diff --git a/README.md b/README.md
index 1289ccf..c139268 100644
--- a/README.md
+++ b/README.md
@@ -36,7 +36,7 @@ certctl is a self-hosted platform that automates the entire certificate lifecycl
 | [Architecture](docs/architecture.md) | System design, data flow diagrams, security model |
 | [Connectors](docs/connectors.md) | Build custom issuer, target, and notifier connectors |
 | [Compliance Mapping](docs/compliance.md) | SOC 2 Type II, PCI-DSS 4.0, NIST SP 800-57 alignment guides |
-| [Manual Testing Guide](docs/testing-guide.md) | 284 tests across 25 areas — full V2 QA runbook with exact commands and pass/fail criteria |
+| [Manual Testing Guide](docs/testing-guide.md) | Extensively tested — full V2 QA runbook with exact commands and pass/fail criteria |
 
 ## Contents
 
@@ -87,29 +87,29 @@ certctl gives you a single pane of glass for every TLS certificate in your organ
 
 <table>
 <tr>
-<td><a href="docs/screenshots/v2/dashboard.png"><img src="docs/screenshots/v2/dashboard.png" width="270" alt="Dashboard"></a><br><b>Dashboard</b><br><sub>Stats, expiration heatmap, renewal trends</sub></td>
-<td><a href="docs/screenshots/v2/certificates.png"><img src="docs/screenshots/v2/certificates.png" width="270" alt="Certificates"></a><br><b>Certificates</b><br><sub>Inventory with status, owner, team filters</sub></td>
-<td><a href="docs/screenshots/v2/agents.png"><img src="docs/screenshots/v2/agents.png" width="270" alt="Agents"></a><br><b>Agents</b><br><sub>Fleet health, OS/arch, IP, version</sub></td>
+<td><a href="docs/screenshots/v2-dashboard.png"><img src="docs/screenshots/v2-dashboard.png" width="270" alt="Dashboard"></a><br><b>Dashboard</b><br><sub>Stats, expiration heatmap, renewal trends</sub></td>
+<td><a href="docs/screenshots/v2-certificates.png"><img src="docs/screenshots/v2-certificates.png" width="270" alt="Certificates"></a><br><b>Certificates</b><br><sub>Inventory with status, owner, team filters</sub></td>
+<td><a href="docs/screenshots/v2-agents.png"><img src="docs/screenshots/v2-agents.png" width="270" alt="Agents"></a><br><b>Agents</b><br><sub>Fleet health, OS/arch, IP, version</sub></td>
 </tr>
 <tr>
-<td><a href="docs/screenshots/v2/fleet-overview.png"><img src="docs/screenshots/v2/fleet-overview.png" width="270" alt="Fleet Overview"></a><br><b>Fleet Overview</b><br><sub>OS distribution, status breakdown</sub></td>
-<td><a href="docs/screenshots/v2/jobs.png"><img src="docs/screenshots/v2/jobs.png" width="270" alt="Jobs"></a><br><b>Jobs</b><br><sub>Issuance, renewal, deployment queue</sub></td>
-<td><a href="docs/screenshots/v2/notifications.png"><img src="docs/screenshots/v2/notifications.png" width="270" alt="Notifications"></a><br><b>Notifications</b><br><sub>Expiration warnings, renewal results</sub></td>
+<td><a href="docs/screenshots/v2-fleet.png"><img src="docs/screenshots/v2-fleet.png" width="270" alt="Fleet Overview"></a><br><b>Fleet Overview</b><br><sub>OS distribution, status breakdown</sub></td>
+<td><a href="docs/screenshots/v2-jobs.png"><img src="docs/screenshots/v2-jobs.png" width="270" alt="Jobs"></a><br><b>Jobs</b><br><sub>Issuance, renewal, deployment queue</sub></td>
+<td><a href="docs/screenshots/v2-notifications.png"><img src="docs/screenshots/v2-notifications.png" width="270" alt="Notifications"></a><br><b>Notifications</b><br><sub>Expiration warnings, renewal results</sub></td>
 </tr>
 <tr>
-<td><a href="docs/screenshots/v2/policies.png"><img src="docs/screenshots/v2/policies.png" width="270" alt="Policies"></a><br><b>Policies</b><br><sub>Ownership, lifetime, renewal rules</sub></td>
-<td><a href="docs/screenshots/v2/profiles.png"><img src="docs/screenshots/v2/profiles.png" width="270" alt="Profiles"></a><br><b>Profiles</b><br><sub>Key types, max TTL, crypto constraints</sub></td>
-<td><a href="docs/screenshots/v2/issuers.png"><img src="docs/screenshots/v2/issuers.png" width="270" alt="Issuers"></a><br><b>Issuers</b><br><sub>Local CA, ACME, step-ca connectors</sub></td>
+<td><a href="docs/screenshots/v2-policies.png"><img src="docs/screenshots/v2-policies.png" width="270" alt="Policies"></a><br><b>Policies</b><br><sub>Ownership, lifetime, renewal rules</sub></td>
+<td><a href="docs/screenshots/v2-profiles.png"><img src="docs/screenshots/v2-profiles.png" width="270" alt="Profiles"></a><br><b>Profiles</b><br><sub>Key types, max TTL, crypto constraints</sub></td>
+<td><a href="docs/screenshots/v2-issuers.png"><img src="docs/screenshots/v2-issuers.png" width="270" alt="Issuers"></a><br><b>Issuers</b><br><sub>Local CA, ACME, step-ca connectors</sub></td>
 </tr>
 <tr>
-<td><a href="docs/screenshots/v2/targets.png"><img src="docs/screenshots/v2/targets.png" width="270" alt="Targets"></a><br><b>Targets</b><br><sub>NGINX, Apache, HAProxy deployment</sub></td>
-<td><a href="docs/screenshots/v2/owners.png"><img src="docs/screenshots/v2/owners.png" width="270" alt="Owners"></a><br><b>Owners</b><br><sub>Cert ownership with team assignment</sub></td>
-<td><a href="docs/screenshots/v2/teams.png"><img src="docs/screenshots/v2/teams.png" width="270" alt="Teams"></a><br><b>Teams</b><br><sub>Org grouping for notification routing</sub></td>
+<td><a href="docs/screenshots/v2-targets.png"><img src="docs/screenshots/v2-targets.png" width="270" alt="Targets"></a><br><b>Targets</b><br><sub>NGINX, Apache, HAProxy deployment</sub></td>
+<td><a href="docs/screenshots/v2-owners.png"><img src="docs/screenshots/v2-owners.png" width="270" alt="Owners"></a><br><b>Owners</b><br><sub>Cert ownership with team assignment</sub></td>
+<td><a href="docs/screenshots/v2-teams.png"><img src="docs/screenshots/v2-teams.png" width="270" alt="Teams"></a><br><b>Teams</b><br><sub>Org grouping for notification routing</sub></td>
 </tr>
 <tr>
-<td><a href="docs/screenshots/v2/agent-groups.png"><img src="docs/screenshots/v2/agent-groups.png" width="270" alt="Agent Groups"></a><br><b>Agent Groups</b><br><sub>Dynamic grouping by OS, arch, CIDR</sub></td>
-<td><a href="docs/screenshots/v2/audit-trail.png"><img src="docs/screenshots/v2/audit-trail.png" width="270" alt="Audit Trail"></a><br><b>Audit Trail</b><br><sub>Immutable log, CSV/JSON export</sub></td>
-<td><a href="docs/screenshots/v2/short-lived.png"><img src="docs/screenshots/v2/short-lived.png" width="270" alt="Short-Lived"></a><br><b>Short-Lived Creds</b><br><sub>Ephemeral certs with live TTL countdown</sub></td>
+<td><a href="docs/screenshots/v2-agent-groups.png"><img src="docs/screenshots/v2-agent-groups.png" width="270" alt="Agent Groups"></a><br><b>Agent Groups</b><br><sub>Dynamic grouping by OS, arch, CIDR</sub></td>
+<td><a href="docs/screenshots/v2-audit-trail.png"><img src="docs/screenshots/v2-audit-trail.png" width="270" alt="Audit Trail"></a><br><b>Audit Trail</b><br><sub>Immutable log, CSV/JSON export</sub></td>
+<td><a href="docs/screenshots/v2-short-lived.png"><img src="docs/screenshots/v2-short-lived.png" width="270" alt="Short-Lived"></a><br><b>Short-Lived Creds</b><br><sub>Ephemeral certs with live TTL countdown</sub></td>
 </tr>
 </table>
 
diff --git a/docs/architecture.md b/docs/architecture.md
index 29d36e8..6d68f2e 100644
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -99,7 +99,7 @@ The dashboard includes an **ErrorBoundary component** for graceful error recover
 **Tech decisions**:
 - Vite for fast builds and HMR during development
 - TanStack Query over manual fetch/useEffect for automatic cache invalidation and refetching
-- Dark theme default (ops teams live in dark mode)
+- Light content area with branded dark teal sidebar, Inter + JetBrains Mono typography
 - SSE/WebSocket planned for real-time job status updates
 
 ### PostgreSQL Database
diff --git a/docs/screenshots/v2-agent-groups.png b/docs/screenshots/v2-agent-groups.png
new file mode 100644
index 0000000..696a82f
Binary files /dev/null and b/docs/screenshots/v2-agent-groups.png differ
diff --git a/docs/screenshots/v2-agents.png b/docs/screenshots/v2-agents.png
new file mode 100644
index 0000000..5c69bbf
Binary files /dev/null and b/docs/screenshots/v2-agents.png differ
diff --git a/docs/screenshots/v2-audit-trail.png b/docs/screenshots/v2-audit-trail.png
new file mode 100644
index 0000000..13452e1
Binary files /dev/null and b/docs/screenshots/v2-audit-trail.png differ
diff --git a/docs/screenshots/v2-certificates.png b/docs/screenshots/v2-certificates.png
new file mode 100644
index 0000000..78a2999
Binary files /dev/null and b/docs/screenshots/v2-certificates.png differ
diff --git a/docs/screenshots/v2-dashboard.png b/docs/screenshots/v2-dashboard.png
new file mode 100644
index 0000000..ce12244
Binary files /dev/null and b/docs/screenshots/v2-dashboard.png differ
diff --git a/docs/screenshots/v2-fleet.png b/docs/screenshots/v2-fleet.png
new file mode 100644
index 0000000..9bfac3b
Binary files /dev/null and b/docs/screenshots/v2-fleet.png differ
diff --git a/docs/screenshots/v2-issuers.png b/docs/screenshots/v2-issuers.png
new file mode 100644
index 0000000..34efb0c
Binary files /dev/null and b/docs/screenshots/v2-issuers.png differ
diff --git a/docs/screenshots/v2-jobs.png b/docs/screenshots/v2-jobs.png
new file mode 100644
index 0000000..42c1fa5
Binary files /dev/null and b/docs/screenshots/v2-jobs.png differ
diff --git a/docs/screenshots/v2-notifications.png b/docs/screenshots/v2-notifications.png
new file mode 100644
index 0000000..3f14847
Binary files /dev/null and b/docs/screenshots/v2-notifications.png differ
diff --git a/docs/screenshots/v2-owners.png b/docs/screenshots/v2-owners.png
new file mode 100644
index 0000000..f08f822
Binary files /dev/null and b/docs/screenshots/v2-owners.png differ
diff --git a/docs/screenshots/v2-policies.png b/docs/screenshots/v2-policies.png
new file mode 100644
index 0000000..f00a275
Binary files /dev/null and b/docs/screenshots/v2-policies.png differ
diff --git a/docs/screenshots/v2-profiles.png b/docs/screenshots/v2-profiles.png
new file mode 100644
index 0000000..ee2bdd1
Binary files /dev/null and b/docs/screenshots/v2-profiles.png differ
diff --git a/docs/screenshots/v2-short-lived.png b/docs/screenshots/v2-short-lived.png
new file mode 100644
index 0000000..0cf3f30
Binary files /dev/null and b/docs/screenshots/v2-short-lived.png differ
diff --git a/docs/screenshots/v2-targets.png b/docs/screenshots/v2-targets.png
new file mode 100644
index 0000000..586d249
Binary files /dev/null and b/docs/screenshots/v2-targets.png differ
diff --git a/docs/screenshots/v2-teams.png b/docs/screenshots/v2-teams.png
new file mode 100644
index 0000000..c3e7dc0
Binary files /dev/null and b/docs/screenshots/v2-teams.png differ
diff --git a/docs/testing-guide.md b/docs/testing-guide.md
index 724bc99..804b56c 100644
--- a/docs/testing-guide.md
+++ b/docs/testing-guide.md
@@ -6,7 +6,7 @@ Comprehensive manual testing playbook. Every test has a concrete command, an exp
 
 ## Prerequisites
 
-### Why manual QA on top of 900+ automated tests?
+### Why manual QA on top of automated tests?
 
 Automated tests mock dependencies and run in isolation. Manual QA validates the full integrated stack: real PostgreSQL, real HTTP, real agent binary, real file I/O, real scheduler timing. It catches issues that unit tests can't: migration ordering, Docker networking, env var parsing, browser rendering, and timing-dependent scheduler behavior.
 
@@ -1423,6 +1423,42 @@ curl -s -w "\nHTTP %{http_code}\n" -X POST -H "$AUTH" -H "$CT" \
 
 ---
 
+### 6.2 ACME DNS Challenge Configuration
+
+**Test 6.2.1 — List ACME issuer with DNS-01 configuration**
+
+```bash
+curl -s -H "$AUTH" "$SERVER/api/v1/issuers/iss-acme-le" | jq '{id, type, config}'
+```
+
+**What:** Retrieves the ACME Let's Encrypt issuer and verifies its configuration.
+**Why:** ACME issuers configured for DNS-01 challenges need their solver scripts accessible for wildcard certificate support.
+**Expected:** HTTP 200. `type` = "acme". `config` may include challenge type and DNS script paths.
+**PASS if** HTTP 200 and type matches. **FAIL** otherwise.
+
+---
+
+**Test 6.2.2 — Create ACME issuer with DNS-PERSIST-01**
+
+Edit `deploy/docker-compose.yml` to set environment variables for ACME DNS-PERSIST-01:
+- `CERTCTL_ACME_CHALLENGE_TYPE: dns-persist-01`
+- `CERTCTL_ACME_DNS_PERSIST_ISSUER_DOMAIN: le.example.com`
+- `CERTCTL_ACME_DNS_PRESENT_SCRIPT: /usr/local/bin/dns-present.sh`
+- `CERTCTL_ACME_DNS_CLEANUP_SCRIPT: /usr/local/bin/dns-cleanup.sh`
+
+Restart and verify the issuer accepts the config:
+
+```bash
+curl -s -H "$AUTH" "$SERVER/api/v1/issuers/iss-acme-le" | jq '{id, type}'
+```
+
+**What:** Verifies that ACME issuers read DNS-PERSIST-01 configuration from environment variables.
+**Why:** DNS-PERSIST-01 requires a standing TXT record per IETF draft. The issuer must know the issuer domain and support this challenge type.
+**Expected:** HTTP 200. ACME issuer still functional.
+**PASS if** HTTP 200 and issuer still works. **FAIL** if 500 or issuer broken.
+
+---
+
 ## Part 7: Target Connectors & Deployment
 
 **What this validates:** CRUD for deployment targets, including type-specific configuration for all 5 target types.
@@ -2368,8 +2404,8 @@ curl -s -H "$AUTH" "$SERVER/api/v1/metrics/prometheus" | grep -c "^# HELP"
 
 **What:** Counts `# HELP` comment lines (metric descriptions).
 **Why:** HELP lines are required by the Prometheus exposition format. Missing = non-compliant.
-**Expected:** Count ≥ 11 (one per metric).
-**PASS if** count ≥ 11. **FAIL** if 0.
+**Expected:** Count > 0 (one per metric).
+**PASS if** count > 0. **FAIL** if 0.
 
 ---
 
@@ -2380,12 +2416,12 @@ curl -s -H "$AUTH" "$SERVER/api/v1/metrics/prometheus" | grep -c "^# TYPE"
 ```
 
 **What:** Counts `# TYPE` annotations (gauge/counter declarations).
-**Expected:** Count ≥ 11.
-**PASS if** count ≥ 11. **FAIL** if 0.
+**Expected:** Count > 0.
+**PASS if** count > 0. **FAIL** if 0.
 
 ---
 
-**Test 13.3.4 — All 11 Prometheus metrics present**
+**Test 13.3.4 — All documented Prometheus metrics present**
 
 ```bash
 METRICS=$(curl -s -H "$AUTH" "$SERVER/api/v1/metrics/prometheus")
@@ -2395,10 +2431,10 @@ for m in certctl_certificate_total certctl_certificate_active certctl_certificat
 done
 ```
 
-**What:** Verifies all 11 documented Prometheus metrics are present in the output.
+**What:** Verifies all documented Prometheus metrics are present in the output.
 **Why:** Missing metrics mean missing dashboard panels in Grafana. Each metric was chosen for operational value.
 **Expected:** Each metric reports count = 1 (present).
-**PASS if** all 11 metrics show count = 1. **FAIL** if any shows 0.
+**PASS if** all metrics show count = 1. **FAIL** if any shows 0.
 
 ---
 
@@ -3298,7 +3334,7 @@ Open `http://localhost:8443` in a browser.
 | 19.6.1 | Sidebar nav | Click all sidebar links | All pages load without errors | PASS if no broken routes |
 | 19.6.2 | Logout | Click logout | Returns to login screen | PASS if login page shown |
 | 19.6.3 | 401 redirect | Expire/remove auth token | Auto-redirect to login | PASS if login page shown |
-| 19.6.4 | Dark theme | Check page styling | Dark background, readable text | PASS if theme consistent |
+| 19.6.4 | Theme consistency | Check page styling | Light content area, teal sidebar, branded colors, readable text | PASS if theme consistent across all pages |
 
 ---
 
@@ -3698,36 +3734,38 @@ docker compose logs certctl-server 2>&1 | grep -v "^certctl-server" | grep -cv "
 
 **What this validates:** Documentation accuracy against the running system. Claims in docs must match reality.
 
-**Why it matters:** Inaccurate documentation destroys trust. If the README says "21 tables" but there are 19, or "78 MCP tools" but there are 76, evaluators question everything else too.
+**Why it matters:** Inaccurate documentation destroys trust. Claims in docs must match the running system. If the README says "X features" but the code doesn't have them, evaluators question everything else too.
 
 | Test ID | Document | Verification | Pass/Fail Criteria |
 |---------|----------|-------------|-------------------|
-| 24.1.1 | `README.md` | Feature list matches actual capabilities. Screenshot paths resolve. Mermaid diagram says "21 tables". | PASS if all claims verified |
+| 24.1.1 | `README.md` | Feature list matches actual capabilities. Screenshot paths resolve. Mermaid diagram shows database schema tables. | PASS if all claims verified |
 | 24.1.2 | `docs/quickstart.md` | Every command in the quickstart works on a clean clone. | PASS if all commands succeed |
 | 24.1.3 | `docs/concepts.md` | Terminology matches API field names and UI labels. | PASS if terminology consistent |
-| 24.1.4 | `docs/architecture.md` | Component diagram matches `docker compose ps`. Says "21 tables", "78 MCP Tools", "900+ tests". | PASS if numbers match |
-| 24.1.5 | `docs/connectors.md` | All 5 issuer types and 5 target types documented. F5/IIS marked as stubs. | PASS if all documented |
-| 24.1.6 | `docs/features.md` | Endpoint count (93), MCP tools (78), table count (21), test count (900+) all accurate. | PASS if numbers match |
+| 24.1.4 | `docs/architecture.md` | Component diagram matches `docker compose ps`. Key components and tables documented. | PASS if accurate |
+| 24.1.5 | `docs/connectors.md` | All issuer types and target types documented. F5/IIS marked as stubs. | PASS if all documented |
+| 24.1.6 | `docs/features.md` | Feature list complete and accurate. | PASS if accurate |
 | 24.1.7 | `docs/quickstart.md` | Quick start + demo walkthrough works against fresh `docker compose up`. | PASS if all steps work |
 | 24.1.8 | `docs/demo-advanced.md` | All parts executable against running stack. Network discovery section present. | PASS if all executable |
 | 24.1.9 | `docs/compliance.md` | Framework links resolve, mapping references real features. | PASS if links work |
 | 24.1.10 | `docs/compliance-soc2.md` | API endpoints cited actually exist in the router. | PASS if endpoints exist |
 | 24.1.11 | `docs/compliance-pci-dss.md` | Claims match implementation (audit trail, revocation, key management). | PASS if claims verified |
 | 24.1.12 | `docs/compliance-nist.md` | Key management claims match agent keygen behavior. | PASS if claims verified |
-| 24.1.13 | `docs/mcp.md` | Tool count = 78, domain count = 16, setup instructions work. | PASS if numbers match |
-| 24.1.14 | `api/openapi.yaml` | Operation count = 93, matches all routes in router.go. | PASS if count matches |
+| 24.1.13 | `docs/mcp.md` | Tool coverage documented, setup instructions work. | PASS if accurate |
+| 24.1.14 | `api/openapi.yaml` | OpenAPI spec matches all routes in router.go (check operation count). | PASS if count matches |
 
 **Verification command for OpenAPI parity:**
 
 ```bash
 # Count OpenAPI operations
-grep -c "operationId:" api/openapi.yaml
+OPENAPI_OPS=$(grep -c "operationId:" api/openapi.yaml)
 # Count router registrations
-grep -c "r.Register\|r.mux.Handle" internal/api/router/router.go
+ROUTER_REGS=$(grep -c "r.Register\|r.mux.Handle" internal/api/router/router.go)
+echo "OpenAPI operations: $OPENAPI_OPS"
+echo "Router registrations: $ROUTER_REGS"
 ```
 
-**Expected:** Both return 93.
-**PASS if** both counts = 93. **FAIL** if mismatch.
+**Expected:** Both counts match.
+**PASS if** both counts are equal. **FAIL** if mismatch (indicates spec/code drift).
 
 ---
 
@@ -3812,14 +3850,14 @@ echo "OpenAPI operations: $(grep -c 'operationId:' api/openapi.yaml)"
 echo "Router registrations: $(grep -c 'r.Register\|r.mux.Handle' internal/api/router/router.go)"
 ```
 
-**What:** Counts operations in the OpenAPI spec and route registrations in the router.
-**Why:** The audit found the OpenAPI spec had 78 operations while the router had 93. This was fixed by adding 15 missing operations.
-**Expected:** Both = 93.
-**PASS if** both equal 93. **FAIL** if mismatch.
+**What:** Counts operations in the OpenAPI spec and route registrations in the router, verifying they match.
+**Why:** OpenAPI spec drift happens as endpoints are added or removed. Mismatches indicate the spec is out of date.
+**Expected:** Both counts equal.
+**PASS if** both counts match. **FAIL** if mismatch (indicates spec/code drift).
 
 ---
 
-**Test 25.1.5 — Go service tests use strings.Contains, not errors.Is**
+**Test 25.1.6 — Go service tests use strings.Contains, not errors.Is**
 
 ```bash
 grep -rn "errors.Is.*errors.New\|errors.Is(.*err.*errors.New" internal/service/*_test.go | wc -l
@@ -4104,5 +4142,5 @@ All 26 parts must pass before tagging v2.0.1.
 | Part 25: Regression Tests | ☐ | | | |
 | Part 26: EST Server (RFC 7030) | ☐ | | | |
 
-**Automated tests (900+) must also be green.** CI passing is necessary but not sufficient — this manual QA catches integration issues that isolated unit tests miss.
+**Automated tests must also be green.** CI passing is necessary but not sufficient — this manual QA catches integration issues that isolated unit tests miss.
 
diff --git a/internal/integration/e2e_test.go b/internal/integration/e2e_test.go
index 69e09e7..91656ff 100644
--- a/internal/integration/e2e_test.go
+++ b/internal/integration/e2e_test.go
@@ -937,6 +937,61 @@ func generateE2ECSRBase64DER(t *testing.T, cn string, sans []string) string {
 	return base64.StdEncoding.EncodeToString(csrDER)
 }
 
+// TestPrometheusMetrics exercises the Prometheus metrics endpoint (M22).
+func TestPrometheusMetrics(t *testing.T) {
+	server, _, _, _ := setupTestServer(t)
+
+	t.Run("GetPrometheusMetrics_Success", func(t *testing.T) {
+		resp, err := http.Get(server.URL + "/api/v1/metrics/prometheus")
+		if err != nil {
+			t.Fatalf("request failed: %v", err)
+		}
+		defer resp.Body.Close()
+
+		if resp.StatusCode != http.StatusOK {
+			bodyBytes, _ := io.ReadAll(resp.Body)
+			t.Fatalf("expected 200, got %d: %s", resp.StatusCode, string(bodyBytes))
+		}
+
+		// Verify Content-Type contains text/plain
+		contentType := resp.Header.Get("Content-Type")
+		if !strings.Contains(contentType, "text/plain") {
+			t.Errorf("expected Content-Type containing 'text/plain', got %s", contentType)
+		}
+
+		// Read and verify Prometheus format
+		body, _ := io.ReadAll(resp.Body)
+		bodyStr := string(body)
+
+		// Should contain HELP and TYPE lines for metrics
+		if !strings.Contains(bodyStr, "# HELP") {
+			t.Error("expected HELP line in Prometheus response")
+		}
+		if !strings.Contains(bodyStr, "# TYPE") {
+			t.Error("expected TYPE line in Prometheus response")
+		}
+
+		// Should contain metric lines (gauge, counter, uptime)
+		if !strings.Contains(bodyStr, "certctl_") {
+			t.Error("expected certctl_ prefixed metrics in response")
+		}
+
+		t.Logf("Prometheus metrics endpoint working, body size: %d bytes", len(bodyStr))
+	})
+
+	t.Run("GetPrometheusMetrics_MethodNotAllowed", func(t *testing.T) {
+		resp, err := http.Post(server.URL+"/api/v1/metrics/prometheus", "application/json", nil)
+		if err != nil {
+			t.Fatalf("request failed: %v", err)
+		}
+		defer resp.Body.Close()
+
+		if resp.StatusCode != http.StatusMethodNotAllowed {
+			t.Errorf("expected 405, got %d", resp.StatusCode)
+		}
+	})
+}
+
 // TestESTEndpoints exercises the EST (RFC 7030) enrollment endpoints end-to-end (M23).
 func TestESTEndpoints(t *testing.T) {
 	server, _, _, _ := setupTestServer(t)
diff --git a/internal/integration/negative_test.go b/internal/integration/negative_test.go
index 82b696c..a5c1edd 100644
--- a/internal/integration/negative_test.go
+++ b/internal/integration/negative_test.go
@@ -804,4 +804,3 @@ func TestRevocationEndpoints(t *testing.T) {
 	})
 }
 
-// mockNetworkScanService is defined in lifecycle_test.go (same package)
diff --git a/web/src/assets/certctl-logo.png b/web/src/assets/certctl-logo.png
new file mode 100644
index 0000000..5e526e3
Binary files /dev/null and b/web/src/assets/certctl-logo.png differ
diff --git a/web/src/components/AuthGate.tsx b/web/src/components/AuthGate.tsx
index e3ea8e7..8c02063 100644
--- a/web/src/components/AuthGate.tsx
+++ b/web/src/components/AuthGate.tsx
@@ -7,10 +7,10 @@ export default function AuthGate({ children }: { children: ReactNode }) {
 
   if (loading) {
     return (
-      <div className="min-h-screen bg-slate-900 flex items-center justify-center">
+      <div className="min-h-screen bg-page flex items-center justify-center">
         <div className="text-center">
-          <h1 className="text-2xl font-bold text-blue-400 mb-2">certctl</h1>
-          <p className="text-sm text-slate-400">Connecting...</p>
+          <h1 className="text-2xl font-bold text-brand-500 mb-2">certctl</h1>
+          <p className="text-sm text-ink-muted">Connecting...</p>
         </div>
       </div>
     );
diff --git a/web/src/components/DataTable.tsx b/web/src/components/DataTable.tsx
index 698edc4..02f1957 100644
--- a/web/src/components/DataTable.tsx
+++ b/web/src/components/DataTable.tsx
@@ -20,7 +20,7 @@ interface DataTableProps<T> {
 export default function DataTable<T>({ columns, data, onRowClick, emptyMessage, isLoading, keyField = 'id', selectable, selectedKeys, onSelectionChange }: DataTableProps<T>) {
   if (isLoading) {
     return (
-      <div className="flex items-center justify-center py-16 text-slate-400">
+      <div className="flex items-center justify-center py-16 text-ink-muted">
         <svg className="animate-spin h-5 w-5 mr-3" viewBox="0 0 24 24">
           <circle className="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" strokeWidth="4" fill="none" />
           <path className="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4z" />
@@ -32,7 +32,7 @@ export default function DataTable<T>({ columns, data, onRowClick, emptyMessage,
 
   if (!data.length) {
     return (
-      <div className="flex items-center justify-center py-16 text-slate-500">
+      <div className="flex items-center justify-center py-16 text-ink-faint">
         {emptyMessage || 'No data found'}
       </div>
     );
@@ -62,19 +62,19 @@ export default function DataTable<T>({ columns, data, onRowClick, emptyMessage,
     <div className="overflow-x-auto">
       <table className="w-full text-sm">
         <thead>
-          <tr className="border-b-2 border-slate-700">
+          <tr className="border-b-2 border-surface-border bg-surface-muted">
             {selectable && (
               <th className="px-3 py-3 w-10">
                 <input
                   type="checkbox"
                   checked={allSelected || false}
                   onChange={toggleAll}
-                  className="rounded border-slate-600 bg-slate-900 text-blue-600 focus:ring-blue-500 focus:ring-offset-0 cursor-pointer"
+                  className="rounded border-surface-border bg-white text-brand-500 focus:ring-brand-500 focus:ring-offset-0 cursor-pointer"
                 />
               </th>
             )}
             {columns.map(col => (
-              <th key={col.key} className={`px-4 py-3 text-left text-xs font-semibold text-slate-400 uppercase tracking-wider ${col.className || ''}`}>
+              <th key={col.key} className={`px-4 py-3 text-left text-xs font-semibold text-ink-muted uppercase tracking-wider ${col.className || ''}`}>
                 {col.label}
               </th>
             ))}
@@ -88,7 +88,7 @@ export default function DataTable<T>({ columns, data, onRowClick, emptyMessage,
               <tr
                 key={rowKey}
                 onClick={() => onRowClick?.(item)}
-                className={`border-b border-slate-700/50 transition-colors hover:bg-blue-500/5 ${onRowClick ? 'cursor-pointer' : ''} ${isSelected ? 'bg-blue-500/10' : ''}`}
+                className={`border-b border-surface-border/50 transition-colors hover:bg-surface-muted ${onRowClick ? 'cursor-pointer' : ''} ${isSelected ? 'bg-brand-50' : ''}`}
               >
                 {selectable && (
                   <td className="px-3 py-3 w-10">
@@ -97,12 +97,12 @@ export default function DataTable<T>({ columns, data, onRowClick, emptyMessage,
                       checked={isSelected || false}
                       onChange={(e) => { e.stopPropagation(); toggleOne(rowKey); }}
                       onClick={(e) => e.stopPropagation()}
-                      className="rounded border-slate-600 bg-slate-900 text-blue-600 focus:ring-blue-500 focus:ring-offset-0 cursor-pointer"
+                      className="rounded border-surface-border bg-white text-brand-500 focus:ring-brand-500 focus:ring-offset-0 cursor-pointer"
                     />
                   </td>
                 )}
                 {columns.map(col => (
-                  <td key={col.key} className={`px-4 py-3 ${col.className || ''}`}>
+                  <td key={col.key} className={`px-4 py-3 text-ink ${col.className || ''}`}>
                     {col.render(item)}
                   </td>
                 ))}
diff --git a/web/src/components/ErrorBoundary.tsx b/web/src/components/ErrorBoundary.tsx
index 797e940..c7feca2 100644
--- a/web/src/components/ErrorBoundary.tsx
+++ b/web/src/components/ErrorBoundary.tsx
@@ -26,10 +26,10 @@ export default class ErrorBoundary extends Component<Props, State> {
   render() {
     if (this.state.hasError) {
       return (
-        <div className="flex items-center justify-center min-h-screen bg-slate-900">
+        <div className="flex items-center justify-center min-h-screen bg-page">
           <div className="text-center p-8">
-            <h1 className="text-xl font-semibold text-red-400 mb-2">Something went wrong</h1>
-            <p className="text-sm text-slate-400 mb-4">
+            <h1 className="text-xl font-semibold text-red-700 mb-2">Something went wrong</h1>
+            <p className="text-sm text-ink-muted mb-4">
               {this.state.error?.message || 'An unexpected error occurred'}
             </p>
             <button
@@ -37,7 +37,7 @@ export default class ErrorBoundary extends Component<Props, State> {
                 this.setState({ hasError: false, error: null });
                 window.location.reload();
               }}
-              className="px-4 py-2 bg-blue-600 text-white rounded-lg text-sm hover:bg-blue-500"
+              className="px-4 py-2 bg-brand-500 text-white rounded text-sm hover:bg-brand-600"
             >
               Reload Page
             </button>
diff --git a/web/src/components/ErrorState.tsx b/web/src/components/ErrorState.tsx
index 18b40e9..c88d555 100644
--- a/web/src/components/ErrorState.tsx
+++ b/web/src/components/ErrorState.tsx
@@ -5,12 +5,12 @@ interface ErrorStateProps {
 
 export default function ErrorState({ error, onRetry }: ErrorStateProps) {
   return (
-    <div className="flex flex-col items-center justify-center py-16 text-slate-400">
-      <svg className="w-12 h-12 text-red-400 mb-4" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
+    <div className="flex flex-col items-center justify-center py-16 text-ink-muted">
+      <svg className="w-12 h-12 text-red-700 mb-4" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
         <path strokeLinecap="round" strokeLinejoin="round" d="M12 9v3.75m-9.303 3.376c-.866 1.5.217 3.374 1.948 3.374h14.71c1.73 0 2.813-1.874 1.948-3.374L13.949 3.378c-.866-1.5-3.032-1.5-3.898 0L2.697 16.126zM12 15.75h.007v.008H12v-.008z" />
       </svg>
-      <p className="text-sm mb-2">Failed to load data</p>
-      <p className="text-xs text-slate-500 mb-4">{error.message}</p>
+      <p className="text-sm mb-2 text-ink">Failed to load data</p>
+      <p className="text-xs text-ink-faint mb-4">{error.message}</p>
       {onRetry && (
         <button onClick={onRetry} className="btn btn-primary text-xs">
           Retry
diff --git a/web/src/components/Layout.tsx b/web/src/components/Layout.tsx
index 4726fb9..eb7e95b 100644
--- a/web/src/components/Layout.tsx
+++ b/web/src/components/Layout.tsx
@@ -1,5 +1,6 @@
 import { NavLink, Outlet } from 'react-router-dom';
 import { useAuth } from './AuthProvider';
+import logo from '../assets/certctl-logo.png';
 
 const nav = [
   { to: '/',              label: 'Dashboard',     icon: 'M3 12l2-2m0 0l7-7 7 7M5 10v10a1 1 0 001 1h3m10-11l2 2m-2-2v10a1 1 0 01-1 1h-3m-4 0h4' },
@@ -21,7 +22,7 @@ const nav = [
 
 function Icon({ d }: { d: string }) {
   return (
-    <svg className="w-5 h-5 shrink-0" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
+    <svg className="w-[18px] h-[18px] shrink-0" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
       <path strokeLinecap="round" strokeLinejoin="round" d={d} />
     </svg>
   );
@@ -32,23 +33,30 @@ export default function Layout() {
 
   return (
     <div className="flex h-screen overflow-hidden">
-      {/* Sidebar */}
-      <aside className="w-64 bg-slate-800 border-r border-slate-700 flex flex-col">
-        <div className="p-6 border-b border-slate-700">
-          <h1 className="text-xl font-bold text-blue-400">certctl</h1>
-          <p className="text-xs text-slate-400 uppercase tracking-wider mt-1">Certificate Control Plane</p>
+      {/* Sidebar — deep teal from logo */}
+      <aside className="w-60 bg-sidebar flex flex-col shadow-xl">
+        {/* Logo — large and prominent */}
+        <div className="px-4 pt-5 pb-4 flex flex-col items-center gap-2">
+          <div className="bg-white rounded-xl p-2 shadow-lg">
+            <img src={logo} alt="certctl" className="h-16 w-16" />
+          </div>
+          <div className="text-center">
+            <h1 className="text-lg font-bold text-white tracking-tight">certctl</h1>
+            <p className="text-[10px] text-brand-300 uppercase tracking-[0.2em]">Control Plane</p>
+          </div>
         </div>
-        <nav className="flex-1 p-4 space-y-1 overflow-y-auto">
+
+        <nav className="flex-1 py-2 px-3 space-y-0.5 overflow-y-auto">
           {nav.map(item => (
             <NavLink
               key={item.to}
               to={item.to}
               end={item.to === '/'}
               className={({ isActive }) =>
-                `flex items-center gap-3 px-3 py-2.5 rounded-lg text-sm transition-colors ${
+                `flex items-center gap-3 px-3 py-2 text-[13px] rounded transition-all duration-150 ${
                   isActive
-                    ? 'bg-blue-600 text-white'
-                    : 'text-slate-400 hover:bg-slate-700 hover:text-slate-200'
+                    ? 'bg-white/15 text-white font-semibold shadow-sm'
+                    : 'text-sidebar-text hover:text-white hover:bg-white/10'
                 }`
               }
             >
@@ -57,12 +65,13 @@ export default function Layout() {
             </NavLink>
           ))}
         </nav>
-        <div className="p-4 border-t border-slate-700 flex items-center justify-between">
-          <span className="text-xs text-slate-500">certctl v1.0-dev</span>
+
+        <div className="px-5 py-3 border-t border-white/10 flex items-center justify-between">
+          <span className="text-[10px] text-brand-300/60 font-mono">v2.0.2</span>
           {authRequired && (
             <button
               onClick={logout}
-              className="text-xs text-slate-500 hover:text-slate-300 transition-colors"
+              className="text-xs text-sidebar-text hover:text-white transition-colors"
               title="Sign out"
             >
               <svg className="w-4 h-4" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
@@ -73,8 +82,8 @@ export default function Layout() {
         </div>
       </aside>
 
-      {/* Main content */}
-      <main className="flex-1 flex flex-col overflow-hidden">
+      {/* Main content — light background */}
+      <main className="flex-1 flex flex-col overflow-hidden bg-page">
         <Outlet />
       </main>
     </div>
diff --git a/web/src/components/PageHeader.tsx b/web/src/components/PageHeader.tsx
index 5f80a9c..7b9032f 100644
--- a/web/src/components/PageHeader.tsx
+++ b/web/src/components/PageHeader.tsx
@@ -6,10 +6,10 @@ interface PageHeaderProps {
 
 export default function PageHeader({ title, subtitle, action }: PageHeaderProps) {
   return (
-    <div className="flex items-center justify-between px-6 py-4 border-b border-slate-700 bg-slate-800">
+    <div className="flex items-center justify-between px-6 py-4 border-b border-surface-border bg-surface">
       <div>
-        <h2 className="text-lg font-semibold">{title}</h2>
-        {subtitle && <p className="text-sm text-slate-400 mt-0.5">{subtitle}</p>}
+        <h2 className="text-lg font-semibold text-ink">{title}</h2>
+        {subtitle && <p className="text-sm text-ink-muted mt-0.5">{subtitle}</p>}
       </div>
       {action}
     </div>
diff --git a/web/src/components/StatusBadge.tsx b/web/src/components/StatusBadge.tsx
index f42b168..5d0a2ee 100644
--- a/web/src/components/StatusBadge.tsx
+++ b/web/src/components/StatusBadge.tsx
@@ -1,4 +1,5 @@
 const statusStyles: Record<string, string> = {
+  // Certificate statuses
   Active:              'badge-success',
   Expiring:            'badge-warning',
   Expired:             'badge-danger',
@@ -8,6 +9,8 @@ const statusStyles: Record<string, string> = {
   Revoked:             'badge-danger',
   // Job statuses
   Pending:             'badge-info',
+  AwaitingCSR:         'badge-info',
+  AwaitingApproval:    'badge-info',
   Running:             'badge-warning',
   Completed:           'badge-success',
   Failed:              'badge-danger',
diff --git a/web/src/index.css b/web/src/index.css
index dd1c20c..5a2a025 100644
--- a/web/src/index.css
+++ b/web/src/index.css
@@ -1,30 +1,53 @@
+@import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500;600&display=swap');
+
 @tailwind base;
 @tailwind components;
 @tailwind utilities;
 
 @layer base {
   body {
-    @apply bg-slate-900 text-slate-100 antialiased;
+    @apply bg-page text-ink antialiased;
+    font-family: 'Inter', system-ui, -apple-system, sans-serif;
   }
 }
 
 @layer components {
+  /* Badges */
   .badge {
-    @apply inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium;
+    @apply inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-semibold tracking-wide;
   }
-  .badge-success { @apply bg-emerald-500/10 text-emerald-400 border border-emerald-500/20; }
-  .badge-warning { @apply bg-amber-500/10 text-amber-400 border border-amber-500/20; }
-  .badge-danger  { @apply bg-red-500/10 text-red-400 border border-red-500/20; }
-  .badge-info    { @apply bg-blue-500/10 text-blue-400 border border-blue-500/20; }
-  .badge-neutral { @apply bg-slate-500/10 text-slate-400 border border-slate-500/20; }
+  .badge-success { @apply bg-emerald-100 text-emerald-700; }
+  .badge-warning { @apply bg-amber-100 text-amber-700; }
+  .badge-danger  { @apply bg-red-100 text-red-700; }
+  .badge-info    { @apply bg-brand-100 text-brand-700; }
+  .badge-neutral { @apply bg-slate-100 text-slate-600; }
 
+  /* Cards */
   .card {
-    @apply bg-slate-800 border border-slate-700 rounded-lg;
+    @apply bg-surface border border-surface-border rounded-md shadow-sm;
   }
 
+  /* Buttons */
   .btn {
-    @apply inline-flex items-center justify-center gap-2 px-4 py-2 rounded-lg text-sm font-medium transition-colors;
+    @apply inline-flex items-center justify-center gap-2 px-4 py-2 rounded text-sm font-semibold transition-all duration-150;
+  }
+  .btn-primary { @apply bg-brand-500 hover:bg-brand-600 text-white shadow-sm; }
+  .btn-danger  { @apply bg-red-500 hover:bg-red-600 text-white shadow-sm; }
+  .btn-ghost   { @apply text-ink-muted hover:text-ink hover:bg-surface-muted; }
+  .btn-outline { @apply border border-surface-border text-ink-muted hover:text-ink hover:bg-surface-muted; }
+
+  /* Form inputs */
+  .input {
+    @apply bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink placeholder:text-ink-faint focus:border-brand-500 focus:ring-2 focus:ring-brand-500/20 outline-none transition-colors;
+  }
+
+  /* Monospace data values */
+  .mono {
+    @apply font-mono text-xs;
+  }
+
+  /* Stat cards with colored top borders */
+  .stat-card {
+    @apply bg-surface border border-surface-border rounded-md shadow-sm p-5 border-t-4;
   }
-  .btn-primary { @apply bg-blue-600 hover:bg-blue-500 text-white; }
-  .btn-ghost   { @apply hover:bg-slate-700 text-slate-300; }
 }
diff --git a/web/src/pages/AgentDetailPage.tsx b/web/src/pages/AgentDetailPage.tsx
index 77a160b..06bb460 100644
--- a/web/src/pages/AgentDetailPage.tsx
+++ b/web/src/pages/AgentDetailPage.tsx
@@ -8,9 +8,9 @@ import { formatDateTime, timeAgo } from '../api/utils';
 
 function InfoRow({ label, value }: { label: string; value: React.ReactNode }) {
   return (
-    <div className="flex justify-between py-2 border-b border-slate-700/50">
-      <span className="text-sm text-slate-400">{label}</span>
-      <span className="text-sm text-slate-200">{value}</span>
+    <div className="flex justify-between py-2 border-b border-surface-border/50">
+      <span className="text-sm text-ink-muted">{label}</span>
+      <span className="text-sm text-ink">{value}</span>
     </div>
   );
 }
@@ -47,7 +47,7 @@ export default function AgentDetailPage() {
     return (
       <>
         <PageHeader title="Agent" />
-        <div className="flex items-center justify-center flex-1 text-slate-400">Loading...</div>
+        <div className="flex items-center justify-center flex-1 text-ink-muted">Loading...</div>
       </>
     );
   }
@@ -75,8 +75,8 @@ export default function AgentDetailPage() {
       <div className="flex-1 overflow-y-auto p-6 space-y-6">
         <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
           {/* Agent Info */}
-          <div className="card p-5">
-            <h3 className="text-sm font-semibold text-slate-300 mb-4">Agent Details</h3>
+          <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+            <h3 className="text-sm font-semibold text-ink-muted mb-4">Agent Details</h3>
             <InfoRow label="Health" value={<StatusBadge status={health} />} />
             <InfoRow label="Hostname" value={<span className="font-mono text-xs">{agent.hostname || '—'}</span>} />
             <InfoRow label="IP Address" value={<span className="font-mono text-xs">{agent.ip_address || '—'}</span>} />
@@ -85,7 +85,7 @@ export default function AgentDetailPage() {
               agent.last_heartbeat ? (
                 <span>
                   {timeAgo(agent.last_heartbeat)}
-                  <span className="text-slate-500 ml-2 text-xs">{formatDateTime(agent.last_heartbeat)}</span>
+                  <span className="text-ink-faint ml-2 text-xs">{formatDateTime(agent.last_heartbeat)}</span>
                 </span>
               ) : '—'
             } />
@@ -94,15 +94,15 @@ export default function AgentDetailPage() {
           </div>
 
           {/* System Info */}
-          <div className="card p-5">
-            <h3 className="text-sm font-semibold text-slate-300 mb-4">System Information</h3>
+          <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+            <h3 className="text-sm font-semibold text-ink-muted mb-4">System Information</h3>
             <InfoRow label="Operating System" value={agent.os || '—'} />
             <InfoRow label="Architecture" value={agent.architecture || '—'} />
             <InfoRow label="IP Address" value={<span className="font-mono text-xs">{agent.ip_address || '—'}</span>} />
             <InfoRow label="Agent Version" value={agent.version || '—'} />
             {agent.capabilities?.length ? (
               <div className="mt-4">
-                <p className="text-xs text-slate-400 mb-2">Capabilities</p>
+                <p className="text-xs text-ink-muted mb-2">Capabilities</p>
                 <div className="flex flex-wrap gap-2">
                   {agent.capabilities.map((c) => (
                     <span key={c} className="badge badge-info">{c}</span>
@@ -112,7 +112,7 @@ export default function AgentDetailPage() {
             ) : null}
             {agent.tags && Object.keys(agent.tags).length > 0 ? (
               <div className="mt-4">
-                <p className="text-xs text-slate-400 mb-2">Tags</p>
+                <p className="text-xs text-ink-muted mb-2">Tags</p>
                 <div className="flex flex-wrap gap-2">
                   {Object.entries(agent.tags).map(([k, v]) => (
                     <span key={k} className="badge badge-neutral">{k}: {v}</span>
@@ -124,20 +124,20 @@ export default function AgentDetailPage() {
         </div>
 
         {/* Recent Jobs */}
-        <div className="card p-5">
-          <h3 className="text-sm font-semibold text-slate-300 mb-4">Recent Jobs</h3>
+        <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+          <h3 className="text-sm font-semibold text-ink-muted mb-4">Recent Jobs</h3>
           {!agentJobs.length ? (
-            <p className="text-sm text-slate-500">No recent jobs</p>
+            <p className="text-sm text-ink-faint">No recent jobs</p>
           ) : (
             <div className="space-y-2">
               {agentJobs.map(j => (
-                <div key={j.id} className="flex items-center justify-between py-2 px-3 rounded-lg hover:bg-slate-700/50 transition-colors">
+                <div key={j.id} className="flex items-center justify-between py-2 px-3 rounded hover:bg-surface-muted transition-colors">
                   <div>
-                    <div className="text-sm text-slate-200">{j.type}</div>
-                    <div className="text-xs text-slate-500 font-mono">{j.id}</div>
+                    <div className="text-sm text-ink">{j.type}</div>
+                    <div className="text-xs text-ink-faint font-mono">{j.id}</div>
                   </div>
                   <div className="flex items-center gap-3">
-                    <span className="text-xs text-slate-400 font-mono">{j.certificate_id}</span>
+                    <span className="text-xs text-ink-muted font-mono">{j.certificate_id}</span>
                     <StatusBadge status={j.status} />
                   </div>
                 </div>
@@ -147,16 +147,16 @@ export default function AgentDetailPage() {
         </div>
 
         {/* Heartbeat Timeline */}
-        <div className="card p-5">
-          <h3 className="text-sm font-semibold text-slate-300 mb-4">Heartbeat Status</h3>
+        <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+          <h3 className="text-sm font-semibold text-ink-muted mb-4">Heartbeat Status</h3>
           <div className="flex items-center gap-4">
             <div className={`w-3 h-3 rounded-full ${
-              health === 'Online' ? 'bg-emerald-400 animate-pulse' :
-              health === 'Stale' ? 'bg-amber-400' : 'bg-red-400'
+              health === 'Online' ? 'bg-emerald-500 animate-pulse' :
+              health === 'Stale' ? 'bg-amber-500' : 'bg-red-500'
             }`} />
             <div>
-              <p className="text-sm text-slate-200">{health}</p>
-              <p className="text-xs text-slate-400">
+              <p className="text-sm text-ink">{health}</p>
+              <p className="text-xs text-ink-muted">
                 {health === 'Online' && 'Agent is responding to heartbeat checks'}
                 {health === 'Stale' && 'Agent has not sent a heartbeat recently'}
                 {health === 'Offline' && 'Agent is not responding'}
diff --git a/web/src/pages/AgentFleetPage.tsx b/web/src/pages/AgentFleetPage.tsx
index 876e29b..9905765 100644
--- a/web/src/pages/AgentFleetPage.tsx
+++ b/web/src/pages/AgentFleetPage.tsx
@@ -8,7 +8,7 @@ import type { Agent } from '../api/types';
 
 const OS_COLORS: Record<string, string> = {
   linux: '#f97316',
-  darwin: '#3b82f6',
+  darwin: '#2ea88f',
   windows: '#8b5cf6',
   unknown: '#64748b',
 };
@@ -53,9 +53,9 @@ function groupAgents(agents: Agent[]): GroupedAgents[] {
 const CustomTooltip = ({ active, payload }: any) => {
   if (!active || !payload?.length) return null;
   return (
-    <div className="bg-slate-800 border border-slate-600 rounded-lg px-3 py-2 text-xs shadow-lg">
+    <div className="bg-surface border border-surface-border rounded px-3 py-2 text-xs shadow-lg">
       {payload.map((entry: any, i: number) => (
-        <p key={i} style={{ color: entry.payload?.fill || entry.color }}>
+        <p key={i} style={{ color: entry.payload?.fill || entry.color }} className="font-medium">
           {entry.name}: {entry.value}
         </p>
       ))}
@@ -113,25 +113,25 @@ export default function AgentFleetPage() {
       <div className="flex-1 overflow-y-auto p-6 space-y-6">
         {/* Summary Cards */}
         <div className="grid grid-cols-1 sm:grid-cols-3 gap-4">
-          <div className="card p-5 text-center">
-            <p className="text-xs font-semibold text-slate-400 uppercase tracking-wider">Total Agents</p>
-            <p className="text-3xl font-bold mt-2 text-blue-400">{totalAgents}</p>
+          <div className="bg-surface border border-surface-border border-t-4 border-t-brand-400 rounded p-5 text-center shadow-sm">
+            <p className="text-xs font-semibold text-ink-muted uppercase tracking-wider">Total Agents</p>
+            <p className="text-3xl font-bold mt-2 text-brand-500">{totalAgents}</p>
           </div>
-          <div className="card p-5 text-center">
-            <p className="text-xs font-semibold text-slate-400 uppercase tracking-wider">Online</p>
-            <p className="text-3xl font-bold mt-2 text-emerald-400">{onlineAgents}</p>
+          <div className="bg-surface border border-surface-border border-t-4 border-t-emerald-500 rounded p-5 text-center shadow-sm">
+            <p className="text-xs font-semibold text-ink-muted uppercase tracking-wider">Online</p>
+            <p className="text-3xl font-bold mt-2 text-emerald-600">{onlineAgents}</p>
           </div>
-          <div className="card p-5 text-center">
-            <p className="text-xs font-semibold text-slate-400 uppercase tracking-wider">Offline</p>
-            <p className="text-3xl font-bold mt-2 text-red-400">{offlineAgents}</p>
+          <div className="bg-surface border border-surface-border border-t-4 border-t-red-500 rounded p-5 text-center shadow-sm">
+            <p className="text-xs font-semibold text-ink-muted uppercase tracking-wider">Offline</p>
+            <p className="text-3xl font-bold mt-2 text-red-600">{offlineAgents}</p>
           </div>
         </div>
 
         {/* Charts */}
         <div className="grid grid-cols-1 lg:grid-cols-3 gap-6">
           {/* OS Distribution */}
-          <div className="card p-5">
-            <h3 className="text-sm font-semibold text-slate-300 mb-4">OS Distribution</h3>
+          <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+            <h3 className="text-sm font-semibold text-ink-muted mb-4">OS Distribution</h3>
             <div className="h-48">
               {osPieData.length > 0 ? (
                 <ResponsiveContainer width="100%" height="100%">
@@ -145,14 +145,14 @@ export default function AgentFleetPage() {
                   </PieChart>
                 </ResponsiveContainer>
               ) : (
-                <div className="h-full flex items-center justify-center text-sm text-slate-500">No data</div>
+                <div className="h-full flex items-center justify-center text-sm text-ink-faint">No data</div>
               )}
             </div>
           </div>
 
           {/* Status Distribution */}
-          <div className="card p-5">
-            <h3 className="text-sm font-semibold text-slate-300 mb-4">Status Distribution</h3>
+          <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+            <h3 className="text-sm font-semibold text-ink-muted mb-4">Status Distribution</h3>
             <div className="h-48">
               {statusPieData.length > 0 ? (
                 <ResponsiveContainer width="100%" height="100%">
@@ -166,33 +166,33 @@ export default function AgentFleetPage() {
                   </PieChart>
                 </ResponsiveContainer>
               ) : (
-                <div className="h-full flex items-center justify-center text-sm text-slate-500">No data</div>
+                <div className="h-full flex items-center justify-center text-sm text-ink-faint">No data</div>
               )}
             </div>
           </div>
 
           {/* Version Breakdown */}
-          <div className="card p-5">
-            <h3 className="text-sm font-semibold text-slate-300 mb-4">Agent Versions</h3>
+          <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+            <h3 className="text-sm font-semibold text-ink-muted mb-4">Agent Versions</h3>
             <div className="space-y-3">
               {Object.entries(versionCounts)
                 .sort(([, a], [, b]) => b - a)
                 .map(([version, count]) => (
                   <div key={version} className="flex items-center justify-between">
-                    <span className="text-sm text-slate-300 font-mono">{version}</span>
+                    <span className="text-sm text-ink font-mono">{version}</span>
                     <div className="flex items-center gap-2">
-                      <div className="w-24 bg-slate-700 rounded-full h-2">
+                      <div className="w-24 bg-surface-border rounded-full h-2">
                         <div
-                          className="bg-blue-500 h-2 rounded-full"
+                          className="bg-brand-400 h-2 rounded-full"
                           style={{ width: `${(count / totalAgents) * 100}%` }}
                         />
                       </div>
-                      <span className="text-xs text-slate-400 w-8 text-right">{count}</span>
+                      <span className="text-xs text-ink-muted w-8 text-right">{count}</span>
                     </div>
                   </div>
                 ))}
               {Object.keys(versionCounts).length === 0 && (
-                <p className="text-sm text-slate-500">No version data</p>
+                <p className="text-sm text-ink-faint">No version data</p>
               )}
             </div>
           </div>
@@ -200,50 +200,50 @@ export default function AgentFleetPage() {
 
         {/* Environment Groups */}
         <div>
-          <h3 className="text-sm font-semibold text-slate-300 mb-4">Fleet by Platform</h3>
+          <h3 className="text-sm font-semibold text-ink-muted mb-4">Fleet by Platform</h3>
           {isLoading ? (
-            <p className="text-sm text-slate-500">Loading fleet data...</p>
+            <p className="text-sm text-ink-faint">Loading fleet data...</p>
           ) : groups.length === 0 ? (
-            <p className="text-sm text-slate-500">No agents registered</p>
+            <p className="text-sm text-ink-faint">No agents registered</p>
           ) : (
             <div className="space-y-4">
               {groups.map(group => (
-                <div key={`${group.os}/${group.arch}`} className="card">
-                  <div className="px-5 py-4 border-b border-slate-700 flex items-center justify-between">
+                <div key={`${group.os}/${group.arch}`} className="bg-surface border border-surface-border rounded overflow-hidden shadow-sm">
+                  <div className="px-5 py-4 border-b border-surface-border flex items-center justify-between">
                     <div className="flex items-center gap-3">
                       <div
                         className="w-3 h-3 rounded-full"
                         style={{ backgroundColor: OS_COLORS[group.os.toLowerCase()] || '#64748b' }}
                       />
-                      <h4 className="text-sm font-medium text-slate-200">
+                      <h4 className="text-sm font-medium text-ink">
                         {group.os} / {group.arch}
                       </h4>
-                      <span className="text-xs text-slate-500">
+                      <span className="text-xs text-ink-faint">
                         {group.agents.length} agent{group.agents.length !== 1 ? 's' : ''}
                       </span>
                     </div>
                     <div className="flex items-center gap-3 text-xs">
-                      <span className="text-emerald-400">{group.online} online</span>
-                      {group.offline > 0 && <span className="text-red-400">{group.offline} offline</span>}
+                      <span className="text-emerald-600">{group.online} online</span>
+                      {group.offline > 0 && <span className="text-red-600">{group.offline} offline</span>}
                     </div>
                   </div>
-                  <div className="divide-y divide-slate-700/50">
+                  <div className="divide-y divide-surface-border/50">
                     {group.agents.map(agent => (
                       <div
                         key={agent.id}
                         onClick={() => navigate(`/agents/${agent.id}`)}
-                        className="px-5 py-3 flex items-center justify-between hover:bg-slate-700/30 cursor-pointer transition-colors"
+                        className="px-5 py-3 flex items-center justify-between hover:bg-surface-muted cursor-pointer transition-colors"
                       >
                         <div className="flex items-center gap-3">
-                          <div className={`w-2 h-2 rounded-full ${agent.status === 'Online' ? 'bg-emerald-400' : 'bg-red-400'}`} />
+                          <div className={`w-2 h-2 rounded-full ${agent.status === 'Online' ? 'bg-emerald-500' : 'bg-red-500'}`} />
                           <div>
-                            <div className="text-sm text-slate-200">{agent.name || agent.hostname}</div>
-                            <div className="text-xs text-slate-500">{agent.ip_address || agent.id}</div>
+                            <div className="text-sm text-ink">{agent.name || agent.hostname}</div>
+                            <div className="text-xs text-ink-faint">{agent.ip_address || agent.id}</div>
                           </div>
                         </div>
                         <div className="flex items-center gap-4">
                           {agent.version && (
-                            <span className="text-xs text-slate-500 font-mono">{agent.version}</span>
+                            <span className="text-xs text-ink-muted font-mono">{agent.version}</span>
                           )}
                           <StatusBadge status={agent.status} />
                         </div>
diff --git a/web/src/pages/AgentGroupsPage.tsx b/web/src/pages/AgentGroupsPage.tsx
index a4e4a0f..dba3bb9 100644
--- a/web/src/pages/AgentGroupsPage.tsx
+++ b/web/src/pages/AgentGroupsPage.tsx
@@ -27,10 +27,10 @@ export default function AgentGroupsPage() {
       label: 'Group',
       render: (g) => (
         <div>
-          <div className="font-medium text-slate-200">{g.name}</div>
-          <div className="text-xs text-slate-500 font-mono">{g.id}</div>
+          <div className="font-medium text-ink">{g.name}</div>
+          <div className="text-xs text-ink-faint font-mono">{g.id}</div>
           {g.description && (
-            <div className="text-xs text-slate-400 mt-0.5 max-w-xs truncate">{g.description}</div>
+            <div className="text-xs text-ink-muted mt-0.5 max-w-xs truncate">{g.description}</div>
           )}
         </div>
       ),
@@ -51,7 +51,7 @@ export default function AgentGroupsPage() {
             ))}
           </div>
         ) : (
-          <span className="text-slate-500 text-xs">Manual only</span>
+          <span className="text-ink-faint text-xs">Manual only</span>
         );
       },
     },
@@ -63,7 +63,7 @@ export default function AgentGroupsPage() {
     {
       key: 'created',
       label: 'Created',
-      render: (g) => <span className="text-xs text-slate-400">{formatDateTime(g.created_at)}</span>,
+      render: (g) => <span className="text-xs text-ink-muted">{formatDateTime(g.created_at)}</span>,
     },
     {
       key: 'actions',
@@ -71,7 +71,7 @@ export default function AgentGroupsPage() {
       render: (g) => (
         <button
           onClick={(e) => { e.stopPropagation(); if (confirm(`Delete group ${g.name}?`)) deleteMutation.mutate(g.id); }}
-          className="text-xs text-red-400 hover:text-red-300 transition-colors"
+          className="text-xs text-red-600 hover:text-red-700 transition-colors"
         >
           Delete
         </button>
diff --git a/web/src/pages/AgentsPage.tsx b/web/src/pages/AgentsPage.tsx
index 11967ea..1ddeaad 100644
--- a/web/src/pages/AgentsPage.tsx
+++ b/web/src/pages/AgentsPage.tsx
@@ -31,8 +31,8 @@ export default function AgentsPage() {
       label: 'Agent',
       render: (a) => (
         <div>
-          <div className="font-medium text-slate-200">{a.name}</div>
-          <div className="text-xs text-slate-500">{a.id}</div>
+          <div className="font-medium text-ink">{a.name}</div>
+          <div className="text-xs text-ink-faint">{a.id}</div>
         </div>
       ),
     },
@@ -41,14 +41,14 @@ export default function AgentsPage() {
       label: 'Health',
       render: (a) => <StatusBadge status={a.status || heartbeatStatus(a.last_heartbeat)} />,
     },
-    { key: 'hostname', label: 'Hostname', render: (a) => <span className="text-slate-300 font-mono text-xs">{a.hostname || '—'}</span> },
-    { key: 'os', label: 'OS / Arch', render: (a) => <span className="text-slate-400 text-xs">{a.os && a.architecture ? `${a.os}/${a.architecture}` : a.os || '—'}</span> },
-    { key: 'ip', label: 'IP Address', render: (a) => <span className="text-slate-400 font-mono text-xs">{a.ip_address || '—'}</span> },
-    { key: 'version', label: 'Version', render: (a) => <span className="text-slate-400 text-xs">{a.version || '—'}</span> },
+    { key: 'hostname', label: 'Hostname', render: (a) => <span className="text-ink-muted font-mono text-xs">{a.hostname || '—'}</span> },
+    { key: 'os', label: 'OS / Arch', render: (a) => <span className="text-ink-muted text-xs">{a.os && a.architecture ? `${a.os}/${a.architecture}` : a.os || '—'}</span> },
+    { key: 'ip', label: 'IP Address', render: (a) => <span className="text-ink-muted font-mono text-xs">{a.ip_address || '—'}</span> },
+    { key: 'version', label: 'Version', render: (a) => <span className="text-ink-muted text-xs">{a.version || '—'}</span> },
     {
       key: 'heartbeat',
       label: 'Last Heartbeat',
-      render: (a) => <span className="text-slate-400 text-xs">{timeAgo(a.last_heartbeat)}</span>,
+      render: (a) => <span className="text-ink-muted text-xs">{timeAgo(a.last_heartbeat)}</span>,
     },
   ];
 
diff --git a/web/src/pages/AuditPage.tsx b/web/src/pages/AuditPage.tsx
index 0db10a2..7b4e816 100644
--- a/web/src/pages/AuditPage.tsx
+++ b/web/src/pages/AuditPage.tsx
@@ -9,16 +9,16 @@ import { formatDateTime } from '../api/utils';
 import type { AuditEvent } from '../api/types';
 
 const actionColors: Record<string, string> = {
-  certificate_created: 'text-emerald-400',
-  renewal_triggered: 'text-blue-400',
-  renewal_job_created: 'text-blue-400',
-  renewal_completed: 'text-emerald-400',
-  deployment_completed: 'text-emerald-400',
-  deployment_failed: 'text-red-400',
-  expiration_alert_sent: 'text-amber-400',
-  agent_registered: 'text-blue-400',
-  policy_violated: 'text-red-400',
-  certificate_revoked: 'text-red-400',
+  certificate_created: 'text-emerald-600',
+  renewal_triggered: 'text-brand-500',
+  renewal_job_created: 'text-brand-500',
+  renewal_completed: 'text-emerald-600',
+  deployment_completed: 'text-emerald-600',
+  deployment_failed: 'text-red-600',
+  expiration_alert_sent: 'text-amber-600',
+  agent_registered: 'text-brand-500',
+  policy_violated: 'text-red-600',
+  certificate_revoked: 'text-red-600',
 };
 
 const RESOURCE_TYPES = ['', 'certificate', 'agent', 'job', 'notification', 'policy', 'target', 'issuer'];
@@ -94,7 +94,7 @@ export default function AuditPage() {
       key: 'action',
       label: 'Action',
       render: (e) => (
-        <span className={`text-sm font-medium ${actionColors[e.action] || 'text-slate-300'}`}>
+        <span className={`text-sm font-medium ${actionColors[e.action] || 'text-ink'}`}>
           {e.action.replace(/_/g, ' ')}
         </span>
       ),
@@ -104,8 +104,8 @@ export default function AuditPage() {
       label: 'Actor',
       render: (e) => (
         <div>
-          <div className="text-sm text-slate-200">{e.actor}</div>
-          <div className="text-xs text-slate-500">{e.actor_type}</div>
+          <div className="text-sm text-ink">{e.actor}</div>
+          <div className="text-xs text-ink-faint">{e.actor_type}</div>
         </div>
       ),
     },
@@ -114,8 +114,8 @@ export default function AuditPage() {
       label: 'Resource',
       render: (e) => (
         <div>
-          <div className="text-sm text-slate-300">{e.resource_type}</div>
-          <div className="text-xs text-slate-500 font-mono">{e.resource_id}</div>
+          <div className="text-sm text-ink">{e.resource_type}</div>
+          <div className="text-xs text-ink-faint font-mono">{e.resource_id}</div>
         </div>
       ),
     },
@@ -123,15 +123,15 @@ export default function AuditPage() {
       key: 'details',
       label: 'Details',
       render: (e) => {
-        if (!e.details || Object.keys(e.details).length === 0) return <span className="text-slate-500">&mdash;</span>;
+        if (!e.details || Object.keys(e.details).length === 0) return <span className="text-ink-faint">&mdash;</span>;
         return (
-          <span className="text-xs text-slate-400 font-mono truncate max-w-xs block">
+          <span className="text-xs text-ink-muted font-mono truncate max-w-xs block">
             {JSON.stringify(e.details).slice(0, 60)}
           </span>
         );
       },
     },
-    { key: 'time', label: 'Time', render: (e) => <span className="text-xs text-slate-400">{formatDateTime(e.timestamp)}</span> },
+    { key: 'time', label: 'Time', render: (e) => <span className="text-xs text-ink-muted">{formatDateTime(e.timestamp)}</span> },
   ];
 
   const hasFilters = resourceType || actorFilter || timeRange || actionFilter;
@@ -144,21 +144,21 @@ export default function AuditPage() {
         action={
           filtered.length > 0 ? (
             <div className="flex gap-2">
-              <button onClick={() => exportCSV(filtered)} className="btn btn-ghost text-xs border border-slate-600">
+              <button onClick={() => exportCSV(filtered)} className="btn btn-ghost text-xs border border-surface-border">
                 Export CSV
               </button>
-              <button onClick={() => exportJSON(filtered)} className="btn btn-ghost text-xs border border-slate-600">
+              <button onClick={() => exportJSON(filtered)} className="btn btn-ghost text-xs border border-surface-border">
                 Export JSON
               </button>
             </div>
           ) : undefined
         }
       />
-      <div className="px-4 py-3 flex flex-wrap gap-3 border-b border-slate-700/50">
+      <div className="px-4 py-3 flex flex-wrap gap-3 border-b border-surface-border/50">
         <select
           value={resourceType}
           onChange={(e) => setResourceType(e.target.value)}
-          className="bg-slate-800 border border-slate-600 rounded px-3 py-1.5 text-xs text-slate-300 focus:outline-none focus:border-blue-500"
+          className="bg-surface border border-surface-border rounded px-3 py-1.5 text-xs text-ink focus:outline-none focus:border-brand-400"
         >
           <option value="">All resources</option>
           {RESOURCE_TYPES.filter(Boolean).map((t) => (
@@ -170,19 +170,19 @@ export default function AuditPage() {
           placeholder="Filter by actor..."
           value={actorFilter}
           onChange={(e) => setActorFilter(e.target.value)}
-          className="bg-slate-800 border border-slate-600 rounded px-3 py-1.5 text-xs text-slate-300 placeholder-slate-500 focus:outline-none focus:border-blue-500 w-40"
+          className="bg-surface border border-surface-border rounded px-3 py-1.5 text-xs text-ink placeholder-ink-faint focus:outline-none focus:border-brand-400 w-40"
         />
         <input
           type="text"
           placeholder="Filter by action..."
           value={actionFilter}
           onChange={(e) => setActionFilter(e.target.value)}
-          className="bg-slate-800 border border-slate-600 rounded px-3 py-1.5 text-xs text-slate-300 placeholder-slate-500 focus:outline-none focus:border-blue-500 w-40"
+          className="bg-surface border border-surface-border rounded px-3 py-1.5 text-xs text-ink placeholder-ink-faint focus:outline-none focus:border-brand-400 w-40"
         />
         <select
           value={timeRange}
           onChange={(e) => setTimeRange(e.target.value)}
-          className="bg-slate-800 border border-slate-600 rounded px-3 py-1.5 text-xs text-slate-300 focus:outline-none focus:border-blue-500"
+          className="bg-surface border border-surface-border rounded px-3 py-1.5 text-xs text-ink focus:outline-none focus:border-brand-400"
         >
           {TIME_RANGES.map((r) => (
             <option key={r.value} value={r.value}>{r.label}</option>
@@ -191,7 +191,7 @@ export default function AuditPage() {
         {hasFilters && (
           <button
             onClick={() => { setResourceType(''); setActorFilter(''); setTimeRange(''); setActionFilter(''); }}
-            className="text-xs text-slate-400 hover:text-slate-200 transition-colors"
+            className="text-xs text-ink-muted hover:text-ink transition-colors"
           >
             Clear filters
           </button>
diff --git a/web/src/pages/CertificateDetailPage.tsx b/web/src/pages/CertificateDetailPage.tsx
index 51f954b..6bdf85e 100644
--- a/web/src/pages/CertificateDetailPage.tsx
+++ b/web/src/pages/CertificateDetailPage.tsx
@@ -11,12 +11,12 @@ import type { Job } from '../api/types';
 
 function InfoRow({ label, value, editable, onEdit }: { label: string; value: React.ReactNode; editable?: boolean; onEdit?: () => void }) {
   return (
-    <div className="flex justify-between py-2 border-b border-slate-700/50 group">
-      <span className="text-sm text-slate-400">{label}</span>
+    <div className="flex justify-between py-2 border-b border-surface-border/50 group">
+      <span className="text-sm text-ink-muted">{label}</span>
       <div className="flex items-center gap-2">
-        <span className="text-sm text-slate-200">{value}</span>
+        <span className="text-sm text-ink">{value}</span>
         {editable && onEdit && (
-          <button onClick={onEdit} className="opacity-0 group-hover:opacity-100 transition-opacity text-xs text-blue-400 hover:text-blue-300">
+          <button onClick={onEdit} className="opacity-0 group-hover:opacity-100 transition-opacity text-xs text-brand-400 hover:text-brand-500">
             Edit
           </button>
         )}
@@ -28,22 +28,22 @@ function InfoRow({ label, value, editable, onEdit }: { label: string; value: Rea
 // Timeline step component for deployment status
 function TimelineStep({ label, status, time, isLast }: { label: string; status: 'completed' | 'active' | 'pending' | 'failed'; time?: string; isLast?: boolean }) {
   const dotStyles = {
-    completed: 'bg-emerald-500 ring-emerald-500/30',
-    active: 'bg-blue-500 ring-blue-500/30 animate-pulse',
-    pending: 'bg-slate-600 ring-slate-600/30',
-    failed: 'bg-red-500 ring-red-500/30',
+    completed: 'bg-emerald-500 ring-emerald-200',
+    active: 'bg-brand-400 ring-brand-200 animate-pulse',
+    pending: 'bg-surface-muted ring-surface-border',
+    failed: 'bg-red-500 ring-red-200',
   };
   const lineStyles = {
-    completed: 'bg-emerald-500/50',
-    active: 'bg-blue-500/30',
-    pending: 'bg-slate-700',
-    failed: 'bg-red-500/30',
+    completed: 'bg-emerald-300',
+    active: 'bg-brand-200',
+    pending: 'bg-surface-border',
+    failed: 'bg-red-300',
   };
   const textStyles = {
-    completed: 'text-emerald-400',
-    active: 'text-blue-400',
-    pending: 'text-slate-500',
-    failed: 'text-red-400',
+    completed: 'text-emerald-600',
+    active: 'text-brand-400',
+    pending: 'text-ink-faint',
+    failed: 'text-red-600',
   };
 
   return (
@@ -54,7 +54,7 @@ function TimelineStep({ label, status, time, isLast }: { label: string; status:
       </div>
       <div className="pb-6">
         <div className={`text-sm font-medium ${textStyles[status]}`}>{label}</div>
-        {time && <div className="text-xs text-slate-500 mt-0.5">{time}</div>}
+        {time && <div className="text-xs text-ink-faint mt-0.5">{time}</div>}
       </div>
     </div>
   );
@@ -117,8 +117,8 @@ function DeploymentTimeline({ certId, certStatus, createdAt, issuedAt }: { certI
   };
 
   return (
-    <div className="card p-5">
-      <h3 className="text-sm font-semibold text-slate-300 mb-4">Lifecycle Timeline</h3>
+    <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+      <h3 className="text-sm font-semibold text-ink-muted mb-4">Lifecycle Timeline</h3>
       <div className="pl-1">
         <TimelineStep label="Requested" status={getRequestedStatus()} time={getRequestedTime()} />
         <TimelineStep label="Issued" status={getIssuedStatus()} time={getIssuedTime()} />
@@ -161,10 +161,10 @@ function InlinePolicyEditor({ certId, currentPolicyId, currentProfileId }: { cer
 
   if (!editing) {
     return (
-      <div className="card p-5">
+      <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
         <div className="flex items-center justify-between mb-4">
-          <h3 className="text-sm font-semibold text-slate-300">Policy & Profile</h3>
-          <button onClick={() => setEditing(true)} className="text-xs text-blue-400 hover:text-blue-300 transition-colors">
+          <h3 className="text-sm font-semibold text-ink-muted">Policy & Profile</h3>
+          <button onClick={() => setEditing(true)} className="text-xs text-brand-400 hover:text-brand-500 transition-colors">
             Edit
           </button>
         </div>
@@ -175,28 +175,28 @@ function InlinePolicyEditor({ certId, currentPolicyId, currentProfileId }: { cer
   }
 
   return (
-    <div className="card p-5 border-blue-500/30">
+    <div className="bg-surface border border-surface-border border-brand-400 rounded p-5 shadow-sm">
       <div className="flex items-center justify-between mb-4">
-        <h3 className="text-sm font-semibold text-blue-400">Edit Policy & Profile</h3>
+        <h3 className="text-sm font-semibold text-brand-500">Edit Policy & Profile</h3>
         <div className="flex gap-2">
           <button onClick={() => { setEditing(false); setPolicyId(currentPolicyId); setProfileId(currentProfileId); }}
-            className="text-xs text-slate-400 hover:text-slate-300">Cancel</button>
+            className="text-xs text-ink-muted hover:text-ink">Cancel</button>
           <button onClick={() => saveMutation.mutate()} disabled={saveMutation.isPending}
-            className="text-xs text-blue-400 hover:text-blue-300 font-medium disabled:opacity-50">
+            className="text-xs text-brand-400 hover:text-brand-500 font-medium disabled:opacity-50">
             {saveMutation.isPending ? 'Saving...' : 'Save'}
           </button>
         </div>
       </div>
       {saveMutation.isError && (
-        <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-3 py-2 text-sm mb-3">
+        <div className="bg-red-50 border border-red-200 text-red-700 rounded px-3 py-2 text-sm mb-3">
           {saveMutation.error instanceof Error ? saveMutation.error.message : 'Failed to save'}
         </div>
       )}
       <div className="space-y-3">
         <div>
-          <label className="text-xs text-slate-400 block mb-1">Renewal Policy</label>
+          <label className="text-xs text-ink-muted block mb-1">Renewal Policy</label>
           <select value={policyId} onChange={e => setPolicyId(e.target.value)}
-            className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200">
+            className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink">
             <option value="">None</option>
             {policies?.data?.map(p => (
               <option key={p.id} value={p.id}>{p.name} ({p.type})</option>
@@ -204,9 +204,9 @@ function InlinePolicyEditor({ certId, currentPolicyId, currentProfileId }: { cer
           </select>
         </div>
         <div>
-          <label className="text-xs text-slate-400 block mb-1">Certificate Profile</label>
+          <label className="text-xs text-ink-muted block mb-1">Certificate Profile</label>
           <select value={profileId} onChange={e => setProfileId(e.target.value)}
-            className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200">
+            className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink">
             <option value="">None</option>
             {profiles?.data?.map(p => (
               <option key={p.id} value={p.id}>{p.name} — max TTL {p.max_ttl_seconds ? `${Math.round(p.max_ttl_seconds / 86400)}d` : '∞'}</option>
@@ -316,7 +316,7 @@ export default function CertificateDetailPage() {
             <button
               onClick={() => setShowDeploy(true)}
               disabled={isArchived || isRevoked}
-              className="btn btn-ghost text-xs border border-slate-600 disabled:opacity-50"
+              className="btn btn-ghost text-xs border border-surface-border disabled:opacity-50"
             >
               Deploy
             </button>
@@ -349,53 +349,53 @@ export default function CertificateDetailPage() {
       />
       <div className="flex-1 overflow-y-auto p-6 space-y-6">
         {renewMutation.isSuccess && (
-          <div className="bg-emerald-500/10 border border-emerald-500/20 text-emerald-400 rounded-lg px-4 py-3 text-sm">
+          <div className="bg-emerald-50 border border-emerald-200 text-emerald-700 rounded px-4 py-3 text-sm">
             Renewal triggered successfully. A renewal job has been created.
           </div>
         )}
         {renewMutation.isError && (
-          <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-4 py-3 text-sm">
+          <div className="bg-red-50 border border-red-200 text-red-700 rounded px-4 py-3 text-sm">
             Failed to trigger renewal: {renewMutation.error instanceof Error ? renewMutation.error.message : 'Unknown error'}
           </div>
         )}
         {deployMutation.isSuccess && (
-          <div className="bg-emerald-500/10 border border-emerald-500/20 text-emerald-400 rounded-lg px-4 py-3 text-sm">
+          <div className="bg-emerald-50 border border-emerald-200 text-emerald-700 rounded px-4 py-3 text-sm">
             Deployment triggered. A deployment job has been created.
           </div>
         )}
         {deployMutation.isError && (
-          <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-4 py-3 text-sm">
+          <div className="bg-red-50 border border-red-200 text-red-700 rounded px-4 py-3 text-sm">
             Failed to deploy: {deployMutation.error instanceof Error ? deployMutation.error.message : 'Unknown error'}
           </div>
         )}
         {archiveMutation.isError && (
-          <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-4 py-3 text-sm">
+          <div className="bg-red-50 border border-red-200 text-red-700 rounded px-4 py-3 text-sm">
             Failed to archive: {archiveMutation.error instanceof Error ? archiveMutation.error.message : 'Unknown error'}
           </div>
         )}
         {revokeMutation.isSuccess && (
-          <div className="bg-amber-500/10 border border-amber-500/20 text-amber-400 rounded-lg px-4 py-3 text-sm">
+          <div className="bg-amber-50 border border-amber-200 text-amber-700 rounded px-4 py-3 text-sm">
             Certificate revoked successfully. It has been added to the CRL.
           </div>
         )}
         {revokeMutation.isError && (
-          <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-4 py-3 text-sm">
+          <div className="bg-red-50 border border-red-200 text-red-700 rounded px-4 py-3 text-sm">
             Failed to revoke: {revokeMutation.error instanceof Error ? revokeMutation.error.message : 'Unknown error'}
           </div>
         )}
 
         {/* Revocation Banner */}
         {isRevoked && (
-          <div className="bg-red-500/10 border border-red-500/30 rounded-lg px-4 py-3">
+          <div className="bg-red-50 border border-red-200 rounded px-4 py-3">
             <div className="flex items-center gap-3">
-              <div className="w-8 h-8 rounded-full bg-red-500/20 flex items-center justify-center flex-shrink-0">
-                <svg className="w-4 h-4 text-red-400" fill="none" viewBox="0 0 24 24" stroke="currentColor">
+              <div className="w-8 h-8 rounded bg-red-100 flex items-center justify-center flex-shrink-0">
+                <svg className="w-4 h-4 text-red-600" fill="none" viewBox="0 0 24 24" stroke="currentColor">
                   <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M18.364 18.364A9 9 0 005.636 5.636m12.728 12.728A9 9 0 015.636 5.636m12.728 12.728L5.636 5.636" />
                 </svg>
               </div>
               <div>
-                <div className="text-sm font-medium text-red-400">Certificate Revoked</div>
-                <div className="text-xs text-slate-400 mt-0.5">
+                <div className="text-sm font-medium text-red-700">Certificate Revoked</div>
+                <div className="text-xs text-red-600 mt-0.5">
                   Reason: {REVOCATION_REASONS.find(r => r.value === cert.revocation_reason)?.label || cert.revocation_reason || 'Unspecified'}
                   {cert.revoked_at && <> &middot; Revoked {formatDateTime(cert.revoked_at)}</>}
                 </div>
@@ -409,8 +409,8 @@ export default function CertificateDetailPage() {
 
         <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
           {/* Certificate Info */}
-          <div className="card p-5">
-            <h3 className="text-sm font-semibold text-slate-300 mb-4">Certificate Details</h3>
+          <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+            <h3 className="text-sm font-semibold text-ink-muted mb-4">Certificate Details</h3>
             <InfoRow label="Status" value={<StatusBadge status={cert.status} />} />
             <InfoRow label="Common Name" value={cert.common_name} />
             <InfoRow label="SANs" value={cert.sans?.length ? cert.sans.join(', ') : '—'} />
@@ -423,11 +423,11 @@ export default function CertificateDetailPage() {
           </div>
 
           {/* Lifecycle */}
-          <div className="card p-5">
-            <h3 className="text-sm font-semibold text-slate-300 mb-4">Lifecycle</h3>
+          <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+            <h3 className="text-sm font-semibold text-ink-muted mb-4">Lifecycle</h3>
             <InfoRow label="Issued" value={formatDate(cert.issued_at)} />
             <InfoRow label="Expires" value={
-              <span className={isRevoked ? 'text-red-400 line-through' : expiryColor(days)}>
+              <span className={isRevoked ? 'text-red-600 line-through' : expiryColor(days)}>
                 {formatDate(cert.expires_at)} ({days <= 0 ? 'expired' : `${days} days`})
               </span>
             } />
@@ -438,10 +438,10 @@ export default function CertificateDetailPage() {
             {isRevoked && (
               <>
                 <InfoRow label="Revoked At" value={
-                  <span className="text-red-400">{cert.revoked_at ? formatDateTime(cert.revoked_at) : '—'}</span>
+                  <span className="text-red-600">{cert.revoked_at ? formatDateTime(cert.revoked_at) : '—'}</span>
                 } />
                 <InfoRow label="Revocation Reason" value={
-                  <span className="text-red-400">
+                  <span className="text-red-600">
                     {REVOCATION_REASONS.find(r => r.value === cert.revocation_reason)?.label || cert.revocation_reason || '—'}
                   </span>
                 } />
@@ -461,8 +461,8 @@ export default function CertificateDetailPage() {
 
         {/* Tags */}
         {cert.tags && Object.keys(cert.tags).length > 0 && (
-          <div className="card p-5">
-            <h3 className="text-sm font-semibold text-slate-300 mb-4">Tags</h3>
+          <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+            <h3 className="text-sm font-semibold text-ink-muted mb-4">Tags</h3>
             <div className="flex flex-wrap gap-2">
               {Object.entries(cert.tags).map(([k, v]) => (
                 <span key={k} className="badge badge-neutral">{k}: {v}</span>
@@ -472,32 +472,32 @@ export default function CertificateDetailPage() {
         )}
 
         {/* Version History */}
-        <div className="card p-5">
-          <h3 className="text-sm font-semibold text-slate-300 mb-4">
+        <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+          <h3 className="text-sm font-semibold text-ink-muted mb-4">
             Version History {versions?.data?.length ? `(${versions.data.length})` : ''}
           </h3>
           {!versions?.data?.length ? (
-            <p className="text-sm text-slate-500">No versions yet</p>
+            <p className="text-sm text-ink-faint">No versions yet</p>
           ) : (
             <div className="space-y-3">
               {versions.data.map((v, idx) => (
-                <div key={v.id} className="flex items-center justify-between py-2 border-b border-slate-700/50 last:border-0">
+                <div key={v.id} className="flex items-center justify-between py-2 border-b border-surface-border/50 last:border-0">
                   <div>
                     <div className="flex items-center gap-2">
-                      <span className="text-sm text-slate-200">Version {v.version}</span>
-                      {idx === 0 && <span className="text-xs bg-blue-500/20 text-blue-400 px-1.5 py-0.5 rounded">Current</span>}
+                      <span className="text-sm text-ink">Version {v.version}</span>
+                      {idx === 0 && <span className="text-xs bg-brand-100 text-brand-700 px-1.5 py-0.5 rounded">Current</span>}
                     </div>
-                    <div className="text-xs text-slate-500 font-mono">{v.serial_number}</div>
+                    <div className="text-xs text-ink-faint font-mono">{v.serial_number}</div>
                   </div>
                   <div className="flex items-center gap-4">
                     <div className="text-right">
-                      <div className="text-sm text-slate-300">{formatDate(v.not_before)} — {formatDate(v.not_after)}</div>
-                      <div className="text-xs text-slate-500">{formatDateTime(v.created_at)}</div>
+                      <div className="text-sm text-ink-muted">{formatDate(v.not_before)} — {formatDate(v.not_after)}</div>
+                      <div className="text-xs text-ink-faint">{formatDateTime(v.created_at)}</div>
                     </div>
                     {idx > 0 && cert?.status !== 'Archived' && cert?.status !== 'Revoked' && (
                       <button
                         onClick={() => setShowDeploy(true)}
-                        className="text-xs text-amber-400 hover:text-amber-300 border border-amber-500/30 px-2 py-1 rounded hover:bg-amber-500/10 transition-colors"
+                        className="text-xs text-amber-600 hover:text-amber-700 border border-amber-300 px-2 py-1 rounded hover:bg-amber-50 transition-colors"
                         title="Redeploy this version to targets"
                       >
                         Rollback
@@ -513,19 +513,19 @@ export default function CertificateDetailPage() {
 
       {/* Deploy Modal */}
       {showDeploy && (
-        <div className="fixed inset-0 bg-black/60 flex items-center justify-center z-50" onClick={() => setShowDeploy(false)}>
-          <div className="bg-slate-800 border border-slate-600 rounded-xl p-6 w-full max-w-md shadow-2xl" onClick={e => e.stopPropagation()}>
-            <h2 className="text-lg font-semibold text-slate-200 mb-4">Deploy Certificate</h2>
+        <div className="fixed inset-0 bg-black/40 flex items-center justify-center z-50" onClick={() => setShowDeploy(false)}>
+          <div className="bg-surface border border-surface-border rounded p-6 w-full max-w-md shadow-xl" onClick={e => e.stopPropagation()}>
+            <h2 className="text-lg font-semibold text-ink mb-4">Deploy Certificate</h2>
             {deployMutation.isError && (
-              <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-3 py-2 text-sm mb-3">
+              <div className="bg-red-50 border border-red-200 text-red-700 rounded px-3 py-2 text-sm mb-3">
                 {deployMutation.error instanceof Error ? deployMutation.error.message : 'Unknown error'}
               </div>
             )}
-            <label className="text-xs text-slate-400 block mb-2">Select Target</label>
+            <label className="text-xs text-ink-muted block mb-2">Select Target</label>
             <select
               value={deployTargetId}
               onChange={e => setDeployTargetId(e.target.value)}
-              className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 mb-4"
+              className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink mb-4"
             >
               <option value="">Choose a target...</option>
               {targets?.data?.map(t => (
@@ -548,22 +548,22 @@ export default function CertificateDetailPage() {
 
       {/* Revoke Modal */}
       {showRevoke && (
-        <div className="fixed inset-0 bg-black/60 flex items-center justify-center z-50" onClick={() => setShowRevoke(false)}>
-          <div className="bg-slate-800 border border-slate-600 rounded-xl p-6 w-full max-w-md shadow-2xl" onClick={e => e.stopPropagation()}>
-            <h2 className="text-lg font-semibold text-red-400 mb-2">Revoke Certificate</h2>
-            <p className="text-sm text-slate-400 mb-4">
+        <div className="fixed inset-0 bg-black/40 flex items-center justify-center z-50" onClick={() => setShowRevoke(false)}>
+          <div className="bg-surface border border-surface-border rounded p-6 w-full max-w-md shadow-xl" onClick={e => e.stopPropagation()}>
+            <h2 className="text-lg font-semibold text-red-700 mb-2">Revoke Certificate</h2>
+            <p className="text-sm text-ink-muted mb-4">
               This action cannot be undone. The certificate will be added to the CRL and marked as revoked.
             </p>
             {revokeMutation.isError && (
-              <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-3 py-2 text-sm mb-3">
+              <div className="bg-red-50 border border-red-200 text-red-700 rounded px-3 py-2 text-sm mb-3">
                 {revokeMutation.error instanceof Error ? revokeMutation.error.message : 'Unknown error'}
               </div>
             )}
-            <label className="text-xs text-slate-400 block mb-2">Revocation Reason (RFC 5280)</label>
+            <label className="text-xs text-ink-muted block mb-2">Revocation Reason (RFC 5280)</label>
             <select
               value={revokeReason}
               onChange={e => setRevokeReason(e.target.value)}
-              className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 mb-4"
+              className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink mb-4"
             >
               {REVOCATION_REASONS.map(r => (
                 <option key={r.value} value={r.value}>{r.label}</option>
diff --git a/web/src/pages/CertificatesPage.tsx b/web/src/pages/CertificatesPage.tsx
index 56b92cf..6106faf 100644
--- a/web/src/pages/CertificatesPage.tsx
+++ b/web/src/pages/CertificatesPage.tsx
@@ -30,57 +30,57 @@ function CreateCertificateModal({ onClose, onSuccess }: { onClose: () => void; o
   });
 
   return (
-    <div className="fixed inset-0 bg-black/60 flex items-center justify-center z-50" onClick={onClose}>
-      <div className="bg-slate-800 border border-slate-600 rounded-xl p-6 w-full max-w-lg shadow-2xl" onClick={e => e.stopPropagation()}>
-        <h2 className="text-lg font-semibold text-slate-200 mb-4">New Certificate</h2>
-        {error && <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-3 py-2 text-sm mb-4">{error}</div>}
+    <div className="fixed inset-0 bg-black/40 flex items-center justify-center z-50" onClick={onClose}>
+      <div className="bg-surface border border-surface-border rounded p-6 w-full max-w-lg shadow-xl" onClick={e => e.stopPropagation()}>
+        <h2 className="text-lg font-semibold text-ink mb-4">New Certificate</h2>
+        {error && <div className="bg-red-50 border border-red-200 text-red-700 rounded px-3 py-2 text-sm mb-4">{error}</div>}
         <div className="space-y-3">
           <div>
-            <label className="text-xs text-slate-400 block mb-1">ID (optional)</label>
+            <label className="text-xs text-ink-muted block mb-1">ID (optional)</label>
             <input value={form.id} onChange={e => setForm(f => ({ ...f, id: e.target.value }))}
-              className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 focus:outline-none focus:border-blue-500"
+              className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400 focus:ring-1 focus:ring-brand-400/20"
               placeholder="mc-api-prod (auto-generated if empty)" />
           </div>
           <div>
-            <label className="text-xs text-slate-400 block mb-1">Common Name *</label>
+            <label className="text-xs text-ink-muted block mb-1">Common Name *</label>
             <input value={form.common_name} onChange={e => setForm(f => ({ ...f, common_name: e.target.value }))}
-              className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 focus:outline-none focus:border-blue-500"
+              className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400 focus:ring-1 focus:ring-brand-400/20"
               placeholder="api.example.com" />
           </div>
           <div className="grid grid-cols-2 gap-3">
             <div>
-              <label className="text-xs text-slate-400 block mb-1">Environment</label>
+              <label className="text-xs text-ink-muted block mb-1">Environment</label>
               <select value={form.environment} onChange={e => setForm(f => ({ ...f, environment: e.target.value }))}
-                className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200">
+                className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink">
                 <option value="production">Production</option>
                 <option value="staging">Staging</option>
                 <option value="development">Development</option>
               </select>
             </div>
             <div>
-              <label className="text-xs text-slate-400 block mb-1">Issuer ID *</label>
+              <label className="text-xs text-ink-muted block mb-1">Issuer ID *</label>
               <input value={form.issuer_id} onChange={e => setForm(f => ({ ...f, issuer_id: e.target.value }))}
-                className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 focus:outline-none focus:border-blue-500"
+                className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400 focus:ring-1 focus:ring-brand-400/20"
                 placeholder="iss-local" />
             </div>
           </div>
           <div className="grid grid-cols-3 gap-3">
             <div>
-              <label className="text-xs text-slate-400 block mb-1">Owner ID</label>
+              <label className="text-xs text-ink-muted block mb-1">Owner ID</label>
               <input value={form.owner_id} onChange={e => setForm(f => ({ ...f, owner_id: e.target.value }))}
-                className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 focus:outline-none focus:border-blue-500"
+                className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400 focus:ring-1 focus:ring-brand-400/20"
                 placeholder="o-alice" />
             </div>
             <div>
-              <label className="text-xs text-slate-400 block mb-1">Team ID</label>
+              <label className="text-xs text-ink-muted block mb-1">Team ID</label>
               <input value={form.team_id} onChange={e => setForm(f => ({ ...f, team_id: e.target.value }))}
-                className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 focus:outline-none focus:border-blue-500"
+                className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400 focus:ring-1 focus:ring-brand-400/20"
                 placeholder="t-platform" />
             </div>
             <div>
-              <label className="text-xs text-slate-400 block mb-1">Policy ID</label>
+              <label className="text-xs text-ink-muted block mb-1">Policy ID</label>
               <input value={form.renewal_policy_id} onChange={e => setForm(f => ({ ...f, renewal_policy_id: e.target.value }))}
-                className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 focus:outline-none focus:border-blue-500"
+                className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400 focus:ring-1 focus:ring-brand-400/20"
                 placeholder="rp-standard" />
             </div>
           </div>
@@ -124,27 +124,27 @@ function BulkRevokeModal({ ids, onClose, onSuccess }: { ids: string[]; onClose:
   };
 
   return (
-    <div className="fixed inset-0 bg-black/60 flex items-center justify-center z-50" onClick={onClose}>
-      <div className="bg-slate-800 border border-slate-600 rounded-xl p-6 w-full max-w-md shadow-2xl" onClick={e => e.stopPropagation()}>
-        <h2 className="text-lg font-semibold text-red-400 mb-2">Bulk Revoke</h2>
-        <p className="text-sm text-slate-400 mb-4">
+    <div className="fixed inset-0 bg-black/40 flex items-center justify-center z-50" onClick={onClose}>
+      <div className="bg-surface border border-surface-border rounded p-6 w-full max-w-md shadow-xl" onClick={e => e.stopPropagation()}>
+        <h2 className="text-lg font-semibold text-red-700 mb-2">Bulk Revoke</h2>
+        <p className="text-sm text-ink-muted mb-4">
           Revoke {ids.length} certificate{ids.length > 1 ? 's' : ''}. This cannot be undone.
         </p>
-        {error && <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-3 py-2 text-sm mb-3">{error}</div>}
+        {error && <div className="bg-red-50 border border-red-200 text-red-700 rounded px-3 py-2 text-sm mb-3">{error}</div>}
         {running && (
           <div className="mb-3">
-            <div className="flex justify-between text-xs text-slate-400 mb-1">
+            <div className="flex justify-between text-xs text-ink-muted mb-1">
               <span>Progress</span>
               <span>{progress}/{ids.length}</span>
             </div>
-            <div className="w-full bg-slate-700 rounded-full h-2">
+            <div className="w-full bg-surface-border rounded-full h-2">
               <div className="bg-red-500 h-2 rounded-full transition-all" style={{ width: `${(progress / ids.length) * 100}%` }} />
             </div>
           </div>
         )}
-        <label className="text-xs text-slate-400 block mb-2">Revocation Reason (RFC 5280)</label>
+        <label className="text-xs text-ink-muted block mb-2">Revocation Reason (RFC 5280)</label>
         <select value={reason} onChange={e => setReason(e.target.value)}
-          className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 mb-4"
+          className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink mb-4"
           disabled={running}
         >
           {REVOCATION_REASONS.map(r => (
@@ -193,27 +193,27 @@ function BulkReassignModal({ ids, onClose, onSuccess }: { ids: string[]; onClose
   };
 
   return (
-    <div className="fixed inset-0 bg-black/60 flex items-center justify-center z-50" onClick={onClose}>
-      <div className="bg-slate-800 border border-slate-600 rounded-xl p-6 w-full max-w-md shadow-2xl" onClick={e => e.stopPropagation()}>
-        <h2 className="text-lg font-semibold text-slate-200 mb-2">Reassign Owner</h2>
-        <p className="text-sm text-slate-400 mb-4">
+    <div className="fixed inset-0 bg-black/40 flex items-center justify-center z-50" onClick={onClose}>
+      <div className="bg-surface border border-surface-border rounded p-6 w-full max-w-md shadow-xl" onClick={e => e.stopPropagation()}>
+        <h2 className="text-lg font-semibold text-ink mb-2">Reassign Owner</h2>
+        <p className="text-sm text-ink-muted mb-4">
           Reassign {ids.length} certificate{ids.length > 1 ? 's' : ''} to a new owner.
         </p>
-        {error && <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-3 py-2 text-sm mb-3">{error}</div>}
+        {error && <div className="bg-red-50 border border-red-200 text-red-700 rounded px-3 py-2 text-sm mb-3">{error}</div>}
         {running && (
           <div className="mb-3">
-            <div className="flex justify-between text-xs text-slate-400 mb-1">
+            <div className="flex justify-between text-xs text-ink-muted mb-1">
               <span>Progress</span>
               <span>{progress}/{ids.length}</span>
             </div>
-            <div className="w-full bg-slate-700 rounded-full h-2">
-              <div className="bg-blue-500 h-2 rounded-full transition-all" style={{ width: `${(progress / ids.length) * 100}%` }} />
+            <div className="w-full bg-surface-border rounded-full h-2">
+              <div className="bg-brand-400 h-2 rounded-full transition-all" style={{ width: `${(progress / ids.length) * 100}%` }} />
             </div>
           </div>
         )}
-        <label className="text-xs text-slate-400 block mb-2">New Owner</label>
+        <label className="text-xs text-ink-muted block mb-2">New Owner</label>
         <select value={ownerId} onChange={e => setOwnerId(e.target.value)}
-          className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 mb-4"
+          className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink mb-4"
           disabled={running}
         >
           <option value="">Select owner...</option>
@@ -276,8 +276,8 @@ export default function CertificatesPage() {
       label: 'Certificate',
       render: (c) => (
         <div>
-          <div className="font-medium text-slate-200">{c.common_name}</div>
-          <div className="text-xs text-slate-500 mt-0.5">{c.id}</div>
+          <div className="font-medium text-ink">{c.common_name}</div>
+          <div className="text-xs text-ink-faint mt-0.5">{c.id}</div>
         </div>
       ),
     },
@@ -290,14 +290,14 @@ export default function CertificatesPage() {
         return (
           <div>
             <div className={expiryColor(days)}>{formatDate(c.expires_at)}</div>
-            <div className="text-xs text-slate-500">{days <= 0 ? 'Expired' : `${days} days`}</div>
+            <div className="text-xs text-ink-faint">{days <= 0 ? 'Expired' : `${days} days`}</div>
           </div>
         );
       },
     },
-    { key: 'env', label: 'Environment', render: (c) => <span className="text-slate-300">{c.environment || '—'}</span> },
-    { key: 'issuer', label: 'Issuer', render: (c) => <span className="text-slate-400 text-xs">{c.issuer_id}</span> },
-    { key: 'owner', label: 'Owner', render: (c) => <span className="text-slate-400 text-xs">{c.owner_id}</span> },
+    { key: 'env', label: 'Environment', render: (c) => <span className="text-ink-muted">{c.environment || '—'}</span> },
+    { key: 'issuer', label: 'Issuer', render: (c) => <span className="text-ink-muted text-xs">{c.issuer_id}</span> },
+    { key: 'owner', label: 'Owner', render: (c) => <span className="text-ink-muted text-xs">{c.owner_id}</span> },
   ];
 
   const selectedArray = Array.from(selectedIds);
@@ -317,8 +317,8 @@ export default function CertificatesPage() {
 
       {/* Bulk Action Bar */}
       {hasSelection && (
-        <div className="px-6 py-3 bg-blue-500/10 border-b border-blue-500/20 flex items-center justify-between">
-          <span className="text-sm text-blue-400 font-medium">{selectedArray.length} selected</span>
+        <div className="px-6 py-3 bg-brand-50 border-b border-brand-200 flex items-center justify-between">
+          <span className="text-sm text-brand-600 font-medium">{selectedArray.length} selected</span>
           <div className="flex gap-2">
             <button onClick={handleBulkRenewal} disabled={bulkRenewProgress?.running}
               className="btn btn-primary text-xs disabled:opacity-50">
@@ -331,11 +331,11 @@ export default function CertificatesPage() {
               Revoke
             </button>
             <button onClick={() => setShowBulkReassign(true)}
-              className="btn btn-ghost text-xs text-blue-400 hover:text-blue-300 border border-blue-600/50">
+              className="btn btn-ghost text-xs text-brand-400 hover:text-brand-300 border border-brand-600/50">
               Reassign Owner
             </button>
             <button onClick={() => setSelectedIds(new Set())}
-              className="btn btn-ghost text-xs text-slate-400">
+              className="btn btn-ghost text-xs text-ink-muted">
               Clear
             </button>
           </div>
@@ -344,18 +344,18 @@ export default function CertificatesPage() {
 
       {/* Bulk Renewal Success */}
       {bulkRenewProgress && !bulkRenewProgress.running && (
-        <div className="px-6 py-2 bg-emerald-500/10 border-b border-emerald-500/20">
-          <span className="text-sm text-emerald-400">
+        <div className="px-6 py-2 bg-emerald-50 border-b border-emerald-200">
+          <span className="text-sm text-emerald-700">
             Triggered renewal for {bulkRenewProgress.done} certificate{bulkRenewProgress.done > 1 ? 's' : ''}.
           </span>
         </div>
       )}
 
-      <div className="px-6 py-3 flex gap-3 border-b border-slate-700/50">
+      <div className="px-6 py-3 flex gap-3 border-b border-surface-border/50">
         <select
           value={statusFilter}
           onChange={e => setStatusFilter(e.target.value)}
-          className="bg-slate-800 border border-slate-600 rounded-lg px-3 py-1.5 text-sm text-slate-300"
+          className="bg-white border border-surface-border rounded px-3 py-1.5 text-sm text-ink"
         >
           <option value="">All statuses</option>
           <option value="Active">Active</option>
@@ -368,7 +368,7 @@ export default function CertificatesPage() {
         <select
           value={envFilter}
           onChange={e => setEnvFilter(e.target.value)}
-          className="bg-slate-800 border border-slate-600 rounded-lg px-3 py-1.5 text-sm text-slate-300"
+          className="bg-white border border-surface-border rounded px-3 py-1.5 text-sm text-ink"
         >
           <option value="">All environments</option>
           <option value="production">Production</option>
diff --git a/web/src/pages/DashboardPage.tsx b/web/src/pages/DashboardPage.tsx
index dc1db85..952acca 100644
--- a/web/src/pages/DashboardPage.tsx
+++ b/web/src/pages/DashboardPage.tsx
@@ -19,28 +19,29 @@ const STATUS_COLORS: Record<string, string> = {
   Expired: '#ef4444',
   Revoked: '#8b5cf6',
   Pending: '#6366f1',
-  RenewalInProgress: '#3b82f6',
+  RenewalInProgress: '#2ea88f',
   Failed: '#f43f5e',
   Archived: '#64748b',
 };
 
 function StatCard({ label, value, icon, color }: { label: string; value: string | number; icon: string; color: string }) {
-  const colorMap: Record<string, string> = {
-    success: 'bg-emerald-500/10 text-emerald-400',
-    warning: 'bg-amber-500/10 text-amber-400',
-    danger:  'bg-red-500/10 text-red-400',
-    info:    'bg-blue-500/10 text-blue-400',
+  const colorMap: Record<string, { bg: string; border: string; text: string }> = {
+    success: { bg: 'bg-emerald-50', border: 'border-t-emerald-500', text: 'text-emerald-700' },
+    warning: { bg: 'bg-amber-50', border: 'border-t-amber-500', text: 'text-amber-700' },
+    danger:  { bg: 'bg-red-50', border: 'border-t-red-500', text: 'text-red-700' },
+    info:    { bg: 'bg-blue-50', border: 'border-t-brand-400', text: 'text-brand-500' },
   };
+  const config = colorMap[color] || colorMap.info;
   return (
-    <div className="card p-5 flex items-start gap-4 hover:border-blue-500/30 transition-colors">
-      <div className={`w-10 h-10 rounded-lg flex items-center justify-center shrink-0 ${colorMap[color] || colorMap.info}`}>
+    <div className={`bg-surface border border-surface-border border-t-4 ${config.border} rounded p-5 flex items-start gap-4 hover:bg-surface-muted transition-colors shadow-sm`}>
+      <div className={`w-10 h-10 rounded flex items-center justify-center shrink-0 ${config.bg} ${config.text}`}>
         <svg className="w-5 h-5" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
           <path strokeLinecap="round" strokeLinejoin="round" d={icon} />
         </svg>
       </div>
       <div>
-        <p className="text-xs font-semibold text-slate-400 uppercase tracking-wider">{label}</p>
-        <p className="text-2xl font-bold mt-1">{value}</p>
+        <p className="text-xs font-semibold text-ink-muted uppercase tracking-wider">{label}</p>
+        <p className="text-2xl font-bold mt-1 text-ink">{value}</p>
       </div>
     </div>
   );
@@ -48,8 +49,8 @@ function StatCard({ label, value, icon, color }: { label: string; value: string
 
 function ChartCard({ title, children }: { title: string; children: React.ReactNode }) {
   return (
-    <div className="card p-5">
-      <h3 className="text-sm font-semibold text-slate-300 mb-4">{title}</h3>
+    <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
+      <h3 className="text-sm font-semibold text-ink-muted mb-4">{title}</h3>
       <div className="h-64">
         {children}
       </div>
@@ -60,8 +61,8 @@ function ChartCard({ title, children }: { title: string; children: React.ReactNo
 const CustomTooltip = ({ active, payload, label }: any) => {
   if (!active || !payload?.length) return null;
   return (
-    <div className="bg-slate-800 border border-slate-600 rounded-lg px-3 py-2 text-xs shadow-lg">
-      <p className="text-slate-300 mb-1">{label}</p>
+    <div className="bg-surface border border-surface-border rounded px-3 py-2 text-xs shadow-lg">
+      <p className="text-ink mb-1">{label}</p>
       {payload.map((entry: any, i: number) => (
         <p key={i} style={{ color: entry.color }}>
           {entry.name}: {typeof entry.value === 'number' && entry.name?.includes('rate') ? `${entry.value.toFixed(1)}%` : entry.value}
@@ -159,12 +160,12 @@ export default function DashboardPage() {
                   <Legend
                     verticalAlign="bottom"
                     height={36}
-                    formatter={(value: string) => <span className="text-xs text-slate-400">{value}</span>}
+                    formatter={(value: string) => <span className="text-xs text-ink-muted">{value}</span>}
                   />
                 </PieChart>
               </ResponsiveContainer>
             ) : (
-              <div className="h-full flex items-center justify-center text-sm text-slate-500">No certificate data</div>
+              <div className="h-full flex items-center justify-center text-sm text-ink-faint">No certificate data</div>
             )}
           </ChartCard>
 
@@ -173,15 +174,15 @@ export default function DashboardPage() {
             {weeklyExpiration.length > 0 ? (
               <ResponsiveContainer width="100%" height="100%">
                 <BarChart data={weeklyExpiration}>
-                  <CartesianGrid strokeDasharray="3 3" stroke="#334155" />
-                  <XAxis dataKey="week" tick={{ fill: '#94a3b8', fontSize: 11 }} tickFormatter={formatShortDate} />
-                  <YAxis tick={{ fill: '#94a3b8', fontSize: 11 }} allowDecimals={false} />
+                  <CartesianGrid strokeDasharray="3 3" stroke="#e2e8f0" />
+                  <XAxis dataKey="week" tick={{ fill: '#64748b', fontSize: 11 }} tickFormatter={formatShortDate} />
+                  <YAxis tick={{ fill: '#64748b', fontSize: 11 }} allowDecimals={false} />
                   <Tooltip content={<CustomTooltip />} />
                   <Bar dataKey="count" name="Expiring certs" fill="#f59e0b" radius={[4, 4, 0, 0]} />
                 </BarChart>
               </ResponsiveContainer>
             ) : (
-              <div className="h-full flex items-center justify-center text-sm text-slate-500">No expiration data</div>
+              <div className="h-full flex items-center justify-center text-sm text-ink-faint">No expiration data</div>
             )}
           </ChartCard>
         </div>
@@ -193,17 +194,17 @@ export default function DashboardPage() {
             {(jobTrends || []).length > 0 ? (
               <ResponsiveContainer width="100%" height="100%">
                 <LineChart data={jobTrends}>
-                  <CartesianGrid strokeDasharray="3 3" stroke="#334155" />
-                  <XAxis dataKey="date" tick={{ fill: '#94a3b8', fontSize: 11 }} tickFormatter={formatShortDate} />
-                  <YAxis tick={{ fill: '#94a3b8', fontSize: 11 }} allowDecimals={false} />
+                  <CartesianGrid strokeDasharray="3 3" stroke="#e2e8f0" />
+                  <XAxis dataKey="date" tick={{ fill: '#64748b', fontSize: 11 }} tickFormatter={formatShortDate} />
+                  <YAxis tick={{ fill: '#64748b', fontSize: 11 }} allowDecimals={false} />
                   <Tooltip content={<CustomTooltip />} />
-                  <Legend formatter={(value: string) => <span className="text-xs text-slate-400">{value}</span>} />
+                  <Legend formatter={(value: string) => <span className="text-xs text-ink-muted">{value}</span>} />
                   <Line type="monotone" dataKey="completed_count" name="Completed" stroke="#10b981" strokeWidth={2} dot={false} />
                   <Line type="monotone" dataKey="failed_count" name="Failed" stroke="#ef4444" strokeWidth={2} dot={false} />
                 </LineChart>
               </ResponsiveContainer>
             ) : (
-              <div className="h-full flex items-center justify-center text-sm text-slate-500">No job trend data</div>
+              <div className="h-full flex items-center justify-center text-sm text-ink-faint">No job trend data</div>
             )}
           </ChartCard>
 
@@ -212,28 +213,28 @@ export default function DashboardPage() {
             {(issuanceRate || []).length > 0 ? (
               <ResponsiveContainer width="100%" height="100%">
                 <BarChart data={issuanceRate}>
-                  <CartesianGrid strokeDasharray="3 3" stroke="#334155" />
-                  <XAxis dataKey="date" tick={{ fill: '#94a3b8', fontSize: 11 }} tickFormatter={formatShortDate} />
-                  <YAxis tick={{ fill: '#94a3b8', fontSize: 11 }} allowDecimals={false} />
+                  <CartesianGrid strokeDasharray="3 3" stroke="#e2e8f0" />
+                  <XAxis dataKey="date" tick={{ fill: '#64748b', fontSize: 11 }} tickFormatter={formatShortDate} />
+                  <YAxis tick={{ fill: '#64748b', fontSize: 11 }} allowDecimals={false} />
                   <Tooltip content={<CustomTooltip />} />
-                  <Bar dataKey="issued_count" name="Issued" fill="#3b82f6" radius={[4, 4, 0, 0]} />
+                  <Bar dataKey="issued_count" name="Issued" fill="#2ea88f" radius={[4, 4, 0, 0]} />
                 </BarChart>
               </ResponsiveContainer>
             ) : (
-              <div className="h-full flex items-center justify-center text-sm text-slate-500">No issuance data</div>
+              <div className="h-full flex items-center justify-center text-sm text-ink-faint">No issuance data</div>
             )}
           </ChartCard>
         </div>
 
         <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
           {/* Expiring Certificates */}
-          <div className="card p-5">
+          <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
             <div className="flex items-center justify-between mb-4">
-              <h3 className="text-sm font-semibold text-slate-300">Certificates Expiring Soon</h3>
-              <button onClick={() => navigate('/certificates')} className="text-xs text-blue-400 hover:text-blue-300">View all</button>
+              <h3 className="text-sm font-semibold text-ink-muted">Certificates Expiring Soon</h3>
+              <button onClick={() => navigate('/certificates')} className="text-xs text-brand-400 hover:text-brand-500">View all</button>
             </div>
             {!certs?.data?.length ? (
-              <p className="text-sm text-slate-500">No certificates</p>
+              <p className="text-sm text-ink-faint">No certificates</p>
             ) : (
               <div className="space-y-2">
                 {certs.data
@@ -246,17 +247,17 @@ export default function DashboardPage() {
                       <div
                         key={c.id}
                         onClick={() => navigate(`/certificates/${c.id}`)}
-                        className="flex items-center justify-between py-2 px-3 rounded-lg hover:bg-slate-700/50 cursor-pointer transition-colors"
+                        className="flex items-center justify-between py-2 px-3 rounded hover:bg-surface-muted cursor-pointer transition-colors"
                       >
                         <div>
-                          <div className="text-sm text-slate-200">{c.common_name}</div>
-                          <div className="text-xs text-slate-500">{c.environment || 'no env'}</div>
+                          <div className="text-sm text-ink">{c.common_name}</div>
+                          <div className="text-xs text-ink-faint">{c.environment || 'no env'}</div>
                         </div>
                         <div className="text-right">
                           <div className={`text-sm ${expiryColor(days)}`}>
                             {days <= 0 ? 'Expired' : `${days} days`}
                           </div>
-                          <div className="text-xs text-slate-500">{formatDate(c.expires_at)}</div>
+                          <div className="text-xs text-ink-faint">{formatDate(c.expires_at)}</div>
                         </div>
                       </div>
                     );
@@ -266,20 +267,20 @@ export default function DashboardPage() {
           </div>
 
           {/* Recent Jobs */}
-          <div className="card p-5">
+          <div className="bg-surface border border-surface-border rounded p-5 shadow-sm">
             <div className="flex items-center justify-between mb-4">
-              <h3 className="text-sm font-semibold text-slate-300">Recent Jobs</h3>
-              <button onClick={() => navigate('/jobs')} className="text-xs text-blue-400 hover:text-blue-300">View all</button>
+              <h3 className="text-sm font-semibold text-ink-muted">Recent Jobs</h3>
+              <button onClick={() => navigate('/jobs')} className="text-xs text-brand-400 hover:text-brand-500">View all</button>
             </div>
             {!jobs?.data?.length ? (
-              <p className="text-sm text-slate-500">No jobs</p>
+              <p className="text-sm text-ink-faint">No jobs</p>
             ) : (
               <div className="space-y-2">
                 {jobs.data.slice(0, 5).map(j => (
-                  <div key={j.id} className="flex items-center justify-between py-2 px-3 rounded-lg hover:bg-slate-700/50 transition-colors">
+                  <div key={j.id} className="flex items-center justify-between py-2 px-3 rounded hover:bg-surface-muted transition-colors">
                     <div>
-                      <div className="text-sm text-slate-200">{j.type}</div>
-                      <div className="text-xs text-slate-500 font-mono">{j.certificate_id}</div>
+                      <div className="text-sm text-ink">{j.type}</div>
+                      <div className="text-xs text-ink-faint font-mono">{j.certificate_id}</div>
                     </div>
                     <StatusBadge status={j.status} />
                   </div>
@@ -291,10 +292,10 @@ export default function DashboardPage() {
 
         {/* Pending Jobs Banner */}
         {pendingJobs > 0 && (
-          <div className="bg-blue-500/10 border border-blue-500/20 rounded-lg px-5 py-4 flex items-center justify-between">
+          <div className="bg-brand-50 border border-brand-200 rounded px-5 py-4 flex items-center justify-between">
             <div>
-              <p className="text-sm font-medium text-blue-400">{pendingJobs} pending job{pendingJobs > 1 ? 's' : ''}</p>
-              <p className="text-xs text-slate-400 mt-0.5">Jobs are waiting to be processed</p>
+              <p className="text-sm font-medium text-brand-600">{pendingJobs} pending job{pendingJobs > 1 ? 's' : ''}</p>
+              <p className="text-xs text-brand-600/70 mt-0.5">Jobs are waiting to be processed</p>
             </div>
             <button onClick={() => navigate('/jobs')} className="btn btn-primary text-xs">View Jobs</button>
           </div>
diff --git a/web/src/pages/IssuersPage.tsx b/web/src/pages/IssuersPage.tsx
index 5dc5d36..945e998 100644
--- a/web/src/pages/IssuersPage.tsx
+++ b/web/src/pages/IssuersPage.tsx
@@ -42,8 +42,8 @@ export default function IssuersPage() {
       label: 'Issuer',
       render: (i) => (
         <div>
-          <div className="font-medium text-slate-200">{i.name}</div>
-          <div className="text-xs text-slate-500 font-mono">{i.id}</div>
+          <div className="font-medium text-ink">{i.name}</div>
+          <div className="text-xs text-ink-faint font-mono">{i.id}</div>
         </div>
       ),
     },
@@ -63,9 +63,9 @@ export default function IssuersPage() {
       key: 'config',
       label: 'Config',
       render: (i) => {
-        if (!i.config || Object.keys(i.config).length === 0) return <span className="text-slate-500">&mdash;</span>;
+        if (!i.config || Object.keys(i.config).length === 0) return <span className="text-ink-faint">&mdash;</span>;
         return (
-          <span className="text-xs text-slate-400 font-mono truncate max-w-xs block">
+          <span className="text-xs text-ink-muted font-mono truncate max-w-xs block">
             {JSON.stringify(i.config).slice(0, 60)}
           </span>
         );
@@ -74,7 +74,7 @@ export default function IssuersPage() {
     {
       key: 'created',
       label: 'Created',
-      render: (i) => <span className="text-xs text-slate-400">{formatDateTime(i.created_at)}</span>,
+      render: (i) => <span className="text-xs text-ink-muted">{formatDateTime(i.created_at)}</span>,
     },
     {
       key: 'actions',
@@ -84,13 +84,13 @@ export default function IssuersPage() {
           <button
             onClick={(e) => { e.stopPropagation(); testMutation.mutate(i.id); }}
             disabled={testMutation.isPending}
-            className="text-xs text-blue-400 hover:text-blue-300 transition-colors"
+            className="text-xs text-brand-400 hover:text-brand-500 transition-colors"
           >
             Test
           </button>
           <button
             onClick={(e) => { e.stopPropagation(); if (confirm(`Delete issuer ${i.name}?`)) deleteMutation.mutate(i.id); }}
-            className="text-xs text-red-400 hover:text-red-300 transition-colors"
+            className="text-xs text-red-600 hover:text-red-700 transition-colors"
           >
             Delete
           </button>
@@ -103,7 +103,7 @@ export default function IssuersPage() {
     <>
       <PageHeader title="Issuers" subtitle={data ? `${data.total} issuers` : undefined} />
       {testResult && (
-        <div className={`mx-6 mt-3 rounded-lg px-4 py-3 text-sm ${testResult.ok ? 'bg-emerald-500/10 border border-emerald-500/20 text-emerald-400' : 'bg-red-500/10 border border-red-500/20 text-red-400'}`}>
+        <div className={`mx-6 mt-3 rounded px-4 py-3 text-sm ${testResult.ok ? 'bg-emerald-100 border border-emerald-200 text-emerald-700' : 'bg-red-50 border border-red-200 text-red-700'}`}>
           {testResult.id}: {testResult.msg}
           <button onClick={() => setTestResult(null)} className="ml-3 text-xs opacity-60 hover:opacity-100">dismiss</button>
         </div>
diff --git a/web/src/pages/JobsPage.tsx b/web/src/pages/JobsPage.tsx
index 2d889f7..0560129 100644
--- a/web/src/pages/JobsPage.tsx
+++ b/web/src/pages/JobsPage.tsx
@@ -35,20 +35,20 @@ export default function JobsPage() {
       label: 'Job',
       render: (j) => (
         <div>
-          <div className="font-mono text-xs text-slate-200">{j.id}</div>
-          <div className="text-xs text-slate-500">{j.type}</div>
+          <div className="font-mono text-xs text-ink">{j.id}</div>
+          <div className="text-xs text-ink-faint">{j.type}</div>
         </div>
       ),
     },
     { key: 'status', label: 'Status', render: (j) => <StatusBadge status={j.status} /> },
-    { key: 'cert', label: 'Certificate', render: (j) => <span className="text-xs text-slate-400 font-mono">{j.certificate_id}</span> },
+    { key: 'cert', label: 'Certificate', render: (j) => <span className="text-xs text-ink-muted font-mono">{j.certificate_id}</span> },
     {
       key: 'attempts',
       label: 'Attempts',
-      render: (j) => <span className="text-slate-300">{j.attempts}/{j.max_attempts}</span>,
+      render: (j) => <span className="text-ink-muted">{j.attempts}/{j.max_attempts}</span>,
     },
-    { key: 'scheduled', label: 'Scheduled', render: (j) => <span className="text-xs text-slate-400">{formatDateTime(j.scheduled_at)}</span> },
-    { key: 'completed', label: 'Completed', render: (j) => <span className="text-xs text-slate-400">{formatDateTime(j.completed_at)}</span> },
+    { key: 'scheduled', label: 'Scheduled', render: (j) => <span className="text-xs text-ink-muted">{formatDateTime(j.scheduled_at)}</span> },
+    { key: 'completed', label: 'Completed', render: (j) => <span className="text-xs text-ink-muted">{formatDateTime(j.completed_at)}</span> },
     {
       key: 'actions',
       label: '',
@@ -68,11 +68,11 @@ export default function JobsPage() {
   return (
     <>
       <PageHeader title="Jobs" subtitle={data ? `${data.total} jobs` : undefined} />
-      <div className="px-6 py-3 flex gap-3 border-b border-slate-700/50">
+      <div className="px-6 py-3 flex gap-3 border-b border-surface-border/50">
         <select
           value={statusFilter}
           onChange={e => setStatusFilter(e.target.value)}
-          className="bg-slate-800 border border-slate-600 rounded-lg px-3 py-1.5 text-sm text-slate-300"
+          className="bg-white border border-surface-border rounded px-3 py-1.5 text-sm text-ink"
         >
           <option value="">All statuses</option>
           <option value="Pending">Pending</option>
@@ -84,7 +84,7 @@ export default function JobsPage() {
         <select
           value={typeFilter}
           onChange={e => setTypeFilter(e.target.value)}
-          className="bg-slate-800 border border-slate-600 rounded-lg px-3 py-1.5 text-sm text-slate-300"
+          className="bg-white border border-surface-border rounded px-3 py-1.5 text-sm text-ink"
         >
           <option value="">All types</option>
           <option value="Renewal">Renewal</option>
diff --git a/web/src/pages/LoginPage.tsx b/web/src/pages/LoginPage.tsx
index 5f33ad2..4c62c2d 100644
--- a/web/src/pages/LoginPage.tsx
+++ b/web/src/pages/LoginPage.tsx
@@ -24,16 +24,16 @@ export default function LoginPage() {
   }
 
   return (
-    <div className="min-h-screen bg-slate-900 flex items-center justify-center px-4">
+    <div className="min-h-screen bg-page flex items-center justify-center px-4">
       <div className="w-full max-w-sm">
         <div className="text-center mb-8">
-          <h1 className="text-3xl font-bold text-blue-400 mb-2">certctl</h1>
-          <p className="text-sm text-slate-400 uppercase tracking-wider">Certificate Control Plane</p>
+          <h1 className="text-4xl font-bold text-brand-400 mb-2">certctl</h1>
+          <p className="text-sm text-ink-muted uppercase tracking-wider">Certificate Control Plane</p>
         </div>
 
-        <form onSubmit={handleSubmit} className="card p-6 space-y-4">
+        <form onSubmit={handleSubmit} className="bg-surface border border-surface-border rounded p-6 space-y-4 shadow-sm">
           <div>
-            <label htmlFor="api-key" className="block text-sm font-medium text-slate-300 mb-1.5">
+            <label htmlFor="api-key" className="block text-sm font-medium text-ink-muted mb-1.5">
               API Key
             </label>
             <input
@@ -43,12 +43,12 @@ export default function LoginPage() {
               onChange={(e) => setKey(e.target.value)}
               placeholder="Enter your API key"
               autoFocus
-              className="w-full bg-slate-700 border border-slate-600 rounded-lg px-3 py-2.5 text-sm text-slate-200 placeholder-slate-500 focus:outline-none focus:border-blue-500 focus:ring-1 focus:ring-blue-500"
+              className="w-full bg-white border border-surface-border rounded px-3 py-2.5 text-sm text-ink placeholder-ink-faint focus:outline-none focus:border-brand-400 focus:ring-1 focus:ring-brand-400/20"
             />
           </div>
 
           {error && (
-            <div className="bg-red-500/10 border border-red-500/30 rounded-lg px-3 py-2 text-sm text-red-400">
+            <div className="bg-red-50 border border-red-200 rounded px-3 py-2 text-sm text-red-700">
               {error}
             </div>
           )}
@@ -56,13 +56,13 @@ export default function LoginPage() {
           <button
             type="submit"
             disabled={submitting || !key.trim()}
-            className="w-full btn-primary py-2.5 text-sm font-medium rounded-lg disabled:opacity-50 disabled:cursor-not-allowed"
+            className="w-full bg-brand-400 hover:bg-brand-500 text-white py-2.5 text-sm font-medium rounded transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
           >
             {submitting ? 'Verifying...' : 'Sign In'}
           </button>
 
-          <p className="text-xs text-slate-500 text-center">
-            The API key is set via <code className="text-slate-400">CERTCTL_AUTH_SECRET</code> on the server.
+          <p className="text-xs text-ink-muted text-center">
+            The API key is set via <code className="text-ink-faint bg-page px-1 py-0.5 rounded">CERTCTL_AUTH_SECRET</code> on the server.
           </p>
         </form>
       </div>
diff --git a/web/src/pages/NotificationsPage.tsx b/web/src/pages/NotificationsPage.tsx
index 30f5aa2..391ec95 100644
--- a/web/src/pages/NotificationsPage.tsx
+++ b/web/src/pages/NotificationsPage.tsx
@@ -60,7 +60,7 @@ export default function NotificationsPage() {
     return (
       <>
         <PageHeader title="Notifications" />
-        <div className="flex items-center justify-center flex-1 text-slate-400">Loading...</div>
+        <div className="flex items-center justify-center flex-1 text-ink-muted">Loading...</div>
       </>
     );
   }
@@ -80,17 +80,17 @@ export default function NotificationsPage() {
         title="Notifications"
         subtitle={`${filtered.length} notifications${unreadCount ? ` (${unreadCount} unread)` : ''}`}
       />
-      <div className="px-4 py-3 flex flex-wrap items-center gap-3 border-b border-slate-700/50">
-        <div className="flex rounded overflow-hidden border border-slate-600">
+      <div className="px-4 py-3 flex flex-wrap items-center gap-3 border-b border-surface-border/50">
+        <div className="flex rounded overflow-hidden border border-surface-border">
           <button
             onClick={() => setViewMode('grouped')}
-            className={`px-3 py-1.5 text-xs transition-colors ${viewMode === 'grouped' ? 'bg-blue-600 text-white' : 'bg-slate-800 text-slate-400 hover:text-slate-200'}`}
+            className={`px-3 py-1.5 text-xs transition-colors ${viewMode === 'grouped' ? 'bg-brand-400 text-white' : 'bg-surface text-ink-muted hover:text-ink'}`}
           >
             Grouped
           </button>
           <button
             onClick={() => setViewMode('list')}
-            className={`px-3 py-1.5 text-xs transition-colors ${viewMode === 'list' ? 'bg-blue-600 text-white' : 'bg-slate-800 text-slate-400 hover:text-slate-200'}`}
+            className={`px-3 py-1.5 text-xs transition-colors ${viewMode === 'list' ? 'bg-brand-400 text-white' : 'bg-surface text-ink-muted hover:text-ink'}`}
           >
             List
           </button>
@@ -98,7 +98,7 @@ export default function NotificationsPage() {
         <select
           value={typeFilter}
           onChange={(e) => setTypeFilter(e.target.value)}
-          className="bg-slate-800 border border-slate-600 rounded px-3 py-1.5 text-xs text-slate-300 focus:outline-none focus:border-blue-500"
+          className="bg-surface border border-surface-border rounded px-3 py-1.5 text-xs text-ink focus:outline-none focus:border-brand-400"
         >
           <option value="">All types</option>
           {types.map(t => <option key={t} value={t}>{t.replace(/([A-Z])/g, ' $1').trim()}</option>)}
@@ -106,7 +106,7 @@ export default function NotificationsPage() {
         <select
           value={statusFilter}
           onChange={(e) => setStatusFilter(e.target.value)}
-          className="bg-slate-800 border border-slate-600 rounded px-3 py-1.5 text-xs text-slate-300 focus:outline-none focus:border-blue-500"
+          className="bg-surface border border-surface-border rounded px-3 py-1.5 text-xs text-ink focus:outline-none focus:border-brand-400"
         >
           <option value="">All statuses</option>
           {statuses.map(s => <option key={s} value={s}>{s}</option>)}
@@ -114,7 +114,7 @@ export default function NotificationsPage() {
         {(typeFilter || statusFilter) && (
           <button
             onClick={() => { setTypeFilter(''); setStatusFilter(''); }}
-            className="text-xs text-slate-400 hover:text-slate-200 transition-colors"
+            className="text-xs text-ink-muted hover:text-ink transition-colors"
           >
             Clear filters
           </button>
@@ -123,15 +123,15 @@ export default function NotificationsPage() {
       <div className="flex-1 overflow-y-auto p-4 space-y-3">
         {viewMode === 'grouped' ? (
           grouped.length === 0 ? (
-            <div className="text-center py-16 text-slate-500">No notifications</div>
+            <div className="text-center py-16 text-ink-faint">No notifications</div>
           ) : (
             grouped.map(([certId, items]) => (
               <div key={certId} className="card p-4">
                 <div className="flex items-center justify-between mb-3">
-                  <span className="text-xs font-mono text-slate-400">
+                  <span className="text-xs font-mono text-ink-muted">
                     {certId === 'general' ? 'General' : certId}
                   </span>
-                  <span className="text-xs text-slate-500">{items.length} notification{items.length !== 1 ? 's' : ''}</span>
+                  <span className="text-xs text-ink-faint">{items.length} notification{items.length !== 1 ? 's' : ''}</span>
                 </div>
                 <div className="space-y-2">
                   {items.map((n) => (
@@ -143,7 +143,7 @@ export default function NotificationsPage() {
           )
         ) : (
           filtered.length === 0 ? (
-            <div className="text-center py-16 text-slate-500">No notifications</div>
+            <div className="text-center py-16 text-ink-faint">No notifications</div>
           ) : (
             <div className="space-y-2">
               {filtered.map((n) => (
@@ -160,23 +160,23 @@ export default function NotificationsPage() {
 function NotificationRow({ notification: n, onMarkRead }: { notification: Notification; onMarkRead: () => void }) {
   const isUnread = n.status === 'Pending' || n.status === 'pending';
   return (
-    <div className={`flex items-start justify-between py-2 px-3 rounded-lg transition-colors ${isUnread ? 'bg-slate-700/30 border-l-2 border-blue-500' : 'hover:bg-slate-700/20'}`}>
+    <div className={`flex items-start justify-between py-2 px-3 rounded transition-colors ${isUnread ? 'bg-surface-muted border-l-2 border-brand-400' : 'hover:bg-surface-muted'}`}>
       <div className="flex-1 min-w-0">
         <div className="flex items-center gap-2 mb-1">
-          <span className="text-sm text-slate-200">{n.type.replace(/([A-Z])/g, ' $1').trim()}</span>
+          <span className="text-sm text-ink">{n.type.replace(/([A-Z])/g, ' $1').trim()}</span>
           <StatusBadge status={n.status} />
-          <span className="text-xs text-slate-500">{n.channel}</span>
+          <span className="text-xs text-ink-faint">{n.channel}</span>
         </div>
-        <p className="text-xs text-slate-400 truncate">{n.message || n.subject}</p>
+        <p className="text-xs text-ink-muted truncate">{n.message || n.subject}</p>
         <div className="flex items-center gap-3 mt-1">
-          <span className="text-xs text-slate-500">{n.recipient}</span>
-          <span className="text-xs text-slate-600">{timeAgo(n.created_at)}</span>
+          <span className="text-xs text-ink-faint">{n.recipient}</span>
+          <span className="text-xs text-ink-faint">{timeAgo(n.created_at)}</span>
         </div>
       </div>
       {isUnread && (
         <button
           onClick={(e) => { e.stopPropagation(); onMarkRead(); }}
-          className="ml-3 text-xs text-blue-400 hover:text-blue-300 transition-colors whitespace-nowrap"
+          className="ml-3 text-xs text-brand-400 hover:text-brand-500 transition-colors whitespace-nowrap"
         >
           Mark read
         </button>
diff --git a/web/src/pages/OwnersPage.tsx b/web/src/pages/OwnersPage.tsx
index 84e796e..1ea672f 100644
--- a/web/src/pages/OwnersPage.tsx
+++ b/web/src/pages/OwnersPage.tsx
@@ -35,15 +35,15 @@ export default function OwnersPage() {
       label: 'Owner',
       render: (o) => (
         <div>
-          <div className="font-medium text-slate-200">{o.name}</div>
-          <div className="text-xs text-slate-500 font-mono">{o.id}</div>
+          <div className="font-medium text-ink">{o.name}</div>
+          <div className="text-xs text-ink-faint font-mono">{o.id}</div>
         </div>
       ),
     },
     {
       key: 'email',
       label: 'Email',
-      render: (o) => <span className="text-slate-300">{o.email || '\u2014'}</span>,
+      render: (o) => <span className="text-ink">{o.email || '\u2014'}</span>,
     },
     {
       key: 'team',
@@ -51,14 +51,14 @@ export default function OwnersPage() {
       render: (o) => {
         const team = teamMap.get(o.team_id);
         return team
-          ? <span className="text-blue-400">{team.name}</span>
-          : <span className="text-slate-500 font-mono text-xs">{o.team_id || '\u2014'}</span>;
+          ? <span className="text-brand-400">{team.name}</span>
+          : <span className="text-ink-faint font-mono text-xs">{o.team_id || '\u2014'}</span>;
       },
     },
     {
       key: 'created',
       label: 'Created',
-      render: (o) => <span className="text-xs text-slate-400">{formatDateTime(o.created_at)}</span>,
+      render: (o) => <span className="text-xs text-ink-muted">{formatDateTime(o.created_at)}</span>,
     },
     {
       key: 'actions',
@@ -66,7 +66,7 @@ export default function OwnersPage() {
       render: (o) => (
         <button
           onClick={(e) => { e.stopPropagation(); if (confirm(`Delete owner ${o.name}?`)) deleteMutation.mutate(o.id); }}
-          className="text-xs text-red-400 hover:text-red-300 transition-colors"
+          className="text-xs text-red-600 hover:text-red-700 transition-colors"
         >
           Delete
         </button>
diff --git a/web/src/pages/PoliciesPage.tsx b/web/src/pages/PoliciesPage.tsx
index 9d76dee..823d942 100644
--- a/web/src/pages/PoliciesPage.tsx
+++ b/web/src/pages/PoliciesPage.tsx
@@ -15,10 +15,10 @@ const severityStyles: Record<string, string> = {
 };
 
 const severityDots: Record<string, string> = {
-  low: 'bg-blue-400',
-  medium: 'bg-amber-400',
-  high: 'bg-orange-400',
-  critical: 'bg-red-400',
+  low: 'bg-emerald-500',
+  medium: 'bg-amber-500',
+  high: 'bg-orange-500',
+  critical: 'bg-red-500',
 };
 
 export default function PoliciesPage() {
@@ -52,12 +52,12 @@ export default function PoliciesPage() {
       label: 'Rule',
       render: (p) => (
         <div>
-          <div className="font-medium text-slate-200">{p.name}</div>
-          <div className="text-xs text-slate-500">{p.id}</div>
+          <div className="font-medium text-ink">{p.name}</div>
+          <div className="text-xs text-ink-faint">{p.id}</div>
         </div>
       ),
     },
-    { key: 'type', label: 'Type', render: (p) => <span className="text-sm text-slate-300">{p.type.replace(/_/g, ' ')}</span> },
+    { key: 'type', label: 'Type', render: (p) => <span className="text-sm text-ink">{p.type.replace(/_/g, ' ')}</span> },
     {
       key: 'severity',
       label: 'Severity',
@@ -67,9 +67,9 @@ export default function PoliciesPage() {
       key: 'config',
       label: 'Config',
       render: (p) => {
-        if (!p.config || Object.keys(p.config).length === 0) return <span className="text-slate-500">&mdash;</span>;
+        if (!p.config || Object.keys(p.config).length === 0) return <span className="text-ink-faint">&mdash;</span>;
         return (
-          <span className="text-xs text-slate-400 font-mono truncate max-w-xs block">
+          <span className="text-xs text-ink-muted font-mono truncate max-w-xs block">
             {JSON.stringify(p.config).slice(0, 50)}
           </span>
         );
@@ -81,20 +81,20 @@ export default function PoliciesPage() {
       render: (p) => (
         <button
           onClick={(e) => { e.stopPropagation(); toggleMutation.mutate({ id: p.id, enabled: !p.enabled }); }}
-          className={`text-xs font-medium transition-colors ${p.enabled ? 'text-emerald-400 hover:text-emerald-300' : 'text-slate-500 hover:text-slate-300'}`}
+          className={`text-xs font-medium transition-colors ${p.enabled ? 'text-emerald-600 hover:text-emerald-700' : 'text-ink-faint hover:text-ink-muted'}`}
         >
           {p.enabled ? 'Enabled' : 'Disabled'}
         </button>
       ),
     },
-    { key: 'created', label: 'Created', render: (p) => <span className="text-xs text-slate-400">{formatDateTime(p.created_at)}</span> },
+    { key: 'created', label: 'Created', render: (p) => <span className="text-xs text-ink-muted">{formatDateTime(p.created_at)}</span> },
     {
       key: 'actions',
       label: '',
       render: (p) => (
         <button
           onClick={(e) => { e.stopPropagation(); if (confirm(`Delete policy ${p.name}?`)) deleteMutation.mutate(p.id); }}
-          className="text-xs text-red-400 hover:text-red-300 transition-colors"
+          className="text-xs text-red-600 hover:text-red-700 transition-colors"
         >
           Delete
         </button>
@@ -106,18 +106,18 @@ export default function PoliciesPage() {
     <>
       <PageHeader title="Policies" subtitle={data ? `${data.total} rules` : undefined} />
       {policies.length > 0 && (
-        <div className="px-4 py-3 flex flex-wrap gap-4 border-b border-slate-700/50">
+        <div className="px-4 py-3 flex flex-wrap gap-4 border-b border-surface-border/50">
           <div className="flex items-center gap-2">
-            <span className="text-xs text-slate-400">Enabled:</span>
-            <span className="text-xs font-medium text-emerald-400">{enabledCount}</span>
-            <span className="text-xs text-slate-600">/</span>
-            <span className="text-xs text-slate-400">{policies.length}</span>
+            <span className="text-xs text-ink-muted">Enabled:</span>
+            <span className="text-xs font-medium text-emerald-600">{enabledCount}</span>
+            <span className="text-xs text-ink-faint">/</span>
+            <span className="text-xs text-ink-muted">{policies.length}</span>
           </div>
           {Object.entries(bySeverity).map(([sev, count]) => (
             <div key={sev} className="flex items-center gap-1.5">
               <div className={`w-2 h-2 rounded-full ${severityDots[sev] || 'bg-slate-400'}`} />
-              <span className="text-xs text-slate-300 capitalize">{sev}</span>
-              <span className="text-xs text-slate-500">{count}</span>
+              <span className="text-xs text-ink capitalize">{sev}</span>
+              <span className="text-xs text-ink-faint">{count}</span>
             </div>
           ))}
         </div>
diff --git a/web/src/pages/ProfilesPage.tsx b/web/src/pages/ProfilesPage.tsx
index 5a7e6e9..4b5e613 100644
--- a/web/src/pages/ProfilesPage.tsx
+++ b/web/src/pages/ProfilesPage.tsx
@@ -35,10 +35,10 @@ export default function ProfilesPage() {
       label: 'Profile',
       render: (p) => (
         <div>
-          <div className="font-medium text-slate-200">{p.name}</div>
-          <div className="text-xs text-slate-500 font-mono">{p.id}</div>
+          <div className="font-medium text-ink">{p.name}</div>
+          <div className="text-xs text-ink-faint font-mono">{p.id}</div>
           {p.description && (
-            <div className="text-xs text-slate-400 mt-0.5 max-w-xs truncate">{p.description}</div>
+            <div className="text-xs text-ink-muted mt-0.5 max-w-xs truncate">{p.description}</div>
           )}
         </div>
       ),
@@ -61,9 +61,9 @@ export default function ProfilesPage() {
       label: 'Max TTL',
       render: (p) => (
         <div>
-          <span className="text-slate-200">{formatTTL(p.max_ttl_seconds)}</span>
+          <span className="text-ink">{formatTTL(p.max_ttl_seconds)}</span>
           {p.allow_short_lived && (
-            <span className="ml-2 text-xs text-amber-400 bg-amber-400/10 px-1.5 py-0.5 rounded">
+            <span className="ml-2 text-xs text-amber-700 bg-amber-100 px-1.5 py-0.5 rounded">
               short-lived
             </span>
           )}
@@ -76,7 +76,7 @@ export default function ProfilesPage() {
       render: (p) => (
         <div className="flex flex-wrap gap-1">
           {(p.allowed_ekus || []).map((eku, i) => (
-            <span key={i} className="text-xs text-slate-400">{eku}</span>
+            <span key={i} className="text-xs text-ink-muted">{eku}</span>
           ))}
         </div>
       ),
@@ -86,8 +86,8 @@ export default function ProfilesPage() {
       label: 'SPIFFE',
       render: (p) => (
         p.spiffe_uri_pattern
-          ? <span className="text-xs text-blue-400 font-mono">{p.spiffe_uri_pattern}</span>
-          : <span className="text-slate-500">&mdash;</span>
+          ? <span className="text-xs text-brand-400 font-mono">{p.spiffe_uri_pattern}</span>
+          : <span className="text-ink-faint">&mdash;</span>
       ),
     },
     {
@@ -98,7 +98,7 @@ export default function ProfilesPage() {
     {
       key: 'created',
       label: 'Created',
-      render: (p) => <span className="text-xs text-slate-400">{formatDateTime(p.created_at)}</span>,
+      render: (p) => <span className="text-xs text-ink-muted">{formatDateTime(p.created_at)}</span>,
     },
     {
       key: 'actions',
@@ -106,7 +106,7 @@ export default function ProfilesPage() {
       render: (p) => (
         <button
           onClick={(e) => { e.stopPropagation(); if (confirm(`Delete profile ${p.name}?`)) deleteMutation.mutate(p.id); }}
-          className="text-xs text-red-400 hover:text-red-300 transition-colors"
+          className="text-xs text-red-600 hover:text-red-700 transition-colors"
         >
           Delete
         </button>
diff --git a/web/src/pages/ShortLivedPage.tsx b/web/src/pages/ShortLivedPage.tsx
index 7ed2173..79306c1 100644
--- a/web/src/pages/ShortLivedPage.tsx
+++ b/web/src/pages/ShortLivedPage.tsx
@@ -19,10 +19,10 @@ function formatTTL(seconds: number): string {
 function ttlRemaining(expiresAt: string): { text: string; color: string; seconds: number } {
   const diff = new Date(expiresAt).getTime() - Date.now();
   const secs = Math.floor(diff / 1000);
-  if (secs <= 0) return { text: 'Expired', color: 'text-red-400', seconds: 0 };
-  if (secs < 300) return { text: `${secs}s`, color: 'text-red-400', seconds: secs };
-  if (secs < 1800) return { text: `${Math.round(secs / 60)}m`, color: 'text-amber-400', seconds: secs };
-  return { text: formatTTL(secs), color: 'text-emerald-400', seconds: secs };
+  if (secs <= 0) return { text: 'Expired', color: 'text-red-600', seconds: 0 };
+  if (secs < 300) return { text: `${secs}s`, color: 'text-red-600', seconds: secs };
+  if (secs < 1800) return { text: `${Math.round(secs / 60)}m`, color: 'text-amber-600', seconds: secs };
+  return { text: formatTTL(secs), color: 'text-emerald-600', seconds: secs };
 }
 
 export default function ShortLivedPage() {
@@ -75,8 +75,8 @@ export default function ShortLivedPage() {
       label: 'Certificate',
       render: (c) => (
         <div>
-          <div className="font-medium text-slate-200">{c.common_name}</div>
-          <div className="text-xs text-slate-500 mt-0.5">{c.id}</div>
+          <div className="font-medium text-ink">{c.common_name}</div>
+          <div className="text-xs text-ink-faint mt-0.5">{c.id}</div>
         </div>
       ),
     },
@@ -103,15 +103,15 @@ export default function ShortLivedPage() {
         const profile = profileMap.get(c.certificate_profile_id);
         return (
           <div>
-            <div className="text-sm text-slate-300">{profile?.name || c.certificate_profile_id || '—'}</div>
-            {profile && <div className="text-xs text-slate-500">Max TTL: {formatTTL(profile.max_ttl_seconds)}</div>}
+            <div className="text-sm text-ink">{profile?.name || c.certificate_profile_id || '—'}</div>
+            {profile && <div className="text-xs text-ink-faint">Max TTL: {formatTTL(profile.max_ttl_seconds)}</div>}
           </div>
         );
       },
     },
-    { key: 'env', label: 'Environment', render: (c) => <span className="text-slate-300">{c.environment || '—'}</span> },
-    { key: 'issuer', label: 'Issuer', render: (c) => <span className="text-slate-400 text-xs">{c.issuer_id}</span> },
-    { key: 'expires', label: 'Expires At', render: (c) => <span className="text-xs text-slate-400">{formatDateTime(c.expires_at)}</span> },
+    { key: 'env', label: 'Environment', render: (c) => <span className="text-ink">{c.environment || '—'}</span> },
+    { key: 'issuer', label: 'Issuer', render: (c) => <span className="text-ink-muted text-xs">{c.issuer_id}</span> },
+    { key: 'expires', label: 'Expires At', render: (c) => <span className="text-xs text-ink-muted">{formatDateTime(c.expires_at)}</span> },
   ];
 
   return (
@@ -121,21 +121,21 @@ export default function ShortLivedPage() {
         subtitle={`${shortLivedCerts.length} active ephemeral certificates`}
       />
       {/* Stats bar */}
-      <div className="px-6 py-3 flex gap-6 border-b border-slate-700/50">
+      <div className="px-6 py-3 flex gap-6 border-b border-surface-border/50">
         <div className="flex items-center gap-2">
-          <div className="w-2 h-2 rounded-full bg-emerald-400" />
-          <span className="text-xs text-slate-400">Active:</span>
-          <span className="text-xs font-medium text-emerald-400">{active}</span>
+          <div className="w-2 h-2 rounded-full bg-emerald-500" />
+          <span className="text-xs text-ink-muted">Active:</span>
+          <span className="text-xs font-medium text-emerald-600">{active}</span>
         </div>
         <div className="flex items-center gap-2">
-          <div className="w-2 h-2 rounded-full bg-red-400" />
-          <span className="text-xs text-slate-400">Expired:</span>
-          <span className="text-xs font-medium text-red-400">{expired}</span>
+          <div className="w-2 h-2 rounded-full bg-red-500" />
+          <span className="text-xs text-ink-muted">Expired:</span>
+          <span className="text-xs font-medium text-red-600">{expired}</span>
         </div>
         <div className="flex items-center gap-2">
-          <div className="w-2 h-2 rounded-full bg-blue-400" />
-          <span className="text-xs text-slate-400">Profiles:</span>
-          <span className="text-xs font-medium text-blue-400">{profiles.size}</span>
+          <div className="w-2 h-2 rounded-full bg-brand-400" />
+          <span className="text-xs text-ink-muted">Profiles:</span>
+          <span className="text-xs font-medium text-brand-400">{profiles.size}</span>
         </div>
       </div>
       <div className="flex-1 overflow-y-auto">
diff --git a/web/src/pages/TargetsPage.tsx b/web/src/pages/TargetsPage.tsx
index b4c84a2..8538a32 100644
--- a/web/src/pages/TargetsPage.tsx
+++ b/web/src/pages/TargetsPage.tsx
@@ -81,8 +81,8 @@ function CreateTargetWizard({ onClose, onSuccess }: { onClose: () => void; onSuc
   const canProceedToReview = name && targetType && fields.filter(f => f.required).every(f => config[f.key]);
 
   return (
-    <div className="fixed inset-0 bg-black/60 flex items-center justify-center z-50" onClick={onClose}>
-      <div className="bg-slate-800 border border-slate-600 rounded-xl p-6 w-full max-w-lg shadow-2xl" onClick={e => e.stopPropagation()}>
+    <div className="fixed inset-0 bg-black/40 flex items-center justify-center z-50" onClick={onClose}>
+      <div className="bg-surface border border-surface-border rounded p-5 w-full max-w-lg shadow-xl" onClick={e => e.stopPropagation()}>
         {/* Step indicators */}
         <div className="flex items-center gap-3 mb-6">
           {['Select Type', 'Configure', 'Review'].map((label, i) => {
@@ -93,36 +93,36 @@ function CreateTargetWizard({ onClose, onSuccess }: { onClose: () => void; onSuc
             return (
               <div key={label} className="flex items-center gap-2">
                 <div className={`w-6 h-6 rounded-full flex items-center justify-center text-xs font-medium ${
-                  isDone ? 'bg-emerald-500 text-white' : isActive ? 'bg-blue-500 text-white' : 'bg-slate-700 text-slate-400'
+                  isDone ? 'bg-emerald-600 text-white' : isActive ? 'bg-brand-400 text-white' : 'bg-surface-border text-ink-muted'
                 }`}>
                   {isDone ? '✓' : i + 1}
                 </div>
-                <span className={`text-xs ${isActive ? 'text-slate-200' : 'text-slate-500'}`}>{label}</span>
-                {i < 2 && <div className="w-8 h-px bg-slate-700" />}
+                <span className={`text-xs ${isActive ? 'text-ink' : 'text-ink-faint'}`}>{label}</span>
+                {i < 2 && <div className="w-8 h-px bg-surface-border" />}
               </div>
             );
           })}
         </div>
 
-        {error && <div className="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg px-3 py-2 text-sm mb-4">{error}</div>}
+        {error && <div className="bg-red-50 border border-red-200 text-red-700 rounded px-3 py-2 text-sm mb-4">{error}</div>}
 
         {/* Step 1: Select Type */}
         {step === 'type' && (
           <div>
-            <h2 className="text-lg font-semibold text-slate-200 mb-4">Select Target Type</h2>
+            <h2 className="text-lg font-semibold text-ink mb-4">Select Target Type</h2>
             <div className="space-y-2">
               {TARGET_TYPES.map(t => (
                 <button
                   key={t.value}
                   onClick={() => { setTargetType(t.value); setConfig({}); }}
-                  className={`w-full text-left px-4 py-3 rounded-lg border transition-colors ${
+                  className={`w-full text-left px-4 py-3 rounded border transition-colors ${
                     targetType === t.value
-                      ? 'border-blue-500 bg-blue-500/10'
-                      : 'border-slate-600 hover:border-slate-500 bg-slate-900'
+                      ? 'border-brand-400 bg-brand-50'
+                      : 'border-surface-border hover:border-surface-border bg-white'
                   }`}
                 >
-                  <div className="text-sm font-medium text-slate-200">{t.label}</div>
-                  <div className="text-xs text-slate-400 mt-0.5">{t.description}</div>
+                  <div className="text-sm font-medium text-ink">{t.label}</div>
+                  <div className="text-xs text-ink-muted mt-0.5">{t.description}</div>
                 </button>
               ))}
             </div>
@@ -137,35 +137,35 @@ function CreateTargetWizard({ onClose, onSuccess }: { onClose: () => void; onSuc
         {/* Step 2: Configure */}
         {step === 'config' && (
           <div>
-            <h2 className="text-lg font-semibold text-slate-200 mb-4">
+            <h2 className="text-lg font-semibold text-ink mb-4">
               Configure {typeLabels[targetType] || targetType} Target
             </h2>
             <div className="space-y-3">
               <div>
-                <label className="text-xs text-slate-400 block mb-1">Target Name *</label>
+                <label className="text-xs text-ink-muted block mb-1">Target Name *</label>
                 <input value={name} onChange={e => setName(e.target.value)}
-                  className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 focus:outline-none focus:border-blue-500"
+                  className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400"
                   placeholder="web-server-1" />
               </div>
               <div className="grid grid-cols-2 gap-3">
                 <div>
-                  <label className="text-xs text-slate-400 block mb-1">Hostname</label>
+                  <label className="text-xs text-ink-muted block mb-1">Hostname</label>
                   <input value={hostname} onChange={e => setHostname(e.target.value)}
-                    className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 focus:outline-none focus:border-blue-500"
+                    className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400"
                     placeholder="web1.example.com" />
                 </div>
                 <div>
-                  <label className="text-xs text-slate-400 block mb-1">Agent ID</label>
+                  <label className="text-xs text-ink-muted block mb-1">Agent ID</label>
                   <input value={agentId} onChange={e => setAgentId(e.target.value)}
-                    className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 focus:outline-none focus:border-blue-500"
+                    className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400"
                     placeholder="agent-web1" />
                 </div>
               </div>
               {fields.map(f => (
                 <div key={f.key}>
-                  <label className="text-xs text-slate-400 block mb-1">{f.label} {f.required ? '*' : ''}</label>
+                  <label className="text-xs text-ink-muted block mb-1">{f.label} {f.required ? '*' : ''}</label>
                   <input value={config[f.key] || ''} onChange={e => setConfig(c => ({ ...c, [f.key]: e.target.value }))}
-                    className="w-full bg-slate-900 border border-slate-600 rounded-lg px-3 py-2 text-sm text-slate-200 focus:outline-none focus:border-blue-500"
+                    className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400"
                     placeholder={f.placeholder} />
                 </div>
               ))}
@@ -184,32 +184,32 @@ function CreateTargetWizard({ onClose, onSuccess }: { onClose: () => void; onSuc
         {/* Step 3: Review */}
         {step === 'review' && (
           <div>
-            <h2 className="text-lg font-semibold text-slate-200 mb-4">Review Target</h2>
-            <div className="bg-slate-900 rounded-lg p-4 space-y-2 text-sm">
+            <h2 className="text-lg font-semibold text-ink mb-4">Review Target</h2>
+            <div className="bg-page rounded p-4 space-y-2 text-sm">
               <div className="flex justify-between">
-                <span className="text-slate-400">Name</span>
-                <span className="text-slate-200">{name}</span>
+                <span className="text-ink-muted">Name</span>
+                <span className="text-ink">{name}</span>
               </div>
               <div className="flex justify-between">
-                <span className="text-slate-400">Type</span>
-                <span className="text-slate-200">{typeLabels[targetType] || targetType}</span>
+                <span className="text-ink-muted">Type</span>
+                <span className="text-ink">{typeLabels[targetType] || targetType}</span>
               </div>
               {hostname && (
                 <div className="flex justify-between">
-                  <span className="text-slate-400">Hostname</span>
-                  <span className="text-slate-200 font-mono text-xs">{hostname}</span>
+                  <span className="text-ink-muted">Hostname</span>
+                  <span className="text-ink font-mono text-xs">{hostname}</span>
                 </div>
               )}
               {agentId && (
                 <div className="flex justify-between">
-                  <span className="text-slate-400">Agent</span>
-                  <span className="text-slate-200 font-mono text-xs">{agentId}</span>
+                  <span className="text-ink-muted">Agent</span>
+                  <span className="text-ink font-mono text-xs">{agentId}</span>
                 </div>
               )}
               {Object.entries(config).filter(([, v]) => v).map(([k, v]) => (
                 <div key={k} className="flex justify-between">
-                  <span className="text-slate-400">{k.replace(/_/g, ' ')}</span>
-                  <span className="text-slate-200 font-mono text-xs truncate max-w-xs">{v}</span>
+                  <span className="text-ink-muted">{k.replace(/_/g, ' ')}</span>
+                  <span className="text-ink font-mono text-xs truncate max-w-xs">{v}</span>
                 </div>
               ))}
             </div>
@@ -250,8 +250,8 @@ export default function TargetsPage() {
       label: 'Target',
       render: (t) => (
         <div>
-          <div className="font-medium text-slate-200">{t.name}</div>
-          <div className="text-xs text-slate-500 font-mono">{t.id}</div>
+          <div className="font-medium text-ink">{t.name}</div>
+          <div className="text-xs text-ink-faint font-mono">{t.id}</div>
         </div>
       ),
     },
@@ -265,12 +265,12 @@ export default function TargetsPage() {
     {
       key: 'hostname',
       label: 'Hostname',
-      render: (t) => <span className="text-slate-300 font-mono text-xs">{t.hostname || '\u2014'}</span>,
+      render: (t) => <span className="text-ink font-mono text-xs">{t.hostname || '\u2014'}</span>,
     },
     {
       key: 'agent',
       label: 'Agent',
-      render: (t) => <span className="text-xs text-slate-400 font-mono">{t.agent_id || '\u2014'}</span>,
+      render: (t) => <span className="text-xs text-ink-muted font-mono">{t.agent_id || '\u2014'}</span>,
     },
     {
       key: 'status',
@@ -280,7 +280,7 @@ export default function TargetsPage() {
     {
       key: 'created',
       label: 'Created',
-      render: (t) => <span className="text-xs text-slate-400">{formatDateTime(t.created_at)}</span>,
+      render: (t) => <span className="text-xs text-ink-muted">{formatDateTime(t.created_at)}</span>,
     },
     {
       key: 'actions',
@@ -288,7 +288,7 @@ export default function TargetsPage() {
       render: (t) => (
         <button
           onClick={(e) => { e.stopPropagation(); if (confirm(`Delete target ${t.name}?`)) deleteMutation.mutate(t.id); }}
-          className="text-xs text-red-400 hover:text-red-300 transition-colors"
+          className="text-xs text-red-600 hover:text-red-700 transition-colors"
         >
           Delete
         </button>
diff --git a/web/src/pages/TeamsPage.tsx b/web/src/pages/TeamsPage.tsx
index 5ad4747..97ca414 100644
--- a/web/src/pages/TeamsPage.tsx
+++ b/web/src/pages/TeamsPage.tsx
@@ -27,8 +27,8 @@ export default function TeamsPage() {
       label: 'Team',
       render: (t) => (
         <div>
-          <div className="font-medium text-slate-200">{t.name}</div>
-          <div className="text-xs text-slate-500 font-mono">{t.id}</div>
+          <div className="font-medium text-ink">{t.name}</div>
+          <div className="text-xs text-ink-faint font-mono">{t.id}</div>
         </div>
       ),
     },
@@ -36,13 +36,13 @@ export default function TeamsPage() {
       key: 'description',
       label: 'Description',
       render: (t) => (
-        <span className="text-slate-300 text-sm max-w-sm truncate block">{t.description || '\u2014'}</span>
+        <span className="text-ink text-sm max-w-sm truncate block">{t.description || '\u2014'}</span>
       ),
     },
     {
       key: 'created',
       label: 'Created',
-      render: (t) => <span className="text-xs text-slate-400">{formatDateTime(t.created_at)}</span>,
+      render: (t) => <span className="text-xs text-ink-muted">{formatDateTime(t.created_at)}</span>,
     },
     {
       key: 'actions',
@@ -50,7 +50,7 @@ export default function TeamsPage() {
       render: (t) => (
         <button
           onClick={(e) => { e.stopPropagation(); if (confirm(`Delete team ${t.name}?`)) deleteMutation.mutate(t.id); }}
-          className="text-xs text-red-400 hover:text-red-300 transition-colors"
+          className="text-xs text-red-600 hover:text-red-700 transition-colors"
         >
           Delete
         </button>
diff --git a/web/tailwind.config.cjs b/web/tailwind.config.cjs
index 7e045bd..cc2d9f1 100644
--- a/web/tailwind.config.cjs
+++ b/web/tailwind.config.cjs
@@ -6,7 +6,59 @@ module.exports = {
   ],
   darkMode: 'class',
   theme: {
-    extend: {},
+    extend: {
+      colors: {
+        // === certctl brand palette (from logo) ===
+        brand: {
+          50:  '#eefbf6',
+          100: '#d5f5e9',
+          200: '#afe9d5',
+          300: '#7ad8bc',
+          400: '#2ea88f', // Primary teal — logo "ctl"
+          500: '#1f9680',
+          600: '#147868',
+          700: '#106055',
+          800: '#0f4d44',
+          900: '#0d3f39',
+        },
+        accent: {
+          blue:   '#3b7dd8', // Logo blue arrows
+          orange: '#e8873a', // Logo orange arrows
+          green:  '#4ebe6e', // Logo green highlights
+        },
+        // Light content area
+        page:    '#f0f4f8',  // Light blue-gray page background
+        surface: {
+          DEFAULT: '#ffffff', // Cards — white
+          hover:   '#f8fafc', // Hover on cards
+          border:  '#e2e8f0', // Card/table borders
+          muted:   '#f1f5f9', // Zebra stripes, subtle fills
+        },
+        // Dark sidebar
+        sidebar: {
+          DEFAULT: '#0c2e25', // Deep teal-black
+          hover:   '#134438',
+          active:  '#185c4a',
+          border:  '#1a5c48',
+          text:    '#94d2be', // Muted teal for inactive nav
+        },
+        // Text on light backgrounds
+        ink: {
+          DEFAULT: '#1e293b', // Primary text
+          muted:   '#64748b', // Secondary text
+          faint:   '#94a3b8', // Tertiary/placeholder
+        },
+      },
+      fontFamily: {
+        mono: ['JetBrains Mono', 'ui-monospace', 'SFMono-Regular', 'Menlo', 'Monaco', 'Consolas', 'monospace'],
+      },
+      borderRadius: {
+        DEFAULT: '0.375rem',
+        sm: '0.25rem',
+        md: '0.5rem',
+        lg: '0.75rem',
+      },
+    },
   },
   plugins: [],
 }