diff --git a/apps/mana/apps/web/src/lib/components/settings/AiSettings.svelte b/apps/mana/apps/web/src/lib/components/settings/AiSettings.svelte
index c7c04db1d..232e81c72 100644
--- a/apps/mana/apps/web/src/lib/components/settings/AiSettings.svelte
+++ b/apps/mana/apps/web/src/lib/components/settings/AiSettings.svelte
@@ -3,13 +3,9 @@
 	 * AiSettings — Settings-page section for the tiered LLM orchestrator.
 	 *
 	 * Lets the user pick which @mana/shared-llm tiers Mana is allowed to
-	 * use. Each tier is a checkbox with an explanation of what it means
-	 * for privacy + speed + cost. The cloud tier is gated behind an
-	 * additional consent checkbox the first time it's enabled.
-	 *
-	 * Drops into the main settings page (/settings) as a self-contained
-	 * Card section, mirroring the existing PasskeyManager / SessionManager
-	 * pattern.
+	 * use. Each tier is a selectable row with an explanation of what it
+	 * means for privacy + speed + cost. The cloud tier is gated behind
+	 * an additional consent step the first time it's enabled.
 	 */
 	import { llmSettingsState, updateLlmSettings, tierLabel, type LlmTier } from '@mana/shared-llm';
 	import {
@@ -30,7 +26,7 @@
 	let loadingBrowser = $state(false);
 
 	function toggleTier(tier: LlmTier) {
-		if (tier === 'none') return; // 'none' is implicit, not a real toggle
+		if (tier === 'none') return;
 		const current = settings.allowedTiers;
 		const next = current.includes(tier) ? current.filter((t) => t !== tier) : [...current, tier];
 		updateLlmSettings({ allowedTiers: next });
@@ -57,8 +53,6 @@
 		updateLlmSettings({ showSourceInUi: value });
 	}
 
-	// Tier card metadata — defined inline because it's specific to this UI
-	// and changes alongside layout updates.
 	type TierCard = {
 		tier: LlmTier;
 		icon: typeof Robot;
@@ -99,7 +93,7 @@
 			bullets: [
 				'Direkt aus dem Browser — keine Mana-Server-Zwischenstation',
 				'Du zahlst beim Provider, wir sehen nichts davon',
-				'Schluessel werden verschluesselt in deinem Vault gespeichert',
+				'Schlüssel werden verschlüsselt in deinem Vault gespeichert',
 			],
 		},
 		{
@@ -123,24 +117,28 @@
 	const browserCacheReady = $derived(webgpuSupported && localLlmStatus.current.state === 'ready');
 </script>
 
-<div>
-	<!-- Tier 0 explainer -->
-	<div class="mb-4 rounded-xl border border-border bg-muted/20 p-4">
-		<div class="flex items-start gap-3">
-			<CheckCircle size={20} class="mt-0.5 shrink-0 text-emerald-500" weight="fill" />
-			<div>
-				<p class="font-medium">Lokal (ohne KI) — immer aktiv</p>
-				<p class="mt-1 text-sm text-muted-foreground">
-					Mana funktioniert auch ganz ohne KI: Datum-Erkennung, Suche und einfache Klassifikation
-					laufen über klassische Algorithmen. Manche Funktionen sind dann begrenzt, dafür ist alles
-					100% offline und kostet nichts.
-				</p>
+<div class="ai-settings">
+	<!-- Tier 0 — always on -->
+	<div class="tier-row tier0 enabled" aria-disabled="true">
+		<div class="tier-icon">
+			<CheckCircle size={20} weight="fill" />
+		</div>
+		<div class="tier-body">
+			<div class="tier-title-line">
+				<span class="tier-title">Lokal (ohne KI)</span>
+				<span class="tier-badge tier-badge-always">immer aktiv</span>
 			</div>
+			<p class="tier-subtitle">Basis-Funktionen ohne jede KI</p>
+			<p class="tier0-desc">
+				Mana funktioniert auch ganz ohne KI: Datum-Erkennung, Suche und einfache Klassifikation
+				laufen über klassische Algorithmen. Manche Funktionen sind dann begrenzt, dafür ist alles
+				100% offline und kostet nichts.
+			</p>
 		</div>
 	</div>
 
-	<!-- Tier 1-3 toggleable cards -->
-	<div class="space-y-3">
+	<!-- Tier 1–3 selectable rows -->
+	<div class="tier-list">
 		{#each tierCards as card}
 			{@const enabled = isEnabled(card.tier)}
 			{@const tierBlocked = card.tier === 'browser' && !webgpuSupported}
@@ -148,189 +146,518 @@
 				type="button"
 				onclick={() => !tierBlocked && toggleTier(card.tier)}
 				disabled={tierBlocked}
-				class="w-full rounded-xl border p-4 text-left transition-all {enabled
-					? 'border-primary bg-primary/5 ring-1 ring-primary/30'
-					: 'border-border bg-card hover:border-primary/40'} {tierBlocked
-					? 'cursor-not-allowed opacity-50'
-					: 'cursor-pointer'}"
+				class="tier-row"
+				class:enabled
+				class:blocked={tierBlocked}
 			>
-				<div class="flex items-start gap-3">
-					<div
-						class="flex h-10 w-10 shrink-0 items-center justify-center rounded-lg {enabled
-							? 'bg-primary/20 text-primary'
-							: 'bg-muted text-muted-foreground'}"
-					>
-						<card.icon size={20} />
+				<div class="tier-icon">
+					<card.icon size={20} />
+				</div>
+				<div class="tier-body">
+					<div class="tier-title-line">
+						<span class="tier-title">{card.title}</span>
+						{#if enabled}
+							<span class="tier-badge">aktiv</span>
+						{/if}
 					</div>
-					<div class="min-w-0 flex-1">
-						<div class="flex items-center gap-2">
-							<div class="text-base font-semibold">{card.title}</div>
-							{#if enabled}
-								<span
-									class="rounded-full bg-primary px-2 py-0.5 text-[10px] font-medium text-primary-foreground"
-									>aktiv</span
+					<p class="tier-subtitle">{card.subtitle}</p>
+					<ul class="tier-bullets">
+						{#each card.bullets as bullet}
+							<li>{bullet}</li>
+						{/each}
+					</ul>
+					{#if card.warning}
+						<p class="tier-warning">
+							<Warning size={12} weight="fill" />
+							<span>{card.warning}</span>
+						</p>
+					{/if}
+
+					{#if card.tier === 'browser' && enabled && webgpuSupported}
+						<div class="tier-extra">
+							{#if browserCacheReady}
+								<span class="status-ok">✓ Modell geladen</span>
+							{:else if localLlmStatus.current.state === 'downloading'}
+								<span class="status-muted">
+									Lade {defaultModelInfo.displayName} ({(
+										localLlmStatus.current.progress * 100
+									).toFixed(0)}%)…
+								</span>
+							{:else}
+								<!-- svelte-ignore node_invalid_placement_ssr -->
+								<button
+									type="button"
+									onclick={(e) => {
+										e.stopPropagation();
+										loadBrowserModel();
+									}}
+									disabled={loadingBrowser}
+									class="action-btn"
 								>
+									{loadingBrowser
+										? 'Lade…'
+										: `Modell laden (~${defaultModelInfo.downloadSizeMb} MB)`}
+								</button>
 							{/if}
 						</div>
-						<p class="mt-0.5 text-sm text-muted-foreground">{card.subtitle}</p>
-						<ul class="mt-2 space-y-1 text-xs text-muted-foreground">
-							{#each card.bullets as bullet}
-								<li class="flex items-start gap-1.5">
-									<span class="mt-0.5 text-primary">•</span>
-									<span>{bullet}</span>
-								</li>
-							{/each}
-						</ul>
-						{#if card.warning}
-							<div
-								class="mt-2 flex items-start gap-1.5 rounded-md bg-amber-500/10 p-2 text-xs text-amber-700 dark:text-amber-400"
-							>
-								<Warning size={12} weight="fill" class="mt-0.5 shrink-0" />
-								<span>{card.warning}</span>
-							</div>
-						{/if}
+					{/if}
 
-						<!-- Per-tier extras -->
-						{#if card.tier === 'browser' && enabled && webgpuSupported}
-							<div class="mt-3 flex items-center gap-2 text-xs">
-								{#if browserCacheReady}
-									<span class="text-emerald-500">✓ Modell geladen</span>
-								{:else if localLlmStatus.current.state === 'downloading'}
-									<span class="text-muted-foreground">
-										Lade {defaultModelInfo.displayName} ({(
-											localLlmStatus.current.progress * 100
-										).toFixed(0)}%)…
-									</span>
-								{:else}
-									<!-- svelte-ignore node_invalid_placement_ssr -->
-									<button
-										type="button"
-										onclick={(e) => {
-											e.stopPropagation();
-											loadBrowserModel();
-										}}
-										disabled={loadingBrowser}
-										class="rounded-md bg-primary px-3 py-1 text-xs font-medium text-primary-foreground disabled:opacity-50"
-									>
-										{loadingBrowser
-											? 'Lade…'
-											: `Modell laden (~${defaultModelInfo.downloadSizeMb} MB)`}
-									</button>
-								{/if}
-							</div>
-						{/if}
+					{#if card.tier === 'browser' && tierBlocked}
+						<p class="tier-blocked-note">
+							WebGPU nicht verfügbar in deinem Browser. Funktioniert in Chrome/Edge 113+ oder Safari
+							18+.
+						</p>
+					{/if}
 
-						{#if card.tier === 'browser' && tierBlocked}
-							<p class="mt-2 text-xs text-amber-600 dark:text-amber-400">
-								WebGPU nicht verfügbar in deinem Browser. Funktioniert in Chrome/Edge 113+ oder
-								Safari 18+.
+					{#if card.tier === 'byok' && enabled}
+						<div
+							class="tier-extra"
+							onclick={(e) => e.stopPropagation()}
+							onkeydown={(e) => e.stopPropagation()}
+							role="presentation"
+						>
+							<ByokKeysManager />
+						</div>
+					{/if}
+
+					{#if card.tier === 'cloud' && enabled && !settings.cloudConsentGiven}
+						<div
+							class="tier-consent"
+							onclick={(e) => e.stopPropagation()}
+							onkeydown={(e) => e.stopPropagation()}
+							role="presentation"
+						>
+							<p class="consent-title">Bestätigung erforderlich</p>
+							<p class="consent-desc">
+								Cloud-Anfragen senden deine Inhalte an Google. Bitte bestätige, dass du das
+								verstanden hast und akzeptierst.
 							</p>
-						{/if}
-
-						{#if card.tier === 'byok' && enabled}
-							<div
-								class="mt-3"
-								onclick={(e) => e.stopPropagation()}
-								onkeydown={(e) => e.stopPropagation()}
-								role="presentation"
+							<!-- svelte-ignore node_invalid_placement_ssr -->
+							<button
+								type="button"
+								onclick={(e) => {
+									e.stopPropagation();
+									setCloudConsent(true);
+								}}
+								class="consent-btn"
 							>
-								<ByokKeysManager />
-							</div>
-						{/if}
+								Verstanden, Cloud aktivieren
+							</button>
+						</div>
+					{/if}
 
-						{#if card.tier === 'cloud' && enabled && !settings.cloudConsentGiven}
-							<div
-								class="mt-3 rounded-md border border-amber-500/30 bg-amber-500/5 p-3"
-								onclick={(e) => e.stopPropagation()}
-								onkeydown={(e) => e.stopPropagation()}
-								role="presentation"
+					{#if card.tier === 'cloud' && enabled && settings.cloudConsentGiven}
+						<div
+							class="tier-extra consent-ok"
+							onclick={(e) => e.stopPropagation()}
+							onkeydown={(e) => e.stopPropagation()}
+							role="presentation"
+						>
+							<span class="status-ok">✓ Cloud-Zustimmung erteilt</span>
+							<!-- svelte-ignore node_invalid_placement_ssr -->
+							<button
+								type="button"
+								onclick={(e) => {
+									e.stopPropagation();
+									setCloudConsent(false);
+								}}
+								class="link-btn"
 							>
-								<p class="text-xs font-medium text-amber-700 dark:text-amber-400">
-									Bestätigung erforderlich
-								</p>
-								<p class="mt-1 text-xs text-muted-foreground">
-									Cloud-Anfragen senden deine Inhalte an Google. Bitte bestätige, dass du das
-									verstanden hast und akzeptierst.
-								</p>
-								<!-- svelte-ignore node_invalid_placement_ssr -->
-								<button
-									type="button"
-									onclick={(e) => {
-										e.stopPropagation();
-										setCloudConsent(true);
-									}}
-									class="mt-2 rounded-md bg-amber-600 px-3 py-1 text-xs font-medium text-white hover:bg-amber-700"
-								>
-									Verstanden, Cloud aktivieren
-								</button>
-							</div>
-						{/if}
-
-						{#if card.tier === 'cloud' && enabled && settings.cloudConsentGiven}
-							<div class="mt-3 flex items-center justify-between gap-2 text-xs">
-								<span class="text-emerald-500">✓ Cloud-Zustimmung erteilt</span>
-								<!-- svelte-ignore node_invalid_placement_ssr -->
-								<button
-									type="button"
-									onclick={(e) => {
-										e.stopPropagation();
-										setCloudConsent(false);
-									}}
-									class="text-muted-foreground hover:text-foreground"
-								>
-									Zurücknehmen
-								</button>
-							</div>
-						{/if}
-					</div>
+								Zurücknehmen
+							</button>
+						</div>
+					{/if}
 				</div>
 			</button>
 		{/each}
 	</div>
 
 	<!-- Active tier chain summary -->
-	<div class="mt-4 rounded-lg bg-muted/30 px-3 py-2 text-xs text-muted-foreground">
-		<span class="font-medium text-foreground">Aktuelle Reihenfolge: </span>
-		{#if settings.allowedTiers.length === 0}
-			Nur lokal (ohne KI) — die meisten KI-Funktionen sind begrenzt.
-		{:else}
-			{settings.allowedTiers.map((t) => tierLabel(t)).join(' → ')} → Lokal (Fallback)
-		{/if}
+	<div class="summary-row">
+		<span class="summary-label">Aktuelle Reihenfolge:</span>
+		<span class="summary-value">
+			{#if settings.allowedTiers.length === 0}
+				Nur lokal (ohne KI) — die meisten KI-Funktionen sind begrenzt.
+			{:else}
+				{settings.allowedTiers.map((t) => tierLabel(t)).join(' → ')} → Lokal (Fallback)
+			{/if}
+		</span>
 	</div>
 
 	<!-- Behavior toggles -->
-	<div class="mt-6 space-y-3 border-t border-border pt-4">
-		<label class="flex cursor-pointer items-start gap-3">
-			<input
-				type="checkbox"
-				checked={settings.fallbackToRulesOnError}
-				onchange={(e) => setFallback((e.currentTarget as HTMLInputElement).checked)}
-				class="mt-0.5 h-4 w-4 rounded border-border"
-			/>
-			<div>
-				<div class="text-sm font-medium">Bei Fehler auf "Lokal" zurückfallen</div>
-				<div class="text-xs text-muted-foreground">
+	<div class="rows">
+		<div class="row">
+			<div class="row-info">
+				<p class="row-title">Bei Fehler auf „Lokal" zurückfallen</p>
+				<p class="row-desc">
 					Wenn die gewählte KI-Schicht eine Anfrage nicht beantworten kann, versucht Mana es mit der
 					lokalen Variante (sofern verfügbar). Aus: zeigt stattdessen einen Fehler an.
-				</div>
+				</p>
 			</div>
-		</label>
+			<button
+				type="button"
+				class="toggle"
+				class:on={settings.fallbackToRulesOnError}
+				onclick={() => setFallback(!settings.fallbackToRulesOnError)}
+				aria-label="Fallback auf Lokal"
+			>
+				<span class="toggle-knob"></span>
+			</button>
+		</div>
 
-		<label class="flex cursor-pointer items-start gap-3">
-			<input
-				type="checkbox"
-				checked={settings.showSourceInUi}
-				onchange={(e) => setShowSource((e.currentTarget as HTMLInputElement).checked)}
-				class="mt-0.5 h-4 w-4 rounded border-border"
-			/>
-			<div>
-				<div class="text-sm font-medium">Quelle bei jedem KI-Resultat anzeigen</div>
-				<div class="text-xs text-muted-foreground">
-					Zeigt unter jeder KI-generierten Antwort eine kleine Markierung wie "Auf deinem Gerät"
-					oder "via Google Gemini" — damit du immer siehst, wo deine Daten gerade verarbeitet
+		<div class="row">
+			<div class="row-info">
+				<p class="row-title">Quelle bei jedem KI-Resultat anzeigen</p>
+				<p class="row-desc">
+					Zeigt unter jeder KI-generierten Antwort eine kleine Markierung wie „Auf deinem Gerät"
+					oder „via Google Gemini" — damit du immer siehst, wo deine Daten gerade verarbeitet
 					wurden.
-				</div>
+				</p>
 			</div>
-		</label>
+			<button
+				type="button"
+				class="toggle"
+				class:on={settings.showSourceInUi}
+				onclick={() => setShowSource(!settings.showSourceInUi)}
+				aria-label="Quelle anzeigen"
+			>
+				<span class="toggle-knob"></span>
+			</button>
+		</div>
 	</div>
 </div>
+
+<style>
+	.ai-settings {
+		display: flex;
+		flex-direction: column;
+		gap: 1.25rem;
+	}
+
+	/* ── Tier 0 — always-active (same card shape, non-interactive) ───── */
+	.tier-row.tier0 {
+		cursor: default;
+		border-color: hsl(142 71% 45% / 0.35);
+		background: hsl(142 71% 45% / 0.05);
+		box-shadow: inset 0 0 0 1px hsl(142 71% 45% / 0.1);
+	}
+	.tier-row.tier0:hover {
+		border-color: hsl(142 71% 45% / 0.35);
+		background: hsl(142 71% 45% / 0.05);
+	}
+	.tier-row.tier0 .tier-icon {
+		background: hsl(142 71% 45% / 0.15);
+		color: hsl(142 71% 45%);
+	}
+	.tier-row.tier0 .tier-badge-always {
+		background: hsl(142 71% 45%);
+		color: white;
+	}
+	.tier0-desc {
+		margin: 0.5rem 0 0;
+		font-size: 0.8125rem;
+		color: hsl(var(--color-muted-foreground));
+		line-height: 1.6;
+	}
+
+	/* ── Tier selection list ────────────────────────────────────────── */
+	.tier-list {
+		display: flex;
+		flex-direction: column;
+		gap: 0.5rem;
+	}
+
+	.tier-row {
+		display: flex;
+		align-items: flex-start;
+		gap: 0.875rem;
+		width: 100%;
+		padding: 0.875rem 1rem;
+		background: hsl(var(--color-card));
+		border: 1px solid hsl(var(--color-border));
+		border-radius: 0.875rem;
+		text-align: left;
+		cursor: pointer;
+		transition:
+			background 0.15s,
+			border-color 0.15s,
+			box-shadow 0.15s;
+	}
+	.tier-row:not(.blocked):hover {
+		border-color: hsl(var(--color-border-strong, var(--color-border)));
+		background: hsl(var(--color-surface-hover, var(--color-muted)) / 0.4);
+	}
+	.tier-row.enabled {
+		border-color: hsl(var(--color-primary) / 0.4);
+		background: hsl(var(--color-primary) / 0.04);
+		box-shadow: inset 0 0 0 1px hsl(var(--color-primary) / 0.15);
+	}
+	.tier-row.blocked {
+		opacity: 0.5;
+		cursor: not-allowed;
+	}
+
+	.tier-icon {
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		flex-shrink: 0;
+		width: 2.25rem;
+		height: 2.25rem;
+		border-radius: 0.625rem;
+		background: hsl(var(--color-muted));
+		color: hsl(var(--color-muted-foreground));
+		transition:
+			background 0.15s,
+			color 0.15s;
+	}
+	.tier-row.enabled .tier-icon {
+		background: hsl(var(--color-primary) / 0.15);
+		color: hsl(var(--color-primary));
+	}
+
+	.tier-body {
+		min-width: 0;
+		flex: 1;
+	}
+
+	.tier-title-line {
+		display: flex;
+		align-items: center;
+		gap: 0.5rem;
+	}
+
+	.tier-title {
+		font-size: 0.9375rem;
+		font-weight: 600;
+		color: hsl(var(--color-foreground));
+	}
+
+	.tier-badge {
+		padding: 0.0625rem 0.4375rem;
+		font-size: 0.625rem;
+		font-weight: 500;
+		border-radius: 9999px;
+		background: hsl(var(--color-primary));
+		color: hsl(var(--color-primary-foreground));
+	}
+
+	.tier-subtitle {
+		margin: 0.1875rem 0 0;
+		font-size: 0.875rem;
+		color: hsl(var(--color-muted-foreground));
+		line-height: 1.5;
+	}
+
+	.tier-bullets {
+		margin: 0.625rem 0 0;
+		padding: 0;
+		list-style: none;
+		display: flex;
+		flex-direction: column;
+		gap: 0.3125rem;
+	}
+
+	.tier-bullets li {
+		position: relative;
+		padding-left: 0.9375rem;
+		font-size: 0.8125rem;
+		color: hsl(var(--color-foreground) / 0.78);
+		line-height: 1.55;
+	}
+
+	.tier-bullets li::before {
+		content: '•';
+		position: absolute;
+		left: 0;
+		color: hsl(var(--color-primary));
+	}
+
+	.tier-warning {
+		display: flex;
+		align-items: flex-start;
+		gap: 0.375rem;
+		margin: 0.625rem 0 0;
+		font-size: 0.8125rem;
+		line-height: 1.5;
+		color: hsl(35 90% 45%);
+	}
+	.tier-warning :global(svg) {
+		flex-shrink: 0;
+		margin-top: 0.125rem;
+	}
+
+	.tier-extra {
+		display: flex;
+		align-items: center;
+		gap: 0.5rem;
+		margin-top: 0.625rem;
+		font-size: 0.75rem;
+	}
+	.tier-extra.consent-ok {
+		justify-content: space-between;
+	}
+
+	.status-ok {
+		color: hsl(142 71% 45%);
+	}
+	.status-muted {
+		color: hsl(var(--color-muted-foreground));
+	}
+
+	.tier-blocked-note {
+		margin: 0.5rem 0 0;
+		font-size: 0.75rem;
+		color: hsl(35 90% 45%);
+	}
+
+	.action-btn {
+		padding: 0.375rem 0.75rem;
+		font-size: 0.75rem;
+		font-weight: 500;
+		border: none;
+		border-radius: 0.5rem;
+		background: hsl(var(--color-primary));
+		color: hsl(var(--color-primary-foreground));
+		cursor: pointer;
+	}
+	.action-btn:disabled {
+		opacity: 0.5;
+		cursor: not-allowed;
+	}
+
+	.link-btn {
+		padding: 0;
+		border: none;
+		background: transparent;
+		font-size: 0.75rem;
+		color: hsl(var(--color-muted-foreground));
+		cursor: pointer;
+	}
+	.link-btn:hover {
+		color: hsl(var(--color-foreground));
+	}
+
+	/* ── Cloud consent inline block ─────────────────────────────────── */
+	.tier-consent {
+		margin-top: 0.625rem;
+		padding: 0.625rem 0.75rem;
+		border-left: 3px solid hsl(35 90% 55%);
+		background: hsl(35 90% 55% / 0.06);
+		border-radius: 0 0.375rem 0.375rem 0;
+	}
+	.consent-title {
+		margin: 0;
+		font-size: 0.75rem;
+		font-weight: 500;
+		color: hsl(35 90% 40%);
+	}
+	.consent-desc {
+		margin: 0.25rem 0 0;
+		font-size: 0.8125rem;
+		color: hsl(var(--color-muted-foreground));
+		line-height: 1.55;
+	}
+	.consent-btn {
+		margin-top: 0.5rem;
+		padding: 0.375rem 0.75rem;
+		font-size: 0.75rem;
+		font-weight: 500;
+		border: none;
+		border-radius: 0.5rem;
+		background: hsl(35 90% 50%);
+		color: white;
+		cursor: pointer;
+	}
+	.consent-btn:hover {
+		background: hsl(35 90% 45%);
+	}
+
+	/* ── Summary row ────────────────────────────────────────────────── */
+	.summary-row {
+		display: flex;
+		flex-wrap: wrap;
+		gap: 0.25rem 0.5rem;
+		font-size: 0.8125rem;
+		line-height: 1.5;
+		color: hsl(var(--color-muted-foreground));
+	}
+	.summary-label {
+		font-weight: 500;
+		color: hsl(var(--color-foreground));
+	}
+	.summary-value {
+		min-width: 0;
+	}
+
+	/* ── Behavior toggle rows (matches GeneralSection) ──────────────── */
+	.rows {
+		display: flex;
+		flex-direction: column;
+		border-top: 1px solid hsl(var(--color-border));
+	}
+
+	.row {
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+		gap: 1rem;
+		padding: 0.75rem 0;
+		border-bottom: 1px solid hsl(var(--color-border));
+	}
+
+	.row:last-child {
+		border-bottom: none;
+	}
+
+	.row-info {
+		min-width: 0;
+		flex: 1;
+	}
+
+	.row-title {
+		margin: 0;
+		font-size: 0.875rem;
+		font-weight: 500;
+		color: hsl(var(--color-foreground));
+	}
+
+	.row-desc {
+		margin: 0.1875rem 0 0;
+		font-size: 0.8125rem;
+		color: hsl(var(--color-muted-foreground));
+		line-height: 1.55;
+	}
+
+	.toggle {
+		position: relative;
+		width: 2.75rem;
+		height: 1.5rem;
+		border-radius: 9999px;
+		border: none;
+		cursor: pointer;
+		transition: background 0.2s;
+		background: hsl(var(--color-muted));
+		flex-shrink: 0;
+	}
+
+	.toggle.on {
+		background: hsl(var(--color-primary));
+	}
+
+	.toggle-knob {
+		position: absolute;
+		top: 0.125rem;
+		left: 0.125rem;
+		width: 1.25rem;
+		height: 1.25rem;
+		border-radius: 50%;
+		background: white;
+		transition: transform 0.2s;
+		box-shadow: 0 1px 3px hsl(0 0% 0% / 0.15);
+	}
+
+	.toggle.on .toggle-knob {
+		transform: translateX(1.25rem);
+	}
+</style>
diff --git a/apps/mana/apps/web/src/lib/components/settings/searchIndex.ts b/apps/mana/apps/web/src/lib/components/settings/searchIndex.ts
index bca629046..66403c913 100644
--- a/apps/mana/apps/web/src/lib/components/settings/searchIndex.ts
+++ b/apps/mana/apps/web/src/lib/components/settings/searchIndex.ts
@@ -4,9 +4,9 @@
  * updates both the navigation and the search results.
  */
 import type { Component } from 'svelte';
-import { Gear, Robot, ShieldCheck, CurrencyCircleDollar, Cloud } from '@mana/shared-icons';
+import { Gear, Robot, ShieldCheck, Cloud } from '@mana/shared-icons';
 
-export type CategoryId = 'general' | 'ai' | 'security' | 'credits' | 'data';
+export type CategoryId = 'general' | 'ai' | 'security' | 'data';
 
 export interface Category {
 	id: CategoryId;
@@ -39,13 +39,6 @@ export const categories: Category[] = [
 		icon: ShieldCheck,
 		anchors: ['passkeys', 'sessions', 'two-factor', 'vault', 'security-log'],
 	},
-	{
-		id: 'credits',
-		label: 'Credits',
-		description: 'Guthaben & Transaktionen',
-		icon: CurrencyCircleDollar,
-		anchors: ['credits'],
-	},
 	{
 		id: 'data',
 		label: 'Daten & Sync',
@@ -143,21 +136,6 @@ export const searchIndex: SearchEntry[] = [
 		anchor: 'security-log',
 	},
 
-	// Credits
-	{
-		label: 'Credits-Guthaben',
-		keywords: ['balance', 'geld'],
-		category: 'credits',
-		anchor: 'credits',
-	},
-	{
-		label: 'Credits kaufen',
-		keywords: ['buy', 'pakete', 'kaufen'],
-		category: 'credits',
-		anchor: 'credits',
-	},
-	{ label: 'Transaktionen', keywords: ['history'], category: 'credits', anchor: 'credits' },
-
 	// Data
 	{
 		label: 'Cloud Sync',
diff --git a/apps/mana/apps/web/src/lib/components/settings/sections/CreditsSection.svelte b/apps/mana/apps/web/src/lib/components/settings/sections/CreditsSection.svelte
deleted file mode 100644
index 8b8eec397..000000000
--- a/apps/mana/apps/web/src/lib/components/settings/sections/CreditsSection.svelte
+++ /dev/null
@@ -1,75 +0,0 @@
-<script lang="ts">
-	import { onMount } from 'svelte';
-	import { CurrencyCircleDollar } from '@mana/shared-icons';
-	import { creditsService } from '$lib/api/credits';
-	import type { CreditBalance } from '$lib/api/credits';
-	import { authStore } from '$lib/stores/auth.svelte';
-	import SettingsPanel from '../SettingsPanel.svelte';
-	import SettingsSectionHeader from '../SettingsSectionHeader.svelte';
-
-	let creditBalance = $state<CreditBalance | null>(null);
-
-	onMount(async () => {
-		if (!authStore.isAuthenticated) return;
-		try {
-			creditBalance = await creditsService.getBalance();
-		} catch (e) {
-			console.error('CreditsSection load failed:', e);
-		}
-	});
-
-	function formatCredits(amount: number): string {
-		return amount.toLocaleString('de-DE');
-	}
-</script>
-
-<SettingsPanel id="credits">
-	<SettingsSectionHeader
-		icon={CurrencyCircleDollar}
-		title="Credits"
-		description="Dein Guthaben für Mana Apps"
-		tone="yellow"
-	>
-		{#snippet action()}
-			<a href="/?app=credits" class="text-sm text-primary hover:underline">Alle Details</a>
-		{/snippet}
-	</SettingsSectionHeader>
-
-	<div class="grid gap-4 sm:grid-cols-3">
-		<div class="rounded-lg bg-surface-hover p-4 text-center">
-			<p class="text-sm text-muted-foreground">Verfügbar</p>
-			<p class="text-2xl font-bold text-primary">
-				{creditBalance ? formatCredits(creditBalance.balance) : '...'}
-			</p>
-		</div>
-		<div class="rounded-lg bg-surface-hover p-4 text-center">
-			<p class="text-sm text-muted-foreground">Gratis heute</p>
-			<p class="text-2xl font-bold text-green-600 dark:text-green-400">
-				{creditBalance
-					? `${creditBalance.freeCreditsRemaining}/${creditBalance.dailyFreeCredits}`
-					: '...'}
-			</p>
-		</div>
-		<div class="rounded-lg bg-surface-hover p-4 text-center">
-			<p class="text-sm text-muted-foreground">Gesamt verbraucht</p>
-			<p class="text-2xl font-bold">
-				{creditBalance ? formatCredits(creditBalance.totalSpent) : '...'}
-			</p>
-		</div>
-	</div>
-
-	<div class="mt-4 flex gap-2">
-		<a
-			href="/?app=credits&tab=packages"
-			class="inline-flex items-center gap-2 rounded-lg bg-primary px-4 py-2 text-sm font-medium text-primary-foreground transition-colors hover:bg-primary/90"
-		>
-			Credits kaufen
-		</a>
-		<a
-			href="/?app=credits&tab=transactions"
-			class="inline-flex items-center gap-2 rounded-lg border border-border px-4 py-2 text-sm font-medium transition-colors hover:bg-surface-hover"
-		>
-			Transaktionen
-		</a>
-	</div>
-</SettingsPanel>
diff --git a/apps/mana/apps/web/src/lib/components/settings/sections/VaultSection.svelte b/apps/mana/apps/web/src/lib/components/settings/sections/VaultSection.svelte
index 683793623..75b3a1324 100644
--- a/apps/mana/apps/web/src/lib/components/settings/sections/VaultSection.svelte
+++ b/apps/mana/apps/web/src/lib/components/settings/sections/VaultSection.svelte
@@ -1,32 +1,28 @@
 <!--
-	Settings → Security
-	===================
+	Settings → Security → Verschlüsselung
 
-	Surface for the encryption vault vaultState. Three jobs:
-
-	  1. Show the user that their data IS encrypted (and which fields)
-	     so the privacy promise is concrete and verifiable.
-	  2. Provide a manual rotate button for the "I think my device was
-	     compromised" recovery path. Rotating mints a fresh master key,
-	     which makes every existing encrypted blob unreadable — caller
-	     accepts that risk via a confirm modal.
-	  3. Document what is NOT encrypted (structural metadata, indexed
-	     fields) so the threat model is honest.
-
-	The page reads from the lazy-singleton vault client and the static
-	registry. It does NOT have any side effects of its own — every
-	mutation goes through vaultClient.rotate() which the rest of the
-	app already trusts.
+	Surface for the encryption vault. Three jobs:
+	  1. Show the user that their data IS encrypted (and which fields).
+	  2. Provide a manual rotate button for the "device compromised"
+	     recovery path.
+	  3. Offer Zero-Knowledge opt-in with a recovery-code wizard.
 -->
 <script lang="ts">
 	import { onMount, onDestroy } from 'svelte';
 	import {
-		getVaultClient,
-		ENCRYPTION_REGISTRY,
-		isVaultUnlocked,
-		type VaultUnlockState,
-	} from '$lib/data/crypto';
+		Lock,
+		LockOpen,
+		Key,
+		WarningCircle,
+		CheckCircle,
+		ArrowsClockwise,
+		Copy,
+		WifiSlash,
+	} from '@mana/shared-icons';
+	import type { Component } from 'svelte';
+	import { getVaultClient, ENCRYPTION_REGISTRY, type VaultUnlockState } from '$lib/data/crypto';
 	import { toast } from '$lib/stores/toast.svelte';
+	import SettingsSectionHeader from '../SettingsSectionHeader.svelte';
 
 	const vaultClient = getVaultClient();
 
@@ -34,22 +30,6 @@
 	let rotating = $state(false);
 	let confirmRotate = $state(false);
 
-	// ─── Phase 9: Recovery code + Zero-knowledge ─────────────
-	//
-	// The setup flow has three steps:
-	//   1. Generate: client mints a fresh recovery secret + posts the
-	//      sealed wrap to /recovery-wrap → returns the formatted code
-	//   2. Confirm: user has to type the code back in to prove they
-	//      backed it up. We don't move to step 3 until this matches.
-	//   3. Enable: client posts /zero-knowledge { enable: true } and
-	//      the server NULLs out the KEK wrap. Irreversible without the
-	//      recovery code.
-	//
-	// The disable flow needs an unlocked vault that came in via the
-	// recovery code path (so the cached MK bytes are populated). We
-	// don't expose disable from the lock screen — only from this page
-	// while already unlocked.
-
 	let zkSetupStep = $state<'idle' | 'generated' | 'confirming' | 'enabling' | 'enabled'>('idle');
 	let generatedCode = $state<string | null>(null);
 	let confirmCodeInput = $state('');
@@ -57,16 +37,7 @@
 	let zkBusy = $state(false);
 	let confirmDisableZk = $state(false);
 	let confirmClearRecovery = $state(false);
-	/** True iff a recovery wrap is stored on the server, regardless of
-	 *  whether ZK is currently active. Hydrated from getStatus() on
-	 *  mount so the UI can show "Recovery-Code entfernen" without
-	 *  walking through the setup flow again. */
 	let hasRecoveryWrap = $state(false);
-	/** Side flow for rotating the recovery code from the active state.
-	 *  'idle'    — show "Code rotieren" button
-	 *  'rotated' — show the new code + Copy + Done button
-	 *  Independent of zkSetupStep so the user can rotate without
-	 *  leaving the active-mode UI. */
 	let rotateStep = $state<'idle' | 'rotated'>('idle');
 	let rotatedCode = $state<string | null>(null);
 
@@ -93,8 +64,6 @@
 
 	function handleConfirmCode() {
 		zkError = null;
-		// Strip whitespace + dashes from both sides for the comparison so
-		// the user doesn't get punished for inconsistent dash placement.
 		const expected = (generatedCode ?? '').replace(/[\s-]/g, '').toUpperCase();
 		const actual = confirmCodeInput.replace(/[\s-]/g, '').toUpperCase();
 		if (actual !== expected) {
@@ -110,9 +79,6 @@
 		try {
 			await vaultClient.enableZeroKnowledge();
 			zkSetupStep = 'enabled';
-			// Wipe the displayed code from memory now that the user has
-			// confirmed they backed it up. The DOM still has it until the
-			// next render cycle, but our reference goes away.
 			generatedCode = null;
 			confirmCodeInput = '';
 			toast.success('Zero-Knowledge-Modus aktiviert');
@@ -185,9 +151,6 @@
 	}
 
 	function handleFinishRotation() {
-		// User has acknowledged they backed up the new code. Wipe the
-		// reference (the DOM still shows it until the next render
-		// cycle, but our state goes away).
 		rotatedCode = null;
 		rotateStep = 'idle';
 	}
@@ -199,10 +162,6 @@
 		zkError = null;
 	}
 
-	// Poll the vault vaultState every second so the badge reflects external
-	// lock/unlock events (logout, manual lock from another tab) without
-	// the user having to refresh the page. 1s is fine for a settings
-	// surface — it's not a hot path.
 	let pollTimer: ReturnType<typeof setInterval> | null = null;
 
 	onMount(() => {
@@ -212,10 +171,6 @@
 			if (next.status !== vaultState.status) vaultState = next;
 		}, 1000);
 
-		// Hydrate the ZK section from the server's actual vault state
-		// so a reload after enabling zero-knowledge doesn't drop the
-		// user back into the setup flow. Best-effort: failures leave
-		// zkSetupStep at 'idle' which is the safe default.
 		void vaultClient
 			.getStatus()
 			.then((status) => {
@@ -224,22 +179,13 @@
 					zkSetupStep = 'enabled';
 				}
 			})
-			.catch(() => {
-				// Status fetch failed (network, auth, server). Stay on the
-				// idle default — the user can still run the setup flow,
-				// and the server-side error handling will catch any
-				// inconsistencies.
-			});
+			.catch(() => {});
 	});
 
 	onDestroy(() => {
 		if (pollTimer) clearInterval(pollTimer);
 	});
 
-	// Compute the table → field listing from the registry. Filter on
-	// enabled:true so the page only shows what's actually being
-	// encrypted right now (registry entries with enabled:false are
-	// future/skipped tables and would mislead the user).
 	const encryptedTables = $derived(
 		Object.entries(ENCRYPTION_REGISTRY)
 			.filter(([, config]) => config.enabled)
@@ -277,43 +223,60 @@
 		}
 	}
 
-	function statusBadge(s: VaultUnlockState) {
-		if (s.status === 'unlocked') return { label: '🔒 Verschlüsselt', color: 'green' };
-		if (s.status === 'locked') return { label: '🔓 Gesperrt', color: 'amber' };
+	type BadgeTone = 'green' | 'amber' | 'red';
+	function statusBadge(s: VaultUnlockState): {
+		label: string;
+		tone: BadgeTone;
+		icon: Component;
+	} {
+		if (s.status === 'unlocked') return { label: 'Verschlüsselt', tone: 'green', icon: Lock };
+		if (s.status === 'locked') return { label: 'Gesperrt', tone: 'amber', icon: LockOpen };
 		if (s.status === 'awaiting-recovery-code')
-			return { label: '🔑 Recovery-Code erforderlich', color: 'amber' };
-		if (s.reason === 'auth') return { label: '🔑 Anmeldung erforderlich', color: 'red' };
-		if (s.reason === 'network') return { label: '📡 Netzwerkfehler', color: 'red' };
-		if (s.reason === 'server') return { label: '⚠️ Server-Fehler', color: 'red' };
-		return { label: '❓ Unbekannter Fehler', color: 'red' };
+			return { label: 'Recovery-Code erforderlich', tone: 'amber', icon: Key };
+		if (s.reason === 'auth')
+			return { label: 'Anmeldung erforderlich', tone: 'red', icon: WarningCircle };
+		if (s.reason === 'network') return { label: 'Netzwerkfehler', tone: 'red', icon: WifiSlash };
+		if (s.reason === 'server') return { label: 'Server-Fehler', tone: 'red', icon: WarningCircle };
+		return { label: 'Unbekannter Fehler', tone: 'red', icon: WarningCircle };
 	}
 
 	const badge = $derived(statusBadge(vaultState));
+	const zkActive = $derived(zkSetupStep === 'enabled');
+
+	let fieldsExpanded = $state(false);
+	const FIELDS_COLLAPSED_COUNT = 5;
+	const visibleTables = $derived(
+		fieldsExpanded ? encryptedTables : encryptedTables.slice(0, FIELDS_COLLAPSED_COUNT)
+	);
+	const hiddenTableCount = $derived(Math.max(0, encryptedTables.length - FIELDS_COLLAPSED_COUNT));
 </script>
 
-<div class="security-page">
-	<header>
-		<h2>Verschlüsselung</h2>
-		<p class="subtitle">
-			Verschlüsselung deiner Inhalte auf diesem Gerät. Sensitive Felder werden mit AES-GCM-256
-			verschlüsselt, bevor sie in die lokale Datenbank geschrieben werden.
-		</p>
-	</header>
+{#snippet statusBadgeSnippet()}
+	<span class="status-badge tone-{badge.tone}">
+		<badge.icon size={14} weight="fill" />
+		<span>{badge.label}</span>
+	</span>
+{/snippet}
 
-	<!-- Vault status card -->
-	<section class="card">
-		<div class="card-head">
-			<h2>Status</h2>
-			<span class="badge badge-{badge.color}">{badge.label}</span>
-		</div>
+<SettingsSectionHeader
+	icon={Lock}
+	title="Verschlüsselung"
+	description="Sensitive Felder werden mit AES-GCM-256 verschlüsselt, bevor sie in die lokale Datenbank geschrieben werden."
+	tone="blue"
+	action={statusBadgeSnippet}
+/>
 
+<div class="vault">
+	<!-- Status body (below header) -->
+	<div class="status-body">
 		{#if vaultState.status === 'unlocked'}
-			<p>
-				Dein persönlicher Schlüssel ist auf diesem Gerät geladen. {totalEncryptedFields}
-				Felder über {encryptedTables.length} Tabellen werden verschlüsselt gespeichert.
+			<p class="status-text">
+				Dein persönlicher Schlüssel ist auf diesem Gerät geladen.
+				<strong>{totalEncryptedFields} Felder</strong>
+				über <strong>{encryptedTables.length} Tabellen</strong> werden verschlüsselt gespeichert.
 			</p>
 		{:else if vaultState.status === 'locked'}
-			<p>
+			<p class="status-text">
 				Dein Schlüssel ist nicht geladen. Verschlüsselte Inhalte können nicht gelesen werden, bis du
 				dich erneut anmeldest oder den Schlüssel manuell lädst.
 			</p>
@@ -321,106 +284,103 @@
 				Schlüssel jetzt laden
 			</button>
 		{:else}
-			<p>
+			<p class="status-text">
 				Es gab ein Problem beim Laden deines Verschlüsselungsschlüssels. Bitte melde dich neu an
 				oder prüfe deine Internetverbindung.
 			</p>
 			<button class="btn" type="button" onclick={handleUnlock}>Erneut versuchen</button>
 		{/if}
-	</section>
+	</div>
 
-	<!-- Encrypted-tables list -->
-	<section class="card">
-		<div class="card-head">
-			<h2>Verschlüsselte Felder</h2>
-			<span class="muted">{totalEncryptedFields} Felder, {encryptedTables.length} Tabellen</span>
+	<!-- What Mana can see (threat-model disclosure, moved near top) -->
+	<div class="subsection">
+		<h3 class="subsection-title">Was Mana sehen kann</h3>
+		<ul class="disclosure-list">
+			<li>
+				<strong>Was Mana nie sieht:</strong> deine verschlüsselten Inhalte (Chat, Notizen, Träume, Memos,
+				Kontaktdetails, Zyklus-Notizen, Transaktionsbeschreibungen, …). Sie verlassen dein Gerät nur als
+				unleserlicher Blob.
+			</li>
+			<li>
+				<strong>Was Mana technisch entschlüsseln könnte:</strong> deinen Master-Key, falls ein Mitarbeiter
+				mit Zugriff auf den Schlüsselverschlüsselungsschlüssel aktiv darauf zugreift. In der Praxis ist
+				das gegen alle realistischen Bedrohungen außer einer gerichtlich erzwungenen Offenlegung gegen
+				Mana selbst geschützt.
+			</li>
+			<li>
+				<strong>Was strukturell sichtbar bleibt:</strong> Anzahl deiner Notizen / Chats / Kontakte, Zeitstempel,
+				Verbindungen zwischen Records. Die Inhalte selbst nicht.
+			</li>
+		</ul>
+	</div>
+
+	<!-- Encrypted fields list -->
+	<div class="subsection">
+		<div class="subsection-head">
+			<h3 class="subsection-title">Verschlüsselte Felder</h3>
+			<span class="subsection-meta">
+				{totalEncryptedFields} Felder · {encryptedTables.length} Tabellen
+			</span>
 		</div>
-		<p class="muted">
+		<p class="subsection-desc">
 			Welche Spalten in welchen Tabellen verschlüsselt am Gerät liegen. Strukturelle Metadaten (IDs,
 			Zeitstempel, Status-Flags) bleiben absichtlich im Klartext, damit Indizes, Sortierungen und
 			Sync weiter funktionieren.
 		</p>
 		<ul class="table-list">
-			{#each encryptedTables as { table, fields } (table)}
+			{#each visibleTables as { table, fields } (table)}
 				<li>
-					<strong>{table}</strong>
-					<span class="fields">{fields.join(', ')}</span>
+					<span class="table-name">{table}</span>
+					<span class="table-fields">{fields.join(', ')}</span>
 				</li>
 			{/each}
 		</ul>
-	</section>
-
-	<!-- Rotate -->
-	<section class="card danger">
-		<div class="card-head">
-			<h2>Schlüssel rotieren</h2>
-		</div>
-		<p>
-			<strong>Vorsicht:</strong> Beim Rotieren wird ein neuer Schlüssel generiert. Daten, die mit
-			dem alten Schlüssel verschlüsselt wurden, sind danach nicht mehr lesbar — es sei denn, sie
-			wurden vorher entschlüsselt und mit dem neuen Schlüssel neu geschrieben. Mana führt diesen
-			Re-Encrypt-Schritt aktuell <em>nicht automatisch</em> durch.
-		</p>
-		<p>
-			Wann verwenden? Wenn du den Verdacht hast, dass dein Gerät kompromittiert wurde, oder als
-			regelmäßige Sicherheitspraxis nach einem Login von einem unbekannten Ort.
-		</p>
-		{#if !confirmRotate}
-			<button
-				class="btn btn-danger"
-				type="button"
-				disabled={vaultState.status !== 'unlocked'}
-				onclick={() => (confirmRotate = true)}
-			>
-				Schlüssel rotieren …
+		{#if hiddenTableCount > 0}
+			<button type="button" class="expand-btn" onclick={() => (fieldsExpanded = !fieldsExpanded)}>
+				{fieldsExpanded ? 'Weniger anzeigen' : `${hiddenTableCount} weitere anzeigen`}
 			</button>
-		{:else}
-			<div class="confirm-row">
-				<button class="btn btn-danger" type="button" disabled={rotating} onclick={handleRotate}>
-					{rotating ? 'Rotiere …' : 'Ja, jetzt rotieren'}
-				</button>
-				<button
-					class="btn"
-					type="button"
-					disabled={rotating}
-					onclick={() => (confirmRotate = false)}
-				>
-					Abbrechen
-				</button>
-			</div>
 		{/if}
-	</section>
+	</div>
 
-	<!-- Phase 9: Recovery code + Zero-knowledge mode -->
-	<section class="card">
-		<div class="card-head">
-			<h2>Zero-Knowledge-Modus</h2>
+	<!-- Zero-knowledge mode -->
+	<div class="subsection">
+		<div class="subsection-head">
+			<h3 class="subsection-title">Zero-Knowledge-Modus</h3>
+			<span class="zk-state-pill" class:on={zkActive}>
+				{zkActive ? 'Aktiv' : 'Nicht aktiv'}
+			</span>
 		</div>
-		<p>
+		<p class="subsection-desc">
 			<strong>Optional, fortgeschritten.</strong> Im Zero-Knowledge-Modus speichert Mana deinen
 			Schlüssel <em>nur noch in einer Form, die wir selbst nicht entschlüsseln können</em>. Du
 			brauchst dann beim Login von einem neuen Gerät deinen Recovery-Code, um deine Daten
 			freizuschalten.
 		</p>
-		<p class="muted">
+		<p class="subsection-desc">
 			<strong>Vorteil:</strong> selbst ein Mana-Mitarbeiter mit Vollzugriff auf den Server kann
 			deine Inhalte nicht mehr lesen. <strong>Risiko:</strong> wenn du den Recovery-Code verlierst, sind
 			deine Daten unwiderruflich weg — wir haben dann keinen Backup-Schlüssel mehr.
 		</p>
 
 		{#if zkError}
-			<div class="zk-error">⚠️ {zkError}</div>
+			<div class="inline-alert tone-red">
+				<WarningCircle size={16} weight="fill" />
+				<span>{zkError}</span>
+			</div>
 		{/if}
 
 		{#if zkSetupStep === 'idle'}
 			{#if hasRecoveryWrap}
-				<div class="zk-info">
-					ℹ️ Du hast bereits einen Recovery-Code gespeichert, aber Zero-Knowledge ist noch nicht
-					aktiv. Du kannst direkt aktivieren oder den Code zurücksetzen.
+				<div class="inline-alert tone-amber">
+					<WarningCircle size={16} weight="fill" />
+					<span>
+						Du hast bereits einen Recovery-Code gespeichert, aber Zero-Knowledge ist noch nicht
+						aktiv. Du kannst direkt aktivieren oder den Code zurücksetzen.
+					</span>
 				</div>
-				<div class="zk-actions">
+				<div class="actions">
 					<button
-						class="btn btn-danger"
+						class="btn btn-primary"
 						type="button"
 						disabled={vaultState.status !== 'unlocked' || zkBusy}
 						onclick={handleEnableZeroKnowledge}
@@ -464,7 +424,7 @@
 					{/if}
 				</div>
 			{:else}
-				<div class="zk-actions">
+				<div class="actions">
 					<button
 						class="btn btn-primary"
 						type="button"
@@ -478,15 +438,22 @@
 		{/if}
 
 		{#if zkSetupStep === 'generated' && generatedCode}
-			<div class="zk-step">
-				<h3>Schritt 1 von 3 — Code sicher aufschreiben</h3>
-				<p>
-					Speichere diesen Code an einem sicheren Ort (Passwort-Manager, ausgedruckt im Tresor, …).
-					<strong>Wir zeigen ihn dir nur ein einziges Mal.</strong>
+			<div class="wizard-step">
+				<div class="step-head">
+					<span class="step-num">1</span>
+					<h4 class="step-title">Code sicher aufschreiben</h4>
+				</div>
+				<p class="subsection-desc">
+					Speichere diesen Code an einem sicheren Ort (Passwort-Manager, ausgedruckt im Tresor, …). <strong
+						>Wir zeigen ihn dir nur ein einziges Mal.</strong
+					>
 				</p>
 				<div class="recovery-code">{generatedCode}</div>
-				<div class="zk-actions">
-					<button class="btn" type="button" onclick={handleCopyCode}>📋 Kopieren</button>
+				<div class="actions">
+					<button class="btn" type="button" onclick={handleCopyCode}>
+						<Copy size={14} weight="bold" />
+						Kopieren
+					</button>
 					<button class="btn btn-primary" type="button" onclick={handleStartConfirm}>
 						Ich habe den Code gesichert →
 					</button>
@@ -498,9 +465,12 @@
 		{/if}
 
 		{#if zkSetupStep === 'confirming'}
-			<div class="zk-step">
-				<h3>Schritt 2 von 3 — Code zurück eintippen</h3>
-				<p>
+			<div class="wizard-step">
+				<div class="step-head">
+					<span class="step-num">2</span>
+					<h4 class="step-title">Code zurück eintippen</h4>
+				</div>
+				<p class="subsection-desc">
 					Tippe (oder paste) den Code, den du gerade gespeichert hast. So stellen wir sicher, dass
 					der Backup wirklich vollständig ist.
 				</p>
@@ -512,7 +482,7 @@
 					autocomplete="off"
 					spellcheck="false"
 				/>
-				<div class="zk-actions">
+				<div class="actions">
 					<button
 						class="btn btn-primary"
 						type="button"
@@ -529,17 +499,23 @@
 		{/if}
 
 		{#if zkSetupStep === 'enabling'}
-			<div class="zk-step">
-				<h3>Schritt 3 von 3 — Zero-Knowledge-Modus aktivieren</h3>
-				<p>
+			<div class="wizard-step">
+				<div class="step-head">
+					<span class="step-num">3</span>
+					<h4 class="step-title">Zero-Knowledge-Modus aktivieren</h4>
+				</div>
+				<p class="subsection-desc">
 					Wenn du jetzt aktivierst, löscht der Server seine Kopie deines Schlüssels. Ab sofort
 					kannst du <strong>nur noch mit dem Recovery-Code</strong> auf deine verschlüsselten Daten zugreifen.
 				</p>
-				<p class="warn">
-					⚠️ Diese Aktion ist nicht rückgängig zu machen ohne den Recovery-Code. Wenn du deinen Code
-					verlegst, sind deine Inhalte verloren.
-				</p>
-				<div class="zk-actions">
+				<div class="inline-alert tone-red">
+					<WarningCircle size={16} weight="fill" />
+					<span>
+						Diese Aktion ist nicht rückgängig zu machen ohne den Recovery-Code. Wenn du deinen Code
+						verlegst, sind deine Inhalte verloren.
+					</span>
+				</div>
+				<div class="actions">
 					<button
 						class="btn btn-danger"
 						type="button"
@@ -556,218 +532,436 @@
 		{/if}
 
 		{#if zkSetupStep === 'enabled'}
-			<div class="zk-step">
-				<h3>✅ Zero-Knowledge-Modus aktiv</h3>
-				<p>
+			<div class="zk-active-note">
+				<CheckCircle size={16} weight="fill" />
+				<span>
 					Der Server kann deine Daten ab sofort nicht mehr entschlüsseln. Beim nächsten Login auf
 					einem neuen Gerät wirst du nach deinem Recovery-Code gefragt.
-				</p>
+				</span>
+			</div>
 
-				{#if rotateStep === 'rotated' && rotatedCode}
-					<div class="zk-step">
-						<h3>🔁 Neuer Recovery-Code</h3>
-						<p>
-							<strong>Dein alter Code ist ab sofort ungültig.</strong> Speichere den neuen Code an einem
-							sicheren Ort, bevor du diese Seite verlässt — wir zeigen ihn dir nur ein einziges Mal.
-						</p>
-						<div class="recovery-code">{rotatedCode}</div>
-						<div class="zk-actions">
-							<button class="btn" type="button" onclick={handleCopyRotatedCode}>
-								📋 Kopieren
-							</button>
-							<button class="btn btn-primary" type="button" onclick={handleFinishRotation}>
-								Ich habe den neuen Code gesichert
-							</button>
-						</div>
+			{#if rotateStep === 'rotated' && rotatedCode}
+				<div class="wizard-step">
+					<div class="step-head">
+						<ArrowsClockwise size={16} weight="bold" />
+						<h4 class="step-title">Neuer Recovery-Code</h4>
 					</div>
-				{:else if !confirmDisableZk}
-					<div class="zk-actions">
-						<button
-							class="btn"
-							type="button"
-							disabled={vaultState.status !== 'unlocked' || zkBusy}
-							onclick={handleRotateRecoveryCode}
-						>
-							{zkBusy ? 'Rotiere …' : '🔁 Recovery-Code rotieren'}
-						</button>
-						<button
-							class="btn"
-							type="button"
-							disabled={vaultState.status !== 'unlocked' || zkBusy}
-							onclick={() => (confirmDisableZk = true)}
-						>
-							Zero-Knowledge-Modus wieder deaktivieren …
-						</button>
-					</div>
-				{:else}
-					<p class="muted">
-						Damit wir den Server-Schlüssel wiederherstellen können, brauchen wir deinen aktuell
-						geladenen Master-Key. Der ist gerade in deinem Browser — wir senden ihn einmal an den
-						Server, der ihn dann mit dem KEK neu wrappt.
+					<p class="subsection-desc">
+						<strong>Dein alter Code ist ab sofort ungültig.</strong> Speichere den neuen Code an einem
+						sicheren Ort, bevor du diese Seite verlässt — wir zeigen ihn dir nur ein einziges Mal.
 					</p>
-					<div class="zk-actions">
-						<button
-							class="btn btn-danger"
-							type="button"
-							disabled={zkBusy}
-							onclick={handleDisableZeroKnowledge}
-						>
-							{zkBusy ? 'Deaktiviere …' : 'Ja, deaktivieren'}
+					<div class="recovery-code">{rotatedCode}</div>
+					<div class="actions">
+						<button class="btn" type="button" onclick={handleCopyRotatedCode}>
+							<Copy size={14} weight="bold" />
+							Kopieren
 						</button>
-						<button
-							class="btn btn-ghost"
-							type="button"
-							disabled={zkBusy}
-							onclick={() => (confirmDisableZk = false)}
-						>
-							Abbrechen
+						<button class="btn btn-primary" type="button" onclick={handleFinishRotation}>
+							Ich habe den neuen Code gesichert
 						</button>
 					</div>
-				{/if}
+				</div>
+			{:else if !confirmDisableZk}
+				<div class="actions">
+					<button
+						class="btn"
+						type="button"
+						disabled={vaultState.status !== 'unlocked' || zkBusy}
+						onclick={handleRotateRecoveryCode}
+					>
+						<ArrowsClockwise size={14} weight="bold" />
+						{zkBusy ? 'Rotiere …' : 'Recovery-Code rotieren'}
+					</button>
+					<button
+						class="btn btn-ghost"
+						type="button"
+						disabled={vaultState.status !== 'unlocked' || zkBusy}
+						onclick={() => (confirmDisableZk = true)}
+					>
+						Zero-Knowledge-Modus deaktivieren …
+					</button>
+				</div>
+			{:else}
+				<p class="subsection-desc">
+					Damit wir den Server-Schlüssel wiederherstellen können, brauchen wir deinen aktuell
+					geladenen Master-Key. Der ist gerade in deinem Browser — wir senden ihn einmal an den
+					Server, der ihn dann mit dem KEK neu wrappt.
+				</p>
+				<div class="actions">
+					<button
+						class="btn btn-danger"
+						type="button"
+						disabled={zkBusy}
+						onclick={handleDisableZeroKnowledge}
+					>
+						{zkBusy ? 'Deaktiviere …' : 'Ja, deaktivieren'}
+					</button>
+					<button
+						class="btn btn-ghost"
+						type="button"
+						disabled={zkBusy}
+						onclick={() => (confirmDisableZk = false)}
+					>
+						Abbrechen
+					</button>
+				</div>
+			{/if}
+		{/if}
+	</div>
+
+	<!-- Key rotation (danger zone) -->
+	<div class="subsection danger">
+		<h3 class="subsection-title">Schlüssel rotieren</h3>
+		<p class="subsection-desc">
+			<strong>Vorsicht:</strong> Beim Rotieren wird ein neuer Schlüssel generiert. Daten, die mit
+			dem alten Schlüssel verschlüsselt wurden, sind danach nicht mehr lesbar — es sei denn, sie
+			wurden vorher entschlüsselt und mit dem neuen Schlüssel neu geschrieben. Mana führt diesen
+			Re-Encrypt-Schritt aktuell <em>nicht automatisch</em> durch.
+		</p>
+		<p class="subsection-desc">
+			Wann verwenden? Wenn du den Verdacht hast, dass dein Gerät kompromittiert wurde, oder als
+			regelmäßige Sicherheitspraxis nach einem Login von einem unbekannten Ort.
+		</p>
+		{#if !confirmRotate}
+			<div class="actions">
+				<button
+					class="btn btn-danger"
+					type="button"
+					disabled={vaultState.status !== 'unlocked'}
+					onclick={() => (confirmRotate = true)}
+				>
+					Schlüssel rotieren …
+				</button>
+			</div>
+		{:else}
+			<div class="actions">
+				<button class="btn btn-danger" type="button" disabled={rotating} onclick={handleRotate}>
+					{rotating ? 'Rotiere …' : 'Ja, jetzt rotieren'}
+				</button>
+				<button
+					class="btn btn-ghost"
+					type="button"
+					disabled={rotating}
+					onclick={() => (confirmRotate = false)}
+				>
+					Abbrechen
+				</button>
 			</div>
 		{/if}
-	</section>
-
-	<!-- Honest disclosure -->
-	<section class="card">
-		<div class="card-head">
-			<h2>Was Mana sehen kann</h2>
-		</div>
-		<p>
-			Mana speichert deinen Schlüssel verschlüsselt auf dem Server (mit einer separaten
-			Schlüssel-Verschlüsselungs-Schlüssel-Strategie), damit du dich von neuen Geräten anmelden
-			kannst. Das bedeutet:
-		</p>
-		<ul>
-			<li>
-				<strong>Was Mana nie sieht:</strong> deine verschlüsselten Inhalte (Chat, Notizen, Träume, Memos,
-				Kontaktdetails, Zyklus-Notizen, Transaktionsbeschreibungen, …). Sie verlassen dein Gerät nur als
-				unleserlicher Blob.
-			</li>
-			<li>
-				<strong>Was Mana technisch entschlüsseln könnte:</strong> deinen Master-Key, falls ein Mitarbeiter
-				mit Zugriff auf den Schlüsselverschlüsselungsschlüssel aktiv darauf zugreift. In der Praxis ist
-				das gegen alle realistischen Bedrohungen außer einer gerichtlich erzwungenen Offenlegung gegen
-				Mana selbst geschützt.
-			</li>
-			<li>
-				<strong>Was strukturell sichtbar bleibt:</strong> Anzahl deiner Notizen / Chats / Kontakte, Zeitstempel,
-				Verbindungen zwischen Records. Die Inhalte selbst nicht.
-			</li>
-		</ul>
-	</section>
+	</div>
 </div>
 
 <style>
-	.security-page {
-		max-width: 56rem;
-		margin: 0 auto;
-		padding: 2rem 1rem;
+	.vault {
 		display: flex;
 		flex-direction: column;
-		gap: 1.5rem;
 	}
 
-	header h1 {
-		font-size: 2rem;
-		font-weight: 700;
-		margin: 0 0 0.25rem 0;
+	/* ── Status badge in header action slot ─────────────────────────── */
+	.status-badge {
+		display: inline-flex;
+		align-items: center;
+		gap: 0.375rem;
+		padding: 0.25rem 0.625rem;
+		border-radius: 9999px;
+		font-size: 0.75rem;
+		font-weight: 500;
+	}
+	.status-badge.tone-green {
+		background: hsl(142 71% 45% / 0.12);
+		color: hsl(142 71% 35%);
+	}
+	.status-badge.tone-amber {
+		background: hsl(35 90% 50% / 0.12);
+		color: hsl(35 90% 40%);
+	}
+	.status-badge.tone-red {
+		background: hsl(0 72% 51% / 0.12);
+		color: hsl(0 72% 45%);
 	}
 
-	.subtitle {
-		color: var(--text-secondary, #6b7280);
-		font-size: 0.95rem;
-		max-width: 48rem;
+	/* ── Status body ────────────────────────────────────────────────── */
+	.status-body {
+		display: flex;
+		flex-direction: column;
+		gap: 0.75rem;
+		padding-bottom: 1rem;
+	}
+	.status-text {
+		margin: 0;
+		font-size: 0.875rem;
+		line-height: 1.6;
+		color: hsl(var(--color-foreground));
 	}
 
-	.card {
-		border: 1px solid hsl(var(--color-border));
-		border-radius: 0.75rem;
-		padding: 1.25rem 1.5rem;
-		background: hsl(var(--color-surface));
-	}
-	.card.danger {
-		border-color: rgba(220, 38, 38, 0.25);
+	/* ── Subsection blocks ──────────────────────────────────────────── */
+	.subsection {
+		padding: 1.25rem 0;
+		border-top: 1px solid hsl(var(--color-border));
+		display: flex;
+		flex-direction: column;
+		gap: 0.625rem;
 	}
 
-	.card-head {
+	.subsection-head {
 		display: flex;
 		align-items: center;
 		justify-content: space-between;
-		margin-bottom: 0.75rem;
+		gap: 0.75rem;
 	}
 
-	h2 {
-		font-size: 1.1rem;
-		font-weight: 600;
+	.subsection-title {
 		margin: 0;
+		font-size: 0.9375rem;
+		font-weight: 600;
+		color: hsl(var(--color-foreground));
 	}
 
-	.badge {
-		display: inline-flex;
-		align-items: center;
-		font-size: 0.85rem;
-		padding: 0.25rem 0.65rem;
-		border-radius: 999px;
-		font-weight: 500;
-	}
-	.badge-green {
-		background: rgba(34, 197, 94, 0.12);
-		color: rgb(21, 128, 65);
-	}
-	.badge-amber {
-		background: rgba(245, 158, 11, 0.12);
-		color: rgb(180, 83, 9);
-	}
-	.badge-red {
-		background: rgba(239, 68, 68, 0.12);
-		color: rgb(185, 28, 28);
+	.subsection-meta {
+		font-size: 0.75rem;
+		color: hsl(var(--color-muted-foreground));
 	}
 
-	.muted {
-		color: var(--text-secondary, #6b7280);
-		font-size: 0.9rem;
+	.subsection-desc {
+		margin: 0;
+		font-size: 0.8125rem;
+		line-height: 1.6;
+		color: hsl(var(--color-muted-foreground));
 	}
 
-	.table-list {
-		list-style: none;
+	.subsection-desc strong {
+		color: hsl(var(--color-foreground));
+	}
+
+	.subsection.danger .subsection-title {
+		color: hsl(0 72% 51%);
+	}
+
+	/* ── Threat-model disclosure list ───────────────────────────────── */
+	.disclosure-list {
+		margin: 0;
 		padding: 0;
-		margin: 0.75rem 0 0 0;
-		display: grid;
+		list-style: none;
+		display: flex;
+		flex-direction: column;
 		gap: 0.5rem;
 	}
+	.disclosure-list li {
+		position: relative;
+		padding-left: 0.875rem;
+		font-size: 0.8125rem;
+		line-height: 1.6;
+		color: hsl(var(--color-muted-foreground));
+	}
+	.disclosure-list li::before {
+		content: '•';
+		position: absolute;
+		left: 0;
+		color: hsl(var(--color-primary));
+	}
+	.disclosure-list strong {
+		color: hsl(var(--color-foreground));
+	}
+
+	/* ── Encrypted-fields list ──────────────────────────────────────── */
+	.table-list {
+		margin: 0.25rem 0 0;
+		padding: 0;
+		list-style: none;
+		display: grid;
+		gap: 0.375rem;
+	}
 	.table-list li {
-		display: flex;
+		display: grid;
+		grid-template-columns: minmax(9rem, 14rem) 1fr;
 		gap: 0.75rem;
 		padding: 0.5rem 0.75rem;
-		background: var(--surface-muted, #f9fafb);
+		background: hsl(var(--color-muted) / 0.5);
 		border-radius: 0.5rem;
 		font-family: ui-monospace, SFMono-Regular, monospace;
-		font-size: 0.85rem;
+		font-size: 0.75rem;
 	}
-	.table-list strong {
-		min-width: 9rem;
-		color: var(--text-primary, #111);
+	.table-name {
+		color: hsl(var(--color-foreground));
+		font-weight: 500;
 	}
-	.table-list .fields {
-		color: var(--text-secondary, #6b7280);
+	.table-fields {
+		color: hsl(var(--color-muted-foreground));
 		word-break: break-word;
 	}
+	@media (max-width: 640px) {
+		.table-list li {
+			grid-template-columns: 1fr;
+			gap: 0.25rem;
+		}
+	}
+
+	.expand-btn {
+		align-self: flex-start;
+		margin-top: 0.375rem;
+		padding: 0.25rem 0;
+		background: none;
+		border: none;
+		font-size: 0.75rem;
+		font-weight: 500;
+		color: hsl(var(--color-primary));
+		cursor: pointer;
+	}
+	.expand-btn:hover {
+		color: hsl(var(--color-primary) / 0.8);
+		text-decoration: underline;
+	}
+
+	/* ── ZK state pill ──────────────────────────────────────────────── */
+	.zk-state-pill {
+		padding: 0.1875rem 0.5625rem;
+		border-radius: 9999px;
+		font-size: 0.6875rem;
+		font-weight: 500;
+		background: hsl(var(--color-muted));
+		color: hsl(var(--color-muted-foreground));
+	}
+	.zk-state-pill.on {
+		background: hsl(var(--color-primary));
+		color: hsl(var(--color-primary-foreground));
+	}
+
+	/* ── Inline alerts ──────────────────────────────────────────────── */
+	.inline-alert {
+		display: flex;
+		align-items: flex-start;
+		gap: 0.5rem;
+		padding: 0.625rem 0.75rem;
+		border-radius: 0.5rem;
+		font-size: 0.8125rem;
+		line-height: 1.5;
+	}
+	.inline-alert.tone-amber {
+		background: hsl(35 90% 50% / 0.08);
+		color: hsl(35 90% 35%);
+	}
+	.inline-alert.tone-red {
+		background: hsl(0 72% 51% / 0.08);
+		color: hsl(0 72% 40%);
+	}
+	.inline-alert :global(svg) {
+		flex-shrink: 0;
+		margin-top: 0.0625rem;
+	}
+
+	/* ── Wizard step ────────────────────────────────────────────────── */
+	.wizard-step {
+		margin-top: 0.25rem;
+		padding: 0.875rem 1rem;
+		background: hsl(var(--color-muted) / 0.3);
+		border: 1px solid hsl(var(--color-border));
+		border-radius: 0.625rem;
+		display: flex;
+		flex-direction: column;
+		gap: 0.625rem;
+	}
+
+	.step-head {
+		display: flex;
+		align-items: center;
+		gap: 0.5rem;
+	}
+
+	.step-num {
+		display: inline-flex;
+		align-items: center;
+		justify-content: center;
+		width: 1.375rem;
+		height: 1.375rem;
+		border-radius: 50%;
+		background: hsl(var(--color-primary));
+		color: hsl(var(--color-primary-foreground));
+		font-size: 0.75rem;
+		font-weight: 600;
+	}
+
+	.step-title {
+		margin: 0;
+		font-size: 0.875rem;
+		font-weight: 600;
+		color: hsl(var(--color-foreground));
+	}
+
+	.zk-active-note {
+		display: flex;
+		align-items: flex-start;
+		gap: 0.5rem;
+		padding: 0.625rem 0.75rem;
+		background: hsl(142 71% 45% / 0.08);
+		border-radius: 0.5rem;
+		font-size: 0.8125rem;
+		line-height: 1.5;
+		color: hsl(142 71% 30%);
+	}
+	.zk-active-note :global(svg) {
+		flex-shrink: 0;
+		color: hsl(142 71% 45%);
+		margin-top: 0.0625rem;
+	}
+
+	.recovery-code {
+		padding: 0.875rem 1rem;
+		background: hsl(var(--color-background));
+		border: 1px solid hsl(var(--color-border));
+		border-radius: 0.5rem;
+		font-family: ui-monospace, SFMono-Regular, monospace;
+		font-size: 0.9375rem;
+		font-weight: 500;
+		letter-spacing: 0.05em;
+		text-align: center;
+		word-break: break-all;
+		user-select: all;
+		color: hsl(var(--color-foreground));
+	}
+
+	.recovery-input {
+		display: block;
+		width: 100%;
+		padding: 0.625rem 0.875rem;
+		border: 1px solid hsl(var(--color-border));
+		border-radius: 0.5rem;
+		font-family: ui-monospace, SFMono-Regular, monospace;
+		font-size: 0.875rem;
+		background: hsl(var(--color-background));
+		color: hsl(var(--color-foreground));
+	}
+	.recovery-input:focus {
+		outline: none;
+		border-color: hsl(var(--color-primary) / 0.5);
+		box-shadow: 0 0 0 3px hsl(var(--color-primary) / 0.15);
+	}
+
+	/* ── Buttons ────────────────────────────────────────────────────── */
+	.actions {
+		display: flex;
+		flex-wrap: wrap;
+		gap: 0.5rem;
+	}
 
 	.btn {
 		display: inline-flex;
 		align-items: center;
-		gap: 0.5rem;
-		padding: 0.5rem 1rem;
+		gap: 0.4375rem;
+		padding: 0.4375rem 0.875rem;
+		font-size: 0.8125rem;
+		font-weight: 500;
 		border-radius: 0.5rem;
 		border: 1px solid hsl(var(--color-border));
-		background: hsl(var(--color-surface));
-		font-size: 0.9rem;
+		background: hsl(var(--color-card));
+		color: hsl(var(--color-foreground));
 		cursor: pointer;
-		font-weight: 500;
+		transition:
+			background 0.15s,
+			border-color 0.15s;
 	}
 	.btn:hover:not(:disabled) {
-		background: var(--surface-muted, #f3f4f6);
+		background: hsl(var(--color-surface-hover, var(--color-muted)) / 0.6);
+		border-color: hsl(var(--color-border-strong, var(--color-border)));
 	}
 	.btn:disabled {
 		opacity: 0.5;
@@ -776,134 +970,32 @@
 
 	.btn-primary {
 		background: hsl(var(--color-primary));
-		color: white;
+		color: hsl(var(--color-primary-foreground));
 		border-color: transparent;
 	}
 	.btn-primary:hover:not(:disabled) {
-		background: var(--primary-dark, #4f46e5);
+		background: hsl(var(--color-primary) / 0.9);
+		border-color: transparent;
 	}
 
 	.btn-danger {
-		background: rgb(220, 38, 38);
+		background: hsl(0 72% 51%);
 		color: white;
 		border-color: transparent;
 	}
 	.btn-danger:hover:not(:disabled) {
-		background: rgb(185, 28, 28);
-	}
-
-	.confirm-row {
-		display: flex;
-		gap: 0.5rem;
-	}
-
-	ul {
-		padding-left: 1.25rem;
-		display: flex;
-		flex-direction: column;
-		gap: 0.5rem;
-	}
-
-	/* ─── Phase 9: Zero-knowledge UI ─────────────────────── */
-
-	.zk-error {
-		margin-top: 0.75rem;
-		padding: 0.75rem 1rem;
-		background: rgba(239, 68, 68, 0.08);
-		border: 1px solid rgba(239, 68, 68, 0.3);
-		border-radius: 0.5rem;
-		font-size: 0.875rem;
-		color: rgb(185, 28, 28);
-	}
-
-	.zk-info {
-		margin-top: 0.75rem;
-		padding: 0.75rem 1rem;
-		background: rgba(245, 158, 11, 0.08);
-		border: 1px solid rgba(245, 158, 11, 0.3);
-		border-radius: 0.5rem;
-		font-size: 0.875rem;
-		color: rgb(180, 83, 9);
-	}
-
-	.zk-actions {
-		display: flex;
-		flex-wrap: wrap;
-		gap: 0.5rem;
-		margin-top: 1rem;
-	}
-
-	.zk-step {
-		margin-top: 1rem;
-		padding-top: 1rem;
-		border-top: 1px solid hsl(var(--color-border));
-	}
-
-	.zk-step h3 {
-		font-size: 1rem;
-		font-weight: 600;
-		margin: 0 0 0.5rem 0;
-	}
-
-	.zk-step p {
-		margin: 0.5rem 0;
-		font-size: 0.9rem;
-	}
-
-	.zk-step p.warn {
-		color: rgb(185, 28, 28);
-		font-weight: 500;
-	}
-
-	.recovery-code {
-		margin: 1rem 0;
-		padding: 1rem 1.25rem;
-		background: var(--surface-muted, #f9fafb);
-		border: 1px solid hsl(var(--color-border));
-		border-radius: 0.5rem;
-		font-family: ui-monospace, SFMono-Regular, monospace;
-		font-size: 1rem;
-		font-weight: 500;
-		letter-spacing: 0.05em;
-		text-align: center;
-		word-break: break-all;
-		user-select: all;
-	}
-
-	.recovery-input {
-		display: block;
-		width: 100%;
-		margin: 0.75rem 0;
-		padding: 0.75rem 1rem;
-		border: 1px solid hsl(var(--color-border));
-		border-radius: 0.5rem;
-		font-family: ui-monospace, SFMono-Regular, monospace;
-		font-size: 0.95rem;
-		background: hsl(var(--color-surface));
-	}
-
-	.recovery-input:focus {
-		outline: 2px solid hsl(var(--color-primary));
-		outline-offset: 1px;
+		background: hsl(0 72% 45%);
+		border-color: transparent;
 	}
 
 	.btn-ghost {
 		background: transparent;
 		border-color: transparent;
+		color: hsl(var(--color-muted-foreground));
 	}
-
-	@media (prefers-color-scheme: dark) {
-		.card {
-			background: hsl(var(--color-surface));
-			border-color: hsl(var(--color-border));
-		}
-		.table-list li {
-			background: var(--surface-muted, #111827);
-		}
-		.recovery-code,
-		.recovery-input {
-			background: var(--surface-muted, #111827);
-			border-color: hsl(var(--color-border));
-		}
+	.btn-ghost:hover:not(:disabled) {
+		background: hsl(var(--color-muted) / 0.6);
+		color: hsl(var(--color-foreground));
+		border-color: transparent;
 	}
 </style>
diff --git a/apps/mana/apps/web/src/lib/modules/settings/ListView.svelte b/apps/mana/apps/web/src/lib/modules/settings/ListView.svelte
index 96fec0cba..6dbd9b0e3 100644
--- a/apps/mana/apps/web/src/lib/modules/settings/ListView.svelte
+++ b/apps/mana/apps/web/src/lib/modules/settings/ListView.svelte
@@ -15,7 +15,6 @@
 	import GeneralSection from '$lib/components/settings/sections/GeneralSection.svelte';
 	import AiSection from '$lib/components/settings/sections/AiSection.svelte';
 	import SecuritySection from '$lib/components/settings/sections/SecuritySection.svelte';
-	import CreditsSection from '$lib/components/settings/sections/CreditsSection.svelte';
 	import DataSection from '$lib/components/settings/sections/DataSection.svelte';
 
 	let activeCategory = $state<CategoryId>('general');
@@ -76,8 +75,6 @@
 			<AiSection />
 		{:else if activeCategory === 'security'}
 			<SecuritySection />
-		{:else if activeCategory === 'credits'}
-			<CreditsSection />
 		{:else if activeCategory === 'data'}
 			<DataSection />
 		{/if}