diff --git a/.github/workflows/components-build-deploy.yml b/.github/workflows/components-build-deploy.yml
index d466290d4..66257c54e 100755
--- a/.github/workflows/components-build-deploy.yml
+++ b/.github/workflows/components-build-deploy.yml
@@ -14,6 +14,7 @@ on:
       - 'components/ambient-api-server/**'
       - 'components/ambient-control-plane/**'
       - 'components/ambient-mcp/**'
+      - 'components/ambient-ui/**'
   pull_request:
     branches: [main, alpha]
     paths:
@@ -27,10 +28,11 @@ on:
       - 'components/ambient-api-server/**'
       - 'components/ambient-control-plane/**'
       - 'components/ambient-mcp/**'
+      - 'components/ambient-ui/**'
   workflow_dispatch:
     inputs:
       components:
-        description: 'Components to build (comma-separated: frontend,backend,operator,ambient-runner,state-sync,public-api,ambient-api-server,ambient-control-plane,ambient-mcp) - leave empty for all'
+        description: 'Components to build (comma-separated: frontend,backend,operator,ambient-runner,state-sync,public-api,ambient-api-server,ambient-control-plane,ambient-mcp,ambient-ui) - leave empty for all'
         required: false
         type: string
         default: ''
@@ -60,7 +62,8 @@ jobs:
             {"name":"public-api","context":"./components/public-api","image":"quay.io/ambient_code/vteam_public_api","dockerfile":"./components/public-api/Dockerfile"},
             {"name":"ambient-api-server","context":"./components/ambient-api-server","image":"quay.io/ambient_code/vteam_api_server","dockerfile":"./components/ambient-api-server/Dockerfile"},
             {"name":"ambient-control-plane","context":"./components","image":"quay.io/ambient_code/vteam_control_plane","dockerfile":"./components/ambient-control-plane/Dockerfile"},
-            {"name":"ambient-mcp","context":"./components/ambient-mcp","image":"quay.io/ambient_code/vteam_mcp","dockerfile":"./components/ambient-mcp/Dockerfile"}
+            {"name":"ambient-mcp","context":"./components/ambient-mcp","image":"quay.io/ambient_code/vteam_mcp","dockerfile":"./components/ambient-mcp/Dockerfile"},
+            {"name":"ambient-ui","context":"./components","image":"quay.io/ambient_code/vteam_ambient_ui","dockerfile":"./components/ambient-ui/Dockerfile"}
           ]'
 
           SELECTED="${{ github.event.inputs.components }}"
@@ -384,6 +387,7 @@ jobs:
           kustomize edit set image quay.io/ambient_code/vteam_public_api:latest=quay.io/ambient_code/vteam_public_api:${{ github.sha }}
           kustomize edit set image quay.io/ambient_code/vteam_control_plane:latest=quay.io/ambient_code/vteam_control_plane:${{ github.sha }}
           kustomize edit set image quay.io/ambient_code/vteam_mcp:latest=quay.io/ambient_code/vteam_mcp:${{ github.sha }}
+          kustomize edit set image quay.io/ambient_code/vteam_ambient_ui:latest=quay.io/ambient_code/vteam_ambient_ui:${{ github.sha }}
 
       - name: Validate kustomization
         working-directory: components/manifests/overlays/production
@@ -462,6 +466,7 @@ jobs:
           kustomize edit set image quay.io/ambient_code/vteam_public_api:latest=quay.io/ambient_code/vteam_public_api:${{ github.sha }}
           kustomize edit set image quay.io/ambient_code/vteam_control_plane:latest=quay.io/ambient_code/vteam_control_plane:${{ github.sha }}
           kustomize edit set image quay.io/ambient_code/vteam_mcp:latest=quay.io/ambient_code/vteam_mcp:${{ github.sha }}
+          kustomize edit set image quay.io/ambient_code/vteam_ambient_ui:latest=quay.io/ambient_code/vteam_ambient_ui:${{ github.sha }}
 
       - name: Validate kustomization
         working-directory: components/manifests/overlays/production
diff --git a/components/ambient-ui/Dockerfile b/components/ambient-ui/Dockerfile
index f7bf6a457..6ce0f9974 100644
--- a/components/ambient-ui/Dockerfile
+++ b/components/ambient-ui/Dockerfile
@@ -5,8 +5,10 @@ WORKDIR /app
 
 USER 0
 
-# Copy SDK dependency first (it's a file: dependency in package.json)
-COPY ambient-sdk/ts-sdk ./ambient-sdk/ts-sdk
+# Copy and build SDK dependency. package.json references file:../ambient-sdk/ts-sdk
+# which resolves to /ambient-sdk/ts-sdk from WORKDIR /app.
+COPY ambient-sdk/ts-sdk /ambient-sdk/ts-sdk
+RUN cd /ambient-sdk/ts-sdk && npm install --ignore-scripts && npm run build
 
 # Copy ambient-ui package files
 COPY ambient-ui/package.json ambient-ui/package-lock.json* ./
@@ -21,9 +23,9 @@ USER 0
 
 WORKDIR /app
 
-# Copy node_modules from deps stage
+# Copy node_modules and SDK from deps stage
 COPY --from=deps /app/node_modules ./node_modules
-COPY --from=deps /app/ambient-sdk ./ambient-sdk
+COPY --from=deps /ambient-sdk /ambient-sdk
 COPY ambient-ui/ .
 
 # Next.js collects completely anonymous telemetry data about general usage.
diff --git a/components/ambient-ui/next.config.js b/components/ambient-ui/next.config.js
index 79e0b0c9e..33ba5d180 100644
--- a/components/ambient-ui/next.config.js
+++ b/components/ambient-ui/next.config.js
@@ -1,6 +1,47 @@
 // eslint-disable-next-line @typescript-eslint/no-require-imports
 const path = require('path')
 
+const DEFAULT_PATTERNS = 'localhost:*,127.0.0.1:*'
+
+/**
+ * Convert a preview-host glob pattern to CSP frame-src source(s).
+ *
+ * CSP requires a scheme for host:port patterns, so `localhost:*` becomes
+ * `http://localhost:* https://localhost:*`.  Subdomain wildcards like
+ * `*.example.com` are valid CSP syntax and pass through unchanged.
+ */
+function toFrameSrcEntries(pattern) {
+  if (pattern.includes('://')) {
+    return [pattern]
+  }
+  // CSP only supports a wildcard as the leftmost label (e.g. *.example.com).
+  // Mid-domain wildcards like *.apps.rosa.*.openshiftapps.com are invalid CSP.
+  // Collapse to a valid prefix wildcard by keeping everything after the last *.
+  // e.g. *.apps.rosa.*.openshiftapps.com → *.openshiftapps.com
+  let cspPattern = pattern
+  const midWildcard = /\*\.[^*]+\*\./
+  if (midWildcard.test(pattern)) {
+    const lastWildIdx = pattern.lastIndexOf('*.')
+    cspPattern = '*.' + pattern.slice(lastWildIdx + 2)
+  }
+  return [`http://${cspPattern}`, `https://${cspPattern}`]
+}
+
+/**
+ * Build the CSP frame-src directive from NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS.
+ */
+function buildFrameSrc() {
+  const raw = process.env.NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS
+  const source = (raw && raw.trim()) || DEFAULT_PATTERNS
+  const patterns = source
+    .split(',')
+    .map((p) => p.trim())
+    .filter((p) => p.length > 0)
+
+  const entries = patterns.flatMap(toFrameSrcEntries)
+  return ["'self'", ...entries].join(' ')
+}
+
 /** @type {import('next').NextConfig} */
 const nextConfig = {
   output: 'standalone',
@@ -9,6 +50,19 @@ const nextConfig = {
   experimental: {
     staticGenerationMinPagesPerWorker: 100,
   },
+  async headers() {
+    return [
+      {
+        source: '/(.*)',
+        headers: [
+          {
+            key: 'Content-Security-Policy',
+            value: `frame-src ${buildFrameSrc()};`,
+          },
+        ],
+      },
+    ]
+  },
 }
 
 module.exports = nextConfig
diff --git a/components/ambient-ui/package.json b/components/ambient-ui/package.json
index 2ca957a1f..b6b9bc07a 100644
--- a/components/ambient-ui/package.json
+++ b/components/ambient-ui/package.json
@@ -4,7 +4,7 @@
   "private": true,
   "scripts": {
     "dev": "next dev --webpack --port 3001",
-    "build": "next build",
+    "build": "next build --webpack",
     "start": "next start",
     "lint": "eslint",
     "test": "vitest run",
diff --git a/components/ambient-ui/public/preview-bridge.js b/components/ambient-ui/public/preview-bridge.js
new file mode 100644
index 000000000..df78ff554
--- /dev/null
+++ b/components/ambient-ui/public/preview-bridge.js
@@ -0,0 +1,86 @@
+/**
+ * Ambient UI Preview Bridge
+ *
+ * Include this script in pages rendered inside the Ambient UI preview iframe
+ * to enable cross-origin element capture and hover highlighting.
+ *
+ * Usage: <script src="/preview-bridge.js"></script>
+ *
+ * The bridge listens for postMessage requests from the parent frame and
+ * responds with element information at the requested coordinates.
+ */
+(function () {
+  'use strict';
+
+  var currentHighlight = null;
+
+  function getClassName(el) {
+    // SVG elements have SVGAnimatedString for className, not a plain string
+    return el.getAttribute('class') || null;
+  }
+
+  // Element capture: parent asks for the element at (x, y)
+  window.addEventListener('message', function (e) {
+    if (!e.data || e.data.type !== 'ambient-capture') return;
+    if (!e.origin || e.origin === 'null') return;
+
+    var x = e.data.x;
+    var y = e.data.y;
+    var el = document.elementFromPoint(x, y);
+
+    if (!el) {
+      e.source.postMessage({ type: 'ambient-captured', html: null, rect: null }, e.origin);
+      return;
+    }
+
+    var rect = el.getBoundingClientRect();
+    e.source.postMessage({
+      type: 'ambient-captured',
+      html: el.outerHTML.slice(0, 500),
+      tagName: el.tagName.toLowerCase(),
+      id: el.id || null,
+      className: getClassName(el),
+      textContent: (el.textContent || '').slice(0, 100),
+      rect: { x: rect.x, y: rect.y, width: rect.width, height: rect.height }
+    }, e.origin);
+  });
+
+  // Hover highlight: parent sends cursor position, bridge outlines the element
+  window.addEventListener('message', function (e) {
+    if (!e.data || e.data.type !== 'ambient-hover') return;
+    if (!e.origin || e.origin === 'null') return;
+
+    var el = document.elementFromPoint(e.data.x, e.data.y);
+
+    // Remove previous highlight
+    if (currentHighlight) {
+      currentHighlight.style.outline = currentHighlight._ambientSavedOutline || '';
+      delete currentHighlight._ambientSavedOutline;
+      currentHighlight = null;
+    }
+
+    if (el && el !== document.documentElement && el !== document.body) {
+      el._ambientSavedOutline = el.style.outline;
+      el.style.outline = '2px solid #4394e5';
+      currentHighlight = el;
+    }
+
+    if (el) {
+      var rect = el.getBoundingClientRect();
+      e.source.postMessage({
+        type: 'ambient-hovered',
+        rect: { x: rect.x, y: rect.y, width: rect.width, height: rect.height }
+      }, e.origin);
+    }
+  });
+
+  // Clear hover: remove any active highlight
+  window.addEventListener('message', function (e) {
+    if (!e.data || e.data.type !== 'ambient-hover-clear') return;
+    if (currentHighlight) {
+      currentHighlight.style.outline = currentHighlight._ambientSavedOutline || '';
+      delete currentHighlight._ambientSavedOutline;
+      currentHighlight = null;
+    }
+  });
+})();
diff --git a/components/ambient-ui/src/adapters/__tests__/session-messages.test.ts b/components/ambient-ui/src/adapters/__tests__/session-messages.test.ts
new file mode 100644
index 000000000..6a7db2bb8
--- /dev/null
+++ b/components/ambient-ui/src/adapters/__tests__/session-messages.test.ts
@@ -0,0 +1,290 @@
+import { describe, it, expect } from 'vitest'
+import type { SessionMessagesPort } from '@/ports/session-messages'
+import type { FetchFn } from '../session-messages'
+import { createSessionMessagesAdapterWithFetch } from '../session-messages'
+
+type SdkMessageResponse = {
+  id: string
+  kind: string
+  href: string
+  created_at: string | null
+  updated_at: string | null
+  session_id: string
+  event_type: string
+  payload: string
+  seq: number
+}
+
+function makeSdkMessage(overrides: Partial<SdkMessageResponse> = {}): SdkMessageResponse {
+  return {
+    id: 'msg-001',
+    kind: 'SessionMessage',
+    href: '/api/ambient/v1/sessions/sess-001/messages/msg-001',
+    created_at: '2026-01-15T10:00:00Z',
+    updated_at: '2026-01-15T10:00:00Z',
+    session_id: 'sess-001',
+    event_type: 'ui.feedback',
+    payload: '{"type":"approve"}',
+    seq: 1,
+    ...overrides,
+  }
+}
+
+type CapturedRequest = {
+  url: string
+  method: string
+  headers: Record<string, string>
+  body: unknown
+}
+
+function createFakeFetch(options: {
+  response?: unknown
+  status?: number
+  captured?: CapturedRequest[]
+}): FetchFn {
+  const captured = options.captured ?? []
+
+  return async (input: string, init?: RequestInit): Promise<Response> => {
+    captured.push({
+      url: input,
+      method: init?.method ?? 'GET',
+      headers: Object.fromEntries(
+        Object.entries(init?.headers ?? {}),
+      ) as Record<string, string>,
+      body: init?.body ? JSON.parse(init.body as string) : undefined,
+    })
+
+    const status = options.status ?? 200
+    const body = JSON.stringify(options.response ?? {})
+
+    return {
+      ok: status >= 200 && status < 300,
+      status,
+      json: async () => JSON.parse(body),
+    } as Response
+  }
+}
+
+describe('session-messages adapter', () => {
+  describe('send()', () => {
+    it('sends a POST to the correct BFF endpoint', async () => {
+      const captured: CapturedRequest[] = []
+      const responseMessage = makeSdkMessage()
+      const fakeFetch = createFakeFetch({ response: responseMessage, captured })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      await adapter.send('sess-001', { eventType: 'ui.feedback', payload: '{"type":"approve"}' })
+
+      expect(captured).toHaveLength(1)
+      expect(captured[0].url).toBe('/api/ambient/v1/sessions/sess-001/messages')
+      expect(captured[0].method).toBe('POST')
+      expect(captured[0].headers['Content-Type']).toBe('application/json')
+    })
+
+    it('sends the correct request body with snake_case keys', async () => {
+      const captured: CapturedRequest[] = []
+      const responseMessage = makeSdkMessage()
+      const fakeFetch = createFakeFetch({ response: responseMessage, captured })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      await adapter.send('sess-001', { eventType: 'ui.feedback', payload: '{"type":"approve"}' })
+
+      expect(captured[0].body).toEqual({
+        event_type: 'ui.feedback',
+        payload: '{"type":"approve"}',
+      })
+    })
+
+    it('returns a mapped domain session message', async () => {
+      const responseMessage = makeSdkMessage({
+        id: 'msg-abc',
+        session_id: 'sess-xyz',
+        event_type: 'ui.preview',
+        payload: '{"url":"http://example.com"}',
+        seq: 5,
+        created_at: '2026-05-28T12:00:00Z',
+      })
+      const fakeFetch = createFakeFetch({ response: responseMessage })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      const result = await adapter.send('sess-xyz', {
+        eventType: 'ui.preview',
+        payload: '{"url":"http://example.com"}',
+      })
+
+      expect(result.id).toBe('msg-abc')
+      expect(result.sessionId).toBe('sess-xyz')
+      expect(result.eventType).toBe('ui.preview')
+      expect(result.payload).toBe('{"url":"http://example.com"}')
+      expect(result.seq).toBe(5)
+      expect(result.createdAt).toBe('2026-05-28T12:00:00Z')
+    })
+
+    it('throws on non-OK response', async () => {
+      const fakeFetch = createFakeFetch({ status: 500 })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      await expect(
+        adapter.send('sess-001', { eventType: 'ui.feedback', payload: '{}' }),
+      ).rejects.toThrow('Failed to send session message: 500')
+    })
+
+    it('encodes special characters in session ID', async () => {
+      const captured: CapturedRequest[] = []
+      const responseMessage = makeSdkMessage()
+      const fakeFetch = createFakeFetch({ response: responseMessage, captured })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      await adapter.send('sess/special&id', { eventType: 'test', payload: '{}' })
+
+      expect(captured[0].url).toBe(
+        '/api/ambient/v1/sessions/sess%2Fspecial%26id/messages',
+      )
+    })
+  })
+
+  describe('list()', () => {
+    it('sends a GET to the correct BFF endpoint', async () => {
+      const captured: CapturedRequest[] = []
+      const listResponse = {
+        kind: 'SessionMessageList',
+        page: 1,
+        size: 20,
+        total: 0,
+        items: [],
+      }
+      const fakeFetch = createFakeFetch({ response: listResponse, captured })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      await adapter.list('sess-001')
+
+      expect(captured).toHaveLength(1)
+      expect(captured[0].url).toBe('/api/ambient/v1/sessions/sess-001/messages')
+      expect(captured[0].method).toBe('GET')
+    })
+
+    it('returns paginated domain messages', async () => {
+      const messages = [
+        makeSdkMessage({ id: 'msg-001', seq: 1 }),
+        makeSdkMessage({ id: 'msg-002', seq: 2 }),
+      ]
+      const listResponse = {
+        kind: 'SessionMessageList',
+        page: 1,
+        size: 20,
+        total: 50,
+        items: messages,
+      }
+      const fakeFetch = createFakeFetch({ response: listResponse })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      const result = await adapter.list('sess-001')
+
+      expect(result.items).toHaveLength(2)
+      expect(result.items[0].id).toBe('msg-001')
+      expect(result.items[0].seq).toBe(1)
+      expect(result.items[1].id).toBe('msg-002')
+      expect(result.items[1].seq).toBe(2)
+      expect(result.total).toBe(50)
+      expect(result.page).toBe(1)
+      expect(result.size).toBe(20)
+      expect(result.hasMore).toBe(true)
+    })
+
+    it('returns hasMore=false when all items fit', async () => {
+      const listResponse = {
+        kind: 'SessionMessageList',
+        page: 1,
+        size: 20,
+        total: 2,
+        items: [
+          makeSdkMessage({ id: 'msg-001' }),
+          makeSdkMessage({ id: 'msg-002' }),
+        ],
+      }
+      const fakeFetch = createFakeFetch({ response: listResponse })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      const result = await adapter.list('sess-001')
+
+      expect(result.hasMore).toBe(false)
+    })
+
+    it('passes pagination params as query string', async () => {
+      const captured: CapturedRequest[] = []
+      const listResponse = {
+        kind: 'SessionMessageList',
+        page: 2,
+        size: 10,
+        total: 25,
+        items: [],
+      }
+      const fakeFetch = createFakeFetch({ response: listResponse, captured })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      await adapter.list('sess-001', { page: 2, size: 10 })
+
+      expect(captured[0].url).toBe(
+        '/api/ambient/v1/sessions/sess-001/messages?page=2&size=10',
+      )
+    })
+
+    it('throws on non-OK response', async () => {
+      const fakeFetch = createFakeFetch({ status: 404 })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      await expect(adapter.list('sess-001')).rejects.toThrow(
+        'Failed to list session messages: 404',
+      )
+    })
+
+    it('maps SDK messages to domain messages', async () => {
+      const listResponse = {
+        kind: 'SessionMessageList',
+        page: 1,
+        size: 20,
+        total: 1,
+        items: [
+          makeSdkMessage({
+            id: 'msg-mapped',
+            session_id: 'sess-mapped',
+            event_type: 'ui.feedback.response',
+            payload: '{"decision":"reject","reason":"too complex"}',
+            seq: 42,
+            created_at: '2026-05-28T15:30:00Z',
+          }),
+        ],
+      }
+      const fakeFetch = createFakeFetch({ response: listResponse })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      const result = await adapter.list('sess-mapped')
+      const msg = result.items[0]
+
+      expect(msg.id).toBe('msg-mapped')
+      expect(msg.sessionId).toBe('sess-mapped')
+      expect(msg.eventType).toBe('ui.feedback.response')
+      expect(msg.payload).toBe('{"decision":"reject","reason":"too complex"}')
+      expect(msg.seq).toBe(42)
+      expect(msg.createdAt).toBe('2026-05-28T15:30:00Z')
+    })
+
+    it('handles null created_at by mapping to empty string', async () => {
+      const listResponse = {
+        kind: 'SessionMessageList',
+        page: 1,
+        size: 20,
+        total: 1,
+        items: [
+          makeSdkMessage({ created_at: null }),
+        ],
+      }
+      const fakeFetch = createFakeFetch({ response: listResponse })
+      const adapter: SessionMessagesPort = createSessionMessagesAdapterWithFetch(fakeFetch)
+
+      const result = await adapter.list('sess-001')
+
+      expect(result.items[0].createdAt).toBe('')
+    })
+  })
+})
diff --git a/components/ambient-ui/src/adapters/index.ts b/components/ambient-ui/src/adapters/index.ts
index b55c4f1e2..4a880e4df 100644
--- a/components/ambient-ui/src/adapters/index.ts
+++ b/components/ambient-ui/src/adapters/index.ts
@@ -1,4 +1,4 @@
 export { getSessionAPI, getProjectAPI, getConfig } from './sdk-client'
-export { mapSdkSessionToDomain, mapSdkProjectToDomain } from './mappers'
 export { createSessionsAdapter } from './sdk-sessions'
 export { createProjectsAdapter } from './sdk-projects'
+export { createSessionMessagesAdapterWithFetch } from './session-messages'
diff --git a/components/ambient-ui/src/adapters/mappers.ts b/components/ambient-ui/src/adapters/mappers.ts
index 5b6f290d1..318c11cd0 100644
--- a/components/ambient-ui/src/adapters/mappers.ts
+++ b/components/ambient-ui/src/adapters/mappers.ts
@@ -1,5 +1,5 @@
 import type { Session, Project } from 'ambient-sdk'
-import type { DomainSession, DomainProject, SessionPhase } from '@/domain/types'
+import type { DomainSession, DomainProject, DomainSessionMessage, SessionPhase } from '@/domain/types'
 
 const VALID_PHASES: ReadonlySet<string> = new Set<string>([
   'Pending',
@@ -69,3 +69,23 @@ export function mapSdkProjectToDomain(sdk: Project): DomainProject {
     updatedAt: sdk.updated_at ?? '',
   }
 }
+
+export type SdkSessionMessageShape = {
+  id: string
+  session_id: string
+  event_type: string
+  payload: string
+  seq: number
+  created_at: string | null
+}
+
+export function mapSessionMessageToDomain(sdk: SdkSessionMessageShape): DomainSessionMessage {
+  return {
+    id: sdk.id,
+    sessionId: sdk.session_id,
+    eventType: sdk.event_type,
+    payload: sdk.payload,
+    seq: sdk.seq,
+    createdAt: sdk.created_at ?? '',
+  }
+}
diff --git a/components/ambient-ui/src/adapters/session-messages.ts b/components/ambient-ui/src/adapters/session-messages.ts
new file mode 100644
index 000000000..edda74b24
--- /dev/null
+++ b/components/ambient-ui/src/adapters/session-messages.ts
@@ -0,0 +1,86 @@
+import type { SessionMessagesPort } from '@/ports/session-messages'
+import type { DomainSessionMessage, ListParams, PaginatedResult } from '@/domain/types'
+import { mapSessionMessageToDomain } from './mappers'
+import type { SdkSessionMessageShape } from './mappers'
+
+type SessionMessageResponse = SdkSessionMessageShape & {
+  kind: string
+  href: string
+  updated_at: string | null
+}
+
+type SessionMessageListResponse = {
+  kind: string
+  page: number
+  size: number
+  total: number
+  items: SessionMessageResponse[]
+}
+
+export type FetchFn = (input: string, init?: RequestInit) => Promise<Response>
+
+function sanitizeSessionId(value: string): string {
+  return encodeURIComponent(value)
+}
+
+function buildQueryString(params?: ListParams): string {
+  const parts: string[] = []
+  if (params?.page) parts.push(`page=${params.page}`)
+  if (params?.size) parts.push(`size=${params.size}`)
+  if (params?.search) parts.push(`search=${encodeURIComponent(params.search)}`)
+  if (params?.orderBy) parts.push(`orderBy=${encodeURIComponent(params.orderBy)}`)
+  return parts.length > 0 ? `?${parts.join('&')}` : ''
+}
+
+function createSessionMessagesAdapter(fetchFn: FetchFn): SessionMessagesPort {
+  return {
+    async send(
+      sessionId: string,
+      message: { eventType: string; payload: string },
+    ): Promise<DomainSessionMessage> {
+      const url = `/api/ambient/v1/sessions/${sanitizeSessionId(sessionId)}/messages`
+      const response = await fetchFn(url, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          event_type: message.eventType,
+          payload: message.payload,
+        }),
+      })
+      if (!response.ok) {
+        throw new Error(`Failed to send session message: ${response.status}`)
+      }
+      const data = (await response.json()) as SessionMessageResponse
+      return mapSessionMessageToDomain(data)
+    },
+
+    async list(
+      sessionId: string,
+      params?: ListParams,
+    ): Promise<PaginatedResult<DomainSessionMessage>> {
+      const qs = buildQueryString(params)
+      const url = `/api/ambient/v1/sessions/${sanitizeSessionId(sessionId)}/messages${qs}`
+      const response = await fetchFn(url, {
+        method: 'GET',
+      })
+      if (!response.ok) {
+        throw new Error(`Failed to list session messages: ${response.status}`)
+      }
+      const data = (await response.json()) as SessionMessageListResponse
+      const items = data.items.map(mapSessionMessageToDomain)
+      const page = params?.page ?? 1
+      const size = params?.size ?? 20
+      return {
+        items,
+        total: data.total,
+        page,
+        size,
+        hasMore: page * size < data.total,
+      }
+    },
+  }
+}
+
+export function createSessionMessagesAdapterWithFetch(fetchFn?: FetchFn): SessionMessagesPort {
+  return createSessionMessagesAdapter(fetchFn ?? globalThis.fetch.bind(globalThis))
+}
diff --git a/components/ambient-ui/src/app/(dashboard)/[projectId]/fleet/[sessionId]/_components/session-header.tsx b/components/ambient-ui/src/app/(dashboard)/[projectId]/fleet/[sessionId]/_components/session-header.tsx
index ef95018e6..f410a4def 100644
--- a/components/ambient-ui/src/app/(dashboard)/[projectId]/fleet/[sessionId]/_components/session-header.tsx
+++ b/components/ambient-ui/src/app/(dashboard)/[projectId]/fleet/[sessionId]/_components/session-header.tsx
@@ -1,30 +1,107 @@
+'use client'
+
+import { useState } from 'react'
+import { ExternalLink, Square, RotateCcw } from 'lucide-react'
 import type { DomainSession } from '@/domain/types'
+import { getPreviewAnnotations } from '@/domain/annotations'
+import { useStopSession, useStartSession } from '@/queries/use-sessions'
+import { useSendFeedback } from '@/queries/use-send-feedback'
 import { PhaseBadge } from '../../_components/phase-badge'
 import { formatDuration, formatRelativeTime } from '@/lib/format-timestamp'
+import { Button } from '@/components/ui/button'
+import { PreviewOverlay } from '@/components/preview/preview-overlay'
+
+const STOPPABLE_PHASES = new Set(['Running', 'Pending', 'Creating'])
+const RESTARTABLE_PHASES = new Set(['Completed', 'Failed', 'Stopped'])
 
 export function SessionHeader({ session }: { session: DomainSession }) {
+  const [previewOpen, setPreviewOpen] = useState(false)
+  const stopSession = useStopSession()
+  const startSession = useStartSession()
+  const sendFeedback = useSendFeedback()
+
+  const preview = getPreviewAnnotations(session.annotations)
+  const canStop = STOPPABLE_PHASES.has(session.phase)
+  const canRestart = RESTARTABLE_PHASES.has(session.phase)
+
   return (
-    <div className="space-y-3">
-      <div className="flex items-center gap-3">
-        <h1 className="text-2xl font-semibold">{session.name}</h1>
-        <PhaseBadge phase={session.phase} />
-      </div>
-      <div className="flex items-center gap-6 text-sm text-muted-foreground">
-        {session.agentName && (
-          <MetaItem label="Agent" value={session.agentName} />
-        )}
-        {session.model && (
-          <MetaItem label="Model" value={session.model} />
-        )}
-        {session.startTime && (
-          <MetaItem
-            label="Duration"
-            value={formatDuration(session.startTime, session.completionTime)}
-          />
-        )}
-        <MetaItem label="Created" value={formatRelativeTime(session.createdAt)} />
+    <>
+      <div className="space-y-3">
+        <div className="flex items-center justify-between">
+          <div className="flex items-center gap-3">
+            <h1 className="text-2xl font-semibold">{session.name}</h1>
+            <PhaseBadge phase={session.phase} />
+          </div>
+
+          <div className="flex items-center gap-2">
+            {preview && (
+              <Button
+                variant="outline"
+                size="sm"
+                onClick={() => setPreviewOpen(true)}
+                aria-label="Open preview"
+              >
+                <ExternalLink />
+                Open Preview
+              </Button>
+            )}
+
+            {canStop && (
+              <Button
+                variant="destructive"
+                size="sm"
+                onClick={() => stopSession.mutate(session.id)}
+                disabled={stopSession.isPending}
+                aria-label="Stop session"
+              >
+                <Square />
+                Stop
+              </Button>
+            )}
+
+            {canRestart && (
+              <Button
+                variant="outline"
+                size="sm"
+                onClick={() => startSession.mutate(session.id)}
+                disabled={startSession.isPending}
+                aria-label="Restart session"
+              >
+                <RotateCcw />
+                Restart
+              </Button>
+            )}
+          </div>
+        </div>
+
+        <div className="flex items-center gap-6 text-sm text-muted-foreground">
+          {session.agentName && (
+            <MetaItem label="Agent" value={session.agentName} />
+          )}
+          {session.model && (
+            <MetaItem label="Model" value={session.model} />
+          )}
+          {session.startTime && (
+            <MetaItem
+              label="Duration"
+              value={formatDuration(session.startTime, session.completionTime)}
+            />
+          )}
+          <MetaItem label="Created" value={formatRelativeTime(session.createdAt)} />
+        </div>
       </div>
-    </div>
+
+      {previewOpen && preview && (
+        <PreviewOverlay
+          url={preview.url}
+          title={preview.title}
+          sessionId={session.id}
+          sessionPhase={session.phase}
+          onClose={() => setPreviewOpen(false)}
+          onSendFeedback={(batch) => sendFeedback.mutate(batch)}
+        />
+      )}
+    </>
   )
 }
 
diff --git a/components/ambient-ui/src/app/api/ambient/v1/[...path]/route.ts b/components/ambient-ui/src/app/api/ambient/v1/[...path]/route.ts
index 3939cbeae..cdb684165 100644
--- a/components/ambient-ui/src/app/api/ambient/v1/[...path]/route.ts
+++ b/components/ambient-ui/src/app/api/ambient/v1/[...path]/route.ts
@@ -15,8 +15,7 @@ async function proxyRequest(
     return Response.json({ error: "invalid_path" }, { status: 400 })
   }
   const pathStr = path.map(s => encodeURIComponent(s)).join("/")
-  // SDK uses /api/ambient/v1, server uses /api/adp/v1
-  const url = new URL(`/api/adp/v1/${pathStr}`, API_SERVER_URL)
+  const url = new URL(`/api/ambient/v1/${pathStr}`, API_SERVER_URL)
   url.search = new URL(request.url).search
 
   const accessToken = await resolveAccessToken(request)
diff --git a/components/ambient-ui/src/app/api/preview-proxy/route.ts b/components/ambient-ui/src/app/api/preview-proxy/route.ts
new file mode 100644
index 000000000..7832f3e8a
--- /dev/null
+++ b/components/ambient-ui/src/app/api/preview-proxy/route.ts
@@ -0,0 +1,130 @@
+import { resolveAccessToken } from "@/lib/auth"
+import {
+  validatePreviewUrl,
+  stripFrameBlockingHeaders,
+  injectBaseTag,
+  buildBaseHref,
+} from "@/lib/preview-proxy"
+
+export const runtime = "nodejs"
+export const dynamic = "force-dynamic"
+
+const MAX_RESPONSE_BYTES = 10 * 1024 * 1024 // 10 MB
+
+export async function GET(request: Request): Promise<Response> {
+  const url = new URL(request.url).searchParams.get("url")
+  if (!url) {
+    return Response.json(
+      { error: "Missing 'url' query parameter" },
+      { status: 400 },
+    )
+  }
+
+  const validation = validatePreviewUrl(url)
+  if (!validation.valid) {
+    return Response.json({ error: validation.reason }, { status: 403 })
+  }
+
+  const accessToken = await resolveAccessToken(request)
+  if (!accessToken) {
+    return Response.json({ error: "Unauthorized" }, { status: 401 })
+  }
+
+  const parsedUrl = validation.parsed
+
+  // SSRF guard: reconstruct the URL from validated components so the fetch
+  // target is not tainted by the raw user input (satisfies CodeQL SSRF check).
+  const safeUrl = new URL(parsedUrl.pathname + parsedUrl.search, parsedUrl.origin)
+  const targetUrl = safeUrl.href
+
+  let upstream: Response
+  try {
+    upstream = await fetch(targetUrl, {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        Accept:
+          "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+      },
+      redirect: "manual",
+      signal: AbortSignal.timeout(15_000),
+    })
+  } catch (error: unknown) {
+    if (error instanceof Error && error.name === "AbortError") {
+      console.error("[Preview proxy] request timed out:", parsedUrl.origin)
+      return Response.json(
+        { error: "Failed to reach preview target" },
+        { status: 502 },
+      )
+    }
+    console.error(
+      "[Preview proxy] fetch failed:",
+      error instanceof Error ? error.message : error,
+    )
+    return Response.json(
+      { error: "Failed to reach preview target" },
+      { status: 502 },
+    )
+  }
+
+  // Handle redirects by rewriting the Location header to go through the proxy
+  if (upstream.status >= 300 && upstream.status < 400) {
+    const location = upstream.headers.get("location")
+    if (location) {
+      const absoluteLocation = new URL(location, parsedUrl).href
+      const proxyLocation = `/api/preview-proxy?url=${encodeURIComponent(absoluteLocation)}`
+      return new Response(null, {
+        status: upstream.status,
+        headers: { Location: proxyLocation },
+      })
+    }
+  }
+
+  // Check Content-Length if provided
+  const contentLength = upstream.headers.get("content-length")
+  if (contentLength && Number(contentLength) > MAX_RESPONSE_BYTES) {
+    return Response.json({ error: "Response too large" }, { status: 413 })
+  }
+
+  const cleaned = stripFrameBlockingHeaders(upstream.headers)
+
+  const responseHeaders = new Headers(cleaned)
+  responseHeaders.set("Cache-Control", "no-store")
+  responseHeaders.set("X-Content-Type-Options", "nosniff")
+
+  const contentType = upstream.headers.get("content-type") ?? ""
+
+  if (contentType.includes("text/html")) {
+    const html = await upstream.text()
+    if (html.length > MAX_RESPONSE_BYTES) {
+      return Response.json({ error: "Response too large" }, { status: 413 })
+    }
+    const modified = injectBaseTag(html, buildBaseHref(parsedUrl))
+    return new Response(modified, {
+      status: 200,
+      headers: responseHeaders,
+    })
+  }
+
+  // Non-HTML: stream body through
+  if (upstream.body) {
+    const { readable, writable } = new TransformStream()
+    upstream.body.pipeTo(writable).catch((err: unknown) => {
+      if (
+        err instanceof Error &&
+        err.name !== "AbortError" &&
+        !err.message?.includes("ResponseAborted")
+      ) {
+        console.error("[Preview proxy] pipe error:", err)
+      }
+    })
+    return new Response(readable, {
+      status: upstream.status,
+      headers: responseHeaders,
+    })
+  }
+
+  return new Response(null, {
+    status: upstream.status,
+    headers: responseHeaders,
+  })
+}
diff --git a/components/ambient-ui/src/components/preview/comment-card.tsx b/components/ambient-ui/src/components/preview/comment-card.tsx
new file mode 100644
index 000000000..8c3788352
--- /dev/null
+++ b/components/ambient-ui/src/components/preview/comment-card.tsx
@@ -0,0 +1,110 @@
+'use client'
+
+import { useCallback, useEffect, useRef, useState } from 'react'
+import { Button } from '@/components/ui/button'
+import { Textarea } from '@/components/ui/textarea'
+import { Card, CardContent } from '@/components/ui/card'
+
+export type CommentCardProps = {
+  type: 'element' | 'region'
+  position: { x: number; y: number }
+  dimensions?: { width: number; height: number }
+  capturedHtml?: string
+  onSubmit: (comment: string) => void
+  onCancel: () => void
+}
+
+export function CommentCard({
+  type,
+  position,
+  dimensions,
+  capturedHtml,
+  onSubmit,
+  onCancel,
+}: CommentCardProps) {
+  const [comment, setComment] = useState('')
+  const textareaRef = useRef<HTMLTextAreaElement>(null)
+
+  useEffect(() => {
+    // Focus textarea when card mounts
+    const timer = setTimeout(() => textareaRef.current?.focus(), 50)
+    return () => clearTimeout(timer)
+  }, [])
+
+  const handleSubmit = useCallback(() => {
+    if (comment.trim()) {
+      onSubmit(comment.trim())
+    }
+  }, [comment, onSubmit])
+
+  const handleKeyDown = useCallback(
+    (e: React.KeyboardEvent) => {
+      if (e.key === 'Enter' && (e.metaKey || e.ctrlKey)) {
+        e.preventDefault()
+        handleSubmit()
+      }
+      if (e.key === 'Escape') {
+        e.preventDefault()
+        e.stopPropagation()
+        onCancel()
+      }
+    },
+    [handleSubmit, onCancel]
+  )
+
+  const selectionLabel =
+    type === 'region' && dimensions
+      ? `Region: ${dimensions.width}x${dimensions.height}px at (${position.x}, ${position.y})`
+      : `Element at (${position.x}, ${position.y})`
+
+  return (
+    <Card
+      className="absolute z-20 w-72 shadow-lg"
+      style={{
+        left: position.x,
+        top: position.y + (dimensions?.height ?? 0) + 8,
+      }}
+      role="dialog"
+      aria-label="Add feedback comment"
+    >
+      <CardContent className="space-y-3 p-3">
+        <div className="space-y-1">
+          <p className="text-xs font-medium text-muted-foreground">
+            {selectionLabel}
+          </p>
+          {capturedHtml && (
+            <pre className="max-h-16 overflow-auto rounded bg-muted p-1.5 text-[10px] leading-tight text-muted-foreground">
+              {capturedHtml.slice(0, 200)}
+              {capturedHtml.length > 200 ? '...' : ''}
+            </pre>
+          )}
+        </div>
+        <Textarea
+          ref={textareaRef}
+          placeholder="Describe the feedback..."
+          value={comment}
+          onChange={(e) => setComment(e.target.value)}
+          onKeyDown={handleKeyDown}
+          maxLength={2000}
+          className="min-h-20 resize-none text-sm"
+          aria-label="Feedback comment"
+        />
+        <div className="flex justify-end gap-2">
+          <Button variant="ghost" size="sm" onClick={onCancel}>
+            Cancel
+          </Button>
+          <Button
+            size="sm"
+            onClick={handleSubmit}
+            disabled={!comment.trim()}
+          >
+            Add Comment
+          </Button>
+        </div>
+        <p className="text-[10px] text-muted-foreground">
+          Ctrl+Enter to submit
+        </p>
+      </CardContent>
+    </Card>
+  )
+}
diff --git a/components/ambient-ui/src/components/preview/feedback-overlay.tsx b/components/ambient-ui/src/components/preview/feedback-overlay.tsx
new file mode 100644
index 000000000..1efd4d7e0
--- /dev/null
+++ b/components/ambient-ui/src/components/preview/feedback-overlay.tsx
@@ -0,0 +1,324 @@
+'use client'
+
+import { useCallback, useEffect, useRef, useState } from 'react'
+import {
+  requestCapture,
+  requestHover,
+  clearHover,
+  isHoverResponse,
+} from '@/lib/preview-bridge'
+import type { HoverResponse } from '@/lib/preview-bridge'
+
+type SelectionRect = {
+  startX: number
+  startY: number
+  width: number
+  height: number
+}
+
+type HoverHighlight =
+  | { kind: 'element'; left: number; top: number; width: number; height: number }
+  | { kind: 'crosshair'; x: number; y: number }
+
+type SelectionResult = {
+  type: 'element' | 'region'
+  position: { x: number; y: number }
+  dimensions?: { width: number; height: number }
+  capturedHtml?: string
+}
+
+export type FeedbackOverlayProps = {
+  iframeRef: React.RefObject<HTMLIFrameElement | null>
+  onSelect: (result: SelectionResult) => void
+  /** Called when a cross-origin capture attempt completes; true if the bridge responded. */
+  onBridgeStatus?: (available: boolean) => void
+}
+
+const MIN_DRAG_DISTANCE = 5
+
+export function FeedbackOverlay({ iframeRef, onSelect, onBridgeStatus }: FeedbackOverlayProps) {
+  const overlayRef = useRef<HTMLDivElement>(null)
+  const [isDragging, setIsDragging] = useState(false)
+  const [dragStart, setDragStart] = useState<{ x: number; y: number } | null>(
+    null
+  )
+  const [selectionRect, setSelectionRect] = useState<SelectionRect | null>(null)
+  const [hoverHighlight, setHoverHighlight] = useState<HoverHighlight | null>(
+    null
+  )
+
+  const getRelativePosition = useCallback(
+    (e: React.MouseEvent) => {
+      const overlay = overlayRef.current
+      if (!overlay) return { x: 0, y: 0 }
+      const rect = overlay.getBoundingClientRect()
+      return {
+        x: Math.round(e.clientX - rect.left),
+        y: Math.round(e.clientY - rect.top),
+      }
+    },
+    []
+  )
+
+  /**
+   * Try to capture element HTML at (x, y).
+   * First attempts same-origin DOM access; falls back to postMessage bridge.
+   */
+  const tryCaptureDomElement = useCallback(
+    async (x: number, y: number): Promise<string | undefined> => {
+      if (!iframeRef.current) return undefined
+
+      // Try same-origin access first
+      try {
+        const doc = iframeRef.current.contentDocument
+        if (doc) {
+          const el = doc.elementFromPoint(x, y)
+          if (el) {
+            onBridgeStatus?.(true)
+            return el.outerHTML.slice(0, 500)
+          }
+        }
+      } catch {
+        // Cross-origin: fall through to postMessage bridge
+      }
+
+      // Fall back to postMessage bridge
+      const response = await requestCapture(iframeRef.current, x, y)
+      const bridgeResponded = response.html !== null
+      onBridgeStatus?.(bridgeResponded)
+      return response.html ?? undefined
+    },
+    [iframeRef, onBridgeStatus]
+  )
+
+  /**
+   * Try to get element bounds at (x, y) for hover highlighting.
+   * First attempts same-origin DOM access; for cross-origin, sends a
+   * hover request to the bridge (response is handled via message listener).
+   */
+  const tryGetElementBounds = useCallback(
+    (
+      x: number,
+      y: number
+    ): { left: number; top: number; width: number; height: number } | null => {
+      const iframe = iframeRef.current
+      const overlay = overlayRef.current
+      if (!iframe || !overlay) return null
+
+      // Try same-origin access first
+      try {
+        const doc = iframe.contentDocument
+        if (doc) {
+          const el = doc.elementFromPoint(x, y)
+          if (el) {
+            const elRect = el.getBoundingClientRect()
+            const iframeRect = iframe.getBoundingClientRect()
+            const overlayRect = overlay.getBoundingClientRect()
+            return {
+              left: Math.round(iframeRect.left - overlayRect.left + elRect.left),
+              top: Math.round(iframeRect.top - overlayRect.top + elRect.top),
+              width: Math.round(elRect.width),
+              height: Math.round(elRect.height),
+            }
+          }
+        }
+      } catch {
+        // Cross-origin: send hover request to bridge
+        requestHover(iframe, x, y)
+      }
+
+      return null
+    },
+    [iframeRef]
+  )
+
+  // Listen for hover responses from the bridge (cross-origin case)
+  useEffect(() => {
+    function handleHoverResponse(e: MessageEvent) {
+      if (!isHoverResponse(e.data)) return
+
+      const iframe = iframeRef.current
+      const overlay = overlayRef.current
+      if (!iframe || !overlay) return
+
+      const hoverData = e.data as HoverResponse
+      const iframeRect = iframe.getBoundingClientRect()
+      const overlayRect = overlay.getBoundingClientRect()
+
+      setHoverHighlight({
+        kind: 'element',
+        left: Math.round(iframeRect.left - overlayRect.left + hoverData.rect.x),
+        top: Math.round(iframeRect.top - overlayRect.top + hoverData.rect.y),
+        width: Math.round(hoverData.rect.width),
+        height: Math.round(hoverData.rect.height),
+      })
+    }
+
+    window.addEventListener('message', handleHoverResponse)
+    return () => window.removeEventListener('message', handleHoverResponse)
+  }, [iframeRef])
+
+  const handleMouseDown = useCallback(
+    (e: React.MouseEvent) => {
+      if (e.button !== 0) return
+      const pos = getRelativePosition(e)
+      setDragStart(pos)
+      setIsDragging(false)
+      setSelectionRect(null)
+    },
+    [getRelativePosition]
+  )
+
+  const handleMouseMove = useCallback(
+    (e: React.MouseEvent) => {
+      const pos = getRelativePosition(e)
+
+      if (!dragStart) {
+        // Not dragging: update hover highlight
+        const bounds = tryGetElementBounds(pos.x, pos.y)
+        if (bounds) {
+          setHoverHighlight({ kind: 'element', ...bounds })
+        } else {
+          // Only show crosshair fallback if no bridge response is pending
+          // (bridge responses update hoverHighlight via the message listener)
+          setHoverHighlight((current) => {
+            if (current?.kind === 'element') return current
+            return { kind: 'crosshair', ...pos }
+          })
+        }
+        return
+      }
+
+      // Dragging: clear hover highlight and handle selection
+      setHoverHighlight(null)
+      const dx = pos.x - dragStart.x
+      const dy = pos.y - dragStart.y
+
+      if (
+        !isDragging &&
+        Math.sqrt(dx * dx + dy * dy) > MIN_DRAG_DISTANCE
+      ) {
+        setIsDragging(true)
+      }
+
+      if (isDragging || Math.sqrt(dx * dx + dy * dy) > MIN_DRAG_DISTANCE) {
+        setSelectionRect({
+          startX: Math.min(dragStart.x, pos.x),
+          startY: Math.min(dragStart.y, pos.y),
+          width: Math.abs(dx),
+          height: Math.abs(dy),
+        })
+      }
+    },
+    [dragStart, isDragging, getRelativePosition, tryGetElementBounds]
+  )
+
+  const handleMouseUp = useCallback(
+    async (e: React.MouseEvent) => {
+      if (!dragStart) return
+      const pos = getRelativePosition(e)
+
+      if (isDragging && selectionRect) {
+        // Region selection
+        onSelect({
+          type: 'region',
+          position: {
+            x: selectionRect.startX,
+            y: selectionRect.startY,
+          },
+          dimensions: {
+            width: selectionRect.width,
+            height: selectionRect.height,
+          },
+        })
+      } else {
+        // Element click (async: may use postMessage bridge)
+        const capturedHtml = await tryCaptureDomElement(pos.x, pos.y)
+        onSelect({
+          type: 'element',
+          position: pos,
+          capturedHtml,
+        })
+      }
+
+      setDragStart(null)
+      setIsDragging(false)
+      setSelectionRect(null)
+    },
+    [
+      dragStart,
+      isDragging,
+      selectionRect,
+      getRelativePosition,
+      onSelect,
+      tryCaptureDomElement,
+    ]
+  )
+
+  const handleMouseLeave = useCallback(() => {
+    setHoverHighlight(null)
+    // Clear hover highlight inside the iframe (bridge)
+    if (iframeRef.current) {
+      clearHover(iframeRef.current)
+    }
+  }, [iframeRef])
+
+  return (
+    <div
+      ref={overlayRef}
+      className="absolute inset-0 z-10"
+      style={{ cursor: 'crosshair' }}
+      onMouseDown={handleMouseDown}
+      onMouseMove={handleMouseMove}
+      onMouseUp={handleMouseUp}
+      onMouseLeave={handleMouseLeave}
+      role="application"
+      aria-label="Feedback selection area. Click an element or drag to select a region."
+    >
+      {/* Instruction bar */}
+      <div className="pointer-events-none absolute left-1/2 top-3 -translate-x-1/2 rounded-md bg-background/90 px-4 py-2 text-xs text-muted-foreground shadow-md backdrop-blur-sm">
+        Click an element or drag to select a region. Press Esc to cancel.
+      </div>
+
+      {/* Hover highlight */}
+      {hoverHighlight && !isDragging && hoverHighlight.kind === 'element' && (
+        <div
+          className="pointer-events-none absolute border-2 border-blue-500 bg-blue-500/5"
+          style={{
+            left: hoverHighlight.left,
+            top: hoverHighlight.top,
+            width: hoverHighlight.width,
+            height: hoverHighlight.height,
+          }}
+          aria-hidden="true"
+        />
+      )}
+      {hoverHighlight && !isDragging && hoverHighlight.kind === 'crosshair' && (
+        <div
+          className="pointer-events-none absolute border-2 border-blue-500 bg-blue-500/5 rounded"
+          style={{
+            left: hoverHighlight.x - 16,
+            top: hoverHighlight.y - 16,
+            width: 32,
+            height: 32,
+          }}
+          aria-hidden="true"
+        />
+      )}
+
+      {/* Selection rectangle while dragging */}
+      {selectionRect && (
+        <div
+          className="pointer-events-none absolute border-2 border-blue-500 bg-blue-500/10"
+          style={{
+            left: selectionRect.startX,
+            top: selectionRect.startY,
+            width: selectionRect.width,
+            height: selectionRect.height,
+          }}
+          aria-hidden="true"
+        />
+      )}
+    </div>
+  )
+}
diff --git a/components/ambient-ui/src/components/preview/feedback-panel.tsx b/components/ambient-ui/src/components/preview/feedback-panel.tsx
new file mode 100644
index 000000000..8e929d166
--- /dev/null
+++ b/components/ambient-ui/src/components/preview/feedback-panel.tsx
@@ -0,0 +1,284 @@
+'use client'
+
+import { useCallback, useEffect, useState } from 'react'
+import {
+  Trash2,
+  PanelRightClose,
+  PanelRightOpen,
+  Send,
+  MapPin,
+  Square,
+} from 'lucide-react'
+import { Button } from '@/components/ui/button'
+import { Textarea } from '@/components/ui/textarea'
+import type { FeedbackItem } from '@/domain/types'
+
+export type FeedbackPanelProps = {
+  pendingItems: FeedbackItem[]
+  sentItems: FeedbackItem[]
+  onRemoveItem: (id: string) => void
+  onUpdateComment: (id: string, comment: string) => void
+  onSendAll: () => void
+}
+
+export function FeedbackPanel({
+  pendingItems,
+  sentItems,
+  onRemoveItem,
+  onUpdateComment,
+  onSendAll,
+}: FeedbackPanelProps) {
+  const [collapsed, setCollapsed] = useState(false)
+  const [confirming, setConfirming] = useState(false)
+
+  const totalPending = pendingItems.length
+
+  // Reset confirmation when items change (user adds/removes feedback)
+  useEffect(() => {
+    setConfirming(false)
+  }, [totalPending])
+
+  if (collapsed) {
+    return (
+      <div className="flex flex-col items-center border-l border-border bg-background py-2">
+        <Button
+          variant="ghost"
+          size="icon-sm"
+          onClick={() => setCollapsed(false)}
+          aria-label="Expand feedback panel"
+        >
+          <PanelRightOpen className="size-4" />
+        </Button>
+        {totalPending > 0 && (
+          <span className="mt-1 flex size-5 items-center justify-center rounded-full bg-primary text-[10px] font-bold text-primary-foreground">
+            {totalPending}
+          </span>
+        )}
+      </div>
+    )
+  }
+
+  return (
+    <div
+      className="flex w-80 shrink-0 flex-col border-l border-border bg-background"
+      role="complementary"
+      aria-label="Feedback panel"
+    >
+      {/* Panel header */}
+      <div className="flex items-center justify-between border-b border-border px-3 py-2">
+        <span className="text-sm font-medium">
+          Feedback{totalPending > 0 ? ` (${totalPending})` : ''}
+        </span>
+        <Button
+          variant="ghost"
+          size="icon-sm"
+          onClick={() => setCollapsed(true)}
+          aria-label="Collapse feedback panel"
+        >
+          <PanelRightClose className="size-4" />
+        </Button>
+      </div>
+
+      {/* Send all button with inline confirmation */}
+      {totalPending > 0 && (
+        <div className="border-b border-border px-3 py-2">
+          {confirming ? (
+            <div className="flex items-center gap-2">
+              <span className="text-sm text-muted-foreground">
+                Confirm send?
+              </span>
+              <div className="ml-auto flex gap-1">
+                <Button
+                  size="sm"
+                  onClick={() => {
+                    onSendAll()
+                    setConfirming(false)
+                  }}
+                >
+                  Confirm ({totalPending})
+                </Button>
+                <Button
+                  variant="ghost"
+                  size="sm"
+                  onClick={() => setConfirming(false)}
+                >
+                  Cancel
+                </Button>
+              </div>
+            </div>
+          ) : (
+            <Button
+              className="w-full gap-2"
+              size="sm"
+              onClick={() => setConfirming(true)}
+            >
+              <Send className="size-3.5" />
+              Send All Feedback ({totalPending})
+            </Button>
+          )}
+        </div>
+      )}
+
+      {/* Scrollable content */}
+      <div className="flex-1 overflow-y-auto">
+        {/* Pending items */}
+        {pendingItems.length > 0 && (
+          <div className="px-3 py-2">
+            <p className="mb-2 text-xs font-medium uppercase tracking-wider text-muted-foreground">
+              Pending
+            </p>
+            <div className="space-y-2">
+              {pendingItems.map((item) => (
+                <PendingFeedbackCard
+                  key={item.id}
+                  item={item}
+                  onRemove={() => onRemoveItem(item.id)}
+                  onUpdateComment={(comment) =>
+                    onUpdateComment(item.id, comment)
+                  }
+                />
+              ))}
+            </div>
+          </div>
+        )}
+
+        {/* Sent items */}
+        {sentItems.length > 0 && (
+          <div className="px-3 py-2">
+            <p className="mb-2 text-xs font-medium uppercase tracking-wider text-muted-foreground">
+              Sent
+            </p>
+            <div className="space-y-2">
+              {sentItems.map((item) => (
+                <SentFeedbackCard key={item.id} item={item} />
+              ))}
+            </div>
+          </div>
+        )}
+
+        {/* Empty state */}
+        {pendingItems.length === 0 && sentItems.length === 0 && (
+          <div className="flex flex-col items-center justify-center px-4 py-8 text-center">
+            <p className="text-sm text-muted-foreground">No feedback yet</p>
+            <p className="mt-1 text-xs text-muted-foreground">
+              Click or drag on the preview to add feedback
+            </p>
+          </div>
+        )}
+      </div>
+    </div>
+  )
+}
+
+function PendingFeedbackCard({
+  item,
+  onRemove,
+  onUpdateComment,
+}: {
+  item: FeedbackItem
+  onRemove: () => void
+  onUpdateComment: (comment: string) => void
+}) {
+  const [editing, setEditing] = useState(false)
+  const [editValue, setEditValue] = useState(item.comment)
+
+  const handleSaveEdit = useCallback(() => {
+    onUpdateComment(editValue)
+    setEditing(false)
+  }, [editValue, onUpdateComment])
+
+  const icon =
+    item.type === 'region' ? (
+      <Square className="size-3 text-blue-500" />
+    ) : (
+      <MapPin className="size-3 text-blue-500" />
+    )
+
+  const locationLabel =
+    item.type === 'region' && item.dimensions
+      ? `${item.dimensions.width}x${item.dimensions.height}px`
+      : `(${item.position.x}, ${item.position.y})`
+
+  return (
+    <div className="rounded-md border border-border bg-card p-2.5">
+      <div className="mb-1.5 flex items-start justify-between">
+        <div className="flex items-center gap-1.5">
+          {icon}
+          <span className="text-[10px] text-muted-foreground">
+            {locationLabel}
+          </span>
+        </div>
+        <Button
+          variant="ghost"
+          size="icon-xs"
+          onClick={onRemove}
+          aria-label={`Remove feedback: ${item.comment.slice(0, 30)}`}
+        >
+          <Trash2 className="size-3" />
+        </Button>
+      </div>
+
+      {editing ? (
+        <div className="space-y-1.5">
+          <Textarea
+            value={editValue}
+            onChange={(e) => setEditValue(e.target.value)}
+            className="min-h-12 resize-none text-xs"
+            aria-label="Edit feedback comment"
+          />
+          <div className="flex justify-end gap-1">
+            <Button
+              variant="ghost"
+              size="xs"
+              onClick={() => {
+                setEditValue(item.comment)
+                setEditing(false)
+              }}
+            >
+              Cancel
+            </Button>
+            <Button size="xs" onClick={handleSaveEdit}>
+              Save
+            </Button>
+          </div>
+        </div>
+      ) : (
+        <button
+          type="button"
+          className="w-full cursor-pointer text-left text-xs text-foreground hover:text-foreground/80"
+          onClick={() => setEditing(true)}
+          aria-label="Edit comment"
+        >
+          {item.comment}
+        </button>
+      )}
+    </div>
+  )
+}
+
+function SentFeedbackCard({ item }: { item: FeedbackItem }) {
+  const icon =
+    item.type === 'region' ? (
+      <Square className="size-3 text-muted-foreground" />
+    ) : (
+      <MapPin className="size-3 text-muted-foreground" />
+    )
+
+  const locationLabel =
+    item.type === 'region' && item.dimensions
+      ? `${item.dimensions.width}x${item.dimensions.height}px`
+      : `(${item.position.x}, ${item.position.y})`
+
+  return (
+    <div className="rounded-md border border-border/50 bg-muted/30 p-2.5 opacity-60">
+      <div className="mb-1 flex items-center gap-1.5">
+        {icon}
+        <span className="text-[10px] text-muted-foreground">
+          {locationLabel}
+        </span>
+        <span className="ml-auto text-[10px] text-muted-foreground">Sent</span>
+      </div>
+      <p className="text-xs text-muted-foreground">{item.comment}</p>
+    </div>
+  )
+}
diff --git a/components/ambient-ui/src/components/preview/preview-overlay.tsx b/components/ambient-ui/src/components/preview/preview-overlay.tsx
new file mode 100644
index 000000000..901ee001b
--- /dev/null
+++ b/components/ambient-ui/src/components/preview/preview-overlay.tsx
@@ -0,0 +1,386 @@
+'use client'
+
+import { useCallback, useEffect, useRef, useState } from 'react'
+import { Monitor, Tablet, Smartphone, X, MessageCircle } from 'lucide-react'
+import { Button } from '@/components/ui/button'
+import { isAllowedPreviewHost } from '@/lib/preview-hosts'
+import { useFeedback } from '@/hooks/use-feedback'
+import { FeedbackOverlay } from '@/components/preview/feedback-overlay'
+import { FeedbackPanel } from '@/components/preview/feedback-panel'
+import { CommentCard } from '@/components/preview/comment-card'
+import type { SessionPhase, FeedbackItem, FeedbackBatch } from '@/domain/types'
+
+type DeviceSize = 'desktop' | 'tablet' | 'mobile'
+
+const DEVICE_WIDTHS: Record<DeviceSize, string> = {
+  desktop: '100%',
+  tablet: '768px',
+  mobile: '375px',
+}
+
+const DEVICE_LABELS: Record<DeviceSize, string> = {
+  desktop: 'Desktop',
+  tablet: 'Tablet',
+  mobile: 'Mobile',
+}
+
+const SANDBOX_POLICY = 'allow-scripts allow-same-origin allow-forms'
+
+function buildProxyUrl(targetUrl: string): string {
+  return `/api/preview-proxy?url=${encodeURIComponent(targetUrl)}`
+}
+
+type PendingSelection = {
+  type: 'element' | 'region'
+  position: { x: number; y: number }
+  dimensions?: { width: number; height: number }
+  capturedHtml?: string
+}
+
+export type PreviewOverlayProps = {
+  url: string
+  title?: string
+  sessionId: string
+  sessionPhase: SessionPhase
+  onClose: () => void
+  onSendFeedback?: (batch: FeedbackBatch) => void
+}
+
+export function PreviewOverlay({
+  url,
+  title,
+  sessionId,
+  sessionPhase,
+  onClose,
+  onSendFeedback,
+}: PreviewOverlayProps) {
+  const [deviceSize, setDeviceSize] = useState<DeviceSize>('desktop')
+  const [pendingSelection, setPendingSelection] =
+    useState<PendingSelection | null>(null)
+  const iframeRef = useRef<HTMLIFrameElement>(null)
+  const allowed = isAllowedPreviewHost(url)
+
+  const feedback = useFeedback()
+  const [bridgeAvailable, setBridgeAvailable] = useState<boolean | null>(null)
+  const [iframeBlocked, setIframeBlocked] = useState(false)
+
+  const handleIframeLoad = useCallback(() => {
+    const iframe = iframeRef.current
+    if (!iframe) return
+    try {
+      // If we can access contentDocument and it has no body content,
+      // the load was likely blocked (X-Frame-Options / CSP frame-ancestors)
+      const doc = iframe.contentDocument
+      if (doc && doc.body && doc.body.children.length === 0 && !doc.body.textContent?.trim()) {
+        setIframeBlocked(true)
+      }
+    } catch {
+      // Cross-origin — can't inspect, but the iframe may have loaded fine.
+      // Use a heuristic: if contentWindow exists but we can't access location,
+      // the frame loaded something. If contentWindow is null, it was blocked.
+      if (!iframe.contentWindow) {
+        setIframeBlocked(true)
+      }
+    }
+  }, [])
+
+  const handleKeyDown = useCallback(
+    (e: KeyboardEvent) => {
+      if (e.key === 'Escape') {
+        if (pendingSelection) {
+          setPendingSelection(null)
+          return
+        }
+        if (feedback.feedbackMode) {
+          feedback.exitFeedbackMode()
+          return
+        }
+        onClose()
+      }
+      if (e.key === 'c' && !feedback.feedbackMode && !pendingSelection) {
+        // Don't activate if user is typing in an input
+        const target = e.target as HTMLElement
+        if (
+          target.tagName === 'INPUT' ||
+          target.tagName === 'TEXTAREA' ||
+          target.isContentEditable
+        ) {
+          return
+        }
+        feedback.enterFeedbackMode()
+      }
+    },
+    [onClose, feedback.feedbackMode, feedback.exitFeedbackMode, feedback.enterFeedbackMode, pendingSelection]
+  )
+
+  useEffect(() => {
+    document.addEventListener('keydown', handleKeyDown)
+    // Prevent body scroll while overlay is open
+    const prevOverflow = document.body.style.overflow
+    document.body.style.overflow = 'hidden'
+
+    return () => {
+      document.removeEventListener('keydown', handleKeyDown)
+      document.body.style.overflow = prevOverflow
+    }
+  }, [handleKeyDown])
+
+  const handleBridgeStatus = useCallback((available: boolean) => {
+    setBridgeAvailable((prev) => {
+      // Once known, don't downgrade from true to false on subsequent calls
+      if (prev === true) return true
+      return available
+    })
+  }, [])
+
+  const handleSelect = useCallback(
+    (result: {
+      type: 'element' | 'region'
+      position: { x: number; y: number }
+      dimensions?: { width: number; height: number }
+      capturedHtml?: string
+    }) => {
+      setPendingSelection(result)
+    },
+    []
+  )
+
+  const handleCommentSubmit = useCallback(
+    (comment: string) => {
+      if (!pendingSelection) return
+
+      const iframeEl = iframeRef.current
+      const item: FeedbackItem = {
+        id: crypto.randomUUID(),
+        type: pendingSelection.type,
+        comment,
+        position: pendingSelection.position,
+        dimensions: pendingSelection.dimensions,
+        capturedHtml: pendingSelection.capturedHtml,
+        viewportWidth: iframeEl?.clientWidth ?? 0,
+        viewportHeight: iframeEl?.clientHeight ?? 0,
+        deviceSize,
+        timestamp: new Date().toISOString(),
+      }
+
+      feedback.addItem(item)
+      setPendingSelection(null)
+    },
+    [pendingSelection, deviceSize, feedback]
+  )
+
+  const handleSendAll = useCallback(() => {
+    if (onSendFeedback && feedback.pendingItems.length > 0) {
+      onSendFeedback({
+        items: feedback.pendingItems,
+        sessionId,
+        previewUrl: url,
+      })
+      feedback.markAsSent()
+    }
+  }, [onSendFeedback, feedback.pendingItems, feedback.markAsSent, sessionId, url])
+
+  const displayTitle = title ?? `Preview - ${sessionId}`
+
+  const hasFeedbackActivity =
+    feedback.pendingItems.length > 0 || feedback.sentItems.length > 0
+  const showPanel = feedback.feedbackMode || hasFeedbackActivity
+
+  return (
+    <div
+      className="fixed inset-0 z-50 flex flex-col bg-black/80"
+      role="dialog"
+      aria-modal="true"
+      aria-label={`Live preview: ${displayTitle}`}
+    >
+      {/* Header bar */}
+      <div className="flex items-center justify-between border-b border-border bg-background px-4 py-2">
+        <div className="flex items-center gap-3">
+          <Button
+            variant="ghost"
+            size="icon-sm"
+            onClick={onClose}
+            aria-label="Close preview"
+          >
+            <X />
+          </Button>
+          <span className="text-sm font-medium">{displayTitle}</span>
+          {sessionPhase === 'Running' && (
+            <span className="inline-flex items-center gap-1 text-xs text-green-600">
+              <span className="inline-block size-2 animate-pulse rounded-full bg-green-500" />
+              Live
+            </span>
+          )}
+        </div>
+
+        <div className="flex items-center gap-1">
+          <DeviceToggle
+            current={deviceSize}
+            device="desktop"
+            icon={<Monitor className="size-4" />}
+            onSelect={setDeviceSize}
+          />
+          <DeviceToggle
+            current={deviceSize}
+            device="tablet"
+            icon={<Tablet className="size-4" />}
+            onSelect={setDeviceSize}
+          />
+          <DeviceToggle
+            current={deviceSize}
+            device="mobile"
+            icon={<Smartphone className="size-4" />}
+            onSelect={setDeviceSize}
+          />
+          <div className="mx-2 h-5 w-px bg-border" aria-hidden="true" />
+          <Button
+            variant={feedback.feedbackMode ? 'secondary' : 'ghost'}
+            size="sm"
+            onClick={() =>
+              feedback.feedbackMode
+                ? feedback.exitFeedbackMode()
+                : feedback.enterFeedbackMode()
+            }
+            aria-label={
+              feedback.feedbackMode
+                ? 'Exit feedback mode'
+                : 'Enter feedback mode'
+            }
+            aria-pressed={feedback.feedbackMode}
+          >
+            <MessageCircle className="size-4" />
+            Comment
+            <kbd className="ml-1 rounded border border-border/50 px-1 text-[10px] font-normal text-muted-foreground">C</kbd>
+          </Button>
+        </div>
+      </div>
+
+      {/* Content area with optional panel */}
+      <div className="flex flex-1 overflow-hidden">
+        {/* Preview area */}
+        <div className="flex flex-1 items-center justify-center overflow-hidden p-4">
+          {!allowed ? (
+            <div className="max-w-md rounded-lg border border-destructive bg-destructive/10 p-6 text-center">
+              <p className="text-sm font-medium text-destructive">
+                Preview URL is not on the trusted hosts allowlist
+              </p>
+              <p className="mt-2 text-xs text-muted-foreground">
+                The URL{' '}
+                <code className="rounded bg-muted px-1">{url}</code> does not
+                match any allowed host pattern.
+              </p>
+            </div>
+          ) : (
+            <div
+              className="relative h-full"
+              style={{
+                width: DEVICE_WIDTHS[deviceSize],
+                maxWidth: '100%',
+                transition: 'width 200ms ease-in-out',
+              }}
+            >
+              <iframe
+                ref={iframeRef}
+                src={buildProxyUrl(url)}
+                sandbox={SANDBOX_POLICY}
+                referrerPolicy="no-referrer"
+                title={displayTitle}
+                className="h-full w-full rounded border border-border bg-white"
+                onLoad={handleIframeLoad}
+              />
+
+              {/* Iframe blocked by X-Frame-Options or CSP */}
+              {iframeBlocked && (
+                <div className="absolute inset-0 flex items-center justify-center rounded bg-background/95">
+                  <div className="max-w-md space-y-3 p-6 text-center">
+                    <p className="text-sm font-medium text-foreground">
+                      Preview could not be loaded
+                    </p>
+                    <p className="text-xs text-muted-foreground">
+                      The preview proxy could not load this app. The target may be unreachable or require separate authentication.
+                    </p>
+                    <a
+                      href={url}
+                      target="_blank"
+                      rel="noopener noreferrer"
+                      className="inline-flex items-center gap-1.5 rounded-md bg-primary px-3 py-1.5 text-sm font-medium text-primary-foreground hover:bg-primary/90"
+                    >
+                      Open in new tab
+                    </a>
+                  </div>
+                </div>
+              )}
+
+              {/* Bridge info banner for cross-origin iframes */}
+              {feedback.feedbackMode && bridgeAvailable === false && (
+                <div className="pointer-events-none absolute bottom-3 left-1/2 z-20 -translate-x-1/2 rounded-md border border-amber-500/30 bg-amber-950/80 px-3 py-1.5 text-xs text-amber-200 shadow-md backdrop-blur-sm">
+                  For element capture, add{' '}
+                  <code className="rounded bg-amber-900/60 px-1 font-mono text-[10px]">
+                    preview-bridge.js
+                  </code>{' '}
+                  to your app.
+                </div>
+              )}
+
+              {/* Feedback overlay on top of iframe */}
+              {feedback.feedbackMode && !pendingSelection && (
+                <FeedbackOverlay
+                  iframeRef={iframeRef}
+                  onSelect={handleSelect}
+                  onBridgeStatus={handleBridgeStatus}
+                />
+              )}
+
+              {/* Comment card anchored to selection */}
+              {pendingSelection && (
+                <CommentCard
+                  type={pendingSelection.type}
+                  position={pendingSelection.position}
+                  dimensions={pendingSelection.dimensions}
+                  capturedHtml={pendingSelection.capturedHtml}
+                  onSubmit={handleCommentSubmit}
+                  onCancel={() => setPendingSelection(null)}
+                />
+              )}
+            </div>
+          )}
+        </div>
+
+        {/* Feedback panel on the right */}
+        {showPanel && (
+          <FeedbackPanel
+            pendingItems={feedback.pendingItems}
+            sentItems={feedback.sentItems}
+            onRemoveItem={feedback.removeItem}
+            onUpdateComment={feedback.updateComment}
+            onSendAll={handleSendAll}
+          />
+        )}
+      </div>
+    </div>
+  )
+}
+
+function DeviceToggle({
+  current,
+  device,
+  icon,
+  onSelect,
+}: {
+  current: DeviceSize
+  device: DeviceSize
+  icon: React.ReactNode
+  onSelect: (device: DeviceSize) => void
+}) {
+  return (
+    <Button
+      variant={current === device ? 'secondary' : 'ghost'}
+      size="icon-sm"
+      onClick={() => onSelect(device)}
+      aria-label={`${DEVICE_LABELS[device]} view`}
+      aria-pressed={current === device}
+    >
+      {icon}
+    </Button>
+  )
+}
diff --git a/components/ambient-ui/src/components/ui/textarea.tsx b/components/ambient-ui/src/components/ui/textarea.tsx
new file mode 100644
index 000000000..a986e7cda
--- /dev/null
+++ b/components/ambient-ui/src/components/ui/textarea.tsx
@@ -0,0 +1,18 @@
+import * as React from "react"
+
+import { cn } from "@/lib/utils"
+
+function Textarea({ className, ...props }: React.ComponentProps<"textarea">) {
+  return (
+    <textarea
+      data-slot="textarea"
+      className={cn(
+        "border-input placeholder:text-muted-foreground focus-visible:border-ring focus-visible:ring-ring/50 aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive flex field-sizing-content min-h-16 w-full rounded-md border bg-transparent px-3 py-2 text-sm shadow-xs transition-[color,box-shadow] outline-none focus-visible:ring-[3px] disabled:cursor-not-allowed disabled:opacity-50",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export { Textarea }
diff --git a/components/ambient-ui/src/domain/__tests__/annotations.test.ts b/components/ambient-ui/src/domain/__tests__/annotations.test.ts
new file mode 100644
index 000000000..9d4a4727b
--- /dev/null
+++ b/components/ambient-ui/src/domain/__tests__/annotations.test.ts
@@ -0,0 +1,230 @@
+import { describe, it, expect } from 'vitest'
+import {
+  getRegisteredAnnotation,
+  isRegisteredAnnotation,
+  getAnnotationsByCategory,
+  getRegisteredAnnotations,
+  getPreviewAnnotations,
+} from '../annotations'
+import type { AnnotationCategory } from '../annotations'
+
+describe('annotation registry', () => {
+  describe('getRegisteredAnnotation', () => {
+    it('returns the registration for a known key', () => {
+      const result = getRegisteredAnnotation('ambient-code.io/ui/pinned')
+      expect(result).not.toBeNull()
+      expect(result!.key).toBe('ambient-code.io/ui/pinned')
+      expect(result!.category).toBe('ui')
+      expect(result!.label).toBeDefined()
+    })
+
+    it('returns null for an unknown key', () => {
+      expect(getRegisteredAnnotation('some.random/key')).toBeNull()
+    })
+
+    it('returns correct category for integration keys', () => {
+      const result = getRegisteredAnnotation('ambient-code.io/jira/issue')
+      expect(result).not.toBeNull()
+      expect(result!.category).toBe('integration')
+    })
+
+    it('returns correct category for review keys', () => {
+      const result = getRegisteredAnnotation('ambient-code.io/review/status')
+      expect(result).not.toBeNull()
+      expect(result!.category).toBe('review')
+    })
+
+    it('returns correct category for provenance keys', () => {
+      const result = getRegisteredAnnotation('ambient-code.io/triggered-by')
+      expect(result).not.toBeNull()
+      expect(result!.category).toBe('provenance')
+    })
+
+    it('returns correct category for cost keys', () => {
+      const result = getRegisteredAnnotation('ambient-code.io/cost/estimate')
+      expect(result).not.toBeNull()
+      expect(result!.category).toBe('cost')
+    })
+
+    it('returns correct category for oncall keys', () => {
+      const result = getRegisteredAnnotation('ambient-code.io/oncall/incident')
+      expect(result).not.toBeNull()
+      expect(result!.category).toBe('oncall')
+    })
+
+    it('returns correct category for agent keys', () => {
+      const result = getRegisteredAnnotation('ambient-code.io/parent-agent')
+      expect(result).not.toBeNull()
+      expect(result!.category).toBe('agent')
+    })
+
+    it('includes a human-readable label', () => {
+      const result = getRegisteredAnnotation('ambient-code.io/github/pr')
+      expect(result).not.toBeNull()
+      expect(result!.label).toBeTruthy()
+      expect(typeof result!.label).toBe('string')
+    })
+
+    it('returns all registered keys from the spec', () => {
+      const expectedKeys = [
+        'ambient-code.io/ui/path',
+        'ambient-code.io/ui/pinned',
+        'ambient-code.io/ui/priority',
+        'ambient-code.io/ui/tag',
+        'ambient-code.io/ui/preview-url',
+        'ambient-code.io/ui/preview-title',
+        'ambient-code.io/jira/issue',
+        'ambient-code.io/jira/epic',
+        'ambient-code.io/github/pr',
+        'ambient-code.io/github/repo',
+        'ambient-code.io/github/branch',
+        'ambient-code.io/gitlab/mr',
+        'ambient-code.io/gerrit/change',
+        'ambient-code.io/review/status',
+        'ambient-code.io/review/reviewer',
+        'ambient-code.io/triggered-by',
+        'ambient-code.io/cost/estimate',
+        'ambient-code.io/oncall/incident',
+        'ambient-code.io/parent-agent',
+      ]
+
+      for (const key of expectedKeys) {
+        expect(getRegisteredAnnotation(key)).not.toBeNull()
+      }
+    })
+  })
+
+  describe('isRegisteredAnnotation', () => {
+    it('returns true for a registered key', () => {
+      expect(isRegisteredAnnotation('ambient-code.io/ui/pinned')).toBe(true)
+    })
+
+    it('returns false for an unregistered key', () => {
+      expect(isRegisteredAnnotation('custom.io/something')).toBe(false)
+    })
+
+    it('returns false for empty string', () => {
+      expect(isRegisteredAnnotation('')).toBe(false)
+    })
+  })
+
+  describe('getAnnotationsByCategory', () => {
+    it('returns all ui annotations', () => {
+      const results = getAnnotationsByCategory('ui')
+      expect(results.length).toBe(6)
+      for (const r of results) {
+        expect(r.category).toBe('ui')
+      }
+    })
+
+    it('returns all integration annotations', () => {
+      const results = getAnnotationsByCategory('integration')
+      expect(results.length).toBe(7)
+      for (const r of results) {
+        expect(r.category).toBe('integration')
+      }
+    })
+
+    it('returns all review annotations', () => {
+      const results = getAnnotationsByCategory('review')
+      expect(results.length).toBe(2)
+    })
+
+    it('returns single provenance annotation', () => {
+      const results = getAnnotationsByCategory('provenance')
+      expect(results.length).toBe(1)
+    })
+
+    it('returns single cost annotation', () => {
+      const results = getAnnotationsByCategory('cost')
+      expect(results.length).toBe(1)
+    })
+
+    it('returns single oncall annotation', () => {
+      const results = getAnnotationsByCategory('oncall')
+      expect(results.length).toBe(1)
+    })
+
+    it('returns single agent annotation', () => {
+      const results = getAnnotationsByCategory('agent')
+      expect(results.length).toBe(1)
+    })
+
+    it('returns empty array for unknown category', () => {
+      // Cast to bypass type check for robustness test
+      const results = getAnnotationsByCategory('nonexistent' as AnnotationCategory)
+      expect(results).toEqual([])
+    })
+  })
+
+  describe('getRegisteredAnnotations', () => {
+    it('returns registered annotations paired with their values', () => {
+      const annotations: Record<string, string> = {
+        'ambient-code.io/ui/pinned': 'true',
+        'ambient-code.io/github/pr': 'org/repo#42',
+        'custom.io/unregistered': 'ignored',
+      }
+
+      const results = getRegisteredAnnotations(annotations)
+      expect(results.length).toBe(2)
+
+      const pinned = results.find((r) => r.annotation.key === 'ambient-code.io/ui/pinned')
+      expect(pinned).toBeDefined()
+      expect(pinned!.value).toBe('true')
+
+      const pr = results.find((r) => r.annotation.key === 'ambient-code.io/github/pr')
+      expect(pr).toBeDefined()
+      expect(pr!.value).toBe('org/repo#42')
+    })
+
+    it('returns empty array when no annotations match', () => {
+      const annotations: Record<string, string> = {
+        'custom.io/a': '1',
+        'custom.io/b': '2',
+      }
+
+      expect(getRegisteredAnnotations(annotations)).toEqual([])
+    })
+
+    it('returns empty array for empty input', () => {
+      expect(getRegisteredAnnotations({})).toEqual([])
+    })
+  })
+
+  describe('getPreviewAnnotations', () => {
+    it('returns url and title when both are present', () => {
+      const annotations: Record<string, string> = {
+        'ambient-code.io/ui/preview-url': 'https://app.example.com',
+        'ambient-code.io/ui/preview-title': 'SSO Login v2',
+      }
+
+      const result = getPreviewAnnotations(annotations)
+      expect(result).not.toBeNull()
+      expect(result!.url).toBe('https://app.example.com')
+      expect(result!.title).toBe('SSO Login v2')
+    })
+
+    it('returns url without title when only url is present', () => {
+      const annotations: Record<string, string> = {
+        'ambient-code.io/ui/preview-url': 'https://app.example.com',
+      }
+
+      const result = getPreviewAnnotations(annotations)
+      expect(result).not.toBeNull()
+      expect(result!.url).toBe('https://app.example.com')
+      expect(result!.title).toBeUndefined()
+    })
+
+    it('returns null when preview-url is missing', () => {
+      const annotations: Record<string, string> = {
+        'ambient-code.io/ui/preview-title': 'Some Title',
+      }
+
+      expect(getPreviewAnnotations(annotations)).toBeNull()
+    })
+
+    it('returns null for empty annotations', () => {
+      expect(getPreviewAnnotations({})).toBeNull()
+    })
+  })
+})
diff --git a/components/ambient-ui/src/domain/annotations.ts b/components/ambient-ui/src/domain/annotations.ts
new file mode 100644
index 000000000..413278df2
--- /dev/null
+++ b/components/ambient-ui/src/domain/annotations.ts
@@ -0,0 +1,96 @@
+export type AnnotationCategory =
+  | 'ui'
+  | 'integration'
+  | 'review'
+  | 'provenance'
+  | 'cost'
+  | 'oncall'
+  | 'agent'
+
+export type RegisteredAnnotation = {
+  key: string
+  category: AnnotationCategory
+  label: string
+  icon?: string
+}
+
+const ANNOTATION_REGISTRY: readonly RegisteredAnnotation[] = [
+  // ui
+  { key: 'ambient-code.io/ui/path', category: 'ui', label: 'Path' },
+  { key: 'ambient-code.io/ui/pinned', category: 'ui', label: 'Pinned', icon: 'pin' },
+  { key: 'ambient-code.io/ui/priority', category: 'ui', label: 'Priority', icon: 'alert-triangle' },
+  { key: 'ambient-code.io/ui/tag', category: 'ui', label: 'Tag', icon: 'tag' },
+  { key: 'ambient-code.io/ui/preview-url', category: 'ui', label: 'Preview URL', icon: 'external-link' },
+  { key: 'ambient-code.io/ui/preview-title', category: 'ui', label: 'Preview Title' },
+
+  // integration
+  { key: 'ambient-code.io/jira/issue', category: 'integration', label: 'Jira Issue', icon: 'ticket' },
+  { key: 'ambient-code.io/jira/epic', category: 'integration', label: 'Jira Epic', icon: 'layers' },
+  { key: 'ambient-code.io/github/pr', category: 'integration', label: 'GitHub PR', icon: 'git-pull-request' },
+  { key: 'ambient-code.io/github/repo', category: 'integration', label: 'GitHub Repo', icon: 'folder-git-2' },
+  { key: 'ambient-code.io/github/branch', category: 'integration', label: 'GitHub Branch', icon: 'git-branch' },
+  { key: 'ambient-code.io/gitlab/mr', category: 'integration', label: 'GitLab MR', icon: 'git-pull-request' },
+  { key: 'ambient-code.io/gerrit/change', category: 'integration', label: 'Gerrit Change', icon: 'git-pull-request' },
+
+  // review
+  { key: 'ambient-code.io/review/status', category: 'review', label: 'Review Status', icon: 'message-circle' },
+  { key: 'ambient-code.io/review/reviewer', category: 'review', label: 'Reviewer', icon: 'user' },
+
+  // provenance
+  { key: 'ambient-code.io/triggered-by', category: 'provenance', label: 'Triggered By', icon: 'play' },
+
+  // cost
+  { key: 'ambient-code.io/cost/estimate', category: 'cost', label: 'Cost Estimate', icon: 'dollar-sign' },
+
+  // oncall
+  { key: 'ambient-code.io/oncall/incident', category: 'oncall', label: 'Incident', icon: 'siren' },
+
+  // agent
+  { key: 'ambient-code.io/parent-agent', category: 'agent', label: 'Parent Agent', icon: 'bot' },
+] as const
+
+const registryByKey = new Map<string, RegisteredAnnotation>(
+  ANNOTATION_REGISTRY.map((entry) => [entry.key, entry])
+)
+
+export function getRegisteredAnnotation(key: string): RegisteredAnnotation | null {
+  return registryByKey.get(key) ?? null
+}
+
+export function isRegisteredAnnotation(key: string): boolean {
+  return registryByKey.has(key)
+}
+
+export function getAnnotationsByCategory(category: AnnotationCategory): RegisteredAnnotation[] {
+  return ANNOTATION_REGISTRY.filter((entry) => entry.category === category)
+}
+
+export function getRegisteredAnnotations(
+  annotations: Record<string, string>
+): Array<{ annotation: RegisteredAnnotation; value: string }> {
+  const results: Array<{ annotation: RegisteredAnnotation; value: string }> = []
+
+  for (const [key, value] of Object.entries(annotations)) {
+    const registration = registryByKey.get(key)
+    if (registration) {
+      results.push({ annotation: registration, value })
+    }
+  }
+
+  return results
+}
+
+const PREVIEW_URL_KEY = 'ambient-code.io/ui/preview-url'
+const PREVIEW_TITLE_KEY = 'ambient-code.io/ui/preview-title'
+
+export function getPreviewAnnotations(
+  annotations: Record<string, string>
+): { url: string; title?: string } | null {
+  const url = annotations[PREVIEW_URL_KEY]
+  if (!url) {
+    return null
+  }
+
+  const title = annotations[PREVIEW_TITLE_KEY]
+  return title ? { url, title } : { url }
+}
diff --git a/components/ambient-ui/src/domain/events.ts b/components/ambient-ui/src/domain/events.ts
new file mode 100644
index 000000000..2214e252e
--- /dev/null
+++ b/components/ambient-ui/src/domain/events.ts
@@ -0,0 +1,3 @@
+export const SESSION_MESSAGE_EVENTS = {
+  userFeedback: 'user_feedback',
+} as const
diff --git a/components/ambient-ui/src/domain/types.ts b/components/ambient-ui/src/domain/types.ts
index ac23660f1..84a0f3d34 100644
--- a/components/ambient-ui/src/domain/types.ts
+++ b/components/ambient-ui/src/domain/types.ts
@@ -45,3 +45,31 @@ export type ListParams = {
   search?: string
   orderBy?: string
 }
+
+export type DomainSessionMessage = {
+  id: string
+  sessionId: string
+  eventType: string
+  payload: string
+  seq: number
+  createdAt: string
+}
+
+export type FeedbackItem = {
+  id: string
+  type: 'element' | 'region'
+  comment: string
+  position: { x: number; y: number }
+  dimensions?: { width: number; height: number }
+  capturedHtml?: string
+  viewportWidth: number
+  viewportHeight: number
+  deviceSize: string
+  timestamp: string
+}
+
+export type FeedbackBatch = {
+  items: FeedbackItem[]
+  sessionId: string
+  previewUrl: string
+}
diff --git a/components/ambient-ui/src/hooks/__tests__/use-feedback.test.ts b/components/ambient-ui/src/hooks/__tests__/use-feedback.test.ts
new file mode 100644
index 000000000..1c4290833
--- /dev/null
+++ b/components/ambient-ui/src/hooks/__tests__/use-feedback.test.ts
@@ -0,0 +1,191 @@
+import { renderHook, act } from '@testing-library/react'
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+import { useFeedback } from '../use-feedback'
+import type { FeedbackItem } from '@/domain/types'
+
+function makeFeedbackItem(overrides?: Partial<FeedbackItem>): FeedbackItem {
+  return {
+    id: crypto.randomUUID(),
+    type: 'element',
+    comment: 'Test comment',
+    position: { x: 100, y: 200 },
+    viewportWidth: 1024,
+    viewportHeight: 768,
+    deviceSize: 'desktop',
+    timestamp: new Date().toISOString(),
+    ...overrides,
+  }
+}
+
+describe('useFeedback', () => {
+  beforeEach(() => {
+    vi.restoreAllMocks()
+  })
+
+  describe('feedback mode', () => {
+    it('starts with feedback mode disabled', () => {
+      const { result } = renderHook(() => useFeedback())
+      expect(result.current.feedbackMode).toBe(false)
+    })
+
+    it('enters feedback mode', () => {
+      const { result } = renderHook(() => useFeedback())
+      act(() => result.current.enterFeedbackMode())
+      expect(result.current.feedbackMode).toBe(true)
+    })
+
+    it('exits feedback mode', () => {
+      const { result } = renderHook(() => useFeedback())
+      act(() => result.current.enterFeedbackMode())
+      act(() => result.current.exitFeedbackMode())
+      expect(result.current.feedbackMode).toBe(false)
+    })
+  })
+
+  describe('adding items', () => {
+    it('starts with empty pending and sent arrays', () => {
+      const { result } = renderHook(() => useFeedback())
+      expect(result.current.pendingItems).toEqual([])
+      expect(result.current.sentItems).toEqual([])
+    })
+
+    it('adds an item to pending', () => {
+      const { result } = renderHook(() => useFeedback())
+      const item = makeFeedbackItem()
+      act(() => result.current.addItem(item))
+      expect(result.current.pendingItems).toHaveLength(1)
+      expect(result.current.pendingItems[0]).toEqual(item)
+    })
+
+    it('adds multiple items to pending', () => {
+      const { result } = renderHook(() => useFeedback())
+      const item1 = makeFeedbackItem({ comment: 'First' })
+      const item2 = makeFeedbackItem({ comment: 'Second' })
+      act(() => {
+        result.current.addItem(item1)
+        result.current.addItem(item2)
+      })
+      expect(result.current.pendingItems).toHaveLength(2)
+    })
+
+    it('adds a region-type item with dimensions', () => {
+      const { result } = renderHook(() => useFeedback())
+      const item = makeFeedbackItem({
+        type: 'region',
+        dimensions: { width: 200, height: 150 },
+      })
+      act(() => result.current.addItem(item))
+      expect(result.current.pendingItems[0].type).toBe('region')
+      expect(result.current.pendingItems[0].dimensions).toEqual({
+        width: 200,
+        height: 150,
+      })
+    })
+  })
+
+  describe('removing items', () => {
+    it('removes an item by id', () => {
+      const { result } = renderHook(() => useFeedback())
+      const item = makeFeedbackItem()
+      act(() => result.current.addItem(item))
+      expect(result.current.pendingItems).toHaveLength(1)
+      act(() => result.current.removeItem(item.id))
+      expect(result.current.pendingItems).toHaveLength(0)
+    })
+
+    it('does not affect other items when removing', () => {
+      const { result } = renderHook(() => useFeedback())
+      const item1 = makeFeedbackItem({ comment: 'Keep' })
+      const item2 = makeFeedbackItem({ comment: 'Remove' })
+      act(() => {
+        result.current.addItem(item1)
+        result.current.addItem(item2)
+      })
+      act(() => result.current.removeItem(item2.id))
+      expect(result.current.pendingItems).toHaveLength(1)
+      expect(result.current.pendingItems[0].comment).toBe('Keep')
+    })
+
+    it('is a no-op when removing a non-existent id', () => {
+      const { result } = renderHook(() => useFeedback())
+      const item = makeFeedbackItem()
+      act(() => result.current.addItem(item))
+      act(() => result.current.removeItem('non-existent-id'))
+      expect(result.current.pendingItems).toHaveLength(1)
+    })
+  })
+
+  describe('updating comments', () => {
+    it('updates the comment of a pending item', () => {
+      const { result } = renderHook(() => useFeedback())
+      const item = makeFeedbackItem({ comment: 'Original' })
+      act(() => result.current.addItem(item))
+      act(() => result.current.updateComment(item.id, 'Updated'))
+      expect(result.current.pendingItems[0].comment).toBe('Updated')
+    })
+
+    it('does not affect other items when updating comment', () => {
+      const { result } = renderHook(() => useFeedback())
+      const item1 = makeFeedbackItem({ comment: 'Unchanged' })
+      const item2 = makeFeedbackItem({ comment: 'Will change' })
+      act(() => {
+        result.current.addItem(item1)
+        result.current.addItem(item2)
+      })
+      act(() => result.current.updateComment(item2.id, 'Changed'))
+      expect(result.current.pendingItems[0].comment).toBe('Unchanged')
+      expect(result.current.pendingItems[1].comment).toBe('Changed')
+    })
+  })
+
+  describe('marking items as sent', () => {
+    it('moves all pending items to sent when markAsSent is called', () => {
+      const { result } = renderHook(() => useFeedback())
+      const item1 = makeFeedbackItem()
+      const item2 = makeFeedbackItem()
+      act(() => {
+        result.current.addItem(item1)
+        result.current.addItem(item2)
+      })
+      act(() => result.current.markAsSent())
+      expect(result.current.pendingItems).toHaveLength(0)
+      expect(result.current.sentItems).toHaveLength(2)
+    })
+
+    it('appends to existing sent items', () => {
+      const { result } = renderHook(() => useFeedback())
+      const item1 = makeFeedbackItem({ comment: 'Batch 1' })
+      act(() => result.current.addItem(item1))
+      act(() => result.current.markAsSent())
+
+      const item2 = makeFeedbackItem({ comment: 'Batch 2' })
+      act(() => result.current.addItem(item2))
+      act(() => result.current.markAsSent())
+
+      expect(result.current.sentItems).toHaveLength(2)
+      expect(result.current.pendingItems).toHaveLength(0)
+    })
+  })
+
+  describe('clearing pending', () => {
+    it('clears all pending items', () => {
+      const { result } = renderHook(() => useFeedback())
+      act(() => {
+        result.current.addItem(makeFeedbackItem())
+        result.current.addItem(makeFeedbackItem())
+      })
+      act(() => result.current.clearPending())
+      expect(result.current.pendingItems).toHaveLength(0)
+    })
+
+    it('does not affect sent items', () => {
+      const { result } = renderHook(() => useFeedback())
+      act(() => result.current.addItem(makeFeedbackItem()))
+      act(() => result.current.markAsSent())
+      act(() => result.current.addItem(makeFeedbackItem()))
+      act(() => result.current.clearPending())
+      expect(result.current.sentItems).toHaveLength(1)
+      expect(result.current.pendingItems).toHaveLength(0)
+    })
+  })
+})
diff --git a/components/ambient-ui/src/hooks/use-feedback.ts b/components/ambient-ui/src/hooks/use-feedback.ts
new file mode 100644
index 000000000..cb5e8ece7
--- /dev/null
+++ b/components/ambient-ui/src/hooks/use-feedback.ts
@@ -0,0 +1,67 @@
+'use client'
+
+import { useCallback, useState } from 'react'
+import type { FeedbackItem } from '@/domain/types'
+
+export type UseFeedbackReturn = {
+  feedbackMode: boolean
+  pendingItems: FeedbackItem[]
+  sentItems: FeedbackItem[]
+  enterFeedbackMode: () => void
+  exitFeedbackMode: () => void
+  addItem: (item: FeedbackItem) => void
+  removeItem: (id: string) => void
+  updateComment: (id: string, comment: string) => void
+  markAsSent: () => void
+  clearPending: () => void
+}
+
+export function useFeedback(): UseFeedbackReturn {
+  const [feedbackMode, setFeedbackMode] = useState(false)
+  const [pendingItems, setPendingItems] = useState<FeedbackItem[]>([])
+  const [sentItems, setSentItems] = useState<FeedbackItem[]>([])
+
+  const enterFeedbackMode = useCallback(() => {
+    setFeedbackMode(true)
+  }, [])
+
+  const exitFeedbackMode = useCallback(() => {
+    setFeedbackMode(false)
+  }, [])
+
+  const addItem = useCallback((item: FeedbackItem) => {
+    setPendingItems((prev) => [...prev, item])
+  }, [])
+
+  const removeItem = useCallback((id: string) => {
+    setPendingItems((prev) => prev.filter((item) => item.id !== id))
+  }, [])
+
+  const updateComment = useCallback((id: string, comment: string) => {
+    setPendingItems((prev) =>
+      prev.map((item) => (item.id === id ? { ...item, comment } : item))
+    )
+  }, [])
+
+  const markAsSent = useCallback(() => {
+    setSentItems((sent) => [...sent, ...pendingItems])
+    setPendingItems([])
+  }, [pendingItems])
+
+  const clearPending = useCallback(() => {
+    setPendingItems([])
+  }, [])
+
+  return {
+    feedbackMode,
+    pendingItems,
+    sentItems,
+    enterFeedbackMode,
+    exitFeedbackMode,
+    addItem,
+    removeItem,
+    updateComment,
+    markAsSent,
+    clearPending,
+  }
+}
diff --git a/components/ambient-ui/src/lib/__tests__/preview-bridge.test.ts b/components/ambient-ui/src/lib/__tests__/preview-bridge.test.ts
new file mode 100644
index 000000000..1bc31e8d2
--- /dev/null
+++ b/components/ambient-ui/src/lib/__tests__/preview-bridge.test.ts
@@ -0,0 +1,204 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest'
+import {
+  requestCapture,
+  requestHover,
+  clearHover,
+  isHoverResponse,
+} from '../preview-bridge'
+import type { CaptureResponse, HoverResponse } from '../preview-bridge'
+
+function createMockIframe(): HTMLIFrameElement {
+  const postMessage = vi.fn()
+  return {
+    contentWindow: { postMessage },
+  } as unknown as HTMLIFrameElement
+}
+
+describe('preview-bridge', () => {
+  beforeEach(() => {
+    vi.useFakeTimers()
+  })
+
+  afterEach(() => {
+    vi.useRealTimers()
+  })
+
+  describe('requestCapture', () => {
+    it('sends ambient-capture message to iframe', () => {
+      const iframe = createMockIframe()
+      // Don't await — just trigger the call
+      void requestCapture(iframe, 100, 200)
+
+      expect(iframe.contentWindow?.postMessage).toHaveBeenCalledWith(
+        { type: 'ambient-capture', x: 100, y: 200 },
+        '*'
+      )
+    })
+
+    it('resolves with bridge response when received', async () => {
+      const iframe = createMockIframe()
+      const promise = requestCapture(iframe, 50, 75)
+
+      const response: CaptureResponse = {
+        type: 'ambient-captured',
+        html: '<button>Click</button>',
+        tagName: 'button',
+        id: 'submit-btn',
+        className: 'btn primary',
+        textContent: 'Click',
+        rect: { x: 10, y: 20, width: 100, height: 40 },
+      }
+
+      // Simulate bridge response via postMessage
+      window.dispatchEvent(
+        new MessageEvent('message', { data: response })
+      )
+
+      const result = await promise
+      expect(result).toEqual(response)
+    })
+
+    it('resolves with null html/rect on timeout', async () => {
+      const iframe = createMockIframe()
+      const promise = requestCapture(iframe, 50, 75)
+
+      // Advance past the 1000ms timeout
+      vi.advanceTimersByTime(1100)
+
+      const result = await promise
+      expect(result).toEqual({
+        type: 'ambient-captured',
+        html: null,
+        rect: null,
+      })
+    })
+
+    it('ignores non-capture messages', async () => {
+      const iframe = createMockIframe()
+      const promise = requestCapture(iframe, 50, 75)
+
+      // Send an unrelated message
+      window.dispatchEvent(
+        new MessageEvent('message', {
+          data: { type: 'unrelated', value: 42 },
+        })
+      )
+
+      // Should not have resolved yet; advance timer to trigger timeout
+      vi.advanceTimersByTime(1100)
+
+      const result = await promise
+      expect(result.html).toBeNull()
+    })
+
+    it('cleans up message listener after response', async () => {
+      const removeSpy = vi.spyOn(window, 'removeEventListener')
+      const iframe = createMockIframe()
+      const promise = requestCapture(iframe, 10, 20)
+
+      const response: CaptureResponse = {
+        type: 'ambient-captured',
+        html: '<div></div>',
+        rect: { x: 0, y: 0, width: 50, height: 50 },
+      }
+
+      window.dispatchEvent(
+        new MessageEvent('message', { data: response })
+      )
+
+      await promise
+
+      expect(removeSpy).toHaveBeenCalledWith(
+        'message',
+        expect.any(Function)
+      )
+
+      removeSpy.mockRestore()
+    })
+
+    it('cleans up message listener on timeout', async () => {
+      const removeSpy = vi.spyOn(window, 'removeEventListener')
+      const iframe = createMockIframe()
+      const promise = requestCapture(iframe, 10, 20)
+
+      vi.advanceTimersByTime(1100)
+      await promise
+
+      expect(removeSpy).toHaveBeenCalledWith(
+        'message',
+        expect.any(Function)
+      )
+
+      removeSpy.mockRestore()
+    })
+  })
+
+  describe('requestHover', () => {
+    it('sends ambient-hover message to iframe', () => {
+      const iframe = createMockIframe()
+      requestHover(iframe, 200, 300)
+
+      expect(iframe.contentWindow?.postMessage).toHaveBeenCalledWith(
+        { type: 'ambient-hover', x: 200, y: 300 },
+        '*'
+      )
+    })
+
+    it('does not throw when contentWindow is null', () => {
+      const iframe = { contentWindow: null } as HTMLIFrameElement
+      expect(() => requestHover(iframe, 10, 20)).not.toThrow()
+    })
+  })
+
+  describe('clearHover', () => {
+    it('sends ambient-hover-clear message to iframe', () => {
+      const iframe = createMockIframe()
+      clearHover(iframe)
+
+      expect(iframe.contentWindow?.postMessage).toHaveBeenCalledWith(
+        { type: 'ambient-hover-clear' },
+        '*'
+      )
+    })
+
+    it('does not throw when contentWindow is null', () => {
+      const iframe = { contentWindow: null } as HTMLIFrameElement
+      expect(() => clearHover(iframe)).not.toThrow()
+    })
+  })
+
+  describe('isHoverResponse', () => {
+    it('returns true for valid hover response', () => {
+      const msg: HoverResponse = {
+        type: 'ambient-hovered',
+        rect: { x: 10, y: 20, width: 100, height: 50 },
+      }
+      expect(isHoverResponse(msg)).toBe(true)
+    })
+
+    it('returns false for null', () => {
+      expect(isHoverResponse(null)).toBe(false)
+    })
+
+    it('returns false for undefined', () => {
+      expect(isHoverResponse(undefined)).toBe(false)
+    })
+
+    it('returns false for non-object', () => {
+      expect(isHoverResponse('ambient-hovered')).toBe(false)
+    })
+
+    it('returns false for wrong type field', () => {
+      expect(isHoverResponse({ type: 'ambient-captured' })).toBe(false)
+    })
+
+    it('returns false for capture response', () => {
+      const msg: CaptureResponse = {
+        type: 'ambient-captured',
+        html: '<div></div>',
+        rect: { x: 0, y: 0, width: 10, height: 10 },
+      }
+      expect(isHoverResponse(msg)).toBe(false)
+    })
+  })
+})
diff --git a/components/ambient-ui/src/lib/__tests__/preview-hosts.test.ts b/components/ambient-ui/src/lib/__tests__/preview-hosts.test.ts
new file mode 100644
index 000000000..a5a1f9c07
--- /dev/null
+++ b/components/ambient-ui/src/lib/__tests__/preview-hosts.test.ts
@@ -0,0 +1,162 @@
+import { describe, it, expect, vi, afterEach } from 'vitest'
+
+describe('preview-hosts', () => {
+  afterEach(() => {
+    vi.unstubAllEnvs()
+    // Force re-import to pick up new env
+    vi.resetModules()
+  })
+
+  async function loadModule() {
+    const mod = await import('../preview-hosts')
+    return mod
+  }
+
+  describe('isAllowedPreviewHost', () => {
+    it('allows localhost by default', async () => {
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('http://localhost:3000/page')).toBe(true)
+    })
+
+    it('allows localhost with any port', async () => {
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('http://localhost:8080')).toBe(true)
+    })
+
+    it('allows 127.0.0.1 with any port by default', async () => {
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('http://127.0.0.1:4200')).toBe(true)
+    })
+
+    it('rejects hosts not on the allowlist', async () => {
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('https://evil.example.com')).toBe(false)
+    })
+
+    it('rejects invalid URLs', async () => {
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('not-a-url')).toBe(false)
+    })
+
+    it('rejects empty string', async () => {
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('')).toBe(false)
+    })
+
+    it('rejects javascript: protocol', async () => {
+      // eslint-disable-next-line no-script-url
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('javascript:alert(1)')).toBe(false)
+    })
+
+    it('rejects data: protocol', async () => {
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('data:text/html,<h1>hi</h1>')).toBe(false)
+    })
+
+    it('only allows http and https protocols', async () => {
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('ftp://localhost:21')).toBe(false)
+    })
+  })
+
+  describe('custom allowlist via env var', () => {
+    it('allows hosts matching custom glob patterns', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', '*.example.com')
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('https://app.example.com')).toBe(true)
+      expect(isAllowedPreviewHost('https://staging.example.com:8443/path')).toBe(true)
+    })
+
+    it('supports wildcard subdomain matching', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', '*.apps.rosa.*.amazonaws.com')
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('https://myapp.apps.rosa.us-east-1.amazonaws.com')).toBe(true)
+    })
+
+    it('supports OpenShift wildcard pattern', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', '*.apps.*.openshiftapps.com')
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('https://my-route.apps.cluster-abc.openshiftapps.com')).toBe(true)
+    })
+
+    it('supports multiple comma-separated patterns', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', '*.example.com,*.internal.net')
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('https://app.example.com')).toBe(true)
+      expect(isAllowedPreviewHost('https://svc.internal.net')).toBe(true)
+      expect(isAllowedPreviewHost('https://evil.other.com')).toBe(false)
+    })
+
+    it('trims whitespace from patterns', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', ' *.example.com , *.internal.net ')
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('https://app.example.com')).toBe(true)
+    })
+
+    it('handles port wildcards in patterns', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', 'localhost:*')
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('http://localhost:3000')).toBe(true)
+      expect(isAllowedPreviewHost('http://localhost:9999')).toBe(true)
+    })
+
+    it('custom env replaces defaults (localhost no longer allowed)', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', '*.example.com')
+      const { isAllowedPreviewHost } = await loadModule()
+      expect(isAllowedPreviewHost('http://localhost:3000')).toBe(false)
+    })
+  })
+
+  describe('parseAllowedHosts', () => {
+    it('parses comma-separated patterns', async () => {
+      const { parseAllowedHosts } = await loadModule()
+      const result = parseAllowedHosts('*.example.com,localhost:*')
+      expect(result).toHaveLength(2)
+    })
+
+    it('filters out empty patterns', async () => {
+      const { parseAllowedHosts } = await loadModule()
+      const result = parseAllowedHosts('*.example.com,,  ,localhost:*')
+      expect(result).toHaveLength(2)
+    })
+
+    it('returns default patterns for undefined input', async () => {
+      const { parseAllowedHosts } = await loadModule()
+      const result = parseAllowedHosts(undefined)
+      expect(result.length).toBeGreaterThan(0)
+    })
+  })
+
+  describe('matchesGlobPattern', () => {
+    it('matches exact hostname', async () => {
+      const { matchesGlobPattern } = await loadModule()
+      expect(matchesGlobPattern('example.com', 'example.com')).toBe(true)
+    })
+
+    it('does not match different hostname', async () => {
+      const { matchesGlobPattern } = await loadModule()
+      expect(matchesGlobPattern('other.com', 'example.com')).toBe(false)
+    })
+
+    it('matches wildcard prefix', async () => {
+      const { matchesGlobPattern } = await loadModule()
+      expect(matchesGlobPattern('app.example.com', '*.example.com')).toBe(true)
+    })
+
+    it('matches deep subdomain with wildcard', async () => {
+      const { matchesGlobPattern } = await loadModule()
+      expect(matchesGlobPattern('deep.sub.example.com', '*.example.com')).toBe(true)
+    })
+
+    it('matches wildcard in the middle', async () => {
+      const { matchesGlobPattern } = await loadModule()
+      expect(matchesGlobPattern('app.apps.rosa.us-east-1.amazonaws.com', '*.apps.rosa.*.amazonaws.com')).toBe(true)
+    })
+
+    it('does not match if non-wildcard segments differ', async () => {
+      const { matchesGlobPattern } = await loadModule()
+      expect(matchesGlobPattern('app.apps.other.us-east-1.amazonaws.com', '*.apps.rosa.*.amazonaws.com')).toBe(false)
+    })
+  })
+})
diff --git a/components/ambient-ui/src/lib/__tests__/preview-proxy.test.ts b/components/ambient-ui/src/lib/__tests__/preview-proxy.test.ts
new file mode 100644
index 000000000..a7fba7cc7
--- /dev/null
+++ b/components/ambient-ui/src/lib/__tests__/preview-proxy.test.ts
@@ -0,0 +1,222 @@
+import { describe, it, expect, vi, afterEach } from 'vitest'
+
+describe('preview-proxy', () => {
+  afterEach(() => {
+    vi.unstubAllEnvs()
+    vi.resetModules()
+  })
+
+  async function loadModule() {
+    return await import('../preview-proxy')
+  }
+
+  describe('validatePreviewUrl', () => {
+    it('returns valid with parsed URL for http URL', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', 'localhost:*')
+      const { validatePreviewUrl } = await loadModule()
+      const result = validatePreviewUrl('http://localhost:3000/page')
+      expect(result.valid).toBe(true)
+      if (result.valid) {
+        expect(result.parsed).toBeInstanceOf(URL)
+        expect(result.parsed.hostname).toBe('localhost')
+      }
+    })
+
+    it('returns valid with parsed URL for https URL', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', '*.example.com')
+      const { validatePreviewUrl } = await loadModule()
+      const result = validatePreviewUrl('https://app.example.com/dashboard')
+      expect(result.valid).toBe(true)
+      if (result.valid) {
+        expect(result.parsed).toBeInstanceOf(URL)
+        expect(result.parsed.hostname).toBe('app.example.com')
+      }
+    })
+
+    it('returns invalid for a non-parseable URL', async () => {
+      const { validatePreviewUrl } = await loadModule()
+      const result = validatePreviewUrl('not a url at all')
+      expect(result.valid).toBe(false)
+      if (!result.valid) {
+        expect(result.reason).toBeDefined()
+      }
+    })
+
+    it('returns invalid for javascript: protocol', async () => {
+      const { validatePreviewUrl } = await loadModule()
+      // eslint-disable-next-line no-script-url
+      const result = validatePreviewUrl('javascript:alert(1)')
+      expect(result.valid).toBe(false)
+      if (!result.valid) {
+        expect(result.reason).toBeDefined()
+      }
+    })
+
+    it('returns invalid for ftp: protocol', async () => {
+      const { validatePreviewUrl } = await loadModule()
+      const result = validatePreviewUrl('ftp://files.example.com/readme')
+      expect(result.valid).toBe(false)
+      if (!result.valid) {
+        expect(result.reason).toBeDefined()
+      }
+    })
+
+    it('returns invalid with allowlist reason for URL not on allowlist', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', 'localhost:*')
+      const { validatePreviewUrl } = await loadModule()
+      const result = validatePreviewUrl('https://evil.example.com')
+      expect(result.valid).toBe(false)
+      if (!result.valid) {
+        expect(result.reason).toContain('not on the trusted preview hosts allowlist')
+      }
+    })
+
+    it('returns valid for URL on allowlist', async () => {
+      vi.stubEnv('NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS', '*.example.com')
+      const { validatePreviewUrl } = await loadModule()
+      const result = validatePreviewUrl('https://app.example.com/page')
+      expect(result.valid).toBe(true)
+    })
+  })
+
+  describe('stripFrameBlockingHeaders', () => {
+    it('removes X-Frame-Options header', async () => {
+      const { stripFrameBlockingHeaders } = await loadModule()
+      const headers = new Headers({
+        'X-Frame-Options': 'DENY',
+        'Content-Type': 'text/html',
+      })
+      const result = stripFrameBlockingHeaders(headers)
+      expect(result.has('x-frame-options')).toBe(false)
+      expect(result.get('content-type')).toBe('text/html')
+    })
+
+    it('removes Content-Security-Policy-Report-Only header', async () => {
+      const { stripFrameBlockingHeaders } = await loadModule()
+      const headers = new Headers({
+        'Content-Security-Policy-Report-Only': "default-src 'self'",
+        'Content-Type': 'text/html',
+      })
+      const result = stripFrameBlockingHeaders(headers)
+      expect(result.has('content-security-policy-report-only')).toBe(false)
+      expect(result.get('content-type')).toBe('text/html')
+    })
+
+    it('strips frame-ancestors from CSP while preserving other directives', async () => {
+      const { stripFrameBlockingHeaders } = await loadModule()
+      const headers = new Headers({
+        'Content-Security-Policy':
+          "default-src 'self'; frame-ancestors 'none'; script-src 'unsafe-inline'",
+      })
+      const result = stripFrameBlockingHeaders(headers)
+      const csp = result.get('content-security-policy')
+      expect(csp).not.toContain('frame-ancestors')
+      expect(csp).toContain("default-src 'self'")
+      expect(csp).toContain("script-src 'unsafe-inline'")
+    })
+
+    it('preserves non-frame headers unchanged', async () => {
+      const { stripFrameBlockingHeaders } = await loadModule()
+      const headers = new Headers({
+        'Content-Type': 'application/json',
+        'Cache-Control': 'no-cache',
+      })
+      const result = stripFrameBlockingHeaders(headers)
+      expect(result.get('content-type')).toBe('application/json')
+      expect(result.get('cache-control')).toBe('no-cache')
+    })
+
+    it('deletes CSP header entirely when only frame-ancestors is present', async () => {
+      const { stripFrameBlockingHeaders } = await loadModule()
+      const headers = new Headers({
+        'Content-Security-Policy': "frame-ancestors 'self'",
+      })
+      const result = stripFrameBlockingHeaders(headers)
+      expect(result.has('content-security-policy')).toBe(false)
+    })
+
+    it('handles missing headers gracefully (no-op)', async () => {
+      const { stripFrameBlockingHeaders } = await loadModule()
+      const headers = new Headers({
+        'Content-Type': 'text/plain',
+      })
+      const result = stripFrameBlockingHeaders(headers)
+      expect(result.get('content-type')).toBe('text/plain')
+      expect(result.has('x-frame-options')).toBe(false)
+      expect(result.has('content-security-policy')).toBe(false)
+    })
+  })
+
+  describe('injectBaseTag', () => {
+    it('injects base tag and interceptor script after <head>', async () => {
+      const { injectBaseTag } = await loadModule()
+      const html = '<html><head><title>Test</title></head></html>'
+      const result = injectBaseTag(html, 'https://app.example.com/')
+      expect(result).toContain('<base href="https://app.example.com/">')
+      expect(result).toContain('<script>')
+      expect(result).toContain('/api/preview-proxy?url=')
+      expect(result.indexOf('<head>')).toBeLessThan(result.indexOf('<base'))
+    })
+
+    it('injects after <head> with attributes', async () => {
+      const { injectBaseTag } = await loadModule()
+      const html = '<html><head lang="en"><title>Test</title></head></html>'
+      const result = injectBaseTag(html, 'https://app.example.com/')
+      expect(result).toContain('<base href="https://app.example.com/">')
+      expect(result).toContain('<script>')
+      expect(result.indexOf('<head lang="en">')).toBeLessThan(result.indexOf('<base'))
+    })
+
+    it('prepends when no <head> tag is present', async () => {
+      const { injectBaseTag } = await loadModule()
+      const html = '<div>Content</div>'
+      const result = injectBaseTag(html, 'https://app.example.com/')
+      expect(result).toContain('<base href="https://app.example.com/">')
+      expect(result).toContain('<div>Content</div>')
+      expect(result.indexOf('<base')).toBe(0)
+    })
+
+    it('skips base tag but still injects script when <base already exists', async () => {
+      const { injectBaseTag } = await loadModule()
+      const html = '<html><head><base href="/existing/"><title>Test</title></head></html>'
+      const result = injectBaseTag(html, 'https://app.example.com/')
+      expect(result).toContain('<script>')
+      expect(result).not.toContain('<base href="https://app.example.com/">')
+      expect(result).toContain('<base href="/existing/">')
+    })
+
+    it('skips base tag case-insensitively', async () => {
+      const { injectBaseTag } = await loadModule()
+      const html = '<html><head><BASE href="/existing/"><title>Test</title></head></html>'
+      const result = injectBaseTag(html, 'https://app.example.com/')
+      expect(result).toContain('<script>')
+      expect(result).not.toContain('<base href="https://app.example.com/">')
+    })
+  })
+
+  describe('buildBaseHref', () => {
+    it('returns path as-is when it ends with /', async () => {
+      const { buildBaseHref } = await loadModule()
+      const url = new URL('https://app.example.com/dashboard/')
+      expect(buildBaseHref(url)).toBe('https://app.example.com/dashboard/')
+    })
+
+    it('trims to last / when path does not end with /', async () => {
+      const { buildBaseHref } = await loadModule()
+      const url = new URL('https://app.example.com/dashboard/page')
+      expect(buildBaseHref(url)).toBe('https://app.example.com/dashboard/')
+    })
+
+    it('returns origin with trailing / for root path', async () => {
+      const { buildBaseHref } = await loadModule()
+      const url = new URL('https://app.example.com/')
+      expect(buildBaseHref(url)).toBe('https://app.example.com/')
+    })
+
+    it('returns origin with trailing / when no path', async () => {
+      const { buildBaseHref } = await loadModule()
+      const url = new URL('https://app.example.com')
+      expect(buildBaseHref(url)).toBe('https://app.example.com/')
+    })
+  })
+})
diff --git a/components/ambient-ui/src/lib/observability.ts b/components/ambient-ui/src/lib/observability.ts
index 596344679..76ac1a7db 100644
--- a/components/ambient-ui/src/lib/observability.ts
+++ b/components/ambient-ui/src/lib/observability.ts
@@ -20,6 +20,17 @@ type CredentialRotatedEvent = {
   provider: string
 }
 
+type FeedbackSentEvent = {
+  sessionId: string
+  itemCount: number
+  previewUrl: string
+}
+
+type FeedbackDeliveryFailedEvent = {
+  sessionId: string
+  error: string
+}
+
 export const domainProbe = {
   sessionPhaseChanged(event: SessionPhaseChangedEvent) {
     console.info('[domain-probe] session.phaseChanged', event)
@@ -36,4 +47,12 @@ export const domainProbe = {
   credentialRotated(event: CredentialRotatedEvent) {
     console.info('[domain-probe] credential.rotated', event)
   },
+
+  feedbackSent(event: FeedbackSentEvent) {
+    console.info('[domain-probe] feedback.sent', event)
+  },
+
+  feedbackDeliveryFailed(event: FeedbackDeliveryFailedEvent) {
+    console.error('[domain-probe] feedback.deliveryFailed', event)
+  },
 }
diff --git a/components/ambient-ui/src/lib/preview-bridge.ts b/components/ambient-ui/src/lib/preview-bridge.ts
new file mode 100644
index 000000000..331ff3591
--- /dev/null
+++ b/components/ambient-ui/src/lib/preview-bridge.ts
@@ -0,0 +1,117 @@
+/**
+ * PostMessage bridge utilities for cross-origin iframe element capture.
+ *
+ * The preview bridge script (public/preview-bridge.js) must be included in
+ * the previewed page for these utilities to receive responses.
+ */
+
+// -- Message types ----------------------------------------------------------
+
+export type CaptureRequest = { type: 'ambient-capture'; x: number; y: number }
+
+export type CaptureResponse = {
+  type: 'ambient-captured'
+  html: string | null
+  tagName?: string
+  id?: string | null
+  className?: string | null
+  textContent?: string | null
+  rect: { x: number; y: number; width: number; height: number } | null
+}
+
+export type HoverRequest = { type: 'ambient-hover'; x: number; y: number }
+
+export type HoverClearRequest = { type: 'ambient-hover-clear' }
+
+export type HoverResponse = {
+  type: 'ambient-hovered'
+  rect: { x: number; y: number; width: number; height: number }
+}
+
+export type BridgeMessage =
+  | CaptureRequest
+  | CaptureResponse
+  | HoverRequest
+  | HoverClearRequest
+  | HoverResponse
+
+// -- Guard -------------------------------------------------------------------
+
+function isCaptureResponse(data: unknown): data is CaptureResponse {
+  return (
+    typeof data === 'object' &&
+    data !== null &&
+    (data as Record<string, unknown>).type === 'ambient-captured'
+  )
+}
+
+export function isHoverResponse(data: unknown): data is HoverResponse {
+  return (
+    typeof data === 'object' &&
+    data !== null &&
+    (data as Record<string, unknown>).type === 'ambient-hovered'
+  )
+}
+
+// -- Bridge timeout ----------------------------------------------------------
+
+const BRIDGE_TIMEOUT_MS = 1000
+
+// -- Public API --------------------------------------------------------------
+
+/**
+ * Request element capture at (x, y) inside the iframe via postMessage.
+ * Returns a promise that resolves with the captured element info, or
+ * with `{ html: null, rect: null }` if the bridge does not respond
+ * within the timeout.
+ */
+export function requestCapture(
+  iframe: HTMLIFrameElement,
+  x: number,
+  y: number
+): Promise<CaptureResponse> {
+  return new Promise((resolve) => {
+    const timeout = setTimeout(() => {
+      window.removeEventListener('message', handler)
+      resolve({ type: 'ambient-captured', html: null, rect: null })
+    }, BRIDGE_TIMEOUT_MS)
+
+    function handler(e: MessageEvent) {
+      if (!isCaptureResponse(e.data)) return
+      clearTimeout(timeout)
+      window.removeEventListener('message', handler)
+      resolve(e.data)
+    }
+
+    window.addEventListener('message', handler)
+    iframe.contentWindow?.postMessage(
+      { type: 'ambient-capture', x, y } satisfies CaptureRequest,
+      '*'
+    )
+  })
+}
+
+/**
+ * Send a hover position to the bridge so it can highlight the element
+ * under the cursor inside the iframe.
+ */
+export function requestHover(
+  iframe: HTMLIFrameElement,
+  x: number,
+  y: number
+): void {
+  iframe.contentWindow?.postMessage(
+    { type: 'ambient-hover', x, y } satisfies HoverRequest,
+    '*'
+  )
+}
+
+/**
+ * Tell the bridge to clear any active hover highlight.
+ */
+export function clearHover(iframe: HTMLIFrameElement): void {
+  iframe.contentWindow?.postMessage(
+    { type: 'ambient-hover-clear' } satisfies HoverClearRequest,
+    '*'
+  )
+}
diff --git a/components/ambient-ui/src/lib/preview-hosts.ts b/components/ambient-ui/src/lib/preview-hosts.ts
new file mode 100644
index 000000000..f6b95ebad
--- /dev/null
+++ b/components/ambient-ui/src/lib/preview-hosts.ts
@@ -0,0 +1,84 @@
+const DEFAULT_PATTERNS = 'localhost:*,127.0.0.1:*'
+
+const ALLOWED_PROTOCOLS = new Set(['http:', 'https:'])
+
+/**
+ * Parse a comma-separated list of glob patterns into an array.
+ * Returns default patterns when input is undefined or empty.
+ */
+export function parseAllowedHosts(raw: string | undefined): string[] {
+  const source = raw?.trim() || DEFAULT_PATTERNS
+  return source
+    .split(',')
+    .map((p) => p.trim())
+    .filter((p) => p.length > 0)
+}
+
+/**
+ * Test whether a hostname (with optional port) matches a glob pattern.
+ *
+ * Supported glob syntax:
+ * - `*` matches one or more characters (greedy, including dots)
+ * - Literal segments must match exactly
+ *
+ * Examples:
+ * - `*.example.com` matches `app.example.com` and `deep.sub.example.com`
+ * - `*.apps.rosa.*.amazonaws.com` matches `myapp.apps.rosa.us-east-1.amazonaws.com`
+ * - `localhost:*` matches `localhost:3000`
+ */
+export function matchesGlobPattern(hostWithPort: string, pattern: string): boolean {
+  // Convert glob pattern to regex:
+  // - Escape regex special chars (except *)
+  // - Replace * with .+ (one or more chars)
+  const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, '\\$&')
+  const regexStr = `^${escaped.replace(/\*/g, '.+')}$`
+  const regex = new RegExp(regexStr)
+  return regex.test(hostWithPort)
+}
+
+/**
+ * Check if a URL is on the trusted preview hosts allowlist.
+ *
+ * - Only `http:` and `https:` protocols are allowed.
+ * - The hostname (with port if present) is matched against glob patterns
+ *   from `NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS` env var.
+ * - Default allowlist: `localhost:*,127.0.0.1:*`
+ */
+export function isAllowedPreviewHost(url: string): boolean {
+  let parsed: URL
+  try {
+    parsed = new URL(url)
+  } catch {
+    return false
+  }
+
+  if (!ALLOWED_PROTOCOLS.has(parsed.protocol)) {
+    return false
+  }
+
+  const patterns = parseAllowedHosts(
+    process.env.NEXT_PUBLIC_PREVIEW_ALLOWED_HOSTS
+  )
+
+  // Match against host (includes port if specified in the URL)
+  // Also try matching hostname-only for patterns without a port component
+  const hostWithPort = parsed.host // e.g. "localhost:3000" or "example.com"
+  const hostnameOnly = parsed.hostname // e.g. "localhost" or "example.com"
+
+  return patterns.some((pattern) => {
+    if (matchesGlobPattern(hostWithPort, pattern)) {
+      return true
+    }
+    // If the pattern has no port component, try matching hostname only
+    if (!pattern.includes(':')) {
+      return matchesGlobPattern(hostnameOnly, pattern)
+    }
+    // If the pattern has a port wildcard (e.g. localhost:*) and the URL has
+    // no port, try matching hostname-only against the part before the colon
+    if (pattern.endsWith(':*')) {
+      const patternHost = pattern.slice(0, -2)
+      return matchesGlobPattern(hostnameOnly, patternHost)
+    }
+    return false
+  })
+}
diff --git a/components/ambient-ui/src/lib/preview-proxy.ts b/components/ambient-ui/src/lib/preview-proxy.ts
new file mode 100644
index 000000000..f18beeec9
--- /dev/null
+++ b/components/ambient-ui/src/lib/preview-proxy.ts
@@ -0,0 +1,141 @@
+import { isAllowedPreviewHost } from '@/lib/preview-hosts'
+
+type ValidResult = { valid: true; parsed: URL }
+type InvalidResult = { valid: false; reason: string }
+type ValidationResult = ValidResult | InvalidResult
+
+const ALLOWED_PROTOCOLS = new Set(['http:', 'https:'])
+
+/**
+ * Validate a preview URL: parseable, http(s), and on the trusted allowlist.
+ */
+export function validatePreviewUrl(url: string): ValidationResult {
+  let parsed: URL
+  try {
+    parsed = new URL(url)
+  } catch {
+    return { valid: false, reason: 'URL is not valid' }
+  }
+
+  if (!ALLOWED_PROTOCOLS.has(parsed.protocol)) {
+    return { valid: false, reason: `Protocol "${parsed.protocol}" is not allowed` }
+  }
+
+  if (!isAllowedPreviewHost(url)) {
+    return { valid: false, reason: 'URL is not on the trusted preview hosts allowlist' }
+  }
+
+  return { valid: true, parsed }
+}
+
+/**
+ * Create a copy of the given headers with frame-blocking headers removed.
+ *
+ * - Deletes `X-Frame-Options`
+ * - Deletes `Content-Security-Policy-Report-Only`
+ * - Strips `frame-ancestors` directives from `Content-Security-Policy`
+ *   (removes the header entirely if no directives remain)
+ */
+export function stripFrameBlockingHeaders(headers: Headers): Headers {
+  const result = new Headers(headers)
+
+  result.delete('x-frame-options')
+  result.delete('content-security-policy-report-only')
+
+  const csp = result.get('content-security-policy')
+  if (csp) {
+    const filtered = csp
+      .split(';')
+      .map((d) => d.trim())
+      .filter((d) => !d.startsWith('frame-ancestors'))
+      .join('; ')
+
+    if (filtered.length === 0) {
+      result.delete('content-security-policy')
+    } else {
+      result.set('content-security-policy', filtered)
+    }
+  }
+
+  return result
+}
+
+/**
+ * Inject a `<base href="...">` tag and a navigation interceptor script
+ * into HTML so it works correctly inside the preview proxy iframe.
+ *
+ * The `<base>` tag resolves relative sub-resource URLs (CSS, JS, images)
+ * against the original server. The interceptor script rewrites navigations
+ * (links, form submissions) to route through the preview proxy, preventing
+ * the iframe from navigating directly to origins that block framing.
+ */
+export function injectBaseTag(html: string, baseUrl: string): string {
+  const interceptScript = `<script>
+(function(){
+  var base="${baseUrl}";
+  var proxy=window.location.origin+"/api/preview-proxy?url=";
+  function resolve(u){
+    try{return new URL(u,base).href}catch(e){return u}
+  }
+  function proxied(u){
+    var abs=resolve(u);
+    if(abs.startsWith("http"))return proxy+encodeURIComponent(abs);
+    return u;
+  }
+  document.addEventListener("click",function(e){
+    var a=e.target.closest("a[href]");
+    if(!a)return;
+    var h=a.getAttribute("href");
+    if(!h||h.startsWith("#")||h.startsWith("javascript:"))return;
+    e.preventDefault();
+    window.location.href=proxied(h);
+  },true);
+  document.addEventListener("submit",function(e){
+    var f=e.target;
+    if(!f||!f.action)return;
+    e.preventDefault();
+    var action=f.getAttribute("action")||"";
+    var abs=resolve(action);
+    var fd=new FormData(f);
+    if((f.method||"GET").toUpperCase()==="GET"){
+      var target=new URL(abs);
+      fd.forEach(function(v,k){target.searchParams.set(k,v)});
+      window.location.href=proxy+encodeURIComponent(target.href);
+    }else{
+      var xhr=new XMLHttpRequest();
+      xhr.open(f.method,proxy+encodeURIComponent(abs),true);
+      xhr.onload=function(){
+        document.open();document.write(xhr.responseText);document.close();
+      };
+      xhr.send(fd);
+    }
+  },true);
+})();
+</script>`
+
+  const baseTag = /<base\s/i.test(html) ? '' : `<base href="${baseUrl}">`
+  const injection = baseTag + interceptScript
+
+  const headMatch = html.match(/<head(\s[^>]*)?>/)
+  if (headMatch) {
+    const insertPos = headMatch.index! + headMatch[0].length
+    return html.slice(0, insertPos) + injection + html.slice(insertPos)
+  }
+
+  return `${injection}\n${html}`
+}
+
+/**
+ * Build the base href from a URL.
+ *
+ * Takes origin + pathname, trimmed to the last `/`.
+ * e.g. `https://app.example.com/dashboard/page` -> `https://app.example.com/dashboard/`
+ */
+export function buildBaseHref(originalUrl: URL): string {
+  const pathname = originalUrl.pathname
+  const trimmed = pathname.endsWith('/')
+    ? pathname
+    : pathname.slice(0, pathname.lastIndexOf('/') + 1)
+
+  return `${originalUrl.origin}${trimmed}`
+}
diff --git a/components/ambient-ui/src/ports/index.ts b/components/ambient-ui/src/ports/index.ts
index f4d45830b..9e8bc4c82 100644
--- a/components/ambient-ui/src/ports/index.ts
+++ b/components/ambient-ui/src/ports/index.ts
@@ -1,2 +1,3 @@
 export type { SessionsPort } from './sessions'
 export type { ProjectsPort } from './projects'
+export type { SessionMessagesPort } from './session-messages'
diff --git a/components/ambient-ui/src/ports/session-messages.ts b/components/ambient-ui/src/ports/session-messages.ts
new file mode 100644
index 000000000..0b0a565f8
--- /dev/null
+++ b/components/ambient-ui/src/ports/session-messages.ts
@@ -0,0 +1,6 @@
+import type { DomainSessionMessage, ListParams, PaginatedResult } from '@/domain/types'
+
+export type SessionMessagesPort = {
+  send: (sessionId: string, message: { eventType: string; payload: string }) => Promise<DomainSessionMessage>
+  list: (sessionId: string, params?: ListParams) => Promise<PaginatedResult<DomainSessionMessage>>
+}
diff --git a/components/ambient-ui/src/queries/__tests__/use-send-feedback.test.ts b/components/ambient-ui/src/queries/__tests__/use-send-feedback.test.ts
new file mode 100644
index 000000000..db685e6dc
--- /dev/null
+++ b/components/ambient-ui/src/queries/__tests__/use-send-feedback.test.ts
@@ -0,0 +1,170 @@
+import { describe, it, expect, vi } from 'vitest'
+import { renderHook, waitFor } from '@testing-library/react'
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query'
+import { createElement } from 'react'
+import type { SessionMessagesPort } from '@/ports/session-messages'
+import type { FeedbackBatch, FeedbackItem, DomainSessionMessage } from '@/domain/types'
+import { useSendFeedback } from '../use-send-feedback'
+
+function makeFeedbackItem(overrides: Partial<FeedbackItem> = {}): FeedbackItem {
+  return {
+    id: 'fb-001',
+    type: 'element',
+    comment: 'This button text is misleading',
+    position: { x: 120, y: 340 },
+    viewportWidth: 1280,
+    viewportHeight: 720,
+    deviceSize: 'desktop',
+    timestamp: '2026-05-28T10:00:00Z',
+    ...overrides,
+  }
+}
+
+function makeBatch(overrides: Partial<FeedbackBatch> = {}): FeedbackBatch {
+  return {
+    items: [makeFeedbackItem()],
+    sessionId: 'sess-001',
+    previewUrl: 'https://app.example.com',
+    ...overrides,
+  }
+}
+
+function makeDomainMessage(overrides: Partial<DomainSessionMessage> = {}): DomainSessionMessage {
+  return {
+    id: 'msg-001',
+    sessionId: 'sess-001',
+    eventType: 'user_feedback',
+    payload: 'test payload',
+    seq: 1,
+    createdAt: '2026-05-28T10:00:00Z',
+    ...overrides,
+  }
+}
+
+function createFakePort(options: {
+  sendResult?: DomainSessionMessage
+  sendCapture?: { calls: Array<{ sessionId: string; message: { eventType: string; payload: string } }> }
+} = {}): SessionMessagesPort {
+  return {
+    send: async (sessionId, message) => {
+      options.sendCapture?.calls.push({ sessionId, message })
+      return options.sendResult ?? makeDomainMessage()
+    },
+    list: async () => ({ items: [], total: 0, page: 1, size: 20, hasMore: false }),
+  }
+}
+
+function createWrapper() {
+  const queryClient = new QueryClient({
+    defaultOptions: { queries: { retry: false }, mutations: { retry: false } },
+  })
+  return function Wrapper({ children }: { children: React.ReactNode }) {
+    return createElement(QueryClientProvider, { client: queryClient }, children)
+  }
+}
+
+describe('useSendFeedback', () => {
+  it('sends feedback batch via session messages port', async () => {
+    const capture = { calls: [] as Array<{ sessionId: string; message: { eventType: string; payload: string } }> }
+    const port = createFakePort({ sendCapture: capture })
+    const { result } = renderHook(() => useSendFeedback(port), { wrapper: createWrapper() })
+
+    result.current.mutate(makeBatch())
+
+    await waitFor(() => expect(result.current.isSuccess).toBe(true))
+    expect(capture.calls).toHaveLength(1)
+    expect(capture.calls[0].sessionId).toBe('sess-001')
+    expect(capture.calls[0].message.eventType).toBe('user_feedback')
+  })
+
+  it('formats payload with element feedback', async () => {
+    const capture = { calls: [] as Array<{ sessionId: string; message: { eventType: string; payload: string } }> }
+    const port = createFakePort({ sendCapture: capture })
+    const { result } = renderHook(() => useSendFeedback(port), { wrapper: createWrapper() })
+
+    result.current.mutate(makeBatch({
+      items: [makeFeedbackItem({
+        comment: 'Fix the color',
+        position: { x: 100, y: 200 },
+        capturedHtml: '<button class="submit">Save</button>',
+      })],
+    }))
+
+    await waitFor(() => expect(result.current.isSuccess).toBe(true))
+    const payload = capture.calls[0].message.payload
+    expect(payload).toContain('Fix the color')
+    expect(payload).toContain('Position: (100, 200)')
+    expect(payload).toContain('<button class="submit">Save</button>')
+    expect(payload).toContain('https://app.example.com')
+  })
+
+  it('formats payload with region feedback', async () => {
+    const capture = { calls: [] as Array<{ sessionId: string; message: { eventType: string; payload: string } }> }
+    const port = createFakePort({ sendCapture: capture })
+    const { result } = renderHook(() => useSendFeedback(port), { wrapper: createWrapper() })
+
+    result.current.mutate(makeBatch({
+      items: [makeFeedbackItem({
+        type: 'region',
+        dimensions: { width: 200, height: 150 },
+      })],
+    }))
+
+    await waitFor(() => expect(result.current.isSuccess).toBe(true))
+    const payload = capture.calls[0].message.payload
+    expect(payload).toContain('Region: 200x150px')
+  })
+
+  it('formats payload with multiple items', async () => {
+    const capture = { calls: [] as Array<{ sessionId: string; message: { eventType: string; payload: string } }> }
+    const port = createFakePort({ sendCapture: capture })
+    const { result } = renderHook(() => useSendFeedback(port), { wrapper: createWrapper() })
+
+    result.current.mutate(makeBatch({
+      items: [
+        makeFeedbackItem({ id: 'fb-1', comment: 'First issue' }),
+        makeFeedbackItem({ id: 'fb-2', comment: 'Second issue' }),
+      ],
+    }))
+
+    await waitFor(() => expect(result.current.isSuccess).toBe(true))
+    const payload = capture.calls[0].message.payload
+    expect(payload).toContain('Feedback #1')
+    expect(payload).toContain('First issue')
+    expect(payload).toContain('Feedback #2')
+    expect(payload).toContain('Second issue')
+  })
+
+  it('includes viewport metadata', async () => {
+    const capture = { calls: [] as Array<{ sessionId: string; message: { eventType: string; payload: string } }> }
+    const port = createFakePort({ sendCapture: capture })
+    const { result } = renderHook(() => useSendFeedback(port), { wrapper: createWrapper() })
+
+    result.current.mutate(makeBatch({
+      items: [makeFeedbackItem({
+        viewportWidth: 375,
+        viewportHeight: 667,
+        deviceSize: 'mobile',
+      })],
+    }))
+
+    await waitFor(() => expect(result.current.isSuccess).toBe(true))
+    const payload = capture.calls[0].message.payload
+    expect(payload).toContain('Viewport: 375x667 (mobile)')
+  })
+
+  it('reports error on failure', async () => {
+    const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {})
+    const port: SessionMessagesPort = {
+      send: async () => { throw new Error('Network error') },
+      list: async () => ({ items: [], total: 0, page: 1, size: 20, hasMore: false }),
+    }
+    const { result } = renderHook(() => useSendFeedback(port), { wrapper: createWrapper() })
+
+    result.current.mutate(makeBatch())
+
+    await waitFor(() => expect(result.current.isError).toBe(true))
+    expect(result.current.error?.message).toBe('Network error')
+    consoleSpy.mockRestore()
+  })
+})
diff --git a/components/ambient-ui/src/queries/index.ts b/components/ambient-ui/src/queries/index.ts
index 117f55db7..7a289a985 100644
--- a/components/ambient-ui/src/queries/index.ts
+++ b/components/ambient-ui/src/queries/index.ts
@@ -1,3 +1,4 @@
 export { queryKeys } from './query-keys'
 export { useSessions, useSession, useStopSession, useStartSession } from './use-sessions'
 export { useProjects, useProject } from './use-projects'
+export { useSendFeedback } from './use-send-feedback'
diff --git a/components/ambient-ui/src/queries/use-send-feedback.ts b/components/ambient-ui/src/queries/use-send-feedback.ts
new file mode 100644
index 000000000..fe80c244c
--- /dev/null
+++ b/components/ambient-ui/src/queries/use-send-feedback.ts
@@ -0,0 +1,66 @@
+'use client'
+
+import { useMutation } from '@tanstack/react-query'
+import type { FeedbackBatch, FeedbackItem } from '@/domain/types'
+import type { SessionMessagesPort } from '@/ports/session-messages'
+import { createSessionMessagesAdapterWithFetch } from '@/adapters/session-messages'
+import { domainProbe } from '@/lib/observability'
+import { SESSION_MESSAGE_EVENTS } from '@/domain/events'
+
+function formatFeedbackPayload(batch: FeedbackBatch): string {
+  const header = `Visual feedback for preview: ${sanitizeForPayload(batch.previewUrl)}`
+  const items = batch.items.map((item, i) => formatFeedbackItem(item, i + 1))
+  return `${header}\n\n${items.join('\n\n')}`
+}
+
+function sanitizeForPayload(value: string): string {
+  return value.replace(/\\/g, '\\\\').replace(/`/g, '\\`').replace(/\r?\n/g, ' ')
+}
+
+function formatFeedbackItem(item: FeedbackItem, index: number): string {
+  const lines: string[] = []
+  lines.push(`--- Feedback #${index} ---`)
+  lines.push(`Comment: ${item.comment}`)
+  lines.push(`Type: ${item.type}`)
+  lines.push(`Position: (${item.position.x}, ${item.position.y})`)
+
+  if (item.dimensions) {
+    lines.push(`Region: ${item.dimensions.width}x${item.dimensions.height}px`)
+  }
+
+  lines.push(`Viewport: ${item.viewportWidth}x${item.viewportHeight} (${item.deviceSize})`)
+
+  if (item.capturedHtml) {
+    const escaped = sanitizeForPayload(item.capturedHtml)
+    lines.push(`Element HTML:\n\`\`\`html\n${escaped}\n\`\`\``)
+  }
+
+  return lines.join('\n')
+}
+
+export function useSendFeedback(port?: SessionMessagesPort) {
+  const adapter = port ?? createSessionMessagesAdapterWithFetch()
+
+  return useMutation({
+    mutationFn: async (batch: FeedbackBatch) => {
+      const payload = formatFeedbackPayload(batch)
+      return adapter.send(batch.sessionId, {
+        eventType: SESSION_MESSAGE_EVENTS.userFeedback,
+        payload,
+      })
+    },
+    onSuccess: (_data, batch) => {
+      domainProbe.feedbackSent({
+        sessionId: batch.sessionId,
+        itemCount: batch.items.length,
+        previewUrl: batch.previewUrl,
+      })
+    },
+    onError: (error, batch) => {
+      domainProbe.feedbackDeliveryFailed({
+        sessionId: batch.sessionId,
+        error: error instanceof Error ? error.message : String(error),
+      })
+    },
+  })
+}
diff --git a/components/manifests/overlays/production/ambient-ui-oauth-patch.yaml b/components/manifests/overlays/production/ambient-ui-oauth-patch.yaml
index d7c14bbbb..e7e076451 100644
--- a/components/manifests/overlays/production/ambient-ui-oauth-patch.yaml
+++ b/components/manifests/overlays/production/ambient-ui-oauth-patch.yaml
@@ -28,7 +28,7 @@ spec:
         - --https-address=
         - --provider=openshift
         - --upstream=http://localhost:3000
-        - --client-id=ambient-ui
+        - --client-id=ambient-frontend
         - --client-secret-file=/etc/oauth/config/client-secret
         - --cookie-secret-file=/etc/oauth/config/cookie_secret
         - --cookie-expire=23h0m0s