diff --git a/components/ambient-ui/package-lock.json b/components/ambient-ui/package-lock.json
index eb9a98bd0..3d17844fe 100644
--- a/components/ambient-ui/package-lock.json
+++ b/components/ambient-ui/package-lock.json
@@ -11,6 +11,7 @@
         "@radix-ui/react-avatar": "^1.1.10",
         "@radix-ui/react-dialog": "^1.1.15",
         "@radix-ui/react-dropdown-menu": "^2.1.16",
+        "@radix-ui/react-popover": "^1.1.15",
         "@radix-ui/react-select": "^2.2.6",
         "@radix-ui/react-separator": "^1.1.4",
         "@radix-ui/react-slot": "^1.2.4",
@@ -2271,6 +2272,99 @@
         }
       }
     },
+    "node_modules/@radix-ui/react-popover": {
+      "version": "1.1.15",
+      "resolved": "https://registry.npmjs.org/@radix-ui/react-popover/-/react-popover-1.1.15.tgz",
+      "integrity": "sha512-kr0X2+6Yy/vJzLYJUPCZEc8SfQcf+1COFoAqauJm74umQhta9M7lNJHP7QQS3vkvcGLQUbWpMzwrXYwrYztHKA==",
+      "license": "MIT",
+      "dependencies": {
+        "@radix-ui/primitive": "1.1.3",
+        "@radix-ui/react-compose-refs": "1.1.2",
+        "@radix-ui/react-context": "1.1.2",
+        "@radix-ui/react-dismissable-layer": "1.1.11",
+        "@radix-ui/react-focus-guards": "1.1.3",
+        "@radix-ui/react-focus-scope": "1.1.7",
+        "@radix-ui/react-id": "1.1.1",
+        "@radix-ui/react-popper": "1.2.8",
+        "@radix-ui/react-portal": "1.1.9",
+        "@radix-ui/react-presence": "1.1.5",
+        "@radix-ui/react-primitive": "2.1.3",
+        "@radix-ui/react-slot": "1.2.3",
+        "@radix-ui/react-use-controllable-state": "1.2.2",
+        "aria-hidden": "^1.2.4",
+        "react-remove-scroll": "^2.6.3"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-popover/node_modules/@radix-ui/react-context": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@radix-ui/react-context/-/react-context-1.1.2.tgz",
+      "integrity": "sha512-jCi/QKUM2r1Ju5a3J64TH2A5SpKAgh0LpknyqdQ4m6DCV0xJ2HG1xARRwNGPQfi1SLdLWZ1OJz6F4OMBBNiGJA==",
+      "license": "MIT",
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-popover/node_modules/@radix-ui/react-primitive": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/@radix-ui/react-primitive/-/react-primitive-2.1.3.tgz",
+      "integrity": "sha512-m9gTwRkhy2lvCPe6QJp4d3G1TYEUHn/FzJUtq9MjH46an1wJU+GdoGC5VLof8RX8Ft/DlpshApkhswDLZzHIcQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@radix-ui/react-slot": "1.2.3"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+        "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-popover/node_modules/@radix-ui/react-slot": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/@radix-ui/react-slot/-/react-slot-1.2.3.tgz",
+      "integrity": "sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A==",
+      "license": "MIT",
+      "dependencies": {
+        "@radix-ui/react-compose-refs": "1.1.2"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@radix-ui/react-popper": {
       "version": "1.2.8",
       "resolved": "https://registry.npmjs.org/@radix-ui/react-popper/-/react-popper-1.2.8.tgz",
diff --git a/components/ambient-ui/package.json b/components/ambient-ui/package.json
index 6edaa499e..356234bf9 100644
--- a/components/ambient-ui/package.json
+++ b/components/ambient-ui/package.json
@@ -15,6 +15,7 @@
     "@radix-ui/react-avatar": "^1.1.10",
     "@radix-ui/react-dialog": "^1.1.15",
     "@radix-ui/react-dropdown-menu": "^2.1.16",
+    "@radix-ui/react-popover": "^1.1.15",
     "@radix-ui/react-select": "^2.2.6",
     "@radix-ui/react-separator": "^1.1.4",
     "@radix-ui/react-slot": "^1.2.4",
diff --git a/components/ambient-ui/src/app/(dashboard)/layout.tsx b/components/ambient-ui/src/app/(dashboard)/layout.tsx
index 931daf106..f2159985e 100644
--- a/components/ambient-ui/src/app/(dashboard)/layout.tsx
+++ b/components/ambient-ui/src/app/(dashboard)/layout.tsx
@@ -3,6 +3,7 @@
 import { usePathname } from 'next/navigation'
 import { AppSidebar } from '@/components/app-sidebar'
 import { NavHeader } from '@/components/nav-header'
+import { StatusBar } from '@/components/status-bar'
 import { useProject } from '@/queries/use-projects'
 import {
   SidebarInset,
@@ -38,7 +39,8 @@ export default function DashboardLayout({
           projectName={project?.name ?? null}
           pageName={pageName}
         />
-        <div className="flex-1 p-6">{children}</div>
+        <div className="flex-1 p-6 pb-10">{children}</div>
+        <StatusBar />
       </SidebarInset>
     </SidebarProvider>
   )
diff --git a/components/ambient-ui/src/app/api/ambient/v1/[...path]/route.ts b/components/ambient-ui/src/app/api/ambient/v1/[...path]/route.ts
index 741a2a67a..d10af84ec 100644
--- a/components/ambient-ui/src/app/api/ambient/v1/[...path]/route.ts
+++ b/components/ambient-ui/src/app/api/ambient/v1/[...path]/route.ts
@@ -1,5 +1,5 @@
 import { resolveAccessToken, buildProxyHeaders } from "@/lib/auth"
-import { API_SERVER_URL } from "@/lib/config"
+import { getRuntimeConfig } from "@/lib/runtime-config"
 
 export const runtime = "nodejs"
 export const dynamic = "force-dynamic"
@@ -14,11 +14,22 @@ async function proxyRequest(
   if (path.some(s => s === ".." || s === ".")) {
     return Response.json({ error: "invalid_path" }, { status: 400 })
   }
+
+  const config = await getRuntimeConfig()
+  const apiServerUrl = config.apiServerUrl
+
   const pathStr = path.map(s => encodeURIComponent(s)).join("/")
-  const url = new URL(`/api/ambient/v1/${pathStr}`, API_SERVER_URL)
+  const url = new URL(`/api/ambient/v1/${pathStr}`, apiServerUrl)
   url.search = new URL(request.url).search
 
-  const accessToken = await resolveAccessToken(request)
+  // Auth priority: custom token > SSO/oauth token > dev-mode token
+  let accessToken: string | undefined
+  if (config.customToken) {
+    accessToken = config.customToken
+  } else {
+    accessToken = await resolveAccessToken(request)
+  }
+
   if (!accessToken) {
     return Response.json({ error: "Unauthorized" }, { status: 401 })
   }
@@ -28,7 +39,7 @@ async function proxyRequest(
   // oauth-proxy provides an OpenShift OAuth token (different auth system).
   // Strip the Authorization header until auth systems are unified — the
   // BFF's oauth-proxy already authenticates the user.
-  if (accessToken.startsWith("sha256~")) {
+  if (!config.customToken && accessToken.startsWith("sha256~")) {
     delete headers["Authorization"]
   }
 
diff --git a/components/ambient-ui/src/app/api/config/route.ts b/components/ambient-ui/src/app/api/config/route.ts
new file mode 100644
index 000000000..4249cf6dc
--- /dev/null
+++ b/components/ambient-ui/src/app/api/config/route.ts
@@ -0,0 +1,86 @@
+import { getRuntimeConfig, setCustomContext, resetContext } from '@/lib/runtime-config'
+
+export const runtime = 'nodejs'
+export const dynamic = 'force-dynamic'
+
+export async function GET() {
+  const config = await getRuntimeConfig()
+  return Response.json({
+    apiServerUrl: config.apiServerUrl,
+    customToken: config.customToken !== null,
+    isCustomContext: config.isCustomContext,
+    defaultApiServerUrl: config.defaultApiServerUrl,
+  })
+}
+
+export async function PUT(request: Request) {
+  let body: unknown
+  try {
+    body = await request.json()
+  } catch {
+    return Response.json({ error: 'Invalid JSON' }, { status: 400 })
+  }
+
+  if (typeof body !== 'object' || body === null) {
+    return Response.json(
+      { error: 'Request body must be a JSON object' },
+      { status: 400 },
+    )
+  }
+
+  const parsed = body as Record<string, unknown>
+  const url = parsed.apiServerUrl
+  const token = parsed.customToken
+
+  if (url !== undefined && typeof url !== 'string') {
+    return Response.json(
+      { error: 'apiServerUrl must be a string' },
+      { status: 400 },
+    )
+  }
+
+  if (token !== undefined && token !== null && typeof token !== 'string') {
+    return Response.json(
+      { error: 'customToken must be a string or null' },
+      { status: 400 },
+    )
+  }
+
+  if (typeof url === 'string' && !url.startsWith('http://') && !url.startsWith('https://')) {
+    return Response.json(
+      { error: 'apiServerUrl must start with http:// or https://' },
+      { status: 400 },
+    )
+  }
+
+  if (url === undefined && token === undefined) {
+    return Response.json(
+      { error: 'Request body must include apiServerUrl or customToken' },
+      { status: 400 },
+    )
+  }
+
+  await setCustomContext(
+    typeof url === 'string' ? url : undefined,
+    token === null ? null : typeof token === 'string' ? (token || null) : undefined,
+  )
+
+  const config = await getRuntimeConfig()
+  return Response.json({
+    apiServerUrl: config.apiServerUrl,
+    customToken: config.customToken !== null,
+    isCustomContext: config.isCustomContext,
+    defaultApiServerUrl: config.defaultApiServerUrl,
+  })
+}
+
+export async function DELETE() {
+  await resetContext()
+  const config = await getRuntimeConfig()
+  return Response.json({
+    apiServerUrl: config.apiServerUrl,
+    customToken: config.customToken !== null,
+    isCustomContext: config.isCustomContext,
+    defaultApiServerUrl: config.defaultApiServerUrl,
+  })
+}
diff --git a/components/ambient-ui/src/components/nav-header.tsx b/components/ambient-ui/src/components/nav-header.tsx
index 6e3e26a5d..bacc4f8b4 100644
--- a/components/ambient-ui/src/components/nav-header.tsx
+++ b/components/ambient-ui/src/components/nav-header.tsx
@@ -25,59 +25,52 @@ export function NavHeader({ projectId, projectName, pageName, sessionName }: Nav
       <SidebarTrigger />
       <Separator orientation="vertical" className="mx-1 h-5" />
 
-      <div className="flex flex-1 items-center justify-between">
-        <Breadcrumb>
-          <BreadcrumbList>
-            <BreadcrumbItem>
-              <BreadcrumbLink asChild>
-                <Link href="/">
-                  <span className="font-semibold">Ambient</span>
-                </Link>
-              </BreadcrumbLink>
-            </BreadcrumbItem>
+      <Breadcrumb>
+        <BreadcrumbList>
+          <BreadcrumbItem>
+            <BreadcrumbLink asChild>
+              <Link href="/">
+                <span className="font-semibold">Ambient</span>
+              </Link>
+            </BreadcrumbLink>
+          </BreadcrumbItem>
 
-            {projectId && (
-              <>
-                <BreadcrumbSeparator />
-                <BreadcrumbItem>
+          {projectId && (
+            <>
+              <BreadcrumbSeparator />
+              <BreadcrumbItem>
+                <BreadcrumbLink asChild>
+                  <Link href={`/${projectId}/fleet`}>{projectName ?? projectId}</Link>
+                </BreadcrumbLink>
+              </BreadcrumbItem>
+            </>
+          )}
+
+          {pageName && (
+            <>
+              <BreadcrumbSeparator />
+              <BreadcrumbItem>
+                {sessionName ? (
                   <BreadcrumbLink asChild>
-                    <Link href={`/${projectId}/fleet`}>{projectName ?? projectId}</Link>
+                    <Link href={`/${projectId}/fleet`}>{pageName}</Link>
                   </BreadcrumbLink>
-                </BreadcrumbItem>
-              </>
-            )}
-
-            {pageName && (
-              <>
-                <BreadcrumbSeparator />
-                <BreadcrumbItem>
-                  {sessionName ? (
-                    <BreadcrumbLink asChild>
-                      <Link href={`/${projectId}/fleet`}>{pageName}</Link>
-                    </BreadcrumbLink>
-                  ) : (
-                    <BreadcrumbPage>{pageName}</BreadcrumbPage>
-                  )}
-                </BreadcrumbItem>
-              </>
-            )}
-
-            {sessionName && (
-              <>
-                <BreadcrumbSeparator />
-                <BreadcrumbItem>
-                  <BreadcrumbPage>{sessionName}</BreadcrumbPage>
-                </BreadcrumbItem>
-              </>
-            )}
-          </BreadcrumbList>
-        </Breadcrumb>
+                ) : (
+                  <BreadcrumbPage>{pageName}</BreadcrumbPage>
+                )}
+              </BreadcrumbItem>
+            </>
+          )}
 
-        <div className="flex items-center gap-2">
-          <span className="inline-block size-2.5 rounded-full bg-status-success-foreground" aria-label="Cluster connected" />
-          <span className="text-xs text-muted-foreground">Connected</span>
-        </div>
-      </div>
+          {sessionName && (
+            <>
+              <BreadcrumbSeparator />
+              <BreadcrumbItem>
+                <BreadcrumbPage>{sessionName}</BreadcrumbPage>
+              </BreadcrumbItem>
+            </>
+          )}
+        </BreadcrumbList>
+      </Breadcrumb>
     </header>
   )
 }
diff --git a/components/ambient-ui/src/components/status-bar.tsx b/components/ambient-ui/src/components/status-bar.tsx
new file mode 100644
index 000000000..0d2454812
--- /dev/null
+++ b/components/ambient-ui/src/components/status-bar.tsx
@@ -0,0 +1,386 @@
+'use client'
+
+import { useCallback, useRef, useState } from 'react'
+import { useRouter } from 'next/navigation'
+import { useQuery, useQueryClient } from '@tanstack/react-query'
+import { ChevronDown, Eye, EyeOff, Info, Plug } from 'lucide-react'
+import { useConnectionStatus } from '@/hooks/use-connection-status'
+import { cn } from '@/lib/utils'
+import { Button } from '@/components/ui/button'
+import { Input } from '@/components/ui/input'
+import {
+  Popover,
+  PopoverContent,
+  PopoverTrigger,
+} from '@/components/ui/popover'
+
+type ConfigResponse = {
+  apiServerUrl: string
+  customToken: boolean
+  isCustomContext: boolean
+  defaultApiServerUrl: string
+}
+
+function useApiServerConfig() {
+  const queryClient = useQueryClient()
+
+  const { data } = useQuery<ConfigResponse>({
+    queryKey: ['config'],
+    queryFn: async () => {
+      const response = await fetch('/api/config')
+      if (!response.ok) {
+        throw new Error('Failed to fetch config')
+      }
+      return response.json() as Promise<ConfigResponse>
+    },
+    staleTime: 60_000,
+  })
+
+  const updateContext = useCallback(
+    async (newUrl?: string, token?: string) => {
+      const body: Record<string, string> = {}
+      if (newUrl) body.apiServerUrl = newUrl
+      if (token) body.customToken = token
+
+      const response = await fetch('/api/config', {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(body),
+      })
+      if (!response.ok) {
+        throw new Error('Failed to update config')
+      }
+      queryClient.removeQueries({ queryKey: ['sessions'] })
+      queryClient.removeQueries({ queryKey: ['projects'] })
+      await queryClient.invalidateQueries({ queryKey: ['config'] })
+      await queryClient.invalidateQueries({ queryKey: ['connection-status'] })
+      await queryClient.refetchQueries({ queryKey: ['sessions'] })
+      await queryClient.refetchQueries({ queryKey: ['projects'] })
+    },
+    [queryClient],
+  )
+
+  const resetContext = useCallback(async () => {
+    const response = await fetch('/api/config', { method: 'DELETE' })
+    if (!response.ok) {
+      throw new Error('Failed to reset config')
+    }
+    queryClient.removeQueries({ queryKey: ['sessions'] })
+    queryClient.removeQueries({ queryKey: ['projects'] })
+    await queryClient.invalidateQueries({ queryKey: ['config'] })
+    await queryClient.invalidateQueries({ queryKey: ['connection-status'] })
+    await queryClient.refetchQueries({ queryKey: ['sessions'] })
+    await queryClient.refetchQueries({ queryKey: ['projects'] })
+  }, [queryClient])
+
+  return {
+    apiServerUrl: data?.apiServerUrl ?? '',
+    isCustomContext: data?.isCustomContext ?? false,
+    hasCustomToken: data?.customToken ?? false,
+    updateContext,
+    resetContext,
+  }
+}
+
+function StatusDot({ status }: { status: 'connected' | 'disconnected' | 'checking' }) {
+  if (status === 'connected') {
+    return (
+      <span
+        className="inline-block size-2 rounded-full bg-status-success-foreground"
+        aria-hidden="true"
+      />
+    )
+  }
+
+  if (status === 'disconnected') {
+    return (
+      <span
+        className="inline-block size-2 animate-pulse rounded-full bg-status-error-foreground"
+        aria-hidden="true"
+      />
+    )
+  }
+
+  return (
+    <span
+      className="inline-block size-2 rounded-full bg-muted-foreground"
+      aria-hidden="true"
+    />
+  )
+}
+
+function statusLabel(status: 'connected' | 'disconnected' | 'checking'): string {
+  switch (status) {
+    case 'connected':
+      return 'Connected'
+    case 'disconnected':
+      return 'Disconnected'
+    case 'checking':
+      return 'Checking...'
+  }
+}
+
+export function StatusBar() {
+  const router = useRouter()
+  const { status } = useConnectionStatus()
+  const { apiServerUrl, isCustomContext, updateContext, resetContext } =
+    useApiServerConfig()
+
+  const [popoverOpen, setPopoverOpen] = useState(false)
+  const [editUrl, setEditUrl] = useState('')
+  const [editToken, setEditToken] = useState('')
+  const [showToken, setShowToken] = useState(false)
+  const [authExpanded, setAuthExpanded] = useState(false)
+  const triggerRef = useRef<HTMLButtonElement>(null)
+  const [announcement, setAnnouncement] = useState('')
+
+  const announce = useCallback((message: string) => {
+    setAnnouncement('')
+    requestAnimationFrame(() => setAnnouncement(message))
+  }, [])
+
+  const handleOpenChange = useCallback(
+    (open: boolean) => {
+      if (open) {
+        setEditUrl(apiServerUrl)
+        setEditToken('')
+        setShowToken(false)
+        setAuthExpanded(false)
+      }
+      setPopoverOpen(open)
+      if (!open) {
+        requestAnimationFrame(() => triggerRef.current?.focus())
+      }
+    },
+    [apiServerUrl],
+  )
+
+  const handleConnect = useCallback(async () => {
+    const trimmedUrl = editUrl.trim()
+    const trimmedToken = editToken.trim()
+
+    const urlChanged = trimmedUrl && trimmedUrl !== apiServerUrl
+    const tokenProvided = trimmedToken.length > 0
+
+    if (urlChanged || tokenProvided) {
+      await updateContext(
+        urlChanged ? trimmedUrl : undefined,
+        tokenProvided ? trimmedToken : undefined,
+      )
+      announce('Connection updated')
+      router.push('/')
+    }
+    setPopoverOpen(false)
+    setEditToken('')
+    setShowToken(false)
+    requestAnimationFrame(() => triggerRef.current?.focus())
+  }, [editUrl, editToken, apiServerUrl, updateContext, announce])
+
+  const handleCancel = useCallback(() => {
+    setPopoverOpen(false)
+    setEditUrl('')
+    setEditToken('')
+    setShowToken(false)
+    requestAnimationFrame(() => triggerRef.current?.focus())
+  }, [])
+
+  const handleRestore = useCallback(async () => {
+    await resetContext()
+    announce('Connection restored to default')
+    router.push('/')
+    setPopoverOpen(false)
+    requestAnimationFrame(() => triggerRef.current?.focus())
+  }, [resetContext, announce])
+
+  const handleKeyDown = useCallback(
+    (e: React.KeyboardEvent<HTMLInputElement>) => {
+      if (e.key === 'Enter') {
+        e.preventDefault()
+        void handleConnect()
+      } else if (e.key === 'Escape') {
+        e.preventDefault()
+        handleCancel()
+      }
+    },
+    [handleConnect, handleCancel],
+  )
+
+  const displayLabel = isCustomContext ? 'Custom Server' : apiServerUrl
+
+  return (
+    <div
+      className="sticky bottom-0 z-30 flex h-7 items-center justify-between border-t bg-background px-3"
+      aria-label="Connection status"
+    >
+      <span className="sr-only" aria-live="polite">
+        {announcement}
+      </span>
+
+      <div className="flex items-center gap-1.5">
+        <StatusDot status={status} />
+        <span
+          className={cn(
+            'text-xs',
+            status === 'connected' && 'text-status-success-foreground',
+            status === 'disconnected' && 'text-status-error-foreground',
+            status === 'checking' && 'text-muted-foreground',
+          )}
+        >
+          {statusLabel(status)}
+        </span>
+      </div>
+
+      <Popover open={popoverOpen} onOpenChange={handleOpenChange}>
+        <PopoverTrigger asChild>
+          <button
+            ref={triggerRef}
+            type="button"
+            className={cn(
+              'flex h-6 cursor-pointer items-center gap-1.5 rounded px-1.5 text-xs hover:bg-accent',
+              isCustomContext
+                ? 'text-blue-500'
+                : 'font-mono text-muted-foreground',
+            )}
+            aria-label={
+              isCustomContext
+                ? 'Custom server connection. Click to edit.'
+                : `API server: ${apiServerUrl}. Click to edit.`
+            }
+          >
+            {isCustomContext && <Plug className="size-3.5" />}
+            <span>{displayLabel}</span>
+            <ChevronDown className="size-3 opacity-60" />
+          </button>
+        </PopoverTrigger>
+
+        <PopoverContent
+          side="top"
+          align="end"
+          className="w-80"
+          onOpenAutoFocus={(e) => {
+            e.preventDefault()
+          }}
+        >
+          <div className="space-y-4">
+            <h3 className="text-sm font-medium">Connection</h3>
+
+            <div className="space-y-2">
+              <label
+                htmlFor="status-bar-url"
+                className="text-xs font-medium text-muted-foreground"
+              >
+                API Server URL
+              </label>
+              <Input
+                id="status-bar-url"
+                type="text"
+                value={editUrl}
+                onChange={(e) => setEditUrl(e.target.value)}
+                onKeyDown={handleKeyDown}
+                className="h-8 font-mono text-xs"
+                placeholder="https://api-server:8000"
+              />
+            </div>
+
+            <div className="space-y-2">
+              <button
+                type="button"
+                className="flex cursor-pointer items-center gap-1 text-xs font-medium text-muted-foreground hover:text-foreground"
+                onClick={() => setAuthExpanded((prev) => !prev)}
+                aria-expanded={authExpanded}
+                aria-controls="status-bar-auth-section"
+              >
+                <ChevronDown
+                  className={cn(
+                    'size-3 transition-transform',
+                    !authExpanded && '-rotate-90',
+                  )}
+                />
+                Authentication
+              </button>
+
+              {authExpanded && (
+                <div id="status-bar-auth-section" className="space-y-2">
+                  <label
+                    htmlFor="status-bar-token"
+                    className="text-xs font-medium text-muted-foreground"
+                  >
+                    Bearer Token
+                  </label>
+                  <div className="relative">
+                    <Input
+                      id="status-bar-token"
+                      type={showToken ? 'text' : 'password'}
+                      value={editToken}
+                      onChange={(e) => setEditToken(e.target.value)}
+                      onKeyDown={handleKeyDown}
+                      className="h-8 pr-9 font-mono text-xs"
+                      placeholder="Token (optional)"
+                      autoComplete="off"
+                      spellCheck={false}
+                    />
+                    <button
+                      type="button"
+                      className="absolute right-0 top-0 flex h-8 w-8 cursor-pointer items-center justify-center text-muted-foreground hover:text-foreground"
+                      onClick={() => setShowToken((prev) => !prev)}
+                      aria-label={showToken ? 'Hide token' : 'Show token'}
+                      aria-pressed={showToken}
+                    >
+                      {showToken ? (
+                        <EyeOff className="size-3.5" />
+                      ) : (
+                        <Eye className="size-3.5" />
+                      )}
+                    </button>
+                  </div>
+                  <p className="text-xs text-muted-foreground">
+                    Leave blank to use SSO credentials.
+                  </p>
+                </div>
+              )}
+            </div>
+
+            <div className="flex justify-end gap-2">
+              <Button
+                variant="ghost"
+                size="sm"
+                className="cursor-pointer"
+                onClick={handleCancel}
+              >
+                Cancel
+              </Button>
+              <Button
+                size="sm"
+                className="cursor-pointer"
+                onClick={() => void handleConnect()}
+              >
+                Connect
+              </Button>
+            </div>
+
+            {isCustomContext && (
+              <div className="rounded-md bg-blue-50 px-3 py-2 dark:bg-blue-950/30">
+                <div className="flex items-start gap-2">
+                  <Info className="mt-0.5 size-3.5 shrink-0 text-blue-500" />
+                  <div className="space-y-1.5">
+                    <p className="text-xs text-blue-500">
+                      Using a custom server.
+                    </p>
+                    <Button
+                      variant="outline"
+                      size="xs"
+                      className="cursor-pointer"
+                      onClick={() => void handleRestore()}
+                    >
+                      Restore Default
+                    </Button>
+                  </div>
+                </div>
+              </div>
+            )}
+          </div>
+        </PopoverContent>
+      </Popover>
+    </div>
+  )
+}
diff --git a/components/ambient-ui/src/components/ui/popover.tsx b/components/ambient-ui/src/components/ui/popover.tsx
new file mode 100644
index 000000000..c3b0b4348
--- /dev/null
+++ b/components/ambient-ui/src/components/ui/popover.tsx
@@ -0,0 +1,48 @@
+"use client"
+
+import * as React from "react"
+import * as PopoverPrimitive from "@radix-ui/react-popover"
+
+import { cn } from "@/lib/utils"
+
+function Popover({
+  ...props
+}: React.ComponentProps<typeof PopoverPrimitive.Root>) {
+  return <PopoverPrimitive.Root data-slot="popover" {...props} />
+}
+
+function PopoverTrigger({
+  ...props
+}: React.ComponentProps<typeof PopoverPrimitive.Trigger>) {
+  return <PopoverPrimitive.Trigger data-slot="popover-trigger" {...props} />
+}
+
+function PopoverAnchor({
+  ...props
+}: React.ComponentProps<typeof PopoverPrimitive.Anchor>) {
+  return <PopoverPrimitive.Anchor data-slot="popover-anchor" {...props} />
+}
+
+function PopoverContent({
+  className,
+  align = "end",
+  sideOffset = 6,
+  ...props
+}: React.ComponentProps<typeof PopoverPrimitive.Content>) {
+  return (
+    <PopoverPrimitive.Portal>
+      <PopoverPrimitive.Content
+        data-slot="popover-content"
+        align={align}
+        sideOffset={sideOffset}
+        className={cn(
+          "z-50 w-72 origin-(--radix-popover-content-transform-origin) rounded-md border bg-popover p-4 text-popover-foreground shadow-md outline-none data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2",
+          className
+        )}
+        {...props}
+      />
+    </PopoverPrimitive.Portal>
+  )
+}
+
+export { Popover, PopoverTrigger, PopoverContent, PopoverAnchor }
diff --git a/components/ambient-ui/src/hooks/__tests__/use-connection-status.test.ts b/components/ambient-ui/src/hooks/__tests__/use-connection-status.test.ts
new file mode 100644
index 000000000..e058907f7
--- /dev/null
+++ b/components/ambient-ui/src/hooks/__tests__/use-connection-status.test.ts
@@ -0,0 +1,111 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest'
+import { renderHook, waitFor } from '@testing-library/react'
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query'
+import { createElement } from 'react'
+import { useConnectionStatus } from '../use-connection-status'
+
+function createWrapper() {
+  const queryClient = new QueryClient({
+    defaultOptions: { queries: { retry: false } },
+  })
+  return function Wrapper({ children }: { children: React.ReactNode }) {
+    return createElement(QueryClientProvider, { client: queryClient }, children)
+  }
+}
+
+type FakeFetchResult = {
+  ok: boolean
+  status: number
+  json: () => Promise<Record<string, string>>
+}
+
+function installFakeFetch(result: FakeFetchResult) {
+  const original = globalThis.fetch
+  globalThis.fetch = async (input: RequestInfo | URL) => {
+    const url = typeof input === 'string' ? input : input.toString()
+    if (url === '/api/healthz') {
+      return result as Response
+    }
+    return original(input)
+  }
+  return () => {
+    globalThis.fetch = original
+  }
+}
+
+describe('useConnectionStatus', () => {
+  let cleanup: () => void
+
+  afterEach(() => {
+    cleanup?.()
+  })
+
+  it('returns "checking" as the initial status', () => {
+    cleanup = installFakeFetch({
+      ok: true,
+      status: 200,
+      json: async () => ({ status: 'ok' }),
+    })
+
+    const { result } = renderHook(() => useConnectionStatus(), {
+      wrapper: createWrapper(),
+    })
+
+    expect(result.current.status).toBe('checking')
+  })
+
+  it('returns "connected" when healthz returns 200', async () => {
+    cleanup = installFakeFetch({
+      ok: true,
+      status: 200,
+      json: async () => ({ status: 'ok' }),
+    })
+
+    const { result } = renderHook(() => useConnectionStatus(), {
+      wrapper: createWrapper(),
+    })
+
+    await waitFor(() => {
+      expect(result.current.status).toBe('connected')
+    })
+    expect(result.current.lastChecked).not.toBeNull()
+  })
+
+  it('returns "disconnected" when healthz returns an error', async () => {
+    cleanup = installFakeFetch({
+      ok: false,
+      status: 500,
+      json: async () => ({ status: 'error' }),
+    })
+
+    const { result } = renderHook(() => useConnectionStatus(), {
+      wrapper: createWrapper(),
+    })
+
+    await waitFor(() => {
+      expect(result.current.status).toBe('disconnected')
+    })
+  })
+
+  it('returns "disconnected" when fetch throws a network error', async () => {
+    const original = globalThis.fetch
+    globalThis.fetch = async (input: RequestInfo | URL) => {
+      const url = typeof input === 'string' ? input : input.toString()
+      if (url === '/api/healthz') {
+        throw new Error('Network error')
+      }
+      return original(input)
+    }
+    cleanup = () => {
+      globalThis.fetch = original
+    }
+
+    const { result } = renderHook(() => useConnectionStatus(), {
+      wrapper: createWrapper(),
+    })
+
+    await waitFor(() => {
+      expect(result.current.status).toBe('disconnected')
+    })
+  })
+})
diff --git a/components/ambient-ui/src/hooks/use-connection-status.ts b/components/ambient-ui/src/hooks/use-connection-status.ts
new file mode 100644
index 000000000..6cf9a3519
--- /dev/null
+++ b/components/ambient-ui/src/hooks/use-connection-status.ts
@@ -0,0 +1,37 @@
+'use client'
+
+import { useQuery } from '@tanstack/react-query'
+
+export type ConnectionStatus = 'connected' | 'disconnected' | 'checking'
+
+type UseConnectionStatusReturn = {
+  status: ConnectionStatus
+  lastChecked: string | null
+}
+
+async function checkHealth(): Promise<{ ok: boolean }> {
+  const response = await fetch('/api/healthz')
+  if (!response.ok) {
+    throw new Error(`Health check failed: ${response.status}`)
+  }
+  return { ok: true }
+}
+
+export function useConnectionStatus(): UseConnectionStatusReturn {
+  const { data, isError, isPending } = useQuery({
+    queryKey: ['connection-status'],
+    queryFn: checkHealth,
+    refetchInterval: 10_000,
+    retry: false,
+  })
+
+  if (isPending) {
+    return { status: 'checking', lastChecked: null }
+  }
+
+  if (isError || !data?.ok) {
+    return { status: 'disconnected', lastChecked: new Date().toISOString() }
+  }
+
+  return { status: 'connected', lastChecked: new Date().toISOString() }
+}
diff --git a/components/ambient-ui/src/lib/runtime-config.ts b/components/ambient-ui/src/lib/runtime-config.ts
new file mode 100644
index 000000000..83b41cc10
--- /dev/null
+++ b/components/ambient-ui/src/lib/runtime-config.ts
@@ -0,0 +1,49 @@
+import { env } from './env'
+import { getSession } from './session'
+
+export type RuntimeConfig = {
+  apiServerUrl: string
+  customToken: string | null
+  defaultApiServerUrl: string
+  isCustomContext: boolean
+}
+
+export async function getRuntimeConfig(): Promise<RuntimeConfig> {
+  const defaultUrl = env.API_SERVER_URL
+  try {
+    const session = await getSession()
+    const apiServerUrl = session.customApiServerUrl || defaultUrl
+    const customToken = session.customToken || null
+    return {
+      apiServerUrl,
+      customToken,
+      defaultApiServerUrl: defaultUrl,
+      isCustomContext: apiServerUrl !== defaultUrl || customToken !== null,
+    }
+  } catch {
+    return {
+      apiServerUrl: defaultUrl,
+      customToken: null,
+      defaultApiServerUrl: defaultUrl,
+      isCustomContext: false,
+    }
+  }
+}
+
+export async function setCustomContext(url?: string, token?: string | null): Promise<void> {
+  const session = await getSession()
+  if (url) session.customApiServerUrl = url
+  if (token === null || token === '') {
+    session.customToken = undefined
+  } else if (token) {
+    session.customToken = token
+  }
+  await session.save()
+}
+
+export async function resetContext(): Promise<void> {
+  const session = await getSession()
+  session.customApiServerUrl = undefined
+  session.customToken = undefined
+  await session.save()
+}
diff --git a/components/ambient-ui/src/lib/session.ts b/components/ambient-ui/src/lib/session.ts
index a744144e6..ae3bfc9e4 100644
--- a/components/ambient-ui/src/lib/session.ts
+++ b/components/ambient-ui/src/lib/session.ts
@@ -7,8 +7,12 @@ export type SessionData = {
   accessToken: string
   refreshToken: string
   expiresAt: number
+  customApiServerUrl?: string
+  customToken?: string
 }
 
+const devSessionSecret = randomBytes(32).toString("hex")
+
 function getSessionOptions(): SessionOptions {
   const secret = env.SESSION_SECRET
   if (!secret) {
@@ -16,7 +20,7 @@ function getSessionOptions(): SessionOptions {
       throw new Error("SESSION_SECRET must be set when AUTH_MODE=native-sso")
     }
     return {
-      password: randomBytes(32).toString("hex"),
+      password: devSessionSecret,
       cookieName: "ambient-ui-session",
       cookieOptions: {
         secure: process.env.NODE_ENV === "production",
diff --git a/specs/ambient-ui/ambient-ui.spec.md b/specs/ambient-ui/ambient-ui.spec.md
index 482f91840..ead725d9e 100644
--- a/specs/ambient-ui/ambient-ui.spec.md
+++ b/specs/ambient-ui/ambient-ui.spec.md
@@ -712,17 +712,91 @@ Every list view SHALL display a meaningful empty state when no data exists, incl
 
 All destructive or state-changing actions (session stop/delete, credential delete/rotate, schedule enable/disable, feature flag toggle) SHALL require explicit confirmation before executing.
 
-### Requirement: Cluster Health Indicator
+### Requirement: Status Bar
 
-The top bar SHALL display a cluster connection status indicator that reflects the ambient-api-server's reachability.
+The Ambient UI SHALL display a persistent status bar fixed to the bottom of the viewport. The status bar SHALL be compact (single line) and always visible regardless of scroll position or active view.
+
+The status bar SHALL display:
+- **Connection context**: The ambient-api-server URL currently targeted by the BFF
+- **Connection status indicator**: A colored dot and label reflecting the ambient-api-server's reachability (moved from the top bar)
+
+#### Scenario: Status bar rendering
+
+- GIVEN the Ambient UI is loaded
+- WHEN any view renders
+- THEN a compact status bar is visible at the bottom of the viewport
+- AND it displays the API server URL (e.g., `https://ambient-api-server:8000`)
+- AND it displays a connection status indicator (green dot + "Connected" or red dot + "Disconnected")
+
+#### Scenario: Cluster connected
+
+- GIVEN the ambient-api-server is reachable
+- WHEN the status bar renders
+- THEN the connection indicator displays a green dot with "Connected" label
 
 #### Scenario: Cluster disconnected
 
 - GIVEN the ambient-api-server becomes unreachable
 - WHEN the UI detects connection failure
-- THEN the cluster indicator changes to red with "Disconnected" label
+- THEN the connection indicator changes to a red dot with "Disconnected" label
 - AND a pulsing animation draws attention to the status change
 
+### Requirement: Connection Context Switching
+
+The status bar SHALL support switching between the default SSO-authenticated connection and a custom connection with a user-provided URL and bearer token.
+
+The default connection uses the BFF's configured API server URL and the JWT from the user's SSO session (native-sso mode). A custom connection overrides both the URL and the authentication token.
+
+#### Scenario: Default SSO context
+
+- GIVEN the user has authenticated via SSO
+- WHEN no custom context is active
+- THEN the BFF proxies API requests to the configured API server URL
+- AND uses the JWT from the SSO session as the Authorization header
+- AND the status bar displays the configured URL with no override indicator
+
+#### Scenario: Enter custom context
+
+- GIVEN the status bar displays the default API server URL
+- WHEN the user clicks the URL
+- THEN the status bar expands to show two editable fields: URL and Token
+- AND the URL field is pre-populated with the current URL
+- AND the Token field is empty with placeholder text (e.g., "Bearer token")
+- AND pressing Enter on either field confirms the change
+- AND pressing Escape cancels and collapses back to the default view
+
+#### Scenario: Custom context applied
+
+- GIVEN the user enters a custom URL and token and confirms
+- WHEN the custom context is active
+- THEN the BFF proxies all API requests to the custom URL
+- AND uses the user-provided token as the Authorization header (instead of the SSO JWT)
+- AND the status bar displays the custom URL with a visual override indicator
+- AND a "Reset" control is visible to revert to the default context
+
+#### Scenario: Reset to default context
+
+- GIVEN a custom context is active
+- WHEN the user clicks the "Reset" control
+- THEN the custom URL and token are cleared
+- AND the BFF reverts to using the configured API server URL and SSO JWT
+- AND the status bar returns to its default appearance
+
+#### Scenario: Custom context with URL only (no token)
+
+- GIVEN the user enters only a custom URL without a token
+- WHEN the custom context is applied
+- THEN the BFF proxies to the custom URL
+- AND uses the SSO session JWT as the Authorization header (if available)
+- AND falls back to no Authorization header if no SSO session exists
+
+#### Scenario: Custom context persistence
+
+- GIVEN the user has set a custom context
+- WHEN the page is refreshed
+- THEN the custom context persists (stored server-side in the BFF session)
+- AND the user does not need to re-enter the URL and token
+
 ---
 
 ## API Dependencies