotExportBuiltInFunctionsAsCallbacks()
+    {
+        var form = new FormDefinition(
+            "form1",
+            "Orders",
+            "Orders",
+            1,
+            "schema",
+            new LayoutDefinition("absolute", 8, true, []),
+            [
+                new ControlDefinition(
+                    "calc",
+                    "computed",
+                    new Rect(0, 0, 100, 24),
+                    Binding: new BindingDefinition("Total", "OneWay"),
+                    Props: new PropertyBag(new Dictionary<string, object?>
+                    {
+                        ["formula"] = "=Nz(Amount, 0) + Round(Discount, 2) + DSum('Amount', 'Orders')",
+                    }),
+                    ValidationOverride: null),
+            ]);
+
+        DbAutomationMetadata metadata = FormAutomationMetadata.Build(form);
+
+        Assert.Empty(metadata.ScalarFunctions ?? []);
+    }
+
+    private static object? Eval(
+        string formula,
+        IReadOnlyDictionary<string, object?>? record = null,
+        FormulaDomainFunctionResolver? domainResolver = null)
+        => FormulaEvaluator.EvaluateValue(
+            formula,
+            field => record is not null && record.TryGetValue(field, out object? value) ? value : null,
+            DbFunctionRegistry.Empty,
+            callbackPolicy: null,
+            domainResolver);
+
+    private static int AsInt(object? value)
+        => Convert.ToInt32(value, CultureInfo.InvariantCulture);
+
+    private static double AsDouble(object? value)
+        => Convert.ToDouble(value, CultureInfo.InvariantCulture);
+
+    private static bool AsBool(object? value)
+        => Assert.IsType<bool>(value);
 }
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Helpers/CollectionJsonFormatterTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Helpers/CollectionJsonFormatterTests.cs
new file mode 100644
index 00000000..ee5085f1
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Helpers/CollectionJsonFormatterTests.cs
@@ -0,0 +1,58 @@
+using System.Text.Json;
+using CSharpDB.Admin.Helpers;
+
+namespace CSharpDB.Admin.Forms.Tests.Helpers;
+
+public sealed class CollectionJsonFormatterTests
+{
+    [Theory]
+    [InlineData("""{"name":"Ada","active":true}""", "object")]
+    [InlineData("""["alpha","beta"]""", "array")]
+    [InlineData("42", "number")]
+    [InlineData("null", "null")]
+    public void Format_PreservesSupportedJsonKinds(string json, string expectedKind)
+    {
+        using var document = JsonDocument.Parse(json);
+
+        string formatted = CollectionJsonFormatter.Format(document.RootElement);
+
+        using var formattedDocument = JsonDocument.Parse(formatted);
+        Assert.Equal(expectedKind, CollectionJsonFormatter.GetKindLabel(formattedDocument.RootElement));
+    }
+
+    [Fact]
+    public void TryClone_RejectsInvalidJson()
+    {
+        bool result = CollectionJsonFormatter.TryClone("{ invalid", out _, out string? error);
+
+        Assert.False(result);
+        Assert.False(string.IsNullOrWhiteSpace(error));
+    }
+
+    [Fact]
+    public void GetPreview_ProducesStableObjectPreview()
+    {
+        using var document = JsonDocument.Parse("""
+            {
+              "name": "Ada",
+              "active": true,
+              "score": 42,
+              "tags": ["admin"]
+            }
+            """);
+
+        string preview = CollectionJsonFormatter.GetPreview(document.RootElement);
+
+        Assert.Equal("name: Ada, active: true, score: 42, tags: [...]", preview);
+    }
+
+    [Fact]
+    public void GetPreview_TruncatesLongPreview()
+    {
+        using var document = JsonDocument.Parse("""{"name":"abcdefghijklmnopqrstuvwxyz"}""");
+
+        string preview = CollectionJsonFormatter.GetPreview(document.RootElement, maxLength: 12);
+
+        Assert.Equal("name: abc...", preview);
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Helpers/QueryPagingSqlBuilderTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Helpers/QueryPagingSqlBuilderTests.cs
new file mode 100644
index 00000000..a4fa9b2a
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Helpers/QueryPagingSqlBuilderTests.cs
@@ -0,0 +1,65 @@
+using System.Reflection;
+
+namespace CSharpDB.Admin.Forms.Tests.Helpers;
+
+public sealed class QueryPagingSqlBuilderTests
+{
+    [Fact]
+    public void SelectDateWithoutFrom_SerializesPageAndCountSql()
+        => AssertTablelessQuerySerializes(
+            "SELECT Date();",
+            new[] { "DATE()" },
+            "SELECT DATE() LIMIT 50 OFFSET 0",
+            "SELECT COUNT(*)");
+
+    [Fact]
+    public void TablelessScalarCallback_SerializesPageAndCountSql()
+        => AssertTablelessQuerySerializes(
+            "SELECT Slugify('Hello World');",
+            new[] { "SLUGIFY('Hello World')" },
+            "SELECT SLUGIFY('Hello World') LIMIT 50 OFFSET 0",
+            "SELECT COUNT(*)");
+
+    private static void AssertTablelessQuerySerializes(
+        string sql,
+        string[] displayColumns,
+        string expectedPageSql,
+        string expectedCountSql)
+    {
+        Type planType = Type.GetType("CSharpDB.Admin.Helpers.QueryPagingPlan, CSharpDB.Admin", throwOnError: true)!;
+        MethodInfo parse = planType.GetMethod("Parse", BindingFlags.Public | BindingFlags.Static)!;
+        object plan = parse.Invoke(null, [sql])!;
+
+        MethodInfo buildPageSql = planType.GetMethod(
+            "BuildPageSql",
+            BindingFlags.Public | BindingFlags.Instance,
+            binder: null,
+            types:
+            [
+                typeof(IReadOnlyDictionary<int, string>),
+                typeof(int?),
+                typeof(bool),
+                typeof(int),
+                typeof(int),
+                typeof(string[]),
+            ],
+            modifiers: null)!;
+
+        string pageSql = (string)buildPageSql.Invoke(
+            plan,
+            [new Dictionary<int, string>(), null, true, 50, 1, displayColumns])!;
+
+        MethodInfo buildCountPlan = planType.GetMethod(
+            "BuildCountPlan",
+            BindingFlags.Public | BindingFlags.Instance,
+            binder: null,
+            types: [typeof(IReadOnlyDictionary<int, string>), typeof(string[])],
+            modifiers: null)!;
+
+        object countPlan = buildCountPlan.Invoke(plan, [new Dictionary<int, string>(), displayColumns])!;
+        string countSql = (string)countPlan.GetType().GetProperty("Sql")!.GetValue(countPlan)!;
+
+        Assert.Equal(expectedPageSql, pageSql);
+        Assert.Equal(expectedCountSql, countSql);
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Pages/DataEntryTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Pages/DataEntryTests.cs
index 9dc3c609..0cec50e5 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Pages/DataEntryTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Pages/DataEntryTests.cs
@@ -3,6 +3,7 @@
 using CSharpDB.Admin.Forms.Models;
 using CSharpDB.Admin.Forms.Pages;
 using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
 using Microsoft.JSInterop;
 
 namespace CSharpDB.Admin.Forms.Tests.Pages;
@@ -45,6 +46,33 @@ Name TEXT NOT NULL
         Assert.Equal(2, recordService.ListRecordPageCalls);
     }
 
+    [Fact]
+    public async Task InitialRecordId_LoadsRequestedRecord()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Events (
+                Id INTEGER PRIMARY KEY,
+                Name TEXT NOT NULL
+            );
+            INSERT INTO Events VALUES (1, 'Alpha');
+            INSERT INTO Events VALUES (2, 'Beta');
+            INSERT INTO Events VALUES (3, 'Gamma');
+            """);
+
+        var recordService = new CountingFormRecordService(new DbFormRecordService(db.Client));
+        DataEntry component = await CreateComponentAsync(
+            form: CreateForm("events-form", "Events"),
+            schemaProvider: new DbSchemaProvider(db.Client),
+            recordService: recordService,
+            initialRecordId: 3L);
+
+        Assert.Equal(3L, ReadCurrentRecord(component)["Id"]);
+        Assert.Equal("Gamma", ReadCurrentRecord(component)["Name"]);
+        Assert.Equal(1, recordService.GetRecordOrdinalCalls);
+    }
+
     [Fact]
     public async Task SaveRecord_UpdatePatchesVisibleRowWithoutReloadingPage()
     {
@@ -114,6 +142,155 @@ Name TEXT NOT NULL
         Assert.Equal(1, recordService.GetRecordWindowCalls);
     }
 
+    [Fact]
+    public async Task SaveRecord_CreateDispatchesFormEvents()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Products (
+                Id INTEGER PRIMARY KEY,
+                Name TEXT NOT NULL
+            );
+            """);
+
+        var calls = new List<string>();
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("CaptureRecord", context =>
+            {
+                calls.Add($"{context.Metadata["event"]}:{context.Arguments["Name"].AsText}");
+                Assert.Equal("products-form", context.Metadata["formId"]);
+                Assert.Equal("Products", context.Metadata["tableName"]);
+                return DbCommandResult.Success();
+            });
+        });
+
+        FormDefinition form = CreateForm("products-form", "Products") with
+        {
+            EventBindings =
+            [
+                new FormEventBinding(FormEventKind.BeforeInsert, "CaptureRecord"),
+                new FormEventBinding(FormEventKind.AfterInsert, "CaptureRecord"),
+            ],
+        };
+
+        DataEntry component = await CreateComponentAsync(
+            form,
+            new DbSchemaProvider(db.Client),
+            new DbFormRecordService(db.Client),
+            new DefaultFormEventDispatcher(commands));
+
+        InvokeNonPublic(component, "NewRecord");
+        Dictionary<string, object?> current = ReadCurrentRecord(component);
+        current["Id"] = 1001L;
+        current["Name"] = "Created";
+        SetField(component, "_dirty", true);
+
+        await InvokeNonPublicAsync(component, "SaveRecord");
+
+        Assert.Equal(["BeforeInsert:Created", "AfterInsert:Created"], calls);
+        Assert.Null(GetField<string?>(component, "_error"));
+        Assert.Equal("Created", ReadCurrentRecord(component)["Name"]);
+    }
+
+    [Fact]
+    public async Task SaveRecord_BeforeInsertFailureCancelsCreate()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Products (
+                Id INTEGER PRIMARY KEY,
+                Name TEXT NOT NULL
+            );
+            """);
+
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+            builder.AddCommand("RejectCreate", static _ => DbCommandResult.Failure("Create blocked by command.")));
+
+        FormDefinition form = CreateForm("products-form", "Products") with
+        {
+            EventBindings = [new FormEventBinding(FormEventKind.BeforeInsert, "RejectCreate")],
+        };
+
+        DataEntry component = await CreateComponentAsync(
+            form,
+            new DbSchemaProvider(db.Client),
+            new DbFormRecordService(db.Client),
+            new DefaultFormEventDispatcher(commands));
+
+        InvokeNonPublic(component, "NewRecord");
+        Dictionary<string, object?> current = ReadCurrentRecord(component);
+        current["Id"] = 1001L;
+        current["Name"] = "Created";
+        SetField(component, "_dirty", true);
+
+        await InvokeNonPublicAsync(component, "SaveRecord");
+
+        Assert.Equal("Create blocked by command.", GetField<string?>(component, "_error"));
+        Assert.Empty(await db.QueryRowsAsync("SELECT * FROM Products"));
+        Assert.True(GetField<bool>(component, "_isNew"));
+    }
+
+    [Fact]
+    public async Task SaveAndDeleteRecord_DispatchUpdateAndDeleteEvents()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Products (
+                Id INTEGER PRIMARY KEY,
+                Name TEXT NOT NULL
+            );
+            INSERT INTO Products VALUES (1, 'Widget');
+            """);
+
+        var calls = new List<string>();
+        DbCommandRegistry commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("CaptureRecord", context =>
+            {
+                calls.Add($"{context.Metadata["event"]}:{context.Arguments["Name"].AsText}");
+                return DbCommandResult.Success();
+            });
+        });
+
+        FormDefinition form = CreateForm("products-form", "Products") with
+        {
+            EventBindings =
+            [
+                new FormEventBinding(FormEventKind.BeforeUpdate, "CaptureRecord"),
+                new FormEventBinding(FormEventKind.AfterUpdate, "CaptureRecord"),
+                new FormEventBinding(FormEventKind.BeforeDelete, "CaptureRecord"),
+                new FormEventBinding(FormEventKind.AfterDelete, "CaptureRecord"),
+            ],
+        };
+
+        DataEntry component = await CreateComponentAsync(
+            form,
+            new DbSchemaProvider(db.Client),
+            new DbFormRecordService(db.Client),
+            new DefaultFormEventDispatcher(commands));
+
+        Dictionary<string, object?> current = ReadCurrentRecord(component);
+        current["Name"] = "Widget Pro";
+        SetField(component, "_dirty", true);
+
+        await InvokeNonPublicAsync(component, "SaveRecord");
+        await InvokeNonPublicAsync(component, "DeleteRecord");
+
+        Assert.Equal(
+            [
+                "BeforeUpdate:Widget Pro",
+                "AfterUpdate:Widget Pro",
+                "BeforeDelete:Widget Pro",
+                "AfterDelete:Widget Pro",
+            ],
+            calls);
+        Assert.Empty(await db.QueryRowsAsync("SELECT * FROM Products"));
+    }
+
     [Fact]
     public async Task FocusedNavigation_NextRecordMovesWithinWindowAndAcrossWindowEdge()
     {
@@ -149,6 +326,307 @@ Name TEXT NOT NULL
         Assert.Equal(33L, ReadCurrentRecord(component)["Id"]);
     }
 
+    [Fact]
+    public async Task BuiltInFormActions_NavigateRecordsAndGoToRecord()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Events (
+                Id INTEGER PRIMARY KEY,
+                Name TEXT NOT NULL
+            );
+            INSERT INTO Events VALUES (1, 'Event 1');
+            INSERT INTO Events VALUES (2, 'Event 2');
+            INSERT INTO Events VALUES (3, 'Event 3');
+            """);
+
+        DataEntry component = await CreateComponentAsync(
+            form: CreateForm("events-form", "Events"),
+            schemaProvider: new DbSchemaProvider(db.Client),
+            recordService: new DbFormRecordService(db.Client));
+
+        FormEventDispatchResult result = await InvokeNonPublicAsync<FormEventDispatchResult>(
+            component,
+            "ExecuteBuiltInFormActionAsync",
+            new DbActionStep(DbActionKind.NextRecord),
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal(2L, ReadCurrentRecord(component)["Id"]);
+
+        result = await InvokeNonPublicAsync<FormEventDispatchResult>(
+            component,
+            "ExecuteBuiltInFormActionAsync",
+            new DbActionStep(DbActionKind.PreviousRecord),
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal(1L, ReadCurrentRecord(component)["Id"]);
+
+        result = await InvokeNonPublicAsync<FormEventDispatchResult>(
+            component,
+            "ExecuteBuiltInFormActionAsync",
+            new DbActionStep(DbActionKind.GoToRecord, Value: 3L),
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal(3L, ReadCurrentRecord(component)["Id"]);
+    }
+
+    [Fact]
+    public async Task BuiltInFormActions_CreateSaveRefreshAndDelete()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Products (
+                Id INTEGER PRIMARY KEY,
+                Name TEXT NOT NULL
+            );
+            INSERT INTO Products VALUES (1, 'Widget');
+            """);
+
+        DataEntry component = await CreateComponentAsync(
+            form: CreateForm("products-form", "Products"),
+            schemaProvider: new DbSchemaProvider(db.Client),
+            recordService: new DbFormRecordService(db.Client));
+
+        FormEventDispatchResult result = await InvokeNonPublicAsync<FormEventDispatchResult>(
+            component,
+            "ExecuteBuiltInFormActionAsync",
+            new DbActionStep(DbActionKind.NewRecord),
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.True(GetField<bool>(component, "_isNew"));
+
+        Dictionary<string, object?> current = ReadCurrentRecord(component);
+        current["Id"] = 2L;
+        current["Name"] = "Gadget";
+        SetField(component, "_dirty", true);
+
+        result = await InvokeNonPublicAsync<FormEventDispatchResult>(
+            component,
+            "ExecuteBuiltInFormActionAsync",
+            new DbActionStep(DbActionKind.SaveRecord),
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal(2L, ReadCurrentRecord(component)["Id"]);
+        Assert.Equal(2, (await db.QueryRowsAsync("SELECT * FROM Products")).Count);
+
+        await db.ExecuteAsync("UPDATE Products SET Name = 'Gadget Pro' WHERE Id = 2");
+        result = await InvokeNonPublicAsync<FormEventDispatchResult>(
+            component,
+            "ExecuteBuiltInFormActionAsync",
+            new DbActionStep(DbActionKind.RefreshRecords),
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal("Gadget Pro", ReadCurrentRecord(component)["Name"]);
+
+        result = await InvokeNonPublicAsync<FormEventDispatchResult>(
+            component,
+            "ExecuteBuiltInFormActionAsync",
+            new DbActionStep(DbActionKind.DeleteRecord),
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Single(await db.QueryRowsAsync("SELECT * FROM Products"));
+    }
+
+    [Fact]
+    public async Task Phase8Runtime_AppliesAndClearsFormFilter()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Products (
+                Id INTEGER PRIMARY KEY,
+                Name TEXT NOT NULL,
+                Status TEXT NOT NULL
+            );
+            INSERT INTO Products VALUES (1, 'Widget', 'Open');
+            INSERT INTO Products VALUES (2, 'Gadget', 'Closed');
+            INSERT INTO Products VALUES (3, 'Sprocket', 'Open');
+            """);
+
+        DataEntry component = await CreateComponentAsync(
+            form: CreateForm("products-form", "Products"),
+            schemaProvider: new DbSchemaProvider(db.Client),
+            recordService: new DbFormRecordService(db.Client));
+
+        FormEventDispatchResult result = await ((IFormActionRuntime)component).ApplyFilterAsync(
+            CreateRuntimeContext(component),
+            "form",
+            "[Status] = @status AND [Id] > 1",
+            new Dictionary<string, object?>
+            {
+                ["parameters"] = new Dictionary<string, object?> { ["status"] = "Open" },
+            },
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal([3L], ReadRecords(component).Select(row => (long)row["Id"]!).ToArray());
+
+        result = await ((IFormActionRuntime)component).ClearFilterAsync(
+            CreateRuntimeContext(component),
+            "form",
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal([1L, 2L, 3L], ReadRecords(component).Select(row => (long)row["Id"]!).ToArray());
+    }
+
+    [Fact]
+    public async Task Phase8Runtime_AppliesAndClearsDataGridFilter()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Products (
+                Id INTEGER PRIMARY KEY,
+                Name TEXT NOT NULL
+            );
+            CREATE TABLE Orders (
+                OrderId INTEGER PRIMARY KEY,
+                ProductId INTEGER NOT NULL,
+                Status TEXT NOT NULL
+            );
+            INSERT INTO Products VALUES (1, 'Widget');
+            INSERT INTO Orders VALUES (101, 1, 'Open');
+            """);
+
+        ControlDefinition grid = new(
+            "ordersGrid",
+            "datagrid",
+            new Rect(0, 0, 320, 160),
+            Binding: null,
+            Props: new PropertyBag(new Dictionary<string, object?>
+            {
+                ["childTable"] = "Orders",
+                ["dataGridMode"] = "related",
+                ["foreignKeyField"] = "ProductId",
+                ["parentKeyField"] = "Id",
+            }),
+            ValidationOverride: null);
+        DataEntry component = await CreateComponentAsync(
+            form: CreateForm("products-form", "Products", [grid]),
+            schemaProvider: new DbSchemaProvider(db.Client),
+            recordService: new DbFormRecordService(db.Client));
+
+        FormEventDispatchResult result = await ((IFormActionRuntime)component).ApplyFilterAsync(
+            CreateRuntimeContext(component),
+            "ordersGrid",
+            "[Status] = @status",
+            new Dictionary<string, object?> { ["status"] = "Open" },
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        var filters = GetField<Dictionary<string, ControlFilterState>>(component, "_controlFilters");
+        ControlFilterState filter = Assert.Single(filters).Value;
+        Assert.Equal("[Status] = @status", filter.FilterExpression);
+        Assert.Equal("Open", filter.Parameters["status"]);
+
+        result = await ((IFormActionRuntime)component).ClearFilterAsync(
+            CreateRuntimeContext(component),
+            "ordersGrid",
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Empty(filters);
+    }
+
+    [Fact]
+    public async Task Phase8Runtime_SetsControlPropertyAndBoundValue()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Products (
+                Id INTEGER PRIMARY KEY,
+                Name TEXT NOT NULL
+            );
+            INSERT INTO Products VALUES (1, 'Widget');
+            """);
+
+        ControlDefinition control = new(
+            "nameBox",
+            "text",
+            new Rect(0, 0, 120, 32),
+            new BindingDefinition("Name", "TwoWay"),
+            PropertyBag.Empty,
+            ValidationOverride: null);
+        DataEntry component = await CreateComponentAsync(
+            form: CreateForm("products-form", "Products", [control]),
+            schemaProvider: new DbSchemaProvider(db.Client),
+            recordService: new DbFormRecordService(db.Client));
+
+        FormEventDispatchResult result = await ((IFormActionRuntime)component).SetControlPropertyAsync(
+            CreateRuntimeContext(component),
+            "nameBox",
+            "visible",
+            false,
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        var overrides = GetField<Dictionary<string, IReadOnlyDictionary<string, object?>>>(component, "_controlPropertyOverrides");
+        Assert.False(Assert.IsType<bool>(overrides["nameBox"]["visible"]));
+
+        result = await ((IFormActionRuntime)component).SetControlPropertyAsync(
+            CreateRuntimeContext(component),
+            "nameBox",
+            "value",
+            "Widget Pro",
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal("Widget Pro", ReadCurrentRecord(component)["Name"]);
+        Assert.True(GetField<bool>(component, "_dirty"));
+    }
+
+    [Fact]
+    public async Task Phase8Runtime_RunSqlRequiresHostOptInAndRefreshesRecord()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Products (
+                Id INTEGER PRIMARY KEY,
+                Name TEXT NOT NULL,
+                Status TEXT NOT NULL
+            );
+            INSERT INTO Products VALUES (1, 'Widget', 'Open');
+            """);
+
+        DataEntry component = await CreateComponentAsync(
+            form: CreateForm("products-form", "Products"),
+            schemaProvider: new DbSchemaProvider(db.Client),
+            recordService: new DbFormRecordService(db.Client));
+        SetProperty(component, nameof(DataEntry.DbClient), db.Client);
+
+        FormEventDispatchResult result = await ((IFormActionRuntime)component).RunSqlAsync(
+            CreateRuntimeContext(component),
+            "UPDATE Products SET Status = @status WHERE Id = @id",
+            new Dictionary<string, object?> { ["status"] = "Closed", ["id"] = 1L },
+            CancellationToken.None);
+
+        Assert.False(result.Succeeded);
+        Assert.Contains("disabled", result.Message, StringComparison.OrdinalIgnoreCase);
+
+        SetProperty(component, nameof(DataEntry.EnableSqlActions), true);
+        result = await ((IFormActionRuntime)component).RunSqlAsync(
+            CreateRuntimeContext(component),
+            "UPDATE Products SET Status = @status WHERE Id = @id",
+            new Dictionary<string, object?> { ["status"] = "Closed", ["id"] = 1L },
+            CancellationToken.None);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal("Closed", ReadCurrentRecord(component)["Status"]);
+        Assert.Equal("Closed", (await db.QueryRowsAsync("SELECT Status FROM Products WHERE Id = 1"))[0]["Status"]);
+    }
+
     [Fact]
     public async Task ViewBackedForm_LoadsAndSearchesInReadOnlyMode()
     {
@@ -193,21 +671,34 @@ SELECT Name
     private static async Task<DataEntry> CreateComponentAsync(
         FormDefinition form,
         ISchemaProvider schemaProvider,
-        IFormRecordService recordService)
+        IFormRecordService recordService,
+        IFormEventDispatcher? formEvents = null,
+        object? initialRecordId = null,
+        string? initialMode = null,
+        string? initialFilterExpression = null,
+        IReadOnlyDictionary<string, object?>? initialFilterParameters = null)
     {
         var component = new DataEntry();
         SetProperty(component, "FormRepository", new StaticFormRepository(form));
         SetProperty(component, "RecordService", recordService);
         SetProperty(component, "SchemaProvider", schemaProvider);
         SetProperty(component, "ValidationService", new PassThroughValidationService());
+        SetProperty(component, "FormEvents", formEvents ?? NullFormEventDispatcher.Instance);
         SetProperty(component, "JS", new StubJsRuntime());
         SetProperty(component, nameof(DataEntry.FormId), form.FormId);
+        SetProperty(component, nameof(DataEntry.InitialRecordId), initialRecordId);
+        SetProperty(component, nameof(DataEntry.InitialMode), initialMode);
+        SetProperty(component, nameof(DataEntry.InitialFilterExpression), initialFilterExpression);
+        SetProperty(component, nameof(DataEntry.InitialFilterParameters), initialFilterParameters);
 
         await InvokeNonPublicAsync(component, "OnParametersSetAsync");
         return component;
     }
 
-    private static FormDefinition CreateForm(string formId, string tableName)
+    private static FormDefinition CreateForm(
+        string formId,
+        string tableName,
+        IReadOnlyList<ControlDefinition>? controls = null)
         => new(
             formId,
             $"{tableName} Form",
@@ -215,7 +706,21 @@ private static FormDefinition CreateForm(string formId, string tableName)
             DefinitionVersion: 1,
             SourceSchemaSignature: $"sig:{tableName}",
             Layout: new LayoutDefinition("absolute", 8, SnapToGrid: false, []),
-            Controls: []);
+            Controls: controls ?? []);
+
+    private static FormActionRuntimeContext CreateRuntimeContext(DataEntry component)
+        => new(
+            FormId: component.FormId,
+            FormName: null,
+            TableName: null,
+            EventName: "Test",
+            ActionSequenceName: "TestActions",
+            StepIndex: 0,
+            Record: ReadCurrentRecord(component),
+            BindingArguments: null,
+            RuntimeArguments: null,
+            StepArguments: null,
+            Metadata: new Dictionary<string, string>());
 
     private static Dictionary<string, object?> ReadCurrentRecord(DataEntry component)
         => GetField<Dictionary<string, object?>>(component, "_currentRecord");
@@ -260,6 +765,15 @@ private static async Task InvokeNonPublicAsync(object instance, string methodNam
         await task;
     }
 
+    private static async Task<T> InvokeNonPublicAsync<T>(object instance, string methodName, params object?[]? args)
+    {
+        MethodInfo method = instance.GetType().GetMethod(methodName, BindingFlags.Instance | BindingFlags.NonPublic)
+            ?? throw new InvalidOperationException($"Method '{methodName}' was not found.");
+        var task = (Task<T>?)method.Invoke(instance, args)
+            ?? throw new InvalidOperationException($"Method '{methodName}' did not return a task.");
+        return await task;
+    }
+
     private sealed class StaticFormRepository(FormDefinition form) : IFormRepository
     {
         public Task<FormDefinition?> GetAsync(string formId)
@@ -275,6 +789,8 @@ private sealed class PassThroughValidationService : IValidationInferenceService
     {
         public IReadOnlyList<ValidationRule> InferRules(FormFieldDefinition field) => [];
         public IReadOnlyList<ValidationError> Evaluate(FormDefinition form, IDictionary<string, object?> record) => [];
+        public Task<IReadOnlyList<ValidationError>> EvaluateAsync(FormDefinition form, IDictionary<string, object?> record, CancellationToken ct = default)
+            => Task.FromResult<IReadOnlyList<ValidationError>>([]);
     }
 
     private sealed class StubJsRuntime : IJSRuntime
@@ -343,6 +859,9 @@ public Task<FormRecordPage> SearchRecordPageAsync(FormTableDefinition table, str
         public Task<Dictionary<string, object?>> UpdateRecordAsync(FormTableDefinition table, object pkValue, Dictionary<string, object?> values, CancellationToken ct = default)
             => inner.UpdateRecordAsync(table, pkValue, values, ct);
 
+        public Task SaveAttachmentAsync(FormAttachmentTableBinding binding, object parentValue, FormAttachmentValue attachment, CancellationToken ct = default)
+            => inner.SaveAttachmentAsync(binding, parentValue, attachment, ct);
+
         public Task DeleteRecordAsync(FormTableDefinition table, object pkValue, CancellationToken ct = default)
             => inner.DeleteRecordAsync(table, pkValue, ct);
     }
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Serialization/CustomControlRoundtripTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Serialization/CustomControlRoundtripTests.cs
new file mode 100644
index 00000000..89aa5981
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Serialization/CustomControlRoundtripTests.cs
@@ -0,0 +1,54 @@
+using System.Text.Json;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Serialization;
+
+namespace CSharpDB.Admin.Forms.Tests.Serialization;
+
+public sealed class CustomControlRoundtripTests
+{
+    [Fact]
+    public void CustomControl_MetadataRoundTripsWithoutSchemaMigration()
+    {
+        var form = new FormDefinition(
+            "custom-form",
+            "Custom Form",
+            "Orders",
+            1,
+            "orders:v1",
+            new LayoutDefinition("absolute", 8, true, [new Breakpoint("md", 0, null)]),
+            [
+                new ControlDefinition(
+                    "rating1",
+                    "rating",
+                    new Rect(10, 20, 180, 42),
+                    new BindingDefinition("Rating", "TwoWay"),
+                    new PropertyBag(new Dictionary<string, object?>
+                    {
+                        ["displayMode"] = "star",
+                        ["max"] = 5L,
+                        ["thresholds"] = new object?[]
+                        {
+                            new Dictionary<string, object?> { ["value"] = 3L, ["label"] = "Review" },
+                        },
+                        ["parentControlId"] = "tabs",
+                        ["parentTabId"] = "details",
+                    }),
+                    null),
+            ]);
+
+        string json = JsonSerializer.Serialize(form, JsonDefaults.Options);
+        FormDefinition deserialized = JsonSerializer.Deserialize<FormDefinition>(json, JsonDefaults.Options)!;
+
+        ControlDefinition control = Assert.Single(deserialized.Controls);
+        Assert.Equal("rating", control.ControlType);
+        Assert.Equal("Rating", control.Binding!.FieldName);
+        Assert.Equal("star", control.Props.Values["displayMode"]);
+        Assert.Equal(5L, control.Props.Values["max"]);
+        Assert.Equal("tabs", control.Props.Values["parentControlId"]);
+        Assert.Equal("details", control.Props.Values["parentTabId"]);
+        object?[] thresholds = Assert.IsType<object?[]>(control.Props.Values["thresholds"]);
+        var threshold = Assert.IsType<Dictionary<string, object?>>(thresholds[0]);
+        Assert.Equal(3L, threshold["value"]);
+        Assert.Equal("Review", threshold["label"]);
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Serialization/JsonRoundtripTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Serialization/JsonRoundtripTests.cs
index 0d245bf0..33df8b45 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Serialization/JsonRoundtripTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Serialization/JsonRoundtripTests.cs
@@ -1,6 +1,8 @@
 using System.Text.Json;
 using CSharpDB.Admin.Forms.Models;
 using CSharpDB.Admin.Forms.Serialization;
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Admin.Forms.Tests.Serialization;
 
@@ -38,6 +40,15 @@ public void FormDefinition_RoundTrips()
         Assert.Equal(form.Layout.LayoutMode, deserialized.Layout.LayoutMode);
         Assert.Equal(form.Layout.GridSize, deserialized.Layout.GridSize);
         Assert.Equal(form.Controls.Count, deserialized.Controls.Count);
+        Assert.NotNull(deserialized.EventBindings);
+        Assert.Single(deserialized.EventBindings);
+        Assert.Equal(FormEventKind.AfterUpdate, deserialized.EventBindings[0].Event);
+        Assert.Equal("AuditChange", deserialized.EventBindings[0].CommandName);
+        Assert.Equal("manual", deserialized.EventBindings[0].Arguments!["reason"]);
+        ControlEventBinding controlBinding = Assert.Single(deserialized.Controls[1].EventBindings!);
+        Assert.Equal(ControlEventKind.OnChange, controlBinding.Event);
+        Assert.Equal("NormalizeName", controlBinding.CommandName);
+        Assert.Equal("control", controlBinding.Arguments!["source"]);
     }
 
     [Fact]
@@ -150,6 +161,218 @@ public void ControlDefinition_WithBinding_RoundTrips()
         Assert.Equal("Enter first name", deserialized.Props.Values["placeholder"]);
     }
 
+    [Fact]
+    public void FormEventBinding_WithActionSequence_RoundTrips()
+    {
+        var form = new FormDefinition(
+            "f-actions",
+            "Action Form",
+            "Orders",
+            1,
+            "orders:v1",
+            new LayoutDefinition("absolute", 8, true, []),
+            [],
+            EventBindings:
+            [
+                new FormEventBinding(
+                    FormEventKind.OnLoad,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.SetFieldValue, Target: "Status", Value: "Ready"),
+                        new DbActionStep(
+                            DbActionKind.RunCommand,
+                            CommandName: "AuditAction",
+                            Arguments: new Dictionary<string, object?> { ["source"] = "roundtrip" },
+                            Condition: "Status = 'Ready'"),
+                        new DbActionStep(DbActionKind.GoToRecord, Value: 123L),
+                        new DbActionStep(DbActionKind.SaveRecord),
+                        new DbActionStep(DbActionKind.RunActionSequence, SequenceName: "ReusableShip"),
+                    ],
+                    Name: "LoadActions")),
+            ],
+            ActionSequences:
+            [
+                new DbActionSequence(
+                [
+                    new DbActionStep(DbActionKind.RunCommand, CommandName: "AuditReusableShip"),
+                ],
+                Name: "ReusableShip"),
+            ]);
+
+        string json = JsonSerializer.Serialize(form, Options);
+        FormDefinition deserialized = JsonSerializer.Deserialize<FormDefinition>(json, Options)!;
+
+        DbActionSequence sequence = deserialized.EventBindings![0].ActionSequence!;
+        Assert.Equal("LoadActions", sequence.Name);
+        Assert.Equal(5, sequence.Steps.Count);
+        Assert.Equal(DbActionKind.SetFieldValue, sequence.Steps[0].Kind);
+        Assert.Equal("Status", sequence.Steps[0].Target);
+        Assert.Equal("Ready", sequence.Steps[0].Value?.ToString());
+        Assert.Equal(DbActionKind.RunCommand, sequence.Steps[1].Kind);
+        Assert.Equal("AuditAction", sequence.Steps[1].CommandName);
+        Assert.Equal("roundtrip", sequence.Steps[1].Arguments!["source"]);
+        Assert.Equal("Status = 'Ready'", sequence.Steps[1].Condition);
+        Assert.Equal(DbActionKind.GoToRecord, sequence.Steps[2].Kind);
+        Assert.Equal("123", sequence.Steps[2].Value?.ToString());
+        Assert.Equal(DbActionKind.SaveRecord, sequence.Steps[3].Kind);
+        Assert.Equal(DbActionKind.RunActionSequence, sequence.Steps[4].Kind);
+        Assert.Equal("ReusableShip", sequence.Steps[4].SequenceName);
+        DbActionSequence reusable = Assert.Single(deserialized.ActionSequences!);
+        Assert.Equal("ReusableShip", reusable.Name);
+        Assert.Equal("AuditReusableShip", reusable.Steps[0].CommandName);
+    }
+
+    [Fact]
+    public void Phase8MacroActionsAndRules_RoundTrip()
+    {
+        var form = new FormDefinition(
+            "f-phase8",
+            "Phase 8 Form",
+            "Orders",
+            1,
+            "orders:v1",
+            new LayoutDefinition("absolute", 8, true, []),
+            [
+                new ControlDefinition(
+                    "ordersGrid",
+                    "childDataGrid",
+                    new Rect(0, 0, 320, 180),
+                    Binding: null,
+                    Props: new PropertyBag(new Dictionary<string, object?>()),
+                    ValidationOverride: null),
+            ],
+            EventBindings:
+            [
+                new FormEventBinding(
+                    FormEventKind.OnLoad,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.OpenForm, Target: "orders-detail"),
+                        new DbActionStep(DbActionKind.ApplyFilter, Target: "ordersGrid", Value: "[Status] = 'Open'"),
+                        new DbActionStep(DbActionKind.RunSql, Value: "UPDATE Orders SET Status = @status"),
+                        new DbActionStep(DbActionKind.SetControlVisibility, Target: "ordersGrid", Value: true),
+                    ],
+                    Name: "LoadActions")),
+            ],
+            Rules:
+            [
+                new ControlRuleDefinition(
+                    "hide-grid",
+                    "Status = 'Closed'",
+                    [new ControlRuleEffect("ordersGrid", "visible", false)]),
+            ]);
+
+        string json = JsonSerializer.Serialize(form, Options);
+        FormDefinition deserialized = JsonSerializer.Deserialize<FormDefinition>(json, Options)!;
+
+        DbActionSequence sequence = deserialized.EventBindings![0].ActionSequence!;
+        Assert.Equal(DbActionKind.OpenForm, sequence.Steps[0].Kind);
+        Assert.Equal(DbActionKind.ApplyFilter, sequence.Steps[1].Kind);
+        Assert.Equal(DbActionKind.RunSql, sequence.Steps[2].Kind);
+        Assert.Equal(DbActionKind.SetControlVisibility, sequence.Steps[3].Kind);
+        Assert.Contains("\"kind\":\"openForm\"", json);
+        Assert.NotNull(deserialized.Rules);
+        ControlRuleDefinition rule = Assert.Single(deserialized.Rules);
+        Assert.Equal("hide-grid", rule.RuleId);
+        ControlRuleEffect effect = Assert.Single(rule.Effects);
+        Assert.Equal("ordersGrid", effect.ControlId);
+        Assert.Equal("visible", effect.Property);
+    }
+
+    [Fact]
+    public void FormAutomationMetadata_NormalizeForExport_RoundTrips()
+    {
+        var form = new FormDefinition(
+            "f-automation",
+            "Automation Form",
+            "Orders",
+            1,
+            "orders:v1",
+            new LayoutDefinition("absolute", 8, true, []),
+            [
+                new ControlDefinition(
+                    "ship",
+                    "commandButton",
+                    new Rect(0, 0, 120, 32),
+                    null,
+                    new PropertyBag(new Dictionary<string, object?> { ["commandName"] = "ShipOrder" }),
+                    null),
+                new ControlDefinition(
+                    "score",
+                    "computed",
+                    new Rect(0, 40, 120, 32),
+                    null,
+                    new PropertyBag(new Dictionary<string, object?> { ["formula"] = "=BoostScore(Score)" }),
+                    null,
+                    EventBindings:
+                    [
+                        new ControlEventBinding(
+                            ControlEventKind.OnChange,
+                            "NormalizeScore",
+                            ActionSequence: new DbActionSequence(
+                            [
+                                new DbActionStep(DbActionKind.RunCommand, CommandName: "AuditScore"),
+                            ],
+                            Name: "ScoreActions")),
+                    ]),
+                new ControlDefinition(
+                    "credit",
+                    "number",
+                    new Rect(0, 80, 120, 32),
+                    new BindingDefinition("CreditLimit", "TwoWay"),
+                    PropertyBag.Empty,
+                    new ValidationOverride(
+                        DisableInferredRules: false,
+                        AddRules:
+                        [
+                            new ValidationRule(
+                                "ValidateCreditLimit",
+                                "Credit limit is invalid.",
+                                new Dictionary<string, object?>()),
+                        ],
+                        DisableRuleIds: [])),
+            ],
+            EventBindings:
+            [
+                new FormEventBinding(FormEventKind.BeforeInsert, "ValidateOrder"),
+            ],
+            ActionSequences:
+            [
+                new DbActionSequence(
+                [
+                    new DbActionStep(DbActionKind.RunCommand, CommandName: "ReusableOrderAudit"),
+                ],
+                Name: "ReusableOrderActions"),
+            ],
+            ValidationRules:
+            [
+                new ValidationRule(
+                    "ValidateOrderTotals",
+                    "Order totals are invalid.",
+                    new Dictionary<string, object?>()),
+            ]);
+
+        FormDefinition normalized = FormAutomationMetadata.NormalizeForExport(form);
+        string json = JsonSerializer.Serialize(normalized, Options);
+        FormDefinition deserialized = JsonSerializer.Deserialize<FormDefinition>(json, Options)!;
+
+        Assert.NotNull(deserialized.Automation);
+        Assert.Equal(DbAutomationMetadata.CurrentMetadataVersion, deserialized.Automation!.MetadataVersion);
+        Assert.Contains(deserialized.Automation.Commands!, command => command.Name == "ShipOrder");
+        Assert.Contains(deserialized.Automation.Commands!, command => command.Name == "NormalizeScore");
+        Assert.Contains(deserialized.Automation.Commands!, command => command.Name == "AuditScore");
+        Assert.Contains(deserialized.Automation.Commands!, command => command.Name == "ValidateOrder");
+        Assert.Contains(deserialized.Automation.Commands!, command => command.Name == "ReusableOrderAudit");
+        DbAutomationScalarFunctionReference function = Assert.Single(deserialized.Automation.ScalarFunctions!);
+        Assert.Equal("BoostScore", function.Name);
+        Assert.Equal(1, function.Arity);
+        Assert.Contains(deserialized.Automation.ValidationRules!, rule => rule.Name == "ValidateCreditLimit");
+        Assert.Contains(deserialized.Automation.ValidationRules!, rule => rule.Name == "ValidateOrderTotals");
+        Assert.Contains("\"automation\"", json);
+    }
+
     [Fact]
     public void ControlDefinition_WithoutBinding_RoundTrips()
     {
@@ -209,6 +432,156 @@ public void ControlDefinition_LookupType_RoundTrips()
         Assert.Equal("-- Select product --", deserialized.Props.Values["placeholder"]);
     }
 
+    [Fact]
+    public void AccessParityControls_RoundTripThroughPropertyBag()
+    {
+        var form = new FormDefinition(
+            "access-v1",
+            "Access Parity",
+            "Documents",
+            1,
+            "documents:v1",
+            new LayoutDefinition("absolute", 8, true, []),
+            [
+                new ControlDefinition(
+                    "combo",
+                    "comboBox",
+                    new Rect(0, 0, 240, 32),
+                    new BindingDefinition("Status", "TwoWay"),
+                    new PropertyBag(new Dictionary<string, object?>
+                    {
+                        ["options"] = new object?[]
+                        {
+                            new Dictionary<string, object?> { ["value"] = "A", ["label"] = "Active" },
+                        },
+                        ["allowCustomValue"] = true,
+                        ["anchorLeft"] = true,
+                        ["anchorTop"] = true,
+                        ["anchorRight"] = true,
+                        ["anchorBottom"] = false,
+                        ["minWidth"] = 120L,
+                        ["minHeight"] = 24L,
+                    }),
+                    null),
+                new ControlDefinition(
+                    "multi",
+                    "listBox",
+                    new Rect(260, 0, 240, 96),
+                    new BindingDefinition("Tags", "TwoWay"),
+                    new PropertyBag(new Dictionary<string, object?>
+                    {
+                        ["options"] = new object?[]
+                        {
+                            new Dictionary<string, object?> { ["value"] = "A", ["label"] = "Alpha" },
+                            new Dictionary<string, object?> { ["value"] = "B", ["label"] = "Beta" },
+                        },
+                        ["multiSelect"] = true,
+                        ["multiValueDelimiter"] = "|",
+                        ["resizeMode"] = "scale",
+                    }),
+                    null),
+                new ControlDefinition(
+                    "tabs",
+                    "tabControl",
+                    new Rect(0, 40, 500, 240),
+                    null,
+                    new PropertyBag(new Dictionary<string, object?>
+                    {
+                        ["tabs"] = new object?[]
+                        {
+                            new Dictionary<string, object?> { ["id"] = "main", ["label"] = "Main" },
+                        },
+                    }),
+                    null),
+                new ControlDefinition(
+                    "child",
+                    "text",
+                    new Rect(16, 56, 200, 32),
+                    new BindingDefinition("Title", "TwoWay"),
+                    new PropertyBag(new Dictionary<string, object?>
+                    {
+                        ["parentControlId"] = "tabs",
+                        ["parentTabId"] = "main",
+                    }),
+                    null),
+                new ControlDefinition(
+                    "sub",
+                    "subform",
+                    new Rect(0, 300, 500, 240),
+                    null,
+                    new PropertyBag(new Dictionary<string, object?>
+                    {
+                        ["formId"] = "child-form",
+                        ["parentKeyField"] = "Id",
+                        ["foreignKeyField"] = "DocumentId",
+                        ["showToolbar"] = false,
+                        ["showRecordList"] = true,
+                    }),
+                    null),
+                new ControlDefinition(
+                    "file",
+                    "attachment",
+                    new Rect(0, 560, 360, 80),
+                    new BindingDefinition("Payload", "TwoWay"),
+                    new PropertyBag(new Dictionary<string, object?>
+                    {
+                        ["fileNameField"] = "PayloadName",
+                        ["contentTypeField"] = "PayloadType",
+                        ["fileSizeField"] = "PayloadSize",
+                        ["storageMode"] = "attachmentTable",
+                        ["attachmentTable"] = "DocumentAttachments",
+                        ["attachmentForeignKeyField"] = "DocumentId",
+                        ["attachmentBlobField"] = "Payload",
+                        ["attachmentFileNameField"] = "Name",
+                        ["attachmentContentTypeField"] = "ContentType",
+                        ["attachmentFileSizeField"] = "Size",
+                        ["attachmentControlIdField"] = "ControlId",
+                    }),
+                    null),
+                new ControlDefinition(
+                    "photo",
+                    "image",
+                    new Rect(0, 660, 360, 220),
+                    new BindingDefinition("Photo", "TwoWay"),
+                    new PropertyBag(new Dictionary<string, object?>
+                    {
+                        ["accept"] = "image/*",
+                        ["fit"] = "cover",
+                    }),
+                    null),
+            ]);
+
+        string json = JsonSerializer.Serialize(form, Options);
+        FormDefinition deserialized = JsonSerializer.Deserialize<FormDefinition>(json, Options)!;
+
+        Assert.Contains(deserialized.Controls, control => control.ControlType == "comboBox");
+        Assert.Contains(deserialized.Controls, control => control.ControlType == "listBox");
+        Assert.Contains(deserialized.Controls, control => control.ControlType == "tabControl");
+        Assert.Contains(deserialized.Controls, control => control.ControlType == "subform");
+        Assert.Contains(deserialized.Controls, control => control.ControlType == "attachment");
+        Assert.Contains(deserialized.Controls, control => control.ControlType == "image");
+
+        ControlDefinition combo = Assert.Single(deserialized.Controls, control => control.ControlId == "combo");
+        Assert.Equal(true, combo.Props.Values["anchorLeft"]);
+        Assert.Equal(true, combo.Props.Values["anchorTop"]);
+        Assert.Equal(true, combo.Props.Values["anchorRight"]);
+        Assert.Equal(false, combo.Props.Values["anchorBottom"]);
+        Assert.Equal(120L, combo.Props.Values["minWidth"]);
+        Assert.Equal(24L, combo.Props.Values["minHeight"]);
+        ControlDefinition multi = Assert.Single(deserialized.Controls, control => control.ControlId == "multi");
+        Assert.Equal(true, multi.Props.Values["multiSelect"]);
+        Assert.Equal("|", multi.Props.Values["multiValueDelimiter"]);
+        Assert.Equal("scale", multi.Props.Values["resizeMode"]);
+        ControlDefinition tabChild = Assert.Single(deserialized.Controls, control => control.ControlId == "child");
+        Assert.Equal("tabs", tabChild.Props.Values["parentControlId"]);
+        Assert.Equal("main", tabChild.Props.Values["parentTabId"]);
+        ControlDefinition attachment = Assert.Single(deserialized.Controls, control => control.ControlId == "file");
+        Assert.Equal("PayloadName", attachment.Props.Values["fileNameField"]);
+        Assert.Equal("attachmentTable", attachment.Props.Values["storageMode"]);
+        Assert.Equal("DocumentAttachments", attachment.Props.Values["attachmentTable"]);
+        Assert.Equal("Payload", attachment.Props.Values["attachmentBlobField"]);
+    }
+
     [Fact]
     public void FieldDataType_SerializesAsCamelCaseString()
     {
@@ -231,6 +604,53 @@ public void ValidationRule_RoundTrips()
         Assert.Equal(100L, deserialized.Parameters["max"]);
     }
 
+    [Fact]
+    public void FormAndControlValidationRules_RoundTripWithoutMigration()
+    {
+        var form = new FormDefinition(
+            "f-validation",
+            "Validation Form",
+            "Orders",
+            1,
+            "orders:v1",
+            new LayoutDefinition("absolute", 8, true, []),
+            [
+                new ControlDefinition(
+                    "credit",
+                    "number",
+                    new Rect(0, 0, 160, 32),
+                    new BindingDefinition("CreditLimit", "TwoWay"),
+                    PropertyBag.Empty,
+                    new ValidationOverride(
+                        DisableInferredRules: false,
+                        AddRules:
+                        [
+                            new ValidationRule(
+                                "ValidateCreditLimit",
+                                "Credit limit is invalid.",
+                                new Dictionary<string, object?> { ["minimum"] = 0L }),
+                        ],
+                        DisableRuleIds: [])),
+            ],
+            ValidationRules:
+            [
+                new ValidationRule(
+                    "ValidateOrderTotals",
+                    "Order totals are invalid.",
+                    new Dictionary<string, object?> { ["allowZero"] = false }),
+            ]);
+
+        string json = JsonSerializer.Serialize(form, Options);
+        FormDefinition deserialized = JsonSerializer.Deserialize<FormDefinition>(json, Options)!;
+
+        ValidationRule formRule = Assert.Single(deserialized.ValidationRules!);
+        Assert.Equal("ValidateOrderTotals", formRule.RuleId);
+        Assert.Equal(false, formRule.Parameters["allowZero"]);
+        ValidationRule controlRule = Assert.Single(deserialized.Controls[0].ValidationOverride!.AddRules);
+        Assert.Equal("ValidateCreditLimit", controlRule.RuleId);
+        Assert.Equal(0L, controlRule.Parameters["minimum"]);
+    }
+
     [Fact]
     public void ControlDefinition_ComputedType_RoundTrips()
     {
@@ -281,9 +701,30 @@ private static FormDefinition CreateSampleForm()
                 new PropertyBag(new Dictionary<string, object?> { ["text"] = "First Name" }), null),
             new("c1", "text", new Rect(220, 24, 320, 34),
                 new BindingDefinition("FirstName", "TwoWay"),
-                new PropertyBag(new Dictionary<string, object?> { ["placeholder"] = "Enter first name" }), null)
+                new PropertyBag(new Dictionary<string, object?> { ["placeholder"] = "Enter first name" }), null,
+                EventBindings:
+                [
+                    new ControlEventBinding(
+                        ControlEventKind.OnChange,
+                        "NormalizeName",
+                        new Dictionary<string, object?> { ["source"] = "control" }),
+                ])
         };
 
-        return new FormDefinition("f1", "Customer Form", "Customers", 1, "customers:v1", layout, controls);
+        return new FormDefinition(
+            "f1",
+            "Customer Form",
+            "Customers",
+            1,
+            "customers:v1",
+            layout,
+            controls,
+            EventBindings:
+            [
+                new FormEventBinding(
+                    FormEventKind.AfterUpdate,
+                    "AuditChange",
+                    new Dictionary<string, object?> { ["reason"] = "manual" }),
+            ]);
     }
 }
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Services/CollectionClientIntegrationTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Services/CollectionClientIntegrationTests.cs
new file mode 100644
index 00000000..c190d478
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Services/CollectionClientIntegrationTests.cs
@@ -0,0 +1,46 @@
+using System.Text.Json;
+
+namespace CSharpDB.Admin.Forms.Tests.Services;
+
+public sealed class CollectionClientIntegrationTests
+{
+    private static CancellationToken Ct => TestContext.Current.CancellationToken;
+
+    [Fact]
+    public async Task CollectionClient_CreateBrowseUpdateAndDeleteDocument()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync("admin_collections");
+
+        JsonElement initialDocument;
+        using (var json = JsonDocument.Parse("""{"name":"Ada","active":true}"""))
+            initialDocument = json.RootElement.Clone();
+
+        await db.Client.PutDocumentAsync("profiles", "user-1", initialDocument, Ct);
+
+        var collectionNames = await db.Client.GetCollectionNamesAsync(Ct);
+        Assert.Contains("profiles", collectionNames);
+
+        var page = await db.Client.BrowseCollectionAsync("profiles", page: 1, pageSize: 25, ct: Ct);
+        var browsed = Assert.Single(page.Documents);
+        Assert.Equal("user-1", browsed.Key);
+        Assert.Equal("Ada", browsed.Document.GetProperty("name").GetString());
+
+        JsonElement updatedDocument;
+        using (var json = JsonDocument.Parse("""{"name":"Ada Lovelace","active":false}"""))
+            updatedDocument = json.RootElement.Clone();
+
+        await db.Client.PutDocumentAsync("profiles", "user-1", updatedDocument, Ct);
+
+        JsonElement? loaded = await db.Client.GetDocumentAsync("profiles", "user-1", Ct);
+        Assert.NotNull(loaded);
+        Assert.Equal("Ada Lovelace", loaded.Value.GetProperty("name").GetString());
+        Assert.False(loaded.Value.GetProperty("active").GetBoolean());
+
+        Assert.True(await db.Client.DeleteDocumentAsync("profiles", "user-1", Ct));
+        Assert.Null(await db.Client.GetDocumentAsync("profiles", "user-1", Ct));
+
+        await db.Client.DropCollectionAsync("profiles", Ct);
+        collectionNames = await db.Client.GetCollectionNamesAsync(Ct);
+        Assert.DoesNotContain("profiles", collectionNames);
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Services/DbFormRecordServiceTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Services/DbFormRecordServiceTests.cs
index 1b4065be..52f4e33a 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Services/DbFormRecordServiceTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Services/DbFormRecordServiceTests.cs
@@ -329,6 +329,150 @@ Price REAL
         Assert.Empty(remaining);
     }
 
+    [Fact]
+    public async Task CreateUpdateReloadAndClear_BlobValues()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE Documents (
+                Id INTEGER PRIMARY KEY,
+                Payload BLOB,
+                FileName TEXT,
+                ContentType TEXT,
+                FileSize INTEGER
+            );
+            """);
+
+        var provider = new DbSchemaProvider(db.Client);
+        var service = new DbFormRecordService(db.Client);
+        FormTableDefinition documents = (await provider.GetTableDefinitionAsync("Documents"))!;
+
+        byte[] insertedBytes = [0x01, 0x02, 0xFE];
+        Dictionary<string, object?> created = await service.CreateRecordAsync(
+            documents,
+            new Dictionary<string, object?>
+            {
+                ["Id"] = 1L,
+                ["Payload"] = insertedBytes,
+                ["FileName"] = "one.bin",
+                ["ContentType"] = "application/octet-stream",
+                ["FileSize"] = insertedBytes.Length,
+            },
+            TestContext.Current.CancellationToken);
+
+        Assert.Equal(insertedBytes, Assert.IsType<byte[]>(created["Payload"]));
+        Assert.Equal("one.bin", created["FileName"]);
+
+        byte[] updatedBytes = [0xAA, 0xBB, 0xCC, 0xDD];
+        Dictionary<string, object?> updated = await service.UpdateRecordAsync(
+            documents,
+            1L,
+            new Dictionary<string, object?>
+            {
+                ["Payload"] = updatedBytes,
+                ["FileName"] = "two.bin",
+                ["FileSize"] = updatedBytes.Length,
+            },
+            TestContext.Current.CancellationToken);
+
+        Assert.Equal(updatedBytes, Assert.IsType<byte[]>(updated["Payload"]));
+        Assert.Equal("two.bin", updated["FileName"]);
+        Assert.Equal(4L, updated["FileSize"]);
+
+        Dictionary<string, object?>? reloaded = await service.GetRecordAsync(documents, 1L, TestContext.Current.CancellationToken);
+        Assert.NotNull(reloaded);
+        Assert.Equal(updatedBytes, Assert.IsType<byte[]>(reloaded!["Payload"]));
+
+        Dictionary<string, object?> cleared = await service.UpdateRecordAsync(
+            documents,
+            1L,
+            new Dictionary<string, object?>
+            {
+                ["Payload"] = null,
+                ["FileName"] = null,
+                ["ContentType"] = null,
+                ["FileSize"] = null,
+            },
+            TestContext.Current.CancellationToken);
+
+        Assert.Null(cleared["Payload"]);
+        Assert.Null(cleared["FileName"]);
+        Assert.Null(cleared["ContentType"]);
+        Assert.Null(cleared["FileSize"]);
+    }
+
+    [Fact]
+    public async Task SaveAttachmentAsync_ReplacesAndClearsAttachmentRows()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await db.ExecuteAsync(
+            """
+            CREATE TABLE DocumentAttachments (
+                Id INTEGER PRIMARY KEY,
+                DocumentId INTEGER NOT NULL,
+                ControlId TEXT,
+                Payload BLOB NOT NULL,
+                FileName TEXT,
+                ContentType TEXT,
+                FileSize INTEGER
+            );
+            """);
+
+        var service = new DbFormRecordService(db.Client);
+        var binding = new FormAttachmentTableBinding(
+            "DocumentAttachments",
+            "DocumentId",
+            "Payload",
+            FileNameField: "FileName",
+            ContentTypeField: "ContentType",
+            FileSizeField: "FileSize",
+            ControlIdField: "ControlId",
+            ControlId: "file");
+
+        await service.SaveAttachmentAsync(
+            binding,
+            10L,
+            FormAttachmentValue.FromFile([0x01, 0x02], "one.bin", "application/octet-stream", 2),
+            TestContext.Current.CancellationToken);
+
+        IReadOnlyList<Dictionary<string, object?>> rows = ReadRows(await db.Client.ExecuteSqlAsync(
+            "SELECT DocumentId, ControlId, Payload, FileName, ContentType, FileSize FROM DocumentAttachments;",
+            TestContext.Current.CancellationToken));
+        Dictionary<string, object?> inserted = Assert.Single(rows);
+        Assert.Equal(10L, inserted["DocumentId"]);
+        Assert.Equal("file", inserted["ControlId"]);
+        Assert.Equal([0x01, 0x02], Assert.IsType<byte[]>(inserted["Payload"]));
+        Assert.Equal("one.bin", inserted["FileName"]);
+        Assert.Equal("application/octet-stream", inserted["ContentType"]);
+        Assert.Equal(2L, inserted["FileSize"]);
+
+        await service.SaveAttachmentAsync(
+            binding,
+            10L,
+            FormAttachmentValue.FromFile([0xAA, 0xBB, 0xCC], "two.bin", "application/octet-stream", 3),
+            TestContext.Current.CancellationToken);
+
+        rows = ReadRows(await db.Client.ExecuteSqlAsync(
+            "SELECT Payload, FileName, FileSize FROM DocumentAttachments;",
+            TestContext.Current.CancellationToken));
+        Dictionary<string, object?> replaced = Assert.Single(rows);
+        Assert.Equal([0xAA, 0xBB, 0xCC], Assert.IsType<byte[]>(replaced["Payload"]));
+        Assert.Equal("two.bin", replaced["FileName"]);
+        Assert.Equal(3L, replaced["FileSize"]);
+
+        await service.SaveAttachmentAsync(
+            binding,
+            10L,
+            FormAttachmentValue.Clear(),
+            TestContext.Current.CancellationToken);
+
+        rows = ReadRows(await db.Client.ExecuteSqlAsync(
+            "SELECT Id FROM DocumentAttachments;",
+            TestContext.Current.CancellationToken));
+        Assert.Empty(rows);
+    }
+
     [Fact]
     public void GetPrimaryKeyColumn_RejectsCompositeKeys()
     {
@@ -386,4 +530,25 @@ IsActive INTEGER NOT NULL
             INSERT INTO Customers VALUES (2, 'Grace', 0);
             INSERT INTO Customers VALUES (1, 'Ada', 1);
             """);
+
+    private static IReadOnlyList<Dictionary<string, object?>> ReadRows(CSharpDB.Client.Models.SqlExecutionResult result)
+    {
+        if (!string.IsNullOrWhiteSpace(result.Error))
+            throw new InvalidOperationException(result.Error);
+
+        if (result.ColumnNames is null || result.Rows is null)
+            return [];
+
+        var rows = new List<Dictionary<string, object?>>(result.Rows.Count);
+        foreach (object?[] row in result.Rows)
+        {
+            var dictionary = new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase);
+            for (int i = 0; i < result.ColumnNames.Length && i < row.Length; i++)
+                dictionary[result.ColumnNames[i]] = row[i];
+
+            rows.Add(dictionary);
+        }
+
+        return rows;
+    }
 }
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Services/DbFormRepositoryTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Services/DbFormRepositoryTests.cs
index e41638d7..9b896c32 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Services/DbFormRepositoryTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Services/DbFormRepositoryTests.cs
@@ -2,6 +2,7 @@
 using CSharpDB.Admin.Forms.Models;
 using CSharpDB.Admin.Forms.Services;
 using CSharpDB.Client.Models;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Admin.Forms.Tests.Services;
 
@@ -45,6 +46,39 @@ public async Task CreateAsync_GeneratesFormIdAndNormalizesName()
         Assert.Equal(1, created.DefinitionVersion);
     }
 
+    [Fact]
+    public async Task CreateAsync_StoresGeneratedAutomationMetadata()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        var repository = new DbFormRepository(db.Client);
+
+        FormDefinition created = await repository.CreateAsync(CreateForm("f-auto", "Orders", "Order Form", "sig:orders:v1") with
+        {
+            EventBindings =
+            [
+                new FormEventBinding(
+                    FormEventKind.OnLoad,
+                    "LoadOrder",
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.RunCommand, CommandName: "AuditOrderLoad"),
+                    ],
+                    Name: "LoadActions")),
+            ],
+        });
+        FormDefinition loaded = (await repository.GetAsync(created.FormId))!;
+
+        Assert.NotNull(created.Automation);
+        Assert.NotNull(loaded.Automation);
+        Assert.Contains(loaded.Automation!.Commands!, command => command.Name == "LoadOrder");
+        Assert.Contains(loaded.Automation.Commands!, command => command.Name == "AuditOrderLoad");
+
+        IReadOnlyList<Dictionary<string, object?>> rows = await db.QueryRowsAsync(
+            "SELECT definition_json FROM __forms WHERE id = 'f-auto';");
+        string json = Assert.Single(rows)["definition_json"]!.ToString()!;
+        Assert.Contains("\"automation\"", json);
+    }
+
     [Fact]
     public async Task TryUpdateAsync_CorrectVersion_UpdatesAndIncrementsVersion()
     {
@@ -146,7 +180,7 @@ public async Task PersistedFormSignature_CanBeComparedAgainstCurrentSchema()
         FormTableDefinition originalTable = (await provider.GetTableDefinitionAsync("Customers"))!;
         await repository.CreateAsync(CreateForm("f1", "Customers", "Customer Form", originalTable.SourceSchemaSignature));
 
-        await db.Client.AddColumnAsync("Customers", "Email", DbType.Text, notNull: false, ct: TestContext.Current.CancellationToken);
+        await db.Client.AddColumnAsync("Customers", "Email", CSharpDB.Client.Models.DbType.Text, notNull: false, ct: TestContext.Current.CancellationToken);
 
         FormDefinition stored = (await repository.GetAsync("f1"))!;
         FormTableDefinition currentTable = (await provider.GetTableDefinitionAsync("Customers"))!;
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultFormEventDispatcherTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultFormEventDispatcherTests.cs
new file mode 100644
index 00000000..4477e29b
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultFormEventDispatcherTests.cs
@@ -0,0 +1,571 @@
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Tests.Services;
+
+public sealed class DefaultFormEventDispatcherTests
+{
+    [Fact]
+    public async Task DispatchAsync_InvokesMatchingCommandsWithRecordArgumentsAndMetadata()
+    {
+        DbCommandContext? captured = null;
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("AuditChange", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+
+        var dispatcher = new DefaultFormEventDispatcher(commands);
+        var form = CreateForm([
+            new FormEventBinding(
+                FormEventKind.AfterUpdate,
+                "AuditChange",
+                new Dictionary<string, object?> { ["Reason"] = "manual" }),
+        ]);
+
+        var result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.AfterUpdate,
+            new Dictionary<string, object?> { ["Id"] = 7L, ["Name"] = "Alice" },
+            TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        Assert.NotNull(captured);
+        Assert.Equal("AfterUpdate", captured!.Metadata["event"]);
+        Assert.Equal("AdminForms", captured.Metadata["surface"]);
+        Assert.Equal("customers-form", captured.Metadata["formId"]);
+        Assert.Equal("Customers", captured.Metadata["tableName"]);
+        Assert.Equal(7, captured.Arguments["Id"].AsInteger);
+        Assert.Equal("Alice", captured.Arguments["Name"].AsText);
+        Assert.Equal("manual", captured.Arguments["Reason"].AsText);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_FailsForMissingCommand()
+    {
+        var dispatcher = new DefaultFormEventDispatcher(DbCommandRegistry.Empty);
+        var form = CreateForm([new FormEventBinding(FormEventKind.BeforeDelete, "MissingCommand")]);
+
+        var result = await dispatcher.DispatchAsync(form, FormEventKind.BeforeDelete, ct: TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        Assert.Contains("Unknown form command 'MissingCommand'", result.Message);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_StopsOnCommandFailureByDefault()
+    {
+        var calls = new List<string>();
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("Reject", _ =>
+            {
+                calls.Add("reject");
+                return DbCommandResult.Failure("Rejected.");
+            });
+            builder.AddCommand("After", _ =>
+            {
+                calls.Add("after");
+                return DbCommandResult.Success();
+            });
+        });
+
+        var dispatcher = new DefaultFormEventDispatcher(commands);
+        var form = CreateForm([
+            new FormEventBinding(FormEventKind.BeforeUpdate, "Reject"),
+            new FormEventBinding(FormEventKind.BeforeUpdate, "After"),
+        ]);
+
+        var result = await dispatcher.DispatchAsync(form, FormEventKind.BeforeUpdate, ct: TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        Assert.Equal("Rejected.", result.Message);
+        Assert.Equal(["reject"], calls);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_ContinuesWhenStopOnFailureIsFalse()
+    {
+        var calls = new List<string>();
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("Reject", _ =>
+            {
+                calls.Add("reject");
+                return DbCommandResult.Failure("Rejected.");
+            });
+            builder.AddCommand("After", _ =>
+            {
+                calls.Add("after");
+                return DbCommandResult.Success();
+            });
+        });
+
+        var dispatcher = new DefaultFormEventDispatcher(commands);
+        var form = CreateForm([
+            new FormEventBinding(FormEventKind.BeforeUpdate, "Reject", StopOnFailure: false),
+            new FormEventBinding(FormEventKind.BeforeUpdate, "After"),
+        ]);
+
+        var result = await dispatcher.DispatchAsync(form, FormEventKind.BeforeUpdate, ct: TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal(["reject", "after"], calls);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_ReturnsFailureWhenCommandTimesOut()
+    {
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddAsyncCommand(
+                "SlowAudit",
+                new DbCommandOptions(Timeout: TimeSpan.FromMilliseconds(10)),
+                static async (_, ct) =>
+                {
+                    await Task.Delay(TimeSpan.FromSeconds(5), ct);
+                    return DbCommandResult.Success();
+                });
+        });
+
+        var dispatcher = new DefaultFormEventDispatcher(commands);
+        var form = CreateForm([new FormEventBinding(FormEventKind.AfterUpdate, "SlowAudit")]);
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.AfterUpdate,
+            new Dictionary<string, object?> { ["Id"] = 7L },
+            TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        Assert.Contains("SlowAudit", result.Message);
+        Assert.Contains("timed out", result.Message);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_ExecutesActionSequenceAndMutatesMutableRecord()
+    {
+        DbCommandContext? captured = null;
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("AuditChange", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+
+        var dispatcher = new DefaultFormEventDispatcher(commands);
+        var form = CreateForm([
+            new FormEventBinding(
+                FormEventKind.BeforeUpdate,
+                string.Empty,
+                new Dictionary<string, object?> { ["Reason"] = "action-sequence" },
+                ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.SetFieldValue, Target: "Name", Value: "Bob"),
+                        new DbActionStep(
+                            DbActionKind.RunCommand,
+                            CommandName: "AuditChange",
+                            Arguments: new Dictionary<string, object?> { ["Step"] = "audit" }),
+                    ],
+                    Name: "BeforeUpdateActions")),
+        ]);
+        var record = new Dictionary<string, object?> { ["Id"] = 7L, ["Name"] = "Alice" };
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.BeforeUpdate,
+            record,
+            TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal("Bob", record["Name"]);
+        Assert.NotNull(captured);
+        Assert.Equal("Bob", captured!.Arguments["Name"].AsText);
+        Assert.Equal("action-sequence", captured.Arguments["Reason"].AsText);
+        Assert.Equal("audit", captured.Arguments["Step"].AsText);
+        Assert.Equal("RunCommand", captured.Metadata["actionKind"]);
+        Assert.Equal("1", captured.Metadata["actionStep"]);
+        Assert.Equal("BeforeUpdateActions", captured.Metadata["actionSequence"]);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_ActionSequenceConditionsSkipAndRunSteps()
+    {
+        DbCommandContext? captured = null;
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("AuditReady", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+
+        var dispatcher = new DefaultFormEventDispatcher(commands);
+        var form = CreateForm([
+            new FormEventBinding(
+                FormEventKind.BeforeUpdate,
+                string.Empty,
+                ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(
+                            DbActionKind.SetFieldValue,
+                            Target: "Status",
+                            Value: "Skipped",
+                            Condition: "Name = 'Not Alice'"),
+                        new DbActionStep(
+                            DbActionKind.SetFieldValue,
+                            Target: "Status",
+                            Value: "Ready",
+                            Condition: "Name = 'Alice'"),
+                        new DbActionStep(
+                            DbActionKind.RunCommand,
+                            CommandName: "AuditReady",
+                            Condition: "Status = 'Ready'"),
+                    ])),
+        ]);
+        var record = new Dictionary<string, object?> { ["Id"] = 7L, ["Name"] = "Alice", ["Status"] = "Draft" };
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.BeforeUpdate,
+            record,
+            TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal("Ready", record["Status"]);
+        Assert.NotNull(captured);
+        Assert.Equal("Ready", captured!.Arguments["Status"].AsText);
+        Assert.Equal("Status = 'Ready'", captured.Metadata["actionCondition"]);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_RunActionSequenceInvokesReusableSequence()
+    {
+        DbCommandContext? captured = null;
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("AuditPrepared", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+
+        var dispatcher = new DefaultFormEventDispatcher(commands);
+        var form = CreateForm(
+            [
+                new FormEventBinding(
+                    FormEventKind.BeforeUpdate,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(
+                            DbActionKind.RunActionSequence,
+                            SequenceName: "PrepareOrder",
+                            Arguments: new Dictionary<string, object?> { ["source"] = "event-binding" }),
+                    ],
+                    Name: "BeforeUpdateActions")),
+            ],
+            [
+                new DbActionSequence(
+                [
+                    new DbActionStep(DbActionKind.SetFieldValue, Target: "Status", Value: "Ready"),
+                    new DbActionStep(DbActionKind.RunCommand, CommandName: "AuditPrepared"),
+                ],
+                Name: "PrepareOrder"),
+            ]);
+        var record = new Dictionary<string, object?> { ["Id"] = 7L, ["Status"] = "Draft" };
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.BeforeUpdate,
+            record,
+            TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal("Ready", record["Status"]);
+        Assert.NotNull(captured);
+        Assert.Equal("AuditPrepared", captured!.CommandName);
+        Assert.Equal("Ready", captured.Arguments["Status"].AsText);
+        Assert.Equal("event-binding", captured.Arguments["source"].AsText);
+        Assert.Equal("PrepareOrder", captured.Metadata["actionSequence"]);
+        Assert.Equal("RunCommand", captured.Metadata["actionKind"]);
+        Assert.Equal("1", captured.Metadata["actionStep"]);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_RunActionSequenceFailsForMissingReusableSequence()
+    {
+        var dispatcher = new DefaultFormEventDispatcher(DbCommandRegistry.Empty);
+        var form = CreateForm([
+            new FormEventBinding(
+                FormEventKind.BeforeUpdate,
+                string.Empty,
+                ActionSequence: new DbActionSequence(
+                [
+                    new DbActionStep(DbActionKind.RunActionSequence, SequenceName: "MissingSequence"),
+                ])),
+        ]);
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.BeforeUpdate,
+            new Dictionary<string, object?> { ["Id"] = 7L },
+            TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        Assert.Contains("Unknown form action sequence 'MissingSequence'", result.Message);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_RunActionSequenceStopsRecursiveLoops()
+    {
+        var dispatcher = new DefaultFormEventDispatcher(DbCommandRegistry.Empty);
+        var form = CreateForm(
+            [
+                new FormEventBinding(
+                    FormEventKind.BeforeUpdate,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(DbActionKind.RunActionSequence, SequenceName: "A"),
+                    ])),
+            ],
+            [
+                new DbActionSequence(
+                [
+                    new DbActionStep(DbActionKind.RunActionSequence, SequenceName: "B"),
+                ],
+                Name: "A"),
+                new DbActionSequence(
+                [
+                    new DbActionStep(DbActionKind.RunActionSequence, SequenceName: "A"),
+                ],
+                Name: "B"),
+            ]);
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.BeforeUpdate,
+            new Dictionary<string, object?> { ["Id"] = 7L },
+            TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        Assert.Contains("nesting limit", result.Message, StringComparison.OrdinalIgnoreCase);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_ActionSequenceConditionFailureStopsByDefault()
+    {
+        var dispatcher = new DefaultFormEventDispatcher(DbCommandRegistry.Empty);
+        var form = CreateForm([
+            new FormEventBinding(
+                FormEventKind.BeforeUpdate,
+                string.Empty,
+                ActionSequence: new DbActionSequence(
+                    [
+                        new DbActionStep(
+                            DbActionKind.SetFieldValue,
+                            Target: "Status",
+                            Value: "Ready",
+                            Condition: "MissingField = 'Ready'"),
+                    ])),
+        ]);
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.BeforeUpdate,
+            new Dictionary<string, object?> { ["Id"] = 7L, ["Status"] = "Draft" },
+            TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        Assert.Contains("condition failed", result.Message);
+        Assert.Contains("MissingField", result.Message);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_ActionSequenceFailureStopsByDefault()
+    {
+        var commands = DbCommandRegistry.Empty;
+        var dispatcher = new DefaultFormEventDispatcher(commands);
+        var form = CreateForm([
+            new FormEventBinding(
+                FormEventKind.AfterUpdate,
+                string.Empty,
+                ActionSequence: new DbActionSequence(
+                    [new DbActionStep(DbActionKind.RunCommand, CommandName: "MissingCommand")])),
+        ]);
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.AfterUpdate,
+            new Dictionary<string, object?> { ["Id"] = 7L },
+            TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        Assert.Contains("Unknown form command 'MissingCommand'", result.Message);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_Phase8ActionsUseTypedRuntime()
+    {
+        var runtime = new RecordingFormActionRuntime();
+        var dispatcher = new DefaultFormEventDispatcher(DbCommandRegistry.Empty, runtime);
+        var form = CreateForm([
+            new FormEventBinding(
+                FormEventKind.OnLoad,
+                string.Empty,
+                ActionSequence: new DbActionSequence(
+                [
+                    new DbActionStep(
+                        DbActionKind.OpenForm,
+                        Target: "orders-detail",
+                        Arguments: new Dictionary<string, object?> { ["mode"] = "dialog" }),
+                    new DbActionStep(
+                        DbActionKind.ApplyFilter,
+                        Target: "orders-grid",
+                        Value: "[Status] = 'Open'"),
+                    new DbActionStep(DbActionKind.ClearFilter, Target: "orders-grid"),
+                    new DbActionStep(
+                        DbActionKind.RunSql,
+                        Value: "UPDATE Orders SET Status = @status WHERE Id = @id",
+                        Arguments: new Dictionary<string, object?> { ["status"] = "Ready" }),
+                    new DbActionStep(DbActionKind.RunProcedure, Target: "RepriceOrder"),
+                    new DbActionStep(DbActionKind.SetControlVisibility, Target: "internalNotes", Value: false),
+                ],
+                Name: "LoadActions")),
+        ]);
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.OnLoad,
+            new Dictionary<string, object?> { ["Id"] = 7L },
+            TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal(
+            ["OpenForm:orders-detail", "ApplyFilter:orders-grid:[Status] = 'Open'", "ClearFilter:orders-grid", "RunSql:UPDATE Orders SET Status = @status WHERE Id = @id", "RunProcedure:RepriceOrder", "SetControlProperty:internalNotes.visible=False"],
+            runtime.Calls);
+        Assert.NotNull(runtime.LastContext);
+        Assert.Equal("customers-form", runtime.LastContext!.FormId);
+        Assert.Equal("Customers Form", runtime.LastContext.FormName);
+        Assert.Equal("OnLoad", runtime.LastContext.EventName);
+        Assert.Equal("LoadActions", runtime.LastContext.ActionSequenceName);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_Phase8ActionsFailClearlyWithoutRuntime()
+    {
+        var dispatcher = new DefaultFormEventDispatcher(DbCommandRegistry.Empty);
+        var form = CreateForm([
+            new FormEventBinding(
+                FormEventKind.OnLoad,
+                string.Empty,
+                ActionSequence: new DbActionSequence(
+                [
+                    new DbActionStep(DbActionKind.OpenForm, Target: "orders-detail"),
+                ])),
+        ]);
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.OnLoad,
+            new Dictionary<string, object?> { ["Id"] = 7L },
+            TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        Assert.Contains("OpenForm", result.Message);
+        Assert.Contains("rendered form runtime", result.Message);
+    }
+
+    private static FormDefinition CreateForm(
+        IReadOnlyList<FormEventBinding> eventBindings,
+        IReadOnlyList<DbActionSequence>? actionSequences = null)
+        => new(
+            "customers-form",
+            "Customers Form",
+            "Customers",
+            DefinitionVersion: 1,
+            SourceSchemaSignature: "customers:v1",
+            Layout: new LayoutDefinition("absolute", 8, SnapToGrid: false, []),
+            Controls: [],
+            EventBindings: eventBindings,
+            ActionSequences: actionSequences);
+
+    private sealed class RecordingFormActionRuntime : IFormActionRuntime
+    {
+        public List<string> Calls { get; } = [];
+
+        public FormActionRuntimeContext? LastContext { get; private set; }
+
+        public Task<FormEventDispatchResult> ExecuteRecordActionAsync(
+            FormActionRuntimeContext context,
+            DbActionStep step,
+            CancellationToken ct)
+            => RecordAsync(context, step.Kind.ToString());
+
+        public Task<FormEventDispatchResult> OpenFormAsync(
+            FormActionRuntimeContext context,
+            string formName,
+            IReadOnlyDictionary<string, object?> arguments,
+            CancellationToken ct)
+            => RecordAsync(context, $"OpenForm:{formName}");
+
+        public Task<FormEventDispatchResult> CloseFormAsync(
+            FormActionRuntimeContext context,
+            string? formName,
+            CancellationToken ct)
+            => RecordAsync(context, $"CloseForm:{formName}");
+
+        public Task<FormEventDispatchResult> ApplyFilterAsync(
+            FormActionRuntimeContext context,
+            string target,
+            string filter,
+            IReadOnlyDictionary<string, object?> arguments,
+            CancellationToken ct)
+            => RecordAsync(context, $"ApplyFilter:{target}:{filter}");
+
+        public Task<FormEventDispatchResult> ClearFilterAsync(
+            FormActionRuntimeContext context,
+            string target,
+            CancellationToken ct)
+            => RecordAsync(context, $"ClearFilter:{target}");
+
+        public Task<FormEventDispatchResult> RunSqlAsync(
+            FormActionRuntimeContext context,
+            string sqlOrName,
+            IReadOnlyDictionary<string, object?> arguments,
+            CancellationToken ct)
+            => RecordAsync(context, $"RunSql:{sqlOrName}");
+
+        public Task<FormEventDispatchResult> RunProcedureAsync(
+            FormActionRuntimeContext context,
+            string procedureName,
+            IReadOnlyDictionary<string, object?> arguments,
+            CancellationToken ct)
+            => RecordAsync(context, $"RunProcedure:{procedureName}");
+
+        public Task<FormEventDispatchResult> SetControlPropertyAsync(
+            FormActionRuntimeContext context,
+            string controlId,
+            string propertyName,
+            object? value,
+            CancellationToken ct)
+            => RecordAsync(context, $"SetControlProperty:{controlId}.{propertyName}={value}");
+
+        private Task<FormEventDispatchResult> RecordAsync(FormActionRuntimeContext context, string call)
+        {
+            LastContext = context;
+            Calls.Add(call);
+            return Task.FromResult(FormEventDispatchResult.Success());
+        }
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultFormGeneratorTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultFormGeneratorTests.cs
index 08faa529..3372591a 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultFormGeneratorTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultFormGeneratorTests.cs
@@ -54,6 +54,7 @@ public void GenerateDefault_SetsAbsoluteLayout()
     [InlineData(FieldDataType.Int64, "number")]
     [InlineData(FieldDataType.Decimal, "number")]
     [InlineData(FieldDataType.Double, "number")]
+    [InlineData(FieldDataType.Blob, "attachment")]
     [InlineData(FieldDataType.String, "text")]
     [InlineData(FieldDataType.Guid, "text")]
     public void GenerateDefault_MapsFieldToCorrectControlType(FieldDataType dataType, string expectedControlType)
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultValidationInferenceServiceTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultValidationInferenceServiceTests.cs
index 8c61aa00..7f595a01 100644
--- a/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultValidationInferenceServiceTests.cs
+++ b/tests/CSharpDB.Admin.Forms.Tests/Services/DefaultValidationInferenceServiceTests.cs
@@ -1,6 +1,7 @@
 using CSharpDB.Admin.Forms.Contracts;
 using CSharpDB.Admin.Forms.Models;
 using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Admin.Forms.Tests.Services;
 
@@ -151,6 +152,217 @@ public void Evaluate_WithDisabledRequiredRule_SuppressesValidationError()
         Assert.Empty(errors);
     }
 
+    [Fact]
+    public async Task EvaluateAsync_FieldCallbackFailure_ReturnsFieldValidationError()
+    {
+        DbValidationRuleRegistry registry = DbValidationRuleRegistry.Create(builder =>
+            builder.AddRule(
+                "BlockName",
+                static (context, _) =>
+                {
+                    Assert.Equal("form-1", context.FormId);
+                    Assert.Equal("Test Form", context.FormName);
+                    Assert.Equal("Customers", context.TableName);
+                    Assert.Equal("c1", context.ControlId);
+                    Assert.Equal("Name", context.FieldName);
+                    Assert.Equal("blocked", context.Parameters["mode"].AsText);
+                    Assert.True(context.Record.ContainsKey("Name"));
+
+                    return ValueTask.FromResult(
+                        context.Value.Type == DbType.Text && context.Value.AsText == "Blocked"
+                            ? DbValidationRuleResult.Failure("Name is blocked.", context.FieldName, context.RuleName)
+                            : DbValidationRuleResult.Success());
+                }));
+        var service = new DefaultValidationInferenceService(registry, DbExtensionPolicies.DefaultHostCallbackPolicy);
+        FormDefinition form = CreateForm(new ControlDefinition(
+            "c1",
+            "text",
+            new Rect(0, 0, 100, 30),
+            new BindingDefinition("Name", "TwoWay"),
+            PropertyBag.Empty,
+            new ValidationOverride(
+                DisableInferredRules: false,
+                AddRules:
+                [
+                    new ValidationRule(
+                        "BlockName",
+                        "Name failed validation.",
+                        new Dictionary<string, object?> { ["mode"] = "blocked" }),
+                ],
+                DisableRuleIds: [])));
+
+        IReadOnlyList<ValidationError> errors = await service.EvaluateAsync(
+            form,
+            new Dictionary<string, object?> { ["Name"] = "Blocked" },
+            TestContext.Current.CancellationToken);
+
+        ValidationError error = Assert.Single(errors);
+        Assert.Equal("Name", error.FieldName);
+        Assert.Equal("BlockName", error.RuleId);
+        Assert.Equal("Name is blocked.", error.Message);
+    }
+
+    [Fact]
+    public async Task EvaluateAsync_FormCallbackCanReturnFieldAndGlobalFailures()
+    {
+        DbValidationRuleRegistry registry = DbValidationRuleRegistry.Create(builder =>
+            builder.AddRule(
+                "DateRange",
+                static (context, _) =>
+                {
+                    Assert.Equal(DbValidationRuleScope.Form, context.Scope);
+                    Assert.Null(context.ControlId);
+                    Assert.Null(context.FieldName);
+
+                    string start = context.Record["StartDate"].AsText;
+                    string end = context.Record["EndDate"].AsText;
+                    return ValueTask.FromResult(string.CompareOrdinal(start, end) <= 0
+                        ? DbValidationRuleResult.Success()
+                        : DbValidationRuleResult.Failure(
+                            [
+                                new DbValidationFailure("EndDate", "End date must be after start date.", "DateRange"),
+                                new DbValidationFailure(null, "Fix the date range before saving.", "DateRange"),
+                            ]));
+                }));
+        var service = new DefaultValidationInferenceService(registry, DbExtensionPolicies.DefaultHostCallbackPolicy);
+        FormDefinition form = CreateForm(
+            new ControlDefinition("start", "text", new Rect(0, 0, 100, 30), new BindingDefinition("StartDate", "TwoWay"), PropertyBag.Empty, null),
+            new ControlDefinition("end", "text", new Rect(0, 40, 100, 30), new BindingDefinition("EndDate", "TwoWay"), PropertyBag.Empty, null)) with
+        {
+            ValidationRules =
+            [
+                new ValidationRule("DateRange", "Date range is invalid.", new Dictionary<string, object?>()),
+            ],
+        };
+
+        IReadOnlyList<ValidationError> errors = await service.EvaluateAsync(
+            form,
+            new Dictionary<string, object?>
+            {
+                ["StartDate"] = "2026-05-02",
+                ["EndDate"] = "2026-05-01",
+            },
+            TestContext.Current.CancellationToken);
+
+        Assert.Equal(2, errors.Count);
+        Assert.Contains(errors, error => error.FieldName == "EndDate" && error.Message == "End date must be after start date.");
+        Assert.Contains(errors, error => error.FieldName == string.Empty && error.Message == "Fix the date range before saving.");
+    }
+
+    [Fact]
+    public async Task EvaluateAsync_MissingCallbackBlocksSave()
+    {
+        var service = new DefaultValidationInferenceService(DbValidationRuleRegistry.Empty, DbExtensionPolicies.DefaultHostCallbackPolicy);
+        FormDefinition form = CreateForm(new ControlDefinition(
+            "c1",
+            "text",
+            new Rect(0, 0, 100, 30),
+            new BindingDefinition("Name", "TwoWay"),
+            PropertyBag.Empty,
+            new ValidationOverride(false, [new ValidationRule("MissingRule", "Fallback", new Dictionary<string, object?>())], [])));
+
+        IReadOnlyList<ValidationError> errors = await service.EvaluateAsync(
+            form,
+            new Dictionary<string, object?> { ["Name"] = "Alice" },
+            TestContext.Current.CancellationToken);
+
+        ValidationError error = Assert.Single(errors);
+        Assert.Equal("Name", error.FieldName);
+        Assert.Equal("MissingRule", error.RuleId);
+        Assert.Contains("not registered", error.Message);
+    }
+
+    [Fact]
+    public async Task EvaluateAsync_DeniedCallbackBlocksSave()
+    {
+        DbValidationRuleRegistry registry = DbValidationRuleRegistry.Create(builder =>
+            builder.AddRule("DenyMe", static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success())));
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ValidationRules,
+                    DbExtensionCapabilityGrantStatus.Denied,
+                    Reason: "Validation rules are disabled."),
+            ]);
+        var service = new DefaultValidationInferenceService(registry, policy);
+        FormDefinition form = CreateForm(new ControlDefinition(
+            "c1",
+            "text",
+            new Rect(0, 0, 100, 30),
+            new BindingDefinition("Name", "TwoWay"),
+            PropertyBag.Empty,
+            new ValidationOverride(false, [new ValidationRule("DenyMe", "Fallback", new Dictionary<string, object?>())], [])));
+
+        IReadOnlyList<ValidationError> errors = await service.EvaluateAsync(
+            form,
+            new Dictionary<string, object?> { ["Name"] = "Alice" },
+            TestContext.Current.CancellationToken);
+
+        ValidationError error = Assert.Single(errors);
+        Assert.Equal("Name", error.FieldName);
+        Assert.Contains("denied by policy", error.Message);
+        Assert.Contains("Validation rules are disabled.", error.Message);
+    }
+
+    [Fact]
+    public async Task EvaluateAsync_ThrownCallbackBlocksSave()
+    {
+        DbValidationRuleRegistry registry = DbValidationRuleRegistry.Create(builder =>
+            builder.AddRule(
+                "Throws",
+                static (_, _) => throw new InvalidOperationException("callback broke")));
+        var service = new DefaultValidationInferenceService(registry, DbExtensionPolicies.DefaultHostCallbackPolicy);
+        FormDefinition form = CreateForm(new ControlDefinition(
+            "c1",
+            "text",
+            new Rect(0, 0, 100, 30),
+            new BindingDefinition("Name", "TwoWay"),
+            PropertyBag.Empty,
+            new ValidationOverride(false, [new ValidationRule("Throws", "Fallback", new Dictionary<string, object?>())], [])));
+
+        IReadOnlyList<ValidationError> errors = await service.EvaluateAsync(
+            form,
+            new Dictionary<string, object?> { ["Name"] = "Alice" },
+            TestContext.Current.CancellationToken);
+
+        ValidationError error = Assert.Single(errors);
+        Assert.Equal("Name", error.FieldName);
+        Assert.Contains("callback broke", error.Message);
+    }
+
+    [Fact]
+    public async Task EvaluateAsync_TimedOutCallbackBlocksSave()
+    {
+        DbValidationRuleRegistry registry = DbValidationRuleRegistry.Create(builder =>
+            builder.AddRule(
+                "Slow",
+                new DbValidationRuleOptions(Timeout: TimeSpan.FromMilliseconds(10)),
+                static async (_, ct) =>
+                {
+                    await Task.Delay(TimeSpan.FromSeconds(5), ct);
+                    return DbValidationRuleResult.Success();
+                }));
+        var service = new DefaultValidationInferenceService(registry, DbExtensionPolicies.DefaultHostCallbackPolicy);
+        FormDefinition form = CreateForm(new ControlDefinition(
+            "c1",
+            "text",
+            new Rect(0, 0, 100, 30),
+            new BindingDefinition("Name", "TwoWay"),
+            PropertyBag.Empty,
+            new ValidationOverride(false, [new ValidationRule("Slow", "Fallback", new Dictionary<string, object?>())], [])));
+
+        IReadOnlyList<ValidationError> errors = await service.EvaluateAsync(
+            form,
+            new Dictionary<string, object?> { ["Name"] = "Alice" },
+            TestContext.Current.CancellationToken);
+
+        ValidationError error = Assert.Single(errors);
+        Assert.Equal("Name", error.FieldName);
+        Assert.Contains("timed out", error.Message);
+    }
+
     private static FormDefinition CreateForm(params ControlDefinition[] controls)
         => new(
             "form-1",
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Services/FormActionDiagnosticsTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Services/FormActionDiagnosticsTests.cs
new file mode 100644
index 00000000..6a02f52a
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Services/FormActionDiagnosticsTests.cs
@@ -0,0 +1,82 @@
+using System.Collections.Concurrent;
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Tests.Services;
+
+public sealed class FormActionDiagnosticsTests
+{
+    [Fact]
+    public async Task DispatchActionSequence_EmitsDiagnosticEvent()
+    {
+        var diagnostics = new ConcurrentQueue<FormActionInvocationDiagnostic>();
+        using IDisposable subscription = FormActionDiagnostics.Listener.Subscribe(new ActionObserver(diagnostics));
+        var dispatcher = new DefaultFormEventDispatcher(DbCommandRegistry.Empty);
+        FormDefinition form = CreateForm(
+            new DbActionSequence(
+            [
+                new DbActionStep(DbActionKind.ShowMessage, Message: "Loaded."),
+            ],
+            Name: "NotifyLoad"));
+
+        FormEventDispatchResult result = await dispatcher.DispatchAsync(
+            form,
+            FormEventKind.OnLoad,
+            new Dictionary<string, object?> { ["Id"] = 42L },
+            TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        FormActionInvocationDiagnostic diagnostic = Assert.Single(
+            diagnostics.ToArray(),
+            diagnostic => diagnostic.FormId == "orders-form" && diagnostic.ActionKind == DbActionKind.ShowMessage);
+        Assert.Equal(DbActionKind.ShowMessage, diagnostic.ActionKind);
+        Assert.Equal("orders-form", diagnostic.FormId);
+        Assert.Equal("Orders", diagnostic.TableName);
+        Assert.Equal("OnLoad", diagnostic.EventName);
+        Assert.Equal("NotifyLoad", diagnostic.ActionSequenceName);
+        Assert.Equal(0, diagnostic.StepIndex);
+        Assert.Equal("actionSequences.NotifyLoad.steps[0]", diagnostic.Location);
+        Assert.True(diagnostic.Succeeded);
+        Assert.False(diagnostic.Canceled);
+        Assert.Equal("Loaded.", diagnostic.ResultMessage);
+        Assert.Null(diagnostic.ExceptionMessage);
+        Assert.True(diagnostic.Elapsed >= TimeSpan.Zero);
+    }
+
+    private static FormDefinition CreateForm(DbActionSequence sequence)
+        => new(
+            "orders-form",
+            "Orders Form",
+            "Orders",
+            DefinitionVersion: 1,
+            SourceSchemaSignature: "sig:orders",
+            Layout: new LayoutDefinition("absolute", 8, SnapToGrid: false, []),
+            Controls: [],
+            EventBindings:
+            [
+                new FormEventBinding(FormEventKind.OnLoad, string.Empty, ActionSequence: sequence),
+            ]);
+
+    private sealed class ActionObserver(ConcurrentQueue<FormActionInvocationDiagnostic> diagnostics)
+        : IObserver<KeyValuePair<string, object?>>
+    {
+        public void OnCompleted()
+        {
+        }
+
+        public void OnError(Exception error)
+        {
+        }
+
+        public void OnNext(KeyValuePair<string, object?> value)
+        {
+            if (value.Key == FormActionDiagnostics.InvocationEventName &&
+                value.Value is FormActionInvocationDiagnostic diagnostic)
+            {
+                diagnostics.Enqueue(diagnostic);
+            }
+        }
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Services/FormActionManifestValidatorTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Services/FormActionManifestValidatorTests.cs
new file mode 100644
index 00000000..63f9c2af
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Services/FormActionManifestValidatorTests.cs
@@ -0,0 +1,153 @@
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Tests.Services;
+
+public sealed class FormActionManifestValidatorTests
+{
+    [Fact]
+    public void Validate_ReturnsSuccessForSupportedPhase8Actions()
+    {
+        FormDefinition form = CreateForm([
+            new DbActionStep(DbActionKind.OpenForm, Target: "orders-detail"),
+            new DbActionStep(DbActionKind.ApplyFilter, Target: "ordersGrid", Value: "[Status] = 'Open'"),
+            new DbActionStep(DbActionKind.ClearFilter, Target: "ordersGrid"),
+            new DbActionStep(DbActionKind.RunSql, Value: "UPDATE Orders SET Status = @status"),
+            new DbActionStep(DbActionKind.RunProcedure, Target: "RepriceOrder"),
+            new DbActionStep(
+                DbActionKind.SetControlProperty,
+                Target: "ordersGrid",
+                Value: false,
+                Arguments: new Dictionary<string, object?> { ["property"] = "visible" }),
+        ]);
+        var capabilities = FormActionRuntimeCapabilities.RenderedForm with
+        {
+            RunSql = true,
+            RunProcedure = true,
+        };
+
+        FormActionValidationResult result = FormActionManifestValidator.Validate(
+            form,
+            new FormActionValidationOptions(
+                RuntimeCapabilities: capabilities,
+                AvailableForms: ["orders-detail"],
+                AvailableProcedures: ["RepriceOrder"]));
+
+        Assert.True(result.Succeeded);
+        Assert.Empty(result.Issues);
+    }
+
+    [Fact]
+    public void Validate_ReportsActionReadinessIssues()
+    {
+        FormDefinition form = CreateForm(
+            [
+                new DbActionStep(DbActionKind.OpenForm, Target: "missing-form"),
+                new DbActionStep(DbActionKind.ApplyFilter, Target: "missingGrid", Value: "[Status = 'Open'"),
+                new DbActionStep(DbActionKind.RunSql),
+                new DbActionStep(DbActionKind.RunProcedure, Target: "MissingProcedure"),
+                new DbActionStep(DbActionKind.RunActionSequence, SequenceName: "MissingSequence"),
+                new DbActionStep(DbActionKind.SetControlReadOnly, Target: "missingControl", Value: true),
+            ],
+            rules:
+            [
+                new ControlRuleDefinition(
+                    "hide-internal",
+                    "Status = 'Closed'",
+                    [
+                        new ControlRuleEffect("missingControl", "notAProperty", true),
+                    ]),
+            ]);
+
+        FormActionValidationResult result = FormActionManifestValidator.Validate(
+            form,
+            new FormActionValidationOptions(
+                RuntimeCapabilities: FormActionRuntimeCapabilities.None,
+                AvailableForms: ["orders-detail"],
+                AvailableProcedures: ["RepriceOrder"]));
+
+        Assert.False(result.Succeeded);
+        Assert.Contains(result.Issues, issue => issue.Severity == FormActionValidationSeverity.Warning && issue.ActionKind == DbActionKind.OpenForm);
+        Assert.Contains(result.Issues, issue => issue.Message.Contains("OpenForm target 'missing-form'", StringComparison.Ordinal));
+        Assert.Contains(result.Issues, issue => issue.Message.Contains("Unknown control 'missingGrid'", StringComparison.Ordinal));
+        Assert.Contains(result.Issues, issue => issue.Message.Contains("malformed", StringComparison.Ordinal));
+        Assert.Contains(result.Issues, issue => issue.Message.Contains("RunSql action requires SQL", StringComparison.Ordinal));
+        Assert.Contains(result.Issues, issue => issue.Message.Contains("Procedure 'MissingProcedure'", StringComparison.Ordinal));
+        Assert.Contains(result.Issues, issue => issue.Message.Contains("Unknown form action sequence 'MissingSequence'", StringComparison.Ordinal));
+        Assert.Contains(result.Issues, issue => issue.Message.Contains("Control rule 'hide-internal' targets unknown control", StringComparison.Ordinal));
+        Assert.Contains(result.Issues, issue => issue.Message.Contains("unsupported property 'notAProperty'", StringComparison.Ordinal));
+    }
+
+    [Fact]
+    public void Validate_ReportsAmbiguousReusableSequences()
+    {
+        FormDefinition form = CreateForm(
+            [new DbActionStep(DbActionKind.RunActionSequence, SequenceName: "Prepare")],
+            actionSequences:
+            [
+                new DbActionSequence([], "Prepare"),
+                new DbActionSequence([], "prepare"),
+            ]);
+
+        FormActionValidationResult result = FormActionManifestValidator.Validate(form);
+
+        Assert.False(result.Succeeded);
+        Assert.Contains(result.Issues, issue => issue.Message.Contains("ambiguous", StringComparison.OrdinalIgnoreCase));
+    }
+
+    [Fact]
+    public void Validate_ReportsUnknownFilterFieldsWhenSchemaIsAvailable()
+    {
+        FormDefinition form = CreateForm([
+            new DbActionStep(DbActionKind.ApplyFilter, Target: "form", Value: "[MissingStatus] = 'Open'"),
+        ]);
+        var schema = new FormTableDefinition(
+            "Orders",
+            "orders:v1",
+            [new FormFieldDefinition("Status", FieldDataType.String, IsNullable: false, IsReadOnly: false)],
+            PrimaryKey: [],
+            ForeignKeys: []);
+
+        FormActionValidationResult result = FormActionManifestValidator.Validate(
+            form,
+            new FormActionValidationOptions(
+                RuntimeCapabilities: FormActionRuntimeCapabilities.RenderedForm,
+                Schema: schema));
+
+        Assert.False(result.Succeeded);
+        Assert.Contains(result.Issues, issue => issue.Message.Contains("unknown field 'MissingStatus'", StringComparison.OrdinalIgnoreCase));
+    }
+
+    private static FormDefinition CreateForm(
+        IReadOnlyList<DbActionStep> steps,
+        IReadOnlyList<DbActionSequence>? actionSequences = null,
+        IReadOnlyList<ControlRuleDefinition>? rules = null)
+        => new(
+            "orders-form",
+            "Orders Form",
+            "Orders",
+            DefinitionVersion: 1,
+            SourceSchemaSignature: "orders:v1",
+            Layout: new LayoutDefinition("absolute", 8, SnapToGrid: false, []),
+            Controls:
+            [
+                new ControlDefinition(
+                    "ordersGrid",
+                    "childDataGrid",
+                    new Rect(0, 0, 300, 120),
+                    Binding: null,
+                    Props: new PropertyBag(new Dictionary<string, object?>()),
+                    ValidationOverride: null),
+            ],
+            EventBindings:
+            [
+                new FormEventBinding(
+                    FormEventKind.OnLoad,
+                    string.Empty,
+                    ActionSequence: new DbActionSequence(steps, "LoadActions")),
+            ],
+            ActionSequences: actionSequences,
+            Rules: rules);
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Services/FormChoiceResolverTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Services/FormChoiceResolverTests.cs
new file mode 100644
index 00000000..e45d7771
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Services/FormChoiceResolverTests.cs
@@ -0,0 +1,72 @@
+using System.Text.Json;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Forms.Tests.Services;
+
+public sealed class FormChoiceResolverTests
+{
+    [Fact]
+    public void ResolveChoices_PrefersStaticOptionsFromPropertyBag()
+    {
+        var control = new ControlDefinition(
+            "status",
+            "comboBox",
+            new Rect(0, 0, 200, 32),
+            new BindingDefinition("Status", "TwoWay"),
+            new PropertyBag(new Dictionary<string, object?>
+            {
+                ["options"] = new object?[]
+                {
+                    new Dictionary<string, object?> { ["value"] = "A", ["label"] = "Active" },
+                },
+            }),
+            null);
+        var runtimeChoices = new Dictionary<string, IReadOnlyList<EnumChoice>>
+        {
+            ["Status"] = [new EnumChoice("I", "Inactive")],
+        };
+
+        IReadOnlyList<EnumChoice> choices = FormChoiceResolver.ResolveChoices(control, "Status", runtimeChoices);
+
+        EnumChoice choice = Assert.Single(choices);
+        Assert.Equal("A", choice.Value);
+        Assert.Equal("Active", choice.Label);
+    }
+
+    [Fact]
+    public void BuildLookupChoices_UsesConfiguredDisplayFields()
+    {
+        var rows = new[]
+        {
+            new Dictionary<string, object?>
+            {
+                ["Id"] = 7L,
+                ["Code"] = "ALP",
+                ["Name"] = "Alpha",
+            },
+        };
+
+        IReadOnlyList<EnumChoice> choices = FormChoiceResolver.BuildLookupChoices(rows, "Id", "Name", ["Code", "Name"]);
+
+        EnumChoice choice = Assert.Single(choices);
+        Assert.Equal("7", choice.Value);
+        Assert.Equal("ALP - Alpha", choice.Label);
+    }
+
+    [Fact]
+    public void ReadOptions_HandlesJsonElementArrays()
+    {
+        using JsonDocument document = JsonDocument.Parse(
+            """
+            [{"value":"1","label":"One"}]
+            """);
+
+        IReadOnlyList<EnumChoice> choices = FormChoiceResolver.ReadOptions(document.RootElement);
+
+        EnumChoice choice = Assert.Single(choices);
+        Assert.Equal("1", choice.Value);
+        Assert.Equal("One", choice.Label);
+    }
+}
diff --git a/tests/CSharpDB.Admin.Forms.Tests/Services/FormControlRegistryTests.cs b/tests/CSharpDB.Admin.Forms.Tests/Services/FormControlRegistryTests.cs
new file mode 100644
index 00000000..5a98b6a6
--- /dev/null
+++ b/tests/CSharpDB.Admin.Forms.Tests/Services/FormControlRegistryTests.cs
@@ -0,0 +1,172 @@
+using CSharpDB.Admin.Forms.Contracts;
+using CSharpDB.Admin.Forms.Models;
+using CSharpDB.Admin.Forms.Services;
+using Microsoft.AspNetCore.Components;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace CSharpDB.Admin.Forms.Tests.Services;
+
+public sealed class FormControlRegistryTests
+{
+    [Fact]
+    public void AddCSharpDbAdminForms_SeedsBuiltInControls()
+    {
+        IFormControlRegistry registry = CreateRegistry();
+
+        Assert.Contains(registry.Controls, control => control.ControlType == "comboBox" && control.IsBuiltIn);
+        Assert.Contains(registry.Controls, control => control.ControlType == "listBox" && control.IsBuiltIn);
+        Assert.Contains(registry.Controls, control => control.ControlType == "optionGroup" && control.IsBuiltIn);
+        Assert.Contains(registry.Controls, control => control.ControlType == "toggleButton" && control.IsBuiltIn);
+        Assert.Contains(registry.Controls, control => control.ControlType == "tabControl" && control.IsBuiltIn);
+        Assert.Contains(registry.Controls, control => control.ControlType == "subform" && control.IsBuiltIn);
+        Assert.Contains(registry.Controls, control => control.ControlType == "attachment" && control.IsBuiltIn);
+        Assert.Contains(registry.Controls, control => control.ControlType == "image" && control.IsBuiltIn);
+    }
+
+    [Fact]
+    public void AddCSharpDbAdminFormControls_AddsCustomControlDescriptor()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(CreateRatingDescriptor()));
+
+        Assert.True(registry.TryGetControl("RATING", out FormControlDescriptor descriptor));
+        Assert.Equal("rating", descriptor.ControlType);
+        Assert.Equal("Rating", descriptor.DisplayName);
+        Assert.Equal("Custom", descriptor.ToolboxGroup);
+        Assert.Equal(180, descriptor.DefaultWidth);
+        Assert.Equal(42, descriptor.DefaultHeight);
+        Assert.Equal(typeof(RatingRuntimeComponent), descriptor.RuntimeComponentType);
+        Assert.Equal("star", descriptor.CreateDefaultProps()["displayMode"]);
+        Assert.Contains(registry.GetToolboxControls(), control => control.ControlType == "rating");
+    }
+
+    [Fact]
+    public void CreateDefaultProps_ClonesNestedDefaults()
+    {
+        var descriptor = new FormControlDescriptor
+        {
+            ControlType = "compound",
+            DisplayName = "Compound",
+            DefaultProps = new Dictionary<string, object?>
+            {
+                ["items"] = new object?[]
+                {
+                    new Dictionary<string, object?> { ["label"] = "One" },
+                },
+            },
+        };
+
+        Dictionary<string, object?> first = descriptor.CreateDefaultProps();
+        Dictionary<string, object?> second = descriptor.CreateDefaultProps();
+
+        Assert.NotSame(first["items"], second["items"]);
+        var firstItems = Assert.IsType<object?[]>(first["items"]);
+        var secondItems = Assert.IsType<object?[]>(second["items"]);
+        Assert.NotSame(firstItems[0], secondItems[0]);
+    }
+
+    [Fact]
+    public void DuplicateControlType_ThrowsWhenRegistryIsResolved()
+    {
+        var services = new ServiceCollection();
+        services.AddCSharpDbAdminForms();
+        services.AddCSharpDbAdminFormControls(builder => builder.Add(new FormControlDescriptor
+        {
+            ControlType = "text",
+            DisplayName = "Text Replacement",
+        }));
+
+        using ServiceProvider provider = services.BuildServiceProvider();
+        Assert.Throws<InvalidOperationException>(() => provider.GetRequiredService<IFormControlRegistry>());
+    }
+
+    [Fact]
+    public void ReplaceBuiltInRuntime_RequiresExplicitOptIn()
+    {
+        var services = new ServiceCollection();
+        services.AddCSharpDbAdminForms();
+        services.AddCSharpDbAdminFormControls(builder => builder.Add(new FormControlDescriptor
+        {
+            ControlType = "text",
+            DisplayName = "Text Replacement",
+            RuntimeComponentType = typeof(RatingRuntimeComponent),
+        }));
+
+        using ServiceProvider provider = services.BuildServiceProvider();
+        Assert.Throws<InvalidOperationException>(() => provider.GetRequiredService<IFormControlRegistry>());
+    }
+
+    [Fact]
+    public void ReplaceBuiltInRuntime_UpdatesBuiltInDescriptorWhenOptedIn()
+    {
+        IFormControlRegistry registry = CreateRegistry(builder => builder.Add(new FormControlDescriptor
+        {
+            ControlType = "text",
+            DisplayName = "Text Replacement",
+            RuntimeComponentType = typeof(RatingRuntimeComponent),
+            ReplaceBuiltInRuntime = true,
+        }));
+
+        Assert.True(registry.TryGetControl("text", out FormControlDescriptor descriptor));
+        Assert.True(descriptor.IsBuiltIn);
+        Assert.True(descriptor.ReplaceBuiltInRuntime);
+        Assert.Equal(typeof(RatingRuntimeComponent), descriptor.RuntimeComponentType);
+        Assert.Equal("Text", descriptor.DisplayName);
+    }
+
+    [Fact]
+    public void InvalidComponentType_IsRejected()
+    {
+        var services = new ServiceCollection();
+        services.AddCSharpDbAdminForms();
+        services.AddCSharpDbAdminFormControls(builder => builder.Add(new FormControlDescriptor
+        {
+            ControlType = "invalid",
+            DisplayName = "Invalid",
+            RuntimeComponentType = typeof(string),
+        }));
+
+        using ServiceProvider provider = services.BuildServiceProvider();
+        Assert.Throws<ArgumentException>(() => provider.GetRequiredService<IFormControlRegistry>());
+    }
+
+    private static IFormControlRegistry CreateRegistry(Action<FormControlRegistryBuilder>? configure = null)
+    {
+        var services = new ServiceCollection();
+        services.AddCSharpDbAdminForms();
+        if (configure is not null)
+            services.AddCSharpDbAdminFormControls(configure);
+
+        using ServiceProvider provider = services.BuildServiceProvider();
+        return provider.GetRequiredService<IFormControlRegistry>();
+    }
+
+    private static FormControlDescriptor CreateRatingDescriptor()
+        => new()
+        {
+            ControlType = "rating",
+            DisplayName = "Rating",
+            ToolboxGroup = "Custom",
+            IconText = "*",
+            DefaultWidth = 180,
+            DefaultHeight = 42,
+            SupportsBinding = true,
+            ParticipatesInTabOrder = true,
+            DefaultProps = new Dictionary<string, object?> { ["displayMode"] = "star" },
+            RuntimeComponentType = typeof(RatingRuntimeComponent),
+            PropertyDescriptors =
+            [
+                new FormControlPropertyDescriptor
+                {
+                    Name = "max",
+                    Label = "Max",
+                    Editor = FormControlPropertyEditor.Number,
+                    DefaultValue = 5L,
+                },
+            ],
+        };
+
+    private sealed class RatingRuntimeComponent : ComponentBase
+    {
+        [Parameter] public FormControlRuntimeContext Context { get; set; } = default!;
+    }
+}
diff --git a/tests/CSharpDB.Admin.Reports.Tests/Services/DbReportRepositoryTests.cs b/tests/CSharpDB.Admin.Reports.Tests/Services/DbReportRepositoryTests.cs
index 50962d8b..70c3a06e 100644
--- a/tests/CSharpDB.Admin.Reports.Tests/Services/DbReportRepositoryTests.cs
+++ b/tests/CSharpDB.Admin.Reports.Tests/Services/DbReportRepositoryTests.cs
@@ -2,6 +2,7 @@
 using CSharpDB.Admin.Reports.Models;
 using CSharpDB.Admin.Reports.Services;
 using CSharpDB.Admin.Reports.Serialization;
+using CSharpDB.Primitives;
 using System.Text.Json;
 
 namespace CSharpDB.Admin.Reports.Tests.Services;
@@ -46,6 +47,48 @@ public async Task CreateAsync_GeneratesReportIdAndNormalizesName()
         Assert.Equal(1, created.DefinitionVersion);
     }
 
+    [Fact]
+    public async Task CreateAsync_StoresGeneratedAutomationMetadata()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        var repository = new DbReportRepository(db.Client);
+
+        ReportDefinition created = await repository.CreateAsync(CreateReport("r-auto", ReportSourceKind.Table, "Orders", "Order Report", "sig:orders:v1") with
+        {
+            EventBindings =
+            [
+                new ReportEventBinding(ReportEventKind.BeforeRender, "PrepareReport"),
+            ],
+            Bands =
+            [
+                new ReportBandDefinition(
+                    "detail",
+                    ReportBandKind.Detail,
+                    28,
+                    null,
+                    [
+                        new ReportControlDefinition(
+                            "total",
+                            ReportControlType.CalculatedText,
+                            "detail",
+                            new Rect(0, 0, 120, 24),
+                            null,
+                            "=FormatTotal(Total)",
+                            null,
+                            new PropertyBag(new Dictionary<string, object?>())),
+                    ]),
+            ],
+        });
+        ReportDefinition loaded = (await repository.GetAsync(created.ReportId))!;
+
+        Assert.NotNull(created.Automation);
+        Assert.NotNull(loaded.Automation);
+        Assert.Contains(loaded.Automation!.Commands!, command => command.Name == "PrepareReport");
+        DbAutomationScalarFunctionReference function = Assert.Single(loaded.Automation.ScalarFunctions!);
+        Assert.Equal("FormatTotal", function.Name);
+        Assert.Equal(1, function.Arity);
+    }
+
     [Fact]
     public async Task TryUpdateAsync_CorrectVersion_UpdatesAndIncrementsVersion()
     {
diff --git a/tests/CSharpDB.Admin.Reports.Tests/Services/DefaultReportEventDispatcherTests.cs b/tests/CSharpDB.Admin.Reports.Tests/Services/DefaultReportEventDispatcherTests.cs
new file mode 100644
index 00000000..51137ae2
--- /dev/null
+++ b/tests/CSharpDB.Admin.Reports.Tests/Services/DefaultReportEventDispatcherTests.cs
@@ -0,0 +1,115 @@
+using CSharpDB.Admin.Reports.Contracts;
+using CSharpDB.Admin.Reports.Models;
+using CSharpDB.Admin.Reports.Services;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Reports.Tests.Services;
+
+public sealed class DefaultReportEventDispatcherTests
+{
+    [Fact]
+    public async Task DispatchAsync_InvokesMatchingCommandsWithRuntimeArgumentsAndMetadata()
+    {
+        DbCommandContext? captured = null;
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("AuditReport", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+
+        var dispatcher = new DefaultReportEventDispatcher(commands);
+        ReportDefinition report = CreateReport([
+            new ReportEventBinding(
+                ReportEventKind.BeforeRender,
+                "AuditReport",
+                new Dictionary<string, object?> { ["Source"] = "configured" }),
+        ]);
+
+        ReportEventDispatchResult result = await dispatcher.DispatchAsync(
+            report,
+            CreateSource(),
+            ReportEventKind.BeforeRender,
+            new Dictionary<string, object?> { ["RowCount"] = 4, ["Source"] = "runtime" },
+            TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        Assert.NotNull(captured);
+        Assert.Equal("AdminReports", captured!.Metadata["surface"]);
+        Assert.Equal("sales-report", captured.Metadata["reportId"]);
+        Assert.Equal("Sales", captured.Metadata["sourceName"]);
+        Assert.Equal("BeforeRender", captured.Metadata["event"]);
+        Assert.Equal(4, captured.Arguments["RowCount"].AsInteger);
+        Assert.Equal("configured", captured.Arguments["Source"].AsText);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_StopsOnCommandFailureByDefault()
+    {
+        var commands = DbCommandRegistry.Create(builder =>
+            builder.AddCommand("Reject", _ => DbCommandResult.Failure("Report rejected.")));
+        var dispatcher = new DefaultReportEventDispatcher(commands);
+        ReportDefinition report = CreateReport([new ReportEventBinding(ReportEventKind.OnOpen, "Reject")]);
+
+        ReportEventDispatchResult result = await dispatcher.DispatchAsync(
+            report,
+            CreateSource(),
+            ReportEventKind.OnOpen,
+            ct: TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        Assert.Equal("Report rejected.", result.Message);
+    }
+
+    [Fact]
+    public async Task DispatchAsync_ReturnsFailureWhenCommandTimesOut()
+    {
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddAsyncCommand(
+                "SlowReport",
+                new DbCommandOptions(Timeout: TimeSpan.FromMilliseconds(10)),
+                static async (_, ct) =>
+                {
+                    await Task.Delay(TimeSpan.FromSeconds(5), ct);
+                    return DbCommandResult.Success();
+                });
+        });
+        var dispatcher = new DefaultReportEventDispatcher(commands);
+        ReportDefinition report = CreateReport([new ReportEventBinding(ReportEventKind.OnOpen, "SlowReport")]);
+
+        ReportEventDispatchResult result = await dispatcher.DispatchAsync(
+            report,
+            CreateSource(),
+            ReportEventKind.OnOpen,
+            ct: TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        Assert.Contains("SlowReport", result.Message);
+        Assert.Contains("timed out", result.Message);
+    }
+
+    private static ReportDefinition CreateReport(IReadOnlyList<ReportEventBinding> eventBindings)
+        => new(
+            "sales-report",
+            "Sales Report",
+            new ReportSourceReference(ReportSourceKind.Table, "Sales"),
+            DefinitionVersion: 1,
+            SourceSchemaSignature: "sales:v1",
+            PageSettings: ReportPageSettings.DefaultLetterPortrait,
+            Groups: [],
+            Sorts: [],
+            Bands: [],
+            EventBindings: eventBindings);
+
+    private static ReportSourceDefinition CreateSource()
+        => new(
+            ReportSourceKind.Table,
+            "Sales",
+            "Sales",
+            "SELECT * FROM Sales",
+            "sales:v1",
+            []);
+}
diff --git a/tests/CSharpDB.Admin.Reports.Tests/Services/DefaultReportPreviewServiceTests.cs b/tests/CSharpDB.Admin.Reports.Tests/Services/DefaultReportPreviewServiceTests.cs
index eb3c26ad..edf94902 100644
--- a/tests/CSharpDB.Admin.Reports.Tests/Services/DefaultReportPreviewServiceTests.cs
+++ b/tests/CSharpDB.Admin.Reports.Tests/Services/DefaultReportPreviewServiceTests.cs
@@ -1,6 +1,7 @@
 using System.Text;
 using CSharpDB.Admin.Reports.Models;
 using CSharpDB.Admin.Reports.Services;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Admin.Reports.Tests.Services;
 
@@ -70,6 +71,74 @@ public async Task BuildPreviewAsync_PageCapSetsTruncationWarning()
         Assert.Contains("250 pages", result.WarningMessage, StringComparison.OrdinalIgnoreCase);
     }
 
+    [Fact]
+    public async Task BuildPreviewAsync_DispatchesReportLifecycleEvents()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await CreateSalesSchemaAsync(db);
+        var provider = new DbReportSourceProvider(db.Client);
+        var generator = new DefaultReportGenerator();
+        var source = (await provider.GetSourceDefinitionAsync(new ReportSourceReference(ReportSourceKind.Table, "Sales")))!;
+        var captured = new List<DbCommandContext>();
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("RecordReportEvent", context =>
+            {
+                captured.Add(context);
+                return DbCommandResult.Success();
+            });
+        });
+        var previewService = new DefaultReportPreviewService(
+            db.Client,
+            provider,
+            reportEvents: new DefaultReportEventDispatcher(commands));
+
+        ReportDefinition report = generator.GenerateDefault(source) with
+        {
+            EventBindings =
+            [
+                new ReportEventBinding(ReportEventKind.OnOpen, "RecordReportEvent"),
+                new ReportEventBinding(ReportEventKind.BeforeRender, "RecordReportEvent", new Dictionary<string, object?> { ["configured"] = "yes" }),
+                new ReportEventBinding(ReportEventKind.AfterRender, "RecordReportEvent"),
+            ],
+        };
+
+        ReportPreviewResult result = await previewService.BuildPreviewAsync(report, TestContext.Current.CancellationToken);
+
+        Assert.Equal(4, result.TotalRows);
+        Assert.Equal(["OnOpen", "BeforeRender", "AfterRender"], captured.Select(context => context.Metadata["event"]).ToArray());
+        Assert.All(captured, context => Assert.Equal("AdminReports", context.Metadata["surface"]));
+        Assert.Equal(4, captured[1].Arguments["rowCount"].AsInteger);
+        Assert.Equal("yes", captured[1].Arguments["configured"].AsText);
+        Assert.Equal(result.Pages.Count, captured[2].Arguments["pageCount"].AsInteger);
+        Assert.Equal(0, captured[2].Arguments["hasSchemaDrift"].AsInteger);
+    }
+
+    [Fact]
+    public async Task BuildPreviewAsync_FailsWhenReportEventCommandFails()
+    {
+        await using var db = await TestDatabaseScope.CreateAsync();
+        await CreateSalesSchemaAsync(db);
+        var provider = new DbReportSourceProvider(db.Client);
+        var generator = new DefaultReportGenerator();
+        var source = (await provider.GetSourceDefinitionAsync(new ReportSourceReference(ReportSourceKind.Table, "Sales")))!;
+        var commands = DbCommandRegistry.Create(builder =>
+            builder.AddCommand("RejectReport", _ => DbCommandResult.Failure("Rejected by host command.")));
+        var previewService = new DefaultReportPreviewService(
+            db.Client,
+            provider,
+            reportEvents: new DefaultReportEventDispatcher(commands));
+
+        ReportDefinition report = generator.GenerateDefault(source) with
+        {
+            EventBindings = [new ReportEventBinding(ReportEventKind.OnOpen, "RejectReport")],
+        };
+
+        InvalidOperationException ex = await Assert.ThrowsAsync<InvalidOperationException>(
+            () => previewService.BuildPreviewAsync(report, TestContext.Current.CancellationToken));
+        Assert.Contains("Rejected by host command.", ex.Message);
+    }
+
     private static async Task CreateSalesSchemaAsync(TestDatabaseScope db)
     {
         await db.ExecuteAsync(
diff --git a/tests/CSharpDB.Admin.Reports.Tests/Services/ReportFormulaEvaluatorFunctionTests.cs b/tests/CSharpDB.Admin.Reports.Tests/Services/ReportFormulaEvaluatorFunctionTests.cs
new file mode 100644
index 00000000..dfd73870
--- /dev/null
+++ b/tests/CSharpDB.Admin.Reports.Tests/Services/ReportFormulaEvaluatorFunctionTests.cs
@@ -0,0 +1,46 @@
+using CSharpDB.Admin.Reports.Services;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Admin.Reports.Tests.Services;
+
+public sealed class ReportFormulaEvaluatorFunctionTests
+{
+    [Fact]
+    public void EvaluateNumeric_CallsRegisteredFunction()
+    {
+        var registry = DbFunctionRegistry.Create(functions =>
+            functions.AddScalar(
+                "Discount",
+                2,
+                new DbScalarFunctionOptions(DbType.Real, IsDeterministic: true, NullPropagating: true),
+                static (_, args) => DbValue.FromReal(args[0].AsReal - args[1].AsReal)));
+
+        double? value = ReportFormulaEvaluator.EvaluateNumeric("=Discount(Total, 2)", field => field switch
+        {
+            "Total" => 10.0,
+            _ => null,
+        }, registry);
+
+        Assert.Equal(8.0, value);
+    }
+
+    [Fact]
+    public void TryEvaluateScalar_ReturnsTextFunctionValue()
+    {
+        var registry = DbFunctionRegistry.Create(functions =>
+            functions.AddScalar(
+                "Labelize",
+                1,
+                new DbScalarFunctionOptions(DbType.Text, IsDeterministic: true, NullPropagating: true),
+                static (_, args) => DbValue.FromText($"Item: {args[0].AsText}")));
+
+        bool evaluated = ReportFormulaEvaluator.TryEvaluateScalar(
+            "=Labelize(Name)",
+            field => field == "Name" ? "Widget" : null,
+            registry,
+            out object? value);
+
+        Assert.True(evaluated);
+        Assert.Equal("Item: Widget", value);
+    }
+}
diff --git a/tests/CSharpDB.Api.Tests/HttpTransportClientTests.cs b/tests/CSharpDB.Api.Tests/HttpTransportClientTests.cs
index 49571e4e..7386ebc5 100644
--- a/tests/CSharpDB.Api.Tests/HttpTransportClientTests.cs
+++ b/tests/CSharpDB.Api.Tests/HttpTransportClientTests.cs
@@ -106,13 +106,16 @@ public async Task HttpTransport_SupportsTransactionsCollectionsSavedQueriesAndCh
         Assert.True(await _client.DeleteDocumentAsync("profiles", "user-1", Ct));
         Assert.Null(await _client.GetDocumentAsync("profiles", "user-1", Ct));
         Assert.False(await _client.DeleteDocumentAsync("profiles", "missing", Ct));
+        await _client.DropCollectionAsync("profiles", Ct);
+        collections = await _client.GetCollectionNamesAsync(Ct);
+        Assert.DoesNotContain("profiles", collections);
 
         await _client.CheckpointAsync(Ct);
 
         var info = await _client.GetInfoAsync(Ct);
         Assert.True(info.TableCount >= 1);
         Assert.True(info.SavedQueryCount >= 1);
-        Assert.True(info.CollectionCount >= 1);
+        Assert.Equal(0, info.CollectionCount);
     }
 
     [Fact]
diff --git a/tests/CSharpDB.Api.Tests/ProcedureApiTests.cs b/tests/CSharpDB.Api.Tests/ProcedureApiTests.cs
index 73505b2c..de3454a5 100644
--- a/tests/CSharpDB.Api.Tests/ProcedureApiTests.cs
+++ b/tests/CSharpDB.Api.Tests/ProcedureApiTests.cs
@@ -88,7 +88,7 @@ public async Task ExecuteProcedure_ValidationError_ReturnsBadRequestWithStructur
     }
 
     [Fact]
-    public async Task ExecuteProcedure_BlobBindingError_ReturnsBadRequestWithStructuredPayload()
+    public async Task ExecuteProcedure_BlobParameter_TablelessSelectReturnsPayload()
     {
         var create = new CreateProcedureRequest(
             Name: "BlobProc",
@@ -101,11 +101,13 @@ public async Task ExecuteProcedure_BlobBindingError_ReturnsBadRequestWithStructu
             new ExecuteProcedureRequest(new Dictionary<string, object?> { ["payload"] = "AQID" }),
             Ct);
 
-        Assert.Equal(HttpStatusCode.BadRequest, execResp.StatusCode);
+        Assert.Equal(HttpStatusCode.OK, execResp.StatusCode);
         var payload = await execResp.Content.ReadFromJsonAsync<ProcedureExecutionResponse>(Ct);
         Assert.NotNull(payload);
-        Assert.False(payload.Succeeded);
-        Assert.Contains("BLOB", payload.Error ?? string.Empty, StringComparison.OrdinalIgnoreCase);
+        Assert.True(payload.Succeeded);
+        var statement = Assert.Single(payload.Statements);
+        var row = Assert.Single(statement.Rows!);
+        Assert.Equal("AQID", Assert.Single(row.Values)?.ToString());
     }
 
     [Fact]
diff --git a/tests/CSharpDB.Daemon.Tests/GrpcClientTests.cs b/tests/CSharpDB.Daemon.Tests/GrpcClientTests.cs
index b482a475..919678cc 100644
--- a/tests/CSharpDB.Daemon.Tests/GrpcClientTests.cs
+++ b/tests/CSharpDB.Daemon.Tests/GrpcClientTests.cs
@@ -274,6 +274,9 @@ public async Task GrpcClient_Collections_RoundTripNestedDocuments()
         Assert.Single(browse.Documents);
         Assert.Equal("doc-1", browse.Documents[0].Key);
         Assert.Equal("proto", browse.Documents[0].Document.GetProperty("tags")[1].GetString());
+
+        await client.DropCollectionAsync("grpc_docs", Ct);
+        Assert.DoesNotContain("grpc_docs", await client.GetCollectionNamesAsync(Ct));
     }
 
     [Fact]
diff --git a/tests/CSharpDB.ExtensionSandbox.Worker/CSharpDB.ExtensionSandbox.Worker.csproj b/tests/CSharpDB.ExtensionSandbox.Worker/CSharpDB.ExtensionSandbox.Worker.csproj
new file mode 100644
index 00000000..e1645b65
--- /dev/null
+++ b/tests/CSharpDB.ExtensionSandbox.Worker/CSharpDB.ExtensionSandbox.Worker.csproj
@@ -0,0 +1,11 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <IsPackable>false</IsPackable>
+  </PropertyGroup>
+
+</Project>
diff --git a/tests/CSharpDB.ExtensionSandbox.Worker/Program.cs b/tests/CSharpDB.ExtensionSandbox.Worker/Program.cs
new file mode 100644
index 00000000..7e183284
--- /dev/null
+++ b/tests/CSharpDB.ExtensionSandbox.Worker/Program.cs
@@ -0,0 +1,141 @@
+using System.Text.Json;
+
+int exitCode = 0;
+string? line;
+while ((line = await Console.In.ReadLineAsync()) is not null)
+{
+    if (string.IsNullOrWhiteSpace(line))
+        continue;
+
+    WorkerRequest? request;
+    try
+    {
+        request = JsonSerializer.Deserialize<WorkerRequest>(
+            line,
+            WorkerJson.Options);
+    }
+    catch (Exception ex)
+    {
+        await Console.Error.WriteLineAsync(ex.Message);
+        return 2;
+    }
+
+    if (request is null)
+        return 2;
+
+    try
+    {
+        WorkerResponse response = request.Name switch
+        {
+            "Echo" => Echo(request),
+            "Sleep" => await SleepAsync(request),
+            "AllocateMemory" => await AllocateMemoryAsync(request),
+            "Crash" => Crash(),
+            _ => new WorkerResponse(
+                Succeeded: false,
+                Message: $"Unknown command '{request.Name}'.",
+                ErrorCode: "UnknownCommand"),
+        };
+
+        await Console.Out.WriteLineAsync(JsonSerializer.Serialize(response, WorkerJson.Options));
+        exitCode = response.Succeeded ? 0 : 3;
+    }
+    catch (Exception ex)
+    {
+        await Console.Error.WriteLineAsync(ex.ToString());
+        return 1;
+    }
+}
+
+return exitCode;
+
+static WorkerResponse Echo(WorkerRequest request)
+{
+    string? message = request.Arguments is not null &&
+        request.Arguments.TryGetValue("message", out JsonElement value) &&
+        value.ValueKind == JsonValueKind.String
+            ? value.GetString()
+            : null;
+
+    return new WorkerResponse(
+        Succeeded: true,
+        Message: "Echo completed.",
+        Value: JsonSerializer.SerializeToElement(message, WorkerJson.Options));
+}
+
+static async Task<WorkerResponse> SleepAsync(WorkerRequest request)
+{
+    int delayMs = 250;
+    if (request.Arguments is not null &&
+        request.Arguments.TryGetValue("delayMs", out JsonElement value) &&
+        value.ValueKind == JsonValueKind.Number &&
+        value.TryGetInt32(out int parsedDelayMs))
+    {
+        delayMs = parsedDelayMs;
+    }
+
+    await Task.Delay(delayMs);
+    return new WorkerResponse(
+        Succeeded: true,
+        Message: $"Slept for {delayMs}ms.",
+        Value: JsonSerializer.SerializeToElement(delayMs, WorkerJson.Options));
+}
+
+static async Task<WorkerResponse> AllocateMemoryAsync(WorkerRequest request)
+{
+    int megabytes = ReadInt32Argument(request, "megabytes", 64);
+    int holdMs = ReadInt32Argument(request, "holdMs", 250);
+    if (megabytes <= 0)
+    {
+        return new WorkerResponse(
+            Succeeded: false,
+            Message: "megabytes must be greater than zero.",
+            ErrorCode: "InvalidArgument");
+    }
+
+    byte[] buffer = GC.AllocateUninitializedArray<byte>(checked(megabytes * 1024 * 1024));
+    for (int i = 0; i < buffer.Length; i += 4096)
+        buffer[i] = 1;
+
+    await Task.Delay(Math.Max(holdMs, 0));
+    return new WorkerResponse(
+        Succeeded: true,
+        Message: $"Allocated {megabytes}MB.",
+        Value: JsonSerializer.SerializeToElement(megabytes, WorkerJson.Options));
+}
+
+static WorkerResponse Crash()
+{
+    Environment.Exit(42);
+    return new WorkerResponse(false, "unreachable", ErrorCode: "Unreachable");
+}
+
+static int ReadInt32Argument(WorkerRequest request, string name, int defaultValue)
+{
+    if (request.Arguments is not null &&
+        request.Arguments.TryGetValue(name, out JsonElement value) &&
+        value.ValueKind == JsonValueKind.Number &&
+        value.TryGetInt32(out int parsedValue))
+    {
+        return parsedValue;
+    }
+
+    return defaultValue;
+}
+
+internal sealed record WorkerRequest(
+    string Kind,
+    string Name,
+    Dictionary<string, JsonElement>? Arguments,
+    Dictionary<string, string>? Metadata);
+
+internal sealed record WorkerResponse(
+    bool Succeeded,
+    string? Message = null,
+    JsonElement? Value = null,
+    string? ErrorCode = null);
+
+internal static class WorkerJson
+{
+    public static readonly JsonSerializerOptions Options = new(JsonSerializerDefaults.Web);
+}
diff --git a/tests/CSharpDB.Pipelines.Tests/PipelineOrchestratorTests.cs b/tests/CSharpDB.Pipelines.Tests/PipelineOrchestratorTests.cs
index 74979b0b..51f6ef2e 100644
--- a/tests/CSharpDB.Pipelines.Tests/PipelineOrchestratorTests.cs
+++ b/tests/CSharpDB.Pipelines.Tests/PipelineOrchestratorTests.cs
@@ -1,6 +1,7 @@
 using System.Runtime.CompilerServices;
 using CSharpDB.Pipelines.Models;
 using CSharpDB.Pipelines.Runtime;
+using CSharpDB.Primitives;
 
 namespace CSharpDB.Pipelines.Tests;
 
@@ -238,9 +239,181 @@ public async Task ExecuteAsync_SkipBadRows_RespectsMaxRejects()
         Assert.Equal(1, checkpointStore.Saved[0].BatchNumber);
     }
 
+    [Fact]
+    public async Task ExecuteAsync_RunMode_DispatchesCommandHooksWithMetricsAndMetadata()
+    {
+        CancellationToken ct = TestContext.Current.CancellationToken;
+        var source = new FakeSource(
+        [
+            CreateBatch(1, 1, 2),
+            CreateBatch(2, 3),
+        ]);
+        var captured = new List<DbCommandContext>();
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("RecordHook", context =>
+            {
+                captured.Add(context);
+                return DbCommandResult.Success();
+            });
+        });
+        var orchestrator = new PipelineOrchestrator(
+            new FakeComponentFactory(source, new FakeDestination(), []),
+            new RecordingCheckpointStore(),
+            new RecordingRunLogger(),
+            commands);
+
+        PipelineRunResult result = await orchestrator.ExecuteAsync(new PipelineRunRequest
+        {
+            Package = CreatePackage(hooks:
+            [
+                new PipelineCommandHookDefinition
+                {
+                    Event = PipelineCommandHookEvent.OnRunStarted,
+                    CommandName = "RecordHook",
+                    Arguments = new Dictionary<string, object?> { ["configured"] = "start" },
+                },
+                new PipelineCommandHookDefinition
+                {
+                    Event = PipelineCommandHookEvent.OnBatchCompleted,
+                    CommandName = "RecordHook",
+                },
+                new PipelineCommandHookDefinition
+                {
+                    Event = PipelineCommandHookEvent.OnRunSucceeded,
+                    CommandName = "RecordHook",
+                },
+            ]),
+            Mode = PipelineExecutionMode.Run,
+        }, ct);
+
+        Assert.Equal(PipelineRunStatus.Succeeded, result.Status);
+        Assert.Equal(["OnRunStarted", "OnBatchCompleted", "OnBatchCompleted", "OnRunSucceeded"], captured.Select(context => context.Metadata["event"]).ToArray());
+        Assert.All(captured, context => Assert.Equal("Pipelines", context.Metadata["surface"]));
+        Assert.Equal("start", captured[0].Arguments["configured"].AsText);
+        Assert.Equal(2, captured[1].Arguments["rowsRead"].AsInteger);
+        Assert.Equal(2, captured[1].Arguments["rowsWritten"].AsInteger);
+        Assert.Equal(1, captured[1].Arguments["batchNumber"].AsInteger);
+        Assert.Equal(3, captured[2].Arguments["rowsRead"].AsInteger);
+        Assert.Equal("Succeeded", captured[3].Arguments["status"].AsText);
+    }
+
+    [Fact]
+    public async Task ExecuteAsync_OnRunFailedHookRunsWhenPipelineFails()
+    {
+        CancellationToken ct = TestContext.Current.CancellationToken;
+        var source = new FakeSource([CreateBatch(3, 41, 42)]);
+        var transform = new ThrowingTransform("cast", "Cannot parse integer.");
+        DbCommandContext? captured = null;
+        var commands = DbCommandRegistry.Create(builder =>
+        {
+            builder.AddCommand("RecordFailure", context =>
+            {
+                captured = context;
+                return DbCommandResult.Success();
+            });
+        });
+        var orchestrator = new PipelineOrchestrator(
+            new FakeComponentFactory(source, new FakeDestination(), [transform]),
+            new RecordingCheckpointStore(),
+            new RecordingRunLogger(),
+            commands);
+
+        PipelineRunResult result = await orchestrator.ExecuteAsync(new PipelineRunRequest
+        {
+            Package = CreatePackage(
+                errorMode: PipelineErrorMode.FailFast,
+                hooks:
+                [
+                    new PipelineCommandHookDefinition
+                    {
+                        Event = PipelineCommandHookEvent.OnRunFailed,
+                        CommandName = "RecordFailure",
+                    },
+                ]),
+            Mode = PipelineExecutionMode.Run,
+        }, ct);
+
+        Assert.Equal(PipelineRunStatus.Failed, result.Status);
+        Assert.NotNull(captured);
+        Assert.Equal("OnRunFailed", captured!.Metadata["event"]);
+        Assert.Equal("Failed", captured.Arguments["status"].AsText);
+        Assert.Contains("Cannot parse integer.", captured.Arguments["errorSummary"].AsText);
+    }
+
+    [Fact]
+    public async Task ExecuteAsync_CommandHookFailureReturnsFailedRun()
+    {
+        CancellationToken ct = TestContext.Current.CancellationToken;
+        var commands = DbCommandRegistry.Create(builder =>
+            builder.AddCommand("RejectHook", _ => DbCommandResult.Failure("Hook rejected run.")));
+        var orchestrator = new PipelineOrchestrator(
+            new FakeComponentFactory(new FakeSource([CreateBatch(1, 1)]), new FakeDestination(), []),
+            new RecordingCheckpointStore(),
+            new RecordingRunLogger(),
+            commands);
+
+        PipelineRunResult result = await orchestrator.ExecuteAsync(new PipelineRunRequest
+        {
+            Package = CreatePackage(hooks:
+            [
+                new PipelineCommandHookDefinition
+                {
+                    Event = PipelineCommandHookEvent.OnRunStarted,
+                    CommandName = "RejectHook",
+                },
+            ]),
+            Mode = PipelineExecutionMode.Run,
+        }, ct);
+
+        Assert.Equal(PipelineRunStatus.Failed, result.Status);
+        Assert.Contains("Step: command-hook", result.ErrorSummary);
+        Assert.Contains("Component: OnRunStarted", result.ErrorSummary);
+        Assert.Contains("Hook rejected run.", result.ErrorSummary);
+    }
+
+    [Fact]
+    public async Task ExecuteAsync_CommandHookTimeoutReturnsFailedRun()
+    {
+        CancellationToken ct = TestContext.Current.CancellationToken;
+        var commands = DbCommandRegistry.Create(builder =>
+            builder.AddAsyncCommand(
+                "SlowHook",
+                new DbCommandOptions(Timeout: TimeSpan.FromMilliseconds(10)),
+                static async (_, commandCt) =>
+                {
+                    await Task.Delay(TimeSpan.FromSeconds(5), commandCt);
+                    return DbCommandResult.Success();
+                }));
+        var orchestrator = new PipelineOrchestrator(
+            new FakeComponentFactory(new FakeSource([CreateBatch(1, 1)]), new FakeDestination(), []),
+            new RecordingCheckpointStore(),
+            new RecordingRunLogger(),
+            commands);
+
+        PipelineRunResult result = await orchestrator.ExecuteAsync(new PipelineRunRequest
+        {
+            Package = CreatePackage(hooks:
+            [
+                new PipelineCommandHookDefinition
+                {
+                    Event = PipelineCommandHookEvent.OnRunStarted,
+                    CommandName = "SlowHook",
+                },
+            ]),
+            Mode = PipelineExecutionMode.Run,
+        }, ct);
+
+        Assert.Equal(PipelineRunStatus.Failed, result.Status);
+        Assert.Contains("Step: command-hook", result.ErrorSummary);
+        Assert.Contains("SlowHook", result.ErrorSummary);
+        Assert.Contains("timed out", result.ErrorSummary);
+    }
+
     private static PipelinePackageDefinition CreatePackage(
         PipelineErrorMode errorMode = PipelineErrorMode.SkipBadRows,
-        int maxRejects = 10) => new()
+        int maxRejects = 10,
+        IReadOnlyList<PipelineCommandHookDefinition>? hooks = null) => new()
     {
         Name = "customers-import",
         Version = "1.0.0",
@@ -261,6 +434,7 @@ private static PipelinePackageDefinition CreatePackage(
             ErrorMode = errorMode,
             MaxRejects = errorMode == PipelineErrorMode.SkipBadRows ? maxRejects : 0,
         },
+        Hooks = hooks ?? [],
     };
 
     private static PipelineRowBatch CreateBatch(long batchNumber, params int[] ids) => new()
diff --git a/tests/CSharpDB.Pipelines.Tests/PipelinePackageSerializerTests.cs b/tests/CSharpDB.Pipelines.Tests/PipelinePackageSerializerTests.cs
index 17faa734..49a94e37 100644
--- a/tests/CSharpDB.Pipelines.Tests/PipelinePackageSerializerTests.cs
+++ b/tests/CSharpDB.Pipelines.Tests/PipelinePackageSerializerTests.cs
@@ -17,6 +17,9 @@ public void Serialize_UsesCamelCaseAndEnumStrings()
         Assert.Contains("\"errorMode\": \"skipBadRows\"", json);
         Assert.Contains("\"kind\": \"csvFile\"", json);
         Assert.Contains("\"targetType\": \"integer\"", json);
+        Assert.Contains("\"event\": \"onRunSucceeded\"", json);
+        Assert.Contains("\"automation\"", json);
+        Assert.Contains("\"scalarFunctions\"", json);
     }
 
     [Fact]
@@ -36,6 +39,15 @@ public void Deserialize_RoundTripsPackage()
         Assert.Equal(package.Options.ErrorMode, clone.Options.ErrorMode);
         Assert.Equal(package.Transforms.Count, clone.Transforms.Count);
         Assert.Equal(package.Incremental?.WatermarkColumn, clone.Incremental?.WatermarkColumn);
+        PipelineCommandHookDefinition hook = Assert.Single(clone.Hooks);
+        Assert.Equal(PipelineCommandHookEvent.OnRunSucceeded, hook.Event);
+        Assert.Equal("NotifyImport", hook.CommandName);
+        Assert.Equal("ops", Assert.IsType<string>(hook.Arguments!["channel"]));
+        Assert.Equal(3, DbCommandArguments.FromObject(hook.Arguments["priority"]).AsInteger);
+        Assert.NotNull(clone.Automation);
+        Assert.Contains(clone.Automation!.Commands!, command => command.Name == "NotifyImport");
+        Assert.Contains(clone.Automation.ScalarFunctions!, function => function.Name == "NormalizeStatus" && function.Arity == 1);
+        Assert.Contains(clone.Automation.ScalarFunctions!, function => function.Name == "Slugify" && function.Arity == 1);
     }
 
     [Fact]
@@ -50,9 +62,10 @@ public async Task SaveToFileAsync_AndLoadFromFileAsync_RoundTripPackage()
             await PipelinePackageSerializer.SaveToFileAsync(package, path, ct);
             PipelinePackageDefinition loaded = await PipelinePackageSerializer.LoadFromFileAsync(path, ct);
 
-            Assert.Equal(package.Name, loaded.Name);
-            Assert.Equal(package.Transforms.Count, loaded.Transforms.Count);
-            Assert.Equal(package.Options.BatchSize, loaded.Options.BatchSize);
+        Assert.Equal(package.Name, loaded.Name);
+        Assert.Equal(package.Transforms.Count, loaded.Transforms.Count);
+        Assert.Equal(package.Options.BatchSize, loaded.Options.BatchSize);
+        Assert.Single(loaded.Hooks);
         }
         finally
         {
@@ -112,11 +125,41 @@ public async Task SaveToFileAsync_AndLoadFromFileAsync_RoundTripPackage()
                     },
                 ],
             },
+            new PipelineTransformDefinition
+            {
+                Kind = PipelineTransformKind.Filter,
+                FilterExpression = "NormalizeStatus(status) == 'active'",
+            },
+            new PipelineTransformDefinition
+            {
+                Kind = PipelineTransformKind.Derive,
+                DerivedColumns =
+                [
+                    new PipelineDerivedColumn
+                    {
+                        Name = "slug",
+                        Expression = "Slugify(name)",
+                    },
+                ],
+            },
         ],
         Incremental = new PipelineIncrementalOptions
         {
             WatermarkColumn = "updated_at",
             LastProcessedValue = "2026-01-01T00:00:00Z",
         },
+        Hooks =
+        [
+            new PipelineCommandHookDefinition
+            {
+                Event = PipelineCommandHookEvent.OnRunSucceeded,
+                CommandName = "NotifyImport",
+                Arguments = new Dictionary<string, object?>
+                {
+                    ["channel"] = "ops",
+                    ["priority"] = 3,
+                },
+            },
+        ],
     };
 }
diff --git a/tests/CSharpDB.Pipelines.Tests/PipelinePackageValidatorTests.cs b/tests/CSharpDB.Pipelines.Tests/PipelinePackageValidatorTests.cs
index 4bd82f8b..e21c308a 100644
--- a/tests/CSharpDB.Pipelines.Tests/PipelinePackageValidatorTests.cs
+++ b/tests/CSharpDB.Pipelines.Tests/PipelinePackageValidatorTests.cs
@@ -156,6 +156,165 @@ public void Validate_ReturnsError_WhenIncrementalWatermarkIsMissing()
         Assert.Contains(result.Errors, e => e.Code == "pipeline.incremental.watermark.required");
     }
 
+    [Fact]
+    public void Validate_ReturnsError_WhenFunctionSyntaxIsMalformed()
+    {
+        var validPackage = CreateValidPackage();
+        var package = new PipelinePackageDefinition
+        {
+            Name = validPackage.Name,
+            Version = validPackage.Version,
+            Source = validPackage.Source,
+            Destination = validPackage.Destination,
+            Options = validPackage.Options,
+            Transforms =
+            [
+                new PipelineTransformDefinition
+                {
+                    Kind = PipelineTransformKind.Derive,
+                    DerivedColumns =
+                    [
+                        new PipelineDerivedColumn
+                        {
+                            Name = "slug",
+                            Expression = "Slugify(name",
+                        },
+                    ],
+                },
+            ],
+        };
+
+        PipelineValidationResult result = PipelinePackageValidator.Validate(package);
+
+        Assert.Contains(result.Errors, e => e.Code == "pipeline.expression.function.syntax");
+    }
+
+    [Fact]
+    public void Validate_ReturnsError_WhenHookCommandNameIsMissing()
+    {
+        var validPackage = CreateValidPackage();
+        var package = new PipelinePackageDefinition
+        {
+            Name = validPackage.Name,
+            Version = validPackage.Version,
+            Source = validPackage.Source,
+            Destination = validPackage.Destination,
+            Options = validPackage.Options,
+            Transforms = validPackage.Transforms,
+            Hooks =
+            [
+                new PipelineCommandHookDefinition
+                {
+                    Event = PipelineCommandHookEvent.OnRunSucceeded,
+                    CommandName = " ",
+                },
+            ],
+        };
+
+        PipelineValidationResult result = PipelinePackageValidator.Validate(package);
+
+        Assert.Contains(result.Errors, e => e.Code == "pipeline.hook.command.required");
+    }
+
+    [Fact]
+    public void Validate_ReturnsError_WhenHookArgumentNameIsMissing()
+    {
+        var validPackage = CreateValidPackage();
+        var package = new PipelinePackageDefinition
+        {
+            Name = validPackage.Name,
+            Version = validPackage.Version,
+            Source = validPackage.Source,
+            Destination = validPackage.Destination,
+            Options = validPackage.Options,
+            Transforms = validPackage.Transforms,
+            Hooks =
+            [
+                new PipelineCommandHookDefinition
+                {
+                    Event = PipelineCommandHookEvent.OnRunSucceeded,
+                    CommandName = "Notify",
+                    Arguments = new Dictionary<string, object?> { [" "] = "invalid" },
+                },
+            ],
+        };
+
+        PipelineValidationResult result = PipelinePackageValidator.Validate(package);
+
+        Assert.Contains(result.Errors, e => e.Code == "pipeline.hook.argument.name.required");
+    }
+
+    [Fact]
+    public void Validate_ReturnsSuccess_WhenAutomationMetadataIsCurrent()
+    {
+        var validPackage = CreateValidPackage();
+        PipelinePackageDefinition package = PipelineAutomationMetadata.NormalizeForExport(new PipelinePackageDefinition
+        {
+            Name = validPackage.Name,
+            Version = validPackage.Version,
+            Source = validPackage.Source,
+            Destination = validPackage.Destination,
+            Options = validPackage.Options,
+            Transforms =
+            [
+                new PipelineTransformDefinition
+                {
+                    Kind = PipelineTransformKind.Filter,
+                    FilterExpression = "NormalizeStatus(status) == 'active'",
+                },
+            ],
+            Hooks =
+            [
+                new PipelineCommandHookDefinition
+                {
+                    Event = PipelineCommandHookEvent.OnRunSucceeded,
+                    CommandName = "Notify",
+                },
+            ],
+        });
+
+        PipelineValidationResult result = PipelinePackageValidator.Validate(package);
+
+        Assert.True(result.IsValid);
+    }
+
+    [Fact]
+    public void Validate_ReturnsError_WhenAutomationMetadataIsOutOfDate()
+    {
+        var validPackage = CreateValidPackage();
+        var package = new PipelinePackageDefinition
+        {
+            Name = validPackage.Name,
+            Version = validPackage.Version,
+            Source = validPackage.Source,
+            Destination = validPackage.Destination,
+            Options = validPackage.Options,
+            Transforms =
+            [
+                new PipelineTransformDefinition
+                {
+                    Kind = PipelineTransformKind.Derive,
+                    DerivedColumns =
+                    [
+                        new PipelineDerivedColumn
+                        {
+                            Name = "slug",
+                            Expression = "Slugify(name)",
+                        },
+                    ],
+                },
+            ],
+            Automation = new DbAutomationMetadata(
+                DbAutomationMetadata.CurrentMetadataVersion,
+                Commands: [],
+                ScalarFunctions: []),
+        };
+
+        PipelineValidationResult result = PipelinePackageValidator.Validate(package);
+
+        Assert.Contains(result.Errors, e => e.Code == "pipeline.automation.scalarFunctions.outOfDate");
+    }
+
     [Fact]
     public void Validate_ReturnsMultipleErrors_ForCompoundInvalidPackage()
     {
diff --git a/tests/CSharpDB.Pipelines.Tests/TrustedScalarFunctionPipelineTests.cs b/tests/CSharpDB.Pipelines.Tests/TrustedScalarFunctionPipelineTests.cs
new file mode 100644
index 00000000..102d5add
--- /dev/null
+++ b/tests/CSharpDB.Pipelines.Tests/TrustedScalarFunctionPipelineTests.cs
@@ -0,0 +1,109 @@
+using CSharpDB.Pipelines.Models;
+using CSharpDB.Pipelines.Runtime.BuiltIns;
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Pipelines.Tests;
+
+public sealed class TrustedScalarFunctionPipelineTests
+{
+    [Fact]
+    public async Task FilterAndDeriveTransforms_InvokeRegisteredFunctions()
+    {
+        CancellationToken ct = TestContext.Current.CancellationToken;
+        var registry = DbFunctionRegistry.Create(functions =>
+        {
+            functions.AddScalar(
+                "Slugify",
+                1,
+                new DbScalarFunctionOptions(DbType.Text, IsDeterministic: true, NullPropagating: true),
+                static (_, args) => DbValue.FromText(args[0].AsText.ToLowerInvariant().Replace(' ', '-')));
+            functions.AddScalar(
+                "StartsWithA",
+                1,
+                new DbScalarFunctionOptions(DbType.Integer, IsDeterministic: true, NullPropagating: true),
+                static (_, args) => DbValue.FromInteger(args[0].AsText.StartsWith("A", StringComparison.OrdinalIgnoreCase) ? 1 : 0));
+        });
+
+        var filter = new FilterPipelineTransform(new PipelineTransformDefinition
+        {
+            Kind = PipelineTransformKind.Filter,
+            FilterExpression = "StartsWithA(name) == 1",
+        }, registry);
+        var derive = new DerivePipelineTransform(new PipelineTransformDefinition
+        {
+            Kind = PipelineTransformKind.Derive,
+            DerivedColumns =
+            [
+                new PipelineDerivedColumn { Name = "slug", Expression = "Slugify(name)" },
+            ],
+        }, registry);
+        var context = CreateContext();
+        var batch = new PipelineRowBatch
+        {
+            BatchNumber = 1,
+            StartingRowNumber = 1,
+            Rows =
+            [
+                new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+                {
+                    ["name"] = "Alice Smith",
+                },
+                new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+                {
+                    ["name"] = "Bob Smith",
+                },
+            ],
+        };
+
+        PipelineRowBatch filtered = await filter.TransformAsync(batch, context, ct);
+        PipelineRowBatch derived = await derive.TransformAsync(filtered, context, ct);
+
+        Assert.Single(derived.Rows);
+        Assert.Equal("alice-smith", derived.Rows[0]["slug"]);
+    }
+
+    [Fact]
+    public async Task MissingRegisteredFunction_FailsAtRuntime()
+    {
+        CancellationToken ct = TestContext.Current.CancellationToken;
+        var transform = new DerivePipelineTransform(new PipelineTransformDefinition
+        {
+            Kind = PipelineTransformKind.Derive,
+            DerivedColumns =
+            [
+                new PipelineDerivedColumn { Name = "slug", Expression = "MissingFunction(name)" },
+            ],
+        });
+        var batch = new PipelineRowBatch
+        {
+            BatchNumber = 1,
+            StartingRowNumber = 1,
+            Rows =
+            [
+                new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+                {
+                    ["name"] = "Alice",
+                },
+            ],
+        };
+
+        var ex = await Assert.ThrowsAsync<InvalidOperationException>(async () =>
+            await transform.TransformAsync(batch, CreateContext(), ct));
+
+        Assert.Contains("Unknown scalar function", ex.Message);
+    }
+
+    private static PipelineExecutionContext CreateContext() => new()
+    {
+        RunId = "functions-test",
+        Mode = PipelineExecutionMode.DryRun,
+        Package = new PipelinePackageDefinition
+        {
+            Name = "functions",
+            Version = "1.0",
+            Source = new PipelineSourceDefinition { Kind = PipelineSourceKind.JsonFile, Path = "input.json" },
+            Destination = new PipelineDestinationDefinition { Kind = PipelineDestinationKind.JsonFile, Path = "output.json" },
+            Options = new PipelineExecutionOptions(),
+        },
+    };
+}
diff --git a/tests/CSharpDB.Tests/AutomationManifestValidatorTests.cs b/tests/CSharpDB.Tests/AutomationManifestValidatorTests.cs
new file mode 100644
index 00000000..c6cb186b
--- /dev/null
+++ b/tests/CSharpDB.Tests/AutomationManifestValidatorTests.cs
@@ -0,0 +1,187 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Tests;
+
+public sealed class AutomationManifestValidatorTests
+{
+    [Fact]
+    public void Validate_ReturnsSuccessWhenMetadataMatchesRegistries()
+    {
+        DbAutomationMetadata metadata = new(
+            Commands:
+            [
+                new DbAutomationCommandReference("AuditOrder", "admin.forms", "form.events.BeforeInsert"),
+            ],
+            ScalarFunctions:
+            [
+                new DbAutomationScalarFunctionReference("Slugify", 1, "admin.forms", "controls.slug.formula"),
+            ],
+            ValidationRules:
+            [
+                new DbAutomationValidationRuleReference("CreditLimit", "admin.forms", "controls.credit.validationRules.CreditLimit"),
+            ]);
+        DbFunctionRegistry functions = CreateFunctions(("Slugify", 1));
+        DbCommandRegistry commands = CreateCommands("AuditOrder");
+        DbValidationRuleRegistry validationRules = CreateValidationRules("CreditLimit");
+
+        AutomationValidationResult result = AutomationManifestValidator.Validate(metadata, functions, commands, validationRules);
+
+        Assert.True(result.Succeeded);
+        Assert.Empty(result.Issues);
+    }
+
+    [Fact]
+    public void Validate_ReportsMissingCommandsAndScalarFunctions()
+    {
+        DbAutomationMetadata metadata = new(
+            Commands:
+            [
+                new DbAutomationCommandReference("AuditOrder", "admin.forms", "form.events.BeforeInsert"),
+            ],
+            ScalarFunctions:
+            [
+                new DbAutomationScalarFunctionReference("Slugify", 1, "admin.forms", "controls.slug.formula"),
+            ],
+            ValidationRules:
+            [
+                new DbAutomationValidationRuleReference("CreditLimit", "admin.forms", "form.validationRules.CreditLimit"),
+            ]);
+
+        AutomationValidationResult result = AutomationManifestValidator.Validate(
+            metadata,
+            DbFunctionRegistry.Empty,
+            DbCommandRegistry.Empty,
+            DbValidationRuleRegistry.Empty);
+
+        Assert.False(result.Succeeded);
+        Assert.Equal(3, result.Issues.Count);
+
+        AutomationValidationIssue commandIssue = Assert.Single(
+            result.Issues,
+            issue => issue.CallbackKind == AutomationCallbackKind.Command);
+        Assert.Equal(AutomationValidationSeverity.Error, commandIssue.Severity);
+        Assert.Equal("AuditOrder", commandIssue.Name);
+        Assert.Equal("admin.forms", commandIssue.Surface);
+        Assert.Equal("form.events.BeforeInsert", commandIssue.Location);
+        Assert.Contains("not registered", commandIssue.Message);
+
+        AutomationValidationIssue functionIssue = Assert.Single(
+            result.Issues,
+            issue => issue.CallbackKind == AutomationCallbackKind.ScalarFunction);
+        Assert.Equal(AutomationValidationSeverity.Error, functionIssue.Severity);
+        Assert.Equal("Slugify", functionIssue.Name);
+        Assert.Equal(1, functionIssue.ExpectedArity);
+        Assert.Equal("controls.slug.formula", functionIssue.Location);
+        Assert.Contains("not registered", functionIssue.Message);
+
+        AutomationValidationIssue validationIssue = Assert.Single(
+            result.Issues,
+            issue => issue.CallbackKind == AutomationCallbackKind.ValidationRule);
+        Assert.Equal(AutomationValidationSeverity.Error, validationIssue.Severity);
+        Assert.Equal("CreditLimit", validationIssue.Name);
+        Assert.Equal("form.validationRules.CreditLimit", validationIssue.Location);
+        Assert.Contains("not registered", validationIssue.Message);
+    }
+
+    [Fact]
+    public void Validate_ReportsScalarFunctionArityMismatch()
+    {
+        DbAutomationMetadata metadata = new(
+            ScalarFunctions:
+            [
+                new DbAutomationScalarFunctionReference("Slugify", 2, "pipelines", "transforms[0].derivedColumns[0].expression"),
+            ]);
+        DbFunctionRegistry functions = CreateFunctions(("Slugify", 1));
+
+        AutomationValidationResult result = AutomationManifestValidator.Validate(
+            metadata,
+            functions,
+            DbCommandRegistry.Empty);
+
+        AutomationValidationIssue issue = Assert.Single(result.Issues);
+        Assert.False(result.Succeeded);
+        Assert.Equal(AutomationValidationSeverity.Error, issue.Severity);
+        Assert.Equal(AutomationCallbackKind.ScalarFunction, issue.CallbackKind);
+        Assert.Equal("Slugify", issue.Name);
+        Assert.Equal(2, issue.ExpectedArity);
+        Assert.Contains("with arity 2", issue.Message);
+        Assert.Contains("host registry has arity 1", issue.Message);
+    }
+
+    [Fact]
+    public void Validate_DuplicateReferencesProduceWarningsWithoutFailing()
+    {
+        DbAutomationMetadata metadata = new(
+            Commands:
+            [
+                new DbAutomationCommandReference("AuditOrder", "admin.forms", "form.events.BeforeInsert"),
+                new DbAutomationCommandReference("auditorder", "admin.forms", "form.events.BeforeInsert"),
+            ],
+            ScalarFunctions:
+            [
+                new DbAutomationScalarFunctionReference("Slugify", 1, "admin.forms", "controls.slug.formula"),
+                new DbAutomationScalarFunctionReference("slugify", 1, "admin.forms", "controls.slug.formula"),
+            ],
+            ValidationRules:
+            [
+                new DbAutomationValidationRuleReference("CreditLimit", "admin.forms", "form.validationRules.CreditLimit"),
+                new DbAutomationValidationRuleReference("creditlimit", "admin.forms", "form.validationRules.CreditLimit"),
+            ]);
+        DbFunctionRegistry functions = CreateFunctions(("Slugify", 1));
+        DbCommandRegistry commands = CreateCommands("AuditOrder");
+        DbValidationRuleRegistry validationRules = CreateValidationRules("CreditLimit");
+
+        AutomationValidationResult result = AutomationManifestValidator.Validate(metadata, functions, commands, validationRules);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal(3, result.Issues.Count);
+        Assert.All(result.Issues, issue => Assert.Equal(AutomationValidationSeverity.Warning, issue.Severity));
+        Assert.Contains(result.Issues, issue => issue.CallbackKind == AutomationCallbackKind.Command);
+        Assert.Contains(result.Issues, issue => issue.CallbackKind == AutomationCallbackKind.ScalarFunction);
+        Assert.Contains(result.Issues, issue => issue.CallbackKind == AutomationCallbackKind.ValidationRule);
+    }
+
+    [Fact]
+    public void Validate_CanRequireAutomationMetadata()
+    {
+        AutomationValidationResult optionalResult = AutomationManifestValidator.Validate(
+            metadata: null,
+            DbFunctionRegistry.Empty,
+            DbCommandRegistry.Empty);
+        AutomationValidationResult requiredResult = AutomationManifestValidator.Validate(
+            metadata: null,
+            DbFunctionRegistry.Empty,
+            DbCommandRegistry.Empty,
+            new AutomationManifestValidationOptions(RequireMetadata: true));
+
+        Assert.True(optionalResult.Succeeded);
+        Assert.Empty(optionalResult.Issues);
+
+        AutomationValidationIssue issue = Assert.Single(requiredResult.Issues);
+        Assert.False(requiredResult.Succeeded);
+        Assert.Equal(AutomationCallbackKind.Unknown, issue.CallbackKind);
+        Assert.Equal(AutomationValidationSeverity.Error, issue.Severity);
+        Assert.Contains("metadata is missing", issue.Message);
+    }
+
+    private static DbFunctionRegistry CreateFunctions(params (string Name, int Arity)[] functions)
+        => DbFunctionRegistry.Create(builder =>
+        {
+            foreach ((string name, int arity) in functions)
+                builder.AddScalar(name, arity, static (_, _) => DbValue.Null);
+        });
+
+    private static DbCommandRegistry CreateCommands(params string[] commands)
+        => DbCommandRegistry.Create(builder =>
+        {
+            foreach (string command in commands)
+                builder.AddCommand(command, static _ => DbCommandResult.Success());
+        });
+
+    private static DbValidationRuleRegistry CreateValidationRules(params string[] rules)
+        => DbValidationRuleRegistry.Create(builder =>
+        {
+            foreach (string rule in rules)
+                builder.AddRule(rule, static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success()));
+        });
+}
diff --git a/tests/CSharpDB.Tests/AutomationMetadataTests.cs b/tests/CSharpDB.Tests/AutomationMetadataTests.cs
new file mode 100644
index 00000000..76e089b4
--- /dev/null
+++ b/tests/CSharpDB.Tests/AutomationMetadataTests.cs
@@ -0,0 +1,50 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Tests;
+
+public sealed class AutomationMetadataTests
+{
+    [Fact]
+    public void Builder_SortsAndDeduplicatesReferences()
+    {
+        var builder = new DbAutomationMetadataBuilder();
+
+        DbAutomationMetadata metadata = builder
+            .AddCommand("Notify", "pipelines", "hooks[1]")
+            .AddCommand(" notify ", "pipelines", "hooks[1]")
+            .AddScalarFunction("Slugify", 1, "pipelines", "transforms[0]")
+            .AddScalarFunction("slugify", 1, "pipelines", "transforms[0]")
+            .Build();
+
+        DbAutomationCommandReference command = Assert.Single(metadata.Commands!);
+        Assert.Equal("Notify", command.Name);
+        DbAutomationScalarFunctionReference function = Assert.Single(metadata.ScalarFunctions!);
+        Assert.Equal("Slugify", function.Name);
+        Assert.Equal(1, function.Arity);
+    }
+
+    [Fact]
+    public void ExpressionInspector_FindsNestedScalarFunctionCalls()
+    {
+        IReadOnlyList<DbAutomationScalarFunctionCall> calls =
+            DbAutomationExpressionInspector.FindScalarFunctionCalls(
+                "=Normalize(Slugify(Name), 'IgnoreMe(1)', [AlsoIgnore(2)])",
+                ignoredNames: ["SUM"]);
+
+        Assert.Contains(calls, call => call.Name == "Normalize" && call.Arity == 3);
+        Assert.Contains(calls, call => call.Name == "Slugify" && call.Arity == 1);
+        Assert.DoesNotContain(calls, call => call.Name == "IgnoreMe");
+        Assert.DoesNotContain(calls, call => call.Name == "AlsoIgnore");
+    }
+
+    [Fact]
+    public void ExpressionInspector_IgnoresConfiguredFunctionNames()
+    {
+        IReadOnlyList<DbAutomationScalarFunctionCall> calls =
+            DbAutomationExpressionInspector.FindScalarFunctionCalls("=SUM(LineTotal) + Tax(LineTotal)", ["SUM"]);
+
+        DbAutomationScalarFunctionCall call = Assert.Single(calls);
+        Assert.Equal("Tax", call.Name);
+        Assert.Equal(1, call.Arity);
+    }
+}
diff --git a/tests/CSharpDB.Tests/AutomationStubGeneratorTests.cs b/tests/CSharpDB.Tests/AutomationStubGeneratorTests.cs
new file mode 100644
index 00000000..0dad6062
--- /dev/null
+++ b/tests/CSharpDB.Tests/AutomationStubGeneratorTests.cs
@@ -0,0 +1,160 @@
+using CSharpDB.Primitives;
+using Microsoft.CodeAnalysis;
+using Microsoft.CodeAnalysis.CSharp;
+
+namespace CSharpDB.Tests;
+
+public sealed class AutomationStubGeneratorTests
+{
+    [Fact]
+    public void GenerateCSharp_ProducesDeterministicRegistrationStubs()
+    {
+        DbAutomationMetadata metadata = new(
+            Commands:
+            [
+                new DbAutomationCommandReference("AuditOrder", "admin.forms", "form.events.BeforeInsert"),
+                new DbAutomationCommandReference("auditorder", "admin.forms", "form.events.AfterUpdate"),
+            ],
+            ScalarFunctions:
+            [
+                new DbAutomationScalarFunctionReference("NormalizeName", 2, "pipelines", "transforms[0].filterExpression"),
+                new DbAutomationScalarFunctionReference("normalizeName", 2, "admin.forms", "controls.name.formula"),
+            ],
+            ValidationRules:
+            [
+                new DbAutomationValidationRuleReference("ValidateCreditLimit", "admin.forms", "controls.credit.validationRules.ValidateCreditLimit"),
+            ]);
+
+        string source = AutomationStubGenerator.GenerateCSharp(
+            metadata,
+            new AutomationStubGenerationOptions(
+                Namespace: "MyApp.CSharpDbAutomation",
+                ClassName: "CSharpDbAutomationRegistration"));
+
+        const string expected = """
+            using System;
+            using System.Threading.Tasks;
+            using CSharpDB.Primitives;
+
+            namespace MyApp.CSharpDbAutomation;
+
+            public static class CSharpDbAutomationRegistration
+            {
+                public static void Register(DbFunctionRegistryBuilder functions, DbCommandRegistryBuilder commands, DbValidationRuleRegistryBuilder validationRules)
+                {
+                    ArgumentNullException.ThrowIfNull(functions);
+                    ArgumentNullException.ThrowIfNull(commands);
+                    ArgumentNullException.ThrowIfNull(validationRules);
+
+                    functions.AddScalar(
+                        "NormalizeName",
+                        arity: 2,
+                        options: new DbScalarFunctionOptions(DbType.Text),
+                        invoke: static (context, args) =>
+                        {
+                            // References:
+                            // - admin.forms: controls.name.formula
+                            // - pipelines: transforms[0].filterExpression
+                            throw new NotImplementedException("Implement trusted scalar function 'NormalizeName'.");
+                        });
+
+                    commands.AddAsyncCommand(
+                        "AuditOrder",
+                        static async (context, ct) =>
+                        {
+                            // References:
+                            // - admin.forms: form.events.AfterUpdate
+                            // - admin.forms: form.events.BeforeInsert
+                        await Task.CompletedTask;
+                        throw new NotImplementedException("Implement trusted command 'AuditOrder'.");
+                    });
+
+                validationRules.AddRule(
+                    "ValidateCreditLimit",
+                    static async (context, ct) =>
+                    {
+                        // References:
+                        // - admin.forms: controls.credit.validationRules.ValidateCreditLimit
+                        await Task.CompletedTask;
+                        throw new NotImplementedException("Implement trusted validation rule 'ValidateCreditLimit'.");
+                    });
+            }
+        }
+        """;
+
+        Assert.Equal(Normalize(expected), Normalize(source));
+    }
+
+    [Fact]
+    public void GenerateCSharp_ProducesCompilableSource()
+    {
+        DbAutomationMetadata metadata = new(
+            Commands:
+            [
+                new DbAutomationCommandReference("WriteAudit", "admin.forms", "form.events.BeforeInsert\r\n// ignored"),
+            ],
+            ScalarFunctions:
+            [
+                new DbAutomationScalarFunctionReference("FormatValue", 1, "admin.reports", "bands.detail.controls.total.expression"),
+            ]);
+
+        string source = AutomationStubGenerator.GenerateCSharp(
+            metadata,
+            new AutomationStubGenerationOptions(
+                Namespace: "MyApp.Generated",
+                ClassName: "RegistrationStubs",
+                MethodName: "AddCallbacks"));
+
+        AssertCompiles(source);
+    }
+
+    [Fact]
+    public void GenerateCSharp_RejectsInvalidTypeNames()
+    {
+        DbAutomationMetadata metadata = new();
+
+        Assert.Throws<ArgumentException>(() =>
+            AutomationStubGenerator.GenerateCSharp(
+                metadata,
+                new AutomationStubGenerationOptions(
+                    Namespace: "MyApp.Generated",
+                    ClassName: "class")));
+    }
+
+    private static void AssertCompiles(string source)
+    {
+        SyntaxTree syntaxTree = CSharpSyntaxTree.ParseText(source);
+        CSharpCompilation compilation = CSharpCompilation.Create(
+            assemblyName: "AutomationStubGeneratorTests_" + Guid.NewGuid().ToString("N"),
+            syntaxTrees: [syntaxTree],
+            references: GetMetadataReferences(),
+            options: new CSharpCompilationOptions(OutputKind.DynamicallyLinkedLibrary));
+
+        Diagnostic[] errors = compilation.GetDiagnostics()
+            .Where(static diagnostic => diagnostic.Severity == DiagnosticSeverity.Error)
+            .ToArray();
+
+        Assert.Empty(errors);
+    }
+
+    private static MetadataReference[] GetMetadataReferences()
+    {
+        string trustedPlatformAssemblies = (string?)AppContext.GetData("TRUSTED_PLATFORM_ASSEMBLIES")
+            ?? throw new InvalidOperationException("Trusted platform assemblies were not available.");
+
+        return trustedPlatformAssemblies
+            .Split(Path.PathSeparator)
+            .Select(static path => MetadataReference.CreateFromFile(path))
+            .Append(MetadataReference.CreateFromFile(typeof(DbAutomationMetadata).Assembly.Location))
+            .ToArray();
+    }
+
+    private static string Normalize(string source)
+        => string.Join(
+            "\n",
+            source
+                .ReplaceLineEndings("\n")
+                .Trim()
+                .Split('\n')
+                .Select(static line => line.Trim()));
+}
diff --git a/tests/CSharpDB.Tests/CSharpDB.Tests.csproj b/tests/CSharpDB.Tests/CSharpDB.Tests.csproj
index c1f44285..f2c5840e 100644
--- a/tests/CSharpDB.Tests/CSharpDB.Tests.csproj
+++ b/tests/CSharpDB.Tests/CSharpDB.Tests.csproj
@@ -20,6 +20,7 @@
     <ProjectReference Include="..\..\src\CSharpDB.Native\CSharpDB.Native.csproj" />
     <ProjectReference Include="..\..\src\CSharpDB.Storage.Diagnostics\CSharpDB.Storage.Diagnostics.csproj" />
     <ProjectReference Include="..\..\src\CSharpDB.Generators\CSharpDB.Generators.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="true" />
+    <ProjectReference Include="..\CSharpDB.ExtensionSandbox.Worker\CSharpDB.ExtensionSandbox.Worker.csproj" ReferenceOutputAssembly="false" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/tests/CSharpDB.Tests/CallbackDiagnosticsTests.cs b/tests/CSharpDB.Tests/CallbackDiagnosticsTests.cs
new file mode 100644
index 00000000..42019717
--- /dev/null
+++ b/tests/CSharpDB.Tests/CallbackDiagnosticsTests.cs
@@ -0,0 +1,311 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Tests;
+
+public sealed class CallbackDiagnosticsTests
+{
+    [Fact]
+    public void ScalarFunctionInvocation_EmitsDiagnosticEvent()
+    {
+        List<DbCallbackInvocationDiagnostic> diagnostics = [];
+        using IDisposable subscription = DbCallbackDiagnostics.Listener.Subscribe(new CallbackObserver(diagnostics));
+        DbFunctionRegistry registry = DbFunctionRegistry.Create(functions =>
+            functions.AddScalar(
+                "DiagBump",
+                1,
+                static (_, args) => DbValue.FromInteger(args[0].AsInteger + 1)));
+
+        Assert.True(registry.TryGetScalar("DiagBump", 1, out DbScalarFunctionDefinition definition));
+        DbValue result = definition.Invoke(
+            [DbValue.FromInteger(41)],
+            new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["surface"] = "SQL",
+                ["location"] = "functions.DiagBump",
+            });
+
+        Assert.Equal(42, result.AsInteger);
+        DbCallbackInvocationDiagnostic diagnostic = Assert.Single(
+            diagnostics,
+            diagnostic => diagnostic.Name == "DiagBump");
+        Assert.Equal(AutomationCallbackKind.ScalarFunction, diagnostic.CallbackKind);
+        Assert.Equal(1, diagnostic.Arity);
+        Assert.Equal("SQL", diagnostic.Surface);
+        Assert.Equal("functions.DiagBump", diagnostic.Location);
+        Assert.True(diagnostic.Succeeded);
+        Assert.False(diagnostic.TimedOut);
+        Assert.False(diagnostic.Canceled);
+        Assert.Null(diagnostic.ExceptionMessage);
+        Assert.True(diagnostic.Elapsed >= TimeSpan.Zero);
+    }
+
+    [Fact]
+    public async Task CommandInvocation_EmitsDiagnosticEventWithMetadataLocation()
+    {
+        List<DbCallbackInvocationDiagnostic> diagnostics = [];
+        using IDisposable subscription = DbCallbackDiagnostics.Listener.Subscribe(new CallbackObserver(diagnostics));
+        DbCommandRegistry registry = DbCommandRegistry.Create(commands =>
+            commands.AddCommand(
+                "DiagAudit",
+                static _ => DbCommandResult.Success("ok")));
+
+        Assert.True(registry.TryGetCommand("DiagAudit", out DbCommandDefinition definition));
+        DbCommandResult result = await definition.InvokeAsync(
+            metadata: new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["surface"] = "AdminForms",
+                ["event"] = "BeforeInsert",
+                ["actionSequence"] = "PrepareCustomer",
+                ["actionStep"] = "2",
+            },
+            ct: TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        DbCallbackInvocationDiagnostic diagnostic = Assert.Single(
+            diagnostics,
+            diagnostic => diagnostic.Name == "DiagAudit");
+        Assert.Equal(AutomationCallbackKind.Command, diagnostic.CallbackKind);
+        Assert.Null(diagnostic.Arity);
+        Assert.Equal("AdminForms", diagnostic.Surface);
+        Assert.Equal("BeforeInsert", diagnostic.EventName);
+        Assert.Equal("actionSequences.PrepareCustomer.steps[2]", diagnostic.Location);
+        Assert.True(diagnostic.Succeeded);
+        Assert.Equal("ok", diagnostic.ResultMessage);
+        Assert.Null(diagnostic.ExceptionMessage);
+    }
+
+    [Fact]
+    public async Task CommandFailureResult_EmitsFailedDiagnosticWithoutException()
+    {
+        List<DbCallbackInvocationDiagnostic> diagnostics = [];
+        using IDisposable subscription = DbCallbackDiagnostics.Listener.Subscribe(new CallbackObserver(diagnostics));
+        DbCommandRegistry registry = DbCommandRegistry.Create(commands =>
+            commands.AddCommand(
+                "DiagReject",
+                static _ => DbCommandResult.Failure("not allowed")));
+
+        Assert.True(registry.TryGetCommand("DiagReject", out DbCommandDefinition definition));
+        DbCommandResult result = await definition.InvokeAsync(ct: TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        DbCallbackInvocationDiagnostic diagnostic = Assert.Single(
+            diagnostics,
+            diagnostic => diagnostic.Name == "DiagReject");
+        Assert.False(diagnostic.Succeeded);
+        Assert.False(diagnostic.TimedOut);
+        Assert.False(diagnostic.Canceled);
+        Assert.Equal("not allowed", diagnostic.ResultMessage);
+        Assert.Null(diagnostic.ExceptionMessage);
+    }
+
+    [Fact]
+    public async Task CommandTimeout_EmitsTimedOutDiagnostic()
+    {
+        List<DbCallbackInvocationDiagnostic> diagnostics = [];
+        using IDisposable subscription = DbCallbackDiagnostics.Listener.Subscribe(new CallbackObserver(diagnostics));
+        DbCommandRegistry registry = DbCommandRegistry.Create(commands =>
+            commands.AddAsyncCommand(
+                "DiagSlow",
+                new DbCommandOptions(Timeout: TimeSpan.FromMilliseconds(10)),
+                static async (_, ct) =>
+                {
+                    await Task.Delay(TimeSpan.FromSeconds(5), ct);
+                    return DbCommandResult.Success();
+                }));
+
+        Assert.True(registry.TryGetCommand("DiagSlow", out DbCommandDefinition definition));
+        TimeoutException ex = await Assert.ThrowsAsync<TimeoutException>(async () =>
+            await definition.InvokeAsync(ct: TestContext.Current.CancellationToken));
+
+        Assert.Contains("timed out", ex.Message);
+        DbCallbackInvocationDiagnostic diagnostic = Assert.Single(
+            diagnostics,
+            diagnostic => diagnostic.Name == "DiagSlow");
+        Assert.False(diagnostic.Succeeded);
+        Assert.True(diagnostic.TimedOut);
+        Assert.False(diagnostic.Canceled);
+        Assert.Contains("timed out", diagnostic.ExceptionMessage);
+    }
+
+    [Fact]
+    public async Task CommandPolicyDenied_EmitsDiagnosticAndDoesNotInvokeCallback()
+    {
+        bool invoked = false;
+        List<DbCallbackInvocationDiagnostic> diagnostics = [];
+        using IDisposable subscription = DbCallbackDiagnostics.Listener.Subscribe(new CallbackObserver(diagnostics));
+        DbCommandRegistry registry = DbCommandRegistry.Create(commands =>
+            commands.AddCommand(
+                "DiagNetwork",
+                new DbCommandOptions(
+                    AdditionalCapabilities:
+                    [
+                        new DbExtensionCapabilityRequest(DbExtensionCapability.Network),
+                    ]),
+                _ =>
+                {
+                    invoked = true;
+                    return DbCommandResult.Success();
+                }));
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+            ]);
+
+        Assert.True(registry.TryGetCommand("DiagNetwork", out DbCommandDefinition definition));
+        DbCallbackPolicyException ex = await Assert.ThrowsAsync<DbCallbackPolicyException>(async () =>
+            await definition.InvokeAsync(
+                new Dictionary<string, DbValue>(),
+                new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+                {
+                    ["surface"] = "AdminForms",
+                    ["location"] = "controls.notify.events.Click",
+                    ["correlationId"] = "corr-1",
+                    ["ownerKind"] = "Form",
+                    ["ownerId"] = "orders-form",
+                    ["ownerName"] = "Orders",
+                },
+                policy,
+                DbExtensionHostMode.Embedded,
+                TestContext.Current.CancellationToken));
+
+        Assert.False(invoked);
+        Assert.Contains("No grant exists for capability 'Network'.", ex.Message);
+        DbCallbackInvocationDiagnostic diagnostic = Assert.Single(
+            diagnostics,
+            diagnostic => diagnostic.Name == "DiagNetwork");
+        Assert.False(diagnostic.Succeeded);
+        Assert.Equal(false, diagnostic.PolicyAllowed);
+        Assert.Equal("No grant exists for capability 'Network'.", diagnostic.PolicyDenialReason);
+        Assert.Equal("PolicyDenied", diagnostic.ErrorCode);
+        Assert.Equal(typeof(DbCallbackPolicyException).FullName, diagnostic.ExceptionType);
+        Assert.Equal("corr-1", diagnostic.CorrelationId);
+        Assert.Equal("Form", diagnostic.OwnerKind);
+        Assert.Equal("orders-form", diagnostic.OwnerId);
+        Assert.Equal("controls.notify.events.Click", diagnostic.Location);
+        Assert.NotNull(diagnostic.StartedAtUtc);
+    }
+
+    [Fact]
+    public async Task ValidationRuleInvocation_EmitsDiagnosticWithPolicyDecision()
+    {
+        List<DbCallbackInvocationDiagnostic> diagnostics = [];
+        using IDisposable subscription = DbCallbackDiagnostics.Listener.Subscribe(new CallbackObserver(diagnostics));
+        DbValidationRuleRegistry registry = DbValidationRuleRegistry.Create(rules =>
+            rules.AddRule(
+                "CreditLimit",
+                static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Failure("Credit limit exceeded.", "CreditLimit"))));
+
+        Assert.True(registry.TryGetRule("CreditLimit", out DbValidationRuleDefinition definition));
+        DbValidationRuleResult result = await definition.InvokeAsync(
+            DbValidationRuleContext.Create(
+                "CreditLimit",
+                DbValidationRuleScope.Field,
+                metadata: new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+                {
+                    ["surface"] = "admin.forms",
+                    ["location"] = "controls.credit.validationRules.CreditLimit",
+                    ["correlationId"] = "validation-corr",
+                    ["ownerKind"] = "Form",
+                    ["ownerId"] = "orders-form",
+                    ["ownerName"] = "Orders",
+                }),
+            DbExtensionPolicies.DefaultHostCallbackPolicy,
+            DbExtensionHostMode.Embedded,
+            TestContext.Current.CancellationToken);
+
+        Assert.False(result.Succeeded);
+        DbCallbackInvocationDiagnostic diagnostic = Assert.Single(
+            diagnostics,
+            diagnostic => diagnostic.Name == "CreditLimit");
+        Assert.Equal(AutomationCallbackKind.ValidationRule, diagnostic.CallbackKind);
+        Assert.Null(diagnostic.Arity);
+        Assert.False(diagnostic.Succeeded);
+        Assert.Equal(true, diagnostic.PolicyAllowed);
+        Assert.Equal("admin.forms", diagnostic.Surface);
+        Assert.Equal("controls.credit.validationRules.CreditLimit", diagnostic.Location);
+        Assert.Equal("validation-corr", diagnostic.CorrelationId);
+        Assert.Equal("Form", diagnostic.OwnerKind);
+        Assert.Equal("orders-form", diagnostic.OwnerId);
+        Assert.NotNull(diagnostic.StartedAtUtc);
+    }
+
+    [Fact]
+    public void ScalarPolicyDenied_EmitsDiagnosticAndDoesNotInvokeCallback()
+    {
+        bool invoked = false;
+        List<DbCallbackInvocationDiagnostic> diagnostics = [];
+        using IDisposable subscription = DbCallbackDiagnostics.Listener.Subscribe(new CallbackObserver(diagnostics));
+        DbFunctionRegistry registry = DbFunctionRegistry.Create(functions =>
+            functions.AddScalar(
+                "DiagSecret",
+                0,
+                new DbScalarFunctionOptions(
+                    AdditionalCapabilities:
+                    [
+                        new DbExtensionCapabilityRequest(DbExtensionCapability.EnvironmentVariables),
+                    ]),
+                (_, _) =>
+                {
+                    invoked = true;
+                    return DbValue.FromText("secret");
+                }));
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ScalarFunctions,
+                    DbExtensionCapabilityGrantStatus.Granted),
+            ]);
+
+        Assert.True(registry.TryGetScalar("DiagSecret", 0, out DbScalarFunctionDefinition definition));
+        DbCallbackPolicyException ex = Assert.Throws<DbCallbackPolicyException>(() =>
+            definition.Invoke(
+                [],
+                new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+                {
+                    ["surface"] = "Pipelines",
+                    ["location"] = "transforms.functions.DiagSecret",
+                },
+                policy,
+                DbExtensionHostMode.Embedded));
+
+        Assert.False(invoked);
+        Assert.Contains("No grant exists for capability 'EnvironmentVariables'.", ex.Message);
+        DbCallbackInvocationDiagnostic diagnostic = Assert.Single(
+            diagnostics,
+            diagnostic => diagnostic.Name == "DiagSecret");
+        Assert.False(diagnostic.Succeeded);
+        Assert.Equal(false, diagnostic.PolicyAllowed);
+        Assert.Equal("No grant exists for capability 'EnvironmentVariables'.", diagnostic.PolicyDenialReason);
+        Assert.Equal("PolicyDenied", diagnostic.ErrorCode);
+        Assert.Equal(typeof(DbCallbackPolicyException).FullName, diagnostic.ExceptionType);
+        Assert.Equal("Pipelines", diagnostic.Surface);
+        Assert.Equal("transforms.functions.DiagSecret", diagnostic.Location);
+    }
+
+    private sealed class CallbackObserver(List<DbCallbackInvocationDiagnostic> diagnostics)
+        : IObserver<KeyValuePair<string, object?>>
+    {
+        public void OnCompleted()
+        {
+        }
+
+        public void OnError(Exception error)
+        {
+        }
+
+        public void OnNext(KeyValuePair<string, object?> value)
+        {
+            if (value.Key == DbCallbackDiagnostics.InvocationEventName &&
+                value.Value is DbCallbackInvocationDiagnostic diagnostic)
+            {
+                diagnostics.Add(diagnostic);
+            }
+        }
+    }
+}
diff --git a/tests/CSharpDB.Tests/ClientDirectDatabaseOptionsTests.cs b/tests/CSharpDB.Tests/ClientDirectDatabaseOptionsTests.cs
index 534bfe3d..b57ba6a4 100644
--- a/tests/CSharpDB.Tests/ClientDirectDatabaseOptionsTests.cs
+++ b/tests/CSharpDB.Tests/ClientDirectDatabaseOptionsTests.cs
@@ -3,6 +3,9 @@
 using CSharpDB.Client.Models;
 using CSharpDB.Engine;
 using CSharpDB.Storage.Paging;
+using PrimitiveDbType = CSharpDB.Primitives.DbType;
+using PrimitiveDbValue = CSharpDB.Primitives.DbValue;
+using PrimitiveScalarFunctionOptions = CSharpDB.Primitives.DbScalarFunctionOptions;
 
 namespace CSharpDB.Tests;
 
@@ -54,6 +57,95 @@ public async Task DirectDatabaseOptions_AreUsedOnFirstOpen()
         }
     }
 
+    [Fact]
+    public async Task DirectDatabaseOptions_FunctionsAreUsedByDirectClient()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        string dbPath = NewTempDbPath();
+
+        try
+        {
+            await using var client = Assert.IsType<CSharpDbClient>(CSharpDbClient.Create(new CSharpDbClientOptions
+            {
+                DataSource = dbPath,
+                DirectDatabaseOptions = new DatabaseOptions().ConfigureFunctions(functions =>
+                    functions.AddScalar(
+                        "AddOne",
+                        1,
+                        new PrimitiveScalarFunctionOptions(PrimitiveDbType.Integer, IsDeterministic: true, NullPropagating: true),
+                        static (_, args) => PrimitiveDbValue.FromInteger(args[0].AsInteger + 1))),
+            }));
+
+            Assert.Null((await client.ExecuteSqlAsync("CREATE TABLE numbers (value INTEGER);", ct)).Error);
+            Assert.Null((await client.ExecuteSqlAsync("INSERT INTO numbers VALUES (41);", ct)).Error);
+
+            var result = await client.ExecuteSqlAsync("SELECT AddOne(value) FROM numbers;", ct);
+
+            Assert.Null(result.Error);
+            Assert.NotNull(result.Rows);
+            Assert.Equal(42L, result.Rows![0][0]);
+
+            await client.CreateProcedureAsync(new ProcedureDefinition
+            {
+                Name = "select_add_one",
+                BodySql = "SELECT AddOne(value) FROM numbers;",
+            }, ct);
+
+            var procedureResult = await client.ExecuteProcedureAsync("select_add_one", new Dictionary<string, object?>(), ct);
+            Assert.True(procedureResult.Succeeded, procedureResult.Error);
+            Assert.Equal(42L, procedureResult.Statements[0].Rows![0][0]);
+        }
+        finally
+        {
+            DeleteIfExists(dbPath);
+            DeleteIfExists(dbPath + ".wal");
+        }
+    }
+
+    [Fact]
+    public async Task DirectDatabaseOptions_FunctionsCanRunWithoutFromTable()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        string dbPath = NewTempDbPath();
+
+        try
+        {
+            await using var client = Assert.IsType<CSharpDbClient>(CSharpDbClient.Create(new CSharpDbClientOptions
+            {
+                DataSource = dbPath,
+                DirectDatabaseOptions = new DatabaseOptions().ConfigureFunctions(functions =>
+                {
+                    functions.AddScalar(
+                        "HostName",
+                        0,
+                        new PrimitiveScalarFunctionOptions(PrimitiveDbType.Text, IsDeterministic: true),
+                        static (_, _) => PrimitiveDbValue.FromText("admin-host"));
+                    functions.AddScalar(
+                        "Slugify",
+                        1,
+                        new PrimitiveScalarFunctionOptions(PrimitiveDbType.Text, IsDeterministic: true, NullPropagating: true),
+                        static (_, args) => PrimitiveDbValue.FromText(args[0].AsText.Trim().ToLowerInvariant().Replace(' ', '-')));
+                }),
+            }));
+
+            var zeroArgResult = await client.ExecuteSqlAsync("SELECT HostName();", ct);
+            var literalArgResult = await client.ExecuteSqlAsync("SELECT Slugify('Hello World');", ct);
+
+            Assert.Null(zeroArgResult.Error);
+            Assert.NotNull(zeroArgResult.Rows);
+            Assert.Equal("admin-host", zeroArgResult.Rows![0][0]);
+
+            Assert.Null(literalArgResult.Error);
+            Assert.NotNull(literalArgResult.Rows);
+            Assert.Equal("hello-world", literalArgResult.Rows![0][0]);
+        }
+        finally
+        {
+            DeleteIfExists(dbPath);
+            DeleteIfExists(dbPath + ".wal");
+        }
+    }
+
     [Fact]
     public async Task DirectDatabaseOptions_AreUsedAfterReleaseCachedDatabaseAsync()
     {
diff --git a/tests/CSharpDB.Tests/ClientProcedureTests.cs b/tests/CSharpDB.Tests/ClientProcedureTests.cs
index 53725d52..0bc39755 100644
--- a/tests/CSharpDB.Tests/ClientProcedureTests.cs
+++ b/tests/CSharpDB.Tests/ClientProcedureTests.cs
@@ -278,7 +278,7 @@ await CreateProcedureAsync(new ClientModels.ProcedureDefinition
     }
 
     [Fact]
-    public async Task ExecuteProcedure_BlobParameterBindingFailure_ReturnsStructuredFailure()
+    public async Task ExecuteProcedure_BlobParameter_TablelessSelectReturnsPayload()
     {
         await CreateProcedureAsync(new ClientModels.ProcedureDefinition
         {
@@ -298,9 +298,11 @@ await CreateProcedureAsync(new ClientModels.ProcedureDefinition
             ["payload"] = Convert.FromBase64String("AQID"),
         });
 
-        Assert.False(result.Succeeded);
-        Assert.Equal(0, result.FailedStatementIndex);
-        Assert.Contains("Blob parameters are not supported", result.Error ?? string.Empty);
+        Assert.True(result.Succeeded);
+        var statement = Assert.Single(result.Statements);
+        Assert.True(statement.IsQuery);
+        var row = Assert.Single(statement.Rows!);
+        Assert.Equal(Convert.FromBase64String("AQID"), Assert.IsType<byte[]>(row[0]));
     }
 
     [Fact]
diff --git a/tests/CSharpDB.Tests/ClientSqlExecutionTests.cs b/tests/CSharpDB.Tests/ClientSqlExecutionTests.cs
index ae018a74..f0864003 100644
--- a/tests/CSharpDB.Tests/ClientSqlExecutionTests.cs
+++ b/tests/CSharpDB.Tests/ClientSqlExecutionTests.cs
@@ -1,3 +1,4 @@
+using System.Globalization;
 using CSharpDB.Client;
 
 namespace CSharpDB.Tests;
@@ -45,6 +46,70 @@ INSERT INTO orders VALUES (1, 3)
         }
     }
 
+    [Fact]
+    public async Task ExecuteSqlAsync_SelectDateWithoutFrom_ReturnsDateText()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        string dbPath = Path.Combine(Path.GetTempPath(), $"csharpdb_client_test_{Guid.NewGuid():N}.db");
+
+        try
+        {
+            await using var client = CSharpDbClient.Create(new CSharpDbClientOptions
+            {
+                DataSource = dbPath,
+            });
+
+            var result = await client.ExecuteSqlAsync("SELECT Date();", ct);
+
+            Assert.Null(result.Error);
+            Assert.True(result.IsQuery);
+            Assert.NotNull(result.Rows);
+            var row = Assert.Single(result.Rows);
+            string value = Convert.ToString(row[0], CultureInfo.InvariantCulture) ?? string.Empty;
+            Assert.True(
+                DateTime.TryParseExact(value, "yyyy-MM-dd", CultureInfo.InvariantCulture, DateTimeStyles.None, out _),
+                $"Expected yyyy-MM-dd date text, got '{value}'.");
+        }
+        finally
+        {
+            DeleteIfExists(dbPath);
+            DeleteIfExists(dbPath + ".wal");
+        }
+    }
+
+    [Fact]
+    public async Task ExecuteSqlAsync_TablelessBuiltInScalarFunctions_ReturnValues()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        string dbPath = Path.Combine(Path.GetTempPath(), $"csharpdb_client_test_{Guid.NewGuid():N}.db");
+
+        try
+        {
+            await using var client = CSharpDbClient.Create(new CSharpDbClientOptions
+            {
+                DataSource = dbPath,
+            });
+
+            var result = await client.ExecuteSqlAsync(
+                "SELECT abs(1123.34), Len('abc'), UCase('abc'), DateSerial(2024, 2, 29);",
+                ct);
+
+            Assert.Null(result.Error);
+            Assert.True(result.IsQuery);
+            Assert.NotNull(result.Rows);
+            var row = Assert.Single(result.Rows);
+            Assert.Equal(1123.34, Convert.ToDouble(row[0], CultureInfo.InvariantCulture), precision: 5);
+            Assert.Equal(3L, Convert.ToInt64(row[1], CultureInfo.InvariantCulture));
+            Assert.Equal("ABC", Convert.ToString(row[2], CultureInfo.InvariantCulture));
+            Assert.Equal("2024-02-29", Convert.ToString(row[3], CultureInfo.InvariantCulture));
+        }
+        finally
+        {
+            DeleteIfExists(dbPath);
+            DeleteIfExists(dbPath + ".wal");
+        }
+    }
+
     [Fact]
     public async Task GetInfoAsync_UsesSingleDirectClientHandle()
     {
diff --git a/tests/CSharpDB.Tests/CollectionJsonElementTests.cs b/tests/CSharpDB.Tests/CollectionJsonElementTests.cs
index 4ec9fa48..30aef2f0 100644
--- a/tests/CSharpDB.Tests/CollectionJsonElementTests.cs
+++ b/tests/CSharpDB.Tests/CollectionJsonElementTests.cs
@@ -5,6 +5,15 @@ namespace CSharpDB.Tests;
 
 public sealed class CollectionJsonElementTests
 {
+    private sealed record TypedCollectionDocument(
+        string Name,
+        int Count,
+        bool Active,
+        string[] Tags,
+        TypedCollectionNested Nested);
+
+    private sealed record TypedCollectionNested(string City);
+
     [Fact]
     public async Task JsonElementCollection_RoundTripsDirectPayloadDocuments()
     {
@@ -22,4 +31,40 @@ public async Task JsonElementCollection_RoundTripsDirectPayloadDocuments()
         Assert.Equal("json", loaded.GetProperty("name").GetString());
         Assert.Equal(2, loaded.GetProperty("meta").GetProperty("count").GetInt32());
     }
+
+    [Fact]
+    public async Task JsonElementCollection_ReadsBinaryTypedDocuments()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        await using var db = await Database.OpenInMemoryAsync(ct);
+        var typedCollection = await db.GetCollectionAsync<TypedCollectionDocument>("typed_docs", ct);
+
+        await typedCollection.PutAsync(
+            "doc-1",
+            new TypedCollectionDocument(
+                "scanner",
+                2,
+                true,
+                ["alpha", "beta"],
+                new TypedCollectionNested("Seattle")),
+            ct);
+
+        var jsonCollection = await db.GetCollectionAsync<JsonElement>("typed_docs", ct);
+
+        JsonElement loaded = await jsonCollection.GetAsync("doc-1", ct);
+        Assert.Equal(JsonValueKind.Object, loaded.ValueKind);
+        Assert.Equal("scanner", loaded.GetProperty("name").GetString());
+        Assert.Equal(2, loaded.GetProperty("count").GetInt32());
+        Assert.True(loaded.GetProperty("active").GetBoolean());
+        Assert.Equal("beta", loaded.GetProperty("tags")[1].GetString());
+        Assert.Equal("Seattle", loaded.GetProperty("nested").GetProperty("city").GetString());
+
+        var scanned = new List<KeyValuePair<string, JsonElement>>();
+        await foreach (var item in jsonCollection.ScanAsync(ct))
+            scanned.Add(item);
+
+        var row = Assert.Single(scanned);
+        Assert.Equal("doc-1", row.Key);
+        Assert.Equal("scanner", row.Value.GetProperty("name").GetString());
+    }
 }
diff --git a/tests/CSharpDB.Tests/CollectionTests.cs b/tests/CSharpDB.Tests/CollectionTests.cs
index a13f21dd..6436852d 100644
--- a/tests/CSharpDB.Tests/CollectionTests.cs
+++ b/tests/CSharpDB.Tests/CollectionTests.cs
@@ -353,6 +353,33 @@ public async Task GetCollectionNames()
         Assert.Equal(new[] { "logs", "products", "users" }, names);
     }
 
+    [Fact]
+    public async Task DropCollection_RemovesCollectionAndIndexes()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        var users = await _db.GetCollectionAsync<User>("users", ct);
+
+        await users.PutAsync("u:1", new User("Alice", 30, "alice@example.com"), ct);
+        await users.EnsureIndexAsync(user => user.Name, ct);
+
+        Assert.Contains("users", _db.GetCollectionNames());
+        Assert.Contains(_db.GetIndexes(), index => index.TableName == "_col_users");
+
+        await _db.DropCollectionAsync("users", ct);
+
+        Assert.DoesNotContain("users", _db.GetCollectionNames());
+        Assert.DoesNotContain(_db.GetIndexes(), index => index.TableName == "_col_users");
+
+        await ReopenDatabaseAsync(ct);
+
+        Assert.DoesNotContain("users", _db.GetCollectionNames());
+        Assert.DoesNotContain(_db.GetIndexes(), index => index.TableName == "_col_users");
+
+        var ex = await Assert.ThrowsAsync<CSharpDbException>(
+            async () => await _db.DropCollectionAsync("users", ct));
+        Assert.Equal(ErrorCode.TableNotFound, ex.Code);
+    }
+
     [Fact]
     public async Task GetCollectionAsync_CachedCollectionLookup_ReleasesWriteGate()
     {
diff --git a/tests/CSharpDB.Tests/DbValidationRuleRegistryTests.cs b/tests/CSharpDB.Tests/DbValidationRuleRegistryTests.cs
new file mode 100644
index 00000000..533c7f48
--- /dev/null
+++ b/tests/CSharpDB.Tests/DbValidationRuleRegistryTests.cs
@@ -0,0 +1,104 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Tests;
+
+public sealed class DbValidationRuleRegistryTests
+{
+    [Fact]
+    public void AddRule_RegistersDescriptorWithValidationCapability()
+    {
+        DbValidationRuleRegistry registry = DbValidationRuleRegistry.Create(builder =>
+            builder.AddRule(
+                "CreditLimit",
+                new DbValidationRuleOptions(
+                    Description: "Rejects orders over the customer credit limit.",
+                    Timeout: TimeSpan.FromSeconds(2)),
+                static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success())));
+
+        Assert.True(registry.TryGetRule("creditlimit", out DbValidationRuleDefinition definition));
+        Assert.Equal("CreditLimit", definition.Name);
+        Assert.Equal(AutomationCallbackKind.ValidationRule, definition.Descriptor.Kind);
+        Assert.Equal(TimeSpan.FromSeconds(2), definition.Descriptor.Timeout);
+        Assert.Contains(definition.Descriptor.Capabilities, capability =>
+            capability.Name == DbExtensionCapability.ValidationRules
+            && capability.Exports is not null
+            && capability.Exports.Contains("CreditLimit"));
+        Assert.Same(definition.Descriptor, Assert.Single(registry.Callbacks));
+    }
+
+    [Fact]
+    public void AddRule_RejectsDuplicateNames()
+    {
+        ArgumentException ex = Assert.Throws<ArgumentException>(() =>
+            DbValidationRuleRegistry.Create(builder =>
+            {
+                builder.AddRule("CreditLimit", static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success()));
+                builder.AddRule("creditlimit", static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success()));
+            }));
+
+        Assert.Contains("already registered", ex.Message);
+    }
+
+    [Fact]
+    public void AddRule_RejectsInvalidNamesAndTimeouts()
+    {
+        Assert.Throws<ArgumentException>(() =>
+            DbValidationRuleRegistry.Create(builder =>
+                builder.AddRule("not valid", static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success()))));
+
+        Assert.Throws<ArgumentOutOfRangeException>(() =>
+            DbValidationRuleRegistry.Create(builder =>
+                builder.AddRule(
+                    "CreditLimit",
+                    new DbValidationRuleOptions(Timeout: TimeSpan.Zero),
+                    static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success()))));
+    }
+
+    [Fact]
+    public void Policy_DefaultHostCallbackPolicyAllowsValidationRules()
+    {
+        DbValidationRuleRegistry registry = DbValidationRuleRegistry.Create(builder =>
+            builder.AddRule("CreditLimit", static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success())));
+        DbValidationRuleDefinition definition = Assert.Single(registry.Rules);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            definition.Descriptor,
+            DbExtensionPolicies.DefaultHostCallbackPolicy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.True(decision.Allowed, decision.DenialReason);
+        Assert.Contains(decision.Capabilities, capability =>
+            capability.Name == DbExtensionCapability.ValidationRules
+            && capability.Status == DbExtensionCapabilityGrantStatus.Granted);
+    }
+
+    [Fact]
+    public void Policy_ScopedExportDenyBlocksOnlyMatchingRule()
+    {
+        DbValidationRuleRegistry registry = DbValidationRuleRegistry.Create(builder =>
+            builder.AddRule("CreditLimit", static (_, _) => ValueTask.FromResult(DbValidationRuleResult.Success())));
+        DbValidationRuleDefinition definition = Assert.Single(registry.Rules);
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ValidationRules,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    Exports: ["*"]),
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ValidationRules,
+                    DbExtensionCapabilityGrantStatus.Denied,
+                    Reason: "Credit limit validation is disabled.",
+                    Exports: ["CreditLimit"]),
+            ]);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            definition.Descriptor,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.False(decision.Allowed);
+        Assert.Equal("Credit limit validation is disabled.", decision.DenialReason);
+    }
+}
diff --git a/tests/CSharpDB.Tests/ExtensionSandbox/DbExtensionPolicyTests.cs b/tests/CSharpDB.Tests/ExtensionSandbox/DbExtensionPolicyTests.cs
new file mode 100644
index 00000000..598f6f7a
--- /dev/null
+++ b/tests/CSharpDB.Tests/ExtensionSandbox/DbExtensionPolicyTests.cs
@@ -0,0 +1,417 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Tests;
+
+public sealed class DbExtensionPolicyTests
+{
+    [Fact]
+    public void Evaluate_DeniesExtensionsWhenHostPolicyDisablesExecution()
+    {
+        DbExtensionManifest manifest = CreateCommandManifest(signature: "trusted-signature");
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: false,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+            ],
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            manifest,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.False(decision.Allowed);
+        Assert.Equal("Extension execution is disabled by host policy.", decision.DenialReason);
+    }
+
+    [Fact]
+    public void Evaluate_DeniesUnsignedExtensionWhenSignatureIsRequired()
+    {
+        DbExtensionManifest manifest = CreateCommandManifest(signature: null);
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+            ],
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            manifest,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.False(decision.Allowed);
+        Assert.Equal("Extension policy requires a signature.", decision.DenialReason);
+    }
+
+    [Fact]
+    public void Evaluate_AllowsHostCallbackWithoutArtifactSignature()
+    {
+        DbExtensionManifest manifest = CreateCommandManifest(signature: null) with
+        {
+            Runtime = DbExtensionRuntimeKind.HostCallback,
+            Entrypoint = "host:ApproveOrder",
+            ArtifactSha256 = null,
+        };
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+            ],
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            manifest,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.True(decision.Allowed);
+        Assert.Null(decision.DenialReason);
+    }
+
+    [Fact]
+    public void Evaluate_AllowsHostCallbackDescriptorWhenCapabilitiesAreGranted()
+    {
+        DbCommandRegistry registry = DbCommandRegistry.Create(commands =>
+            commands.AddCommand(
+                "ApproveOrder",
+                new DbCommandOptions(
+                    Timeout: TimeSpan.FromSeconds(2),
+                    AdditionalCapabilities:
+                    [
+                        new DbExtensionCapabilityRequest(
+                            DbExtensionCapability.ReadDatabase,
+                            Tables: ["Orders"]),
+                    ]),
+                static _ => DbCommandResult.Success()));
+        DbHostCallbackDescriptor descriptor = Assert.Single(registry.Callbacks);
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ReadDatabase,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    PolicySource: "test-policy"),
+            ],
+            DefaultTimeout: TimeSpan.FromSeconds(10),
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            descriptor,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.True(decision.Allowed);
+        Assert.Null(decision.DenialReason);
+        Assert.Equal(TimeSpan.FromSeconds(2), decision.Timeout);
+        Assert.Equal(
+            [DbExtensionCapability.Commands, DbExtensionCapability.ReadDatabase],
+            decision.Capabilities.Select(static capability => capability.Name).ToArray());
+    }
+
+    [Fact]
+    public void Evaluate_DeniesHostCallbackDescriptorWhenCapabilityIsNotGranted()
+    {
+        DbCommandRegistry registry = DbCommandRegistry.Create(commands =>
+            commands.AddCommand(
+                "NotifyExternalSystem",
+                new DbCommandOptions(
+                    AdditionalCapabilities:
+                    [
+                        new DbExtensionCapabilityRequest(DbExtensionCapability.Network),
+                    ]),
+                static _ => DbCommandResult.Success()));
+        DbHostCallbackDescriptor descriptor = Assert.Single(registry.Callbacks);
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+            ],
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            descriptor,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.False(decision.Allowed);
+        Assert.Equal("No grant exists for capability 'Network'.", decision.DenialReason);
+    }
+
+    [Fact]
+    public void Evaluate_AllowsSignedExtensionWhenRequestedCapabilitiesAreGranted()
+    {
+        DbExtensionManifest manifest = CreateCommandManifest(signature: "trusted-signature");
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    Reason: "Approved test command.",
+                    PolicySource: "unit-test"),
+            ],
+            DefaultTimeout: TimeSpan.FromSeconds(3),
+            MaxMemoryBytes: 64 * 1024 * 1024,
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            manifest,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.True(decision.Allowed);
+        Assert.Null(decision.DenialReason);
+        DbExtensionCapabilityDecision capability = Assert.Single(decision.Capabilities);
+        Assert.Equal(DbExtensionCapability.Commands, capability.Name);
+        Assert.Equal(DbExtensionCapabilityGrantStatus.Granted, capability.Status);
+        Assert.Equal("unit-test", capability.PolicySource);
+        Assert.Equal(TimeSpan.FromSeconds(3), decision.Timeout);
+        Assert.Equal(64 * 1024 * 1024, decision.MaxMemoryBytes);
+    }
+
+    [Fact]
+    public void Evaluate_DeniesExtensionWhenRequestedCapabilityIsMissing()
+    {
+        DbExtensionManifest manifest = CreateCommandManifest(signature: "trusted-signature") with
+        {
+            Capabilities =
+            [
+                new DbExtensionCapabilityRequest(DbExtensionCapability.Commands),
+                new DbExtensionCapabilityRequest(DbExtensionCapability.ReadDatabase, Tables: ["Orders"]),
+            ],
+        };
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+            ],
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            manifest,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.False(decision.Allowed);
+        Assert.Equal("No grant exists for capability 'ReadDatabase'.", decision.DenialReason);
+    }
+
+    [Fact]
+    public void Evaluate_AllowsExtensionWhenScopedGrantMatchesRequestedTable()
+    {
+        DbExtensionManifest manifest = CreateCommandManifest(signature: "trusted-signature") with
+        {
+            Capabilities =
+            [
+                new DbExtensionCapabilityRequest(DbExtensionCapability.Commands),
+                new DbExtensionCapabilityRequest(DbExtensionCapability.ReadDatabase, Tables: ["Orders"]),
+            ],
+        };
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ReadDatabase,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    Tables: ["Orders"]),
+            ],
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            manifest,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.True(decision.Allowed, decision.DenialReason);
+        Assert.All(decision.Capabilities, capability =>
+            Assert.Equal(DbExtensionCapabilityGrantStatus.Granted, capability.Status));
+    }
+
+    [Fact]
+    public void Evaluate_DeniesExtensionWhenScopedGrantDoesNotMatchRequestedTable()
+    {
+        DbExtensionManifest manifest = CreateCommandManifest(signature: "trusted-signature") with
+        {
+            Capabilities =
+            [
+                new DbExtensionCapabilityRequest(DbExtensionCapability.Commands),
+                new DbExtensionCapabilityRequest(DbExtensionCapability.ReadDatabase, Tables: ["Orders"]),
+            ],
+        };
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ReadDatabase,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    Tables: ["Customers"]),
+            ],
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            manifest,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.False(decision.Allowed);
+        Assert.Equal(
+            "No grant for capability 'ReadDatabase' matches requested exports [*], tables [Orders], scope [*].",
+            decision.DenialReason);
+    }
+
+    [Fact]
+    public void Evaluate_DenyGrantWinsOverMatchingAllowGrant()
+    {
+        DbExtensionManifest manifest = CreateCommandManifest(signature: "trusted-signature") with
+        {
+            Capabilities =
+            [
+                new DbExtensionCapabilityRequest(DbExtensionCapability.Commands),
+                new DbExtensionCapabilityRequest(DbExtensionCapability.ReadDatabase, Tables: ["Orders"]),
+            ],
+        };
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ReadDatabase,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    Tables: ["Orders"]),
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ReadDatabase,
+                    DbExtensionCapabilityGrantStatus.Denied,
+                    Reason: "Orders reads are blocked for this host.",
+                    Tables: ["Orders"]),
+            ],
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            manifest,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.False(decision.Allowed);
+        Assert.Equal("Orders reads are blocked for this host.", decision.DenialReason);
+        DbExtensionCapabilityDecision readDecision = Assert.Single(
+            decision.Capabilities,
+            capability => capability.Name == DbExtensionCapability.ReadDatabase);
+        Assert.Equal(DbExtensionCapabilityGrantStatus.Denied, readDecision.Status);
+    }
+
+    [Fact]
+    public void Evaluate_ScopedDenyDoesNotBlockDifferentScope()
+    {
+        DbExtensionManifest manifest = CreateCommandManifest(signature: "trusted-signature") with
+        {
+            Capabilities =
+            [
+                new DbExtensionCapabilityRequest(DbExtensionCapability.Commands),
+                new DbExtensionCapabilityRequest(DbExtensionCapability.ReadDatabase, Tables: ["Orders"]),
+            ],
+        };
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ReadDatabase,
+                    DbExtensionCapabilityGrantStatus.Denied,
+                    Tables: ["Payroll"]),
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.ReadDatabase,
+                    DbExtensionCapabilityGrantStatus.Granted,
+                    Tables: ["Orders"]),
+            ],
+            RequireSignature: true);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            manifest,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.True(decision.Allowed, decision.DenialReason);
+    }
+
+    [Fact]
+    public void Evaluate_DeniesExtensionWhenHostModeIsNotAllowed()
+    {
+        DbExtensionManifest manifest = CreateCommandManifest(signature: "trusted-signature");
+        var policy = new DbExtensionPolicy(
+            AllowExtensions: true,
+            Grants:
+            [
+                new DbExtensionCapabilityGrant(
+                    DbExtensionCapability.Commands,
+                    DbExtensionCapabilityGrantStatus.Granted),
+            ],
+            RequireSignature: true,
+            AllowedHostModes: DbExtensionHostMode.Daemon);
+
+        DbExtensionPolicyDecision decision = DbExtensionPolicyEvaluator.Evaluate(
+            manifest,
+            policy,
+            DbExtensionHostMode.Embedded);
+
+        Assert.False(decision.Allowed);
+        Assert.Equal("Extension execution is not allowed in Embedded mode.", decision.DenialReason);
+    }
+
+    private static DbExtensionManifest CreateCommandManifest(string? signature)
+        => new(
+            Id: "com.example.order-automation",
+            Name: "Order Automation",
+            Version: "1.2.0",
+            Runtime: DbExtensionRuntimeKind.OutOfProcess,
+            Entrypoint: "order-automation",
+            Exports:
+            [
+                new DbExtensionExport(DbExtensionExportKind.Command, "ApproveOrder"),
+            ],
+            Capabilities:
+            [
+                new DbExtensionCapabilityRequest(
+                    DbExtensionCapability.Commands,
+                    Reason: "Approve orders from form automation.",
+                    Exports: ["ApproveOrder"]),
+            ],
+            RequiredCSharpDbVersion: "9.0",
+            ArtifactSha256: "abc123",
+            Signature: signature,
+            Publisher: "Example Co.");
+}
diff --git a/tests/CSharpDB.Tests/ExtensionSandbox/OutOfProcessCommandSandboxPrototype.cs b/tests/CSharpDB.Tests/ExtensionSandbox/OutOfProcessCommandSandboxPrototype.cs
new file mode 100644
index 00000000..4fea4f47
--- /dev/null
+++ b/tests/CSharpDB.Tests/ExtensionSandbox/OutOfProcessCommandSandboxPrototype.cs
@@ -0,0 +1,460 @@
+using System.Diagnostics;
+using System.Text.Json;
+
+namespace CSharpDB.Tests;
+
+internal sealed class OutOfProcessCommandSandboxPrototype
+{
+    private static readonly SemaphoreSlim s_buildLock = new(1, 1);
+    private readonly string _workerAssemblyPath;
+
+    private OutOfProcessCommandSandboxPrototype(string workerAssemblyPath)
+    {
+        _workerAssemblyPath = workerAssemblyPath;
+    }
+
+    public static async Task<OutOfProcessCommandSandboxPrototype> CreateAsync(CancellationToken ct)
+    {
+        string workerAssemblyPath = GetWorkerAssemblyPath();
+        if (!File.Exists(workerAssemblyPath))
+            await BuildWorkerAsync(ct);
+
+        return new OutOfProcessCommandSandboxPrototype(workerAssemblyPath);
+    }
+
+    public async Task<SandboxInvocationResult> InvokeCommandAsync(
+        string name,
+        IReadOnlyDictionary<string, object?>? arguments,
+        TimeSpan timeout,
+        CancellationToken ct,
+        SandboxResourceLimits? resourceLimits = null)
+    {
+        await using OutOfProcessCommandSandboxSession session = StartSession();
+        return await session.InvokeCommandAsync(name, arguments, timeout, ct, resourceLimits);
+    }
+
+    public OutOfProcessCommandSandboxSession StartSession()
+        => new(_workerAssemblyPath);
+
+    private static async Task BuildWorkerAsync(CancellationToken ct)
+    {
+        await s_buildLock.WaitAsync(ct);
+        try
+        {
+            string workerAssemblyPath = GetWorkerAssemblyPath();
+            if (File.Exists(workerAssemblyPath))
+                return;
+
+            var startInfo = new ProcessStartInfo
+            {
+                FileName = GetDotNetHostPath(),
+                RedirectStandardOutput = true,
+                RedirectStandardError = true,
+                UseShellExecute = false,
+                CreateNoWindow = true,
+            };
+            startInfo.ArgumentList.Add("build");
+            startInfo.ArgumentList.Add(GetWorkerProjectPath());
+            startInfo.ArgumentList.Add("--configuration");
+            startInfo.ArgumentList.Add(GetConfiguration());
+            startInfo.ArgumentList.Add("--nologo");
+
+            using var process = new Process { StartInfo = startInfo };
+            process.Start();
+            await process.WaitForExitAsync(ct);
+            if (process.ExitCode != 0)
+            {
+                string stdout = await process.StandardOutput.ReadToEndAsync(ct);
+                string stderr = await process.StandardError.ReadToEndAsync(ct);
+                throw new InvalidOperationException(
+                    $"Failed to build extension sandbox worker. Exit code {process.ExitCode}.{Environment.NewLine}{stdout}{Environment.NewLine}{stderr}");
+            }
+        }
+        finally
+        {
+            s_buildLock.Release();
+        }
+    }
+
+    private static string GetWorkerAssemblyPath()
+        => Path.Combine(
+            GetRepositoryRoot(),
+            "tests",
+            "CSharpDB.ExtensionSandbox.Worker",
+            "bin",
+            GetConfiguration(),
+            "net10.0",
+            "CSharpDB.ExtensionSandbox.Worker.dll");
+
+    private static string GetWorkerProjectPath()
+        => Path.Combine(
+            GetRepositoryRoot(),
+            "tests",
+            "CSharpDB.ExtensionSandbox.Worker",
+            "CSharpDB.ExtensionSandbox.Worker.csproj");
+
+    private static string GetRepositoryRoot()
+    {
+        DirectoryInfo? current = new(AppContext.BaseDirectory);
+        while (current is not null)
+        {
+            if (File.Exists(Path.Combine(current.FullName, "CSharpDB.slnx")))
+                return current.FullName;
+
+            current = current.Parent;
+        }
+
+        throw new InvalidOperationException("Could not find CSharpDB repository root.");
+    }
+
+    private static string GetConfiguration()
+        => AppContext.BaseDirectory.Contains(
+            $"{Path.DirectorySeparatorChar}Release{Path.DirectorySeparatorChar}",
+            StringComparison.OrdinalIgnoreCase)
+                ? "Release"
+                : "Debug";
+
+    private static string GetDotNetHostPath()
+        => Environment.GetEnvironmentVariable("DOTNET_HOST_PATH") ?? "dotnet";
+}
+
+internal sealed class OutOfProcessCommandSandboxSession : IAsyncDisposable
+{
+    private readonly Process _process;
+    private bool _disposed;
+
+    public OutOfProcessCommandSandboxSession(string workerAssemblyPath)
+    {
+        var startInfo = new ProcessStartInfo
+        {
+            FileName = GetDotNetHostPath(),
+            RedirectStandardInput = true,
+            RedirectStandardOutput = true,
+            RedirectStandardError = true,
+            UseShellExecute = false,
+            CreateNoWindow = true,
+        };
+        startInfo.ArgumentList.Add(workerAssemblyPath);
+
+        _process = new Process { StartInfo = startInfo };
+        Stopwatch stopwatch = Stopwatch.StartNew();
+        _process.Start();
+        StartupElapsed = stopwatch.Elapsed;
+    }
+
+    public TimeSpan StartupElapsed { get; }
+
+    public async Task<SandboxInvocationResult> InvokeCommandAsync(
+        string name,
+        IReadOnlyDictionary<string, object?>? arguments,
+        TimeSpan timeout,
+        CancellationToken ct,
+        SandboxResourceLimits? resourceLimits = null)
+    {
+        ObjectDisposedException.ThrowIf(_disposed, this);
+        ArgumentException.ThrowIfNullOrWhiteSpace(name);
+        if (timeout <= TimeSpan.Zero)
+            throw new ArgumentOutOfRangeException(nameof(timeout), timeout, "Timeout must be greater than zero.");
+
+        var request = new SandboxCommandRequest(
+            Kind: "command",
+            Name: name,
+            Arguments: arguments,
+            Metadata: new Dictionary<string, string>
+            {
+                ["surface"] = "Phase9Prototype",
+                ["correlationId"] = Guid.NewGuid().ToString("N"),
+            });
+
+        Stopwatch stopwatch = Stopwatch.StartNew();
+        using var timeoutCts = new CancellationTokenSource(timeout);
+        using var linkedCts = CancellationTokenSource.CreateLinkedTokenSource(ct, timeoutCts.Token);
+        using var watchdogCts = new CancellationTokenSource();
+        Task<ResourceLimitViolation?>? resourceTask = StartResourceWatchdog(resourceLimits, watchdogCts.Token);
+
+        try
+        {
+            string requestJson = JsonSerializer.Serialize(request, SandboxJson.Options);
+            await _process.StandardInput.WriteLineAsync(requestJson.AsMemory(), linkedCts.Token);
+            await _process.StandardInput.FlushAsync(linkedCts.Token);
+
+            Task<string?> responseTask = _process.StandardOutput.ReadLineAsync(linkedCts.Token).AsTask();
+            Task completedTask = resourceTask is null
+                ? responseTask
+                : await Task.WhenAny(responseTask, resourceTask);
+
+            if (resourceTask is not null && completedTask == resourceTask)
+            {
+                ResourceLimitViolation? violation = await resourceTask;
+                if (violation is not null)
+                {
+                    await KillWorkerAsync(_process);
+                    return new SandboxInvocationResult(
+                        Succeeded: false,
+                        TimedOut: false,
+                        Crashed: false,
+                        ResourceLimitExceeded: true,
+                        ExitCode: GetExitCodeOrNull(_process),
+                        Elapsed: stopwatch.Elapsed,
+                        Message: $"Worker exceeded the soft working set limit of {violation.LimitBytes} bytes.",
+                        Value: null,
+                        ErrorCode: "ResourceLimitExceeded",
+                        ObservedWorkingSetBytes: violation.ObservedBytes);
+                }
+            }
+
+            string? responseLine = await responseTask;
+            if (responseLine is null)
+            {
+                await _process.WaitForExitAsync(CancellationToken.None);
+                string stderr = await _process.StandardError.ReadToEndAsync();
+                return new SandboxInvocationResult(
+                    Succeeded: false,
+                    TimedOut: false,
+                    Crashed: _process.ExitCode != 0,
+                    ResourceLimitExceeded: false,
+                    ExitCode: _process.ExitCode,
+                    Elapsed: stopwatch.Elapsed,
+                    Message: stderr,
+                    Value: null,
+                    ErrorCode: _process.ExitCode == 0 ? "ProtocolError" : "WorkerCrash");
+            }
+
+            SandboxCommandResponse? response = JsonSerializer.Deserialize<SandboxCommandResponse>(
+                responseLine,
+                SandboxJson.Options);
+
+            if (response is null)
+            {
+                return new SandboxInvocationResult(
+                    Succeeded: false,
+                    TimedOut: false,
+                    Crashed: false,
+                    ResourceLimitExceeded: false,
+                    ExitCode: GetExitCodeOrNull(_process),
+                    Elapsed: stopwatch.Elapsed,
+                    Message: "Worker returned an empty response.",
+                    Value: null,
+                    ErrorCode: "ProtocolError");
+            }
+
+            return new SandboxInvocationResult(
+                response.Succeeded,
+                TimedOut: false,
+                Crashed: false,
+                ResourceLimitExceeded: false,
+                ExitCode: GetExitCodeOrNull(_process),
+                Elapsed: stopwatch.Elapsed,
+                Message: response.Message,
+                Value: response.Value,
+                ErrorCode: response.ErrorCode);
+        }
+        catch (OperationCanceledException) when (timeoutCts.IsCancellationRequested && !ct.IsCancellationRequested)
+        {
+            await KillWorkerAsync(_process);
+            return new SandboxInvocationResult(
+                Succeeded: false,
+                TimedOut: true,
+                Crashed: false,
+                ResourceLimitExceeded: false,
+                ExitCode: GetExitCodeOrNull(_process),
+                Elapsed: stopwatch.Elapsed,
+                Message: $"Command '{name}' timed out after {timeout.TotalMilliseconds:0.###}ms.",
+                Value: null,
+                ErrorCode: "Timeout");
+        }
+        catch (OperationCanceledException)
+        {
+            await KillWorkerAsync(_process);
+            throw;
+        }
+        catch (IOException ex) when (_process.HasExited)
+        {
+            return new SandboxInvocationResult(
+                Succeeded: false,
+                TimedOut: false,
+                Crashed: _process.ExitCode != 0,
+                ResourceLimitExceeded: false,
+                ExitCode: _process.ExitCode,
+                Elapsed: stopwatch.Elapsed,
+                Message: ex.Message,
+                Value: null,
+                ErrorCode: _process.ExitCode == 0 ? "ProtocolError" : "WorkerCrash");
+        }
+        finally
+        {
+            await watchdogCts.CancelAsync();
+        }
+    }
+
+    public async ValueTask DisposeAsync()
+    {
+        if (_disposed)
+            return;
+
+        _disposed = true;
+        try
+        {
+            if (!_process.HasExited)
+            {
+                _process.StandardInput.Close();
+                using var cts = new CancellationTokenSource(TimeSpan.FromSeconds(1));
+                await _process.WaitForExitAsync(cts.Token);
+            }
+        }
+        catch (OperationCanceledException)
+        {
+            await KillWorkerAsync(_process);
+        }
+        catch (InvalidOperationException)
+        {
+        }
+        catch (IOException)
+        {
+        }
+        finally
+        {
+            _process.Dispose();
+        }
+    }
+
+    private Task<ResourceLimitViolation?>? StartResourceWatchdog(
+        SandboxResourceLimits? resourceLimits,
+        CancellationToken ct)
+    {
+        if (resourceLimits?.MaxWorkingSetBytes is not { } maxWorkingSetBytes)
+            return null;
+
+        TimeSpan pollInterval = resourceLimits.PollInterval ?? TimeSpan.FromMilliseconds(25);
+        return WatchWorkingSetAsync(_process, maxWorkingSetBytes, pollInterval, ct);
+    }
+
+    private static async Task<ResourceLimitViolation?> WatchWorkingSetAsync(
+        Process process,
+        long maxWorkingSetBytes,
+        TimeSpan pollInterval,
+        CancellationToken ct)
+    {
+        long maxObservedBytes = 0;
+        try
+        {
+            while (!ct.IsCancellationRequested && !process.HasExited)
+            {
+                process.Refresh();
+                maxObservedBytes = Math.Max(maxObservedBytes, process.WorkingSet64);
+                if (maxObservedBytes > maxWorkingSetBytes)
+                    return new ResourceLimitViolation(maxObservedBytes, maxWorkingSetBytes);
+
+                await Task.Delay(pollInterval, ct);
+            }
+        }
+        catch (OperationCanceledException)
+        {
+        }
+        catch (InvalidOperationException)
+        {
+        }
+
+        return null;
+    }
+
+    private static async Task KillWorkerAsync(Process process)
+    {
+        try
+        {
+            if (!process.HasExited)
+                process.Kill(entireProcessTree: true);
+        }
+        catch (InvalidOperationException)
+        {
+        }
+
+        try
+        {
+            if (!process.HasExited)
+                await process.WaitForExitAsync(CancellationToken.None);
+        }
+        catch (InvalidOperationException)
+        {
+        }
+    }
+
+    private static int? GetExitCodeOrNull(Process process)
+    {
+        try
+        {
+            return process.HasExited ? process.ExitCode : null;
+        }
+        catch (InvalidOperationException)
+        {
+            return null;
+        }
+    }
+
+    private static string GetDotNetHostPath()
+        => Environment.GetEnvironmentVariable("DOTNET_HOST_PATH") ?? "dotnet";
+}
+
+internal sealed record SandboxResourceLimits(
+    long? MaxWorkingSetBytes = null,
+    TimeSpan? PollInterval = null);
+
+internal sealed record SandboxLatencyMeasurements(
+    TimeSpan ColdInvocationElapsed,
+    TimeSpan WarmBatchElapsed,
+    TimeSpan WarmMedianInvocationElapsed,
+    int WarmInvocationCount)
+{
+    public static SandboxLatencyMeasurements Create(
+        SandboxInvocationResult coldInvocation,
+        IReadOnlyList<SandboxInvocationResult> warmInvocations,
+        TimeSpan warmBatchElapsed)
+    {
+        if (warmInvocations.Count == 0)
+            throw new ArgumentException("At least one warm invocation is required.", nameof(warmInvocations));
+
+        TimeSpan[] sorted = warmInvocations
+            .Select(static invocation => invocation.Elapsed)
+            .Order()
+            .ToArray();
+
+        return new SandboxLatencyMeasurements(
+            coldInvocation.Elapsed,
+            warmBatchElapsed,
+            sorted[sorted.Length / 2],
+            warmInvocations.Count);
+    }
+}
+
+internal sealed record SandboxInvocationResult(
+    bool Succeeded,
+    bool TimedOut,
+    bool Crashed,
+    bool ResourceLimitExceeded,
+    int? ExitCode,
+    TimeSpan Elapsed,
+    string? Message,
+    JsonElement? Value,
+    string? ErrorCode,
+    long? ObservedWorkingSetBytes = null);
+
+internal sealed record SandboxCommandRequest(
+    string Kind,
+    string Name,
+    IReadOnlyDictionary<string, object?>? Arguments,
+    IReadOnlyDictionary<string, string> Metadata);
+
+internal sealed record SandboxCommandResponse(
+    bool Succeeded,
+    string? Message = null,
+    JsonElement? Value = null,
+    string? ErrorCode = null);
+
+internal sealed record ResourceLimitViolation(
+    long ObservedBytes,
+    long LimitBytes);
+
+internal static class SandboxJson
+{
+    public static readonly JsonSerializerOptions Options = new(JsonSerializerDefaults.Web);
+}
diff --git a/tests/CSharpDB.Tests/ExtensionSandbox/OutOfProcessSandboxMeasurementTests.cs b/tests/CSharpDB.Tests/ExtensionSandbox/OutOfProcessSandboxMeasurementTests.cs
new file mode 100644
index 00000000..0f4af165
--- /dev/null
+++ b/tests/CSharpDB.Tests/ExtensionSandbox/OutOfProcessSandboxMeasurementTests.cs
@@ -0,0 +1,75 @@
+using System.Diagnostics;
+
+namespace CSharpDB.Tests;
+
+public sealed class OutOfProcessSandboxMeasurementTests
+{
+    [Fact]
+    public async Task InvokeCommandAsync_CapturesColdWarmAndBatchedLatencyMeasurements()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        OutOfProcessCommandSandboxPrototype sandbox = await OutOfProcessCommandSandboxPrototype.CreateAsync(ct);
+
+        SandboxInvocationResult cold = await sandbox.InvokeCommandAsync(
+            "Echo",
+            new Dictionary<string, object?> { ["message"] = "cold" },
+            TimeSpan.FromSeconds(5),
+            ct);
+
+        await using OutOfProcessCommandSandboxSession session = sandbox.StartSession();
+        var warmResults = new List<SandboxInvocationResult>();
+        Stopwatch batchStopwatch = Stopwatch.StartNew();
+        for (int i = 0; i < 8; i++)
+        {
+            SandboxInvocationResult warm = await session.InvokeCommandAsync(
+                "Echo",
+                new Dictionary<string, object?> { ["message"] = $"warm-{i}" },
+                TimeSpan.FromSeconds(5),
+                ct);
+
+            warmResults.Add(warm);
+        }
+
+        batchStopwatch.Stop();
+        SandboxLatencyMeasurements measurements = SandboxLatencyMeasurements.Create(
+            cold,
+            warmResults,
+            batchStopwatch.Elapsed);
+
+        Assert.True(cold.Succeeded);
+        Assert.All(warmResults, static result => Assert.True(result.Succeeded));
+        Assert.Equal(8, measurements.WarmInvocationCount);
+        Assert.True(measurements.ColdInvocationElapsed > TimeSpan.Zero);
+        Assert.True(measurements.WarmBatchElapsed > TimeSpan.Zero);
+        Assert.True(measurements.WarmMedianInvocationElapsed > TimeSpan.Zero);
+        Assert.True(measurements.WarmBatchElapsed < TimeSpan.FromSeconds(10));
+    }
+
+    [Fact]
+    public async Task InvokeCommandAsync_KillsWorkerWhenSoftWorkingSetLimitIsExceeded()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        OutOfProcessCommandSandboxPrototype sandbox = await OutOfProcessCommandSandboxPrototype.CreateAsync(ct);
+
+        SandboxInvocationResult result = await sandbox.InvokeCommandAsync(
+            "AllocateMemory",
+            new Dictionary<string, object?>
+            {
+                ["megabytes"] = 256,
+                ["holdMs"] = 5_000,
+            },
+            TimeSpan.FromSeconds(10),
+            ct,
+            new SandboxResourceLimits(
+                MaxWorkingSetBytes: 128L * 1024 * 1024,
+                PollInterval: TimeSpan.FromMilliseconds(10)));
+
+        Assert.False(result.Succeeded);
+        Assert.False(result.TimedOut);
+        Assert.False(result.Crashed);
+        Assert.True(result.ResourceLimitExceeded);
+        Assert.Equal("ResourceLimitExceeded", result.ErrorCode);
+        Assert.True(result.ObservedWorkingSetBytes > 128L * 1024 * 1024);
+        Assert.True(result.Elapsed < TimeSpan.FromSeconds(5));
+    }
+}
diff --git a/tests/CSharpDB.Tests/ExtensionSandbox/OutOfProcessSandboxPrototypeTests.cs b/tests/CSharpDB.Tests/ExtensionSandbox/OutOfProcessSandboxPrototypeTests.cs
new file mode 100644
index 00000000..b362e7c2
--- /dev/null
+++ b/tests/CSharpDB.Tests/ExtensionSandbox/OutOfProcessSandboxPrototypeTests.cs
@@ -0,0 +1,81 @@
+namespace CSharpDB.Tests;
+
+public sealed class OutOfProcessSandboxPrototypeTests
+{
+    [Fact]
+    public async Task InvokeCommandAsync_ReturnsJsonResponse()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        OutOfProcessCommandSandboxPrototype sandbox = await OutOfProcessCommandSandboxPrototype.CreateAsync(ct);
+
+        SandboxInvocationResult result = await sandbox.InvokeCommandAsync(
+            "Echo",
+            new Dictionary<string, object?> { ["message"] = "approved" },
+            TimeSpan.FromSeconds(5),
+            ct);
+
+        Assert.True(result.Succeeded);
+        Assert.False(result.TimedOut);
+        Assert.False(result.Crashed);
+        Assert.False(result.ResourceLimitExceeded);
+        Assert.Equal("Echo completed.", result.Message);
+        Assert.Equal("approved", result.Value?.GetString());
+        Assert.True(result.Elapsed > TimeSpan.Zero);
+    }
+
+    [Fact]
+    public async Task InvokeCommandAsync_KillsWorkerOnTimeout()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        OutOfProcessCommandSandboxPrototype sandbox = await OutOfProcessCommandSandboxPrototype.CreateAsync(ct);
+
+        SandboxInvocationResult result = await sandbox.InvokeCommandAsync(
+            "Sleep",
+            new Dictionary<string, object?> { ["delayMs"] = 5_000 },
+            TimeSpan.FromMilliseconds(150),
+            ct);
+
+        Assert.False(result.Succeeded);
+        Assert.True(result.TimedOut);
+        Assert.False(result.Crashed);
+        Assert.False(result.ResourceLimitExceeded);
+        Assert.Equal("Timeout", result.ErrorCode);
+        Assert.True(result.Elapsed < TimeSpan.FromSeconds(3));
+    }
+
+    [Fact]
+    public async Task InvokeCommandAsync_KillsWorkerOnCancellation()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        OutOfProcessCommandSandboxPrototype sandbox = await OutOfProcessCommandSandboxPrototype.CreateAsync(ct);
+        using var cts = CancellationTokenSource.CreateLinkedTokenSource(ct);
+        cts.CancelAfter(TimeSpan.FromMilliseconds(150));
+
+        await Assert.ThrowsAsync<OperationCanceledException>(
+            async () => await sandbox.InvokeCommandAsync(
+                "Sleep",
+                new Dictionary<string, object?> { ["delayMs"] = 5_000 },
+                TimeSpan.FromSeconds(5),
+                cts.Token));
+    }
+
+    [Fact]
+    public async Task InvokeCommandAsync_ReportsWorkerCrashWithoutCrashingHost()
+    {
+        var ct = TestContext.Current.CancellationToken;
+        OutOfProcessCommandSandboxPrototype sandbox = await OutOfProcessCommandSandboxPrototype.CreateAsync(ct);
+
+        SandboxInvocationResult result = await sandbox.InvokeCommandAsync(
+            "Crash",
+            arguments: null,
+            TimeSpan.FromSeconds(5),
+            ct);
+
+        Assert.False(result.Succeeded);
+        Assert.False(result.TimedOut);
+        Assert.True(result.Crashed);
+        Assert.False(result.ResourceLimitExceeded);
+        Assert.Equal(42, result.ExitCode);
+        Assert.Equal("WorkerCrash", result.ErrorCode);
+    }
+}
diff --git a/tests/CSharpDB.Tests/ParserTests.cs b/tests/CSharpDB.Tests/ParserTests.cs
index 34eef450..f08a2352 100644
--- a/tests/CSharpDB.Tests/ParserTests.cs
+++ b/tests/CSharpDB.Tests/ParserTests.cs
@@ -556,6 +556,20 @@ public void Parse_ScalarTextFunction()
         Assert.Equal("TEXT", predicate.FunctionName);
     }
 
+    [Fact]
+    public void Parse_ZeroArgumentScalarFunctionWithoutFrom()
+    {
+        var stmt = Parser.Parse("SELECT Date();");
+        var select = Assert.IsType<SelectStatement>(stmt);
+
+        Assert.IsType<SingleRowTableRef>(select.From);
+        var projection = Assert.IsType<FunctionCallExpression>(select.Columns[0].Expression);
+        Assert.Equal("DATE", projection.FunctionName);
+        Assert.Empty(projection.Arguments);
+        Assert.False(projection.IsDistinct);
+        Assert.False(projection.IsStarArg);
+    }
+
     [Fact]
     public void Parse_ScalarTextAroundAggregate()
     {
diff --git a/tests/CSharpDB.Tests/TrustedCommandRegistryTests.cs b/tests/CSharpDB.Tests/TrustedCommandRegistryTests.cs
new file mode 100644
index 00000000..6a1a8314
--- /dev/null
+++ b/tests/CSharpDB.Tests/TrustedCommandRegistryTests.cs
@@ -0,0 +1,175 @@
+using CSharpDB.Primitives;
+
+namespace CSharpDB.Tests;
+
+public sealed class TrustedCommandRegistryTests
+{
+    [Fact]
+    public async Task Registry_ValidatesNamesCollisionsAndMetadata()
+    {
+        var registry = DbCommandRegistry.Create(commands =>
+            commands.AddCommand(
+                "RecalculateInventory",
+                new DbCommandOptions(
+                    "Rebuilds inventory summaries.",
+                    Timeout: TimeSpan.FromSeconds(5),
+                    IsLongRunning: true,
+                    AdditionalCapabilities:
+                    [
+                        new DbExtensionCapabilityRequest(
+                            DbExtensionCapability.ReadDatabase,
+                            Reason: "Reads product inventory tables.",
+                            Tables: ["Products", "Inventory"]),
+                    ]),
+                static context =>
+                {
+                    Assert.Equal("RecalculateInventory", context.CommandName);
+                    Assert.Equal("AdminForms", context.Metadata["surface"]);
+                    Assert.Equal(42, context.Arguments["ProductId"].AsInteger);
+                    return DbCommandResult.Success("done", DbValue.FromText("ok"));
+                }));
+
+        Assert.True(registry.TryGetCommand("recalculateinventory", out DbCommandDefinition definition));
+        Assert.Equal("Rebuilds inventory summaries.", definition.Options.Description);
+        Assert.Equal(TimeSpan.FromSeconds(5), definition.Options.Timeout);
+        Assert.True(definition.Options.IsLongRunning);
+        Assert.Equal(AutomationCallbackKind.Command, definition.Descriptor.Kind);
+        Assert.Equal(DbExtensionRuntimeKind.HostCallback, definition.Descriptor.Runtime);
+        Assert.Equal("RecalculateInventory", definition.Descriptor.Name);
+        Assert.Null(definition.Descriptor.Arity);
+        Assert.Equal("Rebuilds inventory summaries.", definition.Descriptor.Description);
+        Assert.Equal(TimeSpan.FromSeconds(5), definition.Descriptor.Timeout);
+        Assert.True(definition.Descriptor.IsLongRunning);
+        Assert.Equal(
+            [DbExtensionCapability.Commands, DbExtensionCapability.ReadDatabase],
+            definition.Descriptor.Capabilities.Select(static capability => capability.Name).ToArray());
+        Assert.Same(definition.Descriptor, Assert.Single(registry.Callbacks));
+
+        DbCommandResult result = await definition.InvokeAsync(
+            new Dictionary<string, DbValue>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["ProductId"] = DbValue.FromInteger(42),
+            },
+            new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["surface"] = "AdminForms",
+            },
+            TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal("done", result.Message);
+        Assert.Equal("ok", result.Value.AsText);
+
+        Assert.Throws<ArgumentException>(() => DbCommandRegistry.Create(commands =>
+        {
+            commands.AddCommand("Dup", static _ => DbCommandResult.Success());
+            commands.AddCommand("dup", static _ => DbCommandResult.Success());
+        }));
+
+        Assert.Throws<ArgumentException>(() => DbCommandRegistry.Create(commands =>
+            commands.AddCommand("bad-name", static _ => DbCommandResult.Success())));
+    }
+
+    [Fact]
+    public async Task Registry_InvokesAsyncCommands()
+    {
+        var registry = DbCommandRegistry.Create(commands =>
+            commands.AddAsyncCommand(
+                "AsyncCommand",
+                static async (context, ct) =>
+                {
+                    await Task.Delay(1, ct);
+                    return DbCommandResult.Success(context.Metadata["event"]);
+                }));
+
+        Assert.True(registry.TryGetCommand("AsyncCommand", out DbCommandDefinition definition));
+
+        DbCommandResult result = await definition.InvokeAsync(
+            metadata: new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["event"] = "AfterUpdate",
+            },
+            ct: TestContext.Current.CancellationToken);
+
+        Assert.True(result.Succeeded);
+        Assert.Equal("AfterUpdate", result.Message);
+    }
+
+    [Fact]
+    public async Task Registry_AppliesCommandTimeout()
+    {
+        var registry = DbCommandRegistry.Create(commands =>
+            commands.AddAsyncCommand(
+                "SlowCommand",
+                new DbCommandOptions(Timeout: TimeSpan.FromMilliseconds(10)),
+                static async (_, ct) =>
+                {
+                    await Task.Delay(TimeSpan.FromSeconds(5), ct);
+                    return DbCommandResult.Success();
+                }));
+
+        Assert.True(registry.TryGetCommand("SlowCommand", out DbCommandDefinition definition));
+
+        TimeoutException ex = await Assert.ThrowsAsync<TimeoutException>(async () =>
+            await definition.InvokeAsync(ct: TestContext.Current.CancellationToken));
+
+        Assert.Contains("SlowCommand", ex.Message);
+        Assert.Contains("timed out", ex.Message);
+    }
+
+    [Fact]
+    public async Task Registry_DoesNotTreatDelegateTimeoutExceptionAsCommandTimeout()
+    {
+        var registry = DbCommandRegistry.Create(commands =>
+            commands.AddAsyncCommand(
+                "ServiceCommand",
+                new DbCommandOptions(Timeout: TimeSpan.FromSeconds(5)),
+                static (_, _) => Task.FromException<DbCommandResult>(
+                    new TimeoutException("Downstream service timeout."))));
+
+        Assert.True(registry.TryGetCommand("ServiceCommand", out DbCommandDefinition definition));
+
+        TimeoutException ex = await Assert.ThrowsAsync<TimeoutException>(async () =>
+            await definition.InvokeAsync(ct: TestContext.Current.CancellationToken));
+
+        Assert.Equal("Downstream service timeout.", ex.Message);
+    }
+
+    [Fact]
+    public void Registry_RejectsNonPositiveCommandTimeout()
+    {
+        Assert.Throws<ArgumentOutOfRangeException>(() => DbCommandRegistry.Create(commands =>
+            commands.AddCommand(
+                "InvalidTimeout",
+                new DbCommandOptions(Timeout: TimeSpan.Zero),
+                static _ => DbCommandResult.Success())));
+    }
+
+    [Fact]
+    public void CommandArguments_ConvertObjectDictionariesAndLetConfiguredValuesOverrideRuntimeValues()
+    {
+        Dictionary<string, DbValue> arguments = DbCommandArguments.FromObjectDictionary(
+            new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["Id"] = 7,
+                ["IsActive"] = true,
+                ["Total"] = 12.5m,
+                ["JsonInteger"] = 3.0d,
+                ["Name"] = "Alice",
+                [""] = "ignored",
+            },
+            new Dictionary<string, object?>(StringComparer.OrdinalIgnoreCase)
+            {
+                ["Name"] = "Override",
+                ["NullValue"] = null,
+            });
+
+        Assert.Equal(7, arguments["Id"].AsInteger);
+        Assert.Equal(1, arguments["IsActive"].AsInteger);
+        Assert.Equal(12.5, arguments["Total"].AsReal);
+        Assert.Equal(3, arguments["JsonInteger"].AsInteger);
+        Assert.Equal("Override", arguments["Name"].AsText);
+        Assert.True(arguments["NullValue"].IsNull);
+        Assert.False(arguments.ContainsKey(""));
+    }
+}
diff --git a/tests/CSharpDB.Tests/TrustedScalarFunctionTests.cs b/tests/CSharpDB.Tests/TrustedScalarFunctionTests.cs
new file mode 100644
index 00000000..dc436f9c
--- /dev/null
+++ b/tests/CSharpDB.Tests/TrustedScalarFunctionTests.cs
@@ -0,0 +1,164 @@
+using CSharpDB.Engine;
+using CSharpDB.Execution;
+using CSharpDB.Primitives;
+using CSharpDB.Sql;
+
+namespace CSharpDB.Tests;
+
+public sealed class TrustedScalarFunctionTests
+{
+    private static CancellationToken Ct => TestContext.Current.CancellationToken;
+
+    [Fact]
+    public void Registry_ValidatesNamesCollisionsAndMetadata()
+    {
+        var registry = DbFunctionRegistry.Create(functions =>
+            functions.AddScalar(
+                "Bump",
+                1,
+                new DbScalarFunctionOptions(
+                    DbType.Integer,
+                    IsDeterministic: true,
+                    NullPropagating: true,
+                    Description: "Adds one to an integer.",
+                    AdditionalCapabilities:
+                    [
+                        new DbExtensionCapabilityRequest(
+                            DbExtensionCapability.Clock,
+                            Reason: "Demonstrates additional host-visible capability metadata."),
+                    ]),
+                static (_, args) => DbValue.FromInteger(args[0].AsInteger + 1)));
+
+        Assert.True(registry.TryGetScalar("bump", 1, out var definition));
+        Assert.Equal(DbType.Integer, definition.Options.ReturnType);
+        Assert.True(definition.Options.IsDeterministic);
+        Assert.True(definition.Options.NullPropagating);
+        Assert.Equal(AutomationCallbackKind.ScalarFunction, definition.Descriptor.Kind);
+        Assert.Equal(DbExtensionRuntimeKind.HostCallback, definition.Descriptor.Runtime);
+        Assert.Equal("Bump", definition.Descriptor.Name);
+        Assert.Equal(1, definition.Descriptor.Arity);
+        Assert.Equal(DbType.Integer, definition.Descriptor.ReturnType);
+        Assert.Equal("Adds one to an integer.", definition.Descriptor.Description);
+        Assert.True(definition.Descriptor.IsDeterministic);
+        Assert.True(definition.Descriptor.NullPropagating);
+        Assert.Equal(
+            [DbExtensionCapability.ScalarFunctions, DbExtensionCapability.Clock],
+            definition.Descriptor.Capabilities.Select(static capability => capability.Name).ToArray());
+        Assert.Same(definition.Descriptor, Assert.Single(registry.Callbacks));
+
+        Assert.Throws<ArgumentException>(() => DbFunctionRegistry.Create(functions =>
+        {
+            functions.AddScalar("Dup", 1, static (_, _) => DbValue.Null);
+            functions.AddScalar("dup", 2, static (_, _) => DbValue.Null);
+        }));
+
+        Assert.Throws<ArgumentException>(() => DbFunctionRegistry.Create(functions =>
+            functions.AddScalar("TEXT", 1, static (_, _) => DbValue.Null)));
+    }
+
+    [Fact]
+    public void ExpressionCompiler_InvokesRegisteredFunctionAndPropagatesNull()
+    {
+        var registry = DbFunctionRegistry.Create(functions =>
+            functions.AddScalar(
+                "DoubleIt",
+                1,
+                new DbScalarFunctionOptions(DbType.Integer, IsDeterministic: true, NullPropagating: true),
+                static (_, args) => DbValue.FromInteger(args[0].AsInteger * 2)));
+
+        var schema = new TableSchema
+        {
+            TableName = "numbers",
+            Columns =
+            [
+                new ColumnDefinition { Name = "value", Type = DbType.Integer, Nullable = true },
+            ],
+        };
+
+        var expression = new FunctionCallExpression
+        {
+            FunctionName = "DoubleIt",
+            Arguments = [new ColumnRefExpression { ColumnName = "value" }],
+        };
+
+        var evaluator = ExpressionCompiler.CompileSpan(expression, schema, registry);
+
+        Assert.Equal(DbValue.FromInteger(14), evaluator([DbValue.FromInteger(7)]));
+        Assert.Equal(DbValue.Null, evaluator([DbValue.Null]));
+    }
+
+    [Fact]
+    public async Task Sql_UsesRegisteredFunctionsAcrossReadWriteAndTriggerPaths()
+    {
+        var options = CreateOptions();
+        await using var db = await Database.OpenInMemoryAsync(options, Ct);
+
+        await db.ExecuteAsync("CREATE TABLE items (id INTEGER PRIMARY KEY, name TEXT, slug TEXT)", Ct);
+        await db.ExecuteAsync("CREATE TABLE audit (slug TEXT)", Ct);
+        await db.ExecuteAsync("""
+            CREATE TRIGGER items_ai AFTER INSERT ON items
+            BEGIN
+                INSERT INTO audit VALUES (Slugify(NEW.name));
+            END
+            """, Ct);
+
+        await db.ExecuteAsync("INSERT INTO items VALUES (1, 'Hello World', Slugify('Hello World'))", Ct);
+        await db.ExecuteAsync("INSERT INTO items VALUES (2, 'Odd Name', Slugify('Odd Name'))", Ct);
+        await db.ExecuteAsync("UPDATE items SET slug = Slugify(name) WHERE IsEven(id) = 1", Ct);
+
+        await using (var result = await db.ExecuteAsync(
+            "SELECT Slugify(name) FROM items WHERE IsEven(id) = 1 ORDER BY Slugify(name) DESC",
+            Ct))
+        {
+            var rows = await result.ToListAsync(Ct);
+            Assert.Single(rows);
+            Assert.Equal("odd-name", rows[0][0].AsText);
+        }
+
+        await using (var triggerResult = await db.ExecuteAsync("SELECT slug FROM audit ORDER BY slug", Ct))
+        {
+            var rows = await triggerResult.ToListAsync(Ct);
+            Assert.Equal(["hello-world", "odd-name"], rows.Select(row => row[0].AsText).ToArray());
+        }
+    }
+
+    [Fact]
+    public async Task Sql_MissingAndThrowingFunctionsFailAndStatementRollsBack()
+    {
+        var options = CreateOptions();
+        await using var db = await Database.OpenInMemoryAsync(options, Ct);
+
+        await db.ExecuteAsync("CREATE TABLE items (id INTEGER PRIMARY KEY, name TEXT)", Ct);
+
+        var missing = await Assert.ThrowsAsync<CSharpDbException>(async () =>
+            await db.ExecuteAsync("INSERT INTO items VALUES (MissingFunc(1), 'bad')", Ct));
+        Assert.Contains("Unknown scalar function", missing.Message);
+
+        var thrown = await Assert.ThrowsAsync<CSharpDbException>(async () =>
+            await db.ExecuteAsync("INSERT INTO items VALUES (Boom(1), 'bad')", Ct));
+        Assert.Contains("Scalar function 'Boom' failed", thrown.Message);
+
+        await using var result = await db.ExecuteAsync("SELECT COUNT(*) FROM items", Ct);
+        var rows = await result.ToListAsync(Ct);
+        Assert.Equal(0, rows[0][0].AsInteger);
+    }
+
+    private static DatabaseOptions CreateOptions()
+        => new DatabaseOptions().ConfigureFunctions(functions =>
+        {
+            functions.AddScalar(
+                "Slugify",
+                1,
+                new DbScalarFunctionOptions(DbType.Text, IsDeterministic: true, NullPropagating: true),
+                static (_, args) => DbValue.FromText(args[0].AsText.ToLowerInvariant().Replace(' ', '-')));
+            functions.AddScalar(
+                "IsEven",
+                1,
+                new DbScalarFunctionOptions(DbType.Integer, IsDeterministic: true, NullPropagating: true),
+                static (_, args) => DbValue.FromInteger(args[0].AsInteger % 2 == 0 ? 1 : 0));
+            functions.AddScalar(
+                "Boom",
+                1,
+                static (_, _) => throw new InvalidOperationException("boom"));
+        });
+}
diff --git a/www/admin-ui-mockups/command-palette.html b/www/admin-ui-mockups/command-palette.html
deleted file mode 100644
index b7a51d0b..00000000
--- a/www/admin-ui-mockups/command-palette.html
+++ /dev/null
@@ -1,304 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>Command Palette — CSharpDB Studio Mockup</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css">
-<link rel="stylesheet" href="styles.css">
-<style>
-    .sidebar { padding: 10px; font-size: 12px; color: var(--text-secondary); filter: blur(2px); opacity: 0.6; }
-    .sidebar .grp { color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.6px; padding: 8px 6px 4px; }
-    .sidebar .it { padding: 4px 6px; display: flex; align-items: center; gap: 6px; }
-
-    /* dim the rest of the app while palette is open */
-    .titlebar, .tabstrip, .body, .statusbar { filter: blur(2px); }
-    .body { pointer-events: none; }
-    .scrim {
-        position: fixed; inset: 0;
-        background: rgba(10, 11, 19, 0.55);
-        z-index: 90;
-    }
-
-    /* Palette modal */
-    .palette {
-        position: fixed;
-        top: 14vh;
-        left: 50%;
-        transform: translateX(-50%);
-        width: min(640px, 92vw);
-        background: var(--bg-elevated);
-        border: 1px solid var(--border-light);
-        border-radius: var(--radius-lg);
-        box-shadow: var(--shadow-popup);
-        z-index: 100;
-        overflow: hidden;
-        display: flex;
-        flex-direction: column;
-        max-height: 70vh;
-    }
-
-    .palette-search {
-        display: flex;
-        align-items: center;
-        gap: 12px;
-        padding: 14px 18px;
-        border-bottom: 1px solid var(--border-color);
-    }
-    .palette-search .bi-search { color: var(--text-muted); font-size: 16px; }
-    .palette-search input {
-        flex: 1;
-        background: transparent;
-        border: none;
-        outline: none;
-        color: var(--text-primary);
-        font-size: 15px;
-        font-family: var(--font-ui);
-    }
-    .palette-search input::placeholder { color: var(--text-muted); }
-    .palette-search .esc { color: var(--text-muted); font-size: 11px; }
-
-    /* Filter chips */
-    .chips {
-        display: flex;
-        gap: 6px;
-        padding: 10px 18px;
-        border-bottom: 1px solid var(--border-color);
-        flex-wrap: wrap;
-    }
-    .chip {
-        padding: 3px 10px;
-        font-size: 11px;
-        border: 1px solid var(--border-color);
-        border-radius: 999px;
-        color: var(--text-secondary);
-        cursor: pointer;
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-    }
-    .chip:hover { border-color: var(--border-light); color: var(--text-primary); }
-    .chip.active {
-        background: rgba(122,162,247,0.12);
-        border-color: rgba(122,162,247,0.4);
-        color: var(--accent-blue);
-        font-weight: 600;
-    }
-
-    /* Result groups */
-    .results {
-        overflow-y: auto;
-        padding: 8px 0 12px;
-        flex: 1;
-    }
-    .group-label {
-        padding: 8px 18px 4px;
-        color: var(--text-muted);
-        font-size: 10px;
-        text-transform: uppercase;
-        letter-spacing: 0.7px;
-    }
-    .res {
-        display: grid;
-        grid-template-columns: 28px 1fr auto;
-        align-items: center;
-        gap: 12px;
-        padding: 9px 18px;
-        cursor: pointer;
-    }
-    .res:hover { background: var(--bg-hover); }
-    .res.selected {
-        background: rgba(122,162,247,0.12);
-        border-left: 2px solid var(--accent-blue);
-        padding-left: 16px;
-    }
-    .res .ico {
-        width: 24px; height: 24px;
-        border-radius: 6px;
-        display: grid; place-items: center;
-        font-size: 12px;
-        background: var(--bg-tertiary);
-    }
-    .res .label { font-size: 13px; color: var(--text-primary); }
-    .res .label .hint { color: var(--text-muted); font-size: 11px; margin-left: 6px; font-family: var(--font-mono); }
-    .res .label mark {
-        background: rgba(122,162,247,0.18);
-        color: var(--accent-blue);
-        padding: 0 2px;
-        border-radius: 2px;
-    }
-    .res .right { display: flex; gap: 4px; align-items: center; }
-    .res .badge {
-        font-size: 9px; text-transform: uppercase; letter-spacing: 0.5px;
-        padding: 2px 6px; border-radius: 4px;
-        background: rgba(122,162,247,0.12); color: var(--accent-blue);
-        font-weight: 600;
-    }
-    .res .badge.action { background: rgba(187,154,247,0.12); color: var(--accent-magenta); }
-    .res .badge.form { background: rgba(187,154,247,0.12); color: var(--accent-magenta); }
-    .res .badge.report { background: rgba(125,207,255,0.12); color: var(--accent-cyan); }
-    .res .badge.proc { background: rgba(255,158,100,0.12); color: var(--accent-orange); }
-
-    /* Footer */
-    .palette-foot {
-        padding: 10px 18px;
-        border-top: 1px solid var(--border-color);
-        display: flex;
-        gap: 16px;
-        font-size: 11px;
-        color: var(--text-muted);
-        background: var(--bg-secondary);
-    }
-    .palette-foot .group { display: inline-flex; align-items: center; gap: 5px; }
-</style>
-</head>
-<body>
-<div class="app">
-
-    <!-- TITLEBAR (dimmed background) -->
-    <div class="titlebar">
-        <div class="brand">
-            <div class="logo">C#</div>
-            <span>CSharpDB Studio</span>
-            <span class="dbname">— relational.db</span>
-        </div>
-        <button class="db-switcher"><i class="bi bi-database"></i> relational.db <i class="bi bi-caret-down-fill"></i></button>
-        <button class="palette-launcher"><i class="bi bi-search"></i> Search anything… <span class="kbd">Ctrl K</span></button>
-        <div class="spacer"></div>
-        <span class="conn-pill"><span class="dot"></span> Connected</span>
-    </div>
-
-    <div class="body">
-        <aside class="sidebar">
-            <div class="grp">★ Pinned</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Customers</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Orders</div>
-            <div class="grp">▾ Tables · 24</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Customers</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Orders</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Invoices</div>
-        </aside>
-        <div class="content">
-            <div class="tabstrip">
-                <div class="tab active"><i class="bi bi-grid-1x2 icon-table"></i> Dashboard</div>
-                <div class="tab"><i class="bi bi-table icon-table"></i> Customers <i class="bi bi-x"></i></div>
-            </div>
-        </div>
-    </div>
-
-    <div class="statusbar">
-        <span class="pill ok"><span class="dot"></span> Connected</span>
-    </div>
-</div>
-
-<!-- Scrim overlay -->
-<div class="scrim"></div>
-
-<!-- Command palette modal -->
-<div class="palette">
-    <div class="palette-search">
-        <i class="bi bi-search"></i>
-        <input value="cust" placeholder="Search tables, forms, reports, procedures, or actions…" />
-        <span class="esc kbd">Esc</span>
-    </div>
-
-    <div class="chips">
-        <span class="chip active">All</span>
-        <span class="chip"><i class="bi bi-lightning"></i> Actions</span>
-        <span class="chip"><i class="bi bi-table icon-table"></i> Tables · 4</span>
-        <span class="chip"><i class="bi bi-eye icon-view"></i> Views · 1</span>
-        <span class="chip"><i class="bi bi-ui-checks-grid icon-form"></i> Forms · 2</span>
-        <span class="chip"><i class="bi bi-file-earmark-richtext icon-report"></i> Reports · 1</span>
-        <span class="chip"><i class="bi bi-gear-wide-connected icon-trigger"></i> Procedures · 1</span>
-    </div>
-
-    <div class="results">
-
-        <div class="group-label">Tables</div>
-        <div class="res selected">
-            <div class="ico"><i class="bi bi-table icon-table"></i></div>
-            <div class="label"><mark>Cust</mark>omers <span class="hint">1,247 rows</span></div>
-            <div class="right">
-                <span class="badge">Open</span>
-                <span class="kbd">↵</span>
-            </div>
-        </div>
-        <div class="res">
-            <div class="ico"><i class="bi bi-table icon-table"></i></div>
-            <div class="label"><mark>Cust</mark>omerAddresses <span class="hint">2,109 rows</span></div>
-            <div class="right"><span class="badge">Open</span></div>
-        </div>
-        <div class="res">
-            <div class="ico"><i class="bi bi-table icon-table"></i></div>
-            <div class="label"><mark>Cust</mark>omerNotes <span class="hint">514 rows</span></div>
-            <div class="right"><span class="badge">Open</span></div>
-        </div>
-
-        <div class="group-label">Forms</div>
-        <div class="res">
-            <div class="ico"><i class="bi bi-ui-checks-grid icon-form"></i></div>
-            <div class="label"><mark>Cust</mark>omer Form <span class="hint">→ Customers</span></div>
-            <div class="right"><span class="badge form">Form</span></div>
-        </div>
-
-        <div class="group-label">Reports</div>
-        <div class="res">
-            <div class="ico"><i class="bi bi-file-earmark-richtext icon-report"></i></div>
-            <div class="label"><mark>Cust</mark>omer Sales Report <span class="hint">→ vw_customer_sales</span></div>
-            <div class="right"><span class="badge report">Report</span></div>
-        </div>
-
-        <div class="group-label">Procedures</div>
-        <div class="res">
-            <div class="ico"><i class="bi bi-gear-wide-connected icon-trigger"></i></div>
-            <div class="label">recalc_<mark>cust</mark>omer_balances</div>
-            <div class="right"><span class="badge proc">Proc</span></div>
-        </div>
-
-        <div class="group-label">Actions</div>
-        <div class="res">
-            <div class="ico"><i class="bi bi-terminal" style="color: var(--accent-blue);"></i></div>
-            <div class="label">Run: <code style="font-family: var(--font-mono); color: var(--accent-green);">SELECT * FROM Customers LIMIT 50</code></div>
-            <div class="right">
-                <span class="badge action">Action</span>
-                <span class="kbd">Ctrl ↵</span>
-            </div>
-        </div>
-        <div class="res">
-            <div class="ico"><i class="bi bi-plus-lg" style="color: var(--accent-magenta);"></i></div>
-            <div class="label">New Form for <b>Customers</b></div>
-            <div class="right"><span class="badge action">Action</span></div>
-        </div>
-        <div class="res">
-            <div class="ico"><i class="bi bi-trash3" style="color: var(--accent-red);"></i></div>
-            <div class="label">Drop table <b>Customers</b><span class="hint">requires confirm</span></div>
-            <div class="right"><span class="badge action" style="background: rgba(247,118,142,0.12); color: var(--accent-red);">Danger</span></div>
-        </div>
-
-    </div>
-
-    <div class="palette-foot">
-        <span class="group"><span class="kbd">↑</span><span class="kbd">↓</span> Navigate</span>
-        <span class="group"><span class="kbd">↵</span> Open</span>
-        <span class="group"><span class="kbd">Ctrl ↵</span> Open in new tab</span>
-        <span class="group"><span class="kbd">Tab</span> Filter by type</span>
-        <span class="group"><span class="kbd">Esc</span> Dismiss</span>
-        <div style="flex:1"></div>
-        <span>9 results in 3 ms</span>
-    </div>
-</div>
-
-<!-- Annotations -->
-<div class="notes">
-    <header><i class="bi bi-lightbulb"></i> Reality check vs. the live screen</header>
-    <ul>
-        <li><b style="color: var(--accent-green);">ALREADY EXISTS</b> — sidebar text-filter input that narrows the visible tree (case-insensitive substring match), keyboard shortcuts Ctrl+N (new query) / Ctrl+B (toggle sidebar) / Ctrl+Enter (run query) / Ctrl+W (close tab) / Ctrl+Shift+L (theme), right-click context menus on every object kind with "Open / Design / Select Top 50 / Drop" actions, modal confirm for danger ops, autocomplete inside the SQL editor.</li>
-        <li><b style="color: var(--accent-red);">DOES NOT EXIST TODAY</b> — there is no Ctrl+K palette or any global "search anything" entry point. Users must locate items via the sidebar tree or open them from a tab.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Ctrl+K palette</b> — fuzzy search across tables, views, forms, reports, procedures, and saved queries in one input.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Action items inline</b> — "Run: SELECT TOP 50 FROM X", "New Form for X", "Drop X". Surfaces what's currently buried in right-click menus.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Type filter chips</b> with keyboard Tab cycling.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Title-bar launcher</b> ("Search anything…") for discoverability.</li>
-        <li><span class="pin"></span> Danger actions still route through the existing <code>Modal.ConfirmAsync</code> with <code>isDanger:true</code> — reuses what's there.</li>
-    </ul>
-</div>
-</body>
-</html>
diff --git a/www/admin-ui-mockups/dashboard.html b/www/admin-ui-mockups/dashboard.html
deleted file mode 100644
index f909ab36..00000000
--- a/www/admin-ui-mockups/dashboard.html
+++ /dev/null
@@ -1,504 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>Dashboard — CSharpDB Studio Mockup</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css">
-<link rel="stylesheet" href="styles.css">
-<style>
-    /* Compact sidebar so the dashboard is the focus */
-    .sidebar { padding: 10px; font-size: 12px; color: var(--text-secondary); }
-    .sidebar .grp { color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.6px; padding: 8px 6px 4px; }
-    .sidebar .it { padding: 4px 6px; display: flex; align-items: center; gap: 6px; border-radius: 4px; cursor: pointer; }
-    .sidebar .it:hover { background: var(--bg-hover); color: var(--text-primary); }
-    .sidebar .it i { font-size: 13px; }
-
-    /* Dashboard layout */
-    .dash {
-        padding: 22px 28px 60px;
-        max-width: 1280px;
-        width: 100%;
-    }
-    .dash-header {
-        display: flex;
-        align-items: flex-end;
-        justify-content: space-between;
-        margin-bottom: 22px;
-    }
-    .dash-header h1 { font-size: 22px; font-weight: 700; letter-spacing: -0.01em; }
-    .dash-header .crumb { color: var(--text-muted); font-size: 12px; margin-bottom: 4px; }
-    .dash-header .actions { display: flex; gap: 8px; }
-
-    /* Stat row */
-    .stats {
-        display: grid;
-        grid-template-columns: repeat(5, 1fr);
-        gap: 12px;
-        margin-bottom: 22px;
-    }
-    .stat {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        padding: 14px 16px;
-        position: relative;
-    }
-    .stat .label { color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.6px; }
-    .stat .value { font-size: 26px; font-weight: 700; margin-top: 4px; letter-spacing: -0.02em; color: var(--text-primary); }
-    .stat .delta { font-size: 11px; margin-top: 4px; }
-    .stat .delta.up { color: var(--accent-green); }
-    .stat .delta.dn { color: var(--accent-red); }
-    .stat .icon { position: absolute; top: 14px; right: 16px; font-size: 18px; opacity: 0.45; }
-
-    .stat .bar { background: var(--bg-tertiary); border-radius: 4px; height: 6px; margin-top: 10px; overflow: hidden; }
-    .stat .bar > span { display: block; height: 100%; background: var(--accent-blue); border-radius: 4px; }
-    .stat .bar.warn > span { background: var(--accent-yellow); }
-    .stat .meta { color: var(--text-muted); font-size: 11px; margin-top: 6px; display: flex; justify-content: space-between; }
-
-    /* Two-column body */
-    .grid {
-        display: grid;
-        grid-template-columns: 2fr 1fr;
-        gap: 18px;
-    }
-
-    .panel {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        overflow: hidden;
-    }
-    .panel header {
-        padding: 12px 16px;
-        border-bottom: 1px solid var(--border-color);
-        display: flex;
-        align-items: center;
-        justify-content: space-between;
-    }
-    .panel h3 { font-size: 13px; font-weight: 600; }
-    .panel header .more { color: var(--text-muted); font-size: 11px; cursor: pointer; }
-    .panel header .more:hover { color: var(--text-primary); }
-
-    /* Top tables */
-    .tt-row {
-        display: grid;
-        grid-template-columns: 1fr 80px 100px 36px;
-        align-items: center;
-        gap: 12px;
-        padding: 10px 16px;
-        border-bottom: 1px solid var(--border-color);
-        font-size: 12px;
-    }
-    .tt-row:last-child { border-bottom: none; }
-    .tt-row .tname { display: flex; align-items: center; gap: 8px; color: var(--text-primary); }
-    .tt-row .tname .bi { color: var(--accent-blue); }
-    .tt-row .rows { color: var(--text-secondary); text-align: right; font-variant-numeric: tabular-nums; }
-    .tt-row .spark { display: flex; align-items: end; gap: 2px; height: 18px; }
-    .tt-row .spark span { width: 4px; background: var(--accent-blue); opacity: 0.6; border-radius: 1px; }
-    .tt-row .open { color: var(--text-muted); cursor: pointer; text-align: right; }
-    .tt-row .open:hover { color: var(--accent-blue); }
-
-    /* Activity feed */
-    .act-row {
-        display: grid;
-        grid-template-columns: 28px 1fr 80px;
-        align-items: start;
-        gap: 10px;
-        padding: 10px 16px;
-        border-bottom: 1px solid var(--border-color);
-        font-size: 12px;
-    }
-    .act-row:last-child { border-bottom: none; }
-    .act-row .ico {
-        width: 24px; height: 24px;
-        border-radius: 6px;
-        display: grid; place-items: center;
-        font-size: 12px;
-    }
-    .act-row .ico.q { background: rgba(122,162,247,0.12); color: var(--accent-blue); }
-    .act-row .ico.e { background: rgba(187,154,247,0.12); color: var(--accent-magenta); }
-    .act-row .ico.s { background: rgba(158,206,106,0.12); color: var(--accent-green); }
-    .act-row .ico.w { background: rgba(247,118,142,0.12); color: var(--accent-red); }
-    .act-row .body .title { color: var(--text-primary); }
-    .act-row .body .sub { color: var(--text-muted); font-size: 11px; margin-top: 2px; font-family: var(--font-mono); }
-    .act-row .when { color: var(--text-muted); font-size: 11px; text-align: right; }
-
-    /* Pinned grid */
-    .pinned {
-        display: grid;
-        grid-template-columns: 1fr 1fr;
-        gap: 8px;
-        padding: 12px;
-    }
-    .pin {
-        display: flex;
-        align-items: center;
-        gap: 8px;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-md);
-        padding: 9px 11px;
-        font-size: 12px;
-        cursor: pointer;
-    }
-    .pin:hover { border-color: var(--border-light); background: var(--bg-hover); }
-    .pin .bi { font-size: 14px; }
-
-    /* Quick actions */
-    .qa {
-        display: grid;
-        grid-template-columns: 1fr 1fr;
-        gap: 8px;
-        padding: 12px;
-    }
-    .qa-btn {
-        display: flex;
-        flex-direction: column;
-        gap: 4px;
-        align-items: flex-start;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-md);
-        padding: 12px;
-        cursor: pointer;
-        font-size: 12px;
-        color: var(--text-primary);
-    }
-    .qa-btn:hover { background: var(--bg-hover); border-color: var(--border-light); }
-    .qa-btn .ico { font-size: 16px; color: var(--accent-blue); }
-    .qa-btn .sub { color: var(--text-muted); font-size: 11px; }
-    .qa-btn .kbd { margin-top: 2px; font-size: 9px; }
-
-    /* Health */
-    .health {
-        padding: 12px 16px;
-    }
-    .h-row {
-        display: flex;
-        justify-content: space-between;
-        align-items: center;
-        padding: 6px 0;
-        font-size: 12px;
-        border-bottom: 1px dashed var(--border-color);
-    }
-    .h-row:last-child { border-bottom: none; }
-    .h-row .lbl { color: var(--text-secondary); }
-    .h-row .val { font-variant-numeric: tabular-nums; color: var(--text-primary); }
-    .h-row .val.warn { color: var(--accent-yellow); }
-    .h-row .val.ok { color: var(--accent-green); }
-</style>
-</head>
-<body>
-<div class="app">
-
-    <!-- TITLEBAR -->
-    <div class="titlebar">
-        <div class="brand">
-            <div class="logo">C#</div>
-            <span>CSharpDB Studio</span>
-            <span class="dbname">— relational.db</span>
-        </div>
-        <button class="db-switcher">
-            <i class="bi bi-database"></i> relational.db
-            <i class="bi bi-caret-down-fill"></i>
-        </button>
-        <button class="palette-launcher">
-            <i class="bi bi-search"></i> Search anything…
-            <span class="kbd">Ctrl K</span>
-        </button>
-        <div class="tb-actions">
-            <button class="tb-btn"><i class="bi bi-plus"></i> New Query</button>
-            <button class="tb-btn"><i class="bi bi-table"></i> New Table</button>
-            <button class="tb-btn"><i class="bi bi-ui-checks-grid"></i> New Form</button>
-        </div>
-        <div class="spacer"></div>
-        <span class="conn-pill"><span class="dot"></span> Connected</span>
-        <button class="tb-btn icon-only" title="Theme"><i class="bi bi-moon-stars"></i></button>
-        <button class="tb-btn icon-only" title="Sidebar"><i class="bi bi-layout-sidebar-inset"></i></button>
-        <button class="tb-btn icon-only" title="Help"><i class="bi bi-keyboard"></i></button>
-    </div>
-
-    <!-- BODY -->
-    <div class="body">
-        <!-- Mini sidebar -->
-        <aside class="sidebar">
-            <div class="grp">★ Pinned</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Customers</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Orders</div>
-            <div class="grp">⏱ Recent</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Invoices</div>
-            <div class="it"><i class="bi bi-ui-checks-grid icon-form"></i> Customer Form</div>
-            <div class="grp">▾ Tables · 24</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Customers</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Orders</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> OrderItems</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Products</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Invoices</div>
-            <div class="grp">▸ Forms · 8</div>
-            <div class="grp">▸ Reports · 5</div>
-            <div class="grp">▸ Views · 6</div>
-            <div class="grp">▸ Procedures · 11</div>
-        </aside>
-
-        <!-- Main content -->
-        <div class="content">
-            <div class="tabstrip">
-                <div class="tab active"><i class="bi bi-grid-1x2 icon-table"></i> Dashboard</div>
-                <div class="tab"><i class="bi bi-table icon-table"></i> Customers <i class="bi bi-x"></i></div>
-                <div class="tab dirty"><i class="bi bi-terminal icon-system"></i> Query 1 <i class="bi bi-x"></i></div>
-                <button class="tab-new"><i class="bi bi-plus"></i></button>
-            </div>
-
-            <div class="dash">
-                <div class="dash-header">
-                    <div>
-                        <div class="crumb">relational.db</div>
-                        <h1>Dashboard</h1>
-                    </div>
-                    <div class="actions">
-                        <button class="btn"><i class="bi bi-arrow-clockwise"></i> Refresh</button>
-                        <button class="btn primary"><i class="bi bi-plus-lg"></i> New Query</button>
-                    </div>
-                </div>
-
-                <!-- Stat cards -->
-                <div class="stats">
-                    <div class="stat">
-                        <div class="label">Tables</div>
-                        <div class="value">24</div>
-                        <div class="delta up">+2 this week</div>
-                        <i class="bi bi-table icon icon-table"></i>
-                    </div>
-                    <div class="stat">
-                        <div class="label">Views</div>
-                        <div class="value">6</div>
-                        <div class="delta">no change</div>
-                        <i class="bi bi-eye icon icon-view"></i>
-                    </div>
-                    <div class="stat">
-                        <div class="label">Procedures</div>
-                        <div class="value">11</div>
-                        <div class="delta up">+1 today</div>
-                        <i class="bi bi-gear-wide-connected icon icon-trigger"></i>
-                    </div>
-                    <div class="stat">
-                        <div class="label">Indexes</div>
-                        <div class="value">38</div>
-                        <div class="delta">across 14 tables</div>
-                        <i class="bi bi-lightning icon icon-index"></i>
-                    </div>
-                    <div class="stat">
-                        <div class="label">Storage</div>
-                        <div class="value">2.4 <span style="font-size: 14px; color: var(--text-secondary);">GB</span></div>
-                        <div class="bar warn"><span style="width: 68%"></span></div>
-                        <div class="meta"><span>2.4 GB used</span><span>3.5 GB cap</span></div>
-                    </div>
-                </div>
-
-                <div class="grid">
-                    <!-- LEFT column -->
-                    <div>
-                        <div class="panel" style="margin-bottom: 18px;">
-                            <header>
-                                <h3>Top tables by row count</h3>
-                                <span class="more">View all 24 →</span>
-                            </header>
-                            <div class="tt-row">
-                                <div class="tname"><i class="bi bi-table"></i> Customers</div>
-                                <div class="rows">1,247</div>
-                                <div class="spark">
-                                    <span style="height: 30%"></span><span style="height: 40%"></span>
-                                    <span style="height: 55%"></span><span style="height: 60%"></span>
-                                    <span style="height: 80%"></span><span style="height: 90%"></span>
-                                    <span style="height: 100%"></span>
-                                </div>
-                                <div class="open">→</div>
-                            </div>
-                            <div class="tt-row">
-                                <div class="tname"><i class="bi bi-table"></i> Orders</div>
-                                <div class="rows">8,912</div>
-                                <div class="spark">
-                                    <span style="height: 50%"></span><span style="height: 60%"></span>
-                                    <span style="height: 70%"></span><span style="height: 65%"></span>
-                                    <span style="height: 85%"></span><span style="height: 80%"></span>
-                                    <span style="height: 95%"></span>
-                                </div>
-                                <div class="open">→</div>
-                            </div>
-                            <div class="tt-row">
-                                <div class="tname"><i class="bi bi-table"></i> OrderItems</div>
-                                <div class="rows">24,310</div>
-                                <div class="spark">
-                                    <span style="height: 70%"></span><span style="height: 75%"></span>
-                                    <span style="height: 85%"></span><span style="height: 80%"></span>
-                                    <span style="height: 90%"></span><span style="height: 100%"></span>
-                                    <span style="height: 95%"></span>
-                                </div>
-                                <div class="open">→</div>
-                            </div>
-                            <div class="tt-row">
-                                <div class="tname"><i class="bi bi-table"></i> Invoices</div>
-                                <div class="rows">5,103</div>
-                                <div class="spark">
-                                    <span style="height: 25%"></span><span style="height: 30%"></span>
-                                    <span style="height: 45%"></span><span style="height: 50%"></span>
-                                    <span style="height: 60%"></span><span style="height: 70%"></span>
-                                    <span style="height: 80%"></span>
-                                </div>
-                                <div class="open">→</div>
-                            </div>
-                            <div class="tt-row">
-                                <div class="tname"><i class="bi bi-table"></i> Products</div>
-                                <div class="rows">412</div>
-                                <div class="spark">
-                                    <span style="height: 90%"></span><span style="height: 92%"></span>
-                                    <span style="height: 88%"></span><span style="height: 91%"></span>
-                                    <span style="height: 90%"></span><span style="height: 95%"></span>
-                                    <span style="height: 92%"></span>
-                                </div>
-                                <div class="open">→</div>
-                            </div>
-                        </div>
-
-                        <div class="panel">
-                            <header>
-                                <h3>Recent activity</h3>
-                                <span class="more">Open log →</span>
-                            </header>
-                            <div class="act-row">
-                                <div class="ico q"><i class="bi bi-terminal"></i></div>
-                                <div class="body">
-                                    <div class="title">Ran query on Customers</div>
-                                    <div class="sub">SELECT * FROM Customers WHERE status = 'active' LIMIT 50</div>
-                                </div>
-                                <div class="when">2m ago</div>
-                            </div>
-                            <div class="act-row">
-                                <div class="ico e"><i class="bi bi-pencil-square"></i></div>
-                                <div class="body">
-                                    <div class="title">Edited form <b>Customer Form</b></div>
-                                    <div class="sub">Added field "loyaltyTier"</div>
-                                </div>
-                                <div class="when">14m ago</div>
-                            </div>
-                            <div class="act-row">
-                                <div class="ico s"><i class="bi bi-check-circle"></i></div>
-                                <div class="body">
-                                    <div class="title">Created procedure <b>recalc_invoices</b></div>
-                                    <div class="sub">11 statements · validated</div>
-                                </div>
-                                <div class="when">1h ago</div>
-                            </div>
-                            <div class="act-row">
-                                <div class="ico w"><i class="bi bi-exclamation-triangle"></i></div>
-                                <div class="body">
-                                    <div class="title">Pipeline <b>nightly_etl</b> finished with warnings</div>
-                                    <div class="sub">3 of 1,204 rows skipped (type mismatch)</div>
-                                </div>
-                                <div class="when">3h ago</div>
-                            </div>
-                        </div>
-                    </div>
-
-                    <!-- RIGHT column -->
-                    <div>
-                        <div class="panel" style="margin-bottom: 18px;">
-                            <header>
-                                <h3>Pinned</h3>
-                                <span class="more"><i class="bi bi-pin-angle"></i></span>
-                            </header>
-                            <div class="pinned">
-                                <div class="pin"><i class="bi bi-table icon-table"></i> Customers</div>
-                                <div class="pin"><i class="bi bi-table icon-table"></i> Orders</div>
-                                <div class="pin"><i class="bi bi-ui-checks-grid icon-form"></i> Customer Form</div>
-                                <div class="pin"><i class="bi bi-file-earmark-richtext icon-report"></i> Sales Report</div>
-                                <div class="pin"><i class="bi bi-terminal icon-system"></i> "Active customers"</div>
-                                <div class="pin"><i class="bi bi-gear-wide-connected icon-trigger"></i> recalc_invoices</div>
-                            </div>
-                        </div>
-
-                        <div class="panel" style="margin-bottom: 18px;">
-                            <header><h3>Quick actions</h3></header>
-                            <div class="qa">
-                                <button class="qa-btn">
-                                    <i class="ico bi bi-terminal"></i>
-                                    <span>New Query</span>
-                                    <span class="sub">Open a SQL editor tab</span>
-                                    <span class="kbd">Ctrl N</span>
-                                </button>
-                                <button class="qa-btn">
-                                    <i class="ico bi bi-table"></i>
-                                    <span>New Table</span>
-                                    <span class="sub">Open the table designer</span>
-                                </button>
-                                <button class="qa-btn">
-                                    <i class="ico bi bi-ui-checks-grid"></i>
-                                    <span>New Form</span>
-                                    <span class="sub">Generate from a table</span>
-                                </button>
-                                <button class="qa-btn">
-                                    <i class="ico bi bi-file-earmark-richtext"></i>
-                                    <span>New Report</span>
-                                    <span class="sub">Pick table or view</span>
-                                </button>
-                                <button class="qa-btn">
-                                    <i class="ico bi bi-diagram-3"></i>
-                                    <span>New Pipeline</span>
-                                    <span class="sub">Build an ETL flow</span>
-                                </button>
-                                <button class="qa-btn">
-                                    <i class="ico bi bi-hdd-stack"></i>
-                                    <span>Storage</span>
-                                    <span class="sub">Inspect file usage</span>
-                                </button>
-                            </div>
-                        </div>
-
-                        <div class="panel">
-                            <header>
-                                <h3>Health</h3>
-                                <span class="more">Run full check →</span>
-                            </header>
-                            <div class="health">
-                                <div class="h-row"><span class="lbl">Last integrity check</span><span class="val ok">2h ago · OK</span></div>
-                                <div class="h-row"><span class="lbl">Open writer transactions</span><span class="val">1</span></div>
-                                <div class="h-row"><span class="lbl">Storage pressure</span><span class="val warn">68%</span></div>
-                                <div class="h-row"><span class="lbl">Background jobs</span><span class="val">2 running</span></div>
-                                <div class="h-row"><span class="lbl">WAL fsync mode</span><span class="val">HybridIncrementalDurable</span></div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-
-    <!-- STATUS BAR -->
-    <div class="statusbar">
-        <span class="pill ok"><span class="dot"></span> Connected</span>
-        <span class="pill"><i class="bi bi-database"></i> relational.db</span>
-        <span class="pill">24 tables · 6 views · 11 procs</span>
-        <span class="pill action"><i class="bi bi-arrow-repeat"></i> 2 background jobs</span>
-        <div class="spacer" style="flex:1"></div>
-        <span class="pill warn"><i class="bi bi-hdd"></i> 2.4 GB / 3.5 GB</span>
-        <span class="pill action"><i class="bi bi-bell"></i> 3 notifications</span>
-    </div>
-</div>
-
-<!-- Annotations -->
-<div class="notes">
-    <header><i class="bi bi-lightbulb"></i> Reality check vs. the live screen</header>
-    <ul>
-        <li><b style="color: var(--accent-green);">ALREADY EXISTS</b> — current Welcome tab shows app icon, app name, four shortcut hints (Ctrl+N / Ctrl+B / Ctrl+Enter / Ctrl+Shift+L), and a grid of table cards with a "Load row counts" button. Status bar already reports table/view/procedure counts. Title bar already has Open Database / New Query / New Table / New Form / New Procedure / New Pipeline / Storage buttons plus theme/sidebar/help toggles. ANALYZE and storage stats already accessible via the Storage tab and Query tab "Stats" shortcuts.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Stat cards row</b> with deltas and a storage-pressure bar.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Top tables panel</b> with sparklines for row-count growth — today you'd run an ad-hoc query.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Recent activity feed</b> — there's no audit/activity surface today.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Pinned objects grid</b> — pinning doesn't exist anywhere yet.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-magenta);">RESTYLE: Quick action tiles</b> — same actions as the title-bar buttons, in a more discoverable card form.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Health panel</b> — surfaces integrity, open writers, storage pressure, background jobs, WAL mode in one place. Today these are scattered across StorageTab's 11 stacked sections.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Title-bar database switcher dropdown + search-style palette launcher</b> — today there's just an "Open Database" button that opens a path prompt (no recent-databases list).</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Status-bar storage pressure / background-job ticker / notification counter</b> — current status bar shows connection state, db path, and counts.</li>
-    </ul>
-</div>
-</body>
-</html>
diff --git a/www/admin-ui-mockups/data-tab.html b/www/admin-ui-mockups/data-tab.html
deleted file mode 100644
index b1c1199f..00000000
--- a/www/admin-ui-mockups/data-tab.html
+++ /dev/null
@@ -1,495 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>Data Tab — CSharpDB Studio Mockup</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css">
-<link rel="stylesheet" href="styles.css">
-<style>
-    .sidebar { padding: 10px; font-size: 12px; color: var(--text-secondary); }
-    .sidebar .grp { color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.6px; padding: 8px 6px 4px; }
-    .sidebar .it { padding: 4px 6px; display: flex; align-items: center; gap: 6px; border-radius: 4px; cursor: pointer; }
-    .sidebar .it:hover { background: var(--bg-hover); color: var(--text-primary); }
-    .sidebar .it.active { background: rgba(122,162,247,0.1); color: var(--text-primary); border-left: 2px solid var(--accent-blue); padding-left: 4px; }
-
-    /* Toolbar */
-    .data-toolbar {
-        display: flex;
-        align-items: center;
-        gap: 12px;
-        padding: 10px 16px;
-        border-bottom: 1px solid var(--border-color);
-        background: var(--bg-secondary);
-        flex-shrink: 0;
-    }
-    .crumb {
-        display: flex;
-        align-items: center;
-        gap: 6px;
-        font-size: 12px;
-    }
-    .crumb a { color: var(--text-muted); }
-    .crumb a:hover { color: var(--text-primary); text-decoration: none; }
-    .crumb .sep { color: var(--text-muted); }
-    .crumb .obj { color: var(--text-primary); font-weight: 600; display: flex; align-items: center; gap: 6px; }
-
-    .views {
-        display: flex;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-sm);
-        overflow: hidden;
-    }
-    .views button {
-        background: transparent;
-        border: none;
-        color: var(--text-muted);
-        font-size: 11px;
-        padding: 5px 12px;
-        cursor: pointer;
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-    }
-    .views button:not(:last-child) { border-right: 1px solid var(--border-color); }
-    .views button:hover { color: var(--text-primary); }
-    .views button.active { color: var(--accent-blue); background: var(--bg-active); font-weight: 600; }
-
-    .toolbar-group {
-        display: flex;
-        align-items: center;
-        gap: 4px;
-        padding: 0 8px;
-        border-left: 1px solid var(--border-color);
-    }
-    .toolbar-group:first-of-type { border-left: none; padding-left: 0; }
-    .tg-btn {
-        background: transparent;
-        border: 1px solid transparent;
-        color: var(--text-secondary);
-        font-size: 11px;
-        padding: 5px 10px;
-        border-radius: var(--radius-sm);
-        cursor: pointer;
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-    }
-    .tg-btn:hover { background: var(--bg-hover); color: var(--text-primary); border-color: var(--border-color); }
-    .tg-btn.primary { background: var(--accent-blue); color: #0a0b13; font-weight: 600; }
-    .tg-btn.primary:hover { filter: brightness(1.08); }
-
-    .pager {
-        display: inline-flex;
-        align-items: center;
-        gap: 8px;
-        font-size: 11px;
-        color: var(--text-muted);
-        margin-left: auto;
-    }
-    .pager .nums { color: var(--text-primary); font-variant-numeric: tabular-nums; }
-    .pager button {
-        width: 24px; height: 24px;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: 4px;
-        color: var(--text-secondary);
-        cursor: pointer;
-        display: grid;
-        place-items: center;
-    }
-    .pager button:hover { color: var(--text-primary); }
-    .pager button:disabled { opacity: 0.4; cursor: not-allowed; }
-
-    /* Filter chip bar */
-    .filter-bar {
-        display: flex;
-        align-items: center;
-        gap: 8px;
-        padding: 8px 16px;
-        border-bottom: 1px solid var(--border-color);
-        background: var(--bg-primary);
-        flex-wrap: wrap;
-    }
-    .filter-bar .lbl {
-        font-size: 11px;
-        color: var(--text-muted);
-        text-transform: uppercase;
-        letter-spacing: 0.6px;
-    }
-    .fchip {
-        display: inline-flex;
-        align-items: center;
-        gap: 6px;
-        padding: 3px 4px 3px 10px;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: 999px;
-        font-size: 11.5px;
-        color: var(--text-primary);
-    }
-    .fchip .col { color: var(--accent-blue); font-weight: 600; }
-    .fchip .op { color: var(--text-muted); font-family: var(--font-mono); }
-    .fchip .val { font-family: var(--font-mono); color: var(--accent-green); }
-    .fchip .x {
-        margin-left: 2px;
-        width: 18px; height: 18px;
-        border-radius: 50%;
-        display: grid;
-        place-items: center;
-        color: var(--text-muted);
-        cursor: pointer;
-        font-size: 10px;
-    }
-    .fchip .x:hover { background: var(--bg-hover); color: var(--text-primary); }
-
-    .add-filter {
-        background: transparent;
-        border: 1px dashed var(--border-color);
-        color: var(--text-muted);
-        padding: 3px 10px;
-        font-size: 11px;
-        border-radius: 999px;
-        cursor: pointer;
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-    }
-    .add-filter:hover { color: var(--text-primary); border-color: var(--border-light); }
-
-    /* Data grid */
-    .grid-wrap { flex: 1; overflow: auto; }
-    table.grid {
-        width: 100%;
-        border-collapse: collapse;
-        font-size: 12px;
-        font-family: var(--font-mono);
-    }
-    table.grid thead th {
-        position: sticky;
-        top: 0;
-        background: var(--bg-secondary);
-        border-bottom: 1px solid var(--border-color);
-        padding: 8px 10px;
-        text-align: left;
-        color: var(--text-secondary);
-        font-family: var(--font-ui);
-        font-weight: 600;
-        font-size: 11px;
-        white-space: nowrap;
-    }
-    table.grid thead th .col-icon {
-        font-size: 10px;
-        margin-right: 5px;
-        color: var(--text-muted);
-    }
-    table.grid thead th .col-icon.int { color: var(--accent-orange); }
-    table.grid thead th .col-icon.text { color: var(--accent-cyan); }
-    table.grid thead th .col-icon.enum { color: var(--accent-magenta); }
-    table.grid thead th .col-icon.date { color: var(--accent-yellow); }
-    table.grid thead th .col-icon.bool { color: var(--accent-green); }
-    table.grid thead th .col-icon.key { color: var(--accent-yellow); }
-
-    table.grid thead th .sort {
-        margin-left: 4px;
-        opacity: 0.4;
-        font-size: 10px;
-    }
-    table.grid thead th.sorted .sort { opacity: 1; color: var(--accent-blue); }
-
-    table.grid tbody td {
-        padding: 6px 10px;
-        border-bottom: 1px solid var(--border-color);
-        white-space: nowrap;
-        color: var(--text-primary);
-    }
-    table.grid tbody tr:hover td { background: var(--bg-hover); }
-    table.grid tbody tr.selected td { background: rgba(122,162,247,0.12); }
-    table.grid tbody td .pill-status {
-        padding: 1px 8px;
-        border-radius: 999px;
-        font-size: 10.5px;
-        font-family: var(--font-ui);
-    }
-    table.grid tbody td .pill-status.active { background: rgba(158,206,106,0.12); color: var(--accent-green); }
-    table.grid tbody td .pill-status.inactive { background: rgba(120,130,169,0.12); color: var(--text-muted); }
-    table.grid tbody td .pill-status.pending { background: rgba(224,175,104,0.12); color: var(--accent-yellow); }
-    table.grid tbody td.num { text-align: right; color: var(--accent-orange); }
-    table.grid tbody td.dt { color: var(--accent-yellow); }
-    table.grid tbody td.null { color: var(--text-muted); font-style: italic; }
-    table.grid tbody td.id { color: var(--accent-blue); font-weight: 600; }
-    .row-check { width: 28px; padding: 0 0 0 10px; }
-    .row-check input { width: 13px; height: 13px; accent-color: var(--accent-blue); }
-
-    /* Bulk action bar (when rows selected) */
-    .bulk-bar {
-        position: sticky;
-        bottom: 0;
-        background: var(--bg-elevated);
-        border-top: 1px solid var(--border-light);
-        padding: 10px 16px;
-        display: flex;
-        align-items: center;
-        gap: 12px;
-        font-size: 12px;
-        box-shadow: 0 -8px 24px rgba(0,0,0,0.3);
-        z-index: 5;
-    }
-    .bulk-bar .count {
-        background: var(--accent-blue);
-        color: #0a0b13;
-        padding: 2px 9px;
-        border-radius: 999px;
-        font-weight: 600;
-    }
-    .bulk-bar .actions { display: flex; gap: 6px; margin-left: auto; }
-</style>
-</head>
-<body>
-<div class="app">
-
-    <div class="titlebar">
-        <div class="brand">
-            <div class="logo">C#</div>
-            <span>CSharpDB Studio</span>
-            <span class="dbname">— relational.db</span>
-        </div>
-        <button class="db-switcher"><i class="bi bi-database"></i> relational.db <i class="bi bi-caret-down-fill"></i></button>
-        <button class="palette-launcher"><i class="bi bi-search"></i> Search anything… <span class="kbd">Ctrl K</span></button>
-        <div class="spacer"></div>
-        <span class="conn-pill"><span class="dot"></span> Connected</span>
-        <button class="tb-btn icon-only"><i class="bi bi-moon-stars"></i></button>
-        <button class="tb-btn icon-only"><i class="bi bi-layout-sidebar-inset"></i></button>
-    </div>
-
-    <div class="body">
-        <aside class="sidebar">
-            <div class="grp">★ Pinned</div>
-            <div class="it active"><i class="bi bi-table icon-table"></i> Customers</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Orders</div>
-            <div class="grp">⏱ Recent</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Invoices</div>
-            <div class="grp">▾ Tables · 24</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Customers</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> CustomerAddresses</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> CustomerNotes</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Orders</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> OrderItems</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Invoices</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Products</div>
-        </aside>
-
-        <div class="content">
-            <div class="tabstrip">
-                <div class="tab"><i class="bi bi-grid-1x2 icon-table"></i> Dashboard</div>
-                <div class="tab active"><i class="bi bi-table icon-table"></i> Customers <i class="bi bi-x"></i></div>
-                <div class="tab dirty"><i class="bi bi-terminal icon-system"></i> Query 1 <i class="bi bi-x"></i></div>
-                <button class="tab-new"><i class="bi bi-plus"></i></button>
-            </div>
-
-            <!-- Toolbar -->
-            <div class="data-toolbar">
-                <div class="crumb">
-                    <a href="#"><i class="bi bi-table"></i> tables</a>
-                    <span class="sep">/</span>
-                    <span class="obj"><i class="bi bi-table icon-table"></i> Customers</span>
-                </div>
-
-                <div class="views">
-                    <button class="active"><i class="bi bi-grid-3x3-gap"></i> Data</button>
-                    <button><i class="bi bi-list-columns"></i> Schema</button>
-                    <button><i class="bi bi-lightning"></i> Indexes <span style="opacity:0.5;">2</span></button>
-                    <button><i class="bi bi-lightning-charge"></i> Triggers <span style="opacity:0.5;">1</span></button>
-                </div>
-
-                <div class="toolbar-group">
-                    <button class="tg-btn"><i class="bi bi-arrow-clockwise"></i> Refresh</button>
-                    <button class="tg-btn primary"><i class="bi bi-plus-lg"></i> Insert row</button>
-                </div>
-
-                <div class="toolbar-group">
-                    <button class="tg-btn"><i class="bi bi-funnel"></i> Filter</button>
-                    <button class="tg-btn"><i class="bi bi-sort-down"></i> Sort</button>
-                    <button class="tg-btn"><i class="bi bi-eye"></i> Columns</button>
-                </div>
-
-                <div class="toolbar-group">
-                    <button class="tg-btn"><i class="bi bi-download"></i> Export ▾</button>
-                    <button class="tg-btn"><i class="bi bi-upload"></i> Import</button>
-                </div>
-
-                <div class="pager">
-                    <span>Rows <span class="nums">1–25</span> of <span class="nums">1,247</span></span>
-                    <button disabled><i class="bi bi-chevron-left"></i></button>
-                    <button><i class="bi bi-chevron-right"></i></button>
-                </div>
-            </div>
-
-            <!-- Filter chip bar -->
-            <div class="filter-bar">
-                <span class="lbl">Filters:</span>
-                <span class="fchip">
-                    <span class="col">status</span>
-                    <span class="op">=</span>
-                    <span class="val">'active'</span>
-                    <span class="x"><i class="bi bi-x"></i></span>
-                </span>
-                <span class="fchip">
-                    <span class="col">created_at</span>
-                    <span class="op">≥</span>
-                    <span class="val">2026-01-01</span>
-                    <span class="x"><i class="bi bi-x"></i></span>
-                </span>
-                <span class="fchip">
-                    <span class="col">name</span>
-                    <span class="op">LIKE</span>
-                    <span class="val">'%Smith%'</span>
-                    <span class="x"><i class="bi bi-x"></i></span>
-                </span>
-                <button class="add-filter"><i class="bi bi-plus-lg"></i> Add filter</button>
-                <span style="margin-left: auto; font-size: 11px; color: var(--text-muted);">
-                    Showing <b style="color: var(--text-primary);">42</b> of 1,247 rows
-                </span>
-            </div>
-
-            <!-- Grid -->
-            <div class="grid-wrap">
-                <table class="grid">
-                    <thead>
-                    <tr>
-                        <th class="row-check"><input type="checkbox"></th>
-                        <th class="sorted"><i class="bi bi-key col-icon key"></i>id <i class="bi bi-arrow-down sort"></i></th>
-                        <th><i class="bi bi-fonts col-icon text"></i>name</th>
-                        <th><i class="bi bi-envelope col-icon text"></i>email</th>
-                        <th><i class="bi bi-toggle-on col-icon enum"></i>status</th>
-                        <th><i class="bi bi-calendar3 col-icon date"></i>created_at</th>
-                        <th><i class="bi bi-hash col-icon int"></i>order_count</th>
-                        <th><i class="bi bi-fonts col-icon text"></i>notes</th>
-                    </tr>
-                    </thead>
-                    <tbody>
-                    <tr class="selected">
-                        <td class="row-check"><input type="checkbox" checked></td>
-                        <td class="id">1</td>
-                        <td>Alice Smith</td>
-                        <td>alice@example.com</td>
-                        <td><span class="pill-status active">active</span></td>
-                        <td class="dt">2026-01-12 09:14</td>
-                        <td class="num">12</td>
-                        <td class="null">NULL</td>
-                    </tr>
-                    <tr class="selected">
-                        <td class="row-check"><input type="checkbox" checked></td>
-                        <td class="id">2</td>
-                        <td>Bob Lee</td>
-                        <td>bob@example.com</td>
-                        <td><span class="pill-status active">active</span></td>
-                        <td class="dt">2026-01-14 11:02</td>
-                        <td class="num">3</td>
-                        <td>VIP — handle with care</td>
-                    </tr>
-                    <tr>
-                        <td class="row-check"><input type="checkbox"></td>
-                        <td class="id">3</td>
-                        <td>Carol Smith</td>
-                        <td>carol@example.com</td>
-                        <td><span class="pill-status pending">pending</span></td>
-                        <td class="dt">2026-02-03 16:48</td>
-                        <td class="num">0</td>
-                        <td class="null">NULL</td>
-                    </tr>
-                    <tr>
-                        <td class="row-check"><input type="checkbox"></td>
-                        <td class="id">4</td>
-                        <td>David Smith</td>
-                        <td>dsmith@example.com</td>
-                        <td><span class="pill-status active">active</span></td>
-                        <td class="dt">2026-02-19 08:22</td>
-                        <td class="num">7</td>
-                        <td>Net 30 terms</td>
-                    </tr>
-                    <tr>
-                        <td class="row-check"><input type="checkbox"></td>
-                        <td class="id">5</td>
-                        <td>Eve Smithers</td>
-                        <td>eve@example.com</td>
-                        <td><span class="pill-status inactive">inactive</span></td>
-                        <td class="dt">2026-03-01 14:10</td>
-                        <td class="num">22</td>
-                        <td>Migrated from legacy</td>
-                    </tr>
-                    <tr>
-                        <td class="row-check"><input type="checkbox"></td>
-                        <td class="id">6</td>
-                        <td>Frank Smithy</td>
-                        <td>frank@example.com</td>
-                        <td><span class="pill-status active">active</span></td>
-                        <td class="dt">2026-03-12 10:55</td>
-                        <td class="num">1</td>
-                        <td class="null">NULL</td>
-                    </tr>
-                    <tr>
-                        <td class="row-check"><input type="checkbox"></td>
-                        <td class="id">7</td>
-                        <td>Grace Smith-Jones</td>
-                        <td>grace@example.com</td>
-                        <td><span class="pill-status active">active</span></td>
-                        <td class="dt">2026-03-22 09:17</td>
-                        <td class="num">5</td>
-                        <td>Refer-a-friend</td>
-                    </tr>
-                    <tr>
-                        <td class="row-check"><input type="checkbox"></td>
-                        <td class="id">8</td>
-                        <td>Henry Smithfield</td>
-                        <td>hank@example.com</td>
-                        <td><span class="pill-status pending">pending</span></td>
-                        <td class="dt">2026-04-02 12:38</td>
-                        <td class="num">0</td>
-                        <td class="null">NULL</td>
-                    </tr>
-                    </tbody>
-                </table>
-
-                <!-- Bulk action bar appears when rows are selected -->
-                <div class="bulk-bar">
-                    <span class="count">2 selected</span>
-                    <span style="color: var(--text-secondary);">Apply an action to the selected rows:</span>
-                    <div class="actions">
-                        <button class="tg-btn"><i class="bi bi-pencil"></i> Bulk edit…</button>
-                        <button class="tg-btn"><i class="bi bi-clipboard"></i> Copy as INSERT</button>
-                        <button class="tg-btn"><i class="bi bi-download"></i> Export</button>
-                        <button class="tg-btn" style="color: var(--accent-red); border-color: rgba(247,118,142,0.3);"><i class="bi bi-trash3"></i> Delete</button>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-
-    <div class="statusbar">
-        <span class="pill ok"><span class="dot"></span> Connected</span>
-        <span class="pill"><i class="bi bi-database"></i> relational.db</span>
-        <span class="pill"><i class="bi bi-table icon-table"></i> Customers · 1,247 rows</span>
-        <span class="pill"><i class="bi bi-funnel"></i> 3 filters · 42 visible</span>
-        <div style="flex:1"></div>
-        <span class="pill action"><i class="bi bi-clock"></i> Last refresh 2s ago</span>
-        <span class="pill warn"><i class="bi bi-hdd"></i> 2.4 GB / 3.5 GB</span>
-    </div>
-</div>
-
-<!-- Annotations -->
-<div class="notes">
-    <header><i class="bi bi-lightbulb"></i> Reality check vs. the live screen</header>
-    <ul>
-        <li><b style="color: var(--accent-green);">ALREADY EXISTS</b> — Data/Schema view switcher, Add Row, Delete (with selection count), Save, Discard, Refresh, Drop Table buttons in toolbar. Per-column filter row with Contains/StartsWith/EndsWith/Exact mode selector. Sortable headers with ↑↓ indicators. Type badges (INTEGER/TEXT/REAL/BLOB). PK badges. Pagination bar with page-size dropdown and first/prev/next/last. Inline cell editing on double-click. Right-click context menu for row actions. NULL and BLOB cell rendering.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Breadcrumb header</b> ("tables / Customers") — today the object name is right-aligned in the toolbar info area.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Filter summary chip strip</b> — a recap of all active filters as removable pills. The per-column filter row stays; this adds an overview that's currently missing.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Schema sub-tabs</b> — split the Schema view's three stacked sections (Columns, Indexes, Triggers) into sub-tabs so users don't scroll past the first section.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Export / Import</b> buttons — no export today.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Bulk action bar at bottom</b> when rows are selected — Bulk edit, Copy as INSERT, Export, Delete. Delete exists today via toolbar/context menu, but Bulk edit and Copy as INSERT are new.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-magenta);">RESTYLE</b> — type icons in column headers (replacing or supplementing the existing text badges). Status pills for enum-ish columns. Right-aligned numbers, distinct date coloring. Visual polish on top of features that already work.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Status-bar pills</b> for table-specific facts (row count, active filter count, last refresh).</li>
-    </ul>
-</div>
-</body>
-</html>
diff --git a/www/admin-ui-mockups/forms-mobile.html b/www/admin-ui-mockups/forms-mobile.html
deleted file mode 100644
index 88a82b95..00000000
--- a/www/admin-ui-mockups/forms-mobile.html
+++ /dev/null
@@ -1,760 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>Elastic Forms — CSharpDB Studio Mockup</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css">
-<link rel="stylesheet" href="styles.css">
-<style>
-    body { overflow: auto; }
-
-    /* ─── Page wrapper ───────────────────────── */
-    .page {
-        max-width: 1280px;
-        margin: 0 auto;
-        padding: 32px 28px 80px;
-    }
-
-    h1 { font-size: 22px; font-weight: 700; letter-spacing: -0.01em; margin-bottom: 6px; }
-    .crumb { color: var(--text-muted); font-size: 12px; margin-bottom: 4px; }
-    .lede { color: var(--text-secondary); font-size: 13px; max-width: 760px; margin-bottom: 20px; }
-
-    h2 {
-        font-size: 12px;
-        font-weight: 600;
-        text-transform: uppercase;
-        letter-spacing: 0.7px;
-        color: var(--text-muted);
-        margin: 32px 0 12px;
-    }
-
-    /* ─── Designer toolbar mock ──────────────── */
-    .designer-shell {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        overflow: hidden;
-    }
-
-    .d-toolbar {
-        display: flex;
-        align-items: center;
-        gap: 10px;
-        padding: 10px 14px;
-        background: var(--bg-secondary);
-        border-bottom: 1px solid var(--border-color);
-        flex-wrap: wrap;
-    }
-    .d-toolbar .grp {
-        display: flex;
-        align-items: center;
-        gap: 6px;
-        padding-right: 12px;
-        border-right: 1px solid var(--border-color);
-    }
-    .d-toolbar .grp:last-child { border-right: none; }
-    .d-toolbar .label {
-        font-size: 11px;
-        color: var(--text-muted);
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-    }
-
-    .seg {
-        display: flex;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-sm);
-        overflow: hidden;
-    }
-    .seg button {
-        background: transparent;
-        border: none;
-        color: var(--text-muted);
-        font-size: 11px;
-        padding: 5px 12px;
-        cursor: pointer;
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-    }
-    .seg button:hover { color: var(--text-primary); }
-    .seg button.active {
-        color: var(--accent-blue);
-        background: var(--bg-active);
-        font-weight: 600;
-    }
-    .seg button:not(:last-child) { border-right: 1px solid var(--border-color); }
-
-    .d-toolbar .pill {
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-        padding: 3px 10px;
-        font-size: 11px;
-        background: rgba(122,162,247,0.12);
-        color: var(--accent-blue);
-        border-radius: 999px;
-        font-weight: 600;
-    }
-    .d-toolbar .pill.warn { background: rgba(224,175,104,0.12); color: var(--accent-yellow); }
-
-    /* ─── Canvas with device frame ────────────── */
-    .canvas-area {
-        background: var(--bg-tertiary);
-        padding: 28px;
-        display: flex;
-        justify-content: center;
-        min-height: 580px;
-    }
-
-    /* Device frame: phone */
-    .device {
-        background: var(--bg-primary);
-        border: 1px solid var(--border-color);
-        border-radius: 18px;
-        box-shadow: 0 24px 48px rgba(0,0,0,0.4);
-        padding: 18px 14px;
-        position: relative;
-        flex-shrink: 0;
-    }
-    .device .notch {
-        position: absolute;
-        top: 6px;
-        left: 50%;
-        transform: translateX(-50%);
-        width: 50px;
-        height: 4px;
-        background: var(--border-light);
-        border-radius: 4px;
-    }
-    .device.phone { width: 380px; }
-    .device.tablet { width: 720px; }
-    .device.desktop {
-        width: 100%;
-        max-width: 980px;
-        border-radius: 8px;
-        padding: 20px;
-    }
-    .device-meta {
-        position: absolute;
-        bottom: -22px;
-        left: 50%;
-        transform: translateX(-50%);
-        font-size: 10px;
-        color: var(--text-muted);
-        white-space: nowrap;
-    }
-
-    /* The actual form viewport inside the device */
-    .form-viewport {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: 6px;
-        padding: 14px;
-        min-height: 460px;
-        position: relative;
-    }
-    .form-title {
-        font-size: 14px;
-        font-weight: 600;
-        margin-bottom: 4px;
-    }
-    .form-sub {
-        font-size: 11px;
-        color: var(--text-muted);
-        margin-bottom: 14px;
-    }
-
-    /* Field styles common */
-    .fld { display: flex; flex-direction: column; gap: 4px; }
-    .fld label {
-        font-size: 11px;
-        color: var(--text-secondary);
-        font-weight: 600;
-    }
-    .fld input, .fld select, .fld textarea {
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: 4px;
-        padding: 7px 10px;
-        color: var(--text-primary);
-        font-size: 12px;
-        font-family: var(--font-ui);
-        width: 100%;
-    }
-    .fld textarea { min-height: 60px; resize: vertical; }
-    .fld input:focus { outline: 2px solid var(--accent-blue); }
-    .fld .req { color: var(--accent-red); }
-    .fld .help { font-size: 10px; color: var(--text-muted); }
-
-    /* ─── DESKTOP layout: pixel-positioned (current behavior) ─── */
-    .layout-desktop {
-        position: relative;
-        height: 420px;
-        background-image:
-                linear-gradient(rgba(255,255,255,0.04) 1px, transparent 1px),
-                linear-gradient(90deg, rgba(255,255,255,0.04) 1px, transparent 1px);
-        background-size: 16px 16px;
-    }
-    .layout-desktop .fld { position: absolute; }
-
-    /* ─── ELASTIC layout: 12-col grid that collapses ─── */
-    .layout-grid {
-        display: grid;
-        grid-template-columns: repeat(12, 1fr);
-        gap: 10px 12px;
-    }
-    /* Tablet: 8-col */
-    .layout-grid.cols-8 { grid-template-columns: repeat(8, 1fr); gap: 10px; }
-    /* Mobile: 4-col with auto-stack */
-    .layout-grid.cols-4 { grid-template-columns: repeat(4, 1fr); gap: 14px; }
-
-    /* Field span helpers */
-    .col-12 { grid-column: span 12; }
-    .col-8 { grid-column: span 8; }
-    .col-6 { grid-column: span 6; }
-    .col-4 { grid-column: span 4; }
-    .col-3 { grid-column: span 3; }
-
-    /* Mobile: force every field to full row & big touch target */
-    .layout-grid.cols-4 .fld { grid-column: 1 / -1 !important; }
-    .layout-grid.cols-4 .fld input,
-    .layout-grid.cols-4 .fld select,
-    .layout-grid.cols-4 .fld textarea { padding: 12px 14px; font-size: 14px; }
-    .layout-grid.cols-4 .fld label { font-size: 12px; }
-    .layout-grid.cols-4 .actions button { padding: 12px 18px; font-size: 14px; min-height: 44px; }
-
-    /* Action row */
-    .actions {
-        display: flex;
-        justify-content: flex-end;
-        gap: 8px;
-        margin-top: 14px;
-        flex-wrap: wrap;
-    }
-    .actions button {
-        padding: 7px 14px;
-        font-size: 12px;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: 5px;
-        color: var(--text-primary);
-        cursor: pointer;
-    }
-    .actions button.primary {
-        background: var(--accent-blue);
-        color: #0a0b13;
-        border-color: var(--accent-blue);
-        font-weight: 600;
-    }
-
-    /* ─── Side-by-side device row ────────────── */
-    .device-row {
-        display: flex;
-        gap: 28px;
-        justify-content: center;
-        align-items: flex-start;
-        padding: 28px 28px 50px;
-        background: var(--bg-tertiary);
-        overflow-x: auto;
-    }
-
-    /* Property inspector style "Layout settings" panel */
-    .inspector {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        padding: 16px 18px;
-        font-size: 12.5px;
-    }
-    .inspector h3 {
-        font-size: 13px;
-        font-weight: 600;
-        margin-bottom: 10px;
-        display: flex;
-        align-items: center;
-        gap: 6px;
-    }
-    .inspector .row {
-        display: grid;
-        grid-template-columns: 140px 1fr;
-        align-items: center;
-        gap: 12px;
-        padding: 6px 0;
-        border-bottom: 1px dashed var(--border-color);
-    }
-    .inspector .row:last-of-type { border-bottom: none; }
-    .inspector .row .k { color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.5px; }
-    .inspector .row .v { color: var(--text-primary); }
-    .inspector input[type=text], .inspector input[type=number], .inspector select {
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: 4px;
-        padding: 4px 8px;
-        color: var(--text-primary);
-        font-size: 12px;
-        font-family: var(--font-ui);
-        width: 100%;
-    }
-    .inspector .swatch {
-        display: inline-flex;
-        align-items: center;
-        gap: 6px;
-    }
-    .inspector .swatch i { font-size: 13px; }
-
-    .toggle {
-        position: relative;
-        width: 38px; height: 20px;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: 10px;
-        cursor: pointer;
-        flex-shrink: 0;
-    }
-    .toggle::after {
-        content: "";
-        position: absolute;
-        top: 1px;
-        left: 1px;
-        width: 16px; height: 16px;
-        background: var(--text-muted);
-        border-radius: 50%;
-        transition: 120ms ease;
-    }
-    .toggle.on { background: rgba(122,162,247,0.3); border-color: var(--accent-blue); }
-    .toggle.on::after { left: 19px; background: var(--accent-blue); }
-
-    .two-col {
-        display: grid;
-        grid-template-columns: 1fr 320px;
-        gap: 18px;
-    }
-
-    /* Responsive shrink */
-    @media (max-width: 1080px) {
-        .two-col { grid-template-columns: 1fr; }
-    }
-</style>
-</head>
-<body>
-<div class="page">
-
-    <div class="crumb">CSharpDB.Admin.Forms · UI proposal</div>
-    <h1>Make forms mobile-friendly with an "Elastic" layout mode</h1>
-    <p class="lede">
-        Today every form rendered by <code>FormRenderer.razor</code> uses absolute pixel coordinates
-        — controls have a fixed <code>X / Y / W / H</code> from <code>Rect</code>, and on a phone the
-        form simply scrolls horizontally. The <code>LayoutDefinition</code> model already carries a
-        <code>Breakpoints</code> list and <code>ControlDefinition</code> already has
-        <code>RendererHints</code>, so the schema is responsive-ready. This proposal adds a designer
-        switch and a runtime that uses them.
-    </p>
-
-    <!-- ════════ Section 1: Designer-side switch ════════ -->
-    <h2>1 · Designer · new "Layout mode" switch</h2>
-
-    <div class="two-col">
-        <div class="designer-shell">
-            <div class="d-toolbar">
-                <div class="grp">
-                    <span class="label">Layout mode</span>
-                    <div class="seg">
-                        <button><i class="bi bi-pin-map"></i> Fixed pixels</button>
-                        <button class="active"><i class="bi bi-aspect-ratio"></i> Elastic</button>
-                    </div>
-                </div>
-                <div class="grp">
-                    <span class="label">Preview</span>
-                    <div class="seg">
-                        <button><i class="bi bi-display"></i> Desktop</button>
-                        <button class="active"><i class="bi bi-tablet"></i> Tablet</button>
-                        <button><i class="bi bi-phone"></i> Mobile</button>
-                    </div>
-                </div>
-                <div class="grp">
-                    <span class="pill"><i class="bi bi-grid-3x3-gap"></i> 12-col grid · 8 px gutter</span>
-                </div>
-                <div style="flex: 1"></div>
-                <div class="grp">
-                    <span class="pill warn"><i class="bi bi-exclamation-triangle"></i> 2 controls overflow at Mobile</span>
-                </div>
-            </div>
-
-            <div class="canvas-area" style="padding: 28px 18px;">
-                <div class="device tablet">
-                    <div class="form-viewport">
-                        <div class="form-title">Customer · CST-00142</div>
-                        <div class="form-sub">vw_customer_form · tablet preview · 720 × auto</div>
-
-                        <div class="layout-grid cols-8">
-                            <div class="fld col-4">
-                                <label>First name <span class="req">*</span></label>
-                                <input value="Alice" />
-                            </div>
-                            <div class="fld col-4">
-                                <label>Last name <span class="req">*</span></label>
-                                <input value="Smith" />
-                            </div>
-                            <div class="fld col-8">
-                                <label>Email</label>
-                                <input value="alice@example.com" />
-                            </div>
-                            <div class="fld col-3">
-                                <label>Status</label>
-                                <select><option>active</option></select>
-                            </div>
-                            <div class="fld col-3">
-                                <label>Tier</label>
-                                <select><option>Gold</option></select>
-                            </div>
-                            <div class="fld col-2">
-                                <label>Active</label>
-                                <select><option>Yes</option></select>
-                            </div>
-                            <div class="fld col-8">
-                                <label>Notes</label>
-                                <textarea>VIP customer — handle with care.</textarea>
-                            </div>
-                        </div>
-
-                        <div class="actions">
-                            <button>Cancel</button>
-                            <button class="primary">Save</button>
-                        </div>
-                    </div>
-                    <div class="device-meta">tablet · 768 px breakpoint</div>
-                </div>
-            </div>
-        </div>
-
-        <!-- Property inspector showing the Layout settings -->
-        <div class="inspector">
-            <h3><i class="bi bi-sliders" style="color: var(--accent-blue);"></i> Layout settings</h3>
-
-            <div class="row">
-                <span class="k">Mode</span>
-                <span class="v"><b>Elastic</b> · 12-col grid</span>
-            </div>
-            <div class="row">
-                <span class="k">Auto-stack on mobile</span>
-                <span class="v"><div class="toggle on"></div></span>
-            </div>
-            <div class="row">
-                <span class="k">Touch targets</span>
-                <span class="v">≥ 44 px on mobile</span>
-            </div>
-
-            <h3 style="margin-top: 16px;"><i class="bi bi-aspect-ratio" style="color: var(--accent-blue);"></i> Breakpoints</h3>
-
-            <div class="row">
-                <span class="k swatch"><i class="bi bi-display" style="color: var(--accent-green);"></i> Desktop</span>
-                <span class="v">≥ 1024 px · 12 cols</span>
-            </div>
-            <div class="row">
-                <span class="k swatch"><i class="bi bi-tablet" style="color: var(--accent-yellow);"></i> Tablet</span>
-                <span class="v">≥ 640 px · 8 cols</span>
-            </div>
-            <div class="row">
-                <span class="k swatch"><i class="bi bi-phone" style="color: var(--accent-magenta);"></i> Mobile</span>
-                <span class="v">&lt; 640 px · stacked</span>
-            </div>
-
-            <h3 style="margin-top: 16px;"><i class="bi bi-magic" style="color: var(--accent-blue);"></i> Auto-elastic</h3>
-            <div class="row">
-                <span class="k">For legacy forms</span>
-                <span class="v"><div class="toggle on"></div></span>
-            </div>
-            <p style="font-size: 11px; color: var(--text-muted); margin-top: 8px; line-height: 1.5;">
-                When a form has no breakpoint overrides, the renderer infers a 12-col grid from the
-                pixel layout (X/W → column span, Y → row order) so existing forms get a sensible
-                mobile view without redesign.
-            </p>
-        </div>
-    </div>
-
-    <!-- ════════ Section 2: Side-by-side device preview ════════ -->
-    <h2>2 · Same form at three breakpoints</h2>
-    <p class="lede" style="margin-top: -6px;">
-        One form definition, three viewport sizes. Designer can switch between them with the toolbar
-        Preview segmented control; users see the right one based on their screen.
-    </p>
-
-    <div class="device-row">
-        <!-- Desktop -->
-        <div class="device desktop" style="max-width: 540px;">
-            <div class="form-viewport">
-                <div class="form-title">Customer · CST-00142</div>
-                <div class="form-sub">desktop · 12-col</div>
-
-                <div class="layout-grid">
-                    <div class="fld col-3">
-                        <label>First name <span class="req">*</span></label>
-                        <input value="Alice" />
-                    </div>
-                    <div class="fld col-3">
-                        <label>Last name <span class="req">*</span></label>
-                        <input value="Smith" />
-                    </div>
-                    <div class="fld col-6">
-                        <label>Email</label>
-                        <input value="alice@example.com" />
-                    </div>
-                    <div class="fld col-3">
-                        <label>Status</label>
-                        <select><option>active</option></select>
-                    </div>
-                    <div class="fld col-3">
-                        <label>Tier</label>
-                        <select><option>Gold</option></select>
-                    </div>
-                    <div class="fld col-3">
-                        <label>Active</label>
-                        <select><option>Yes</option></select>
-                    </div>
-                    <div class="fld col-3">
-                        <label>Created</label>
-                        <input type="date" value="2026-01-12" />
-                    </div>
-                    <div class="fld col-12">
-                        <label>Notes</label>
-                        <textarea>VIP — handle with care.</textarea>
-                    </div>
-                </div>
-                <div class="actions">
-                    <button>Cancel</button>
-                    <button class="primary">Save</button>
-                </div>
-            </div>
-            <div class="device-meta">desktop · ≥ 1024 px</div>
-        </div>
-
-        <!-- Tablet -->
-        <div class="device tablet" style="width: 460px;">
-            <div class="form-viewport">
-                <div class="form-title">Customer · CST-00142</div>
-                <div class="form-sub">tablet · 8-col</div>
-
-                <div class="layout-grid cols-8">
-                    <div class="fld col-4">
-                        <label>First name <span class="req">*</span></label>
-                        <input value="Alice" />
-                    </div>
-                    <div class="fld col-4">
-                        <label>Last name <span class="req">*</span></label>
-                        <input value="Smith" />
-                    </div>
-                    <div class="fld col-8">
-                        <label>Email</label>
-                        <input value="alice@example.com" />
-                    </div>
-                    <div class="fld col-3">
-                        <label>Status</label>
-                        <select><option>active</option></select>
-                    </div>
-                    <div class="fld col-3">
-                        <label>Tier</label>
-                        <select><option>Gold</option></select>
-                    </div>
-                    <div class="fld col-2">
-                        <label>Active</label>
-                        <select><option>Y</option></select>
-                    </div>
-                    <div class="fld col-8">
-                        <label>Notes</label>
-                        <textarea>VIP — handle with care.</textarea>
-                    </div>
-                </div>
-                <div class="actions">
-                    <button>Cancel</button>
-                    <button class="primary">Save</button>
-                </div>
-            </div>
-            <div class="device-meta">tablet · ≥ 640 px</div>
-        </div>
-
-        <!-- Mobile -->
-        <div class="device phone">
-            <div class="notch"></div>
-            <div class="form-viewport">
-                <div class="form-title">Customer · CST-00142</div>
-                <div class="form-sub">mobile · stacked</div>
-
-                <div class="layout-grid cols-4">
-                    <div class="fld">
-                        <label>First name <span class="req">*</span></label>
-                        <input value="Alice" />
-                    </div>
-                    <div class="fld">
-                        <label>Last name <span class="req">*</span></label>
-                        <input value="Smith" />
-                    </div>
-                    <div class="fld">
-                        <label>Email</label>
-                        <input value="alice@example.com" />
-                    </div>
-                    <div class="fld">
-                        <label>Status</label>
-                        <select><option>active</option></select>
-                    </div>
-                    <div class="fld">
-                        <label>Notes</label>
-                        <textarea>VIP — handle with care.</textarea>
-                    </div>
-                </div>
-                <div class="actions">
-                    <button class="primary" style="width:100%;">Save</button>
-                </div>
-            </div>
-            <div class="device-meta">mobile · &lt; 640 px</div>
-        </div>
-    </div>
-
-    <!-- ════════ Section 3: Today vs. Elastic on a phone ════════ -->
-    <h2>3 · Today vs. Elastic on a 380 px phone</h2>
-
-    <div class="device-row" style="background: var(--bg-secondary);">
-        <!-- Today: pixel layout, horizontal scroll -->
-        <div class="device phone" style="overflow: hidden;">
-            <div class="notch"></div>
-            <div class="form-viewport" style="padding: 0; overflow: auto;">
-                <div style="padding: 14px;">
-                    <div class="form-title">Customer · CST-00142</div>
-                    <div class="form-sub" style="color: var(--accent-red);">
-                        TODAY · pixel-positioned · 800 px wide
-                    </div>
-                </div>
-                <div class="layout-desktop" style="width: 800px; height: 360px; padding: 14px;">
-                    <div class="fld" style="left:14px; top: 4px; width: 180px;">
-                        <label>First name</label>
-                        <input value="Alice" />
-                    </div>
-                    <div class="fld" style="left: 210px; top: 4px; width: 180px;">
-                        <label>Last name</label>
-                        <input value="Smith" />
-                    </div>
-                    <div class="fld" style="left: 410px; top: 4px; width: 360px;">
-                        <label>Email</label>
-                        <input value="alice@example.com" />
-                    </div>
-                    <div class="fld" style="left: 14px; top: 80px; width: 180px;">
-                        <label>Status</label>
-                        <select><option>active</option></select>
-                    </div>
-                    <div class="fld" style="left: 210px; top: 80px; width: 180px;">
-                        <label>Tier</label>
-                        <select><option>Gold</option></select>
-                    </div>
-                    <div class="fld" style="left: 410px; top: 80px; width: 360px;">
-                        <label>Notes</label>
-                        <textarea>VIP — handle with care.</textarea>
-                    </div>
-                </div>
-            </div>
-            <div class="device-meta" style="color: var(--accent-red);">Horizontal scroll · cramped · no save button visible</div>
-        </div>
-
-        <!-- Elastic on the same phone -->
-        <div class="device phone">
-            <div class="notch"></div>
-            <div class="form-viewport">
-                <div class="form-title">Customer · CST-00142</div>
-                <div class="form-sub" style="color: var(--accent-green);">
-                    ELASTIC · auto-stacked · 380 px
-                </div>
-
-                <div class="layout-grid cols-4">
-                    <div class="fld">
-                        <label>First name <span class="req">*</span></label>
-                        <input value="Alice" />
-                    </div>
-                    <div class="fld">
-                        <label>Last name <span class="req">*</span></label>
-                        <input value="Smith" />
-                    </div>
-                    <div class="fld">
-                        <label>Email</label>
-                        <input value="alice@example.com" />
-                    </div>
-                    <div class="fld">
-                        <label>Status</label>
-                        <select><option>active</option></select>
-                    </div>
-                    <div class="fld">
-                        <label>Tier</label>
-                        <select><option>Gold</option></select>
-                    </div>
-                </div>
-                <div class="actions">
-                    <button class="primary" style="width:100%;">Save</button>
-                </div>
-            </div>
-            <div class="device-meta" style="color: var(--accent-green);">Single-column · 44 px touch targets · primary action visible</div>
-        </div>
-    </div>
-
-    <!-- ════════ Section 4: Notes ════════ -->
-    <h2>4 · Implementation notes (no code changed)</h2>
-
-    <div class="inspector" style="padding: 18px 22px;">
-        <ul style="list-style: none; padding: 0;">
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Schema is already responsive-ready.</b>
-                <code>LayoutDefinition</code> has <code>Breakpoints</code> and
-                <code>ControlDefinition</code> has <code>RendererHints</code>. Per-breakpoint
-                geometry can ride in <code>RendererHints["breakpoint:mobile"] = { x, y, w, h, hidden }</code>
-                with no model migration. <code>DesignerState.IsVisibleAtBreakpoint</code> and
-                <code>GetEffectiveRect</code> already handle this design-side.
-            </li>
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Add a <code>LayoutMode</code> field to <code>LayoutDefinition</code></b>
-                — values: <code>FixedPixel</code> (today's behavior) and <code>Elastic</code>.
-                Existing forms default to <code>FixedPixel</code>, so nothing changes for them.
-            </li>
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Runtime <code>FormRenderer.razor</code> picks the layout</b> using
-                a CSS container query (or a one-time <code>window.matchMedia</code> probe) and emits
-                either:
-                <br>—  <code>position: absolute; left/top/width/height</code> (FixedPixel, today),
-                <br>—  CSS Grid with <code>grid-column: span N</code> per control (Elastic).
-            </li>
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Auto-elastic for legacy forms</b> — when a form is <code>FixedPixel</code> but the
-                viewport is below the tablet breakpoint, the renderer can synthesize a column span
-                from the original <code>Rect.Width / canvasWidth × 12</code> and order by
-                <code>Rect.Y</code>. Doesn't require redesigning every form.
-            </li>
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Designer changes</b> — toolbar gains a Layout-mode segmented control and a
-                Preview-device segmented control. The existing 8 px snap-to-grid stays. Property
-                inspector grows a "Span at desktop / tablet / mobile" row per control. The "2
-                controls overflow at Mobile" pill is a lint warning that links to the offenders.
-            </li>
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Runtime niceties</b> — touch targets ≥ 44 px on mobile, primary action sticks to
-                the bottom of the viewport, the toolbar ([DataEntry.razor toolbar](../../src/CSharpDB.Admin.Forms/Pages/DataEntry.razor)) becomes a <code>flex-wrap</code> row that
-                collapses Print/Edit-Form behind a "⋯" overflow on small screens. Print stylesheet
-                ignores breakpoints and renders the desktop layout as today.
-            </li>
-            <li style="padding: 8px 0;">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Out of scope for this proposal</b> — touch-drag in the designer (designer can
-                stay desktop-only), mobile-specific control variants (e.g. native date picker), and
-                an offline data-entry mode.
-            </li>
-        </ul>
-    </div>
-
-    <p style="font-size: 12px; color: var(--text-muted); margin-top: 28px;">
-        Back to <a href="index.html">all mockups</a>.
-    </p>
-</div>
-</body>
-</html>
diff --git a/www/admin-ui-mockups/heavy-tab.html b/www/admin-ui-mockups/heavy-tab.html
deleted file mode 100644
index 7b246ed9..00000000
--- a/www/admin-ui-mockups/heavy-tab.html
+++ /dev/null
@@ -1,409 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>Heavy tab → vertical sub-nav (Storage example) — CSharpDB Studio Mockup</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css">
-<link rel="stylesheet" href="styles.css">
-<style>
-    .sidebar { padding: 10px; font-size: 12px; color: var(--text-secondary); }
-    .sidebar .grp { color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.6px; padding: 8px 6px 4px; }
-    .sidebar .it { padding: 4px 6px; display: flex; align-items: center; gap: 6px; border-radius: 4px; cursor: pointer; }
-    .sidebar .it:hover { background: var(--bg-hover); color: var(--text-primary); }
-
-    .heavy {
-        display: grid;
-        grid-template-columns: 220px 1fr;
-        flex: 1;
-        min-height: 0;
-        overflow: hidden;
-    }
-
-    /* Vertical sub-nav rail */
-    .rail {
-        background: var(--bg-secondary);
-        border-right: 1px solid var(--border-color);
-        display: flex;
-        flex-direction: column;
-        overflow-y: auto;
-    }
-    .rail-head {
-        padding: 12px 14px 8px;
-        font-size: 11px;
-        font-weight: 600;
-        text-transform: uppercase;
-        letter-spacing: 0.7px;
-        color: var(--text-muted);
-        border-bottom: 1px solid var(--border-color);
-    }
-    .rail-section {
-        padding: 8px 0 4px;
-    }
-    .rail-section .label {
-        padding: 6px 14px 4px;
-        font-size: 10px;
-        text-transform: uppercase;
-        letter-spacing: 0.6px;
-        color: var(--text-muted);
-    }
-    .rail-item {
-        display: flex;
-        align-items: center;
-        gap: 9px;
-        padding: 7px 14px;
-        font-size: 12.5px;
-        color: var(--text-secondary);
-        cursor: pointer;
-        border-left: 2px solid transparent;
-    }
-    .rail-item:hover { color: var(--text-primary); background: var(--bg-hover); }
-    .rail-item.active {
-        color: var(--text-primary);
-        background: rgba(122,162,247,0.1);
-        border-left-color: var(--accent-blue);
-    }
-    .rail-item .ico { width: 16px; text-align: center; font-size: 13px; color: var(--text-muted); }
-    .rail-item.active .ico { color: var(--accent-blue); }
-    .rail-item .badge {
-        margin-left: auto;
-        font-size: 10px;
-        padding: 1px 7px;
-        border-radius: 999px;
-        background: rgba(255,255,255,0.06);
-        color: var(--text-muted);
-    }
-    .rail-item .badge.warn { color: var(--accent-yellow); background: rgba(224,175,104,0.15); }
-    .rail-item .badge.err { color: var(--accent-red); background: rgba(247,118,142,0.15); }
-
-    /* Main pane */
-    .pane {
-        overflow-y: auto;
-        padding: 22px 28px 60px;
-    }
-    .pane h1 {
-        font-size: 18px;
-        font-weight: 700;
-        letter-spacing: -0.01em;
-    }
-    .pane .crumb { color: var(--text-muted); font-size: 12px; margin-bottom: 4px; }
-    .pane .lede { color: var(--text-secondary); font-size: 12.5px; margin: 6px 0 18px; max-width: 720px; }
-
-    .pane-toolbar {
-        display: flex;
-        gap: 8px;
-        margin-bottom: 18px;
-    }
-
-    .card {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        margin-bottom: 16px;
-        overflow: hidden;
-    }
-    .card header {
-        padding: 12px 16px;
-        border-bottom: 1px solid var(--border-color);
-        display: flex;
-        align-items: center;
-        justify-content: space-between;
-    }
-    .card h3 { font-size: 13px; font-weight: 600; }
-    .card .body { padding: 14px 16px; font-size: 12.5px; color: var(--text-secondary); }
-    .card table {
-        width: 100%;
-        border-collapse: collapse;
-    }
-    .card table th, .card table td {
-        padding: 7px 10px;
-        text-align: left;
-        font-size: 12px;
-        border-bottom: 1px solid var(--border-color);
-    }
-    .card table th { color: var(--text-muted); font-weight: 600; font-size: 11px; text-transform: uppercase; letter-spacing: 0.6px; }
-    .card table tr:last-child td { border-bottom: none; }
-    .card table td.mono { font-family: var(--font-mono); color: var(--text-primary); }
-    .card table td.num { font-family: var(--font-mono); color: var(--accent-orange); text-align: right; }
-
-    .grid-2 { display: grid; grid-template-columns: 1fr 1fr; gap: 16px; }
-
-    .pill {
-        display: inline-flex;
-        align-items: center;
-        gap: 4px;
-        padding: 2px 8px;
-        border-radius: 999px;
-        font-size: 10.5px;
-        font-weight: 600;
-    }
-    .pill.ok { background: rgba(158,206,106,0.12); color: var(--accent-green); }
-    .pill.warn { background: rgba(224,175,104,0.12); color: var(--accent-yellow); }
-    .pill.err { background: rgba(247,118,142,0.12); color: var(--accent-red); }
-
-    .bar { background: var(--bg-tertiary); border-radius: 4px; height: 8px; overflow: hidden; margin-top: 6px; }
-    .bar > span { display: block; height: 100%; background: var(--accent-yellow); border-radius: 4px; }
-
-    .meter {
-        display: flex;
-        gap: 18px;
-        align-items: center;
-        padding: 12px 16px;
-        background: var(--bg-tertiary);
-        border-radius: var(--radius-md);
-        margin-bottom: 14px;
-    }
-    .meter .value { font-size: 22px; font-weight: 700; color: var(--text-primary); }
-    .meter .label { color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.5px; }
-</style>
-</head>
-<body>
-<div class="app">
-
-    <div class="titlebar">
-        <div class="brand">
-            <div class="logo">C#</div>
-            <span>CSharpDB Studio</span>
-            <span class="dbname">— relational.db</span>
-        </div>
-        <button class="db-switcher"><i class="bi bi-database"></i> relational.db <i class="bi bi-caret-down-fill"></i></button>
-        <button class="palette-launcher"><i class="bi bi-search"></i> Search anything… <span class="kbd">Ctrl K</span></button>
-        <div class="spacer"></div>
-        <span class="conn-pill"><span class="dot"></span> Connected</span>
-    </div>
-
-    <div class="body">
-        <aside class="sidebar">
-            <div class="grp">▾ Tables · 24</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Customers</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Orders</div>
-            <div class="grp">▸ System</div>
-            <div class="grp" style="margin-top: 12px;">Admin</div>
-            <div class="it" style="background: rgba(122,162,247,0.1); color: var(--text-primary); border-left: 2px solid var(--accent-blue); padding-left: 4px;">
-                <i class="bi bi-hdd-stack icon-system"></i> Storage
-            </div>
-        </aside>
-
-        <div class="content" style="overflow: hidden;">
-            <div class="tabstrip">
-                <div class="tab"><i class="bi bi-grid-1x2 icon-table"></i> Dashboard</div>
-                <div class="tab active"><i class="bi bi-hdd-stack icon-system"></i> Storage <i class="bi bi-x"></i></div>
-                <button class="tab-new"><i class="bi bi-plus"></i></button>
-            </div>
-
-            <div class="heavy">
-                <!-- Vertical sub-nav -->
-                <aside class="rail">
-                    <div class="rail-head">Storage Inspector</div>
-
-                    <div class="rail-section">
-                        <div class="label">Overview</div>
-                        <div class="rail-item active">
-                            <i class="bi bi-speedometer2 ico"></i>
-                            <span>Summary</span>
-                        </div>
-                    </div>
-
-                    <div class="rail-section">
-                        <div class="label">Inspect</div>
-                        <div class="rail-item">
-                            <i class="bi bi-file-binary ico"></i>
-                            <span>Database header</span>
-                        </div>
-                        <div class="rail-item">
-                            <i class="bi bi-journal-text ico"></i>
-                            <span>WAL</span>
-                        </div>
-                        <div class="rail-item">
-                            <i class="bi bi-pie-chart ico"></i>
-                            <span>Space usage</span>
-                        </div>
-                        <div class="rail-item">
-                            <i class="bi bi-bar-chart-steps ico"></i>
-                            <span>Page histogram</span>
-                        </div>
-                        <div class="rail-item">
-                            <i class="bi bi-search ico"></i>
-                            <span>Page drill-down</span>
-                        </div>
-                    </div>
-
-                    <div class="rail-section">
-                        <div class="label">Health</div>
-                        <div class="rail-item">
-                            <i class="bi bi-shield-check ico"></i>
-                            <span>Index checks</span>
-                            <span class="badge ok">OK</span>
-                        </div>
-                        <div class="rail-item">
-                            <i class="bi bi-exclamation-triangle ico"></i>
-                            <span>Integrity issues</span>
-                            <span class="badge warn">3</span>
-                        </div>
-                        <div class="rail-item">
-                            <i class="bi bi-grid-3x2-gap ico"></i>
-                            <span>Fragmentation</span>
-                        </div>
-                    </div>
-
-                    <div class="rail-section">
-                        <div class="label">Maintenance</div>
-                        <div class="rail-item">
-                            <i class="bi bi-arrow-repeat ico"></i>
-                            <span>Reindex</span>
-                        </div>
-                        <div class="rail-item">
-                            <i class="bi bi-bounding-box-circles ico"></i>
-                            <span>Vacuum</span>
-                        </div>
-                        <div class="rail-item">
-                            <i class="bi bi-download ico"></i>
-                            <span>Backup &amp; Restore</span>
-                        </div>
-                        <div class="rail-item">
-                            <i class="bi bi-link-45deg ico"></i>
-                            <span>FK migration</span>
-                        </div>
-                    </div>
-                </aside>
-
-                <!-- Main pane: Summary -->
-                <div class="pane">
-                    <div class="crumb">Storage / Overview</div>
-                    <h1>Summary</h1>
-                    <p class="lede">An at-a-glance look at the database file. Pick a category from the rail on the left to drill into details.</p>
-
-                    <div class="pane-toolbar">
-                        <button class="btn"><i class="bi bi-arrow-clockwise"></i> Refresh</button>
-                        <button class="btn"><i class="bi bi-shield-check"></i> Run integrity check</button>
-                        <button class="btn"><i class="bi bi-download"></i> Backup now</button>
-                    </div>
-
-                    <div class="grid-2">
-                        <div class="card">
-                            <header><h3>File</h3><span class="pill ok">healthy</span></header>
-                            <div class="body">
-                                <div class="meter">
-                                    <div>
-                                        <div class="value">2.4 GB</div>
-                                        <div class="label">Database file</div>
-                                    </div>
-                                    <div style="margin-left:auto; text-align:right;">
-                                        <div class="value" style="font-size: 14px; color: var(--text-secondary);">68%</div>
-                                        <div class="label">of 3.5 GB cap</div>
-                                    </div>
-                                </div>
-                                <div class="bar"><span style="width: 68%"></span></div>
-                                <table style="margin-top: 14px;">
-                                    <tr><td>Page size</td><td class="num">4 KB</td></tr>
-                                    <tr><td>Physical pages</td><td class="num">614,400</td></tr>
-                                    <tr><td>Freelist pages</td><td class="num">12</td></tr>
-                                    <tr><td>WAL file</td><td class="num">128 MB</td></tr>
-                                </table>
-                            </div>
-                        </div>
-
-                        <div class="card">
-                            <header><h3>Health</h3><span class="pill warn">3 warnings</span></header>
-                            <div class="body">
-                                <table>
-                                    <tr><td>Index checks</td><td><span class="pill ok">all OK</span></td></tr>
-                                    <tr><td>Integrity issues</td><td><span class="pill warn">3 warnings</span></td></tr>
-                                    <tr><td>Last integrity check</td><td>2h ago</td></tr>
-                                    <tr><td>Open writer txns</td><td class="num">1</td></tr>
-                                </table>
-                            </div>
-                        </div>
-
-                        <div class="card">
-                            <header><h3>Recent maintenance</h3><span style="font-size:11px; color: var(--text-muted);">last 7 days</span></header>
-                            <div class="body">
-                                <table>
-                                    <tr><td>Last backup</td><td>16h ago · <span style="color:var(--text-primary);">customers.backup.db</span></td></tr>
-                                    <tr><td>Last vacuum</td><td>4d ago · 312 MB reclaimed</td></tr>
-                                    <tr><td>Last reindex</td><td>2d ago · 38 indexes</td></tr>
-                                    <tr><td>Last FK migration</td><td>—</td></tr>
-                                </table>
-                            </div>
-                        </div>
-
-                        <div class="card">
-                            <header><h3>Page type histogram</h3></header>
-                            <div class="body">
-                                <table>
-                                    <tr><td class="mono">btree-leaf</td><td class="num">412,099</td></tr>
-                                    <tr><td class="mono">btree-internal</td><td class="num">8,213</td></tr>
-                                    <tr><td class="mono">overflow</td><td class="num">194,076</td></tr>
-                                    <tr><td class="mono">freelist</td><td class="num">12</td></tr>
-                                </table>
-                            </div>
-                        </div>
-                    </div>
-
-                    <div class="card">
-                        <header>
-                            <h3>Top integrity issues</h3>
-                            <a href="#" style="font-size: 11px;">View all 3 →</a>
-                        </header>
-                        <table>
-                            <thead>
-                            <tr>
-                                <th style="width: 90px;">Severity</th>
-                                <th style="width: 160px;">Code</th>
-                                <th>Message</th>
-                                <th style="width: 70px; text-align:right;">Page</th>
-                            </tr>
-                            </thead>
-                            <tbody>
-                            <tr>
-                                <td><span class="pill warn">WARN</span></td>
-                                <td class="mono">WAL_TRAILING_BYTES</td>
-                                <td>WAL file has 24 trailing bytes after the last commit frame.</td>
-                                <td class="num">—</td>
-                            </tr>
-                            <tr>
-                                <td><span class="pill warn">WARN</span></td>
-                                <td class="mono">FREELIST_GAP</td>
-                                <td>Freelist contains a gap; consider running vacuum.</td>
-                                <td class="num">512</td>
-                            </tr>
-                            <tr>
-                                <td><span class="pill warn">WARN</span></td>
-                                <td class="mono">INDEX_FREE_SPACE_HIGH</td>
-                                <td>Index <code>ix_customers_email</code> has &gt;50% free space across leaf pages.</td>
-                                <td class="num">3,212</td>
-                            </tr>
-                            </tbody>
-                        </table>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-
-    <div class="statusbar">
-        <span class="pill ok"><span class="dot"></span> Connected</span>
-        <span class="pill"><i class="bi bi-database"></i> relational.db</span>
-        <span class="pill warn"><i class="bi bi-exclamation-triangle"></i> 3 storage warnings</span>
-        <div style="flex:1"></div>
-        <span class="pill warn"><i class="bi bi-hdd"></i> 2.4 GB / 3.5 GB</span>
-    </div>
-</div>
-
-<!-- Annotations -->
-<div class="notes">
-    <header><i class="bi bi-lightbulb"></i> The pattern: split heavy tabs into vertical sub-nav</header>
-    <ul>
-        <li><b style="color: var(--accent-green);">ALREADY EXISTS in StorageTab</b> — Database header, WAL, Space usage, Fragmentation, Maintenance (Reindex / Vacuum), Backup &amp; Restore, FK migration, Page-type histogram, Index checks, Integrity issues, Page drill-down. Each is a fully-featured section.</li>
-        <li><b style="color: var(--accent-red);">PROBLEM</b> — all eleven sections are <i>vertically stacked</i> in one long scroll. Users have to scroll past the file header every time they want to reach maintenance, and there's no overview of where to start.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Vertical sub-nav rail</b> on the left of the tab. Categories: Overview, Inspect, Health, Maintenance. Each item is one click away — no scrolling.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Summary screen</b> as the default view — surfaces the most useful facts (file size with cap, health pills, recent maintenance, top warnings) so a user landing on Storage gets value without picking a section.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Status badges in the rail</b> (e.g. "WARN 3" on Integrity issues) so users see what needs attention without opening every section.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">SAME PATTERN APPLIES TO</b>:</li>
-        <li style="padding-left: 24px;">— <b>Pipeline tab</b> — currently stacks Designer, Run Result, Stored Pipelines, Recent Runs vertically. Rail items: Designer / Run / Stored / History / Rejects.</li>
-        <li style="padding-left: 24px;">— <b>Procedure tab</b> — currently stacks Definition, Parameters, Execution. Rail items: Definition / Parameters / Run / Results.</li>
-        <li style="padding-left: 24px;">— <b>Schema view of Data tab</b> — currently stacks Columns, Alter Table, Indexes, Triggers. Could become sub-tabs as proposed in <a href="data-tab.html">data-tab.html</a>.</li>
-        <li><span class="pin"></span> <b>Implementation note:</b> the rail items are routes within a single tab; switching them does not open a new top-level tab. State (e.g. an unsaved JSON edit in Pipeline) is preserved across rail switches.</li>
-    </ul>
-</div>
-</body>
-</html>
diff --git a/www/admin-ui-mockups/index.html b/www/admin-ui-mockups/index.html
deleted file mode 100644
index 3dcc088f..00000000
--- a/www/admin-ui-mockups/index.html
+++ /dev/null
@@ -1,539 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>CSharpDB Admin — UI Improvement Mockups</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css">
-<link rel="stylesheet" href="styles.css">
-<style>
-    body { overflow: auto; }
-    .wrap { max-width: 1180px; margin: 0 auto; padding: 56px 32px 80px; }
-    h1 { font-size: 28px; font-weight: 700; margin-bottom: 6px; letter-spacing: -0.02em; }
-    .lede { color: var(--text-secondary); font-size: 14px; max-width: 760px; margin-bottom: 8px; }
-    .scope { color: var(--text-muted); font-size: 12px; margin-bottom: 36px; }
-    h2 { font-size: 13px; font-weight: 600; text-transform: uppercase; letter-spacing: 0.7px; color: var(--text-muted); margin: 36px 0 14px; }
-
-    .grid {
-        display: grid;
-        grid-template-columns: repeat(auto-fill, minmax(320px, 1fr));
-        gap: 16px;
-    }
-    .card {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        overflow: hidden;
-        display: flex;
-        flex-direction: column;
-        transition: border-color 120ms ease, transform 120ms ease;
-    }
-    .card:hover { border-color: var(--border-light); transform: translateY(-1px); }
-    .card-thumb {
-        height: 130px;
-        background: var(--bg-tertiary);
-        position: relative;
-        overflow: hidden;
-        border-bottom: 1px solid var(--border-color);
-    }
-    .card-thumb .glyph {
-        position: absolute;
-        font-size: 64px;
-        color: var(--accent-blue);
-        opacity: 0.25;
-        right: 16px;
-        bottom: -8px;
-    }
-    .card-thumb .preview {
-        position: absolute;
-        inset: 14px;
-        border-radius: 6px;
-        background: var(--bg-primary);
-        border: 1px solid var(--border-color);
-        padding: 8px;
-        font-size: 9px;
-        color: var(--text-muted);
-        font-family: var(--font-mono);
-        overflow: hidden;
-    }
-    .card-thumb .preview .row { display: block; padding: 1px 0; }
-    .card-thumb .preview .row.head { color: var(--accent-blue); font-weight: 700; }
-    .card-thumb .preview .row.dim { color: var(--text-muted); opacity: 0.5; }
-
-    .card-body { padding: 14px 16px; flex: 1; display: flex; flex-direction: column; }
-    .card h3 { font-size: 14px; font-weight: 600; margin-bottom: 4px; }
-    .card p { font-size: 12px; color: var(--text-secondary); flex: 1; }
-    .card-footer {
-        padding: 10px 16px;
-        border-top: 1px solid var(--border-color);
-        display: flex;
-        justify-content: space-between;
-        align-items: center;
-        font-size: 11px;
-    }
-    .badge {
-        font-size: 10px;
-        padding: 2px 7px;
-        border-radius: 999px;
-        background: rgba(122,162,247,0.12);
-        color: var(--accent-blue);
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-        font-weight: 600;
-    }
-    .badge.green { background: rgba(158,206,106,0.12); color: var(--accent-green); }
-    .badge.yellow { background: rgba(224,175,104,0.12); color: var(--accent-yellow); }
-    .badge.magenta { background: rgba(187,154,247,0.12); color: var(--accent-magenta); }
-    .badge.red { background: rgba(247,118,142,0.12); color: var(--accent-red); }
-
-    .summary {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        padding: 18px 22px;
-        margin-bottom: 8px;
-    }
-    .summary ul { list-style: none; }
-    .summary li { padding: 6px 0; color: var(--text-secondary); font-size: 13px; display: flex; gap: 10px; }
-    .summary li::before { content: "→"; color: var(--accent-blue); flex-shrink: 0; }
-    .summary li b { color: var(--text-primary); font-weight: 600; }
-
-    .legend {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        padding: 14px 18px;
-        margin-bottom: 26px;
-        display: flex;
-        gap: 20px;
-        font-size: 12px;
-        color: var(--text-secondary);
-        flex-wrap: wrap;
-    }
-    .legend .item { display: inline-flex; align-items: center; gap: 8px; }
-    .legend .swatch {
-        display: inline-block;
-        padding: 2px 8px;
-        border-radius: 4px;
-        font-size: 10px;
-        font-weight: 700;
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-    }
-    .legend .new { background: rgba(122,162,247,0.12); color: var(--accent-blue); }
-    .legend .restyle { background: rgba(187,154,247,0.12); color: var(--accent-magenta); }
-    .legend .exists { background: rgba(158,206,106,0.12); color: var(--accent-green); }
-    .legend .gap { background: rgba(247,118,142,0.12); color: var(--accent-red); }
-
-    table.delta {
-        width: 100%;
-        border-collapse: collapse;
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        overflow: hidden;
-        font-size: 12.5px;
-    }
-    table.delta th, table.delta td {
-        padding: 10px 14px;
-        text-align: left;
-        border-bottom: 1px solid var(--border-color);
-        vertical-align: top;
-    }
-    table.delta th {
-        background: var(--bg-tertiary);
-        color: var(--text-secondary);
-        font-weight: 600;
-        font-size: 11px;
-        text-transform: uppercase;
-        letter-spacing: 0.6px;
-    }
-    table.delta tr:last-child td { border-bottom: none; }
-    table.delta td.area { font-weight: 600; color: var(--text-primary); white-space: nowrap; }
-
-    .tag {
-        display: inline-block;
-        padding: 1px 7px;
-        border-radius: 4px;
-        font-size: 10px;
-        font-weight: 600;
-        margin-right: 4px;
-    }
-    .tag.new { background: rgba(122,162,247,0.12); color: var(--accent-blue); }
-    .tag.restyle { background: rgba(187,154,247,0.12); color: var(--accent-magenta); }
-    .tag.exists { background: rgba(158,206,106,0.12); color: var(--accent-green); }
-    .tag.gap { background: rgba(247,118,142,0.12); color: var(--accent-red); }
-</style>
-</head>
-<body>
-<div class="wrap">
-    <h1>CSharpDB Admin · UI Improvement Mockups</h1>
-    <p class="lede">Static HTML previews of proposed enhancements to the Blazor Server admin
-        (<code>src/CSharpDB.Admin</code>). Nothing here is wired to the live app — these are visual
-        proposals for discussion, now reconciled against the actual current screens.</p>
-    <p class="scope">Open each file directly in a browser to see the mocked screen with annotations.</p>
-
-    <div class="legend">
-        <div class="item"><span class="swatch new">NEW</span> Capability that doesn't exist today</div>
-        <div class="item"><span class="swatch restyle">RESTYLE</span> Existing feature, reorganized or visually refreshed</div>
-        <div class="item"><span class="swatch exists">EXISTS</span> Already in the live admin (don't propose as new)</div>
-        <div class="item"><span class="swatch gap">GAP</span> Missing today, this mockup adds it</div>
-    </div>
-
-    <h2>The big ideas at a glance</h2>
-    <div class="summary">
-        <ul>
-            <li><b>Replace the sparse Welcome tab</b> with a real database dashboard: stat cards, top tables with sparklines, recent activity feed, pinned objects, quick actions, and a consolidated health panel.</li>
-            <li><b>Add a command palette</b> (Ctrl+K) — there is no global search today; users must navigate the sidebar tree or right-click for actions.</li>
-            <li><b>Sidebar gains Pinned + Recent + drill-down</b> under each table. The existing search/filter and right-click context menus stay; pin star and per-group "+" become discoverable.</li>
-            <li><b>Data tab refresh</b> is mostly visual — most "features" I first proposed (per-column filters, sortable headers, type badges, pagination, inline edit, row selection, save/discard) <i>already exist</i>. The genuine adds are: breadcrumb header, filter summary chips, schema sub-tabs, export/import, bulk-edit / copy-as-INSERT, status-bar table facts.</li>
-            <li><b>Query tab gains result sub-tabs</b> (Results / Plan / Messages / Stats), an Explain Plan button, a Cancel button, and a query-history rail. Run / Format / Save / Designer mode / autocomplete / completions popup all already exist.</li>
-            <li><b>Heavy tabs (Storage / Pipeline / Procedure)</b> currently stack 4–11 sections in one long scroll. Replace with a vertical sub-nav rail and a Summary screen so users land on something useful.</li>
-            <li><b>Forms reflow on mobile</b> via a new Elastic layout mode in <code>CSharpDB.Admin.Forms</code> — today every control is absolute-positioned in pixels, so phone users get horizontal scroll. Schema already has <code>Breakpoints</code> and <code>RendererHints</code>; the runtime just doesn't use them.</li>
-            <li><b>Reports get a Reader view</b> in <code>CSharpDB.Admin.Reports</code> — paper layout stays untouched (it's supposed to look like paper, and Print/PDF need it), but a derived Reader view turns bands into sections and repeated detail rows into cards. Phone defaults to Reader.</li>
-            <li><b>Report designer surfaces the Reader view</b> via a Paper / Reader / Split toolbar toggle, a live phone-sized preview pane, a Reader-hint subsection in the Selection inspector, an "Auto-derive all hints" action, and a Reader-lint panel — so the runtime view never drifts from designer intent.</li>
-            <li><b>Title bar gains a database switcher</b> (recent databases dropdown) and a search-style command-palette launcher. Today there's just an "Open Database" button that opens a path prompt.</li>
-        </ul>
-    </div>
-
-    <h2>Mockups</h2>
-    <div class="grid">
-
-        <a class="card" href="dashboard.html">
-            <div class="card-thumb">
-                <div class="preview">
-                    <span class="row head">DASHBOARD · relational.db</span>
-                    <span class="row">┌─ Tables ──┬─ Views ──┬─ Procs ──┐</span>
-                    <span class="row">│   24      │    6     │    11    │</span>
-                    <span class="row">└───────────┴──────────┴──────────┘</span>
-                    <span class="row dim">Top tables  ▮▮▮▮▮▮▮▮ Customers</span>
-                    <span class="row dim">            ▮▮▮▮▮▮   Orders</span>
-                    <span class="row dim">            ▮▮▮▮     Invoices</span>
-                </div>
-                <i class="bi bi-grid-1x2 glyph"></i>
-            </div>
-            <div class="card-body">
-                <h3>Database Dashboard</h3>
-                <p>Replaces the sparse Welcome tab. Stats, top tables with sparklines, recent activity, pinned objects, quick actions, health panel. Mostly net-new content.</p>
-            </div>
-            <div class="card-footer">
-                <span class="badge">High impact · mostly new</span>
-                <span>Open mockup →</span>
-            </div>
-        </a>
-
-        <a class="card" href="command-palette.html">
-            <div class="card-thumb">
-                <div class="preview" style="display:flex; flex-direction:column; justify-content:center; padding: 18px;">
-                    <span class="row head" style="text-align:center;">⌘  Search anything</span>
-                    <span class="row dim" style="margin: 6px 0;">────────────────────────────</span>
-                    <span class="row">▶ Open table: Customers</span>
-                    <span class="row dim">  Run: Select Top 50</span>
-                    <span class="row dim">  New Form for Customers</span>
-                </div>
-                <i class="bi bi-command glyph"></i>
-            </div>
-            <div class="card-body">
-                <h3>Command Palette (Ctrl+K)</h3>
-                <p>One keystroke to fuzzy-find tables, forms, reports, procedures, or actions. There is no global search in the app today — this is purely additive.</p>
-            </div>
-            <div class="card-footer">
-                <span class="badge magenta">Fully new</span>
-                <span>Open mockup →</span>
-            </div>
-        </a>
-
-        <a class="card" href="sidebar.html">
-            <div class="card-thumb">
-                <div class="preview">
-                    <span class="row head">★ PINNED</span>
-                    <span class="row dim">  ▦ Customers   ▦ Orders</span>
-                    <span class="row head" style="margin-top:4px;">⏱ RECENT</span>
-                    <span class="row dim">  ▦ Invoices    ◫ Customer Form</span>
-                    <span class="row head" style="margin-top:4px;">▾ TABLES <span style="color:var(--text-muted)">24</span> +</span>
-                    <span class="row dim">  ▦ Customers</span>
-                    <span class="row dim">  ▦ Orders</span>
-                </div>
-                <i class="bi bi-list-nested glyph"></i>
-            </div>
-            <div class="card-body">
-                <h3>Improved Object Explorer</h3>
-                <p>Pinned + Recent sections, type filter chips, drill-down under tables (columns / indexes / triggers as nested rows). The base tree, search, and right-click menus already exist.</p>
-            </div>
-            <div class="card-footer">
-                <span class="badge green">High value · adds + restyle</span>
-                <span>Open mockup →</span>
-            </div>
-        </a>
-
-        <a class="card" href="data-tab.html">
-            <div class="card-thumb">
-                <div class="preview">
-                    <span class="row head">tables / Customers · 1,247 rows</span>
-                    <span class="row dim">[Data] Schema  Indexes  Triggers</span>
-                    <span class="row dim">▼ status = active   ▼ created &gt; 2026-01</span>
-                    <span class="row" style="color: var(--accent-blue);">  id │ name      │ email     │ status</span>
-                    <span class="row dim">───┼───────────┼───────────┼───────</span>
-                    <span class="row dim">  1│ A. Smith  │ as@e.com  │ active</span>
-                    <span class="row dim">  2│ B. Lee    │ bl@e.com  │ active</span>
-                </div>
-                <i class="bi bi-table glyph"></i>
-            </div>
-            <div class="card-body">
-                <h3>Data Tab refresh</h3>
-                <p>Most filter / sort / pagination / type-badge / inline-edit features <i>already exist</i>. Real adds: breadcrumb, filter chip summary, schema sub-tabs, export, bulk action bar.</p>
-            </div>
-            <div class="card-footer">
-                <span class="badge yellow">Mostly visual + gap-fill</span>
-                <span>Open mockup →</span>
-            </div>
-        </a>
-
-        <a class="card" href="query-tab.html">
-            <div class="card-thumb">
-                <div class="preview">
-                    <span class="row head">▶ Run · Format · Explain · SQL</span>
-                    <span class="row" style="color: var(--accent-magenta);">SELECT</span><span class="row"> c.id, c.name, COUNT(o.id)</span>
-                    <span class="row"><span style="color: var(--accent-magenta);">FROM</span> Customers c …</span>
-                    <span class="row dim">─────────────────────────────</span>
-                    <span class="row dim">[Results · 1247] Plan  Messages</span>
-                    <span class="row dim">  id │ name        │ orders</span>
-                    <span class="row dim">  1  │ Alice Smith │ 12</span>
-                </div>
-                <i class="bi bi-terminal glyph"></i>
-            </div>
-            <div class="card-body">
-                <h3>Query Tab refresh</h3>
-                <p>Result sub-tabs (Results / Plan / Messages / Stats), Explain &amp; Cancel buttons, query-history rail. Run / Format / Save / Designer / autocomplete already exist.</p>
-            </div>
-            <div class="card-footer">
-                <span class="badge">Adds + restyle</span>
-                <span>Open mockup →</span>
-            </div>
-        </a>
-
-        <a class="card" href="forms-mobile.html">
-            <div class="card-thumb">
-                <div class="preview" style="display:flex; gap:6px; padding:10px;">
-                    <div style="flex:1; border:1px solid var(--border-color); border-radius:3px; padding:4px; font-size:8px;">
-                        <span class="row head">DESKTOP</span>
-                        <span class="row dim">[ first ][ last ][ email     ]</span>
-                        <span class="row dim">[ status ][ tier ][ created  ]</span>
-                        <span class="row dim">[ notes ────────────────────  ]</span>
-                    </div>
-                    <div style="width:60px; border:1px solid var(--border-color); border-radius:8px; padding:4px; font-size:8px;">
-                        <span class="row head" style="text-align:center;">📱</span>
-                        <span class="row dim">[first ]</span>
-                        <span class="row dim">[last  ]</span>
-                        <span class="row dim">[email ]</span>
-                        <span class="row dim">[status]</span>
-                        <span class="row dim">[ Save ]</span>
-                    </div>
-                </div>
-                <i class="bi bi-phone glyph"></i>
-            </div>
-            <div class="card-body">
-                <h3>Elastic Forms (mobile-friendly)</h3>
-                <p>Forms render with absolute pixel coords today and don't reflow on phones. Add an Elastic layout mode + auto-stack so the same form works on desktop, tablet, and mobile — schema is already responsive-ready.</p>
-            </div>
-            <div class="card-footer">
-                <span class="badge magenta">Mobile · forms project</span>
-                <span>Open mockup →</span>
-            </div>
-        </a>
-
-        <a class="card" href="reports-mobile.html">
-            <div class="card-thumb">
-                <div class="preview" style="display:flex; gap:6px; padding:10px;">
-                    <div style="flex:1; border:1px solid var(--border-color); border-radius:3px; padding:4px; font-size:8px; background:#fff; color:#222;">
-                        <span class="row" style="color:#000; font-weight:700;">PAPER · Letter</span>
-                        <span class="row" style="color:#444;">ID │ Cust │ Orders │ Total</span>
-                        <span class="row" style="color:#444;">━━━━━━━━━━━━━━━━━━━━━━</span>
-                        <span class="row" style="color:#444;">1  │ A.S. │ 12     │ 4,950</span>
-                        <span class="row" style="color:#444;">4  │ D.S. │ 7      │ 2,723</span>
-                    </div>
-                    <div style="width:60px; border:1px solid var(--border-color); border-radius:8px; padding:4px; font-size:8px;">
-                        <span class="row head" style="text-align:center;">📱 Reader</span>
-                        <span class="row dim">▾ Tier·Gold</span>
-                        <span class="row dim">▦ Alice S.</span>
-                        <span class="row dim">  12 · $4,950</span>
-                        <span class="row dim">▦ David S.</span>
-                    </div>
-                </div>
-                <i class="bi bi-file-earmark-richtext glyph"></i>
-            </div>
-            <div class="card-body">
-                <h3>Mobile-friendly Reports (Reader view)</h3>
-                <p>Reports are paper-shaped and shouldn't reflow. Add a derived Reader view: bands → sections, repeated rows → cards, group footers → summary lines. Phone defaults to Reader; Print &amp; PDF stay on Paper.</p>
-            </div>
-            <div class="card-footer">
-                <span class="badge magenta">Mobile · reports project</span>
-                <span>Open mockup →</span>
-            </div>
-        </a>
-
-        <a class="card" href="reports-designer.html">
-            <div class="card-thumb">
-                <div class="preview" style="display:flex; gap:4px; padding:8px; font-size:7px;">
-                    <div style="width:30px; border:1px solid var(--border-color); border-radius:2px; padding:3px;">
-                        <span class="row dim">Tools</span>
-                        <span class="row dim">▦</span>
-                        <span class="row dim">T</span>
-                    </div>
-                    <div style="flex:1; border:1px solid var(--border-color); border-radius:2px; padding:3px; background:#fff; color:#222;">
-                        <span class="row" style="color:#000; font-weight:700;">Detail band</span>
-                        <span class="row" style="color:#444;">{id} {name} {total}</span>
-                        <span class="row" style="color:var(--accent-blue);">    [title][field]</span>
-                    </div>
-                    <div style="width:50px; border:1px solid var(--accent-blue); border-radius:5px; padding:3px;">
-                        <span class="row head" style="font-size:6px;">📱 Reader</span>
-                        <span class="row dim">▦ Alice</span>
-                        <span class="row dim">$4,950</span>
-                    </div>
-                </div>
-                <i class="bi bi-layout-split glyph"></i>
-            </div>
-            <div class="card-body">
-                <h3>Report Designer · Reader-view support</h3>
-                <p>Paper / Reader / Split toggle in the toolbar, live phone preview alongside the paper canvas, Reader-hint subsection in the Selection inspector, and a one-click "Auto-derive all hints" + lint panel.</p>
-            </div>
-            <div class="card-footer">
-                <span class="badge magenta">Designer · reports project</span>
-                <span>Open mockup →</span>
-            </div>
-        </a>
-
-        <a class="card" href="heavy-tab.html">
-            <div class="card-thumb">
-                <div class="preview">
-                    <span class="row head">▾ Storage</span>
-                    <span class="row" style="color: var(--accent-blue);">► Summary</span>
-                    <span class="row dim">  Database header</span>
-                    <span class="row dim">  WAL</span>
-                    <span class="row dim">  Space usage</span>
-                    <span class="row dim">  Integrity issues  ⚠ 3</span>
-                    <span class="row dim">  Vacuum / Reindex</span>
-                    <span class="row dim">  Backup &amp; Restore</span>
-                </div>
-                <i class="bi bi-hdd-stack glyph"></i>
-            </div>
-            <div class="card-body">
-                <h3>Heavy tabs → vertical sub-nav</h3>
-                <p>Storage, Pipeline, and Procedure tabs each stack 4–11 long sections. Add a left rail with a Summary screen so users land on something useful and can jump without scrolling.</p>
-            </div>
-            <div class="card-footer">
-                <span class="badge green">Pattern fix · cross-cutting</span>
-                <span>Open mockup →</span>
-            </div>
-        </a>
-
-    </div>
-
-    <h2>Reality check: what's actually in the live admin today</h2>
-    <p class="lede" style="margin-bottom: 14px;">After reading the actual tab components, the picture is more mature than my first pass assumed. Here's the delta per area.</p>
-
-    <table class="delta">
-        <thead>
-        <tr>
-            <th style="width:18%;">Area</th>
-            <th style="width:42%;">Already exists in the live admin</th>
-            <th style="width:40%;">Genuinely missing / proposed here</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr>
-            <td class="area">Welcome / first-run</td>
-            <td>App icon, name, four shortcut hints, table-card grid with optional row counts.</td>
-            <td><span class="tag new">NEW</span> Stat cards, top tables with sparklines, recent activity, pinned grid, quick actions, health panel.</td>
-        </tr>
-        <tr>
-            <td class="area">Object Explorer</td>
-            <td>Tree of Tables / Forms / Reports / System Catalog / Views / Indexes / Triggers / Procedures with counts; text filter; right-click menus on every kind; collapse-all; resize handle; active-tab highlighting.</td>
-            <td>
-                <span class="tag new">NEW</span> Pinned &amp; Recent sections, type filter chips, drill-down under each table (columns / indexes / triggers nested), match highlighting in filter results.<br>
-                <span class="tag restyle">RESTYLE</span> per-item star + ⋯, per-group "+" on hover.
-            </td>
-        </tr>
-        <tr>
-            <td class="area">Data tab</td>
-            <td>Data ↔ Schema view switcher, Add Row / Delete (with count) / Save / Discard / Refresh, per-column filter row with Contains/StartsWith/EndsWith/Exact, sort indicators, type badges, PK badges, pagination, inline edit, row selection, NULL/BLOB rendering, modified-cell styling, right-click context menu.</td>
-            <td>
-                <span class="tag new">NEW</span> Breadcrumb header, filter summary chips, schema sub-tabs, export/import, bulk-edit + copy-as-INSERT, status-bar table facts.<br>
-                <span class="tag restyle">RESTYLE</span> column type icons (vs text badges), enum status pills, value-type cell coloring.
-            </td>
-        </tr>
-        <tr>
-            <td class="area">Query tab</td>
-            <td>Run / Analyze / Clear / Format / Save buttons, saved-query dropdown, Stats shortcuts, SQL ↔ Designer mode toggle, resizable editor with persisted height, line numbers, syntax highlighting, autocomplete popup with arrow-key nav, Ctrl+Enter, EXEC procedure parsing with named args.</td>
-            <td><span class="tag new">NEW</span> Result sub-tabs (Results / Plan / Messages / Stats), Explain Plan button, Cancel button, query-history rail per-tab and global.</td>
-        </tr>
-        <tr>
-            <td class="area">Storage tab</td>
-            <td>11 stacked sections: DB header, WAL, Space usage, Fragmentation, Maintenance (Reindex / Vacuum), Backup / Restore, FK migration, Page-type histogram, Index checks, Integrity issues, Page drill-down. Refresh, hex dump toggle.</td>
-            <td><span class="tag new">NEW</span> Vertical sub-nav rail, default Summary screen, status badges in nav, recent-maintenance recap.</td>
-        </tr>
-        <tr>
-            <td class="area">Pipeline tab</td>
-            <td>Visual designer + JSON mode, Validate / Dry Run / Run / Save / Reset, stored pipelines list with revisions, recent runs with metrics, run inspector with rejects, resume.</td>
-            <td><span class="tag new">NEW</span> Sub-nav rail to navigate Designer / Run Result / Stored / History / Rejects without scrolling. (Same pattern as Storage.)</td>
-        </tr>
-        <tr>
-            <td class="area">Procedure tab</td>
-            <td>Definition (name / desc / enabled / body SQL), parameters table (name/type/required/default/desc), execution panel with args JSON, per-statement results.</td>
-            <td><span class="tag new">NEW</span> Sub-nav rail or sub-tabs for Definition / Parameters / Run / Results so the body editor isn't competing with the args panel.</td>
-        </tr>
-        <tr>
-            <td class="area">Forms (Admin.Forms)</td>
-            <td>Visual form designer with grid + snap, toolbox, layers panel, property inspector, child tabs, validation overrides, default form generation from a table schema, undo/redo, navigation, print, child datagrids. Schema model already has <code>LayoutDefinition.Breakpoints</code> and <code>ControlDefinition.RendererHints</code>; <code>DesignerState</code> already exposes <code>IsVisibleAtBreakpoint</code> and <code>GetEffectiveRect</code>.</td>
-            <td>
-                <span class="tag new">NEW</span> <code>LayoutMode = Elastic</code> on <code>LayoutDefinition</code>; runtime <code>FormRenderer</code> that emits CSS Grid spans (instead of <code>position: absolute</code> in pixels) and picks a breakpoint based on viewport.<br>
-                <span class="tag new">NEW</span> Designer toolbar gains Layout-mode + Device-preview segmented controls; property inspector gains per-breakpoint span / hidden flags; "controls overflow at this breakpoint" lint pill.<br>
-                <span class="tag new">NEW</span> Auto-elastic fallback for legacy forms — synthesize a 12-col span from the existing <code>Rect.Width / canvasWidth</code> so old forms get a usable mobile view without a redesign.
-            </td>
-        </tr>
-        <tr>
-            <td class="area">Reports (Admin.Reports)</td>
-            <td>Visual report designer with bands (ReportHeader / PageHeader / GroupHeader / Detail / GroupFooter / PageFooter / ReportFooter); Label / BoundText / CalculatedText / Line / Box controls; pixel-positioned within bands; preview pagination at fixed Letter 816 × 1056 px page; <code>overflow-x: auto</code> on the page surface; print stylesheet that hides toolbar; Export PDF; default report generation from a source schema; <code>RendererHints</code> on <code>ReportDefinition</code> and a <code>PropertyBag</code> on each control already available for extension.</td>
-            <td>
-                <span class="tag new">NEW</span> Reader view — derived from the same <code>ReportPreviewResult</code>; bands become collapsible sections, repeated Detail rows become cards, GroupFooter becomes a summary row. Auto-pick on phones; user toggle persists per report.<br>
-                <span class="tag new">NEW</span> Per-control reader hints in <code>Props["readerHint"]</code> (role: title / subtitle / field / hidden, custom label, showOnPhone). No schema migration.<br>
-                <span class="tag new">NEW</span> Paper-view zoom controls (Fit-width / 100% / 150% / 200%) and a sticky page pager so Paper is still tolerable on a phone when the user explicitly wants it.<br>
-                <span class="tag exists">EXISTS</span> Print and Export PDF continue to use Paper unchanged.
-            </td>
-        </tr>
-        <tr>
-            <td class="area">Reports designer</td>
-            <td>3-column layout: Toolbox (Pointer / Label / BoundText / Calculated / Line / Box) + Groups + Sorts on the left; per-band paper canvas with absolute pixel positions and pointer drag-resize in the center; Page Settings (Paper / Orientation / 4 margins) + Selection inspector (X/Y/W/H, type-specific props, Bring/Send/Delete) on the right. Pointer-driven; no touch affordances.</td>
-            <td>
-                <span class="tag new">NEW</span> Toolbar Paper / Reader / Split view toggle + Reader-device toggle (Tablet / Phone). Split mode shows the live Reader projection beside the paper canvas.<br>
-                <span class="tag new">NEW</span> Selection inspector grows a Reader-view subsection (Role: title / subtitle / field / hidden, custom label, "show on phone", quick-action buttons). Stored in <code>Props["readerHint"]</code> — no schema migration.<br>
-                <span class="tag new">NEW</span> Tiny role badges on canvas controls show what the Reader pickup will be.<br>
-                <span class="tag new">NEW</span> "Auto-derive all hints" action seeds hints from inference rules; Reader-lint panel surfaces issues with one-click fixes.<br>
-                <span class="tag exists">DELIBERATE NON-GOAL</span> The designer chrome itself stays desktop-only — the 3-column pointer-driven UI is right for building paper reports; only the Reader <i>preview</i> goes mobile-sized.
-            </td>
-        </tr>
-        <tr>
-            <td class="area">Title / status bars</td>
-            <td>Logo + db name, Open Database (path prompt), New Query / Table / Form / Procedure / Pipeline / Storage buttons, theme toggle, sidebar toggle, keyboard-shortcuts modal. Status bar shows connection, db path, table/view/proc counts.</td>
-            <td><span class="tag new">NEW</span> Database switcher dropdown with recent databases, command-palette launcher, status-bar storage pressure / background-job ticker / notification counter.</td>
-        </tr>
-        <tr>
-            <td class="area">Modals / toasts</td>
-            <td>Confirm modal with danger styling, prompt modal, toast container with success / warning / error, context menu with separators and danger items.</td>
-            <td><span class="tag new">NEW</span> Side drawers for non-blocking edits (e.g. column properties); rolling notification log accessible from the status bar.</td>
-        </tr>
-        </tbody>
-    </table>
-
-    <h2>Smaller wins worth doing</h2>
-    <div class="summary">
-        <ul>
-            <li><b>Tab strip</b>: dirty-dot indicator (already mocked), middle-click to close, overflow dropdown when there are too many tabs.</li>
-            <li><b>Density toggle</b> (Compact / Comfortable) so the same screens work on a 13" laptop and a 27" monitor.</li>
-            <li><b>Empty states with calls-to-action</b> — every empty list should suggest the next step ("No saved queries yet — press Ctrl+S in any query tab").</li>
-            <li><b>Inline help</b>: a "?" button per tab that opens a side-panel cheat-sheet for the active tab, instead of a single global keyboard-shortcut modal.</li>
-            <li><b>Toast → inbox</b>: keep a rolling notification log accessible from the status bar so users can re-read what happened.</li>
-        </ul>
-    </div>
-</div>
-</body>
-</html>
diff --git a/www/admin-ui-mockups/query-tab.html b/www/admin-ui-mockups/query-tab.html
deleted file mode 100644
index c1b19b4d..00000000
--- a/www/admin-ui-mockups/query-tab.html
+++ /dev/null
@@ -1,602 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>Query Tab — CSharpDB Studio Mockup</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css">
-<link rel="stylesheet" href="styles.css">
-<style>
-    .sidebar { padding: 10px; font-size: 12px; color: var(--text-secondary); }
-    .sidebar .grp { color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.6px; padding: 8px 6px 4px; }
-    .sidebar .it { padding: 4px 6px; display: flex; align-items: center; gap: 6px; border-radius: 4px; cursor: pointer; }
-    .sidebar .it:hover { background: var(--bg-hover); color: var(--text-primary); }
-
-    .qt {
-        display: flex;
-        flex-direction: column;
-        height: 100%;
-    }
-
-    /* Top toolbar (mirrors current QueryTab toolbar) */
-    .qt-toolbar {
-        display: flex;
-        align-items: center;
-        gap: 6px;
-        padding: 8px 14px;
-        background: var(--bg-secondary);
-        border-bottom: 1px solid var(--border-color);
-        flex-shrink: 0;
-    }
-    .tb {
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-        padding: 5px 11px;
-        background: transparent;
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-sm);
-        color: var(--text-secondary);
-        font-size: 12px;
-        cursor: pointer;
-    }
-    .tb:hover { background: var(--bg-hover); color: var(--text-primary); }
-    .tb.primary { background: var(--accent-blue); color: #0a0b13; border-color: var(--accent-blue); font-weight: 600; }
-    .tb.danger { color: var(--accent-red); }
-    .sep { width: 1px; height: 18px; background: var(--border-color); margin: 0 4px; }
-    .qt-mode {
-        display: flex;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-sm);
-        overflow: hidden;
-    }
-    .qt-mode button {
-        background: transparent;
-        border: none;
-        color: var(--text-muted);
-        font-size: 11px;
-        padding: 5px 11px;
-        cursor: pointer;
-    }
-    .qt-mode button.active { color: var(--accent-blue); background: var(--bg-active); font-weight: 600; }
-
-    .qt-info {
-        margin-left: auto;
-        font-size: 11px;
-        color: var(--text-muted);
-        display: flex;
-        align-items: center;
-        gap: 8px;
-    }
-    .qt-info b { color: var(--text-primary); font-weight: 600; }
-
-    /* Saved queries / stats secondary bar (already exists in app, mocked for context) */
-    .secondary-bar {
-        display: flex;
-        align-items: center;
-        gap: 6px;
-        padding: 6px 14px;
-        background: var(--bg-primary);
-        border-bottom: 1px solid var(--border-color);
-        font-size: 11px;
-        color: var(--text-muted);
-        flex-wrap: wrap;
-    }
-    .secondary-bar .label {
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-        font-weight: 600;
-        color: var(--text-secondary);
-        margin-right: 4px;
-    }
-    .secondary-bar input[type=text], .secondary-bar select {
-        padding: 3px 8px;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: 4px;
-        color: var(--text-primary);
-        font-size: 11px;
-        font-family: var(--font-ui);
-    }
-    .secondary-bar input[type=text] { width: 160px; }
-    .secondary-bar select { width: 200px; }
-
-    /* Workspace: editor on top, results panel on bottom; right rail with history */
-    .workspace {
-        flex: 1;
-        display: grid;
-        grid-template-columns: 1fr 280px;
-        min-height: 0;
-    }
-
-    .work-main {
-        display: flex;
-        flex-direction: column;
-        min-height: 0;
-    }
-
-    /* SQL editor block (mocked) */
-    .editor {
-        flex: 0 0 220px;
-        display: flex;
-        background: var(--bg-primary);
-        border-bottom: 1px solid var(--border-color);
-        font-family: var(--font-mono);
-        font-size: 12px;
-        line-height: 1.6;
-        overflow: hidden;
-        position: relative;
-    }
-    .editor .gutter {
-        background: var(--bg-tertiary);
-        border-right: 1px solid var(--border-color);
-        color: var(--text-muted);
-        padding: 10px 8px;
-        text-align: right;
-        user-select: none;
-        min-width: 36px;
-    }
-    .editor .gutter span { display: block; }
-    .editor pre {
-        flex: 1;
-        padding: 10px 14px;
-        white-space: pre-wrap;
-        word-wrap: break-word;
-        margin: 0;
-    }
-    .kw { color: var(--accent-magenta); }
-    .fn { color: var(--accent-cyan); }
-    .str { color: var(--accent-green); }
-    .num { color: var(--accent-orange); }
-    .com { color: var(--text-muted); font-style: italic; }
-    .op { color: var(--accent-yellow); }
-
-    /* Resize handle */
-    .splitter {
-        height: 6px;
-        background: var(--bg-secondary);
-        cursor: row-resize;
-        border-bottom: 1px solid var(--border-color);
-        display: flex;
-        justify-content: center;
-        align-items: center;
-        flex-shrink: 0;
-    }
-    .splitter::after {
-        content: "";
-        width: 32px; height: 3px;
-        background: var(--border-light);
-        border-radius: 2px;
-    }
-
-    /* Result panel with tab strip */
-    .results {
-        flex: 1;
-        display: flex;
-        flex-direction: column;
-        min-height: 0;
-        background: var(--bg-primary);
-    }
-    .res-tabs {
-        display: flex;
-        background: var(--bg-secondary);
-        border-bottom: 1px solid var(--border-color);
-        flex-shrink: 0;
-    }
-    .res-tab {
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-        padding: 8px 14px;
-        font-size: 11.5px;
-        color: var(--text-muted);
-        border-right: 1px solid var(--border-color);
-        border-top: 2px solid transparent;
-        cursor: pointer;
-        background: transparent;
-        border-bottom: none;
-        border-left: none;
-    }
-    .res-tab:hover { color: var(--text-primary); background: var(--bg-hover); }
-    .res-tab.active {
-        color: var(--text-primary);
-        background: var(--bg-primary);
-        border-top-color: var(--accent-blue);
-    }
-    .res-tab .badge {
-        font-size: 9px;
-        padding: 1px 5px;
-        border-radius: 999px;
-        background: rgba(122,162,247,0.15);
-        color: var(--accent-blue);
-    }
-    .res-tab.active .badge { background: rgba(122,162,247,0.25); }
-    .res-tabs-meta {
-        margin-left: auto;
-        display: flex;
-        align-items: center;
-        gap: 12px;
-        padding: 0 14px;
-        font-size: 11px;
-        color: var(--text-muted);
-    }
-    .res-tabs-meta b { color: var(--text-primary); font-variant-numeric: tabular-nums; }
-    .res-tabs-meta button {
-        background: transparent;
-        border: none;
-        color: var(--text-muted);
-        cursor: pointer;
-        font-size: 14px;
-    }
-    .res-tabs-meta button:hover { color: var(--text-primary); }
-
-    /* Result body */
-    .res-body {
-        flex: 1;
-        overflow: auto;
-        position: relative;
-    }
-    table.grid {
-        width: 100%;
-        border-collapse: collapse;
-        font-size: 12px;
-        font-family: var(--font-mono);
-    }
-    table.grid thead th {
-        position: sticky;
-        top: 0;
-        background: var(--bg-secondary);
-        border-bottom: 1px solid var(--border-color);
-        padding: 7px 10px;
-        text-align: left;
-        color: var(--text-secondary);
-        font-family: var(--font-ui);
-        font-weight: 600;
-        font-size: 11px;
-        white-space: nowrap;
-    }
-    table.grid tbody td {
-        padding: 6px 10px;
-        border-bottom: 1px solid var(--border-color);
-        white-space: nowrap;
-        color: var(--text-primary);
-    }
-    table.grid tbody tr:hover td { background: var(--bg-hover); }
-    table.grid td.id { color: var(--accent-blue); font-weight: 600; }
-    table.grid td.num { color: var(--accent-orange); text-align: right; }
-    table.grid td.dt { color: var(--accent-yellow); }
-
-    /* Plan view (placeholder when "Plan" tab is active — but we show Results active) */
-    .messages {
-        padding: 14px;
-        font-family: var(--font-mono);
-        font-size: 12px;
-        color: var(--text-secondary);
-    }
-    .messages .ok { color: var(--accent-green); }
-
-    /* Right rail: history */
-    .rail {
-        background: var(--bg-secondary);
-        border-left: 1px solid var(--border-color);
-        display: flex;
-        flex-direction: column;
-        min-height: 0;
-    }
-    .rail-head {
-        padding: 10px 14px;
-        font-size: 11px;
-        font-weight: 600;
-        text-transform: uppercase;
-        letter-spacing: 0.7px;
-        color: var(--text-muted);
-        border-bottom: 1px solid var(--border-color);
-        display: flex;
-        align-items: center;
-        justify-content: space-between;
-    }
-    .rail-tabs {
-        display: flex;
-        gap: 4px;
-        padding: 8px 12px;
-        border-bottom: 1px solid var(--border-color);
-    }
-    .rail-tab {
-        padding: 3px 9px;
-        font-size: 10.5px;
-        border-radius: 999px;
-        color: var(--text-muted);
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        cursor: pointer;
-    }
-    .rail-tab.active {
-        color: var(--accent-blue);
-        background: rgba(122,162,247,0.12);
-        border-color: transparent;
-        font-weight: 600;
-    }
-
-    .hist-list { flex: 1; overflow-y: auto; padding: 4px 0; }
-
-    .hist-item {
-        padding: 9px 12px 9px 14px;
-        border-bottom: 1px solid var(--border-color);
-        cursor: pointer;
-        font-size: 11.5px;
-    }
-    .hist-item:hover { background: var(--bg-hover); }
-    .hist-item .meta {
-        display: flex;
-        justify-content: space-between;
-        font-size: 10px;
-        color: var(--text-muted);
-        margin-bottom: 4px;
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-    }
-    .hist-item .meta .ok { color: var(--accent-green); }
-    .hist-item .meta .err { color: var(--accent-red); }
-    .hist-item .sql {
-        font-family: var(--font-mono);
-        color: var(--text-secondary);
-        white-space: nowrap;
-        overflow: hidden;
-        text-overflow: ellipsis;
-        font-size: 11px;
-    }
-    .hist-item .sql .kw { color: var(--accent-magenta); }
-    .hist-item .actions {
-        display: none;
-        gap: 6px;
-        margin-top: 6px;
-    }
-    .hist-item:hover .actions { display: flex; }
-    .hist-action {
-        font-size: 10px;
-        padding: 2px 7px;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: 4px;
-        color: var(--text-secondary);
-        cursor: pointer;
-    }
-    .hist-action:hover { color: var(--text-primary); border-color: var(--border-light); }
-
-    /* Plan / Messages tab examples kept off-screen but visible if user wants - use details for clarity */
-
-    /* Highlight a "completion popup" in editor for visual interest */
-    .completion {
-        position: absolute;
-        left: 220px;
-        top: 92px;
-        background: var(--bg-elevated);
-        border: 1px solid var(--border-light);
-        border-radius: 6px;
-        box-shadow: var(--shadow-popup);
-        padding: 4px 0;
-        min-width: 220px;
-        z-index: 5;
-    }
-    .completion .ci {
-        display: flex;
-        justify-content: space-between;
-        padding: 5px 12px;
-        font-size: 11.5px;
-        color: var(--text-secondary);
-        font-family: var(--font-ui);
-        gap: 12px;
-    }
-    .completion .ci.active { background: rgba(122,162,247,0.15); color: var(--accent-blue); }
-    .completion .ci .det { color: var(--text-muted); font-size: 10.5px; }
-
-</style>
-</head>
-<body>
-<div class="app">
-
-    <div class="titlebar">
-        <div class="brand">
-            <div class="logo">C#</div>
-            <span>CSharpDB Studio</span>
-            <span class="dbname">— relational.db</span>
-        </div>
-        <button class="db-switcher"><i class="bi bi-database"></i> relational.db <i class="bi bi-caret-down-fill"></i></button>
-        <button class="palette-launcher"><i class="bi bi-search"></i> Search anything… <span class="kbd">Ctrl K</span></button>
-        <div class="spacer"></div>
-        <span class="conn-pill"><span class="dot"></span> Connected</span>
-    </div>
-
-    <div class="body">
-        <aside class="sidebar">
-            <div class="grp">★ Pinned</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Customers</div>
-            <div class="grp">▾ Tables · 24</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Customers</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Orders</div>
-            <div class="it"><i class="bi bi-table icon-table"></i> Invoices</div>
-        </aside>
-
-        <div class="content" style="overflow: hidden;">
-            <div class="tabstrip">
-                <div class="tab"><i class="bi bi-grid-1x2 icon-table"></i> Dashboard</div>
-                <div class="tab"><i class="bi bi-table icon-table"></i> Customers <i class="bi bi-x"></i></div>
-                <div class="tab active dirty"><i class="bi bi-terminal" style="color: var(--accent-blue);"></i> Active customers <i class="bi bi-x"></i></div>
-                <button class="tab-new"><i class="bi bi-plus"></i></button>
-            </div>
-
-            <div class="qt">
-                <!-- Top toolbar -->
-                <div class="qt-toolbar">
-                    <button class="tb primary"><i class="bi bi-play-fill"></i> Run <span class="kbd">Ctrl ↵</span></button>
-                    <button class="tb danger"><i class="bi bi-stop-fill"></i> Cancel</button>
-                    <span class="sep"></span>
-                    <button class="tb"><i class="bi bi-bar-chart-line"></i> Analyze</button>
-                    <button class="tb"><i class="bi bi-eraser"></i> Clear</button>
-                    <button class="tb"><i class="bi bi-code-slash"></i> Format</button>
-                    <button class="tb"><i class="bi bi-diagram-2"></i> Explain Plan</button>
-                    <span class="sep"></span>
-                    <div class="qt-mode">
-                        <button class="active"><i class="bi bi-terminal"></i> SQL</button>
-                        <button><i class="bi bi-diagram-3"></i> Designer</button>
-                    </div>
-                    <div class="qt-info">
-                        <span><b>1,247</b> rows · <b>18.4</b> ms · page 1</span>
-                    </div>
-                </div>
-
-                <!-- Saved bar (already exists today; included for context) -->
-                <div class="secondary-bar">
-                    <span class="label"><i class="bi bi-bookmark-star"></i> Saved</span>
-                    <input type="text" placeholder="Query name…" value="Active customers" />
-                    <button class="tb" style="padding: 3px 9px;"><i class="bi bi-save"></i> Save</button>
-                    <select>
-                        <option>Load saved query…</option>
-                    </select>
-                    <button class="tb" style="padding: 3px 8px;"><i class="bi bi-download"></i> Load</button>
-                    <span class="sep"></span>
-                    <span class="label"><i class="bi bi-bar-chart-line"></i> Stats</span>
-                    <button class="tb" style="padding: 3px 9px;"><i class="bi bi-table"></i> Table Stats</button>
-                    <button class="tb" style="padding: 3px 9px;"><i class="bi bi-list-columns"></i> Column Stats</button>
-                </div>
-
-                <!-- Workspace -->
-                <div class="workspace">
-                    <div class="work-main">
-                        <!-- Editor -->
-                        <div class="editor">
-                            <div class="gutter">
-                                <span>1</span><span>2</span><span>3</span><span>4</span><span>5</span><span>6</span><span>7</span>
-                            </div>
-                            <pre><span class="com">-- Pull active customers with recent orders</span>
-<span class="kw">SELECT</span>  c.id,
-        c.name,
-        c.email,
-        <span class="fn">COUNT</span>(o.id) <span class="kw">AS</span> order_count
-<span class="kw">FROM</span> Customers <span class="kw">AS</span> c
-<span class="kw">LEFT JOIN</span> Orders <span class="kw">AS</span> o <span class="kw">ON</span> o.customer_id <span class="op">=</span> c.<span class="kw">i</span></pre>
-                            <!-- Completion popup (already exists in app) -->
-                            <div class="completion">
-                                <div class="ci active"><span>id</span><span class="det">int · pk</span></div>
-                                <div class="ci"><span>image_url</span><span class="det">text</span></div>
-                                <div class="ci"><span>is_active</span><span class="det">int (bool)</span></div>
-                                <div class="ci"><span>imported_at</span><span class="det">datetime</span></div>
-                            </div>
-                        </div>
-
-                        <div class="splitter"></div>
-
-                        <!-- Results panel with sub-tabs -->
-                        <div class="results">
-                            <div class="res-tabs">
-                                <button class="res-tab active"><i class="bi bi-grid-3x3"></i> Results <span class="badge">1,247</span></button>
-                                <button class="res-tab"><i class="bi bi-diagram-2"></i> Plan</button>
-                                <button class="res-tab"><i class="bi bi-chat-left-text"></i> Messages <span class="badge">2</span></button>
-                                <button class="res-tab"><i class="bi bi-info-circle"></i> Stats</button>
-                                <div class="res-tabs-meta">
-                                    <span>Rows <b>1–25</b> of <b>1,247</b></span>
-                                    <button title="Export"><i class="bi bi-download"></i></button>
-                                    <button title="Copy as JSON"><i class="bi bi-clipboard"></i></button>
-                                    <button title="Pop out results"><i class="bi bi-box-arrow-up-right"></i></button>
-                                </div>
-                            </div>
-
-                            <div class="res-body">
-                                <table class="grid">
-                                    <thead>
-                                    <tr>
-                                        <th>id</th>
-                                        <th>name</th>
-                                        <th>email</th>
-                                        <th style="text-align:right;">order_count</th>
-                                        <th>last_order_at</th>
-                                    </tr>
-                                    </thead>
-                                    <tbody>
-                                    <tr><td class="id">1</td><td>Alice Smith</td><td>alice@example.com</td><td class="num">12</td><td class="dt">2026-04-22 09:14</td></tr>
-                                    <tr><td class="id">2</td><td>Bob Lee</td><td>bob@example.com</td><td class="num">3</td><td class="dt">2026-04-12 11:02</td></tr>
-                                    <tr><td class="id">3</td><td>Carol Smith</td><td>carol@example.com</td><td class="num">9</td><td class="dt">2026-04-19 16:48</td></tr>
-                                    <tr><td class="id">4</td><td>David Smith</td><td>dsmith@example.com</td><td class="num">7</td><td class="dt">2026-04-19 08:22</td></tr>
-                                    <tr><td class="id">5</td><td>Eve Smithers</td><td>eve@example.com</td><td class="num">22</td><td class="dt">2026-04-21 14:10</td></tr>
-                                    <tr><td class="id">6</td><td>Frank Smithy</td><td>frank@example.com</td><td class="num">1</td><td class="dt">2026-03-12 10:55</td></tr>
-                                    <tr><td class="id">7</td><td>Grace Smith-Jones</td><td>grace@example.com</td><td class="num">5</td><td class="dt">2026-04-22 09:17</td></tr>
-                                    <tr><td class="id">8</td><td>Henry Smithfield</td><td>hank@example.com</td><td class="num">0</td><td class="dt">—</td></tr>
-                                    </tbody>
-                                </table>
-                            </div>
-                        </div>
-                    </div>
-
-                    <!-- Right rail: query history + scratchpad chips -->
-                    <div class="rail">
-                        <div class="rail-head">
-                            <span><i class="bi bi-clock-history"></i> History</span>
-                            <button style="background:transparent; border:none; color:var(--text-muted); cursor:pointer;"><i class="bi bi-funnel"></i></button>
-                        </div>
-                        <div class="rail-tabs">
-                            <span class="rail-tab active">This tab</span>
-                            <span class="rail-tab">All</span>
-                            <span class="rail-tab">Errors</span>
-                        </div>
-                        <div class="hist-list">
-                            <div class="hist-item">
-                                <div class="meta"><span class="ok">✓ 18 ms · 1,247 rows</span><span>just now</span></div>
-                                <div class="sql"><span class="kw">SELECT</span> c.id, c.name, c.email, <span class="kw">COUNT</span>(o.id)…</div>
-                                <div class="actions">
-                                    <span class="hist-action"><i class="bi bi-arrow-90deg-up"></i> Restore</span>
-                                    <span class="hist-action"><i class="bi bi-bookmark"></i> Save</span>
-                                    <span class="hist-action"><i class="bi bi-clipboard"></i> Copy</span>
-                                </div>
-                            </div>
-                            <div class="hist-item">
-                                <div class="meta"><span class="ok">✓ 4 ms · 1 row</span><span>2m</span></div>
-                                <div class="sql"><span class="kw">SELECT COUNT</span>(*) <span class="kw">FROM</span> Customers</div>
-                            </div>
-                            <div class="hist-item">
-                                <div class="meta"><span class="err">✗ syntax error</span><span>5m</span></div>
-                                <div class="sql"><span class="kw">SELECT</span> * <span class="kw">FROMM</span> Orders</div>
-                            </div>
-                            <div class="hist-item">
-                                <div class="meta"><span class="ok">✓ 32 ms · 8,912 rows</span><span>11m</span></div>
-                                <div class="sql"><span class="kw">SELECT</span> * <span class="kw">FROM</span> Orders <span class="kw">WHERE</span> created_at > '2026-01-01'</div>
-                            </div>
-                            <div class="hist-item">
-                                <div class="meta"><span class="ok">✓ 9 ms · 6 rows</span><span>34m</span></div>
-                                <div class="sql"><span class="kw">SELECT</span> * <span class="kw">FROM</span> sys.table_stats</div>
-                            </div>
-                            <div class="hist-item">
-                                <div class="meta"><span class="ok">✓ 145 ms · 24,310 rows</span><span>1h</span></div>
-                                <div class="sql"><span class="kw">SELECT</span> * <span class="kw">FROM</span> OrderItems <span class="kw">WHERE</span> qty > 5</div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-
-    <div class="statusbar">
-        <span class="pill ok"><span class="dot"></span> Connected</span>
-        <span class="pill"><i class="bi bi-database"></i> relational.db</span>
-        <span class="pill"><i class="bi bi-terminal" style="color: var(--accent-blue);"></i> Active customers · dirty</span>
-        <span class="pill"><i class="bi bi-clock"></i> Last run 18 ms</span>
-        <div style="flex:1"></div>
-        <span class="pill action"><i class="bi bi-clock-history"></i> 87 queries today</span>
-    </div>
-</div>
-
-<!-- Annotations -->
-<div class="notes">
-    <header><i class="bi bi-lightbulb"></i> Reality check vs. the live screen</header>
-    <ul>
-        <li><b style="color: var(--accent-green);">ALREADY EXISTS</b> — Run / Analyze / Clear / Format buttons, SQL ↔ Designer mode toggle (a Visual Designer panel exists today!), saved-query name input + Save + Load dropdown + Refresh, Stats shortcuts (Table Stats / Column Stats), per-tab SQL persistence, resizable editor splitter with persisted height, line-numbered editor with syntax highlighting, autocomplete popup with arrow-key nav (Ctrl-Space to trigger explicitly), Ctrl+Enter to run, EXEC procedure parsing with named args, paged results that over-fetch one row to avoid blocking COUNT(*).</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Result sub-tabs</b> — Results / Plan / Messages / Stats. Today the result panel only shows rows. Plan would expose the existing query plan; Messages would collect non-query notices; Stats would show the existing elapsed/rows breakdown plus per-statement timings.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Explain Plan button</b> in toolbar — runs the query in plan-only mode and switches to the Plan sub-tab.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Cancel button</b> for in-flight queries.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: History rail</b> on the right — per-tab and global recent-queries list with status (✓/✗), elapsed, and row count. Hover reveals Restore / Save / Copy. Today there's no query history.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Result toolbar</b> in the result tab strip — Export, Copy as JSON, Pop out results.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-magenta);">RESTYLE</b> — toolbar visually groups primary action (Run) + cancel + secondary tools + view mode + result summary, instead of the current single flat row.</li>
-    </ul>
-</div>
-</body>
-</html>
diff --git a/www/admin-ui-mockups/reports-designer.html b/www/admin-ui-mockups/reports-designer.html
deleted file mode 100644
index 3a53caad..00000000
--- a/www/admin-ui-mockups/reports-designer.html
+++ /dev/null
@@ -1,973 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>Report Designer · Reader-view support — CSharpDB Studio Mockup</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css">
-<link rel="stylesheet" href="styles.css">
-<style>
-    body { overflow: auto; }
-
-    .page {
-        max-width: 1280px;
-        margin: 0 auto;
-        padding: 32px 28px 80px;
-    }
-
-    h1 { font-size: 22px; font-weight: 700; letter-spacing: -0.01em; margin-bottom: 6px; }
-    .crumb { color: var(--text-muted); font-size: 12px; margin-bottom: 4px; }
-    .lede { color: var(--text-secondary); font-size: 13px; max-width: 760px; margin-bottom: 8px; }
-    .lede + .lede { margin-bottom: 22px; }
-
-    h2 {
-        font-size: 12px;
-        font-weight: 600;
-        text-transform: uppercase;
-        letter-spacing: 0.7px;
-        color: var(--text-muted);
-        margin: 32px 0 12px;
-    }
-
-    /* ─── Designer shell ─── */
-    .shell {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        overflow: hidden;
-    }
-
-    .toolbar {
-        display: flex;
-        align-items: center;
-        gap: 10px;
-        padding: 10px 14px;
-        background: var(--bg-secondary);
-        border-bottom: 1px solid var(--border-color);
-        flex-wrap: wrap;
-    }
-    .toolbar .grp {
-        display: flex;
-        align-items: center;
-        gap: 6px;
-        padding-right: 12px;
-        border-right: 1px solid var(--border-color);
-    }
-    .toolbar .grp:last-child { border-right: none; }
-    .toolbar .label {
-        font-size: 11px;
-        color: var(--text-muted);
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-    }
-    .toolbar input[type=text] {
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        padding: 5px 9px;
-        border-radius: 4px;
-        color: var(--text-primary);
-        font-size: 12px;
-        font-family: var(--font-ui);
-        min-width: 180px;
-    }
-    .toolbar select {
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        padding: 5px 9px;
-        border-radius: 4px;
-        color: var(--text-primary);
-        font-size: 12px;
-        font-family: var(--font-ui);
-    }
-    .toolbar .tb {
-        background: transparent;
-        border: 1px solid var(--border-color);
-        color: var(--text-secondary);
-        padding: 5px 11px;
-        border-radius: 4px;
-        font-size: 12px;
-        cursor: pointer;
-        display: inline-flex;
-        gap: 5px;
-        align-items: center;
-    }
-    .toolbar .tb:hover { background: var(--bg-hover); color: var(--text-primary); }
-    .toolbar .tb.primary {
-        background: var(--accent-blue);
-        color: #0a0b13;
-        border-color: var(--accent-blue);
-        font-weight: 600;
-    }
-
-    .seg {
-        display: flex;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-sm);
-        overflow: hidden;
-    }
-    .seg button {
-        background: transparent;
-        border: none;
-        color: var(--text-muted);
-        font-size: 11px;
-        padding: 5px 12px;
-        cursor: pointer;
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-    }
-    .seg button:hover { color: var(--text-primary); }
-    .seg button.active {
-        color: var(--accent-blue);
-        background: var(--bg-active);
-        font-weight: 600;
-    }
-    .seg button:not(:last-child) { border-right: 1px solid var(--border-color); }
-
-    .toolbar .pill {
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-        padding: 3px 10px;
-        font-size: 11px;
-        background: rgba(122,162,247,0.12);
-        color: var(--accent-blue);
-        border-radius: 999px;
-        font-weight: 600;
-    }
-    .toolbar .pill.warn { background: rgba(224,175,104,0.12); color: var(--accent-yellow); }
-
-    /* ─── 3-column designer body ─── */
-    .designer-body {
-        display: grid;
-        grid-template-columns: 220px 1fr 320px;
-        min-height: 600px;
-    }
-
-    .panel {
-        background: var(--bg-secondary);
-        border-right: 1px solid var(--border-color);
-        padding: 14px;
-        overflow-y: auto;
-    }
-    .panel.right { border-right: none; border-left: 1px solid var(--border-color); }
-
-    .panel-section {
-        margin-bottom: 18px;
-    }
-    .panel-section h4 {
-        font-size: 10px;
-        font-weight: 600;
-        color: var(--text-muted);
-        text-transform: uppercase;
-        letter-spacing: 0.7px;
-        margin-bottom: 8px;
-        padding-bottom: 6px;
-        border-bottom: 1px solid var(--border-color);
-        display: flex;
-        align-items: center;
-        gap: 6px;
-    }
-
-    .tool-btn {
-        display: flex;
-        align-items: center;
-        gap: 8px;
-        width: 100%;
-        padding: 6px 9px;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        color: var(--text-secondary);
-        border-radius: 4px;
-        font-size: 12px;
-        cursor: pointer;
-        margin-bottom: 4px;
-    }
-    .tool-btn:hover { background: var(--bg-hover); color: var(--text-primary); }
-    .tool-btn.active {
-        background: rgba(122,162,247,0.15);
-        border-color: var(--accent-blue);
-        color: var(--accent-blue);
-    }
-    .tool-btn i { font-size: 13px; }
-
-    .list-row {
-        display: flex;
-        align-items: center;
-        gap: 6px;
-        padding: 5px 6px;
-        font-size: 12px;
-        color: var(--text-primary);
-    }
-    .list-row .x {
-        margin-left: auto;
-        color: var(--text-muted);
-        cursor: pointer;
-    }
-
-    /* ─── Center: paper canvas + reader preview ─── */
-    .center {
-        background: var(--bg-tertiary);
-        padding: 16px;
-        overflow-y: auto;
-    }
-
-    .center.split {
-        display: grid;
-        grid-template-columns: 1fr 320px;
-        gap: 16px;
-    }
-
-    .band-section {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: 4px;
-        margin-bottom: 10px;
-        overflow: hidden;
-    }
-    .band-header {
-        display: flex;
-        justify-content: space-between;
-        align-items: center;
-        padding: 6px 10px;
-        background: var(--bg-tertiary);
-        font-size: 11px;
-        color: var(--text-secondary);
-        border-bottom: 1px solid var(--border-color);
-    }
-    .band-header .name {
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-        font-weight: 600;
-    }
-    .band-header input[type=number] {
-        width: 50px;
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        padding: 2px 5px;
-        border-radius: 3px;
-        color: var(--text-primary);
-        font-size: 11px;
-    }
-
-    .band-paper {
-        background: #ffffff;
-        position: relative;
-        background-image:
-                linear-gradient(rgba(0,0,0,0.05) 1px, transparent 1px),
-                linear-gradient(90deg, rgba(0,0,0,0.05) 1px, transparent 1px);
-        background-size: 16px 16px;
-    }
-    .band-margin {
-        position: absolute;
-        top: 0;
-        bottom: 0;
-        background: rgba(0,0,0,0.03);
-        background-image: repeating-linear-gradient(
-                45deg, transparent 0 4px,
-                rgba(0,0,0,0.05) 4px 5px);
-    }
-
-    .ctrl {
-        position: absolute;
-        font-family: 'Times New Roman', Georgia, serif;
-        font-size: 10px;
-        color: #1a1a1a;
-        padding: 0 2px;
-        display: flex;
-        align-items: center;
-        white-space: nowrap;
-    }
-    .ctrl.bound, .ctrl.calc { font-family: Consolas, monospace; }
-    .ctrl.label { font-weight: 700; }
-    .ctrl.line {
-        background: #333;
-        height: 1px !important;
-    }
-    .ctrl.box {
-        border: 1px solid #333;
-    }
-    .ctrl.selected {
-        outline: 1.5px solid #1a73e8;
-        outline-offset: 1px;
-    }
-    .ctrl .role-badge {
-        position: absolute;
-        top: -8px;
-        right: -4px;
-        background: var(--accent-blue);
-        color: #fff;
-        font-size: 8px;
-        padding: 1px 4px;
-        border-radius: 3px;
-        font-family: var(--font-ui);
-        font-weight: 600;
-        text-transform: uppercase;
-        letter-spacing: 0.4px;
-    }
-    .ctrl .role-badge.title { background: var(--accent-blue); }
-    .ctrl .role-badge.field { background: var(--accent-cyan); color: #0a0b13; }
-    .ctrl .role-badge.hidden { background: var(--text-muted); }
-
-    /* ─── Reader preview pane (right of split center) ─── */
-    .reader-preview {
-        background: var(--bg-primary);
-        border: 1px solid var(--border-color);
-        border-radius: 8px;
-        overflow: hidden;
-        align-self: start;
-        position: sticky;
-        top: 16px;
-    }
-    .reader-preview .device-bar {
-        background: var(--bg-secondary);
-        border-bottom: 1px solid var(--border-color);
-        padding: 7px 12px;
-        display: flex;
-        align-items: center;
-        gap: 8px;
-        font-size: 11px;
-        color: var(--text-muted);
-    }
-    .reader-preview .device-bar .dot {
-        width: 8px;
-        height: 8px;
-        border-radius: 50%;
-        background: var(--accent-green);
-    }
-    .reader-preview-body {
-        padding: 0;
-    }
-    .rd-head {
-        padding: 12px 14px;
-        border-bottom: 1px solid var(--border-color);
-    }
-    .rd-head h3 { font-size: 13px; font-weight: 700; }
-    .rd-head .sub { font-size: 10px; color: var(--text-muted); margin-top: 2px; }
-
-    .rd-section {
-        padding: 9px 14px;
-        background: var(--bg-tertiary);
-        border-bottom: 1px solid var(--border-color);
-        font-size: 12px;
-        font-weight: 600;
-        display: flex;
-        justify-content: space-between;
-    }
-    .rd-section .badge {
-        font-size: 9px;
-        background: rgba(122,162,247,0.15);
-        color: var(--accent-blue);
-        padding: 2px 7px;
-        border-radius: 999px;
-    }
-
-    .rd-card {
-        padding: 10px 14px;
-        border-bottom: 1px solid var(--border-color);
-    }
-    .rd-card .title { font-size: 12px; font-weight: 600; }
-    .rd-card .id { font-family: var(--font-mono); font-size: 9px; color: var(--text-muted); margin-bottom: 6px; }
-    .rd-card dl {
-        display: grid;
-        grid-template-columns: 80px 1fr;
-        row-gap: 3px;
-        column-gap: 8px;
-        font-size: 11px;
-    }
-    .rd-card dt { color: var(--text-muted); }
-    .rd-card dd { color: var(--text-primary); font-family: var(--font-mono); }
-    .rd-card dd.num { color: var(--accent-orange); text-align: right; }
-
-    /* ─── Right panel: inspector ─── */
-    .insp-row {
-        display: grid;
-        grid-template-columns: 1fr 1fr;
-        gap: 6px;
-        margin-bottom: 8px;
-    }
-    .insp-row.full { grid-template-columns: 1fr; }
-    .insp-row label {
-        font-size: 10px;
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-        color: var(--text-muted);
-        display: flex;
-        flex-direction: column;
-        gap: 3px;
-    }
-    .insp-row input, .insp-row select {
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        padding: 4px 7px;
-        border-radius: 3px;
-        color: var(--text-primary);
-        font-size: 12px;
-        font-family: var(--font-ui);
-    }
-
-    .control-type-badge {
-        display: inline-block;
-        padding: 2px 8px;
-        background: rgba(125,207,255,0.15);
-        color: var(--accent-cyan);
-        border-radius: 3px;
-        font-size: 10px;
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-        font-weight: 600;
-        margin-bottom: 8px;
-    }
-
-    .reader-section-card {
-        background: var(--bg-tertiary);
-        border: 1px solid var(--accent-blue);
-        border-radius: 5px;
-        padding: 10px 12px;
-        margin-top: 12px;
-    }
-    .reader-section-card .head {
-        display: flex;
-        align-items: center;
-        gap: 6px;
-        font-size: 11px;
-        font-weight: 600;
-        color: var(--accent-blue);
-        margin-bottom: 8px;
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-    }
-    .reader-section-card .quick {
-        display: flex;
-        gap: 4px;
-        margin-top: 8px;
-    }
-    .reader-section-card .quick button {
-        flex: 1;
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        color: var(--text-secondary);
-        padding: 5px 6px;
-        font-size: 10px;
-        border-radius: 3px;
-        cursor: pointer;
-    }
-    .reader-section-card .quick button:hover { color: var(--text-primary); border-color: var(--border-light); }
-    .reader-section-card .quick button.active {
-        color: var(--accent-blue);
-        border-color: var(--accent-blue);
-        background: rgba(122,162,247,0.1);
-    }
-
-    .toggle-row {
-        display: flex;
-        justify-content: space-between;
-        align-items: center;
-        font-size: 11px;
-        margin-top: 8px;
-    }
-    .toggle {
-        position: relative;
-        width: 32px; height: 18px;
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: 9px;
-        cursor: pointer;
-        flex-shrink: 0;
-    }
-    .toggle::after {
-        content: "";
-        position: absolute;
-        top: 1px;
-        left: 1px;
-        width: 14px; height: 14px;
-        background: var(--text-muted);
-        border-radius: 50%;
-        transition: 120ms;
-    }
-    .toggle.on { background: rgba(122,162,247,0.3); border-color: var(--accent-blue); }
-    .toggle.on::after { left: 15px; background: var(--accent-blue); }
-
-    /* Lint pane */
-    .lint {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        padding: 14px 18px;
-        margin-top: 14px;
-    }
-    .lint h3 {
-        font-size: 12px;
-        font-weight: 600;
-        margin-bottom: 10px;
-        display: flex;
-        align-items: center;
-        gap: 6px;
-    }
-    .lint-item {
-        display: flex;
-        gap: 10px;
-        padding: 7px 0;
-        font-size: 12px;
-        border-bottom: 1px dashed var(--border-color);
-    }
-    .lint-item:last-child { border-bottom: none; }
-    .lint-item .ico { width: 18px; flex-shrink: 0; }
-    .lint-item .body { flex: 1; }
-    .lint-item .body b { color: var(--text-primary); }
-    .lint-item .body .sub { color: var(--text-muted); font-size: 10px; margin-top: 2px; font-family: var(--font-mono); }
-    .lint-item .fix {
-        font-size: 10px;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        color: var(--accent-blue);
-        padding: 3px 9px;
-        border-radius: 3px;
-        cursor: pointer;
-        align-self: center;
-    }
-    .lint-item .fix:hover { border-color: var(--accent-blue); }
-    .lint-item.warn .ico { color: var(--accent-yellow); }
-    .lint-item.info .ico { color: var(--accent-blue); }
-
-    .inspector-static {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        padding: 16px 18px;
-    }
-    .inspector-static h3 {
-        font-size: 13px;
-        font-weight: 600;
-        margin-bottom: 10px;
-        display: flex;
-        align-items: center;
-        gap: 6px;
-    }
-    .inspector-static ul {
-        list-style: none;
-        padding: 0;
-    }
-    .inspector-static li {
-        padding: 8px 0;
-        font-size: 12.5px;
-        color: var(--text-secondary);
-        border-bottom: 1px dashed var(--border-color);
-    }
-    .inspector-static li:last-child { border-bottom: none; }
-</style>
-</head>
-<body>
-<div class="page">
-
-    <div class="crumb">CSharpDB.Admin.Reports · Designer-side proposal</div>
-    <h1>Add Reader-view support to the report designer</h1>
-    <p class="lede">
-        The previous mockup (<a href="reports-mobile.html">reports-mobile.html</a>) added a <b>Reader
-        view</b> at runtime so phones aren't stuck side-scrolling an 816 px paper page. But if the
-        designer can't see or shape the Reader view, it's effectively invisible to the people
-        building reports — so the runtime view drifts from intent over time.
-    </p>
-    <p class="lede">
-        This proposal adds three things to <code>Pages/Designer.razor</code>: a Paper / Reader /
-        Split view toggle in the toolbar, a Reader-view subsection in the Selection inspector, and
-        a Reader-lint summary panel that catches problems before users hit them on a phone. The
-        existing 3-column layout (Toolbox / Bands / Page-settings + Selection) stays.
-    </p>
-
-    <!-- ════════ Section 1: Designer with Split mode ════════ -->
-    <h2>1 · Designer toolbar gains a view-mode switch (Paper / Reader / Split)</h2>
-
-    <div class="shell">
-        <div class="toolbar">
-            <input type="text" value="Customer Sales — Q1 2026" />
-            <select><option>vw_customer_sales</option></select>
-            <button class="tb"><i class="bi bi-save"></i> Save</button>
-            <button class="tb"><i class="bi bi-eye"></i> Preview</button>
-            <button class="tb"><i class="bi bi-arrows-fullscreen"></i> Auto Fit</button>
-
-            <div class="grp" style="margin-left: 12px;">
-                <span class="label">Designer view</span>
-                <div class="seg">
-                    <button><i class="bi bi-file-earmark"></i> Paper</button>
-                    <button><i class="bi bi-card-list"></i> Reader</button>
-                    <button class="active"><i class="bi bi-layout-split"></i> Split</button>
-                </div>
-            </div>
-
-            <div class="grp">
-                <span class="label">Reader device</span>
-                <div class="seg">
-                    <button><i class="bi bi-tablet"></i> Tablet</button>
-                    <button class="active"><i class="bi bi-phone"></i> Phone</button>
-                </div>
-            </div>
-
-            <div style="flex: 1"></div>
-            <span class="pill warn"><i class="bi bi-exclamation-triangle"></i> 3 reader hints needed</span>
-            <span class="pill"><i class="bi bi-printer"></i> Letter · Portrait</span>
-        </div>
-
-        <div class="designer-body">
-            <!-- LEFT panel: toolbox + groups + sorts (existing) -->
-            <aside class="panel">
-                <div class="panel-section">
-                    <h4><i class="bi bi-tools"></i> Toolbox</h4>
-                    <button class="tool-btn"><i class="bi bi-cursor"></i> Pointer</button>
-                    <button class="tool-btn"><i class="bi bi-tag"></i> Label</button>
-                    <button class="tool-btn active"><i class="bi bi-fonts"></i> Bound Text</button>
-                    <button class="tool-btn"><i class="bi bi-calculator"></i> Calculated</button>
-                    <button class="tool-btn"><i class="bi bi-dash-lg"></i> Line</button>
-                    <button class="tool-btn"><i class="bi bi-square"></i> Box</button>
-                </div>
-
-                <div class="panel-section">
-                    <h4><i class="bi bi-collection"></i> Groups</h4>
-                    <div class="list-row">
-                        <i class="bi bi-grip-vertical" style="color: var(--text-muted);"></i>
-                        <span>tier</span>
-                        <span class="x"><i class="bi bi-x"></i></span>
-                    </div>
-                </div>
-
-                <div class="panel-section">
-                    <h4><i class="bi bi-sort-down"></i> Sorts</h4>
-                    <div class="list-row">
-                        <span>customer_name</span>
-                        <span class="x"><i class="bi bi-x"></i></span>
-                    </div>
-                    <div class="list-row">
-                        <span>total_amount ↓</span>
-                        <span class="x"><i class="bi bi-x"></i></span>
-                    </div>
-                </div>
-            </aside>
-
-            <!-- CENTER (Split mode): paper canvas + reader preview side by side -->
-            <main class="center split">
-                <div>
-                    <!-- Page Header band -->
-                    <section class="band-section">
-                        <div class="band-header">
-                            <span class="name">Page Header</span>
-                            <input type="number" value="40" />
-                        </div>
-                        <div class="band-paper" style="height: 40px;">
-                            <div class="band-margin" style="left: 0; width: 24px;"></div>
-                            <div class="band-margin" style="right: 0; width: 24px;"></div>
-                            <div class="ctrl label" style="left: 24px; top: 4px; width: 280px; height: 18px; font-size: 14px;">
-                                Customer Sales — Q1 2026
-                            </div>
-                            <div class="ctrl line" style="left: 24px; top: 30px; width: 580px; height: 1px;"></div>
-                        </div>
-                    </section>
-
-                    <!-- Group Header band -->
-                    <section class="band-section">
-                        <div class="band-header">
-                            <span class="name">Group Header · tier</span>
-                            <input type="number" value="24" />
-                        </div>
-                        <div class="band-paper" style="height: 24px;">
-                            <div class="band-margin" style="left: 0; width: 24px;"></div>
-                            <div class="band-margin" style="right: 0; width: 24px;"></div>
-                            <div class="ctrl bound" style="left: 24px; top: 4px; width: 200px; height: 16px; font-weight: 700;">
-                                Tier · {tier}
-                                <span class="role-badge title">title</span>
-                            </div>
-                        </div>
-                    </section>
-
-                    <!-- Detail band -->
-                    <section class="band-section">
-                        <div class="band-header">
-                            <span class="name">Detail</span>
-                            <input type="number" value="22" />
-                        </div>
-                        <div class="band-paper" style="height: 22px;">
-                            <div class="band-margin" style="left: 0; width: 24px;"></div>
-                            <div class="band-margin" style="right: 0; width: 24px;"></div>
-                            <div class="ctrl bound" style="left: 24px; top: 4px; width: 30px;">
-                                {id}
-                            </div>
-                            <div class="ctrl bound selected" style="left: 60px; top: 4px; width: 130px;">
-                                {customer_name}
-                                <span class="role-badge title">title</span>
-                            </div>
-                            <div class="ctrl bound" style="left: 200px; top: 4px; width: 80px; justify-content: flex-end;">
-                                {orders}
-                                <span class="role-badge field">field</span>
-                            </div>
-                            <div class="ctrl bound" style="left: 290px; top: 4px; width: 90px; justify-content: flex-end;">
-                                {avg_amount}
-                                <span class="role-badge field">field</span>
-                            </div>
-                            <div class="ctrl bound" style="left: 390px; top: 4px; width: 90px; justify-content: flex-end;">
-                                {total_amount}
-                                <span class="role-badge field">field</span>
-                            </div>
-                            <div class="ctrl bound" style="left: 490px; top: 4px; width: 110px;">
-                                {last_order_at}
-                            </div>
-                        </div>
-                    </section>
-
-                    <!-- Group Footer band -->
-                    <section class="band-section">
-                        <div class="band-header">
-                            <span class="name">Group Footer · tier</span>
-                            <input type="number" value="22" />
-                        </div>
-                        <div class="band-paper" style="height: 22px;">
-                            <div class="band-margin" style="left: 0; width: 24px;"></div>
-                            <div class="band-margin" style="right: 0; width: 24px;"></div>
-                            <div class="ctrl calc" style="left: 200px; top: 4px; width: 280px; justify-content: flex-end; font-weight: 700;">
-                                Subtotal · =SUM(orders) · =SUM(total_amount)
-                            </div>
-                        </div>
-                    </section>
-                </div>
-
-                <!-- Reader live preview pane (right column of split center) -->
-                <div class="reader-preview">
-                    <div class="device-bar">
-                        <span class="dot"></span>
-                        <span><b style="color: var(--text-primary);">Reader preview</b> · phone · 380 px</span>
-                        <div style="margin-left: auto; display: flex; gap: 4px;">
-                            <button class="tb" style="padding: 2px 6px; font-size: 10px;"><i class="bi bi-arrow-clockwise"></i></button>
-                            <button class="tb" style="padding: 2px 6px; font-size: 10px;"><i class="bi bi-box-arrow-up-right"></i></button>
-                        </div>
-                    </div>
-                    <div class="reader-preview-body">
-                        <div class="rd-head">
-                            <h3>Customer Sales — Q1 2026</h3>
-                            <div class="sub">vw_customer_sales · live preview</div>
-                        </div>
-                        <div class="rd-section">
-                            <span><i class="bi bi-chevron-down"></i> Tier · Gold</span>
-                            <span class="badge">3</span>
-                        </div>
-                        <div class="rd-card">
-                            <div class="title">Alice Smith</div>
-                            <div class="id">CUST-00001</div>
-                            <dl>
-                                <dt>Orders</dt><dd class="num">12</dd>
-                                <dt>Avg</dt><dd class="num">$412.50</dd>
-                                <dt>Total</dt><dd class="num">$4,950.00</dd>
-                            </dl>
-                        </div>
-                        <div class="rd-card">
-                            <div class="title">David Smith</div>
-                            <div class="id">CUST-00004</div>
-                            <dl>
-                                <dt>Orders</dt><dd class="num">7</dd>
-                                <dt>Avg</dt><dd class="num">$389.00</dd>
-                                <dt>Total</dt><dd class="num">$2,723.00</dd>
-                            </dl>
-                        </div>
-                    </div>
-                </div>
-            </main>
-
-            <!-- RIGHT panel: Selection inspector + Reader subsection -->
-            <aside class="panel right">
-                <div class="panel-section">
-                    <h4><i class="bi bi-file-earmark"></i> Page Settings</h4>
-                    <div class="insp-row">
-                        <label>Paper <select><option>Letter</option><option>A4</option></select></label>
-                        <label>Orient. <select><option>Portrait</option></select></label>
-                    </div>
-                    <div class="insp-row">
-                        <label>L margin <input type="number" value="0.5" step="0.1" /></label>
-                        <label>T margin <input type="number" value="0.5" step="0.1" /></label>
-                        <label>R margin <input type="number" value="0.5" step="0.1" /></label>
-                        <label>B margin <input type="number" value="0.5" step="0.1" /></label>
-                    </div>
-                </div>
-
-                <div class="panel-section">
-                    <h4><i class="bi bi-bullseye"></i> Selection</h4>
-                    <div class="control-type-badge">BoundText</div>
-                    <div class="insp-row">
-                        <label>X <input type="number" value="60" step="4" /></label>
-                        <label>Y <input type="number" value="4" step="4" /></label>
-                        <label>W <input type="number" value="130" step="4" /></label>
-                        <label>H <input type="number" value="14" step="2" /></label>
-                    </div>
-                    <div class="insp-row full">
-                        <label>Field
-                            <select><option>customer_name</option></select>
-                        </label>
-                    </div>
-                    <div class="insp-row">
-                        <label>Format <input type="text" placeholder="e.g. C2" /></label>
-                        <label>Align <select><option>Left</option></select></label>
-                    </div>
-                    <div class="insp-row">
-                        <label>Font size <input type="number" value="10" /></label>
-                        <label>Weight <input type="text" value="400" /></label>
-                    </div>
-
-                    <!-- ★ NEW: Reader-view subsection ★ -->
-                    <div class="reader-section-card">
-                        <div class="head"><i class="bi bi-card-list"></i> Reader view</div>
-                        <div class="insp-row full">
-                            <label>Role
-                                <select>
-                                    <option selected>Card title</option>
-                                    <option>Card subtitle</option>
-                                    <option>Detail field</option>
-                                    <option>Hidden in reader</option>
-                                </select>
-                            </label>
-                        </div>
-                        <div class="insp-row full">
-                            <label>Reader label
-                                <input type="text" value="Customer" placeholder="(field name)" />
-                            </label>
-                        </div>
-                        <div class="toggle-row">
-                            <span style="color: var(--text-secondary);">Show on phone</span>
-                            <div class="toggle on"></div>
-                        </div>
-                        <div class="quick">
-                            <button>Title</button>
-                            <button class="active">Field</button>
-                            <button>Hide</button>
-                        </div>
-                    </div>
-                </div>
-            </aside>
-        </div>
-    </div>
-
-    <!-- ════════ Section 2: Auto-derive + lint ════════ -->
-    <h2>2 · Auto-derive Reader hints + lint warnings</h2>
-    <p class="lede" style="margin-top: -6px;">
-        For existing reports the designer can synthesize hints from the layout in one click. The
-        lint panel surfaces problems specific to Reader so they don't get discovered on a phone.
-    </p>
-
-    <div class="lint">
-        <h3 style="display: flex; justify-content: space-between;">
-            <span><i class="bi bi-exclamation-triangle" style="color: var(--accent-yellow);"></i> Reader-view lint · <code style="font-family: var(--font-mono); color: var(--text-muted); font-size: 11px;">Customer Sales — Q1 2026</code></span>
-            <button style="background: var(--accent-blue); color: #0a0b13; border: none; padding: 5px 12px; border-radius: 4px; font-weight: 600; cursor: pointer; font-size: 12px;">
-                <i class="bi bi-magic"></i> Auto-derive all hints
-            </button>
-        </h3>
-
-        <div class="lint-item warn">
-            <span class="ico"><i class="bi bi-exclamation-triangle-fill"></i></span>
-            <div class="body">
-                <b>3 BoundText controls have no Reader role assigned.</b>
-                <div class="sub">Detail band · {orders}, {avg_amount}, {last_order_at}</div>
-            </div>
-            <button class="fix">Auto-assign as fields →</button>
-        </div>
-
-        <div class="lint-item info">
-            <span class="ico"><i class="bi bi-info-circle-fill"></i></span>
-            <div class="body">
-                <b>No Card title set on Detail band.</b>
-                <div class="sub">First BoundText {id} would auto-promote at runtime — set explicitly to avoid surprises.</div>
-            </div>
-            <button class="fix">Use {customer_name} →</button>
-        </div>
-
-        <div class="lint-item info">
-            <span class="ico"><i class="bi bi-info-circle-fill"></i></span>
-            <div class="body">
-                <b>2 Line controls in Page Header will be hidden in Reader.</b>
-                <div class="sub">Decorative controls (Line, Box) auto-hide. No action needed unless you want them shown.</div>
-            </div>
-            <button class="fix">Acknowledge</button>
-        </div>
-
-        <div class="lint-item warn">
-            <span class="ico"><i class="bi bi-exclamation-triangle-fill"></i></span>
-            <div class="body">
-                <b>Group Footer formula <code style="color: var(--text-primary);">=SUM(orders)</code> renders as a single line in Reader.</b>
-                <div class="sub">Group Footer · tier · width 280 px on paper, full width on phone.</div>
-            </div>
-            <button class="fix">Preview →</button>
-        </div>
-    </div>
-
-    <!-- ════════ Section 3: Notes ════════ -->
-    <h2>3 · Implementation notes &amp; non-goals</h2>
-
-    <div class="inspector-static">
-        <ul>
-            <li>
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Toolbar gains two segmented controls</b> — Designer view (<code>Paper</code> /
-                <code>Reader</code> / <code>Split</code>) and, when Reader or Split is active, a
-                Reader-device toggle (<code>Tablet</code> / <code>Phone</code>). State persists per
-                report in <code>localStorage</code>; default is <code>Split</code>.
-            </li>
-            <li>
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Split mode reuses the runtime Reader projection.</b> The reader pane on the
-                right is the same <code>IReportReaderService</code> output described in
-                <a href="reports-mobile.html">reports-mobile.html</a>, rendered into an iframe-like
-                container at the chosen device width. Edits on the paper canvas trigger a debounced
-                preview rebuild.
-            </li>
-            <li>
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Selection inspector grows a "Reader view" subsection</b> — Role dropdown
-                (<code>title / subtitle / field / hidden</code>), custom label override, "show on
-                phone" toggle, and three quick-action buttons (Title / Field / Hide) for one-click
-                changes. Stored in <code>ReportControlDefinition.Props["readerHint"]</code> via the
-                existing <code>PropertyBag</code> — no schema migration.
-            </li>
-            <li>
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Controls on the canvas show a tiny role badge</b> (<code>title</code>,
-                <code>field</code>, <code>hidden</code>) when a Reader hint is set — quick visual
-                map of what the Reader view will pick up. Toggle-able from a View menu.
-            </li>
-            <li>
-                <span style="color: var(--accent-blue);">●</span>
-                <b>"Auto-derive all hints" runs the inference rules on the whole report</b> — first
-                BoundText in Detail → title; remaining BoundText → fields with <code>BoundFieldName</code> as
-                the label; Line / Box → hidden; GroupHeader BoundText → section title; GroupFooter
-                CalculatedText → summary row. Pre-populates everything; users only refine.
-            </li>
-            <li>
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Lint panel</b> appears below the designer (or as a collapsible footer). Each
-                item has a one-click fix. The "3 reader hints needed" pill in the toolbar is the
-                count summary; clicking it scrolls the lint panel into view.
-            </li>
-            <li>
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Page Settings stays paper-only.</b> Reader has no concept of paper size /
-                margins — it's a continuous list. Margin/orientation controls don't move; they just
-                don't affect the reader pane.
-            </li>
-            <li>
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Non-goal · mobile-friendly designer.</b> The 3-column desktop layout
-                (220 / flex / 320) and pointer-driven drag-resize are the right tools for building
-                a paper report. Making the designer touch-friendly would compromise it for a use
-                case that doesn't really exist (nobody designs a report on a phone). The Reader
-                <i>preview</i> pane goes mobile-sized, but the surrounding designer chrome stays
-                desktop-only.
-            </li>
-            <li>
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Out of scope</b> — drag-and-drop within the Reader preview (Reader is read-only),
-                a separate "mobile report definition" (whole point is one definition / two views),
-                Reader-specific charts (current renderer only supports text / line / box anyway).
-            </li>
-        </ul>
-    </div>
-
-    <p style="font-size: 12px; color: var(--text-muted); margin-top: 28px;">
-        Pairs with: <a href="reports-mobile.html">reports-mobile.html</a> (the runtime Reader view).
-        Back to <a href="index.html">all mockups</a>.
-    </p>
-</div>
-</body>
-</html>
diff --git a/www/admin-ui-mockups/reports-mobile.html b/www/admin-ui-mockups/reports-mobile.html
deleted file mode 100644
index 9dac6e6b..00000000
--- a/www/admin-ui-mockups/reports-mobile.html
+++ /dev/null
@@ -1,817 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>Mobile-friendly Reports — CSharpDB Studio Mockup</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css">
-<link rel="stylesheet" href="styles.css">
-<style>
-    body { overflow: auto; }
-
-    .page {
-        max-width: 1280px;
-        margin: 0 auto;
-        padding: 32px 28px 80px;
-    }
-
-    h1 { font-size: 22px; font-weight: 700; letter-spacing: -0.01em; margin-bottom: 6px; }
-    .crumb { color: var(--text-muted); font-size: 12px; margin-bottom: 4px; }
-    .lede { color: var(--text-secondary); font-size: 13px; max-width: 760px; margin-bottom: 8px; }
-    .lede + .lede { margin-bottom: 22px; }
-
-    h2 {
-        font-size: 12px;
-        font-weight: 600;
-        text-transform: uppercase;
-        letter-spacing: 0.7px;
-        color: var(--text-muted);
-        margin: 32px 0 12px;
-    }
-
-    /* ─── Toolbar / view mode switch ───────────────────────── */
-    .shell {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        overflow: hidden;
-    }
-    .toolbar {
-        display: flex;
-        align-items: center;
-        gap: 10px;
-        padding: 10px 14px;
-        background: var(--bg-secondary);
-        border-bottom: 1px solid var(--border-color);
-        flex-wrap: wrap;
-    }
-    .toolbar .grp {
-        display: flex;
-        align-items: center;
-        gap: 6px;
-        padding-right: 12px;
-        border-right: 1px solid var(--border-color);
-    }
-    .toolbar .grp:last-child { border-right: none; }
-    .toolbar .label {
-        font-size: 11px;
-        color: var(--text-muted);
-        text-transform: uppercase;
-        letter-spacing: 0.5px;
-    }
-
-    .seg {
-        display: flex;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-sm);
-        overflow: hidden;
-    }
-    .seg button {
-        background: transparent;
-        border: none;
-        color: var(--text-muted);
-        font-size: 11px;
-        padding: 5px 12px;
-        cursor: pointer;
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-    }
-    .seg button:hover { color: var(--text-primary); }
-    .seg button.active {
-        color: var(--accent-blue);
-        background: var(--bg-active);
-        font-weight: 600;
-    }
-    .seg button:not(:last-child) { border-right: 1px solid var(--border-color); }
-
-    .toolbar .pill {
-        display: inline-flex;
-        align-items: center;
-        gap: 5px;
-        padding: 3px 10px;
-        font-size: 11px;
-        background: rgba(122,162,247,0.12);
-        color: var(--accent-blue);
-        border-radius: 999px;
-        font-weight: 600;
-    }
-    .toolbar .pill.green { background: rgba(158,206,106,0.12); color: var(--accent-green); }
-
-    /* ─── Stage with device frames ─────────────────────────── */
-    .stage {
-        background: var(--bg-tertiary);
-        padding: 28px;
-        display: flex;
-        gap: 28px;
-        justify-content: center;
-        align-items: flex-start;
-        flex-wrap: wrap;
-    }
-
-    .device {
-        background: var(--bg-primary);
-        border: 1px solid var(--border-color);
-        border-radius: 18px;
-        padding: 18px 14px;
-        position: relative;
-        flex-shrink: 0;
-        box-shadow: 0 24px 48px rgba(0,0,0,0.35);
-    }
-    .device .notch {
-        position: absolute;
-        top: 6px;
-        left: 50%;
-        transform: translateX(-50%);
-        width: 50px;
-        height: 4px;
-        background: var(--border-light);
-        border-radius: 4px;
-    }
-    .device.phone { width: 380px; }
-    .device.tablet { width: 720px; }
-    .device.desktop {
-        width: 100%;
-        max-width: 980px;
-        border-radius: 8px;
-        padding: 20px;
-    }
-    .device-meta {
-        position: absolute;
-        bottom: -22px;
-        left: 50%;
-        transform: translateX(-50%);
-        font-size: 10px;
-        color: var(--text-muted);
-        white-space: nowrap;
-    }
-
-    /* ─── PAPER view — fixed-width report page ─────────────── */
-    .paper {
-        background: #ffffff;
-        color: #1a1a1a;
-        border: 1px solid #b0b0b0;
-        box-shadow: 0 2px 12px rgba(0,0,0,0.18);
-        font-family: 'Times New Roman', Georgia, serif;
-        position: relative;
-        overflow: hidden;
-        margin: 0 auto;
-    }
-    .paper.letter-portrait {
-        width: 408px;          /* 816 / 2 = scaled half-letter */
-        min-height: 528px;     /* 1056 / 2 */
-        padding: 14px 18px;
-    }
-    /* Sized to demonstrate the "side-scroll on a phone" problem */
-    .paper.full-width {
-        width: 816px;
-        min-height: 0;
-        padding: 24px;
-    }
-    .paper h2 { color: #000; font-size: 14px; font-weight: 700; margin-bottom: 4px; text-transform: none; letter-spacing: 0; }
-    .paper .meta { font-size: 9px; color: #555; margin-bottom: 10px; }
-    .paper .col-headers, .paper .row {
-        display: grid;
-        grid-template-columns: 50px 1fr 90px 70px 80px;
-        gap: 6px;
-        font-size: 10px;
-    }
-    .paper .col-headers {
-        font-weight: 700;
-        border-bottom: 1.5px solid #000;
-        padding-bottom: 3px;
-        margin-bottom: 5px;
-    }
-    .paper .row {
-        padding: 3px 0;
-        border-bottom: 0.5px solid #ddd;
-        font-family: Consolas, "SFMono-Regular", monospace;
-    }
-    .paper .row .num { text-align: right; }
-    .paper .group-hdr {
-        font-weight: 700;
-        font-size: 11px;
-        margin: 8px 0 4px;
-        padding: 3px 0;
-        border-top: 0.5px solid #000;
-        border-bottom: 0.5px solid #000;
-        background: #f4f4f4;
-        padding-left: 4px;
-    }
-    .paper .group-ftr {
-        font-weight: 700;
-        font-size: 10px;
-        text-align: right;
-        padding: 3px 0;
-        margin-bottom: 6px;
-        border-top: 0.5px solid #555;
-    }
-    .paper .footer {
-        position: absolute;
-        bottom: 8px;
-        left: 18px;
-        right: 18px;
-        display: flex;
-        justify-content: space-between;
-        font-size: 9px;
-        color: #777;
-        font-style: italic;
-        border-top: 0.5px solid #999;
-        padding-top: 3px;
-    }
-
-    /* ─── READER view — reflowed cards/list ────────────────── */
-    .reader {
-        background: var(--bg-primary);
-        color: var(--text-primary);
-        font-family: var(--font-ui);
-    }
-    .reader-head {
-        padding: 14px 16px 10px;
-        background: var(--bg-secondary);
-        border-bottom: 1px solid var(--border-color);
-    }
-    .reader-head h3 {
-        font-size: 14px;
-        font-weight: 700;
-        letter-spacing: -0.01em;
-    }
-    .reader-head .sub { color: var(--text-muted); font-size: 11px; margin-top: 4px; }
-
-    .reader-section {
-        padding: 12px 16px 6px;
-        background: var(--bg-tertiary);
-        border-bottom: 1px solid var(--border-color);
-        font-size: 12px;
-        font-weight: 600;
-        color: var(--text-primary);
-        display: flex;
-        justify-content: space-between;
-        align-items: center;
-    }
-    .reader-section .badge {
-        font-size: 10px;
-        background: rgba(122,162,247,0.15);
-        color: var(--accent-blue);
-        padding: 2px 8px;
-        border-radius: 999px;
-        font-weight: 600;
-    }
-    .reader-section i.collapse {
-        color: var(--text-muted);
-        font-size: 11px;
-    }
-
-    .reader-card {
-        padding: 12px 16px;
-        border-bottom: 1px solid var(--border-color);
-    }
-    .reader-card .title {
-        font-size: 13px;
-        font-weight: 600;
-        color: var(--text-primary);
-        margin-bottom: 2px;
-    }
-    .reader-card .id {
-        font-family: var(--font-mono);
-        font-size: 10px;
-        color: var(--text-muted);
-        margin-bottom: 8px;
-    }
-    .reader-card dl {
-        display: grid;
-        grid-template-columns: 100px 1fr;
-        row-gap: 4px;
-        column-gap: 10px;
-        font-size: 11.5px;
-    }
-    .reader-card dt { color: var(--text-muted); }
-    .reader-card dd { color: var(--text-primary); font-family: var(--font-mono); }
-    .reader-card dd.num { color: var(--accent-orange); font-variant-numeric: tabular-nums; text-align: right; }
-
-    .reader-group-foot {
-        padding: 10px 16px;
-        font-size: 11.5px;
-        background: var(--bg-secondary);
-        border-bottom: 1px solid var(--border-color);
-        display: flex;
-        justify-content: space-between;
-    }
-    .reader-group-foot .lbl { color: var(--text-muted); }
-    .reader-group-foot .val { color: var(--accent-blue); font-weight: 600; font-variant-numeric: tabular-nums; }
-
-    .reader-foot {
-        padding: 10px 16px;
-        font-size: 10px;
-        color: var(--text-muted);
-        background: var(--bg-secondary);
-        text-align: center;
-    }
-
-    /* Mini bottom toolbar inside the device */
-    .reader-bottom {
-        padding: 10px 14px;
-        background: var(--bg-secondary);
-        border-top: 1px solid var(--border-color);
-        display: flex;
-        gap: 8px;
-        justify-content: space-between;
-        align-items: center;
-    }
-    .reader-bottom .btn-mini {
-        flex: 1;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        color: var(--text-primary);
-        padding: 8px;
-        border-radius: 5px;
-        font-size: 11px;
-        cursor: pointer;
-    }
-    .reader-bottom .btn-mini.primary {
-        background: var(--accent-blue);
-        color: #0a0b13;
-        border-color: var(--accent-blue);
-        font-weight: 600;
-    }
-
-    /* ─── Page navigator (paper view on phone) ─────────────── */
-    .pager {
-        margin-top: 10px;
-        display: flex;
-        align-items: center;
-        justify-content: space-between;
-        font-size: 11px;
-        color: var(--text-secondary);
-        background: var(--bg-secondary);
-        padding: 8px 12px;
-        border-radius: 5px;
-        border: 1px solid var(--border-color);
-    }
-    .pager button {
-        background: transparent;
-        border: 1px solid var(--border-color);
-        color: var(--text-primary);
-        width: 28px; height: 28px;
-        border-radius: 4px;
-        cursor: pointer;
-    }
-    .pager button:hover { background: var(--bg-hover); }
-
-    /* ─── Property inspector for Reader hints ──────────────── */
-    .inspector {
-        background: var(--bg-secondary);
-        border: 1px solid var(--border-color);
-        border-radius: var(--radius-lg);
-        padding: 16px 18px;
-        font-size: 12.5px;
-    }
-    .inspector h3 {
-        font-size: 13px;
-        font-weight: 600;
-        margin-bottom: 10px;
-        display: flex;
-        align-items: center;
-        gap: 6px;
-    }
-    .inspector .row {
-        display: grid;
-        grid-template-columns: 140px 1fr;
-        align-items: center;
-        gap: 12px;
-        padding: 6px 0;
-        border-bottom: 1px dashed var(--border-color);
-    }
-    .inspector .row:last-of-type { border-bottom: none; }
-    .inspector .row .k { color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.5px; }
-    .inspector .row .v { color: var(--text-primary); }
-    .inspector input[type=text], .inspector select {
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: 4px;
-        padding: 4px 8px;
-        color: var(--text-primary);
-        font-size: 12px;
-        font-family: var(--font-ui);
-        width: 100%;
-    }
-
-    .toggle {
-        position: relative;
-        width: 38px; height: 20px;
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        border-radius: 10px;
-        cursor: pointer;
-        flex-shrink: 0;
-    }
-    .toggle::after {
-        content: "";
-        position: absolute;
-        top: 1px;
-        left: 1px;
-        width: 16px; height: 16px;
-        background: var(--text-muted);
-        border-radius: 50%;
-        transition: 120ms ease;
-    }
-    .toggle.on { background: rgba(122,162,247,0.3); border-color: var(--accent-blue); }
-    .toggle.on::after { left: 19px; background: var(--accent-blue); }
-
-    .two-col {
-        display: grid;
-        grid-template-columns: 1fr 320px;
-        gap: 18px;
-    }
-
-    @media (max-width: 1080px) {
-        .two-col { grid-template-columns: 1fr; }
-    }
-</style>
-</head>
-<body>
-<div class="page">
-
-    <div class="crumb">CSharpDB.Admin.Reports · UI proposal</div>
-    <h1>Mobile-friendly reports — keep paper, add a Reader view</h1>
-    <p class="lede">
-        Reports are different from forms: a report is supposed to look like paper. The current
-        renderer fixes an 816 × 1056 page surface and absolutely-positions every band's controls in
-        pixels (<code>Pages/Preview.razor</code>, <code>reports.css</code>). On a phone the page
-        side-scrolls. That's painful to read but right for print fidelity.
-    </p>
-    <p class="lede">
-        The proposal: <b>do not</b> reflow the paper. Add a <b>Reader view</b> that the same
-        <code>ReportDefinition</code> produces — bands become sections, repeated detail rows become
-        cards, group footers become summary lines. Phone visitors get Reader by default, desktop
-        gets Paper, and the toolbar lets the user swap. Print &amp; Export PDF always use Paper.
-    </p>
-
-    <!-- ════════ Section 1: Designer / preview toolbar ════════ -->
-    <h2>1 · Preview toolbar gains a View-mode switch</h2>
-
-    <div class="two-col">
-        <div class="shell">
-            <div class="toolbar">
-                <div class="grp">
-                    <span class="label">View</span>
-                    <div class="seg">
-                        <button class="active"><i class="bi bi-file-earmark"></i> Paper</button>
-                        <button><i class="bi bi-card-list"></i> Reader</button>
-                    </div>
-                </div>
-                <div class="grp">
-                    <span class="label">Page</span>
-                    <div class="seg">
-                        <button><i class="bi bi-arrows-fullscreen"></i> Fit width</button>
-                        <button class="active">100%</button>
-                        <button>150%</button>
-                        <button>200%</button>
-                    </div>
-                </div>
-                <div class="grp">
-                    <span class="pill green"><i class="bi bi-printer"></i> Print uses Paper</span>
-                </div>
-                <div style="flex: 1"></div>
-                <div class="grp">
-                    <button class="tb-btn"><i class="bi bi-arrow-clockwise"></i> Refresh</button>
-                    <button class="tb-btn"><i class="bi bi-printer"></i> Print</button>
-                    <button class="tb-btn"><i class="bi bi-download"></i> Export PDF</button>
-                </div>
-            </div>
-
-            <div class="stage" style="padding: 28px 18px;">
-                <div class="device tablet">
-                    <div class="paper letter-portrait" style="width: 100%;">
-                        <h2>Customer Sales — Q1 2026</h2>
-                        <div class="meta">vw_customer_sales · 2026-04-26 · Letter · Portrait</div>
-
-                        <div class="col-headers">
-                            <span>ID</span><span>Customer</span><span class="num">Orders</span><span class="num">Avg ($)</span><span class="num">Total ($)</span>
-                        </div>
-
-                        <div class="group-hdr">Tier · Gold</div>
-                        <div class="row"><span>1</span><span>Alice Smith</span><span class="num">12</span><span class="num">412.50</span><span class="num">4,950.00</span></div>
-                        <div class="row"><span>4</span><span>David Smith</span><span class="num">7</span><span class="num">389.00</span><span class="num">2,723.00</span></div>
-                        <div class="row"><span>5</span><span>Eve Smithers</span><span class="num">22</span><span class="num">221.00</span><span class="num">4,862.00</span></div>
-                        <div class="group-ftr">Subtotal · 41 orders · $12,535.00</div>
-
-                        <div class="group-hdr">Tier · Silver</div>
-                        <div class="row"><span>2</span><span>Bob Lee</span><span class="num">3</span><span class="num">102.00</span><span class="num">306.00</span></div>
-                        <div class="row"><span>7</span><span>Grace Smith</span><span class="num">5</span><span class="num">88.00</span><span class="num">440.00</span></div>
-                        <div class="group-ftr">Subtotal · 8 orders · $746.00</div>
-
-                        <div class="footer"><span>Customer Sales</span><span>Page 1 of 4</span></div>
-                    </div>
-                    <div class="device-meta">tablet preview · Paper view · Letter portrait</div>
-                </div>
-            </div>
-        </div>
-
-        <!-- Inspector: Reader hints per control -->
-        <div class="inspector">
-            <h3><i class="bi bi-card-list" style="color: var(--accent-blue);"></i> Reader-view settings</h3>
-
-            <div class="row">
-                <span class="k">Reader enabled</span>
-                <span class="v"><div class="toggle on"></div></span>
-            </div>
-            <div class="row">
-                <span class="k">Auto on phone</span>
-                <span class="v"><div class="toggle on"></div></span>
-            </div>
-            <div class="row">
-                <span class="k">Group cards</span>
-                <span class="v">Collapsible</span>
-            </div>
-            <div class="row">
-                <span class="k">Card sort</span>
-                <span class="v">Match Paper order</span>
-            </div>
-
-            <h3 style="margin-top: 16px;"><i class="bi bi-collection" style="color: var(--accent-blue);"></i> Selected control</h3>
-
-            <div class="row">
-                <span class="k">Field</span>
-                <span class="v"><code>customer_name</code></span>
-            </div>
-            <div class="row">
-                <span class="k">Reader role</span>
-                <span class="v">
-                    <select>
-                        <option>Card title</option>
-                        <option>Card subtitle</option>
-                        <option>Detail field</option>
-                        <option>Hidden in reader</option>
-                    </select>
-                </span>
-            </div>
-            <div class="row">
-                <span class="k">Reader label</span>
-                <span class="v"><input type="text" value="Customer" /></span>
-            </div>
-            <div class="row">
-                <span class="k">Show on phone</span>
-                <span class="v"><div class="toggle on"></div></span>
-            </div>
-
-            <p style="font-size: 11px; color: var(--text-muted); margin-top: 12px; line-height: 1.5;">
-                Stored in <code>ControlDefinition.Props["readerHint"]</code>. Decorative
-                Line / Box controls auto-hide in Reader. BoundText controls auto-promote: first
-                in the Detail band → card title, others → labelled fields.
-            </p>
-        </div>
-    </div>
-
-    <!-- ════════ Section 2: Same report at three breakpoints ════════ -->
-    <h2>2 · Same report on desktop, tablet, and phone</h2>
-    <p class="lede" style="margin-top: -6px;">
-        Desktop &amp; tablet stay on Paper for fidelity. Phone defaults to Reader.
-    </p>
-
-    <div class="stage">
-        <!-- Desktop · Paper -->
-        <div class="device desktop" style="max-width: 460px;">
-            <div class="paper letter-portrait" style="width: 100%; min-height: 460px; padding: 18px;">
-                <h2>Customer Sales — Q1 2026</h2>
-                <div class="meta">vw_customer_sales · Letter · Portrait</div>
-                <div class="col-headers">
-                    <span>ID</span><span>Customer</span><span class="num">Orders</span><span class="num">Avg ($)</span><span class="num">Total ($)</span>
-                </div>
-                <div class="group-hdr">Tier · Gold</div>
-                <div class="row"><span>1</span><span>Alice Smith</span><span class="num">12</span><span class="num">412.50</span><span class="num">4,950.00</span></div>
-                <div class="row"><span>4</span><span>David Smith</span><span class="num">7</span><span class="num">389.00</span><span class="num">2,723.00</span></div>
-                <div class="row"><span>5</span><span>Eve Smithers</span><span class="num">22</span><span class="num">221.00</span><span class="num">4,862.00</span></div>
-                <div class="group-ftr">Subtotal · 41 · $12,535.00</div>
-                <div class="group-hdr">Tier · Silver</div>
-                <div class="row"><span>2</span><span>Bob Lee</span><span class="num">3</span><span class="num">102.00</span><span class="num">306.00</span></div>
-                <div class="row"><span>7</span><span>Grace S.</span><span class="num">5</span><span class="num">88.00</span><span class="num">440.00</span></div>
-                <div class="group-ftr">Subtotal · 8 · $746.00</div>
-            </div>
-            <div class="device-meta">desktop · Paper · ≥ 1024 px</div>
-        </div>
-
-        <!-- Tablet · Paper at 75% Fit-width -->
-        <div class="device tablet" style="width: 460px;">
-            <div class="paper letter-portrait" style="width: 100%; min-height: 460px; padding: 16px;">
-                <h2>Customer Sales — Q1 2026</h2>
-                <div class="meta">Fit-width · 75%</div>
-                <div class="col-headers">
-                    <span>ID</span><span>Customer</span><span class="num">Orders</span><span class="num">Avg</span><span class="num">Total</span>
-                </div>
-                <div class="group-hdr">Tier · Gold</div>
-                <div class="row"><span>1</span><span>Alice Smith</span><span class="num">12</span><span class="num">412</span><span class="num">4,950</span></div>
-                <div class="row"><span>4</span><span>David Smith</span><span class="num">7</span><span class="num">389</span><span class="num">2,723</span></div>
-                <div class="row"><span>5</span><span>Eve Smithers</span><span class="num">22</span><span class="num">221</span><span class="num">4,862</span></div>
-                <div class="group-ftr">Subtotal · $12,535</div>
-                <div class="group-hdr">Tier · Silver</div>
-                <div class="row"><span>2</span><span>Bob Lee</span><span class="num">3</span><span class="num">102</span><span class="num">306</span></div>
-                <div class="row"><span>7</span><span>Grace S.</span><span class="num">5</span><span class="num">88</span><span class="num">440</span></div>
-                <div class="group-ftr">Subtotal · $746</div>
-            </div>
-            <div class="device-meta">tablet · Paper @ Fit-width · ≥ 640 px</div>
-        </div>
-
-        <!-- Phone · Reader -->
-        <div class="device phone">
-            <div class="notch"></div>
-            <div class="reader" style="border: 1px solid var(--border-color); border-radius: 6px; overflow: hidden;">
-                <div class="reader-head">
-                    <h3>Customer Sales — Q1 2026</h3>
-                    <div class="sub">vw_customer_sales · 41 rows · 2 groups</div>
-                </div>
-
-                <div class="reader-section">
-                    <span><i class="bi bi-chevron-down collapse"></i> Tier · Gold</span>
-                    <span class="badge">3 customers</span>
-                </div>
-
-                <div class="reader-card">
-                    <div class="title">Alice Smith</div>
-                    <div class="id">CUST-00001</div>
-                    <dl>
-                        <dt>Orders</dt><dd class="num">12</dd>
-                        <dt>Avg</dt><dd class="num">$412.50</dd>
-                        <dt>Total</dt><dd class="num">$4,950.00</dd>
-                    </dl>
-                </div>
-                <div class="reader-card">
-                    <div class="title">David Smith</div>
-                    <div class="id">CUST-00004</div>
-                    <dl>
-                        <dt>Orders</dt><dd class="num">7</dd>
-                        <dt>Avg</dt><dd class="num">$389.00</dd>
-                        <dt>Total</dt><dd class="num">$2,723.00</dd>
-                    </dl>
-                </div>
-
-                <div class="reader-group-foot">
-                    <span class="lbl">Subtotal · 41 orders</span>
-                    <span class="val">$12,535.00</span>
-                </div>
-
-                <div class="reader-section">
-                    <span><i class="bi bi-chevron-right collapse"></i> Tier · Silver</span>
-                    <span class="badge">2 customers</span>
-                </div>
-
-                <div class="reader-foot">Customer Sales · 1–5 of 41 · scroll for more</div>
-            </div>
-            <div class="device-meta">phone · Reader (default) · &lt; 640 px</div>
-        </div>
-    </div>
-
-    <!-- ════════ Section 3: Today vs. Reader on a 380 px phone ════════ -->
-    <h2>3 · Today vs. Reader on a 380 px phone</h2>
-
-    <div class="stage" style="background: var(--bg-secondary);">
-        <!-- Today: paper with side-scroll -->
-        <div class="device phone">
-            <div class="notch"></div>
-            <div style="border: 1px solid var(--border-color); border-radius: 6px; overflow-x: auto; overflow-y: hidden; max-width: 100%;">
-                <div class="paper full-width" style="margin: 0;">
-                    <h2>Customer Sales — Q1 2026</h2>
-                    <div class="meta">vw_customer_sales · 2026-04-26 · Letter</div>
-                    <div class="col-headers">
-                        <span>ID</span><span>Customer</span><span class="num">Orders</span><span class="num">Avg ($)</span><span class="num">Total ($)</span>
-                    </div>
-                    <div class="group-hdr">Tier · Gold</div>
-                    <div class="row"><span>1</span><span>Alice Smith</span><span class="num">12</span><span class="num">412.50</span><span class="num">4,950.00</span></div>
-                    <div class="row"><span>4</span><span>David Smith</span><span class="num">7</span><span class="num">389.00</span><span class="num">2,723.00</span></div>
-                    <div class="row"><span>5</span><span>Eve Smithers</span><span class="num">22</span><span class="num">221.00</span><span class="num">4,862.00</span></div>
-                    <div class="group-ftr">Subtotal · 41 orders · $12,535.00</div>
-                </div>
-            </div>
-            <div class="pager">
-                <button>‹</button>
-                <span>Page 1 of 4 · pinch to zoom</span>
-                <button>›</button>
-            </div>
-            <div class="device-meta" style="color: var(--accent-red);">TODAY · Paper side-scrolls · text tiny · headers off-screen</div>
-        </div>
-
-        <!-- Reader on the same phone -->
-        <div class="device phone">
-            <div class="notch"></div>
-            <div class="reader" style="border: 1px solid var(--border-color); border-radius: 6px; overflow: hidden;">
-                <div class="reader-head">
-                    <h3>Customer Sales — Q1 2026</h3>
-                    <div class="sub">vw_customer_sales · 41 rows · 2 groups</div>
-                </div>
-
-                <div class="reader-section">
-                    <span><i class="bi bi-chevron-down collapse"></i> Tier · Gold</span>
-                    <span class="badge">3 customers</span>
-                </div>
-
-                <div class="reader-card">
-                    <div class="title">Alice Smith</div>
-                    <div class="id">CUST-00001</div>
-                    <dl>
-                        <dt>Orders</dt><dd class="num">12</dd>
-                        <dt>Avg</dt><dd class="num">$412.50</dd>
-                        <dt>Total</dt><dd class="num">$4,950.00</dd>
-                    </dl>
-                </div>
-                <div class="reader-card">
-                    <div class="title">David Smith</div>
-                    <div class="id">CUST-00004</div>
-                    <dl>
-                        <dt>Orders</dt><dd class="num">7</dd>
-                        <dt>Avg</dt><dd class="num">$389.00</dd>
-                        <dt>Total</dt><dd class="num">$2,723.00</dd>
-                    </dl>
-                </div>
-                <div class="reader-card">
-                    <div class="title">Eve Smithers</div>
-                    <div class="id">CUST-00005</div>
-                    <dl>
-                        <dt>Orders</dt><dd class="num">22</dd>
-                        <dt>Avg</dt><dd class="num">$221.00</dd>
-                        <dt>Total</dt><dd class="num">$4,862.00</dd>
-                    </dl>
-                </div>
-
-                <div class="reader-group-foot">
-                    <span class="lbl">Gold subtotal · 41</span>
-                    <span class="val">$12,535.00</span>
-                </div>
-
-                <div class="reader-bottom">
-                    <button class="btn-mini"><i class="bi bi-file-earmark"></i> Paper view</button>
-                    <button class="btn-mini primary"><i class="bi bi-download"></i> Export PDF</button>
-                </div>
-            </div>
-            <div class="device-meta" style="color: var(--accent-green);">READER · readable · cards · footer summary · paper still one tap away</div>
-        </div>
-    </div>
-
-    <!-- ════════ Section 4: Notes ════════ -->
-    <h2>4 · Implementation notes (no code changed)</h2>
-
-    <div class="inspector" style="padding: 18px 22px;">
-        <ul style="list-style: none; padding: 0;">
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Don't touch Paper.</b> The existing band-based, pixel-positioned layout from
-                <code>Pages/Preview.razor</code> stays exactly as-is for fidelity. Print and Export
-                PDF route through Paper unconditionally.
-            </li>
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Add a <code>ViewMode</code> selector</b> to the preview toolbar:
-                <code>Paper</code> ↔ <code>Reader</code>. Auto-pick on first render based on
-                viewport (<code>Reader</code> below ~640 px, <code>Paper</code> above) — a single
-                <code>matchMedia</code> probe in JS interop is enough. User toggle persists per
-                report in <code>localStorage</code>.
-            </li>
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Reader is a derived view, not a second layout.</b> A new
-                <code>IReportReaderService</code> takes the same <code>ReportPreviewResult</code>
-                that <code>DefaultReportPreviewService</code> already produces and walks the bands
-                semantically:
-                <br>—  <code>ReportHeader</code> / <code>PageHeader</code> → page intro (rendered once).
-                <br>—  <code>GroupHeader</code> → collapsible <code>&lt;section&gt;</code>.
-                <br>—  <code>Detail</code> band repeated → list of cards. First
-                <code>BoundText</code> in the band becomes the card title; others become
-                <code>&lt;dt&gt;/&lt;dd&gt;</code> pairs labelled with <code>BoundFieldName</code>.
-                <br>—  <code>GroupFooter</code> → summary row at the end of the section.
-                <br>—  <code>Line</code> / <code>Box</code> controls → hidden in reader.
-            </li>
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Per-control overrides via <code>Props["readerHint"]</code></b> —
-                <code>{ "role": "title" | "subtitle" | "field" | "hidden", "label": "Customer",
-                "showOnPhone": true }</code>. Property inspector grows a Reader-view sub-section.
-                Schema unchanged; this is just data inside the existing <code>PropertyBag</code>.
-            </li>
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Auto-reader for legacy reports</b> — the inference rules above mean any existing
-                <code>ReportDefinition</code> gets a usable Reader view with zero edits. Hints only
-                exist to refine it.
-            </li>
-            <li style="padding: 8px 0; border-bottom: 1px dashed var(--border-color);">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Paper view on phone gets quality-of-life fixes too</b> — toolbar gains
-                Fit-width / 100% / 150% / 200% zoom, and a sticky page pager (today the preview
-                stacks all pages vertically and lets each page surface side-scroll, see
-                <code>reports.css</code> <code>.report-page-surface { overflow-x: auto; }</code>).
-            </li>
-            <li style="padding: 8px 0;">
-                <span style="color: var(--accent-blue);">●</span>
-                <b>Out of scope:</b> rich charts in Reader (current renderer only supports text /
-                line / box), interactive drill-down (Reader is read-only), and a separate "mobile
-                report definition" — the whole point is one definition, two views.
-            </li>
-        </ul>
-    </div>
-
-    <p style="font-size: 12px; color: var(--text-muted); margin-top: 28px;">
-        Compare with the forms equivalent: <a href="forms-mobile.html">forms-mobile.html</a>. Back
-        to <a href="index.html">all mockups</a>.
-    </p>
-</div>
-</body>
-</html>
diff --git a/www/admin-ui-mockups/sidebar.html b/www/admin-ui-mockups/sidebar.html
deleted file mode 100644
index c731a489..00000000
--- a/www/admin-ui-mockups/sidebar.html
+++ /dev/null
@@ -1,474 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>Object Explorer — CSharpDB Studio Mockup</title>
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.css">
-<link rel="stylesheet" href="styles.css">
-<style>
-    .body { grid-template-columns: 320px 1fr; }
-
-    /* New sidebar */
-    .sidebar { display: flex; flex-direction: column; }
-
-    .sb-head {
-        padding: 10px 14px;
-        font-size: 11px;
-        font-weight: 600;
-        text-transform: uppercase;
-        letter-spacing: 0.7px;
-        color: var(--text-muted);
-        display: flex;
-        align-items: center;
-        justify-content: space-between;
-        border-bottom: 1px solid var(--border-color);
-    }
-    .sb-head .actions { display: flex; gap: 2px; }
-    .sb-mini-btn {
-        width: 24px; height: 22px;
-        border: none;
-        background: transparent;
-        color: var(--text-muted);
-        cursor: pointer;
-        border-radius: 4px;
-        display: grid;
-        place-items: center;
-    }
-    .sb-mini-btn:hover { background: var(--bg-hover); color: var(--text-primary); }
-
-    .sb-search {
-        display: flex;
-        align-items: center;
-        gap: 8px;
-        padding: 8px 12px;
-        border-bottom: 1px solid var(--border-color);
-    }
-    .sb-search input {
-        flex: 1;
-        background: transparent;
-        border: none;
-        outline: none;
-        color: var(--text-primary);
-        font-size: 12px;
-    }
-    .sb-search .clear {
-        color: var(--text-muted);
-        cursor: pointer;
-        font-size: 11px;
-    }
-
-    .sb-toolbar {
-        display: flex;
-        gap: 4px;
-        padding: 6px 12px;
-        border-bottom: 1px solid var(--border-color);
-        align-items: center;
-    }
-    .sb-tool-chip {
-        padding: 2px 8px;
-        font-size: 10px;
-        border-radius: 999px;
-        color: var(--text-muted);
-        background: var(--bg-tertiary);
-        border: 1px solid var(--border-color);
-        cursor: pointer;
-        display: inline-flex;
-        align-items: center;
-        gap: 4px;
-    }
-    .sb-tool-chip:hover { color: var(--text-primary); }
-    .sb-tool-chip.active { background: rgba(122,162,247,0.15); color: var(--accent-blue); border-color: transparent; }
-
-    .sb-tree {
-        flex: 1;
-        overflow-y: auto;
-        padding: 4px 0 24px;
-    }
-
-    .group {
-        margin-bottom: 2px;
-    }
-    .group-hdr {
-        display: flex;
-        align-items: center;
-        gap: 6px;
-        padding: 6px 12px;
-        font-size: 11px;
-        font-weight: 600;
-        color: var(--text-secondary);
-        cursor: pointer;
-        text-transform: uppercase;
-        letter-spacing: 0.6px;
-    }
-    .group-hdr:hover { background: var(--bg-hover); }
-    .group-hdr .chev { font-size: 9px; width: 12px; color: var(--text-muted); }
-    .group-hdr .label { display: flex; align-items: center; gap: 6px; }
-    .group-hdr .count {
-        margin-left: auto;
-        font-size: 10px;
-        background: rgba(255,255,255,0.06);
-        padding: 1px 6px;
-        border-radius: 999px;
-        color: var(--text-muted);
-        font-weight: 500;
-    }
-    .group-hdr .add {
-        margin-left: 4px;
-        opacity: 0;
-        width: 18px; height: 18px;
-        display: grid; place-items: center;
-        border-radius: 4px;
-        color: var(--text-muted);
-    }
-    .group-hdr:hover .add { opacity: 1; }
-    .group-hdr .add:hover { color: var(--accent-blue); background: var(--bg-active); }
-
-    .item {
-        display: grid;
-        grid-template-columns: 18px 18px 1fr 18px 18px;
-        align-items: center;
-        gap: 6px;
-        padding: 5px 12px 5px 30px;
-        font-size: 12.5px;
-        color: var(--text-secondary);
-        cursor: pointer;
-        border-left: 2px solid transparent;
-    }
-    .item:hover { color: var(--text-primary); background: var(--bg-hover); }
-    .item.active { color: var(--text-primary); background: rgba(122,162,247,0.1); border-left-color: var(--accent-blue); }
-    .item .star, .item .more { opacity: 0; color: var(--text-muted); font-size: 12px; text-align: center; }
-    .item:hover .star, .item:hover .more { opacity: 1; }
-    .item .star.on { opacity: 1; color: var(--accent-yellow); }
-    .item .star:hover { color: var(--accent-yellow); }
-    .item .lbl { overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
-    .item .hint { color: var(--text-muted); font-size: 10.5px; margin-left: auto; padding-right: 4px; opacity: 0.65; }
-
-    /* nested children: columns under a table */
-    .item.nested {
-        padding-left: 50px;
-        font-size: 11.5px;
-        color: var(--text-muted);
-        grid-template-columns: 14px 1fr 38px;
-    }
-    .item.nested .lbl { color: var(--text-secondary); }
-    .item.nested .type {
-        font-family: var(--font-mono);
-        font-size: 10px;
-        color: var(--accent-cyan);
-        text-align: right;
-    }
-    .child-group { padding: 2px 0 4px; background: rgba(255,255,255,0.015); border-left: 2px solid var(--bg-tertiary); margin-left: 22px; }
-
-    /* small headers inside table drill-down */
-    .child-head {
-        padding: 4px 12px 2px 38px;
-        color: var(--text-muted);
-        font-size: 10px;
-        text-transform: uppercase;
-        letter-spacing: 0.7px;
-    }
-
-    /* main content placeholder */
-    .placeholder {
-        flex: 1;
-        display: grid;
-        place-items: center;
-        color: var(--text-muted);
-        font-size: 13px;
-    }
-    .placeholder div { text-align: center; }
-    .placeholder .bi { font-size: 48px; opacity: 0.3; margin-bottom: 12px; display: block; }
-</style>
-</head>
-<body>
-<div class="app">
-
-    <div class="titlebar">
-        <div class="brand">
-            <div class="logo">C#</div>
-            <span>CSharpDB Studio</span>
-            <span class="dbname">— relational.db</span>
-        </div>
-        <button class="db-switcher"><i class="bi bi-database"></i> relational.db <i class="bi bi-caret-down-fill"></i></button>
-        <button class="palette-launcher"><i class="bi bi-search"></i> Search anything… <span class="kbd">Ctrl K</span></button>
-        <div class="spacer"></div>
-        <span class="conn-pill"><span class="dot"></span> Connected</span>
-        <button class="tb-btn icon-only"><i class="bi bi-moon-stars"></i></button>
-        <button class="tb-btn icon-only"><i class="bi bi-layout-sidebar-inset"></i></button>
-    </div>
-
-    <div class="body">
-        <aside class="sidebar">
-            <div class="sb-head">
-                <span>Object Explorer</span>
-                <div class="actions">
-                    <button class="sb-mini-btn" title="Sort"><i class="bi bi-sort-alpha-down"></i></button>
-                    <button class="sb-mini-btn" title="Collapse all"><i class="bi bi-arrows-collapse"></i></button>
-                    <button class="sb-mini-btn" title="Refresh"><i class="bi bi-arrow-clockwise"></i></button>
-                </div>
-            </div>
-
-            <div class="sb-search">
-                <i class="bi bi-search" style="color: var(--text-muted); font-size: 12px;"></i>
-                <input value="cust" placeholder="Filter objects…" />
-                <span class="clear"><i class="bi bi-x-lg"></i></span>
-            </div>
-
-            <div class="sb-toolbar">
-                <span class="sb-tool-chip active">All</span>
-                <span class="sb-tool-chip">Tables</span>
-                <span class="sb-tool-chip">Forms</span>
-                <span class="sb-tool-chip">Reports</span>
-                <span class="sb-tool-chip">More <i class="bi bi-three-dots"></i></span>
-            </div>
-
-            <div class="sb-tree">
-
-                <!-- Pinned -->
-                <div class="group">
-                    <div class="group-hdr">
-                        <i class="bi bi-chevron-down chev"></i>
-                        <span class="label"><i class="bi bi-pin-angle-fill" style="color: var(--accent-yellow);"></i> Pinned</span>
-                        <span class="count">3</span>
-                    </div>
-                    <div class="item active">
-                        <i class="bi bi-table icon-table"></i>
-                        <i class="bi bi-star-fill star on"></i>
-                        <span class="lbl">Customers</span>
-                        <i class="bi bi-three-dots more"></i>
-                    </div>
-                    <div class="item">
-                        <i class="bi bi-table icon-table"></i>
-                        <i class="bi bi-star-fill star on"></i>
-                        <span class="lbl">Orders</span>
-                        <i class="bi bi-three-dots more"></i>
-                    </div>
-                    <div class="item">
-                        <i class="bi bi-ui-checks-grid icon-form"></i>
-                        <i class="bi bi-star-fill star on"></i>
-                        <span class="lbl">Customer Form</span>
-                        <i class="bi bi-three-dots more"></i>
-                    </div>
-                </div>
-
-                <!-- Recent -->
-                <div class="group">
-                    <div class="group-hdr">
-                        <i class="bi bi-chevron-down chev"></i>
-                        <span class="label"><i class="bi bi-clock-history" style="color: var(--accent-cyan);"></i> Recent</span>
-                        <span class="count">5</span>
-                    </div>
-                    <div class="item">
-                        <i class="bi bi-table icon-table"></i>
-                        <i class="bi bi-star star"></i>
-                        <span class="lbl">Invoices</span>
-                        <span class="hint">2m</span>
-                    </div>
-                    <div class="item">
-                        <i class="bi bi-terminal" style="color: var(--accent-blue);"></i>
-                        <i class="bi bi-star star"></i>
-                        <span class="lbl">Query 1 — Active customers</span>
-                        <span class="hint">14m</span>
-                    </div>
-                    <div class="item">
-                        <i class="bi bi-gear-wide-connected icon-trigger"></i>
-                        <i class="bi bi-star star"></i>
-                        <span class="lbl">recalc_invoices</span>
-                        <span class="hint">1h</span>
-                    </div>
-                    <div class="item">
-                        <i class="bi bi-eye icon-view"></i>
-                        <i class="bi bi-star star"></i>
-                        <span class="lbl">vw_active_customers</span>
-                        <span class="hint">3h</span>
-                    </div>
-                </div>
-
-                <!-- Tables (with drill-down) -->
-                <div class="group">
-                    <div class="group-hdr">
-                        <i class="bi bi-chevron-down chev"></i>
-                        <span class="label"><i class="bi bi-table icon-table"></i> Tables</span>
-                        <span class="count">24</span>
-                        <span class="add" title="New table"><i class="bi bi-plus-lg"></i></span>
-                    </div>
-
-                    <div class="item">
-                        <i class="bi bi-chevron-down chev" style="font-size:9px;"></i>
-                        <i class="bi bi-table icon-table"></i>
-                        <span class="lbl"><b>Cust</b>omers</span>
-                        <i class="bi bi-star-fill star on"></i>
-                        <i class="bi bi-three-dots more"></i>
-                    </div>
-                    <div class="child-group">
-                        <div class="child-head">Columns · 8</div>
-                        <div class="item nested">
-                            <i class="bi bi-key" style="color: var(--accent-yellow);"></i>
-                            <span class="lbl">id</span>
-                            <span class="type">int</span>
-                        </div>
-                        <div class="item nested">
-                            <i class="bi bi-fonts" style="color: var(--accent-cyan);"></i>
-                            <span class="lbl">name</span>
-                            <span class="type">text(120)</span>
-                        </div>
-                        <div class="item nested">
-                            <i class="bi bi-fonts" style="color: var(--accent-cyan);"></i>
-                            <span class="lbl">email</span>
-                            <span class="type">text(255)</span>
-                        </div>
-                        <div class="item nested">
-                            <i class="bi bi-toggle-on" style="color: var(--accent-magenta);"></i>
-                            <span class="lbl">status</span>
-                            <span class="type">enum</span>
-                        </div>
-                        <div class="item nested">
-                            <i class="bi bi-calendar3" style="color: var(--accent-orange);"></i>
-                            <span class="lbl">created_at</span>
-                            <span class="type">datetime</span>
-                        </div>
-                        <div class="child-head">Indexes · 2</div>
-                        <div class="item nested">
-                            <i class="bi bi-lightning icon-index"></i>
-                            <span class="lbl">ix_customers_email</span>
-                            <span class="type">unique</span>
-                        </div>
-                        <div class="item nested">
-                            <i class="bi bi-lightning icon-index"></i>
-                            <span class="lbl">ix_customers_status</span>
-                            <span class="type"></span>
-                        </div>
-                        <div class="child-head">Triggers · 1</div>
-                        <div class="item nested">
-                            <i class="bi bi-lightning-charge icon-trigger"></i>
-                            <span class="lbl">trg_customers_audit</span>
-                            <span class="type">AFTER</span>
-                        </div>
-                    </div>
-
-                    <div class="item">
-                        <i class="bi bi-chevron-right chev" style="font-size:9px;"></i>
-                        <i class="bi bi-table icon-table"></i>
-                        <span class="lbl"><b>Cust</b>omerAddresses</span>
-                        <i class="bi bi-star star"></i>
-                        <i class="bi bi-three-dots more"></i>
-                    </div>
-                    <div class="item">
-                        <i class="bi bi-chevron-right chev" style="font-size:9px;"></i>
-                        <i class="bi bi-table icon-table"></i>
-                        <span class="lbl"><b>Cust</b>omerNotes</span>
-                        <i class="bi bi-star star"></i>
-                        <i class="bi bi-three-dots more"></i>
-                    </div>
-                    <div class="item">
-                        <i class="bi bi-chevron-right chev" style="font-size:9px;"></i>
-                        <i class="bi bi-table icon-table"></i>
-                        <span class="lbl">Orders</span>
-                        <i class="bi bi-star-fill star on"></i>
-                        <i class="bi bi-three-dots more"></i>
-                    </div>
-                </div>
-
-                <!-- Forms -->
-                <div class="group">
-                    <div class="group-hdr">
-                        <i class="bi bi-chevron-down chev"></i>
-                        <span class="label"><i class="bi bi-ui-checks-grid icon-form"></i> Forms</span>
-                        <span class="count">8</span>
-                        <span class="add" title="New form"><i class="bi bi-plus-lg"></i></span>
-                    </div>
-                    <div class="item">
-                        <i class="bi bi-chevron-right chev" style="font-size:9px;"></i>
-                        <i class="bi bi-ui-checks-grid icon-form"></i>
-                        <span class="lbl"><b>Cust</b>omer Form</span>
-                        <span class="hint">Customers</span>
-                    </div>
-                </div>
-
-                <!-- Reports -->
-                <div class="group">
-                    <div class="group-hdr">
-                        <i class="bi bi-chevron-down chev"></i>
-                        <span class="label"><i class="bi bi-file-earmark-richtext icon-report"></i> Reports</span>
-                        <span class="count">5</span>
-                        <span class="add" title="New report"><i class="bi bi-plus-lg"></i></span>
-                    </div>
-                    <div class="item">
-                        <i class="bi bi-chevron-right chev" style="font-size:9px;"></i>
-                        <i class="bi bi-file-earmark-richtext icon-report"></i>
-                        <span class="lbl"><b>Cust</b>omer Sales</span>
-                        <span class="hint">vw_customer…</span>
-                    </div>
-                </div>
-
-                <!-- Procedures -->
-                <div class="group">
-                    <div class="group-hdr">
-                        <i class="bi bi-chevron-right chev"></i>
-                        <span class="label"><i class="bi bi-gear-wide-connected icon-trigger"></i> Procedures</span>
-                        <span class="count">11</span>
-                        <span class="add" title="New procedure"><i class="bi bi-plus-lg"></i></span>
-                    </div>
-                </div>
-
-                <!-- Views -->
-                <div class="group">
-                    <div class="group-hdr">
-                        <i class="bi bi-chevron-right chev"></i>
-                        <span class="label"><i class="bi bi-eye icon-view"></i> Views</span>
-                        <span class="count">6</span>
-                    </div>
-                </div>
-
-                <!-- System -->
-                <div class="group">
-                    <div class="group-hdr">
-                        <i class="bi bi-chevron-right chev"></i>
-                        <span class="label"><i class="bi bi-hdd-stack icon-system"></i> System</span>
-                        <span class="count">17</span>
-                    </div>
-                </div>
-
-            </div>
-        </aside>
-
-        <div class="content">
-            <div class="tabstrip">
-                <div class="tab active"><i class="bi bi-table icon-table"></i> Customers <i class="bi bi-x"></i></div>
-            </div>
-            <div class="placeholder">
-                <div>
-                    <i class="bi bi-list-nested"></i>
-                    <p>Hover items in the sidebar to see star &amp; "more" actions.</p>
-                    <p style="margin-top: 4px; font-size: 11px;">Click a chevron next to a table to drill into its columns, indexes, and triggers.</p>
-                </div>
-            </div>
-        </div>
-    </div>
-
-    <div class="statusbar">
-        <span class="pill ok"><span class="dot"></span> Connected</span>
-        <span class="pill"><i class="bi bi-database"></i> relational.db</span>
-        <span class="pill">24 tables · 6 views · 11 procs</span>
-        <div style="flex:1"></div>
-        <span class="pill warn"><i class="bi bi-hdd"></i> 2.4 GB / 3.5 GB</span>
-    </div>
-</div>
-
-<!-- Annotations -->
-<div class="notes">
-    <header><i class="bi bi-lightbulb"></i> Reality check vs. the live screen</header>
-    <ul>
-        <li><b style="color: var(--accent-green);">ALREADY EXISTS</b> — Object Explorer header with Collapse-All button, search/filter input, expandable groups (User Tables, System Tables, Forms, Reports, System Catalog, Views, Indexes, Triggers, Procedures), per-item count badges, active-tab highlight, right-click context menus for tables / forms / reports / views / indexes / triggers / procedures, drag-resize handle.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Pinned section</b> — any item can be starred and persists at the top across sessions. Today there's no concept of pinning.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Recent section</b> — last few opened objects with relative timestamps.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Type filter chips</b> (All / Tables / Forms / Reports / More) for quick narrowing.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Drill-down under each table</b> — a chevron expands columns (with type icons), indexes, and triggers as nested rows. Today indexes/triggers are scattered across separate top-level groups; columns require switching to the Schema view.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-magenta);">RESTYLE: Per-item hover actions</b> — star + "⋯" appear on hover. The same operations are available today but only via right-click, which is undiscoverable for new users.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-magenta);">RESTYLE: Per-group "+" quick-add</b> on hover (New Table, New Form, etc.) — same as the existing right-click "New …" items.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-magenta);">RESTYLE: Compact sort &amp; refresh icons</b> next to Collapse-All in the header. Refresh exists today but only on context menus.</li>
-        <li><span class="pin"></span> <b style="color: var(--accent-blue);">NEW: Match highlighting</b> in filter results (bold "<b>Cust</b>omers"). Today filter is text-substring match without highlighting.</li>
-    </ul>
-</div>
-</body>
-</html>
diff --git a/www/admin-ui-mockups/styles.css b/www/admin-ui-mockups/styles.css
deleted file mode 100644
index d5707d98..00000000
--- a/www/admin-ui-mockups/styles.css
+++ /dev/null
@@ -1,355 +0,0 @@
-/* ─────────────────────────────────────────────────────────
-   Shared design tokens & frame styles for mockups.
-   Tokens mirror src/CSharpDB.Admin/wwwroot/css/app.css so
-   the mockups feel like real previews of the admin shell.
-   ───────────────────────────────────────────────────────── */
-
-:root {
-    /* Tokyo-Night-inspired dark palette (matches the live admin) */
-    --bg-primary: #1a1b26;
-    --bg-secondary: #16171f;
-    --bg-tertiary: #1f2029;
-    --bg-elevated: #24253a;
-    --bg-hover: #292a3e;
-    --bg-active: #33345a;
-    --border-color: #2a2b3d;
-    --border-light: #363750;
-    --text-primary: #c0caf5;
-    --text-secondary: #7982a9;
-    --text-muted: #565f89;
-    --accent-blue: #7aa2f7;
-    --accent-cyan: #7dcfff;
-    --accent-green: #9ece6a;
-    --accent-yellow: #e0af68;
-    --accent-orange: #ff9e64;
-    --accent-red: #f7768e;
-    --accent-magenta: #bb9af7;
-    --accent-teal: #2ac3de;
-    --shadow-popup: 0 16px 48px rgba(0,0,0,0.55);
-
-    --radius-sm: 4px;
-    --radius-md: 6px;
-    --radius-lg: 10px;
-
-    --font-ui: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
-    --font-mono: 'JetBrains Mono', 'Fira Code', Consolas, monospace;
-}
-
-* { box-sizing: border-box; margin: 0; padding: 0; }
-
-html, body { height: 100%; }
-
-body {
-    font-family: var(--font-ui);
-    background: var(--bg-primary);
-    color: var(--text-primary);
-    font-size: 13px;
-    line-height: 1.5;
-    -webkit-font-smoothing: antialiased;
-}
-
-a { color: var(--accent-blue); text-decoration: none; }
-a:hover { text-decoration: underline; }
-
-/* ─── App frame ─── */
-.app {
-    display: grid;
-    grid-template-rows: 38px 1fr 26px;
-    height: 100vh;
-}
-
-.titlebar {
-    background: var(--bg-secondary);
-    border-bottom: 1px solid var(--border-color);
-    display: flex;
-    align-items: center;
-    gap: 12px;
-    padding: 0 12px;
-    user-select: none;
-}
-
-.brand {
-    display: flex;
-    align-items: center;
-    gap: 8px;
-    font-weight: 600;
-}
-
-.brand .logo {
-    width: 24px; height: 24px;
-    background: linear-gradient(135deg, var(--accent-blue), var(--accent-magenta));
-    border-radius: 5px;
-    display: grid;
-    place-items: center;
-    font-size: 12px;
-    color: white;
-    font-weight: 700;
-}
-
-.brand .dbname { color: var(--text-muted); font-weight: 400; font-size: 12px; }
-
-.tb-actions {
-    display: flex;
-    align-items: center;
-    gap: 4px;
-    padding-left: 12px;
-    margin-left: 0;
-    border-left: 1px solid var(--border-color);
-}
-
-.tb-btn {
-    display: inline-flex;
-    align-items: center;
-    gap: 5px;
-    padding: 4px 10px;
-    background: transparent;
-    border: 1px solid transparent;
-    border-radius: var(--radius-sm);
-    color: var(--text-secondary);
-    font-size: 11px;
-    cursor: pointer;
-    white-space: nowrap;
-}
-
-.tb-btn:hover { color: var(--text-primary); background: var(--bg-hover); }
-
-.tb-btn.icon-only {
-    width: 30px; height: 26px;
-    padding: 0;
-    justify-content: center;
-}
-
-.spacer { flex: 1; }
-
-/* Database switcher dropdown trigger */
-.db-switcher {
-    display: inline-flex;
-    align-items: center;
-    gap: 6px;
-    padding: 4px 10px;
-    background: var(--bg-tertiary);
-    border: 1px solid var(--border-color);
-    border-radius: var(--radius-sm);
-    color: var(--text-primary);
-    font-size: 12px;
-    cursor: pointer;
-}
-
-.db-switcher:hover { border-color: var(--border-light); }
-
-.db-switcher .bi-caret-down-fill { font-size: 9px; color: var(--text-muted); }
-
-/* Command palette launcher in titlebar */
-.palette-launcher {
-    display: inline-flex;
-    align-items: center;
-    gap: 6px;
-    padding: 4px 10px;
-    background: var(--bg-tertiary);
-    border: 1px solid var(--border-color);
-    border-radius: var(--radius-md);
-    color: var(--text-muted);
-    font-size: 12px;
-    min-width: 240px;
-    cursor: pointer;
-}
-
-.palette-launcher:hover { border-color: var(--border-light); color: var(--text-secondary); }
-
-.palette-launcher .kbd { margin-left: auto; }
-
-.titlebar .conn-pill {
-    display: inline-flex;
-    align-items: center;
-    gap: 6px;
-    padding: 3px 9px;
-    background: rgba(158,206,106,0.1);
-    border: 1px solid rgba(158,206,106,0.3);
-    color: var(--accent-green);
-    border-radius: 999px;
-    font-size: 11px;
-}
-
-.dot { width: 6px; height: 6px; border-radius: 50%; background: var(--accent-green); }
-
-/* ─── Main split ─── */
-.body {
-    display: grid;
-    grid-template-columns: 280px 1fr;
-    overflow: hidden;
-    min-height: 0;
-}
-
-.sidebar {
-    background: var(--bg-secondary);
-    border-right: 1px solid var(--border-color);
-    overflow: hidden;
-    display: flex;
-    flex-direction: column;
-}
-
-.content {
-    background: var(--bg-primary);
-    overflow: auto;
-    display: flex;
-    flex-direction: column;
-}
-
-/* ─── Tab strip (lightweight) ─── */
-.tabstrip {
-    display: flex;
-    background: var(--bg-secondary);
-    border-bottom: 1px solid var(--border-color);
-    height: 36px;
-    flex-shrink: 0;
-}
-
-.tabstrip .tab {
-    display: inline-flex;
-    align-items: center;
-    gap: 6px;
-    padding: 0 14px;
-    color: var(--text-muted);
-    font-size: 12px;
-    border-right: 1px solid var(--border-color);
-    border-top: 2px solid transparent;
-    cursor: pointer;
-}
-
-.tabstrip .tab.active {
-    color: var(--text-primary);
-    background: var(--bg-primary);
-    border-top-color: var(--accent-blue);
-}
-
-.tabstrip .tab .bi-x { color: var(--text-muted); margin-left: 4px; opacity: 0; }
-.tabstrip .tab:hover .bi-x { opacity: 0.6; }
-.tabstrip .tab.dirty::after { content: ""; width: 6px; height: 6px; background: var(--accent-blue); border-radius: 50%; margin-left: 4px; }
-
-.tabstrip .tab-new {
-    width: 32px;
-    border: none;
-    background: transparent;
-    color: var(--text-muted);
-    cursor: pointer;
-}
-
-.tabstrip .tab-new:hover { color: var(--text-primary); background: var(--bg-hover); }
-
-/* ─── Status bar ─── */
-.statusbar {
-    background: var(--bg-secondary);
-    border-top: 1px solid var(--border-color);
-    display: flex;
-    align-items: center;
-    gap: 18px;
-    padding: 0 12px;
-    color: var(--text-muted);
-    font-size: 11px;
-}
-
-.statusbar .pill {
-    display: inline-flex;
-    align-items: center;
-    gap: 5px;
-}
-
-.statusbar .pill.warn { color: var(--accent-yellow); }
-.statusbar .pill.ok { color: var(--accent-green); }
-.statusbar .pill.action { color: var(--accent-blue); cursor: pointer; }
-.statusbar .pill.action:hover { color: var(--accent-cyan); }
-
-/* ─── Reusable bits ─── */
-.kbd {
-    display: inline-flex;
-    align-items: center;
-    padding: 1px 6px;
-    font-family: var(--font-mono);
-    font-size: 10px;
-    background: rgba(255,255,255,0.06);
-    border: 1px solid rgba(255,255,255,0.08);
-    border-bottom-color: rgba(255,255,255,0.04);
-    border-radius: 4px;
-    color: var(--text-secondary);
-}
-
-.btn {
-    display: inline-flex;
-    align-items: center;
-    gap: 6px;
-    padding: 6px 12px;
-    border-radius: var(--radius-sm);
-    border: 1px solid var(--border-color);
-    background: var(--bg-tertiary);
-    color: var(--text-primary);
-    font-size: 12px;
-    cursor: pointer;
-}
-
-.btn:hover { background: var(--bg-hover); }
-
-.btn.primary { background: var(--accent-blue); color: #0a0b13; border-color: var(--accent-blue); font-weight: 600; }
-.btn.primary:hover { filter: brightness(1.08); }
-.btn.ghost { background: transparent; }
-
-.icon-table { color: var(--accent-blue); }
-.icon-system { color: var(--accent-cyan); }
-.icon-view { color: var(--accent-magenta); }
-.icon-trigger { color: var(--accent-orange); }
-.icon-index { color: var(--accent-green); }
-.icon-form { color: var(--accent-magenta); }
-.icon-report { color: var(--accent-cyan); }
-
-/* ─── Annotations panel ─── */
-.notes {
-    position: fixed;
-    right: 18px;
-    bottom: 44px;
-    width: 320px;
-    max-height: 60vh;
-    overflow: auto;
-    background: var(--bg-elevated);
-    border: 1px solid var(--border-light);
-    border-radius: var(--radius-lg);
-    box-shadow: var(--shadow-popup);
-    z-index: 50;
-}
-
-.notes header {
-    padding: 10px 14px;
-    border-bottom: 1px solid var(--border-color);
-    display: flex;
-    align-items: center;
-    gap: 8px;
-    font-size: 12px;
-    font-weight: 600;
-    color: var(--text-primary);
-}
-
-.notes header .bi { color: var(--accent-yellow); }
-
-.notes ul {
-    list-style: none;
-    padding: 8px 0;
-}
-
-.notes li {
-    padding: 8px 14px;
-    font-size: 12px;
-    color: var(--text-secondary);
-    border-bottom: 1px solid var(--border-color);
-}
-
-.notes li:last-child { border-bottom: none; }
-
-.notes li b { color: var(--text-primary); font-weight: 600; }
-
-.notes .pin {
-    display: inline-block;
-    width: 6px;
-    height: 6px;
-    border-radius: 50%;
-    background: var(--accent-blue);
-    margin-right: 6px;
-    vertical-align: middle;
-}
diff --git a/www/blog/csharpdb-v3-6-0-admin-and-csharp-extensibility.html b/www/blog/csharpdb-v3-6-0-admin-and-csharp-extensibility.html
new file mode 100644
index 00000000..da84dbf7
--- /dev/null
+++ b/www/blog/csharpdb-v3-6-0-admin-and-csharp-extensibility.html
@@ -0,0 +1,541 @@
+<!DOCTYPE html>
+<html lang="en" data-theme="dark">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link rel="stylesheet" href="../css/style.css">
+    <link rel="preload" href="../js/csharpdb.bundle.js" as="script">
+    <title>Inside CSharpDB v3.6.0: Admin Collections, Custom Form Controls &amp; Trusted C# &mdash; Blog &mdash; CSharpDB</title>
+    <meta name="description" content="A walkthrough of the v3.6.0 Admin update: a first-class Collections UI, extensible Admin Forms controls, Access-style macro actions, a runnable trusted C# host sample, and what's next for database-owned C# code modules.">
+    <link rel="canonical" href="https://csharpdb.com/blog/csharpdb-v3-6-0-admin-and-csharp-extensibility.html">
+    <meta property="og:title" content="Inside CSharpDB v3.6.0: Admin Collections, Custom Form Controls &amp; Trusted C#">
+    <meta property="og:description" content="A walkthrough of the v3.6.0 Admin update: a first-class Collections UI, extensible Admin Forms controls, Access-style macro actions, a runnable trusted C# host sample, and what's next for database-owned C# code modules.">
+    <meta property="og:url" content="https://csharpdb.com/blog/csharpdb-v3-6-0-admin-and-csharp-extensibility.html">
+    <meta property="og:image" content="https://csharpdb.com/images/og-banner.png">
+    <link rel="icon" type="image/png" href="../favicon.png">
+    <script type="application/ld+json">
+    {
+        "@context": "https://schema.org",
+        "@type": "BlogPosting",
+        "headline": "Inside CSharpDB v3.6.0: Admin Collections, Custom Form Controls & Trusted C#",
+        "description": "A walkthrough of the v3.6.0 Admin update: a first-class Collections UI, extensible Admin Forms controls, Access-style macro actions, a runnable trusted C# host sample, and what's next for database-owned C# code modules.",
+        "url": "https://csharpdb.com/blog/csharpdb-v3-6-0-admin-and-csharp-extensibility.html",
+        "datePublished": "2026-05-02",
+        "author": { "@type": "Organization", "name": "CSharpDB" },
+        "isPartOf": { "@type": "WebSite", "name": "CSharpDB", "url": "https://csharpdb.com" }
+    }
+    </script>
+    <style>
+        .blog-post-meta {
+            display: flex;
+            align-items: center;
+            gap: 16px;
+            margin-bottom: 32px;
+            font-size: 0.88rem;
+            color: var(--text-muted);
+        }
+        .blog-post-tag {
+            display: inline-block;
+            font-size: 0.72rem;
+            font-weight: 600;
+            text-transform: uppercase;
+            letter-spacing: 0.05em;
+            padding: 2px 8px;
+            border-radius: 100px;
+            background: var(--accent-soft);
+            color: var(--accent);
+        }
+        .blog-post-content h2 { margin-top: 48px; margin-bottom: 16px; }
+        .blog-post-content h3 { margin-top: 32px; margin-bottom: 12px; }
+        .blog-post-content p { margin-bottom: 16px; }
+        .blog-post-content ul, .blog-post-content ol { margin-bottom: 20px; }
+        .blog-post-content li { margin-bottom: 6px; }
+        .blog-post-content .code-block { margin: 20px 0 24px; }
+        .blog-post-content table {
+            width: 100%;
+            border-collapse: collapse;
+            margin: 16px 0 24px;
+            font-size: 0.92rem;
+        }
+        .blog-post-content th {
+            text-align: left;
+            padding: 10px 14px;
+            border-bottom: 2px solid var(--border);
+            color: var(--text-muted);
+            font-size: 0.78rem;
+            text-transform: uppercase;
+            letter-spacing: 0.05em;
+            white-space: nowrap;
+        }
+        .blog-post-content td {
+            padding: 10px 14px;
+            border-bottom: 1px solid var(--border);
+            color: var(--text-secondary);
+            vertical-align: top;
+        }
+        .blog-post-content tr:hover td { background: var(--bg-tertiary); }
+        .blog-post-content td code { font-size: 0.88rem; }
+        .blog-nav {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            margin-top: 48px;
+            padding-top: 24px;
+            border-top: 1px solid var(--border);
+        }
+        .blog-nav a {
+            color: var(--accent);
+            text-decoration: none;
+            font-weight: 500;
+            font-size: 0.9rem;
+        }
+        .blog-nav a:hover { color: var(--accent-hover); }
+        .feature-pill-grid {
+            display: grid;
+            grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
+            gap: 14px;
+            margin: 24px 0 32px;
+        }
+        .feature-pill {
+            background: var(--bg-card);
+            border: 1px solid var(--border);
+            border-radius: 10px;
+            padding: 16px 18px;
+        }
+        .feature-pill-title {
+            font-size: 0.82rem;
+            font-weight: 600;
+            color: var(--accent);
+            text-transform: uppercase;
+            letter-spacing: 0.05em;
+            margin-bottom: 6px;
+        }
+        .feature-pill-text {
+            font-size: 0.9rem;
+            color: var(--text-secondary);
+            line-height: 1.5;
+        }
+    </style>
+</head>
+<body>
+    <script>
+    window.currentPage = 'blog'; window.pagePathPrefix = '../';
+    window.pageConfig = {
+        title: 'Inside CSharpDB v3.6.0: Admin Collections, Custom Form Controls & Trusted C#',
+        description: "A walkthrough of the v3.6.0 Admin update: a first-class Collections UI, extensible Admin Forms controls, Access-style macro actions, a runnable trusted C# host sample, and what's next for database-owned C# code modules.",
+        keywords: 'CSharpDB v3.6.0, Admin Collections UI, custom form controls, Access-style macros, trusted C# callbacks, validation rules, database code modules, VS Code sync',
+        canonicalPath: 'blog/csharpdb-v3-6-0-admin-and-csharp-extensibility.html',
+        ogType: 'article',
+    };
+    </script>
+    <div id="site-nav"></div>
+
+    <main class="page">
+        <div class="container doc-container">
+            <div class="doc-content full-width" style="max-width: 860px; margin: 0 auto;">
+                <h1>Inside CSharpDB v3.6.0: Admin Collections, Custom Form Controls &amp; Trusted C#</h1>
+                <div class="blog-post-meta">
+                    <span class="blog-post-tag">Release</span>
+                    <span>May 2, 2026</span>
+                    <span>&middot; 12 min read</span>
+                </div>
+
+                <div class="blog-post-content">
+                    <p>CSharpDB v3.6.0 is an Admin-and-extensibility release. The engine work from v3.3.0 still carries the durable-write story; this release pushes Admin further toward an Access-style application builder, and opens the door for host developers to extend Admin Forms with their own C# without forking the project.</p>
+                    <p>Five themes ship together:</p>
+                    <div class="feature-pill-grid">
+                        <div class="feature-pill">
+                            <div class="feature-pill-title">Collections UI</div>
+                            <div class="feature-pill-text">Document collections are now first-class Admin objects with a browser, JSON editor, and command-palette entries.</div>
+                        </div>
+                        <div class="feature-pill">
+                            <div class="feature-pill-title">Custom Form Controls</div>
+                            <div class="feature-pill-text">Register your own designer toolbox entries, runtime renderers, and property editors without touching saved form JSON.</div>
+                        </div>
+                        <div class="feature-pill">
+                            <div class="feature-pill-title">Access-Style Macros</div>
+                            <div class="feature-pill-text">Phase 8 actions: <code>openForm</code>, <code>applyFilter</code>, <code>runSql</code>, <code>runProcedure</code>, <code>setControlProperty</code>, plus form-level conditional rules.</div>
+                        </div>
+                        <div class="feature-pill">
+                            <div class="feature-pill-title">Trusted C# Sample</div>
+                            <div class="feature-pill-text">A runnable VS Code project that shows scalar functions, commands, and validation rules wired to a real Admin form.</div>
+                        </div>
+                        <div class="feature-pill">
+                            <div class="feature-pill-title">Reports Parity Plan</div>
+                            <div class="feature-pill-text">A six-phase roadmap for closing the highest-impact gaps against Access reports, starting with bounded saved-query previews and full export.</div>
+                        </div>
+                    </div>
+                    <p>The rest of this post walks each theme, with the code shapes you actually need to use it, and ends with a look at the database-owned C# code modules planned for the next major chunk of work.</p>
+
+                    <h2>Document Collections Get a First-Class UI</h2>
+                    <p>CSharpDB has supported document collections through <code>ICSharpDbClient</code> for several releases. v3.6.0 finally treats them as first-class Admin objects alongside tables, views, forms, and reports.</p>
+                    <p>The Object Explorer now has a <strong>Collections</strong> filter chip and group. The collection group menu offers <em>New Collection&hellip;</em> and <em>Refresh</em>. Each collection item supports <em>Open</em>, <em>New Document&hellip;</em>, and <em>Copy Name</em>. The command palette adds <code>New Collection</code> plus one entry per existing collection.</p>
+                    <p>Each collection opens in its own <code>collection:{name}</code> tab using the same toolbar, pager, grid, and detail-panel language as table data tabs:</p>
+                    <ul>
+                        <li>The grid shows row number, document key, JSON kind, and a compact preview.</li>
+                        <li>The detail panel shows indented JSON for the selected document.</li>
+                        <li>Existing document keys are read-only.</li>
+                        <li>New documents require a nonblank key and valid JSON before save is enabled.</li>
+                        <li>Save writes through <code>PutDocumentAsync(collectionName, key, document)</code>.</li>
+                        <li>Delete writes through <code>DeleteDocumentAsync(collectionName, key)</code> after confirmation.</li>
+                        <li>Exact-key lookup uses <code>GetDocumentAsync(collectionName, key)</code>.</li>
+                    </ul>
+                    <p>Defaults are deliberately conservative: page sizes are <code>10</code>, <code>25</code>, <code>50</code>, or <code>100</code> (default <code>25</code>); collection names follow the same identifier shape as the direct client (<code>^[A-Za-z_][A-Za-z0-9_]*$</code>); and deleting all documents leaves the collection itself in place because a drop-collection API is still future work.</p>
+                    <p>This is intentionally a v1: path-index management, document-content search, collection rename, and collection drop are queued for a follow-up. The point of v3.6.0 is to give document workloads the same browse/edit ergonomics SQL tables have had since day one.</p>
+
+                    <h2>Form Controls Are Now Extensible</h2>
+                    <p>Admin Forms have always persisted controls as <code>ControlDefinition.ControlType</code> plus a free-form <code>PropertyBag</code>. v3.6.0 turns that wire shape into a developer API. A host can add toolbox entries, placement defaults, property editing, designer previews, and runtime rendering &mdash; all without changing saved form JSON.</p>
+                    <p>Registration sits next to the existing services call:</p>
+                    <div class="code-block" data-title="Program.cs &mdash; registering a custom control">
+                        <pre><code><span class="kw">using</span> CSharpDB.Admin.Forms.Models;
+<span class="kw">using</span> CSharpDB.Admin.Forms.Services;
+
+builder.Services.AddCSharpDbAdminForms();
+builder.Services.AddCSharpDbAdminFormControls(controls =&gt;
+{
+    controls.Add(<span class="kw">new</span> <span class="tp">FormControlDescriptor</span>
+    {
+        ControlType = <span class="str">"rating"</span>,
+        DisplayName = <span class="str">"Rating"</span>,
+        ToolboxGroup = <span class="str">"Custom"</span>,
+        IconText = <span class="str">"*"</span>,
+        DefaultWidth = <span class="num">220</span>,
+        DefaultHeight = <span class="num">48</span>,
+        SupportsBinding = <span class="kw">true</span>,
+        ParticipatesInTabOrder = <span class="kw">true</span>,
+        DefaultProps = <span class="kw">new</span> <span class="tp">Dictionary</span>&lt;<span class="tp">string</span>, <span class="tp">object</span>?&gt;
+        {
+            [<span class="str">"max"</span>] = <span class="num">5</span>,
+            [<span class="str">"displayMode"</span>] = <span class="str">"buttons"</span>,
+        },
+        DesignerPreviewComponentType = <span class="kw">typeof</span>(<span class="tp">RatingDesignerPreview</span>),
+        RuntimeComponentType = <span class="kw">typeof</span>(<span class="tp">RatingRuntimeControl</span>),
+        PropertyEditorComponentType = <span class="kw">typeof</span>(<span class="tp">RatingPropertyEditor</span>),
+    });
+});</code></pre>
+                    </div>
+                    <p>Custom components receive a single typed <code>Context</code> parameter. Designer previews use <code>FormControlDesignContext</code>; runtime controls use <code>FormControlRuntimeContext</code>, which exposes the form, control metadata, current record, bound field/value, resolved choices, enabled/read-only state, validation error, tab index, <code>SetValueAsync</code>, and <code>DispatchEventAsync</code>; property editors use <code>FormControlPropertyContext</code> and write back through <code>Context.SetPropertyAsync(name, value)</code>.</p>
+                    <p>For controls that just need a few simple properties, you can skip a custom property editor entirely and define <code>PropertyDescriptors</code> instead. The generic editor supports <code>Text</code>, <code>TextArea</code>, <code>Number</code>, <code>Checkbox</code>, and <code>Select</code>:</p>
+                    <div class="code-block" data-title="FormControlDescriptor.PropertyDescriptors">
+                        <pre><code>PropertyDescriptors =
+[
+    <span class="kw">new</span> <span class="tp">FormControlPropertyDescriptor</span>
+    {
+        Name = <span class="str">"max"</span>,
+        Label = <span class="str">"Maximum Rating"</span>,
+        Editor = <span class="tp">FormControlPropertyEditor</span>.Number,
+        DefaultValue = <span class="num">5</span>,
+        HelpText = <span class="str">"Allowed values are 1 through 10."</span>,
+    },
+    <span class="kw">new</span> <span class="tp">FormControlPropertyDescriptor</span>
+    {
+        Name = <span class="str">"displayMode"</span>,
+        Label = <span class="str">"Display Mode"</span>,
+        Editor = <span class="tp">FormControlPropertyEditor</span>.Select,
+        Options =
+        [
+            <span class="kw">new</span> <span class="tp">FormControlPropertyOption</span>(<span class="str">"buttons"</span>, <span class="str">"Buttons"</span>),
+            <span class="kw">new</span> <span class="tp">FormControlPropertyOption</span>(<span class="str">"compact"</span>, <span class="str">"Compact"</span>),
+        ],
+    },
+];</code></pre>
+                    </div>
+                    <p>The Admin host already includes a compiled sample <code>sampleRating</code> control under the <code>Custom</code> toolbox group, gated behind an env var so you can flip it on for local testing without touching production:</p>
+                    <div class="code-block" data-title="Powershell &mdash; enable the sample rating control">
+                        <pre><code>$env:AdminForms__EnableSampleControls = <span class="str">'true'</span>
+dotnet run --project src\CSharpDB.Admin --urls http://127.0.0.1:61818</code></pre>
+                    </div>
+                    <p>V1 limits worth knowing about: custom controls are leaf controls. They can be placed inside existing <code>tabControl</code> pages, but custom containers do not own or render child controls yet. And because form JSON never loads arbitrary component assemblies, custom components must be compiled into the host app or referenced assemblies &mdash; the registry is a developer surface, not a runtime plug-in surface.</p>
+
+                    <h2>Access-Style Macro Actions</h2>
+                    <p>Phase 8 of the Admin Forms work extends action sequences with the Access-style verbs people actually reach for when building a form-driven app. Action metadata stays declarative; host applications still own executable C#, the SQL/procedure opt-in policy, database connections, and navigation behavior.</p>
+                    <p>The new actions are:</p>
+                    <table>
+                        <thead>
+                            <tr>
+                                <th>Action</th>
+                                <th>Runtime behavior</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <tr>
+                                <td><code>openForm</code></td>
+                                <td>Resolves a form by id or name and asks the host to open it. Arguments support <code>mode</code>, <code>recordId</code>, <code>primaryKey</code>, <code>id</code>, <code>filter</code>, and <code>where</code>.</td>
+                            </tr>
+                            <tr>
+                                <td><code>closeForm</code></td>
+                                <td>Asks the host to close the active form entry tab or surface.</td>
+                            </tr>
+                            <tr>
+                                <td><code>applyFilter</code></td>
+                                <td>Filters the current form record list (<code>target: "form"</code>) or a rendered <code>datagrid</code> control.</td>
+                            </tr>
+                            <tr>
+                                <td><code>clearFilter</code></td>
+                                <td>Clears the form or data-grid filter selected by <code>target</code>.</td>
+                            </tr>
+                            <tr>
+                                <td><code>runSql</code></td>
+                                <td>Executes SQL only when the host enables SQL actions. <code>@name</code> parameters resolve from action arguments.</td>
+                            </tr>
+                            <tr>
+                                <td><code>runProcedure</code></td>
+                                <td>Executes a named database procedure when procedure actions are enabled. Procedure body can run multiple statements.</td>
+                            </tr>
+                            <tr>
+                                <td><code>setControlProperty</code></td>
+                                <td>Overrides rendered control props such as <code>visible</code>, <code>enabled</code>, <code>readOnly</code>, <code>text</code>, <code>placeholder</code>, and bound <code>value</code>.</td>
+                            </tr>
+                            <tr>
+                                <td><code>setControlVisibility</code>, <code>setControlEnabled</code>, <code>setControlReadOnly</code></td>
+                                <td>Short forms for the corresponding <code>setControlProperty</code> calls.</td>
+                            </tr>
+                        </tbody>
+                    </table>
+                    <p>Filters use the same bracketed field expression style as conditions, so the rest of the form metadata stays uniform:</p>
+                    <div class="code-block" data-title="Action JSON &mdash; filter a child grid">
+                        <pre><code>{
+  <span class="str">"kind"</span>: <span class="str">"applyFilter"</span>,
+  <span class="str">"target"</span>: <span class="str">"ordersGrid"</span>,
+  <span class="str">"value"</span>: <span class="str">"[Status] = @status AND [Total] &gt; @minimum"</span>,
+  <span class="str">"arguments"</span>: {
+    <span class="str">"status"</span>: <span class="str">"Open"</span>,
+    <span class="str">"minimum"</span>: <span class="num">100</span>
+  }
+}</code></pre>
+                    </div>
+                    <p><code>runProcedure</code> is the right verb when the workflow should invoke reusable database-owned SQL &mdash; allocating an order, receiving a purchase order, processing a return. <code>runCommand</code> is the right verb when the workflow needs host-owned C# behavior such as email, queues, external APIs, or filesystem access. A common pairing is <code>runProcedure</code> for the database update followed by <code>runCommand</code> for the host notification.</p>
+                    <p>Conditional UI now lives at the form level too. Rules apply control property effects whenever their condition is true:</p>
+                    <div class="code-block" data-title="Form rules &mdash; conditional UI">
+                        <pre><code>{
+  <span class="str">"ruleId"</span>: <span class="str">"archived-state"</span>,
+  <span class="str">"condition"</span>: <span class="str">"[Status] = 'Archived'"</span>,
+  <span class="str">"effects"</span>: [
+    { <span class="str">"controlId"</span>: <span class="str">"statusBox"</span>,    <span class="str">"property"</span>: <span class="str">"readOnly"</span>, <span class="str">"value"</span>: <span class="kw">true</span> },
+    { <span class="str">"controlId"</span>: <span class="str">"archiveButton"</span>, <span class="str">"property"</span>: <span class="str">"enabled"</span>,  <span class="str">"value"</span>: <span class="kw">false</span> }
+  ]
+}</code></pre>
+                    </div>
+                    <p>The designer's property inspector ships with a rules editor and a validation panel for action/rule readiness. For a worked example that combines open-form, data-grid filtering, SQL execution, control property changes, and conditional rules in one manifest, see <code>samples/trusted-csharp-host/access-style-macro-form.json</code> in the repo.</p>
+                    <p>Rendered Admin form runtimes can leave <code>runSql</code> and <code>runProcedure</code> disabled by policy, which keeps database-mutating actions explicit at the host boundary. Action execution is observable through <code>FormActionDiagnostics.Listener</code>, which carries action kind, target, form id, event name, action sequence name, step index, elapsed time, success/cancellation state, result message, exception message, and metadata for every invocation.</p>
+
+                    <h2>The Trusted C# Host Sample</h2>
+                    <p>Trusted in-process C# extensions for SQL and Admin Forms have been growing across the last few releases. v3.6.0 ships a single, self-contained sample that pulls all of it together as the recommended developer workflow: <code>samples/trusted-csharp-host</code>.</p>
+                    <p>Open the folder in VS Code, press <code>F5</code>, and the sample demonstrates &mdash; in one process &mdash;:</p>
+                    <ul>
+                        <li>registering a trusted scalar function with <code>DbFunctionRegistry</code></li>
+                        <li>calling that function from SQL</li>
+                        <li>registering a trusted command with <code>DbCommandRegistry</code></li>
+                        <li>registering trusted Admin Forms validation rules with <code>DbValidationRuleRegistry</code></li>
+                        <li>exporting Admin Forms automation metadata</li>
+                        <li>validating that metadata against the registered callbacks</li>
+                        <li>generating a starter C# registration stub from automation metadata</li>
+                        <li>running an Admin Forms action sequence that sets a field</li>
+                        <li>invoking a reusable named action sequence that calls the command</li>
+                        <li>running field-level and form-level validation callbacks</li>
+                        <li>inspecting an Access-style macro form manifest with open-form, filter, run-SQL, and conditional rule actions</li>
+                    </ul>
+                    <p>The runtime boundary the sample protects is simple: C# callback bodies live in the host project. The database and form metadata only store names and action data. That is what makes the workflow safe to hand off between roles.</p>
+
+                    <h3>The Scalar Function Path</h3>
+                    <p>Scalar functions are the smallest piece. Register a name and an arity, return a <code>DbValue</code>, and SQL can call it like any built-in:</p>
+                    <div class="code-block" data-title="Program.cs &mdash; register a scalar function">
+                        <pre><code><span class="tp">DbFunctionRegistry</span> functions = <span class="tp">DbFunctionRegistry</span>.Create(builder =&gt;
+{
+    builder.AddScalar(
+        <span class="str">"Slugify"</span>,
+        arity: <span class="num">1</span>,
+        options: <span class="kw">new</span> <span class="tp">DbScalarFunctionOptions</span>(
+            ReturnType: <span class="tp">DbType</span>.Text,
+            IsDeterministic: <span class="kw">true</span>,
+            NullPropagating: <span class="kw">true</span>),
+        invoke: <span class="kw">static</span> (_, args) =&gt;
+            <span class="tp">DbValue</span>.FromText(Slugify(args[<span class="num">0</span>].AsText)));
+});</code></pre>
+                    </div>
+                    <p>From SQL: <code>INSERT INTO articles VALUES (1, 'Hello From VS Code', Slugify('Hello From VS Code'));</code> and the C# body runs in-process.</p>
+
+                    <h3>The Command Path</h3>
+                    <p>Commands are the workflow verb &mdash; the thing Admin Forms action sequences invoke when a field changes, a button is clicked, or a record is about to insert. The handler receives arguments and metadata and returns a result the form pipeline can act on:</p>
+                    <div class="code-block" data-title="Program.cs &mdash; register a command">
+                        <pre><code><span class="tp">DbCommandRegistry</span> commands = <span class="tp">DbCommandRegistry</span>.Create(builder =&gt;
+{
+    builder.AddCommand(
+        <span class="str">"AuditCustomerChange"</span>,
+        <span class="kw">new</span> <span class="tp">DbCommandOptions</span>(<span class="str">"Records a customer workflow event."</span>),
+        context =&gt;
+        {
+            <span class="tp">long</span> customerId = context.Arguments[<span class="str">"Id"</span>].AsInteger;
+            <span class="tp">string</span> status = context.Arguments[<span class="str">"Status"</span>].AsText;
+            <span class="tp">string</span> source = context.Arguments[<span class="str">"source"</span>].AsText;
+            <span class="tp">string</span> eventName = context.Metadata[<span class="str">"event"</span>];
+
+            <span class="cm">// Audit, queue work, call a service &mdash; this is your code.</span>
+            <span class="kw">return</span> <span class="tp">DbCommandResult</span>.Success(
+                <span class="str">$"Customer {customerId} -&gt; {status}; from {source}"</span>);
+        });
+});</code></pre>
+                    </div>
+
+                    <h3>The Validation Rule Path</h3>
+                    <p>Validation rules are new in v3.6.0. They use the same host-owned pattern as scalar functions and commands, and they participate in the existing field-level and form-level validation pipelines:</p>
+                    <div class="code-block" data-title="Program.cs &mdash; register a validation rule">
+                        <pre><code><span class="tp">DbValidationRuleRegistry</span> validationRules = <span class="tp">DbValidationRuleRegistry</span>.Create(builder =&gt;
+{
+    builder.AddRule(
+        <span class="str">"CustomerNamePolicy"</span>,
+        <span class="kw">new</span> <span class="tp">DbValidationRuleOptions</span>(
+            Description: <span class="str">"Rejects placeholder customer names."</span>,
+            Timeout: <span class="tp">TimeSpan</span>.FromSeconds(<span class="num">2</span>)),
+        <span class="kw">static</span> (context, _) =&gt;
+        {
+            <span class="tp">string</span> text = context.Value.IsNull
+                ? <span class="tp">string</span>.Empty
+                : context.Value.AsText;
+
+            <span class="tp">DbValidationRuleResult</span> result = text.Contains(<span class="str">"test"</span>, <span class="tp">StringComparison</span>.OrdinalIgnoreCase)
+                ? <span class="tp">DbValidationRuleResult</span>.Failure(
+                    context.FallbackMessage ?? <span class="str">"Customer name is not allowed."</span>,
+                    context.FieldName,
+                    context.RuleName)
+                : <span class="tp">DbValidationRuleResult</span>.Success();
+
+            <span class="kw">return</span> <span class="tp">ValueTask</span>.FromResult(result);
+        });
+});</code></pre>
+                    </div>
+                    <p>The same rules block save in Admin Forms when referenced by saved form metadata. From a host developer's perspective, a missing rule is exactly as visible as a missing command &mdash; metadata validation reports it, and the stub generator can produce the registration shape.</p>
+
+                    <h3>Two Roles, One Repo</h3>
+                    <p>The reason this sample exists is to make the two-role workflow obvious:</p>
+                    <ol>
+                        <li>An <strong>app builder</strong> creates metadata in Admin &mdash; a calculated expression that calls <code>Slugify(&hellip;)</code>, an action sequence that runs <code>AuditCustomerChange</code>, a control rule that references <code>CustomerNamePolicy</code>.</li>
+                        <li>A <strong>host developer</strong> owns the C# implementation, registers the callback at startup, and debugs it from VS Code.</li>
+                    </ol>
+                    <p>When Admin reports a missing callback, the generated registration stub is the handoff artifact. Paste it into the host app, replace the body with reviewed C#, set a breakpoint, run the host with <code>F5</code>, and verify the metadata reference reaches your code.</p>
+                    <p>From a terminal, the same loop is one command:</p>
+                    <div class="code-block" data-title="Powershell &mdash; run the trusted C# host sample">
+                        <pre><code>dotnet run --project samples\trusted-csharp-host\TrustedCSharpHostSample.csproj</code></pre>
+                    </div>
+                    <p>Expected output includes the exported callback metadata, validation status, the generated registration stub, slug values from SQL, an audit entry from the reusable form action sequence, and validation errors from a field rule and a form rule.</p>
+
+                    <h2>Reports Access Parity: The Plan</h2>
+                    <p>The reports surface today already covers the core Access-style design loop &mdash; banded designer, grouping/sorting, calculated text and aggregates, preview pagination, browser print, schema-drift warnings, and trusted command-backed lifecycle events for <code>OnOpen</code>, <code>BeforeRender</code>, and <code>AfterRender</code>.</p>
+                    <p>The v3.6.0 review identified two issues that matter for production reporting:</p>
+                    <ul>
+                        <li><strong>Saved-query previews are unbounded before trimming.</strong> Saved-query reports run <code>source.BaseSql</code> directly and only trim rows after the full result has materialized. Table and view reports use the preview query builder with a row limit; saved-query reports bypass that path. Fix: apply the preview row cap before materializing saved-query results, while preserving group/sort ordering.</li>
+                        <li><strong>Preview and print are capped, with no full output/export pipeline.</strong> The preview service caps output at <code>10,000</code> rows and <code>250</code> pages &mdash; reasonable for an interactive preview, but Access-style reports also need a full render/export path. Fix: separate preview rendering from full rendering, add export targets (PDF first, then HTML, CSV, spreadsheet-friendly), and make full export explicit and cancellable.</li>
+                    </ul>
+                    <p>Those two findings drive Phase 1 of the Access-parity roadmap. The phase ordering is deliberate &mdash; runtime safety and output foundations come before broadening the designer surface:</p>
+                    <table>
+                        <thead>
+                            <tr>
+                                <th>Phase</th>
+                                <th>Focus</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <tr>
+                                <td><strong>1</strong></td>
+                                <td>Runtime safety and output foundations &mdash; bounded saved-query previews, full report render pipeline, export support, print warnings</td>
+                            </tr>
+                            <tr>
+                                <td><strong>2</strong></td>
+                                <td>Record sources, parameters, and filters &mdash; parameter prompts, runtime filters, saved filter definitions, query designer integration</td>
+                            </tr>
+                            <tr>
+                                <td><strong>3</strong></td>
+                                <td>Grouping, totals, and pagination semantics &mdash; intervals, keep-together, force-new-page, running totals, overflow rules</td>
+                            </tr>
+                            <tr>
+                                <td><strong>4</strong></td>
+                                <td>Design productivity &mdash; Layout View, Report Wizard, Label Wizard, style themes</td>
+                            </tr>
+                            <tr>
+                                <td><strong>5</strong></td>
+                                <td>Broader controls and formatting &mdash; image, rich text, barcode, chart, page break, subreport, conditional formatting</td>
+                            </tr>
+                            <tr>
+                                <td><strong>6</strong></td>
+                                <td>Distribution and operations &mdash; email/report delivery, scheduled reports, artifact history, large-report cancellation</td>
+                            </tr>
+                        </tbody>
+                    </table>
+                    <p>The product position is &ldquo;reliable report production and distribution&rdquo; before &ldquo;wider designer canvas.&rdquo; A printable preview engine is useful; an exportable, parameterized, distributable report is what makes the surface stand on its own against Access for operational reporting.</p>
+
+                    <h2>What's Next: Database-Owned C# Code Modules</h2>
+                    <p>The trusted C# story in v3.6.0 is host-owned. The host project registers callbacks, the database stores names and references, and the runtime joins them. That is the right model for application services, external integrations, and anything privileged.</p>
+                    <p>For the &ldquo;code travels with the database&rdquo; case &mdash; the Access tradition where a form's <code>Form_BeforeUpdate</code> and a button's <code>btnShip_Click</code> live alongside the form definition itself &mdash; we are working on a third lane: <strong>database code modules</strong>.</p>
+                    <p>The plan, captured in <a href="https://github.com/MaxAkbar/CSharpDB/blob/main/docs/trusted-csharp-functions/database-code-modules-vscode-plan.md"><code>docs/trusted-csharp-functions/database-code-modules-vscode-plan.md</code></a>, has three product lanes that compose:</p>
+                    <table>
+                        <thead>
+                            <tr>
+                                <th>Lane</th>
+                                <th>Code Lives In</th>
+                                <th>Use For</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <tr>
+                                <td>Declarative macros/actions</td>
+                                <td>Form JSON / database metadata</td>
+                                <td>No-code app behavior, navigation, field updates, command orchestration</td>
+                            </tr>
+                            <tr>
+                                <td>Host callbacks</td>
+                                <td>C# host project startup registration</td>
+                                <td>External services, compiled integrations, application-owned code</td>
+                            </tr>
+                            <tr>
+                                <td>Database code modules</td>
+                                <td>Database module metadata, synced to files for editing</td>
+                                <td>Access-like form/business logic that travels with the database</td>
+                            </tr>
+                        </tbody>
+                    </table>
+                    <p>Generated form modules will look familiar to Access developers, but with real C# tooling underneath:</p>
+                    <div class="code-block" data-title="CustomersForm.cs &mdash; planned module shape">
+                        <pre><code><span class="kw">using</span> CSharpDB.CodeModules.Runtime;
+
+<span class="kw">namespace</span> CSharpDB.DatabaseCode.Forms;
+
+<span class="kw">public sealed class</span> <span class="tp">CustomersFormModule</span> : <span class="tp">FormCodeModule</span>
+{
+    <span class="kw">public void</span> Form_BeforeUpdate(<span class="tp">FormBeforeUpdateContext</span> context)
+    {
+        <span class="kw">if</span> (Me.Status == <span class="str">"Closed"</span> &amp;&amp; Me.ClosedDate <span class="kw">is null</span>)
+        {
+            context.Cancel = <span class="kw">true</span>;
+            context.Message = <span class="str">"Closed date is required."</span>;
+        }
+    }
+
+    <span class="kw">public void</span> btnShip_Click(<span class="tp">FormControlEventContext</span> context)
+    {
+        Me.Status = <span class="str">"Shipped"</span>;
+        DoCmd.SaveRecord();
+    }
+}</code></pre>
+                    </div>
+                    <p>The architecture deliberately splits responsibilities. Admin handles module discovery, trust prompts, event-stub creation, build status, and runtime execution. VS Code &mdash; with a small .NET sidecar exposing JSON-RPC &mdash; owns editing, file sync, Roslyn diagnostics, and a debug-harness workflow. There is no Monaco editor inside Admin and no in-browser IDE to maintain.</p>
+                    <p>Trust will fail closed by default: a database must be explicitly trusted, the module source hash must match the trusted hash, the build must be clean, runtime policy must allow execution, and the host must opt in. None of that is automatic just because a database file happens to contain modules.</p>
+                    <p>The phased delivery is straightforward: a <code>CSharpDB.CodeModules</code> core API first, then file-based import/export with conflict detection, Roslyn diagnostics, the Admin catalog and stub generator, the VS Code sidecar and extension, trusted runtime execution, and finally the debug-harness generator. There is no commitment to live Admin breakpoints in v1 &mdash; debugging is a normal C# project that happens to be generated from database modules.</p>
+
+                    <h2>Closing Thoughts</h2>
+                    <p>v3.6.0 is the release where Admin starts to feel like an application platform rather than just a database UI. Document collections are first-class, custom form controls are a real extension point, macro actions cover the verbs Access developers reach for, and the trusted C# story has a runnable sample that shows the whole loop end-to-end.</p>
+                    <p>What's intentionally <em>not</em> here: an in-browser code editor, an automatic remote-execution path for arbitrary database C#, or any change to how host callbacks are trusted. Those are deliberate gates &mdash; the database code modules plan walks toward them carefully, behind explicit trust, file-hash verification, and host opt-in.</p>
+                    <p>If you build on Admin Forms, the highest-value upgrade today is registering one custom control through <code>AddCSharpDbAdminFormControls</code> and one validation rule through <code>DbValidationRuleRegistry</code>. Both surfaces are stable, both ship with a working sample, and both are exactly the shape future code modules will hand control to.</p>
+
+                    <div class="blog-nav">
+                        <a href="index.html">&larr; All posts</a>
+                        <a href="fulfillment-hub-sample-walkthrough.html">Next: Fulfillment Hub Sample &rarr;</a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </main>
+
+    <div id="site-footer"></div>
+    <script src="../js/csharpdb.bundle.js" defer></script>
+</body>
+</html>
diff --git a/www/blog/index.html b/www/blog/index.html
index 505ee030..c085867d 100644
--- a/www/blog/index.html
+++ b/www/blog/index.html
@@ -118,6 +118,16 @@ <h1>Blog</h1>
                 <p class="lead">Tutorials, guides, and best practices for building with CSharpDB.</p>
 
                 <div class="blog-grid">
+                    <a href="csharpdb-v3-6-0-admin-and-csharp-extensibility.html" class="blog-card">
+                        <div class="blog-card-meta">
+                            <span class="blog-card-tag">Release</span>
+                            <span>May 2, 2026</span>
+                        </div>
+                        <h3>Inside CSharpDB v3.6.0: Admin Collections, Custom Form Controls &amp; Trusted C#</h3>
+                        <p>A walkthrough of the v3.6.0 Admin update: a first-class Collections UI, extensible Admin Forms controls, Access-style macro actions, a runnable trusted C# host sample, and what's next for database-owned C# code modules.</p>
+                        <div class="blog-card-footer">Read article &rarr;</div>
+                    </a>
+
                     <a href="fulfillment-hub-sample-walkthrough.html" class="blog-card">
                         <div class="blog-card-meta">
                             <span class="blog-card-tag">Sample</span>
diff --git a/www/roadmap-reference.html b/www/roadmap-reference.html
index eeb5deb6..c1dd0002 100644
--- a/www/roadmap-reference.html
+++ b/www/roadmap-reference.html
@@ -381,6 +381,11 @@ <h2 id="long-term">Long-Term</h2>
                 <td>Research</td>
                 </tr>
                 <tr>
+                <td><strong>API-level sharding</strong></td>
+                <td>Route API/daemon requests across multiple warm CSharpDB database files so independent tenants or shard keys can use separate WAL and commit paths, with v1 focused on single-shard writes and point reads</td>
+                <td>Research</td>
+                </tr>
+                <tr>
                 <td><strong>Replication / change feed</strong></td>
                 <td>Stream committed changes for read replicas or event-driven architectures</td>
                 <td>Research</td>
@@ -539,6 +544,7 @@ <h2 id="see-also">See Also</h2>
                 <li><a href="https://csharpdb.com/docs/internals.html">Internals &amp; Contributing</a> — How to extend the engine</li>
                 <li>Deployment &amp; Installation Plan — Cross-platform distribution via dotnet tool, Docker, Homebrew, winget, and install scripts</li>
                 <li>Multi-Writer Follow-Up Plan — Post-initial multi-writer roadmap, insert-path gaps, and release criteria for broader completion</li>
+                <li>API-Level Sharding Plan — API/daemon-level routing across multiple database files for write-throughput scaling</li>
                 <li>Query And Durable Write Performance Plan — Combined optimizer phase-2 plus durable-write completion plan, shipped state, and remaining benchmark/future-work boundaries</li>
                 <li><a href="https://csharpdb.com/docs/collation-support.html">Multilingual Text Support Plan</a> — Build on existing Unicode text storage with case-insensitive matching, locale-aware sorting, and <code>COLLATE</code> clause support for queries and index definitions</li>
                 <li>Database Encryption Plan — Encrypted storage format, key management, migration, and managed-surface rollout</li>
diff --git a/www/roadmap.html b/www/roadmap.html
index 1b41db32..a2863c36 100644
--- a/www/roadmap.html
+++ b/www/roadmap.html
@@ -285,10 +285,10 @@ <h2>
                     <div class="roadmap-grid">
                         <div class="roadmap-item">
                             <div class="roadmap-item-header">
-                                <h4>User-Defined Functions</h4>
-                                <span class="roadmap-badge roadmap-badge-planned">Planned</span>
+                                <h4>User-Defined Functions and Commands</h4>
+                                <span class="roadmap-badge roadmap-badge-planned">Partial</span>
                             </div>
-                            <p>Broader built-in scalar function registry, user-registered C# functions, and native plugin extensions.</p>
+                            <p>Trusted in-process C# scalar functions are implemented for SQL, triggers/procedures, direct clients, Admin Forms/Reports, and pipelines; trusted commands now back supported Admin automation surfaces. Aggregate/table-valued UDFs, richer macro flow, native plugins, database-owned code modules, and sandboxed UDFs remain future work.</p>
                         </div>
                         <div class="roadmap-item">
                             <div class="roadmap-item-header">
@@ -456,6 +456,13 @@ <h4>Broader Multi-Writer Optimization</h4>
                             </div>
                             <p>Improve hot insert fan-in, row-id reservation, and other high-contention patterns beyond the current initial multi-writer path.</p>
                         </div>
+                        <div class="roadmap-item">
+                            <div class="roadmap-item-header">
+                                <h4>API-Level Sharding</h4>
+                                <span class="roadmap-badge roadmap-badge-research">Research</span>
+                            </div>
+                            <p>Route API/daemon requests across multiple warm CSharpDB database files so independent tenants or shard keys can use separate WAL and commit paths, with v1 focused on single-shard writes and point reads.</p>
+                        </div>
                         <div class="roadmap-item">
                             <div class="roadmap-item-header">
                                 <h4>Replication &amp; Change Feed</h4>
@@ -480,7 +487,7 @@ <h2>Current Limitations</h2>
                     <table class="doc-table">
                         <thead><tr><th>Area</th><th>Limitation</th></tr></thead>
                         <tbody>
-                            <tr><td>Functions</td><td>Very limited scalar function surface today: built-in <code>TEXT(expr)</code> plus aggregate functions; no broader built-in function library or user-defined functions yet</td></tr>
+                            <tr><td>Functions and automation</td><td>Trusted in-process C# scalar functions are supported when registered by the host; Admin Forms, Admin Reports, and pipelines can invoke trusted host commands from supported event/hook surfaces; Admin Forms support declarative action sequences for run-command, set-field, show-message, and stop steps. Broader built-in scalar functions, aggregate/table-valued UDFs, stored C# modules, remote delegate serialization, additional Access-style control events, richer macro flow, and sandboxed UDFs are not implemented</td></tr>
                             <tr><td>Query</td><td>Scalar/IN/EXISTS subqueries are supported, including correlated cases in WHERE, non-aggregate projection, and UPDATE/DELETE expressions; correlated subqueries are not yet supported in JOIN ON, GROUP BY, HAVING, ORDER BY, or aggregate projections</td></tr>
                             <tr><td>Query</td><td>UNION, INTERSECT, and EXCEPT are supported; UNION ALL is not implemented yet</td></tr>
                             <tr><td>Query</td><td>No window functions</td></tr>
@@ -490,12 +497,16 @@ <h2>Current Limitations</h2>
                             <tr><td>Collections</td><td><code>FindByIndexAsync</code> supports declared field-equality lookups; <code>FindByPathAsync</code> and <code>FindByPathRangeAsync</code> support path-based queries on indexed paths; <code>FindAsync</code> remains a full scan for unindexed predicates</td></tr>
                             <tr><td>Networking</td><td><code>CSharpDB.Daemon</code> now hosts both REST and gRPC from one process; named pipes remain reserved but are not implemented end to end today</td></tr>
                             <tr><td>Security</td><td>Remote HTTP and gRPC deployment still rely on external network controls or front-end TLS termination; built-in authentication, authorization, and TLS/mTLS support are still planned</td></tr>
-                            <tr><td>Collation</td><td>Default semantics remain ordinal, but opt-in <code>BINARY</code>, <code>NOCASE</code>, <code>NOCASE_AI</code>, and <code>ICU:&lt;locale&gt;</code> collation are implemented for SQL and collection indexes; dedicated ordered SQL text index optimization remains planned</td></tr>
+                            <tr><td>Admin Forms</td><td>The Forms designer/runtime supports the core generated-form and data-entry path plus initial trusted command-backed automation, including lifecycle events, command buttons, selected control events, and declarative action sequences, but still needs Access-parity work for responsive runtime rendering, complete inferred validation, richer form modes, broader built-in actions, additional events, advanced filtering/sorting, and broader controls</td></tr>
+                            <tr><td>Admin Reports</td><td>The Reports designer/runtime supports the core banded preview path plus trusted command-backed preview lifecycle events, but still needs Access-parity work for bounded saved-query previews, full report output/export, parameters, richer grouping and totals semantics, conditional formatting, subreports, and broader controls</td></tr>
+                            <tr><td>Text / Multilingual</td><td>Text is stored as UTF-8 and supports all Unicode languages; default semantics remain ordinal, but opt-in <code>BINARY</code>, <code>NOCASE</code>, <code>NOCASE_AI</code>, and <code>ICU:&lt;locale&gt;</code> collation are implemented for SQL and collection indexes. Dedicated ordered SQL text index optimization remains planned</td></tr>
                             <tr><td>Concurrency</td><td>Physical WAL commit path is still serialized at the storage boundary. Initial multi-writer support is shipped, but observed gains depend on conflict shape and whether shared auto-commit INSERT is left on the default serialized path</td></tr>
                             <tr><td>Storage</td><td>No page-level compression</td></tr>
                             <tr><td>Storage</td><td>No at-rest encryption for database/WAL files; on-disk storage is plaintext only</td></tr>
                             <tr><td>Storage</td><td>Memory-mapped reads are opt-in and currently apply only to clean main-file pages; WAL-backed reads still rely on the WAL/cache path</td></tr>
                             <tr><td>Storage</td><td>By default, durable auto-commit single-row writes still pay a physical WAL flush per commit; opt-in <code>UseDurableCommitBatchWindow(...)</code> can trade some commit latency for higher throughput</td></tr>
+                            <tr><td>Query</td><td>Phase-2 cost-based planning is largely in place: <code>ANALYZE</code>, <code>sys.table_stats</code>, <code>sys.column_stats</code>, internal histograms/heavy hitters/prefix stats, and bounded small-chain join reordering now feed join/access-path costing; remaining work is adaptive re-optimization and public histogram/diagnostic surfacing rather than missing core stats-guided costing</td></tr>
+                            <tr><td>Query</td><td>Internal row-batch transport is now the default scan-heavy execution foundation across batch-capable scans, joins, aggregates, and result boundaries; remaining work is broader kernel specialization and optional SIMD-style tuning rather than missing core batch coverage</td></tr>
                         </tbody>
                     </table>
                 </div>