diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8d09aec
--- /dev/null
+++ b/README.md
@@ -0,0 +1,118 @@
+# vibe check
+
+> One snapshot, a swarm of agents, every bug at once.
+
+A vision-driven adversarial QA tool. Point it at a SaaS app, and a swarm of GPT-4o-mini agents drive headless Chromium browsers in parallel — each pursuing a different attack intent (XSS, race conditions, validation bypass, crashes) — and stream their findings into a live tree UI as they fork.
+
+Built in 48 hours for the Vercel × Parallel Agents hackathon.
+
+---
+
+## The idea
+
+QA is sequential: one tester, one path, one bug at a time. Real apps fail in branching ways — the same form crashes on empty input, accepts negative numbers, double-submits, *and* reflects XSS, depending on which path you take.
+
+**vibe check** parallelizes the search. At every interesting page (a "fork point"), an LLM looks at the live screenshot + DOM, generates 2–5 adversarial intents tailored to what's actually on screen, and spawns an isolated Chromium context per intent. Each fork runs its own vision-loop agent: screenshot → reason → click/fill/eval → repeat, until a verdict (`bug` / `passed` / `tolerable`) is returned. The "control" branch that completes the happy flow chains into the next fork point, so attack surfaces compound rather than reset.
+
+The whole tree streams to the browser over SSE while it runs.
+
+---
+
+## How it works
+
+```
+ROOT (snapshot of app state)
+├── fp1.intent-A   xss-probe          → bug
+├── fp1.intent-B   control-normal     → passed ─┐
+├── fp1.intent-C   concurrency-stress → bug     │
+└── fp1.intent-D   input-fuzz         → bug     │
+                                                ▼
+                                ┌── fp2.intent-A
+                                ├── fp2.intent-B
+                                └── fp2.intent-C
+```
+
+1. **Discovery.** An LLM planner inspects the target and proposes fork points (form pages, settings, billing, etc.). For known demo targets, a pinned catalog skips discovery to avoid hallucinated 404 paths.
+2. **Intent generation.** At each fork point, GPT-4o-mini sees a real screenshot + compact DOM and produces 2–5 intents grounded in what's visible — not a fixed taxonomy.
+3. **Per-fork agent loop.** Each intent gets its own `BrowserContext`. The agent calls a tool-bound model that returns one of `click | fill | press | eval | done`, capped at 5 steps. CDP `captureScreenshot` polling streams frames into the UI.
+4. **Verdict aggregation.** A small bug catalog (XSS, server-error, validation-bypass, broken-ui-state, duplicate-state, auth-bypass, data-leak, crash) is enforced via OpenAI tool-call schemas, so verdicts arrive as typed structured data.
+5. **Live tree.** React Flow renders forks as they're created. Frames update in place. Each terminal node carries its evidence + a one-click "Claude-fix prompt" tailored to the bug.
+
+---
+
+## Stack
+
+- **Next.js 16 (App Router) + React 19** — UI, API routes, Server Components
+- **Playwright + @sparticuz/chromium** — headless browser per fork
+- **OpenAI** — `gpt-4o-mini` vision + function-calling for the agent loop and intent planner
+- **Server-Sent Events** — frame and event streaming to the tree UI
+- **React Flow (`@xyflow/react`)** — fork-tree layout
+- **Zod** — runtime validation of LLM-returned actions
+- **Vercel Sandbox** — for sandboxed dev/preview targets
+- **TypeScript, strict mode**
+
+---
+
+## Engineering details worth a look
+
+- **`lib/fork-runner.ts`** — orchestrates the multi-fork-point chain, pinned catalogs for known demo hosts, and per-fork context isolation.
+- **`lib/agent.ts`** — the vision agent loop. Tool-bound action schema means the model can never return free-form text the executor doesn't understand.
+- **`lib/runs.ts`** — in-memory pub/sub run store with a replay log, so SSE clients that connect late get the full event history before live tail. Stored on `globalThis` to survive Next.js dev hot-reloads.
+- **`lib/buggy-cart-server.ts`** — "Helix," a deliberately-buggy multi-page SaaS (issues / billing / settings) with 9 planted bugs across 5 categories. Doubles as a smoke target and a demo backdrop.
+- **`components/fork-tree.tsx`** — live tree UI with capped row heights, inline bug evidence, and the Claude-fix prompt panel.
+- **`scripts/fork-proof/run.ts`** — headless smoke harness that exercises the full fork-runner without the UI.
+
+---
+
+## Run locally
+
+```bash
+pnpm install
+echo "OPENAI_API_KEY=sk-..." > .env.local
+pnpm dev
+```
+
+Open http://localhost:3000, paste any URL (or leave blank to attack the built-in Helix app), and hit **Start**.
+
+```bash
+pnpm fork-proof          # headless end-to-end smoke
+pnpm helix               # serve the buggy demo target standalone
+pnpm m1:smoke            # M1 sandbox smoke
+```
+
+---
+
+## Project layout
+
+```
+app/
+  page.tsx               landing + start CTA
+  runs/[id]/page.tsx     live run view
+  api/runs/route.ts      POST /api/runs (kicks off a run)
+  api/runs/[id]/...      SSE stream + status endpoints
+components/
+  fork-tree.tsx          live tree UI (React Flow)
+lib/
+  fork-runner.ts         multi-fork orchestrator
+  agent.ts               vision-loop adversarial agent
+  buggy-cart-server.ts   the Helix demo target
+  runs.ts                in-memory run store + pub/sub
+  events.ts              typed run-event protocol
+  chromium-launcher.ts   sparticuz/chromium wiring
+scripts/
+  fork-proof/run.ts      headless smoke
+  helix.ts               serve Helix standalone
+slides/                  demo deck
+```
+
+---
+
+## What's intentionally not here
+
+This is a hackathon prototype. The run store is in-memory; there's no auth, no persistence, no rate limiting on the OpenAI calls, and the agent step cap is hardcoded. It's tuned for demos, not for production scale. The interesting parts are the agent loop, the fork topology, and the streaming protocol — those are all production-shaped.
+
+---
+
+## Credits
+
+Built by Toby Thurston for the Vercel × Parallel Agents hackathon, 2026.
diff --git a/app/globals.css b/app/globals.css
index e04cff8..0045292 100644
--- a/app/globals.css
+++ b/app/globals.css
@@ -95,25 +95,17 @@ kbd {
 
 .brand {
   display: inline-flex;
-  align-items: center;
+  align-items: baseline;
   gap: 0.55rem;
-  letter-spacing: -0.01em;
-}
-
-.brand-mark {
-  display: inline-flex;
-  align-items: center;
-  justify-content: center;
-  width: 22px;
-  height: 22px;
-  border-radius: 5px;
-  background: var(--accent);
-  color: #0a0b0d;
 }
 
 .brand strong {
-  font-weight: 600;
-  font-size: 0.92rem;
+  font-family: var(--font-serif), Georgia, serif;
+  font-style: italic;
+  font-weight: 500;
+  font-size: 1.25rem;
+  letter-spacing: -0.02em;
+  color: var(--ink);
 }
 
 .env-chip {
diff --git a/app/page.tsx b/app/page.tsx
index 645c3b6..fd35335 100644
--- a/app/page.tsx
+++ b/app/page.tsx
@@ -46,17 +46,6 @@ export default function Home() {
 
       <nav className="top-nav">
         <div className="brand">
-          <span className="brand-mark" aria-hidden="true">
-            <svg viewBox="0 0 16 16" width="14" height="14">
-              <path
-                d="M2 8 L7 8 M7 8 L13 3 M7 8 L13 8 M7 8 L13 13"
-                stroke="currentColor"
-                strokeWidth="1.5"
-                fill="none"
-                strokeLinecap="round"
-              />
-            </svg>
-          </span>
           <strong>vibe check</strong>
         </div>
         <div className="env-chip">
diff --git a/components/fork-tree.tsx b/components/fork-tree.tsx
index 79be445..a437485 100644
--- a/components/fork-tree.tsx
+++ b/components/fork-tree.tsx
@@ -94,6 +94,12 @@ const STATUS_COLOR: Record<
 }
 
 function RootNodeView({ data }: NodeProps<Node<RootNode>>) {
+  const isLoading = data.cartSize === undefined
+  const cartLabel = isLoading
+    ? 'Preparing shared state…'
+    : data.cartSize === 0
+    ? 'Starting from an empty cart'
+    : `Cart starts with ${data.cartSize} item${data.cartSize === 1 ? '' : 's'}`
   return (
     <div
       style={{
@@ -117,8 +123,32 @@ function RootNodeView({ data }: NodeProps<Node<RootNode>>) {
       >
         Fork point · shared state
       </div>
-      <div style={{ fontSize: 15, marginTop: 6, fontWeight: 500, letterSpacing: '-0.01em' }}>
-        Cart has {data.cartSize ?? '—'} items
+      <div
+        style={{
+          fontSize: 15,
+          marginTop: 6,
+          fontWeight: 500,
+          letterSpacing: '-0.01em',
+          display: 'flex',
+          alignItems: 'center',
+          gap: 8,
+          color: isLoading ? '#9ea3ad' : '#ececee',
+        }}
+      >
+        {isLoading && (
+          <span
+            aria-hidden
+            style={{
+              width: 6,
+              height: 6,
+              borderRadius: '50%',
+              background: '#7aa7ff',
+              animation: 'pulse 1.4s ease-in-out infinite',
+              flexShrink: 0,
+            }}
+          />
+        )}
+        {cartLabel}
       </div>
       <div
         style={{
@@ -955,7 +985,7 @@ export function RunView({ runId }: { runId: string }) {
           aria-label="back to home"
           title="back to home"
         >
-          ◆ <strong>vibe check</strong>
+          <strong>vibe check</strong>
           <span className="tag">/ run {shortId(runId)}</span>
         </Link>
 
diff --git a/lib/fork-runner.ts b/lib/fork-runner.ts
index 3e4d178..5373583 100644
--- a/lib/fork-runner.ts
+++ b/lib/fork-runner.ts
@@ -46,7 +46,50 @@ type ForkPoint = {
   /** id of the prior fork point this one chains from (parent will be that point's control). */
   chainsFrom?: string
   /** What server-side state to count toward "created N items" duplicate detection. */
-  countStateKey?: 'issues' | 'orders'
+  countStateKey?: 'issues' | 'orders' | 'tasks'
+}
+
+// Pinned fork-point catalogs for known demo targets. Used to bypass the
+// LLM discovery pass when we already know the right paths — avoids the
+// "agent navigated to a 404 then hallucinated #title" failure mode.
+const KNOWN_TARGETS: Record<string, ForkPoint[]> = {
+  'riverline-hackathon-test.vercel.app': [
+    {
+      id: 'fp-tasks-new',
+      index: 0,
+      title: 'Create task',
+      initialUrl: '/tasks/new',
+      context:
+        'Task creation form (Riverline). Likely fields include title, description, priority, assignee. Probe for reflected XSS in the title, server crashes on empty inputs, and concurrent-submit duplicate creates.',
+      countStateKey: 'tasks',
+    },
+    {
+      id: 'fp-billing',
+      index: 1,
+      title: 'Billing checkout',
+      initialUrl: '/billing',
+      context:
+        'Plan / billing form (Riverline). Likely fields include seats, coupon, email, name, card. Probe for negative seats, coupon abuse, missing-email crashes, and concurrent-submit duplicate orders.',
+      countStateKey: 'orders',
+      chainsFrom: 'fp-tasks-new',
+    },
+    {
+      id: 'fp-settings',
+      index: 2,
+      title: 'Profile settings',
+      initialUrl: '/settings',
+      context:
+        'Profile / settings page (Riverline). Likely fields include display name and avatar URL. Probe for javascript: URL schemes and reflected payloads in profile fields.',
+    },
+  ],
+}
+
+function pickKnownTargetForkPoints(serverUrl: string): ForkPoint[] | undefined {
+  try {
+    return KNOWN_TARGETS[new URL(serverUrl).hostname]
+  } catch {
+    return undefined
+  }
 }
 
 // ---------- Browser config ----------
@@ -328,7 +371,12 @@ async function evaluateVerdict(
   let itemsCreated = 0
   if (fp.countStateKey) {
     try {
-      const path = fp.countStateKey === 'issues' ? '/api/issues' : '/api/orders'
+      const path =
+        fp.countStateKey === 'issues'
+          ? '/api/issues'
+          : fp.countStateKey === 'tasks'
+            ? '/api/tasks'
+            : '/api/orders'
       const r = await page.evaluate(
         (u) => fetch(u).then((rr) => rr.json()).catch(() => ({})),
         serverUrl + path
@@ -621,13 +669,30 @@ async function runForkPoint(opts: {
   // Warm a context to the fork-point URL and snapshot its state.
   const warmCtx = await browser.newContext({ viewport: VIEWPORT })
   const warmPage = await warmCtx.newPage()
+  let warmStatus: number | undefined
   try {
-    await warmPage.goto(serverUrl + fp.initialUrl)
+    const resp = await warmPage.goto(serverUrl + fp.initialUrl)
+    warmStatus = resp?.status()
     await warmPage.waitForLoadState('domcontentloaded').catch(() => {})
   } catch (e) {
     console.log(`[runner ${fp.id}] warm goto failed:`, (e as Error).message)
   }
 
+  // If the fork-point URL doesn't actually exist on the target, bail out
+  // cleanly instead of generating intents against a 404 (which causes the
+  // agent to hallucinate selectors like #title that aren't on the page).
+  if (warmStatus !== undefined && warmStatus >= 400) {
+    console.log(`[runner ${fp.id}] warm goto returned HTTP ${warmStatus} — skipping fork point`)
+    await warmCtx.close().catch(() => {})
+    emit(runId, {
+      type: 'phase_complete',
+      phaseId: fp.id,
+      phaseIndex: fp.index,
+      at: Date.now(),
+    })
+    return { bugsFound: 0, controlForkId: undefined, intentsRun: 0 }
+  }
+
   // Generate intents from a screenshot + DOM (or fall back).
   let intents: GeneratedIntent[]
   if (useLLM) {
@@ -747,7 +812,11 @@ export async function runForkExperiment(
   // actually there (forms, mutations, inputs) and proposes 1-4 pages worth
   // probing. Falls back to the entry URL alone if discovery fails or no API key.
   let pointsToRun: ForkPoint[]
-  if (useLLM) {
+  const pinned = pickKnownTargetForkPoints(serverUrl)
+  if (pinned) {
+    console.log(`[runner] using pinned fork points for known target: ${new URL(serverUrl).hostname}`)
+    pointsToRun = pinned
+  } else if (useLLM) {
     let discovered: Awaited<ReturnType<typeof discoverForkPoints>> | undefined
     try {
       const reconCtx = await browser.newContext({ viewport: VIEWPORT })
diff --git a/slides/index.html b/slides/index.html
new file mode 100644
index 0000000..ccd1e85
--- /dev/null
+++ b/slides/index.html
@@ -0,0 +1,333 @@
+<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>vibe check — slides</title>
+<style>
+  :root {
+    --bg: #0a0a0b;
+    --bg-soft: #141415;
+    --ink: #eaeaea;
+    --ink-soft: #9aa0a6;
+    --line: #2f333b;
+    --brand: #635bff;
+    --accent: #00d4ff;
+    --ok: #16a34a;
+    --warn: #ea580c;
+    --bug: #dc2626;
+    --xss: #9333ea;
+  }
+  * { box-sizing: border-box; margin: 0; padding: 0; }
+  html, body { height: 100%; }
+  body {
+    background: var(--bg);
+    color: var(--ink);
+    font-family: ui-sans-serif, system-ui, -apple-system, "Segoe UI", Roboto, sans-serif;
+    overflow: hidden;
+    -webkit-font-smoothing: antialiased;
+  }
+  .deck { position: relative; width: 100vw; height: 100vh; }
+  .slide {
+    position: absolute; inset: 0;
+    display: none;
+    flex-direction: column;
+    justify-content: center;
+    padding: 6vh 8vw;
+    opacity: 0;
+    transition: opacity 0.25s ease;
+  }
+  .slide.active { display: flex; opacity: 1; }
+
+  h1 { font-size: clamp(2.2rem, 6vw, 5rem); line-height: 1.05; letter-spacing: -0.02em; font-weight: 700; }
+  h1 em { color: var(--accent); font-style: normal; }
+  h2 { font-size: clamp(1.6rem, 3.6vw, 2.6rem); letter-spacing: -0.01em; margin-bottom: 0.6em; font-weight: 700; }
+  h3 { font-size: 1rem; color: var(--ink-soft); text-transform: uppercase; letter-spacing: 0.18em; margin-bottom: 0.4em; }
+  p, li { font-size: clamp(1rem, 1.6vw, 1.4rem); color: var(--ink-soft); line-height: 1.5; }
+  ul { list-style: none; }
+  ul li { padding: 0.4em 0; padding-left: 1.4em; position: relative; }
+  ul li::before { content: ""; position: absolute; left: 0; top: 0.95em; width: 0.7em; height: 1px; background: var(--brand); }
+  strong { color: var(--ink); font-weight: 600; }
+  code, .mono { font-family: ui-monospace, SFMono-Regular, Menlo, monospace; font-size: 0.92em; background: var(--bg-soft); border: 1px solid var(--line); padding: 0.1em 0.4em; border-radius: 4px; }
+
+  .tagline { color: var(--ink-soft); margin-top: 1.2em; font-size: 1.2rem; }
+  .brand-bar { display: flex; align-items: center; gap: 0.6em; color: var(--ink-soft); font-size: 0.9rem; letter-spacing: 0.16em; text-transform: uppercase; }
+  .brand-bar .dot { width: 8px; height: 8px; border-radius: 50%; background: var(--ok); box-shadow: 0 0 12px var(--ok); }
+
+  .grid-2 { display: grid; grid-template-columns: 1fr 1fr; gap: 4vw; align-items: start; }
+  .grid-3 { display: grid; grid-template-columns: repeat(3, 1fr); gap: 2vw; }
+  .card { border: 1px solid var(--line); border-radius: 12px; padding: 1.4em 1.6em; background: var(--bg-soft); }
+  .card h4 { font-size: 1.1rem; margin-bottom: 0.5em; color: var(--ink); }
+  .card p { font-size: 0.95rem; }
+
+  .pill { display: inline-block; padding: 0.25em 0.7em; border-radius: 999px; border: 1px solid var(--line); font-size: 0.8rem; color: var(--ink-soft); margin-right: 0.4em; }
+  .stack { display: flex; flex-wrap: wrap; gap: 0.4em; margin-top: 0.8em; }
+
+  .stat { display: flex; flex-direction: column; gap: 0.2em; }
+  .stat .num { font-size: clamp(2rem, 5vw, 4rem); font-weight: 700; color: var(--accent); letter-spacing: -0.02em; }
+  .stat .lbl { color: var(--ink-soft); font-size: 0.95rem; text-transform: uppercase; letter-spacing: 0.12em; }
+
+  .bug-grid { display: grid; grid-template-columns: repeat(3, 1fr); gap: 1em; margin-top: 1em; }
+  .bug { border: 1px solid var(--line); border-radius: 8px; padding: 0.8em 1em; background: var(--bg-soft); }
+  .bug .kind { font-size: 0.7rem; letter-spacing: 0.16em; text-transform: uppercase; color: var(--accent); }
+  .bug .what { color: var(--ink); font-size: 0.95rem; margin-top: 0.3em; }
+
+  .nav { position: fixed; bottom: 16px; right: 24px; display: flex; gap: 8px; align-items: center; color: var(--ink-soft); font-size: 0.85rem; font-family: ui-monospace, monospace; }
+  .nav button { background: var(--bg-soft); border: 1px solid var(--line); color: var(--ink); width: 30px; height: 30px; border-radius: 6px; cursor: pointer; font-size: 0.9rem; }
+  .nav button:hover { border-color: var(--brand); }
+  .nav .count { padding: 0 0.4em; }
+
+  /* Diagram */
+  .fork-svg { max-width: 70%; margin: 2em 0; display: block; }
+  .fork-svg .trunk { stroke: var(--brand); stroke-width: 2; fill: none; }
+  .fork-svg .branch { stroke: var(--ink-soft); stroke-width: 1.6; fill: none; opacity: 0.85; }
+  .fork-svg .b-bug { stroke: var(--bug); }
+  .fork-svg .b-pass { stroke: var(--ok); }
+  .fork-svg .node { fill: var(--bg-soft); stroke: var(--brand); stroke-width: 1.4; }
+  .fork-svg text { fill: var(--ink); font: 11px ui-monospace, monospace; }
+  .fork-svg .lbl { fill: var(--ink-soft); }
+
+  .ambient {
+    position: fixed; inset: 0; pointer-events: none; z-index: -1;
+    background:
+      radial-gradient(800px 400px at 80% -10%, rgba(99, 91, 255, 0.18), transparent 60%),
+      radial-gradient(600px 300px at -10% 110%, rgba(0, 212, 255, 0.12), transparent 60%);
+  }
+  .progress { position: fixed; top: 0; left: 0; height: 2px; background: var(--brand); transition: width 0.25s ease; z-index: 10; }
+
+  kbd { background: var(--bg-soft); border: 1px solid var(--line); padding: 0.1em 0.5em; border-radius: 4px; font-family: ui-monospace, monospace; font-size: 0.85em; }
+</style>
+</head>
+<body>
+<div class="ambient"></div>
+<div class="progress" id="progress"></div>
+
+<div class="deck" id="deck">
+
+  <!-- 1. TITLE -->
+  <section class="slide">
+    <div class="brand-bar"><span class="dot"></span> vibe check</div>
+    <h1 style="margin-top: 0.5em;">One snapshot,<br/>a swarm of agents,<br/><em>every</em> bug at once.</h1>
+    <p class="tagline">snapshot · fork · diff</p>
+    <div class="stack" style="margin-top: 2em;">
+      <span class="pill">vercel sandbox</span>
+      <span class="pill">playwright</span>
+      <span class="pill">openai gpt-4o-mini</span>
+      <span class="pill">chromium</span>
+    </div>
+  </section>
+
+  <!-- 2. THE PROBLEM -->
+  <section class="slide">
+    <h3>The problem</h3>
+    <h2>Manual QA tests one path at a time.</h2>
+    <div class="grid-2" style="margin-top: 1.5em;">
+      <div>
+        <ul>
+          <li>Real users diverge — they fuzz inputs, double-click, paste payloads.</li>
+          <li>Each tester explores <strong>one</strong> branch; the rest of the tree never gets walked.</li>
+          <li>Bugs that need <strong>concurrent or adversarial</strong> behavior almost always slip past.</li>
+        </ul>
+      </div>
+      <div class="card">
+        <h4>What slips through</h4>
+        <p>races, XSS, validation bypass, broken UI state, server crashes, auth holes — all need someone to <em>actively try to break it</em>.</p>
+      </div>
+    </div>
+  </section>
+
+  <!-- 3. THE IDEA -->
+  <section class="slide">
+    <h3>The idea</h3>
+    <h2>Fork the browser. Run every &ldquo;what if&rdquo; in parallel.</h2>
+    <p style="margin-top: 1em; max-width: 50ch;">
+      One snapshot of the page. The model proposes 2&ndash;5 adversarial intents based on what's actually rendered. Each intent gets its own headless Chromium context, driven by a vision agent. They all run at the same time.
+    </p>
+
+    <svg class="fork-svg" viewBox="0 0 480 240">
+      <rect class="node" x="10" y="108" width="60" height="24" rx="4"/>
+      <text x="40" y="124" text-anchor="middle">snap</text>
+
+      <path class="trunk" d="M 70 120 L 180 120"/>
+      <circle class="node" cx="180" cy="120" r="5"/>
+
+      <path class="branch b-pass" d="M 180 120 C 240 120, 260 30, 340 30"/>
+      <path class="branch b-bug"  d="M 180 120 C 240 120, 260 80, 340 80"/>
+      <path class="branch"        d="M 180 120 C 240 120, 260 130, 340 130"/>
+      <path class="branch b-bug"  d="M 180 120 C 240 120, 260 180, 340 180"/>
+      <path class="branch"        d="M 180 120 C 240 120, 260 220, 340 220"/>
+
+      <circle class="node" cx="340" cy="30"  r="5"/><text class="lbl" x="354" y="34">control · passed</text>
+      <circle class="node" cx="340" cy="80"  r="5"/><text class="lbl" x="354" y="84">race · 🐛 bug</text>
+      <circle class="node" cx="340" cy="130" r="5"/><text class="lbl" x="354" y="134">validation</text>
+      <circle class="node" cx="340" cy="180" r="5"/><text class="lbl" x="354" y="184">xss · 🐛 bug</text>
+      <circle class="node" cx="340" cy="220" r="5"/><text class="lbl" x="354" y="224">fuzz</text>
+    </svg>
+  </section>
+
+  <!-- 4. HOW IT WORKS -->
+  <section class="slide">
+    <h3>How it works</h3>
+    <h2>Snapshot · Fork · Diff</h2>
+    <div class="grid-3" style="margin-top: 1.2em;">
+      <div class="card">
+        <h4>1. Snapshot</h4>
+        <p>Open the target URL once. Capture screenshot + DOM + storage state. This is the shared starting point.</p>
+      </div>
+      <div class="card">
+        <h4>2. Fork</h4>
+        <p>GPT-4o-mini reads the page and writes 2&ndash;5 adversarial intents. Each spawns its own headless browser context, resumed from the snapshot.</p>
+      </div>
+      <div class="card">
+        <h4>3. Diff</h4>
+        <p>The control fork must succeed. Any fork that triggers a dialog, a 5xx, duplicates, or the agent's own bug verdict gets flagged.</p>
+      </div>
+    </div>
+  </section>
+
+  <!-- 5. THE AGENT LOOP -->
+  <section class="slide">
+    <h3>Inside one fork</h3>
+    <h2>Screenshot &rarr; LLM &rarr; action &rarr; repeat.</h2>
+    <div class="grid-2" style="margin-top: 1.5em;">
+      <div>
+        <ul>
+          <li>Take a JPEG of the page + a DOM snippet.</li>
+          <li>Send to GPT-4o-mini with the intent: <em>&ldquo;break the inputs&rdquo;</em>, <em>&ldquo;inject XSS&rdquo;</em>, <em>&ldquo;cause a race&rdquo;</em>.</li>
+          <li>Model returns one of: <code>click</code> · <code>fill</code> · <code>press</code> · <code>eval</code> · <code>spawn</code> · <code>done</code>.</li>
+          <li>Playwright executes. Loop, up to 5 steps.</li>
+          <li><code>spawn</code> recursively forks again — up to 3 levels deep, 22 forks per run.</li>
+        </ul>
+      </div>
+      <div class="card">
+        <h4>Verdict signals</h4>
+        <p><strong style="color:var(--xss)">XSS</strong> — a JS dialog fired<br/>
+        <strong style="color:var(--bug)">5xx</strong> — server returned 500+<br/>
+        <strong style="color:var(--warn)">RACE</strong> — N items created when 1 was expected<br/>
+        <strong style="color:var(--ok)">PASS</strong> — control fork completed cleanly</p>
+      </div>
+    </div>
+  </section>
+
+  <!-- 6. DEMO TARGET -->
+  <section class="slide">
+    <h3>The target</h3>
+    <h2>&ldquo;Helix&rdquo; — a deliberately-broken Linear/Notion clone.</h2>
+    <p style="margin-top: 1em;">Built in to the runner. Nine planted bugs across issues, billing, and settings.</p>
+    <div class="bug-grid">
+      <div class="bug"><div class="kind">RACE</div><div class="what">POST /api/issues — no idempotency, dupes on double-submit</div></div>
+      <div class="bug"><div class="kind">XSS</div><div class="what">Issue list renders titles via innerHTML</div></div>
+      <div class="bug"><div class="kind">5XX</div><div class="what">Empty title crashes <code>.toUpperCase()</code></div></div>
+      <div class="bug"><div class="kind">BROKEN UI</div><div class="what">Negative seats &rarr; negative billing total</div></div>
+      <div class="bug"><div class="kind">VALIDATION</div><div class="what">Coupon FREE100 zeros out the order</div></div>
+      <div class="bug"><div class="kind">RACE</div><div class="what">POST /api/billing — duplicate orders</div></div>
+      <div class="bug"><div class="kind">5XX</div><div class="what">Missing email crashes <code>.split('@')</code></div></div>
+      <div class="bug"><div class="kind">XSS</div><div class="what">/billing/success renders ?name= via innerHTML</div></div>
+      <div class="bug"><div class="kind">XSS</div><div class="what">Settings avatar accepts <code>javascript:</code> URLs</div></div>
+    </div>
+  </section>
+
+  <!-- 7. UI / WHAT YOU SEE -->
+  <section class="slide">
+    <h3>What the operator sees</h3>
+    <h2>A live tree of every fork, streaming.</h2>
+    <ul style="margin-top: 1em;">
+      <li>Every fork is a node — screenshots stream in via Chrome DevTools Protocol, ~5 fps.</li>
+      <li>Bug forks turn red. Hover for the evidence: dialog count, 5xx count, duplicate rows.</li>
+      <li>Click into a bug node &rarr; expanded view with the agent's step-by-step thoughts and replay scrubber.</li>
+      <li>One-click <strong>&ldquo;Fix with Claude&rdquo;</strong> generates a prompt with the failing intent + bug evidence.</li>
+    </ul>
+  </section>
+
+  <!-- 8. STACK -->
+  <section class="slide">
+    <h3>Stack</h3>
+    <h2>Boring pieces, novel arrangement.</h2>
+    <div class="grid-3" style="margin-top: 1.2em;">
+      <div class="card">
+        <h4>Frontend</h4>
+        <p>Next.js 16 (App Router) · React 19 · @xyflow/react for the live tree · server-sent events for streaming frames.</p>
+      </div>
+      <div class="card">
+        <h4>Runner</h4>
+        <p>Playwright + Chromium · CDP <code>Page.captureScreenshot</code> polling · per-fork <code>BrowserContext</code> with replayed storage state.</p>
+      </div>
+      <div class="card">
+        <h4>Brain</h4>
+        <p>OpenAI GPT-4o-mini with vision · structured tool calls (<code>pick_action</code>, <code>generate_intents</code>, <code>discover_fork_points</code>).</p>
+      </div>
+    </div>
+    <div class="stack" style="margin-top: 2em;">
+      <span class="pill">deployable on vercel sandbox</span>
+      <span class="pill">@sparticuz/chromium for serverless</span>
+      <span class="pill">zod schemas</span>
+    </div>
+  </section>
+
+  <!-- 9. WHY IT WORKS -->
+  <section class="slide">
+    <h3>Why this beats one-tester-at-a-time</h3>
+    <h2>Parallel adversarial coverage in a single run.</h2>
+    <div class="grid-3" style="margin-top: 1.2em;">
+      <div class="stat"><span class="num">22</span><span class="lbl">forks per run, max</span></div>
+      <div class="stat"><span class="num">3</span><span class="lbl">recursion depth</span></div>
+      <div class="stat"><span class="num">9 / 9</span><span class="lbl">planted bugs surfaced on Helix</span></div>
+    </div>
+    <p style="margin-top: 2em; max-width: 60ch;">
+      You don't write tests. You don't write payloads. You point it at a URL and watch the tree fill in. The bugs that surface are the ones a curious human would have found — if you had a hundred curious humans.
+    </p>
+  </section>
+
+  <!-- 10. THANKS -->
+  <section class="slide">
+    <div class="brand-bar"><span class="dot"></span> vibe check</div>
+    <h1 style="margin-top: 0.5em;">Try it.</h1>
+    <p class="tagline">point it at a URL — get a tree of every way it breaks.</p>
+    <p style="margin-top: 3em; font-family: ui-monospace, monospace; color: var(--ink-soft);">
+      <kbd>&larr;</kbd> <kbd>&rarr;</kbd> to navigate &nbsp;·&nbsp; <kbd>f</kbd> for fullscreen
+    </p>
+  </section>
+
+</div>
+
+<div class="nav">
+  <button id="prev" aria-label="previous">&larr;</button>
+  <span class="count"><span id="cur">1</span> / <span id="total">1</span></span>
+  <button id="next" aria-label="next">&rarr;</button>
+</div>
+
+<script>
+  const slides = document.querySelectorAll('.slide');
+  const total = slides.length;
+  document.getElementById('total').textContent = total;
+  let i = 0;
+  const progress = document.getElementById('progress');
+  const cur = document.getElementById('cur');
+
+  function show(n) {
+    i = Math.max(0, Math.min(total - 1, n));
+    slides.forEach((s, idx) => s.classList.toggle('active', idx === i));
+    cur.textContent = i + 1;
+    progress.style.width = ((i + 1) / total * 100) + '%';
+    history.replaceState(null, '', '#' + (i + 1));
+  }
+
+  document.getElementById('prev').onclick = () => show(i - 1);
+  document.getElementById('next').onclick = () => show(i + 1);
+
+  document.addEventListener('keydown', (e) => {
+    if (e.key === 'ArrowRight' || e.key === ' ' || e.key === 'PageDown') { e.preventDefault(); show(i + 1); }
+    else if (e.key === 'ArrowLeft' || e.key === 'PageUp') { e.preventDefault(); show(i - 1); }
+    else if (e.key === 'Home') show(0);
+    else if (e.key === 'End') show(total - 1);
+    else if (e.key === 'f' || e.key === 'F') {
+      if (!document.fullscreenElement) document.documentElement.requestFullscreen();
+      else document.exitFullscreen();
+    }
+  });
+
+  const initial = parseInt(location.hash.replace('#', ''), 10);
+  show(Number.isFinite(initial) && initial > 0 ? initial - 1 : 0);
+</script>
+</body>
+</html>