From e2da9bfaec16c4c1dbe1115ef15dd7d0debad4c8 Mon Sep 17 00:00:00 2001
From: Mathias Myrland <jedimemo@gmail.com>
Date: Sat, 25 Apr 2026 16:34:53 +0200
Subject: [PATCH 1/3] Improve API explorer UI and add Playwright e2e

---
 .github/workflows/ci.yml                      |   50 +
 Cargo.lock                                    |   36 +
 Cargo.toml                                    |    1 +
 .../src/api_explorer_template.html            | 1169 ++++++++++++++++
 .../rest/ras-rest-macro/src/static_hosting.rs | 1197 +---------------
 .../ras-rest-macro/tests/http_integration.rs  |   26 +
 .../tests/xss_protection_test.rs              |   12 +-
 .../src/api_explorer_template.html            |  439 ++++++
 .../src/jsonrpc_explorer_template.html        | 1212 -----------------
 .../ras-jsonrpc-macro/src/static_hosting.rs   |   27 +-
 .../ras-jsonrpc-macro/tests/explorer_test.rs  |    7 +-
 .../tests/explorer_token_storage_test.rs      |    6 +-
 tests/playwright/README.md                    |   28 +
 .../fixtures/jsonrpc-fixture/Cargo.toml       |   23 +
 .../fixtures/jsonrpc-fixture/src/main.rs      |  105 ++
 .../fixtures/rest-fixture/Cargo.toml          |   25 +
 .../fixtures/rest-fixture/src/main.rs         |  146 ++
 tests/playwright/package-lock.json            |   78 ++
 tests/playwright/package.json                 |   13 +
 tests/playwright/playwright.config.ts         |   37 +
 .../playwright/tests/jsonrpc-explorer.spec.ts |  113 ++
 tests/playwright/tests/rest-explorer.spec.ts  |  120 ++
 22 files changed, 2486 insertions(+), 2384 deletions(-)
 create mode 100644 crates/rest/ras-rest-macro/src/api_explorer_template.html
 create mode 100644 crates/rpc/ras-jsonrpc-macro/src/api_explorer_template.html
 delete mode 100644 crates/rpc/ras-jsonrpc-macro/src/jsonrpc_explorer_template.html
 create mode 100644 tests/playwright/README.md
 create mode 100644 tests/playwright/fixtures/jsonrpc-fixture/Cargo.toml
 create mode 100644 tests/playwright/fixtures/jsonrpc-fixture/src/main.rs
 create mode 100644 tests/playwright/fixtures/rest-fixture/Cargo.toml
 create mode 100644 tests/playwright/fixtures/rest-fixture/src/main.rs
 create mode 100644 tests/playwright/package-lock.json
 create mode 100644 tests/playwright/package.json
 create mode 100644 tests/playwright/playwright.config.ts
 create mode 100644 tests/playwright/tests/jsonrpc-explorer.spec.ts
 create mode 100644 tests/playwright/tests/rest-explorer.spec.ts

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 10ae2fe..1db7e0a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -48,6 +48,56 @@ jobs:
       - name: Run tests
         run: cargo test --workspace --all-features -- --nocapture --test-threads=4
 
+  playwright:
+    name: Playwright E2E
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache Cargo
+        uses: Swatinem/rust-cache@v2
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+          cache-dependency-path: tests/playwright/package-lock.json
+
+      - name: Install Playwright package
+        working-directory: tests/playwright
+        run: npm ci
+
+      - name: Install Playwright browsers
+        working-directory: tests/playwright
+        run: npx playwright install --with-deps chromium
+
+      - name: Run Playwright tests
+        working-directory: tests/playwright
+        run: npm test
+
+      - name: Upload Playwright report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: tests/playwright/playwright-report
+          if-no-files-found: ignore
+          retention-days: 7
+
+      - name: Upload Playwright test results
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-test-results
+          path: tests/playwright/test-results
+          if-no-files-found: ignore
+          retention-days: 7
+
   coverage:
     name: Coverage report
     runs-on: ubuntu-latest
diff --git a/Cargo.lock b/Cargo.lock
index 03834dc..bd7eaef 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2947,6 +2947,42 @@ version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
 
+[[package]]
+name = "playwright-jsonrpc-fixture"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "axum",
+ "ras-auth-core",
+ "ras-jsonrpc-core",
+ "ras-jsonrpc-macro",
+ "ras-jsonrpc-types",
+ "reqwest",
+ "schemars",
+ "serde",
+ "serde_json",
+ "tokio",
+]
+
+[[package]]
+name = "playwright-rest-fixture"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "async-trait",
+ "axum",
+ "axum-extra",
+ "ras-auth-core",
+ "ras-rest-core",
+ "ras-rest-macro",
+ "reqwest",
+ "schemars",
+ "serde",
+ "serde_json",
+ "tokio",
+ "tracing",
+]
+
 [[package]]
 name = "plotters"
 version = "0.3.7"
diff --git a/Cargo.toml b/Cargo.toml
index a4bf3cd..89b5a72 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -22,6 +22,7 @@ members = [
     "examples/rest-wasm-example/rest-api",
     "examples/rest-wasm-example/rest-backend",
     "examples/wasm-ui-demo",
+    "tests/playwright/fixtures/*",
 ]
 resolver = "3"
 
diff --git a/crates/rest/ras-rest-macro/src/api_explorer_template.html b/crates/rest/ras-rest-macro/src/api_explorer_template.html
new file mode 100644
index 0000000..fdd8730
--- /dev/null
+++ b/crates/rest/ras-rest-macro/src/api_explorer_template.html
@@ -0,0 +1,1169 @@
+<!DOCTYPE html>
+<html lang="en" data-theme="dark">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>API Explorer</title>
+    <style>
+        * { box-sizing: border-box; }
+        :root {
+            color-scheme: dark;
+            --bg: #101114;
+            --panel: #17191f;
+            --panel-2: #20232b;
+            --panel-3: #292d36;
+            --text: #eef1f6;
+            --muted: #a7afbf;
+            --faint: #717b8f;
+            --border: #343946;
+            --accent: #4f8cff;
+            --accent-2: #46c2a8;
+            --warn: #f2b84b;
+            --danger: #ff6b6b;
+            --ok: #59d18c;
+            --shadow: 0 14px 40px rgb(0 0 0 / 0.32);
+        }
+        [data-theme="light"] {
+            color-scheme: light;
+            --bg: #f4f6fa;
+            --panel: #ffffff;
+            --panel-2: #f0f3f8;
+            --panel-3: #e5eaf2;
+            --text: #121722;
+            --muted: #4c586d;
+            --faint: #748096;
+            --border: #d9e0ec;
+            --accent: #1d5fd1;
+            --accent-2: #087f68;
+            --warn: #976508;
+            --danger: #c93333;
+            --ok: #167a42;
+            --shadow: 0 14px 34px rgb(27 39 60 / 0.16);
+        }
+        body {
+            margin: 0;
+            min-height: 100vh;
+            background: var(--bg);
+            color: var(--text);
+            font: 14px/1.45 Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+        }
+        button, input, select, textarea {
+            font: inherit;
+        }
+        button {
+            border: 1px solid var(--border);
+            background: var(--panel-2);
+            color: var(--text);
+            border-radius: 7px;
+            padding: 0.48rem 0.68rem;
+            cursor: pointer;
+        }
+        button:hover { border-color: var(--accent); }
+        button.primary {
+            border-color: var(--accent);
+            background: var(--accent);
+            color: white;
+            font-weight: 650;
+        }
+        button.ghost { background: transparent; }
+        button:disabled {
+            cursor: not-allowed;
+            opacity: 0.62;
+        }
+        input, select, textarea {
+            width: 100%;
+            border: 1px solid var(--border);
+            background: var(--panel-2);
+            color: var(--text);
+            border-radius: 7px;
+            padding: 0.55rem 0.65rem;
+            min-width: 0;
+        }
+        textarea {
+            min-height: 180px;
+            resize: vertical;
+            font-family: "JetBrains Mono", "SFMono-Regular", Consolas, monospace;
+            font-size: 12.5px;
+            line-height: 1.5;
+        }
+        code, pre, .mono {
+            font-family: "JetBrains Mono", "SFMono-Regular", Consolas, monospace;
+        }
+        .app {
+            display: grid;
+            grid-template-columns: minmax(250px, 330px) minmax(420px, 1fr) minmax(320px, 470px);
+            min-height: 100vh;
+        }
+        .sidebar, .workspace, .response {
+            min-width: 0;
+            border-right: 1px solid var(--border);
+            background: var(--panel);
+        }
+        .workspace {
+            background: var(--bg);
+        }
+        .response {
+            border-right: 0;
+        }
+        .topbar {
+            min-height: 68px;
+            padding: 0.85rem 1rem;
+            border-bottom: 1px solid var(--border);
+            display: flex;
+            align-items: center;
+            justify-content: space-between;
+            gap: 0.75rem;
+        }
+        .brand {
+            min-width: 0;
+        }
+        .brand h1 {
+            margin: 0;
+            font-size: 1rem;
+            font-weight: 700;
+            white-space: nowrap;
+            overflow: hidden;
+            text-overflow: ellipsis;
+        }
+        .brand .sub {
+            color: var(--muted);
+            font-size: 0.78rem;
+            margin-top: 0.15rem;
+        }
+        .stack {
+            padding: 1rem;
+            display: grid;
+            gap: 0.75rem;
+        }
+        .field {
+            display: grid;
+            gap: 0.35rem;
+        }
+        .field label, .section-title {
+            color: var(--muted);
+            font-size: 0.74rem;
+            font-weight: 700;
+            text-transform: uppercase;
+            letter-spacing: 0.04em;
+        }
+        .row {
+            display: flex;
+            gap: 0.55rem;
+            align-items: center;
+        }
+        .row > * { min-width: 0; }
+        .row .grow { flex: 1; }
+        .search {
+            padding: 0.9rem 1rem;
+            border-top: 1px solid var(--border);
+            border-bottom: 1px solid var(--border);
+        }
+        .list {
+            padding: 0.65rem;
+            display: grid;
+            gap: 0.45rem;
+            overflow: auto;
+            max-height: calc(100vh - 226px);
+        }
+        .op {
+            text-align: left;
+            width: 100%;
+            background: var(--panel);
+            border-color: var(--border);
+            padding: 0.7rem;
+        }
+        .op.active {
+            border-color: var(--accent);
+            box-shadow: inset 3px 0 0 var(--accent);
+            background: var(--panel-2);
+        }
+        .op-main {
+            display: flex;
+            align-items: center;
+            gap: 0.55rem;
+        }
+        .op-name {
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+            font-weight: 650;
+        }
+        .op-desc {
+            color: var(--muted);
+            font-size: 0.78rem;
+            margin-top: 0.28rem;
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+        }
+        .badge {
+            display: inline-flex;
+            align-items: center;
+            min-height: 22px;
+            border-radius: 6px;
+            padding: 0.1rem 0.38rem;
+            border: 1px solid var(--border);
+            background: var(--panel-2);
+            color: var(--muted);
+            font-size: 0.72rem;
+            font-weight: 800;
+            white-space: nowrap;
+        }
+        .get { color: #74b9ff; }
+        .post { color: #59d18c; }
+        .put, .patch { color: #f2b84b; }
+        .delete { color: #ff8585; }
+        .lock { margin-left: auto; color: var(--warn); }
+        .open { margin-left: auto; color: var(--ok); }
+        .main-scroll, .response-scroll {
+            height: calc(100vh - 68px);
+            overflow: auto;
+            padding: 1rem;
+        }
+        .panel {
+            background: var(--panel);
+            border: 1px solid var(--border);
+            border-radius: 8px;
+            box-shadow: var(--shadow);
+            margin-bottom: 1rem;
+        }
+        .panel-head {
+            padding: 0.9rem 1rem;
+            border-bottom: 1px solid var(--border);
+            display: flex;
+            align-items: center;
+            justify-content: space-between;
+            gap: 0.75rem;
+        }
+        .panel-body {
+            padding: 1rem;
+            display: grid;
+            gap: 0.9rem;
+        }
+        .titleline {
+            min-width: 0;
+        }
+        .titleline h2 {
+            margin: 0;
+            font-size: 1.03rem;
+            overflow-wrap: anywhere;
+        }
+        .titleline p {
+            margin: 0.25rem 0 0;
+            color: var(--muted);
+        }
+        .grid2 {
+            display: grid;
+            grid-template-columns: repeat(2, minmax(0, 1fr));
+            gap: 0.75rem;
+        }
+        .params {
+            display: grid;
+            gap: 0.55rem;
+        }
+        .param-row {
+            display: grid;
+            grid-template-columns: minmax(110px, 0.85fr) minmax(160px, 1.4fr) minmax(76px, 0.5fr);
+            gap: 0.55rem;
+            align-items: center;
+        }
+        .param-row .name {
+            overflow-wrap: anywhere;
+        }
+        .hint {
+            color: var(--muted);
+            font-size: 0.82rem;
+        }
+        .tabs {
+            display: flex;
+            gap: 0.45rem;
+            flex-wrap: wrap;
+        }
+        .tab.active {
+            border-color: var(--accent);
+            color: white;
+            background: var(--accent);
+        }
+        pre {
+            margin: 0;
+            min-height: 220px;
+            white-space: pre-wrap;
+            overflow: auto;
+            background: var(--panel-2);
+            border: 1px solid var(--border);
+            border-radius: 8px;
+            padding: 0.85rem;
+            font-size: 12.5px;
+        }
+        .status {
+            display: inline-flex;
+            align-items: center;
+            border-radius: 6px;
+            padding: 0.16rem 0.45rem;
+            font-weight: 800;
+            font-size: 0.75rem;
+            border: 1px solid var(--border);
+        }
+        .status.ok { color: var(--ok); }
+        .status.warn { color: var(--warn); }
+        .status.err { color: var(--danger); }
+        .history-item, .saved-item {
+            display: grid;
+            gap: 0.18rem;
+            padding: 0.55rem;
+            border: 1px solid var(--border);
+            border-radius: 7px;
+            background: var(--panel-2);
+        }
+        .history-item button, .saved-item button {
+            justify-self: start;
+            margin-top: 0.25rem;
+        }
+        .toast {
+            position: fixed;
+            right: 1rem;
+            bottom: 1rem;
+            max-width: min(420px, calc(100vw - 2rem));
+            background: var(--panel);
+            border: 1px solid var(--border);
+            border-radius: 8px;
+            padding: 0.75rem 0.9rem;
+            box-shadow: var(--shadow);
+            opacity: 0;
+            transform: translateY(12px);
+            transition: opacity 0.18s, transform 0.18s;
+            pointer-events: none;
+        }
+        .toast.show {
+            opacity: 1;
+            transform: translateY(0);
+        }
+        .empty {
+            color: var(--muted);
+            border: 1px dashed var(--border);
+            border-radius: 8px;
+            padding: 1rem;
+            text-align: center;
+        }
+        @media (max-width: 1180px) {
+            .app {
+                grid-template-columns: minmax(240px, 310px) minmax(0, 1fr);
+            }
+            .response {
+                grid-column: 1 / -1;
+                border-top: 1px solid var(--border);
+            }
+            .response-scroll { height: auto; max-height: 60vh; }
+        }
+        @media (max-width: 760px) {
+            .app {
+                display: block;
+            }
+            .list { max-height: 42vh; }
+            .main-scroll, .response-scroll { height: auto; }
+            .grid2, .param-row { grid-template-columns: 1fr; }
+            .topbar { align-items: flex-start; }
+        }
+    </style>
+</head>
+<body>
+    <div class="app">
+        <aside class="sidebar">
+            <div class="topbar">
+                <div class="brand">
+                    <h1 id="service-name">API Explorer</h1>
+                    <div class="sub" id="service-subtitle">Loading specification</div>
+                </div>
+                <button id="theme-toggle" class="ghost" title="Toggle theme">Theme</button>
+            </div>
+            <div class="stack">
+                <div class="field">
+                    <label for="environment-select">Environment</label>
+                    <div class="row">
+                        <select id="environment-select" class="grow"></select>
+                        <button id="add-environment" title="Add environment">Add</button>
+                    </div>
+                </div>
+                <div class="field">
+                    <label for="base-url">Base URL</label>
+                    <input id="base-url" type="text" spellcheck="false">
+                </div>
+                <div class="field">
+                    <label for="jwt-token">Bearer token</label>
+                    <input id="jwt-token" type="password" autocomplete="off" placeholder="Token for this session">
+                </div>
+                <div class="row">
+                    <button id="save-token" class="primary">Apply token</button>
+                    <button id="clear-token">Clear</button>
+                    <span id="auth-state" class="badge">No token</span>
+                </div>
+            </div>
+            <div class="search">
+                <input id="operation-search" type="search" placeholder="Search operations">
+            </div>
+            <div id="operation-list" class="list"></div>
+        </aside>
+
+        <main class="workspace">
+            <div class="topbar">
+                <div class="titleline">
+                    <h2 id="operation-title">Select an operation</h2>
+                    <p id="operation-description">Choose an operation to prepare a request.</p>
+                </div>
+                <div class="row">
+                    <button id="save-request">Save</button>
+                    <button id="send-request" class="primary" disabled>Send</button>
+                </div>
+            </div>
+            <div class="main-scroll">
+                <section class="panel">
+                    <div class="panel-head">
+                        <strong>Request</strong>
+                        <span id="request-url" class="hint mono"></span>
+                    </div>
+                    <div id="request-form" class="panel-body">
+                        <div class="empty">No operation selected.</div>
+                    </div>
+                </section>
+                <section class="panel">
+                    <div class="panel-head">
+                        <strong>Saved requests</strong>
+                        <button id="clear-saved">Clear saved</button>
+                    </div>
+                    <div id="saved-list" class="panel-body"></div>
+                </section>
+            </div>
+        </main>
+
+        <aside class="response">
+            <div class="topbar">
+                <div class="brand">
+                    <h1>Response</h1>
+                    <div id="response-meta" class="sub">No request sent</div>
+                </div>
+                <button id="copy-response">Copy</button>
+            </div>
+            <div class="response-scroll">
+                <section class="panel">
+                    <div class="panel-head">
+                        <div class="tabs">
+                            <button class="tab active" data-response-tab="body">Body</button>
+                            <button class="tab" data-response-tab="headers">Headers</button>
+                            <button class="tab" data-response-tab="request">Request</button>
+                        </div>
+                        <span id="response-status" class="status">Idle</span>
+                    </div>
+                    <div class="panel-body">
+                        <pre id="response-output"></pre>
+                    </div>
+                </section>
+                <section class="panel">
+                    <div class="panel-head">
+                        <strong>History</strong>
+                        <button id="clear-history">Clear history</button>
+                    </div>
+                    <div id="history-list" class="panel-body"></div>
+                </section>
+            </div>
+        </aside>
+    </div>
+    <div id="toast" class="toast"></div>
+
+    <script>
+        const CONFIG = {
+            serviceName: {SERVICE_NAME_JSON},
+            protocol: {PROTOCOL_JSON},
+            specPath: {SPEC_PATH_JSON},
+            apiBasePath: {API_BASE_PATH_JSON}
+        };
+
+        const METHODS = ["get", "post", "put", "patch", "delete", "head", "options"];
+        const state = {
+            spec: null,
+            operations: [],
+            selectedId: null,
+            token: "",
+            environments: [],
+            activeEnvironment: 0,
+            saved: {},
+            history: [],
+            lastResponse: { body: "", headers: "", request: "" },
+            responseTab: "body"
+        };
+        const storagePrefix = `ras-explorer:${CONFIG.protocol}:${CONFIG.serviceName}:${location.pathname}`;
+
+        const $ = (id) => document.getElementById(id);
+
+        function storageGet(key, fallback) {
+            try {
+                const value = sessionStorage.getItem(`${storagePrefix}:${key}`);
+                return value ? JSON.parse(value) : fallback;
+            } catch (_) {
+                return fallback;
+            }
+        }
+
+        function storageSet(key, value) {
+            sessionStorage.setItem(`${storagePrefix}:${key}`, JSON.stringify(value));
+        }
+
+        function showToast(message) {
+            const toast = $("toast");
+            toast.textContent = message;
+            toast.classList.add("show");
+            setTimeout(() => toast.classList.remove("show"), 2200);
+        }
+
+        function setTheme(theme) {
+            const next = theme === "light" ? "light" : "dark";
+            document.documentElement.setAttribute("data-theme", next);
+            localStorage.setItem("ras-explorer-theme", next);
+        }
+
+        function initializeTheme() {
+            setTheme(localStorage.getItem("ras-explorer-theme") || "dark");
+        }
+
+        function resolveRef(schema) {
+            if (!schema || !schema.$ref) return schema || null;
+            const prefix = "#/components/schemas/";
+            if (schema.$ref.startsWith(prefix)) {
+                return state.spec?.components?.schemas?.[schema.$ref.slice(prefix.length)] || schema;
+            }
+            return schema;
+        }
+
+        function schemaType(schema) {
+            const resolved = resolveRef(schema);
+            if (!resolved) return "any";
+            if (resolved.$ref) return resolved.$ref.split("/").pop();
+            if (Array.isArray(resolved.type)) return resolved.type.filter((t) => t !== "null").join(" | ") || "null";
+            if (resolved.type) return resolved.nullable ? `${resolved.type}?` : resolved.type;
+            if (resolved.enum) return "enum";
+            if (resolved.oneOf) return "oneOf";
+            if (resolved.anyOf) return "anyOf";
+            return "object";
+        }
+
+        function exampleFromSchema(schema, seen = new Set()) {
+            const resolved = resolveRef(schema);
+            if (!resolved) return {};
+            if (resolved.$ref) {
+                if (seen.has(resolved.$ref)) return {};
+                seen.add(resolved.$ref);
+                return exampleFromSchema(resolveRef(resolved), seen);
+            }
+            if (resolved.example !== undefined) return resolved.example;
+            if (Array.isArray(resolved.examples) && resolved.examples.length) return resolved.examples[0];
+            if (resolved.default !== undefined) return resolved.default;
+            if (Array.isArray(resolved.enum) && resolved.enum.length) return resolved.enum[0];
+            const variants = resolved.oneOf || resolved.anyOf;
+            if (Array.isArray(variants) && variants.length) {
+                return exampleFromSchema(variants.find((item) => item.type !== "null") || variants[0], seen);
+            }
+            const type = Array.isArray(resolved.type) ? resolved.type.find((item) => item !== "null") : resolved.type;
+            if (type === "string") return "example";
+            if (type === "integer" || type === "number") return 0;
+            if (type === "boolean") return false;
+            if (type === "array") return [exampleFromSchema(resolved.items, seen)];
+            if (type === "object" || resolved.properties) {
+                const output = {};
+                Object.entries(resolved.properties || {}).forEach(([key, prop]) => {
+                    output[key] = exampleFromSchema(prop, seen);
+                });
+                return output;
+            }
+            return {};
+        }
+
+        function jsonPretty(value) {
+            if (typeof value === "string") return value;
+            return JSON.stringify(value, null, 2);
+        }
+
+        function normalizePermissions(value) {
+            if (!Array.isArray(value)) return [];
+            if (value.every((item) => typeof item === "string")) return value;
+            return value.map((item) => Array.isArray(item) ? item.join(" + ") : String(item));
+        }
+
+        function normalizeOpenApi(spec) {
+            const operations = [];
+            Object.entries(spec.paths || {}).forEach(([path, pathItem]) => {
+                Object.entries(pathItem || {}).forEach(([method, operation]) => {
+                    if (!METHODS.includes(method)) return;
+                    const upper = method.toUpperCase();
+                    const params = operation.parameters || [];
+                    const requestSchema = operation.requestBody?.content?.["application/json"]?.schema || null;
+                    const response = Object.entries(operation.responses || {}).find(([code]) => code.startsWith("2"));
+                    const responseSchema = response?.[1]?.content?.["application/json"]?.schema || null;
+                    operations.push({
+                        id: `${upper} ${path}`,
+                        protocol: "rest",
+                        label: path,
+                        method: upper,
+                        path,
+                        summary: operation.summary || `${upper} ${path}`,
+                        description: operation.description || operation.summary || "",
+                        authRequired: Boolean(operation.security && operation.security.length),
+                        permissions: normalizePermissions(operation["x-permissions"]),
+                        pathParams: params.filter((param) => param.in === "path"),
+                        queryParams: params.filter((param) => param.in === "query"),
+                        requestSchema,
+                        responseSchema
+                    });
+                });
+            });
+            return operations;
+        }
+
+        function normalizeOpenRpc(spec) {
+            return (spec.methods || []).map((method) => {
+                const auth = method["x-authentication"];
+                const param = Array.isArray(method.params) ? method.params[0] : null;
+                return {
+                    id: method.name,
+                    protocol: "jsonrpc",
+                    label: method.name,
+                    method: "RPC",
+                    path: CONFIG.apiBasePath,
+                    summary: method.summary || method.name,
+                    description: method.description || method.summary || "",
+                    authRequired: Boolean(auth && auth.required !== false),
+                    permissions: normalizePermissions(method["x-permissions"]),
+                    paramsSchema: param?.schema || null,
+                    responseSchema: method.result?.schema || null
+                };
+            });
+        }
+
+        function activeOperation() {
+            return state.operations.find((operation) => operation.id === state.selectedId) || null;
+        }
+
+        function activeBaseUrl() {
+            return state.environments[state.activeEnvironment]?.baseUrl || CONFIG.apiBasePath || "";
+        }
+
+        function toAbsoluteUrl(path) {
+            if (/^https?:\/\//i.test(path)) return path;
+            const prefix = path.startsWith("/") ? path : `/${path}`;
+            return `${window.location.origin}${prefix}`;
+        }
+
+        function currentRequestSnapshot() {
+            const operation = activeOperation();
+            if (!operation) return null;
+            if (operation.protocol === "rest") {
+                const pathValues = {};
+                document.querySelectorAll("[data-path-param]").forEach((input) => pathValues[input.dataset.pathParam] = input.value);
+                const queryValues = {};
+                document.querySelectorAll("[data-query-param]").forEach((input) => queryValues[input.dataset.queryParam] = input.value);
+                return {
+                    operationId: operation.id,
+                    pathValues,
+                    queryValues,
+                    body: $("body-editor")?.value || ""
+                };
+            }
+            return {
+                operationId: operation.id,
+                requestId: $("rpc-request-id")?.value || "",
+                params: $("params-editor")?.value || ""
+            };
+        }
+
+        function applySnapshot(snapshot) {
+            if (!snapshot) return;
+            selectOperation(snapshot.operationId, false);
+            if (snapshot.pathValues) {
+                Object.entries(snapshot.pathValues).forEach(([key, value]) => {
+                    const input = document.querySelector(`[data-path-param="${CSS.escape(key)}"]`);
+                    if (input) input.value = value;
+                });
+            }
+            if (snapshot.queryValues) {
+                Object.entries(snapshot.queryValues).forEach(([key, value]) => {
+                    const input = document.querySelector(`[data-query-param="${CSS.escape(key)}"]`);
+                    if (input) input.value = value;
+                });
+            }
+            if ($("body-editor") && snapshot.body !== undefined) $("body-editor").value = snapshot.body;
+            if ($("params-editor") && snapshot.params !== undefined) $("params-editor").value = snapshot.params;
+            if ($("rpc-request-id") && snapshot.requestId !== undefined) $("rpc-request-id").value = snapshot.requestId;
+            updateRequestUrl();
+        }
+
+        function renderOperations() {
+            const query = $("operation-search").value.trim().toLowerCase();
+            const list = $("operation-list");
+            list.textContent = "";
+            state.operations
+                .filter((operation) => `${operation.method} ${operation.label} ${operation.summary}`.toLowerCase().includes(query))
+                .forEach((operation) => {
+                    const button = document.createElement("button");
+                    button.className = `op ${operation.id === state.selectedId ? "active" : ""}`;
+                    button.type = "button";
+                    button.addEventListener("click", () => selectOperation(operation.id));
+
+                    const main = document.createElement("div");
+                    main.className = "op-main";
+                    const method = document.createElement("span");
+                    method.className = `badge ${operation.method.toLowerCase()}`;
+                    method.textContent = operation.method;
+                    const name = document.createElement("span");
+                    name.className = "op-name mono";
+                    name.textContent = operation.label;
+                    const auth = document.createElement("span");
+                    auth.className = operation.authRequired ? "badge lock" : "badge open";
+                    auth.textContent = operation.authRequired ? "Auth" : "Open";
+                    main.append(method, name, auth);
+
+                    const desc = document.createElement("div");
+                    desc.className = "op-desc";
+                    desc.textContent = operation.summary || operation.description || "";
+                    button.append(main, desc);
+                    list.appendChild(button);
+                });
+            if (!list.children.length) {
+                const empty = document.createElement("div");
+                empty.className = "empty";
+                empty.textContent = "No matching operations.";
+                list.appendChild(empty);
+            }
+        }
+
+        function renderEnvironments() {
+            const select = $("environment-select");
+            select.textContent = "";
+            state.environments.forEach((env, index) => {
+                const option = document.createElement("option");
+                option.value = String(index);
+                option.textContent = env.name;
+                select.appendChild(option);
+            });
+            select.value = String(state.activeEnvironment);
+            $("base-url").value = activeBaseUrl();
+        }
+
+        function renderSaved() {
+            const container = $("saved-list");
+            container.textContent = "";
+            const operation = activeOperation();
+            const items = operation ? (state.saved[operation.id] || []) : [];
+            if (!items.length) {
+                const empty = document.createElement("div");
+                empty.className = "empty";
+                empty.textContent = operation ? "No saved requests for this operation." : "Select an operation.";
+                container.appendChild(empty);
+                return;
+            }
+            items.forEach((item, index) => {
+                const row = document.createElement("div");
+                row.className = "saved-item";
+                const name = document.createElement("strong");
+                name.textContent = item.name;
+                const time = document.createElement("span");
+                time.className = "hint";
+                time.textContent = new Date(item.createdAt).toLocaleString();
+                const load = document.createElement("button");
+                load.textContent = "Load";
+                load.addEventListener("click", () => applySnapshot(item.snapshot));
+                const remove = document.createElement("button");
+                remove.textContent = "Remove";
+                remove.addEventListener("click", () => {
+                    state.saved[operation.id].splice(index, 1);
+                    storageSet("saved", state.saved);
+                    renderSaved();
+                });
+                const actions = document.createElement("div");
+                actions.className = "row";
+                actions.append(load, remove);
+                row.append(name, time, actions);
+                container.appendChild(row);
+            });
+        }
+
+        function renderHistory() {
+            const container = $("history-list");
+            container.textContent = "";
+            if (!state.history.length) {
+                const empty = document.createElement("div");
+                empty.className = "empty";
+                empty.textContent = "Requests you send in this session appear here.";
+                container.appendChild(empty);
+                return;
+            }
+            state.history.forEach((item) => {
+                const row = document.createElement("div");
+                row.className = "history-item";
+                const title = document.createElement("strong");
+                title.textContent = item.title;
+                const meta = document.createElement("span");
+                meta.className = "hint";
+                meta.textContent = `${item.status} - ${item.duration}ms - ${new Date(item.createdAt).toLocaleTimeString()}`;
+                const load = document.createElement("button");
+                load.textContent = "Load request";
+                load.addEventListener("click", () => applySnapshot(item.snapshot));
+                row.append(title, meta, load);
+                container.appendChild(row);
+            });
+        }
+
+        function renderRestForm(operation) {
+            const fragment = document.createDocumentFragment();
+            const allParams = [
+                ["Path parameters", operation.pathParams, "path"],
+                ["Query parameters", operation.queryParams, "query"]
+            ];
+            allParams.forEach(([title, params, kind]) => {
+                if (!params.length) return;
+                const group = document.createElement("div");
+                group.className = "field";
+                const label = document.createElement("div");
+                label.className = "section-title";
+                label.textContent = title;
+                const rows = document.createElement("div");
+                rows.className = "params";
+                params.forEach((param) => {
+                    const row = document.createElement("div");
+                    row.className = "param-row";
+                    const name = document.createElement("div");
+                    name.className = "name mono";
+                    name.textContent = `${param.name}${param.required ? " *" : ""}`;
+                    const input = document.createElement("input");
+                    input.placeholder = param.description || param.name;
+                    input.dataset[kind === "path" ? "pathParam" : "queryParam"] = param.name;
+                    input.addEventListener("input", updateRequestUrl);
+                    const type = document.createElement("span");
+                    type.className = "badge";
+                    type.textContent = schemaType(param.schema);
+                    row.append(name, input, type);
+                    rows.appendChild(row);
+                });
+                group.append(label, rows);
+                fragment.appendChild(group);
+            });
+            if (operation.requestSchema) {
+                fragment.appendChild(editorBlock("JSON body", "body-editor", jsonPretty(exampleFromSchema(operation.requestSchema))));
+            }
+            return fragment;
+        }
+
+        function renderRpcForm(operation) {
+            const fragment = document.createDocumentFragment();
+            const grid = document.createElement("div");
+            grid.className = "grid2";
+            const idField = document.createElement("div");
+            idField.className = "field";
+            const idLabel = document.createElement("label");
+            idLabel.textContent = "Request ID";
+            idLabel.htmlFor = "rpc-request-id";
+            const idRow = document.createElement("div");
+            idRow.className = "row";
+            const idInput = document.createElement("input");
+            idInput.id = "rpc-request-id";
+            idInput.className = "grow";
+            idInput.value = requestId();
+            const regen = document.createElement("button");
+            regen.textContent = "Regenerate";
+            regen.addEventListener("click", () => idInput.value = requestId());
+            idRow.append(idInput, regen);
+            idField.append(idLabel, idRow);
+            const methodField = document.createElement("div");
+            methodField.className = "field";
+            const methodLabel = document.createElement("label");
+            methodLabel.textContent = "JSON-RPC method";
+            const methodValue = document.createElement("input");
+            methodValue.value = operation.label;
+            methodValue.readOnly = true;
+            methodField.append(methodLabel, methodValue);
+            grid.append(idField, methodField);
+            fragment.appendChild(grid);
+            if (operation.paramsSchema) {
+                fragment.appendChild(editorBlock("Params", "params-editor", jsonPretty(exampleFromSchema(operation.paramsSchema))));
+            } else {
+                const empty = document.createElement("div");
+                empty.className = "empty";
+                empty.textContent = "This method has no params.";
+                fragment.appendChild(empty);
+            }
+            return fragment;
+        }
+
+        function editorBlock(labelText, id, value) {
+            const field = document.createElement("div");
+            field.className = "field";
+            const label = document.createElement("label");
+            label.textContent = labelText;
+            label.htmlFor = id;
+            const editor = document.createElement("textarea");
+            editor.id = id;
+            editor.spellcheck = false;
+            editor.value = value;
+            field.append(label, editor);
+            return field;
+        }
+
+        function renderRequestForm() {
+            const operation = activeOperation();
+            const form = $("request-form");
+            form.textContent = "";
+            $("send-request").disabled = !operation;
+            if (!operation) {
+                const empty = document.createElement("div");
+                empty.className = "empty";
+                empty.textContent = "No operation selected.";
+                form.appendChild(empty);
+                return;
+            }
+            const auth = document.createElement("div");
+            auth.className = "row";
+            const authBadge = document.createElement("span");
+            authBadge.className = operation.authRequired ? "badge lock" : "badge open";
+            authBadge.textContent = operation.authRequired ? "Authentication required" : "No authentication required";
+            auth.appendChild(authBadge);
+            operation.permissions.forEach((permission) => {
+                const badge = document.createElement("span");
+                badge.className = "badge";
+                badge.textContent = permission;
+                auth.appendChild(badge);
+            });
+            form.appendChild(auth);
+            form.appendChild(operation.protocol === "rest" ? renderRestForm(operation) : renderRpcForm(operation));
+            updateRequestUrl();
+        }
+
+        function selectOperation(id, rerenderList = true) {
+            state.selectedId = id;
+            const operation = activeOperation();
+            $("operation-title").textContent = operation ? `${operation.method} ${operation.label}` : "Select an operation";
+            $("operation-description").textContent = operation?.description || operation?.summary || "Prepare and send a request.";
+            renderRequestForm();
+            renderSaved();
+            if (rerenderList) renderOperations();
+        }
+
+        function requestId() {
+            return `req_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+        }
+
+        function updateRequestUrl() {
+            const operation = activeOperation();
+            if (!operation) {
+                $("request-url").textContent = "";
+                return;
+            }
+            $("request-url").textContent = buildRequestPreview(operation);
+        }
+
+        function buildRequestPreview(operation) {
+            if (operation.protocol === "jsonrpc") return toAbsoluteUrl(activeBaseUrl());
+            let path = operation.path;
+            document.querySelectorAll("[data-path-param]").forEach((input) => {
+                path = path.replace(`{${input.dataset.pathParam}}`, encodeURIComponent(input.value || `{${input.dataset.pathParam}}`));
+            });
+            const query = new URLSearchParams();
+            document.querySelectorAll("[data-query-param]").forEach((input) => {
+                if (input.value) query.append(input.dataset.queryParam, input.value);
+            });
+            const base = activeBaseUrl().replace(/\/$/, "");
+            return toAbsoluteUrl(`${base}${path}${query.toString() ? `?${query}` : ""}`);
+        }
+
+        function buildRequest(operation) {
+            const headers = { "Content-Type": "application/json" };
+            if (state.token) headers.Authorization = `Bearer ${state.token}`;
+            if (operation.protocol === "rest") {
+                const options = { method: operation.method, headers };
+                const body = $("body-editor")?.value.trim();
+                if (body) options.body = JSON.stringify(JSON.parse(body));
+                return { url: buildRequestPreview(operation), options, requestBody: body || "" };
+            }
+            const payload = {
+                jsonrpc: "2.0",
+                method: operation.label,
+                id: $("rpc-request-id")?.value || requestId()
+            };
+            const params = $("params-editor")?.value.trim();
+            if (params) payload.params = JSON.parse(params);
+            return {
+                url: toAbsoluteUrl(activeBaseUrl()),
+                options: { method: "POST", headers, body: JSON.stringify(payload) },
+                requestBody: JSON.stringify(payload, null, 2)
+            };
+        }
+
+        async function sendCurrentRequest() {
+            const operation = activeOperation();
+            if (!operation) return;
+            const button = $("send-request");
+            button.disabled = true;
+            button.textContent = "Sending";
+            const started = performance.now();
+            try {
+                const request = buildRequest(operation);
+                const response = await fetch(request.url, request.options);
+                const duration = Math.round(performance.now() - started);
+                const text = await response.text();
+                let body = text;
+                try { body = JSON.parse(text); } catch (_) {}
+                const headers = Object.fromEntries(response.headers.entries());
+                const isRpcError = operation.protocol === "jsonrpc" && body && body.error;
+                const statusText = `${response.status} ${response.statusText || ""}`.trim();
+                state.lastResponse = {
+                    body: jsonPretty(body),
+                    headers: jsonPretty(headers),
+                    request: jsonPretty({
+                        url: request.url,
+                        method: request.options.method,
+                        headers: request.options.headers,
+                        body: request.requestBody ? JSON.parse(request.requestBody) : undefined
+                    })
+                };
+                $("response-status").className = `status ${response.ok && !isRpcError ? "ok" : response.status < 500 ? "warn" : "err"}`;
+                $("response-status").textContent = isRpcError ? "RPC error" : statusText;
+                $("response-meta").textContent = `${operation.method} ${operation.label} - ${duration}ms`;
+                state.history.unshift({
+                    title: `${operation.method} ${operation.label}`,
+                    status: isRpcError ? "RPC error" : statusText,
+                    duration,
+                    createdAt: Date.now(),
+                    snapshot: currentRequestSnapshot()
+                });
+                state.history = state.history.slice(0, 30);
+                storageSet("history", state.history);
+                renderHistory();
+                renderResponseOutput();
+            } catch (error) {
+                $("response-status").className = "status err";
+                $("response-status").textContent = "Failed";
+                state.lastResponse = { body: error.message, headers: "", request: "" };
+                renderResponseOutput();
+                showToast(error.message);
+            } finally {
+                button.disabled = false;
+                button.textContent = "Send";
+            }
+        }
+
+        function renderResponseOutput() {
+            $("response-output").textContent = state.lastResponse[state.responseTab] || "";
+        }
+
+        function saveCurrentRequest() {
+            const operation = activeOperation();
+            const snapshot = currentRequestSnapshot();
+            if (!operation || !snapshot) return;
+            const name = prompt("Saved request name", operation.label);
+            if (!name) return;
+            state.saved[operation.id] = state.saved[operation.id] || [];
+            state.saved[operation.id].unshift({ name, snapshot, createdAt: Date.now() });
+            storageSet("saved", state.saved);
+            renderSaved();
+        }
+
+        async function loadSpec() {
+            $("service-name").textContent = `${CONFIG.serviceName} Explorer`;
+            $("service-subtitle").textContent = CONFIG.protocol === "rest" ? "REST OpenAPI" : "JSON-RPC OpenRPC";
+            const response = await fetch(CONFIG.specPath, { headers: { Accept: "application/json" } });
+            if (!response.ok) throw new Error(`Failed to load API specification: ${response.status}`);
+            state.spec = await response.json();
+            state.operations = CONFIG.protocol === "rest" ? normalizeOpenApi(state.spec) : normalizeOpenRpc(state.spec);
+            renderOperations();
+            if (state.operations.length) selectOperation(state.operations[0].id);
+        }
+
+        function bindEvents() {
+            $("theme-toggle").addEventListener("click", () => {
+                const current = document.documentElement.getAttribute("data-theme");
+                setTheme(current === "dark" ? "light" : "dark");
+            });
+            $("operation-search").addEventListener("input", renderOperations);
+            $("environment-select").addEventListener("change", (event) => {
+                state.activeEnvironment = Number(event.target.value);
+                storageSet("activeEnvironment", state.activeEnvironment);
+                renderEnvironments();
+                updateRequestUrl();
+            });
+            $("base-url").addEventListener("input", (event) => {
+                state.environments[state.activeEnvironment].baseUrl = event.target.value;
+                storageSet("environments", state.environments);
+                updateRequestUrl();
+            });
+            $("add-environment").addEventListener("click", () => {
+                const name = prompt("Environment name", `Env ${state.environments.length + 1}`);
+                if (!name) return;
+                state.environments.push({ name, baseUrl: activeBaseUrl() });
+                state.activeEnvironment = state.environments.length - 1;
+                storageSet("environments", state.environments);
+                storageSet("activeEnvironment", state.activeEnvironment);
+                renderEnvironments();
+            });
+            $("save-token").addEventListener("click", () => {
+                state.token = $("jwt-token").value.trim();
+                storageSet("bearer-token", state.token);
+                $("auth-state").textContent = state.token ? "Token set" : "No token";
+                showToast(state.token ? "Token applied for this session" : "Token cleared");
+            });
+            $("clear-token").addEventListener("click", () => {
+                state.token = "";
+                $("jwt-token").value = "";
+                sessionStorage.removeItem(`${storagePrefix}:bearer-token`);
+                $("auth-state").textContent = "No token";
+            });
+            $("send-request").addEventListener("click", sendCurrentRequest);
+            $("save-request").addEventListener("click", saveCurrentRequest);
+            $("clear-saved").addEventListener("click", () => {
+                const operation = activeOperation();
+                if (operation) {
+                    state.saved[operation.id] = [];
+                    storageSet("saved", state.saved);
+                    renderSaved();
+                }
+            });
+            $("clear-history").addEventListener("click", () => {
+                state.history = [];
+                storageSet("history", state.history);
+                renderHistory();
+            });
+            $("copy-response").addEventListener("click", async () => {
+                await navigator.clipboard.writeText($("response-output").textContent);
+                showToast("Copied response");
+            });
+            document.querySelectorAll("[data-response-tab]").forEach((tab) => {
+                tab.addEventListener("click", () => {
+                    state.responseTab = tab.dataset.responseTab;
+                    document.querySelectorAll("[data-response-tab]").forEach((item) => item.classList.toggle("active", item === tab));
+                    renderResponseOutput();
+                });
+            });
+        }
+
+        document.addEventListener("DOMContentLoaded", async () => {
+            initializeTheme();
+            state.environments = storageGet("environments", [{ name: "Default", baseUrl: CONFIG.apiBasePath || "/" }]);
+            state.activeEnvironment = storageGet("activeEnvironment", 0);
+            state.saved = storageGet("saved", {});
+            state.history = storageGet("history", []);
+            state.token = storageGet("bearer-token", "");
+            $("jwt-token").value = state.token;
+            $("auth-state").textContent = state.token ? "Token set" : "No token";
+            bindEvents();
+            renderEnvironments();
+            renderHistory();
+            renderSaved();
+            try {
+                await loadSpec();
+            } catch (error) {
+                $("operation-list").innerHTML = "";
+                const empty = document.createElement("div");
+                empty.className = "empty";
+                empty.textContent = error.message;
+                $("operation-list").appendChild(empty);
+                showToast(error.message);
+            }
+        });
+    </script>
+</body>
+</html>
diff --git a/crates/rest/ras-rest-macro/src/static_hosting.rs b/crates/rest/ras-rest-macro/src/static_hosting.rs
index 5d3306f..239cc0d 100644
--- a/crates/rest/ras-rest-macro/src/static_hosting.rs
+++ b/crates/rest/ras-rest-macro/src/static_hosting.rs
@@ -1,20 +1,17 @@
-//! Static file hosting module for REST services
-//!
-//! This module provides functionality to serve static files, particularly for API documentation
-//! and OpenAPI spec hosting.
+//! Static API explorer hosting for REST services
 
 use crate::ServiceDefinition;
 use proc_macro2::TokenStream;
 use quote::quote;
 
-/// Configuration for static file hosting
+/// Configuration for static file hosting.
 #[derive(Debug, Clone)]
 pub struct StaticHostingConfig {
-    /// Whether to enable static hosting
+    /// Whether to enable static hosting.
     pub serve_docs: bool,
-    /// URL path for documentation (default "/docs")
+    /// URL path for documentation (default "/docs").
     pub docs_path: String,
-    /// UI theme selection (default "default")
+    /// UI theme selection retained for macro compatibility.
     pub ui_theme: String,
 }
 
@@ -28,7 +25,7 @@ impl Default for StaticHostingConfig {
     }
 }
 
-/// Generates static file serving routes code
+/// Generates static API explorer handler code.
 pub fn generate_static_hosting_code(
     service_def: &ServiceDefinition,
     static_config: &StaticHostingConfig,
@@ -37,1167 +34,49 @@ pub fn generate_static_hosting_code(
         return quote! {};
     }
 
+    const TEMPLATE_CONTENT: &str = include_str!("api_explorer_template.html");
+
     let service_name = &service_def.service_name;
-    let base_path = &service_def.base_path;
-    let docs_path = &static_config.docs_path;
-    let ui_theme = &static_config.ui_theme;
+    let base_path = service_def.base_path.trim_end_matches('/').to_string();
+    let docs_path = ensure_leading_slash(&static_config.docs_path);
+    let openapi_route = format!("{}/openapi.json", docs_path.trim_end_matches('/'));
+    let spec_path = join_paths(&base_path, &openapi_route);
+    let api_base_path = if base_path.is_empty() {
+        "/".to_string()
+    } else {
+        base_path
+    };
 
     let openapi_fn_name = quote::format_ident!(
         "generate_{}_openapi",
         service_name.to_string().to_lowercase()
     );
-
     let docs_handler_name =
         quote::format_ident!("{}_docs_handler", service_name.to_string().to_lowercase());
+    let template_lit = syn::LitStr::new(TEMPLATE_CONTENT, proc_macro2::Span::call_site());
 
     quote! {
         #[cfg(feature = "server")]
-        // Handler for serving the documentation index
         async fn #docs_handler_name() -> ::axum::response::Html<String> {
-            let openapi_spec = #openapi_fn_name();
-            let spec_json = ::serde_json::to_string_pretty(&openapi_spec)
-                .unwrap_or_else(|_| "{}".to_string());
-
-            let html_content = generate_docs_html(&spec_json, #ui_theme, #base_path, #docs_path);
-            ::axum::response::Html(html_content)
-        }
-
-        #[cfg(feature = "server")]
-        // Generate HTML content for the API explorer page
-        fn generate_docs_html(openapi_spec: &str, theme: &str, base_path: &str, docs_path: &str) -> String {
-            format!(
-                r#"<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>{} - REST API Explorer</title>
-    <link rel="preconnect" href="https://fonts.googleapis.com">
-    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
-    <style>
-        /* Reset and base styles */
-        * {{
-            margin: 0;
-            padding: 0;
-            box-sizing: border-box;
-        }}
-
-        :root {{
-            --primary-color: #2563eb;
-            --primary-hover: #1d4ed8;
-            --secondary-color: #64748b;
-            --success-color: #10b981;
-            --warning-color: #f59e0b;
-            --error-color: #ef4444;
-            --bg-primary: #ffffff;
-            --bg-secondary: #f8fafc;
-            --bg-tertiary: #f1f5f9;
-            --text-primary: #0f172a;
-            --text-secondary: #64748b;
-            --text-muted: #94a3b8;
-            --border-color: #e2e8f0;
-            --shadow-sm: 0 1px 2px 0 rgb(0 0 0 / 0.05);
-            --shadow-md: 0 4px 6px -1px rgb(0 0 0 / 0.1), 0 2px 4px -2px rgb(0 0 0 / 0.1);
-            --shadow-lg: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
-            --radius-sm: 0.375rem;
-            --radius-md: 0.5rem;
-            --radius-lg: 0.75rem;
-        }}
-
-        [data-theme="dark"] {{
-            --bg-primary: #0f172a;
-            --bg-secondary: #1e293b;
-            --bg-tertiary: #334155;
-            --text-primary: #f8fafc;
-            --text-secondary: #cbd5e1;
-            --text-muted: #64748b;
-            --border-color: #334155;
-        }}
-
-        body {{
-            font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
-            font-size: 14px;
-            line-height: 1.5;
-            color: var(--text-primary);
-            background-color: var(--bg-secondary);
-            min-height: 100vh;
-        }}
-
-        /* Layout */
-        .app-container {{
-            display: flex;
-            min-height: 100vh;
-        }}
-
-        .sidebar {{
-            width: 320px;
-            background: var(--bg-primary);
-            border-right: 1px solid var(--border-color);
-            overflow-y: auto;
-            flex-shrink: 0;
-        }}
-
-        .main-content {{
-            flex: 1;
-            overflow: hidden;
-            display: flex;
-            flex-direction: column;
-        }}
-
-        /* Header */
-        .header {{
-            background: var(--bg-primary);
-            border-bottom: 1px solid var(--border-color);
-            padding: 1rem 1.5rem;
-            display: flex;
-            align-items: center;
-            justify-content: space-between;
-            flex-shrink: 0;
-        }}
-
-        .header h1 {{
-            font-size: 1.25rem;
-            font-weight: 600;
-            color: var(--text-primary);
-        }}
-
-        .header-actions {{
-            display: flex;
-            align-items: center;
-            gap: 0.75rem;
-        }}
-
-        /* Auth section */
-        .auth-section {{
-            padding: 1rem;
-            border-bottom: 1px solid var(--border-color);
-        }}
-
-        .auth-title {{
-            font-size: 0.875rem;
-            font-weight: 600;
-            color: var(--text-primary);
-            margin-bottom: 0.75rem;
-            display: flex;
-            align-items: center;
-            gap: 0.5rem;
-        }}
-
-        .auth-status {{
-            width: 8px;
-            height: 8px;
-            border-radius: 50%;
-            background: var(--error-color);
-        }}
-
-        .auth-status.authenticated {{
-            background: var(--success-color);
-        }}
-
-        .input-group {{
-            margin-bottom: 0.75rem;
-        }}
-
-        .input-label {{
-            font-size: 0.75rem;
-            font-weight: 500;
-            color: var(--text-secondary);
-            margin-bottom: 0.25rem;
-            display: block;
-        }}
-
-        .input-field {{
-            width: 100%;
-            padding: 0.5rem 0.75rem;
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            background: var(--bg-primary);
-            color: var(--text-primary);
-            font-size: 0.875rem;
-            transition: border-color 0.2s;
-        }}
-
-        .input-field:focus {{
-            outline: none;
-            border-color: var(--primary-color);
-            box-shadow: 0 0 0 3px rgb(37 99 235 / 0.1);
-        }}
-
-        .btn {{
-            padding: 0.5rem 1rem;
-            border: none;
-            border-radius: var(--radius-md);
-            font-size: 0.875rem;
-            font-weight: 500;
-            cursor: pointer;
-            transition: all 0.2s;
-            display: inline-flex;
-            align-items: center;
-            gap: 0.5rem;
-        }}
-
-        .btn-primary {{
-            background: var(--primary-color);
-            color: white;
-        }}
-
-        .btn-primary:hover {{
-            background: var(--primary-hover);
-        }}
-
-        .btn-secondary {{
-            background: var(--bg-tertiary);
-            color: var(--text-primary);
-            border: 1px solid var(--border-color);
-        }}
-
-        .btn-secondary:hover {{
-            background: var(--border-color);
-        }}
-
-        .btn-sm {{
-            padding: 0.375rem 0.75rem;
-            font-size: 0.75rem;
-        }}
-
-        /* Endpoints list */
-        .endpoints-section {{
-            flex: 1;
-            overflow-y: auto;
-        }}
-
-        .search-container {{
-            padding: 1rem;
-            border-bottom: 1px solid var(--border-color);
-        }}
-
-        .search-input {{
-            width: 100%;
-            padding: 0.5rem 0.75rem;
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            background: var(--bg-primary);
-            color: var(--text-primary);
-            font-size: 0.875rem;
-        }}
-
-        .search-input::placeholder {{
-            color: var(--text-muted);
-        }}
-
-        .endpoints-list {{
-            padding: 0.5rem;
-        }}
-
-        .endpoint-item {{
-            padding: 0.75rem;
-            margin-bottom: 0.5rem;
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            cursor: pointer;
-            transition: all 0.2s;
-            background: var(--bg-primary);
-        }}
-
-        .endpoint-item:hover {{
-            border-color: var(--primary-color);
-            box-shadow: var(--shadow-sm);
-        }}
-
-        .endpoint-item.active {{
-            border-color: var(--primary-color);
-            background: rgb(37 99 235 / 0.05);
-        }}
-
-        .endpoint-header {{
-            display: flex;
-            align-items: center;
-            gap: 0.75rem;
-            margin-bottom: 0.25rem;
-        }}
-
-        .method-badge {{
-            padding: 0.25rem 0.5rem;
-            border-radius: var(--radius-sm);
-            font-size: 0.75rem;
-            font-weight: 600;
-            text-transform: uppercase;
-            min-width: 60px;
-            text-align: center;
-        }}
-
-        .method-get {{ background: #dbeafe; color: #1e40af; }}
-        .method-post {{ background: #dcfce7; color: #166534; }}
-        .method-put {{ background: #fef3c7; color: #92400e; }}
-        .method-patch {{ background: #ede9fe; color: #6b21a8; }}
-        .method-delete {{ background: #fee2e2; color: #991b1b; }}
-
-        .endpoint-path {{
-            font-family: 'JetBrains Mono', 'Consolas', monospace;
-            font-size: 0.875rem;
-            color: var(--text-primary);
-            font-weight: 500;
-        }}
-
-        .endpoint-description {{
-            font-size: 0.75rem;
-            color: var(--text-secondary);
-            margin-top: 0.25rem;
-        }}
-
-        .auth-indicator {{
-            font-size: 0.6875rem;
-            padding: 0.125rem 0.375rem;
-            border-radius: var(--radius-sm);
-            background: var(--bg-tertiary);
-            color: var(--text-muted);
-            margin-left: auto;
-        }}
-
-        .auth-indicator.protected {{
-            background: #fef3c7;
-            color: #92400e;
-        }}
-
-        /* Request panel */
-        .request-panel {{
-            flex: 1;
-            background: var(--bg-primary);
-            overflow-y: auto;
-            display: flex;
-            flex-direction: column;
-        }}
-
-        .request-header {{
-            padding: 1.5rem;
-            border-bottom: 1px solid var(--border-color);
-        }}
-
-        .request-title {{
-            display: flex;
-            align-items: center;
-            gap: 0.75rem;
-            margin-bottom: 0.5rem;
-        }}
-
-        .request-title h2 {{
-            font-size: 1.125rem;
-            font-weight: 600;
-            color: var(--text-primary);
-        }}
-
-        .request-description {{
-            color: var(--text-secondary);
-            font-size: 0.875rem;
-        }}
-
-        .request-form {{
-            padding: 1.5rem;
-            flex: 1;
-        }}
-
-        .form-section {{
-            margin-bottom: 2rem;
-        }}
-
-        .form-section h3 {{
-            font-size: 0.875rem;
-            font-weight: 600;
-            color: var(--text-primary);
-            margin-bottom: 1rem;
-        }}
-
-        .param-row {{
-            display: grid;
-            grid-template-columns: 120px 1fr 100px;
-            gap: 0.75rem;
-            align-items: start;
-            margin-bottom: 0.75rem;
-        }}
-
-        .param-label {{
-            font-size: 0.75rem;
-            font-weight: 500;
-            color: var(--text-secondary);
-            padding-top: 0.5rem;
-        }}
-
-        .code-editor {{
-            width: 100%;
-            min-height: 120px;
-            padding: 0.75rem;
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            background: var(--bg-secondary);
-            color: var(--text-primary);
-            font-family: 'JetBrains Mono', 'Consolas', monospace;
-            font-size: 0.875rem;
-            resize: vertical;
-        }}
-
-        .send-button {{
-            background: var(--success-color);
-            color: white;
-            padding: 0.75rem 1.5rem;
-            font-weight: 600;
-        }}
-
-        .send-button:hover {{
-            background: #059669;
-        }}
-
-        .send-button:disabled {{
-            background: var(--text-muted);
-            cursor: not-allowed;
-        }}
-
-        /* Response panel */
-        .response-panel {{
-            background: var(--bg-primary);
-            border-top: 1px solid var(--border-color);
-            max-height: 50vh;
-            overflow-y: auto;
-        }}
-
-        .response-header {{
-            padding: 1rem 1.5rem;
-            border-bottom: 1px solid var(--border-color);
-            display: flex;
-            align-items: center;
-            justify-content: space-between;
-        }}
-
-        .response-title {{
-            font-size: 0.875rem;
-            font-weight: 600;
-            color: var(--text-primary);
-        }}
-
-        .response-status {{
-            padding: 0.25rem 0.75rem;
-            border-radius: var(--radius-sm);
-            font-size: 0.75rem;
-            font-weight: 600;
-        }}
-
-        .status-2xx {{ background: #dcfce7; color: #166534; }}
-        .status-4xx {{ background: #fef3c7; color: #92400e; }}
-        .status-5xx {{ background: #fee2e2; color: #991b1b; }}
-
-        .response-content {{
-            padding: 1.5rem;
-        }}
-
-        .response-tabs {{
-            display: flex;
-            gap: 0.5rem;
-            margin-bottom: 1rem;
-        }}
-
-        .response-tab {{
-            padding: 0.5rem 0.75rem;
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-sm);
-            background: var(--bg-secondary);
-            color: var(--text-secondary);
-            font-size: 0.75rem;
-            cursor: pointer;
-            transition: all 0.2s;
-        }}
-
-        .response-tab.active {{
-            background: var(--primary-color);
-            color: white;
-            border-color: var(--primary-color);
-        }}
-
-        .response-body {{
-            background: var(--bg-secondary);
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            padding: 1rem;
-            font-family: 'JetBrains Mono', 'Consolas', monospace;
-            font-size: 0.875rem;
-            white-space: pre-wrap;
-            overflow-x: auto;
-        }}
-
-        /* Dark mode toggle */
-        .theme-toggle {{
-            background: var(--bg-secondary);
-            border: 1px solid var(--border-color);
-            color: var(--text-primary);
-            width: 2.5rem;
-            height: 2.5rem;
-            border-radius: var(--radius-md);
-            display: flex;
-            align-items: center;
-            justify-content: center;
-            cursor: pointer;
-        }}
-
-        /* Responsive design */
-        @media (max-width: 768px) {{
-            .app-container {{
-                flex-direction: column;
-            }}
-
-            .sidebar {{
-                width: 100%;
-                height: auto;
-                border-right: none;
-                border-bottom: 1px solid var(--border-color);
-            }}
-
-            .param-row {{
-                grid-template-columns: 1fr;
-                gap: 0.5rem;
-            }}
-
-            .param-label {{
-                padding-top: 0;
-            }}
-        }}
-
-        /* Loading states */
-        .loading {{
-            opacity: 0.6;
-            pointer-events: none;
-        }}
-
-        .spinner {{
-            width: 1rem;
-            height: 1rem;
-            border: 2px solid var(--border-color);
-            border-top: 2px solid var(--primary-color);
-            border-radius: 50%;
-            animation: spin 1s linear infinite;
-        }}
-
-        @keyframes spin {{
-            0% {{ transform: rotate(0deg); }}
-            100% {{ transform: rotate(360deg); }}
-        }}
-
-        /* Error states */
-        .error-message {{
-            background: #fee2e2;
-            color: #991b1b;
-            padding: 0.75rem;
-            border-radius: var(--radius-md);
-            font-size: 0.875rem;
-            margin-bottom: 1rem;
-        }}
-
-        /* Copy button */
-        .copy-btn {{
-            position: absolute;
-            top: 0.5rem;
-            right: 0.5rem;
-            background: var(--bg-primary);
-            border: 1px solid var(--border-color);
-            color: var(--text-secondary);
-            padding: 0.25rem 0.5rem;
-            border-radius: var(--radius-sm);
-            font-size: 0.75rem;
-            cursor: pointer;
-        }}
-
-        .response-wrapper {{
-            position: relative;
-        }}
-    </style>
-</head>
-<body>
-    <div class="app-container">
-        <!-- Sidebar -->
-        <div class="sidebar">
-            <!-- Authentication Section -->
-            <div class="auth-section">
-                <div class="auth-title">
-                    <span class="auth-status" id="auth-status"></span>
-                    Authentication
-                </div>
-                <div class="input-group">
-                    <label class="input-label" for="jwt-token">JWT Token</label>
-                    <input type="password" id="jwt-token" class="input-field" placeholder="Enter your JWT token...">
-                </div>
-                <label style="display: flex; align-items: center; gap: 0.5rem; font-size: 0.75rem; color: var(--text-secondary); margin-bottom: 0.75rem;">
-                    <input type="checkbox" id="remember-token">
-                    Remember for this tab
-                </label>
-                <div style="display: flex; gap: 0.5rem;">
-                    <button id="save-token" class="btn btn-primary btn-sm">Save Token</button>
-                    <button id="clear-token" class="btn btn-secondary btn-sm">Clear</button>
-                </div>
-            </div>
-
-            <!-- Search -->
-            <div class="search-container">
-                <input type="text" id="endpoint-search" class="search-input" placeholder="Search endpoints...">
-            </div>
-
-            <!-- Endpoints List -->
-            <div class="endpoints-section">
-                <div class="endpoints-list" id="endpoints-list">
-                    <!-- Endpoints will be populated by JavaScript -->
-                </div>
-            </div>
-        </div>
-
-        <!-- Main Content -->
-        <div class="main-content">
-            <!-- Header -->
-            <div class="header">
-                <h1>{} API Explorer</h1>
-                <div class="header-actions">
-                    <button class="theme-toggle" id="theme-toggle" title="Toggle dark mode">
-                        🌙
-                    </button>
-                </div>
-            </div>
+            const TEMPLATE: &str = #template_lit;
 
-            <!-- Request Panel -->
-            <div class="request-panel" id="request-panel">
-                <div class="request-header">
-                    <div class="request-title">
-                        <span class="method-badge" id="current-method">GET</span>
-                        <h2 id="current-endpoint">Select an endpoint</h2>
-                    </div>
-                    <div class="request-description" id="current-description">
-                        Choose an endpoint from the sidebar to get started
-                    </div>
-                </div>
+            let html = TEMPLATE
+                .replace("{SERVICE_NAME_JSON}", &::serde_json::to_string(stringify!(#service_name)).unwrap_or_else(|_| "\"API\"".to_string()))
+                .replace("{PROTOCOL_JSON}", &::serde_json::to_string("rest").unwrap_or_else(|_| "\"rest\"".to_string()))
+                .replace("{SPEC_PATH_JSON}", &::serde_json::to_string(#spec_path).unwrap_or_else(|_| "\"/openapi.json\"".to_string()))
+                .replace("{API_BASE_PATH_JSON}", &::serde_json::to_string(#api_base_path).unwrap_or_else(|_| "\"/\"".to_string()));
 
-                <div class="request-form" id="request-form">
-                    <p class="text-muted">Select an endpoint to see the request form</p>
-                </div>
-            </div>
-
-            <!-- Response Panel -->
-            <div class="response-panel" id="response-panel" style="display: none;">
-                <div class="response-header">
-                    <div class="response-title">Response</div>
-                    <div class="response-status" id="response-status"></div>
-                </div>
-                <div class="response-content">
-                    <div class="response-tabs">
-                        <div class="response-tab active" data-tab="body">Body</div>
-                        <div class="response-tab" data-tab="headers">Headers</div>
-                    </div>
-                    <div class="response-wrapper">
-                        <div class="response-body" id="response-body"></div>
-                        <button class="copy-btn" id="copy-response" title="Copy response">Copy</button>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-
-    <script>
-        // HTML escape function to prevent XSS
-        function escapeHtml(unsafe) {{
-            return unsafe
-                .replace(/&/g, "&amp;")
-                .replace(/</g, "&lt;")
-                .replace(/>/g, "&gt;")
-                .replace(/"/g, "&quot;")
-                .replace(/'/g, "&#039;");
-        }}
-
-        // Global state
-        let apiSpec = null;
-        let currentEndpoint = null;
-        let jwtToken = '';
-
-        // Initialize the application
-        document.addEventListener('DOMContentLoaded', async () => {{
-            await loadApiSpec();
-            initializeAuth();
-            initializeTheme();
-            initializeEventListeners();
-            renderEndpoints();
-        }});
-
-        // Load OpenAPI specification
-        async function loadApiSpec() {{
-            try {{
-                const response = await fetch('{}');
-                apiSpec = await response.json();
-                console.log('API specification loaded:', apiSpec);
-            }} catch (error) {{
-                console.error('Failed to load API specification:', error);
-                showError('Failed to load API specification');
-            }}
-        }}
-
-        // Initialize authentication
-        function initializeAuth() {{
-            const tokenInput = document.getElementById('jwt-token');
-            const authStatus = document.getElementById('auth-status');
-            const rememberToken = document.getElementById('remember-token');
-            const rememberedToken = sessionStorage.getItem('jwt-token') || '';
-
-            if (rememberedToken) {{
-                jwtToken = rememberedToken;
-                tokenInput.value = jwtToken;
-                rememberToken.checked = true;
-                authStatus.classList.add('authenticated');
-            }}
-        }}
-
-        // Initialize theme
-        function initializeTheme() {{
-            const savedTheme = localStorage.getItem('theme') || 'light';
-            if (savedTheme === 'dark') {{
-                document.documentElement.setAttribute('data-theme', 'dark');
-                document.getElementById('theme-toggle').textContent = '☀️';
-            }}
-        }}
-
-        // Initialize event listeners
-        function initializeEventListeners() {{
-            // Authentication
-            document.getElementById('save-token').addEventListener('click', saveToken);
-            document.getElementById('clear-token').addEventListener('click', clearToken);
-
-            // Theme toggle
-            document.getElementById('theme-toggle').addEventListener('click', toggleTheme);
-
-            // Search
-            document.getElementById('endpoint-search').addEventListener('input', filterEndpoints);
-
-            // Response tabs
-            document.querySelectorAll('.response-tab').forEach(tab => {{
-                tab.addEventListener('click', (e) => switchResponseTab(e.target.dataset.tab));
-            }});
-
-            // Copy response
-            document.getElementById('copy-response').addEventListener('click', copyResponse);
-        }}
-
-        // Save JWT token
-        function saveToken() {{
-            const tokenInput = document.getElementById('jwt-token');
-            const authStatus = document.getElementById('auth-status');
-            const rememberToken = document.getElementById('remember-token');
-
-            jwtToken = tokenInput.value.trim();
-            sessionStorage.removeItem('jwt-token');
-            if (jwtToken && rememberToken.checked) {{
-                sessionStorage.setItem('jwt-token', jwtToken);
-            }}
-
-            if (jwtToken) {{
-                authStatus.classList.add('authenticated');
-                showSuccess(rememberToken.checked ? 'Token saved for this tab' : 'Token ready for this page');
-            }} else {{
-                authStatus.classList.remove('authenticated');
-            }}
-        }}
-
-        // Clear JWT token
-        function clearToken() {{
-            jwtToken = '';
-            sessionStorage.removeItem('jwt-token');
-            document.getElementById('jwt-token').value = '';
-            document.getElementById('remember-token').checked = false;
-            document.getElementById('auth-status').classList.remove('authenticated');
-            showSuccess('Token cleared');
-        }}
-
-        // Toggle theme
-        function toggleTheme() {{
-            const currentTheme = document.documentElement.getAttribute('data-theme');
-            const newTheme = currentTheme === 'dark' ? 'light' : 'dark';
-
-            document.documentElement.setAttribute('data-theme', newTheme);
-            localStorage.setItem('theme', newTheme);
-
-            const toggle = document.getElementById('theme-toggle');
-            toggle.textContent = newTheme === 'dark' ? '☀️' : '🌙';
-        }}
-
-        // Render endpoints list
-        function renderEndpoints() {{
-            if (!apiSpec || !apiSpec.paths) return;
-
-            const container = document.getElementById('endpoints-list');
-            container.innerHTML = '';
-
-            Object.entries(apiSpec.paths).forEach(([path, pathItem]) => {{
-                Object.entries(pathItem).forEach(([method, operationItem]) => {{
-                    if (['get', 'post', 'put', 'patch', 'delete'].includes(method)) {{
-                        const endpointEl = createEndpointElement(path, method, operationItem);
-                        container.appendChild(endpointEl);
-                    }}
-                }});
-            }});
-        }}
-
-        // Create endpoint element
-        function createEndpointElement(path, method, operation) {{
-            const div = document.createElement('div');
-            div.className = 'endpoint-item';
-            div.dataset.path = path;
-            div.dataset.method = method;
-
-            const isProtected = operation['x-authentication'] || (operation.security && operation.security.length > 0);
-
-            div.innerHTML = `
-                <div class="endpoint-header">
-                    <span class="method-badge method-${{escapeHtml(method)}}">${{escapeHtml(method.toUpperCase())}}</span>
-                    <span class="endpoint-path">${{escapeHtml(path)}}</span>
-                    <span class="auth-indicator ${{isProtected ? 'protected' : ''}}">
-                        ${{isProtected ? '🔒' : '🌐'}}
-                    </span>
-                </div>
-                ${{operation.summary ? `<div class="endpoint-description">${{escapeHtml(operation.summary)}}</div>` : ''}}
-            `;
-
-            div.addEventListener('click', () => selectEndpoint(path, method, operation));
-
-            return div;
-        }}
-
-        // Select endpoint
-        function selectEndpoint(path, method, operation) {{
-            // Update UI state
-            document.querySelectorAll('.endpoint-item').forEach(el => el.classList.remove('active'));
-            // Use CSS.escape to safely escape selector values
-            const safePathSelector = CSS.escape ? CSS.escape(path) : path.replace(/[\\"]/g, '\\$&');
-            const safeMethodSelector = CSS.escape ? CSS.escape(method) : method.replace(/[\\"]/g, '\\$&');
-            document.querySelector(`[data-path="${{safePathSelector}}"][data-method="${{safeMethodSelector}}"]`).classList.add('active');
-
-            currentEndpoint = {{ path, method, operation }};
-
-            // Update request panel
-            updateRequestPanel(path, method, operation);
-        }}
-
-        // Update request panel
-        function updateRequestPanel(path, method, operation) {{
-            document.getElementById('current-method').textContent = method.toUpperCase();
-            document.getElementById('current-method').className = `method-badge method-${{escapeHtml(method)}}`;
-            document.getElementById('current-endpoint').textContent = path;
-            document.getElementById('current-description').textContent = operation.summary || operation.description || '';
-
-            // Generate request form
-            const formContainer = document.getElementById('request-form');
-            formContainer.innerHTML = generateRequestForm(path, method, operation);
-
-            // Add form event listeners
-            const sendButton = document.getElementById('send-request');
-            if (sendButton) {{
-                sendButton.addEventListener('click', () => sendRequest(path, method, operation));
-            }}
-        }}
-
-        // Generate request form
-        function generateRequestForm(path, method, operation) {{
-            let html = '';
-
-            // Path parameters
-            const pathParams = operation.parameters?.filter(p => p.in === 'path') || [];
-            if (pathParams.length > 0) {{
-                html += `
-                    <div class="form-section">
-                        <h3>Path Parameters</h3>
-                        ${{pathParams.map(param => `
-                            <div class="param-row">
-                                <label class="param-label">${{escapeHtml(param.name)}}</label>
-                                <input type="text" class="input-field" data-param="path" data-name="${{escapeHtml(param.name)}}"
-                                       placeholder="${{escapeHtml(param.description || param.name)}}" ${{param.required ? 'required' : ''}}>
-                                <span class="param-type">${{escapeHtml(param.schema?.type || 'string')}}</span>
-                            </div>
-                        `).join('')}}
-                    </div>
-                `;
-            }}
-
-            // Query parameters
-            const queryParams = operation.parameters?.filter(p => p.in === 'query') || [];
-            if (queryParams.length > 0) {{
-                html += `
-                    <div class="form-section">
-                        <h3>Query Parameters</h3>
-                        ${{queryParams.map(param => `
-                            <div class="param-row">
-                                <label class="param-label">${{escapeHtml(param.name)}}</label>
-                                <input type="text" class="input-field" data-param="query" data-name="${{escapeHtml(param.name)}}"
-                                       placeholder="${{escapeHtml(param.description || param.name)}}" ${{param.required ? 'required' : ''}}>
-                                <span class="param-type">${{escapeHtml(param.schema?.type || 'string')}}</span>
-                            </div>
-                        `).join('')}}
-                    </div>
-                `;
-            }}
-
-            // Request body
-            if (operation.requestBody) {{
-                const content = operation.requestBody.content;
-                const jsonSchema = content['application/json']?.schema;
-
-                html += `
-                    <div class="form-section">
-                        <h3>Request Body</h3>
-                        <textarea class="code-editor" id="request-body" placeholder="Enter JSON request body...">${{
-                            jsonSchema ? JSON.stringify(generateExampleFromSchema(jsonSchema), null, 2) : ''
-                        }}</textarea>
-                    </div>
-                `;
-            }}
-
-            // Send button
-            html += `
-                <div class="form-section">
-                    <button id="send-request" class="btn send-button">
-                        <span>Send Request</span>
-                    </button>
-                </div>
-            `;
-
-            return html;
-        }}
-
-        // Resolve schema reference
-        function resolveSchemaRef(schemaOrRef) {{
-            if (!schemaOrRef) return null;
-
-            // If it's a reference, resolve it
-            if (schemaOrRef['$ref']) {{
-                const refPath = schemaOrRef['$ref'];
-                if (refPath.startsWith('#/components/schemas/')) {{
-                    const schemaName = refPath.replace('#/components/schemas/', '');
-                    return apiSpec?.components?.schemas?.[schemaName] || null;
-                }}
-            }}
-
-            // Otherwise return as-is
-            return schemaOrRef;
-        }}
-
-        // Generate example from schema
-        function generateExampleFromSchema(schemaOrRef) {{
-            const schema = resolveSchemaRef(schemaOrRef);
-            if (!schema) return {{}};
-
-            if (schema.example) return schema.example;
-            if (schema.properties) {{
-                const example = {{}};
-                Object.entries(schema.properties).forEach(([key, prop]) => {{
-                    // Handle type arrays (e.g., ["string", "null"] for Option<String>)
-                    let propType = prop.type;
-                    if (Array.isArray(propType)) {{
-                        // For nullable types, use the non-null type for the example
-                        propType = propType.find(t => t !== 'null') || propType[0];
-                    }}
-
-                    if (propType === 'string') {{
-                        example[key] = prop.example || `example_${{key}}`;
-                    }} else if (propType === 'number' || propType === 'integer') {{
-                        example[key] = prop.example || 0;
-                    }} else if (propType === 'boolean') {{
-                        example[key] = prop.example || false;
-                    }} else if (propType === 'array') {{
-                        example[key] = [];
-                    }} else if (prop.type && Array.isArray(prop.type) && prop.type.includes('null')) {{
-                        // For nullable types, provide a meaningful example or null
-                        if (prop.type.includes('string')) {{
-                            example[key] = `example_${{key}}`;
-                        }} else if (prop.type.includes('number') || prop.type.includes('integer')) {{
-                            example[key] = 0;
-                        }} else if (prop.type.includes('boolean')) {{
-                            example[key] = false;
-                        }} else {{
-                            example[key] = null;
-                        }}
-                    }} else {{
-                        example[key] = generateExampleFromSchema(prop);
-                    }}
-                }});
-                return example;
-            }}
-
-            return {{}};
-        }}
-
-        // Send request
-        async function sendRequest(path, method, operation) {{
-            const sendButton = document.getElementById('send-request');
-            const originalText = sendButton.innerHTML;
-            sendButton.innerHTML = '<span class="spinner"></span> Sending...';
-            sendButton.disabled = true;
-
-            try {{
-                // Build URL
-                let url = window.location.origin + '{}' + path;
-
-                // Replace path parameters
-                const pathParams = document.querySelectorAll('[data-param="path"]');
-                pathParams.forEach(input => {{
-                    if (input.value) {{
-                        url = url.replace(`{{${{input.dataset.name}}}}`, encodeURIComponent(input.value));
-                    }}
-                }});
-
-                // Add query parameters
-                const queryParams = new URLSearchParams();
-                document.querySelectorAll('[data-param="query"]').forEach(input => {{
-                    if (input.value) {{
-                        queryParams.append(input.dataset.name, input.value);
-                    }}
-                }});
-
-                if (queryParams.toString()) {{
-                    url += '?' + queryParams.toString();
-                }}
-
-                // Build request options
-                const options = {{
-                    method: method.toUpperCase(),
-                    headers: {{
-                        'Content-Type': 'application/json',
-                    }}
-                }};
-
-                // Add authorization header if token exists
-                if (jwtToken) {{
-                    options.headers['Authorization'] = `Bearer ${{jwtToken}}`;
-                }}
-
-                // Add request body
-                const bodyEditor = document.getElementById('request-body');
-                if (bodyEditor && bodyEditor.value.trim()) {{
-                    try {{
-                        options.body = JSON.stringify(JSON.parse(bodyEditor.value));
-                    }} catch (e) {{
-                        throw new Error('Invalid JSON in request body');
-                    }}
-                }}
-
-                // Make request
-                const response = await fetch(url, options);
-                const responseData = await response.text();
-
-                // Parse response
-                let parsedData;
-                try {{
-                    parsedData = JSON.parse(responseData);
-                }} catch (e) {{
-                    parsedData = responseData;
-                }}
-
-                // Show response
-                showResponse(response, parsedData, response.headers);
-
-            }} catch (error) {{
-                console.error('Request failed:', error);
-                showError(error.message);
-            }} finally {{
-                sendButton.innerHTML = originalText;
-                sendButton.disabled = false;
-            }}
-        }}
-
-        // Show response
-        function showResponse(response, data, headers) {{
-            const panel = document.getElementById('response-panel');
-            const statusEl = document.getElementById('response-status');
-            const bodyEl = document.getElementById('response-body');
-
-            panel.style.display = 'block';
-
-            // Update status
-            const statusClass = response.status < 300 ? 'status-2xx' :
-                               response.status < 500 ? 'status-4xx' : 'status-5xx';
-            statusEl.className = `response-status ${{statusClass}}`;
-            statusEl.textContent = `${{response.status}} ${{response.statusText}}`;
-
-            // Update body
-            bodyEl.textContent = typeof data === 'string' ? data : JSON.stringify(data, null, 2);
-
-            // Store response data for copying
-            window.lastResponse = {{ body: data, headers: Object.fromEntries(headers.entries()) }};
-        }}
-
-        // Switch response tab
-        function switchResponseTab(tab) {{
-            document.querySelectorAll('.response-tab').forEach(t => t.classList.remove('active'));
-            // Use CSS.escape to safely escape selector values
-            const safeTabSelector = CSS.escape ? CSS.escape(tab) : tab.replace(/[\\"]/g, '\\$&');
-            document.querySelector(`[data-tab="${{safeTabSelector}}"]`).classList.add('active');
-
-            const bodyEl = document.getElementById('response-body');
-
-            if (tab === 'headers' && window.lastResponse) {{
-                bodyEl.textContent = JSON.stringify(window.lastResponse.headers, null, 2);
-            }} else if (tab === 'body' && window.lastResponse) {{
-                const data = window.lastResponse.body;
-                bodyEl.textContent = typeof data === 'string' ? data : JSON.stringify(data, null, 2);
-            }}
-        }}
-
-        // Copy response
-        async function copyResponse() {{
-            const bodyEl = document.getElementById('response-body');
-            try {{
-                await navigator.clipboard.writeText(bodyEl.textContent);
-                showSuccess('Response copied to clipboard');
-            }} catch (error) {{
-                console.error('Failed to copy:', error);
-            }}
-        }}
-
-        // Filter endpoints
-        function filterEndpoints() {{
-            const query = document.getElementById('endpoint-search').value.toLowerCase();
-            const endpoints = document.querySelectorAll('.endpoint-item');
-
-            endpoints.forEach(endpoint => {{
-                const path = endpoint.dataset.path.toLowerCase();
-                const method = endpoint.dataset.method.toLowerCase();
-                const text = endpoint.textContent.toLowerCase();
-
-                if (path.includes(query) || method.includes(query) || text.includes(query)) {{
-                    endpoint.style.display = 'block';
-                }} else {{
-                    endpoint.style.display = 'none';
-                }}
-            }});
-        }}
-
-        // Show success message
-        function showSuccess(message) {{
-            // You could implement a toast notification here
-            console.log('Success:', message);
-        }}
-
-        // Show error message
-        function showError(message) {{
-            // You could implement a toast notification here
-            console.error('Error:', message);
-        }}
-    </script>
-</body>
-</html>"#,
-                stringify!(#service_name),
-                stringify!(#service_name),
-                "./docs/openapi.json",
-                #base_path
-            )
+            ::axum::response::Html(html)
         }
 
         #[cfg(feature = "server")]
-        // Generate OpenAPI JSON endpoint handler
         async fn openapi_json_handler() -> ::axum::Json<::serde_json::Value> {
             ::axum::Json(#openapi_fn_name())
         }
     }
 }
 
-/// Generates route registrations for static hosting
+/// Generates route registrations for static hosting.
 pub fn generate_static_routes(
     service_def: &ServiceDefinition,
     static_config: &StaticHostingConfig,
@@ -1206,8 +85,8 @@ pub fn generate_static_routes(
         return quote! {};
     }
 
-    let docs_path = &static_config.docs_path;
-    let openapi_path = format!("{}/openapi.json", docs_path);
+    let docs_path = ensure_leading_slash(&static_config.docs_path);
+    let openapi_path = format!("{}/openapi.json", docs_path.trim_end_matches('/'));
     let docs_handler_name = quote::format_ident!(
         "{}_docs_handler",
         service_def.service_name.to_string().to_lowercase()
@@ -1216,10 +95,28 @@ pub fn generate_static_routes(
     quote! {
         #[cfg(feature = "server")]
         {
-            // Register static hosting routes
             router = router
                 .route(#docs_path, ::axum::routing::get(#docs_handler_name))
                 .route(#openapi_path, ::axum::routing::get(openapi_json_handler));
         }
     }
 }
+
+fn ensure_leading_slash(path: &str) -> String {
+    if path.starts_with('/') {
+        path.to_string()
+    } else {
+        format!("/{path}")
+    }
+}
+
+fn join_paths(base: &str, path: &str) -> String {
+    let base = base.trim_end_matches('/');
+    let path = ensure_leading_slash(path);
+
+    if base.is_empty() {
+        path
+    } else {
+        format!("{base}{path}")
+    }
+}
diff --git a/crates/rest/ras-rest-macro/tests/http_integration.rs b/crates/rest/ras-rest-macro/tests/http_integration.rs
index c2b53fb..ebe908a 100644
--- a/crates/rest/ras-rest-macro/tests/http_integration.rs
+++ b/crates/rest/ras-rest-macro/tests/http_integration.rs
@@ -468,6 +468,32 @@ async fn make_rest_request(
     request_builder.send().await
 }
 
+#[tokio::test]
+async fn test_docs_explorer_routes_generated() {
+    let (base_url, _handle) = create_rest_test_server().await;
+
+    let docs_response = reqwest::get(format!("{}/api/v1/docs", base_url))
+        .await
+        .unwrap();
+    assert_eq!(docs_response.status(), 200);
+
+    let docs = docs_response.text().await.unwrap();
+    assert!(docs.contains("\"TestRestService\""));
+    assert!(docs.contains("\"rest\""));
+    assert!(docs.contains("/api/v1/docs/openapi.json"));
+    assert!(docs.contains("Bearer token"));
+    assert!(docs.contains("Saved requests"));
+
+    let spec_response = reqwest::get(format!("{}/api/v1/docs/openapi.json", base_url))
+        .await
+        .unwrap();
+    assert_eq!(spec_response.status(), 200);
+
+    let spec: serde_json::Value = spec_response.json().await.unwrap();
+    assert_eq!(spec["info"]["title"], "TestRestService REST API");
+    assert!(spec["paths"].is_object());
+}
+
 #[tokio::test]
 async fn test_unauthorized_endpoints() {
     let (base_url, _handle) = create_rest_test_server().await;
diff --git a/crates/rest/ras-rest-macro/tests/xss_protection_test.rs b/crates/rest/ras-rest-macro/tests/xss_protection_test.rs
index c1b1784..7ffdb1e 100644
--- a/crates/rest/ras-rest-macro/tests/xss_protection_test.rs
+++ b/crates/rest/ras-rest-macro/tests/xss_protection_test.rs
@@ -19,11 +19,13 @@ fn test_xss_protection_in_generated_html() {
 
 #[test]
 fn test_generated_docs_do_not_store_jwt_in_local_storage() {
-    let source = include_str!("../src/static_hosting.rs");
-    assert!(!source.contains("localStorage.getItem('jwt-token')"));
-    assert!(!source.contains("localStorage.setItem('jwt-token'"));
-    assert!(!source.contains("localStorage.removeItem('jwt-token'"));
-    assert!(source.contains("sessionStorage.setItem('jwt-token'"));
+    let template = include_str!("../src/api_explorer_template.html");
+    assert!(!template.contains("localStorage.getItem('jwt-token')"));
+    assert!(!template.contains("localStorage.setItem('jwt-token'"));
+    assert!(!template.contains("localStorage.removeItem('jwt-token'"));
+    assert!(!template.contains("localStorage.setItem(`${storagePrefix}:bearer-token`"));
+    assert!(template.contains("sessionStorage.setItem(`${storagePrefix}:${key}`"));
+    assert!(template.contains("localStorage.setItem(\"ras-explorer-theme\""));
 }
 
 fn escape_html(unsafe_str: &str) -> String {
diff --git a/crates/rpc/ras-jsonrpc-macro/src/api_explorer_template.html b/crates/rpc/ras-jsonrpc-macro/src/api_explorer_template.html
new file mode 100644
index 0000000..558eab4
--- /dev/null
+++ b/crates/rpc/ras-jsonrpc-macro/src/api_explorer_template.html
@@ -0,0 +1,439 @@
+<!DOCTYPE html>
+<html lang="en" data-theme="dark">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>API Explorer</title>
+    <style>
+        * { box-sizing: border-box; }
+        :root {
+            color-scheme: dark;
+            --bg: #101114;
+            --panel: #17191f;
+            --panel-2: #20232b;
+            --panel-3: #292d36;
+            --text: #eef1f6;
+            --muted: #a7afbf;
+            --faint: #717b8f;
+            --border: #343946;
+            --accent: #4f8cff;
+            --accent-2: #46c2a8;
+            --warn: #f2b84b;
+            --danger: #ff6b6b;
+            --ok: #59d18c;
+            --shadow: 0 14px 40px rgb(0 0 0 / 0.32);
+        }
+        [data-theme="light"] {
+            color-scheme: light;
+            --bg: #f4f6fa;
+            --panel: #ffffff;
+            --panel-2: #f0f3f8;
+            --panel-3: #e5eaf2;
+            --text: #121722;
+            --muted: #4c586d;
+            --faint: #748096;
+            --border: #d9e0ec;
+            --accent: #1d5fd1;
+            --accent-2: #087f68;
+            --warn: #976508;
+            --danger: #c93333;
+            --ok: #167a42;
+            --shadow: 0 14px 34px rgb(27 39 60 / 0.16);
+        }
+        body {
+            margin: 0;
+            min-height: 100vh;
+            background: var(--bg);
+            color: var(--text);
+            font: 14px/1.45 Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+        }
+        button, input, select, textarea { font: inherit; }
+        button {
+            border: 1px solid var(--border);
+            background: var(--panel-2);
+            color: var(--text);
+            border-radius: 7px;
+            padding: 0.48rem 0.68rem;
+            cursor: pointer;
+        }
+        button:hover { border-color: var(--accent); }
+        button.primary {
+            border-color: var(--accent);
+            background: var(--accent);
+            color: white;
+            font-weight: 650;
+        }
+        button.ghost { background: transparent; }
+        button:disabled { cursor: not-allowed; opacity: 0.62; }
+        input, select, textarea {
+            width: 100%;
+            border: 1px solid var(--border);
+            background: var(--panel-2);
+            color: var(--text);
+            border-radius: 7px;
+            padding: 0.55rem 0.65rem;
+            min-width: 0;
+        }
+        textarea {
+            min-height: 180px;
+            resize: vertical;
+            font-family: "JetBrains Mono", "SFMono-Regular", Consolas, monospace;
+            font-size: 12.5px;
+            line-height: 1.5;
+        }
+        code, pre, .mono { font-family: "JetBrains Mono", "SFMono-Regular", Consolas, monospace; }
+        .app {
+            display: grid;
+            grid-template-columns: minmax(250px, 330px) minmax(420px, 1fr) minmax(320px, 470px);
+            min-height: 100vh;
+        }
+        .sidebar, .workspace, .response {
+            min-width: 0;
+            border-right: 1px solid var(--border);
+            background: var(--panel);
+        }
+        .workspace { background: var(--bg); }
+        .response { border-right: 0; }
+        .topbar {
+            min-height: 68px;
+            padding: 0.85rem 1rem;
+            border-bottom: 1px solid var(--border);
+            display: flex;
+            align-items: center;
+            justify-content: space-between;
+            gap: 0.75rem;
+        }
+        .brand { min-width: 0; }
+        .brand h1 {
+            margin: 0;
+            font-size: 1rem;
+            font-weight: 700;
+            white-space: nowrap;
+            overflow: hidden;
+            text-overflow: ellipsis;
+        }
+        .brand .sub {
+            color: var(--muted);
+            font-size: 0.78rem;
+            margin-top: 0.15rem;
+        }
+        .stack { padding: 1rem; display: grid; gap: 0.75rem; }
+        .field { display: grid; gap: 0.35rem; }
+        .field label, .section-title {
+            color: var(--muted);
+            font-size: 0.74rem;
+            font-weight: 700;
+            text-transform: uppercase;
+            letter-spacing: 0.04em;
+        }
+        .row { display: flex; gap: 0.55rem; align-items: center; }
+        .row > * { min-width: 0; }
+        .row .grow { flex: 1; }
+        .search {
+            padding: 0.9rem 1rem;
+            border-top: 1px solid var(--border);
+            border-bottom: 1px solid var(--border);
+        }
+        .list {
+            padding: 0.65rem;
+            display: grid;
+            gap: 0.45rem;
+            overflow: auto;
+            max-height: calc(100vh - 226px);
+        }
+        .op {
+            text-align: left;
+            width: 100%;
+            background: var(--panel);
+            border-color: var(--border);
+            padding: 0.7rem;
+        }
+        .op.active {
+            border-color: var(--accent);
+            box-shadow: inset 3px 0 0 var(--accent);
+            background: var(--panel-2);
+        }
+        .op-main { display: flex; align-items: center; gap: 0.55rem; }
+        .op-name {
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+            font-weight: 650;
+        }
+        .op-desc {
+            color: var(--muted);
+            font-size: 0.78rem;
+            margin-top: 0.28rem;
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+        }
+        .badge {
+            display: inline-flex;
+            align-items: center;
+            min-height: 22px;
+            border-radius: 6px;
+            padding: 0.1rem 0.38rem;
+            border: 1px solid var(--border);
+            background: var(--panel-2);
+            color: var(--muted);
+            font-size: 0.72rem;
+            font-weight: 800;
+            white-space: nowrap;
+        }
+        .get { color: #74b9ff; }
+        .post { color: #59d18c; }
+        .put, .patch { color: #f2b84b; }
+        .delete { color: #ff8585; }
+        .lock { margin-left: auto; color: var(--warn); }
+        .open { margin-left: auto; color: var(--ok); }
+        .main-scroll, .response-scroll {
+            height: calc(100vh - 68px);
+            overflow: auto;
+            padding: 1rem;
+        }
+        .panel {
+            background: var(--panel);
+            border: 1px solid var(--border);
+            border-radius: 8px;
+            box-shadow: var(--shadow);
+            margin-bottom: 1rem;
+        }
+        .panel-head {
+            padding: 0.9rem 1rem;
+            border-bottom: 1px solid var(--border);
+            display: flex;
+            align-items: center;
+            justify-content: space-between;
+            gap: 0.75rem;
+        }
+        .panel-body { padding: 1rem; display: grid; gap: 0.9rem; }
+        .titleline { min-width: 0; }
+        .titleline h2 { margin: 0; font-size: 1.03rem; overflow-wrap: anywhere; }
+        .titleline p { margin: 0.25rem 0 0; color: var(--muted); }
+        .grid2 { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 0.75rem; }
+        .params { display: grid; gap: 0.55rem; }
+        .param-row {
+            display: grid;
+            grid-template-columns: minmax(110px, 0.85fr) minmax(160px, 1.4fr) minmax(76px, 0.5fr);
+            gap: 0.55rem;
+            align-items: center;
+        }
+        .param-row .name { overflow-wrap: anywhere; }
+        .hint { color: var(--muted); font-size: 0.82rem; }
+        .tabs { display: flex; gap: 0.45rem; flex-wrap: wrap; }
+        .tab.active { border-color: var(--accent); color: white; background: var(--accent); }
+        pre {
+            margin: 0;
+            min-height: 220px;
+            white-space: pre-wrap;
+            overflow: auto;
+            background: var(--panel-2);
+            border: 1px solid var(--border);
+            border-radius: 8px;
+            padding: 0.85rem;
+            font-size: 12.5px;
+        }
+        .status {
+            display: inline-flex;
+            align-items: center;
+            border-radius: 6px;
+            padding: 0.16rem 0.45rem;
+            font-weight: 800;
+            font-size: 0.75rem;
+            border: 1px solid var(--border);
+        }
+        .status.ok { color: var(--ok); }
+        .status.warn { color: var(--warn); }
+        .status.err { color: var(--danger); }
+        .history-item, .saved-item {
+            display: grid;
+            gap: 0.18rem;
+            padding: 0.55rem;
+            border: 1px solid var(--border);
+            border-radius: 7px;
+            background: var(--panel-2);
+        }
+        .history-item button, .saved-item button { justify-self: start; margin-top: 0.25rem; }
+        .toast {
+            position: fixed;
+            right: 1rem;
+            bottom: 1rem;
+            max-width: min(420px, calc(100vw - 2rem));
+            background: var(--panel);
+            border: 1px solid var(--border);
+            border-radius: 8px;
+            padding: 0.75rem 0.9rem;
+            box-shadow: var(--shadow);
+            opacity: 0;
+            transform: translateY(12px);
+            transition: opacity 0.18s, transform 0.18s;
+            pointer-events: none;
+        }
+        .toast.show { opacity: 1; transform: translateY(0); }
+        .empty {
+            color: var(--muted);
+            border: 1px dashed var(--border);
+            border-radius: 8px;
+            padding: 1rem;
+            text-align: center;
+        }
+        @media (max-width: 1180px) {
+            .app { grid-template-columns: minmax(240px, 310px) minmax(0, 1fr); }
+            .response { grid-column: 1 / -1; border-top: 1px solid var(--border); }
+            .response-scroll { height: auto; max-height: 60vh; }
+        }
+        @media (max-width: 760px) {
+            .app { display: block; }
+            .list { max-height: 42vh; }
+            .main-scroll, .response-scroll { height: auto; }
+            .grid2, .param-row { grid-template-columns: 1fr; }
+            .topbar { align-items: flex-start; }
+        }
+    </style>
+</head>
+<body>
+    <div class="app">
+        <aside class="sidebar">
+            <div class="topbar">
+                <div class="brand">
+                    <h1 id="service-name">API Explorer</h1>
+                    <div class="sub" id="service-subtitle">Loading specification</div>
+                </div>
+                <button id="theme-toggle" class="ghost" title="Toggle theme">Theme</button>
+            </div>
+            <div class="stack">
+                <div class="field">
+                    <label for="environment-select">Environment</label>
+                    <div class="row">
+                        <select id="environment-select" class="grow"></select>
+                        <button id="add-environment" title="Add environment">Add</button>
+                    </div>
+                </div>
+                <div class="field">
+                    <label for="base-url">Base URL</label>
+                    <input id="base-url" type="text" spellcheck="false">
+                </div>
+                <div class="field">
+                    <label for="jwt-token">Bearer token</label>
+                    <input id="jwt-token" type="password" autocomplete="off" placeholder="Token for this session">
+                </div>
+                <div class="row">
+                    <button id="save-token" class="primary">Apply token</button>
+                    <button id="clear-token">Clear</button>
+                    <span id="auth-state" class="badge">No token</span>
+                </div>
+            </div>
+            <div class="search">
+                <input id="operation-search" type="search" placeholder="Search operations">
+            </div>
+            <div id="operation-list" class="list"></div>
+        </aside>
+        <main class="workspace">
+            <div class="topbar">
+                <div class="titleline">
+                    <h2 id="operation-title">Select an operation</h2>
+                    <p id="operation-description">Choose an operation to prepare a request.</p>
+                </div>
+                <div class="row">
+                    <button id="save-request">Save</button>
+                    <button id="send-request" class="primary" disabled>Send</button>
+                </div>
+            </div>
+            <div class="main-scroll">
+                <section class="panel">
+                    <div class="panel-head">
+                        <strong>Request</strong>
+                        <span id="request-url" class="hint mono"></span>
+                    </div>
+                    <div id="request-form" class="panel-body">
+                        <div class="empty">No operation selected.</div>
+                    </div>
+                </section>
+                <section class="panel">
+                    <div class="panel-head">
+                        <strong>Saved requests</strong>
+                        <button id="clear-saved">Clear saved</button>
+                    </div>
+                    <div id="saved-list" class="panel-body"></div>
+                </section>
+            </div>
+        </main>
+        <aside class="response">
+            <div class="topbar">
+                <div class="brand">
+                    <h1>Response</h1>
+                    <div id="response-meta" class="sub">No request sent</div>
+                </div>
+                <button id="copy-response">Copy</button>
+            </div>
+            <div class="response-scroll">
+                <section class="panel">
+                    <div class="panel-head">
+                        <div class="tabs">
+                            <button class="tab active" data-response-tab="body">Body</button>
+                            <button class="tab" data-response-tab="headers">Headers</button>
+                            <button class="tab" data-response-tab="request">Request</button>
+                        </div>
+                        <span id="response-status" class="status">Idle</span>
+                    </div>
+                    <div class="panel-body">
+                        <pre id="response-output"></pre>
+                    </div>
+                </section>
+                <section class="panel">
+                    <div class="panel-head">
+                        <strong>History</strong>
+                        <button id="clear-history">Clear history</button>
+                    </div>
+                    <div id="history-list" class="panel-body"></div>
+                </section>
+            </div>
+        </aside>
+    </div>
+    <div id="toast" class="toast"></div>
+    <script>
+        const CONFIG = { serviceName: {SERVICE_NAME_JSON}, protocol: {PROTOCOL_JSON}, specPath: {SPEC_PATH_JSON}, apiBasePath: {API_BASE_PATH_JSON} };
+        const METHODS = ["get", "post", "put", "patch", "delete", "head", "options"];
+        const state = { spec: null, operations: [], selectedId: null, token: "", environments: [], activeEnvironment: 0, saved: {}, history: [], lastResponse: { body: "", headers: "", request: "" }, responseTab: "body" };
+        const storagePrefix = `ras-explorer:${CONFIG.protocol}:${CONFIG.serviceName}:${location.pathname}`;
+        const $ = (id) => document.getElementById(id);
+        function storageGet(key, fallback) { try { const value = sessionStorage.getItem(`${storagePrefix}:${key}`); return value ? JSON.parse(value) : fallback; } catch (_) { return fallback; } }
+        function storageSet(key, value) { sessionStorage.setItem(`${storagePrefix}:${key}`, JSON.stringify(value)); }
+        function showToast(message) { const toast = $("toast"); toast.textContent = message; toast.classList.add("show"); setTimeout(() => toast.classList.remove("show"), 2200); }
+        function setTheme(theme) { const next = theme === "light" ? "light" : "dark"; document.documentElement.setAttribute("data-theme", next); localStorage.setItem("ras-explorer-theme", next); }
+        function initializeTheme() { setTheme(localStorage.getItem("ras-explorer-theme") || "dark"); }
+        function resolveRef(schema) { if (!schema || !schema.$ref) return schema || null; const prefix = "#/components/schemas/"; if (schema.$ref.startsWith(prefix)) return state.spec?.components?.schemas?.[schema.$ref.slice(prefix.length)] || schema; return schema; }
+        function schemaType(schema) { const resolved = resolveRef(schema); if (!resolved) return "any"; if (resolved.$ref) return resolved.$ref.split("/").pop(); if (Array.isArray(resolved.type)) return resolved.type.filter((t) => t !== "null").join(" | ") || "null"; if (resolved.type) return resolved.nullable ? `${resolved.type}?` : resolved.type; if (resolved.enum) return "enum"; if (resolved.oneOf) return "oneOf"; if (resolved.anyOf) return "anyOf"; return "object"; }
+        function exampleFromSchema(schema, seen = new Set()) { const resolved = resolveRef(schema); if (!resolved) return {}; if (resolved.$ref) { if (seen.has(resolved.$ref)) return {}; seen.add(resolved.$ref); return exampleFromSchema(resolveRef(resolved), seen); } if (resolved.example !== undefined) return resolved.example; if (Array.isArray(resolved.examples) && resolved.examples.length) return resolved.examples[0]; if (resolved.default !== undefined) return resolved.default; if (Array.isArray(resolved.enum) && resolved.enum.length) return resolved.enum[0]; const variants = resolved.oneOf || resolved.anyOf; if (Array.isArray(variants) && variants.length) return exampleFromSchema(variants.find((item) => item.type !== "null") || variants[0], seen); const type = Array.isArray(resolved.type) ? resolved.type.find((item) => item !== "null") : resolved.type; if (type === "string") return "example"; if (type === "integer" || type === "number") return 0; if (type === "boolean") return false; if (type === "array") return [exampleFromSchema(resolved.items, seen)]; if (type === "object" || resolved.properties) { const output = {}; Object.entries(resolved.properties || {}).forEach(([key, prop]) => output[key] = exampleFromSchema(prop, seen)); return output; } return {}; }
+        function jsonPretty(value) { if (typeof value === "string") return value; return JSON.stringify(value, null, 2); }
+        function normalizePermissions(value) { if (!Array.isArray(value)) return []; if (value.every((item) => typeof item === "string")) return value; return value.map((item) => Array.isArray(item) ? item.join(" + ") : String(item)); }
+        function normalizeOpenApi(spec) { const operations = []; Object.entries(spec.paths || {}).forEach(([path, pathItem]) => { Object.entries(pathItem || {}).forEach(([method, operation]) => { if (!METHODS.includes(method)) return; const upper = method.toUpperCase(); const params = operation.parameters || []; const requestSchema = operation.requestBody?.content?.["application/json"]?.schema || null; const response = Object.entries(operation.responses || {}).find(([code]) => code.startsWith("2")); const responseSchema = response?.[1]?.content?.["application/json"]?.schema || null; operations.push({ id: `${upper} ${path}`, protocol: "rest", label: path, method: upper, path, summary: operation.summary || `${upper} ${path}`, description: operation.description || operation.summary || "", authRequired: Boolean(operation.security && operation.security.length), permissions: normalizePermissions(operation["x-permissions"]), pathParams: params.filter((param) => param.in === "path"), queryParams: params.filter((param) => param.in === "query"), requestSchema, responseSchema }); }); }); return operations; }
+        function normalizeOpenRpc(spec) { return (spec.methods || []).map((method) => { const auth = method["x-authentication"]; const param = Array.isArray(method.params) ? method.params[0] : null; return { id: method.name, protocol: "jsonrpc", label: method.name, method: "RPC", path: CONFIG.apiBasePath, summary: method.summary || method.name, description: method.description || method.summary || "", authRequired: Boolean(auth && auth.required !== false), permissions: normalizePermissions(method["x-permissions"]), paramsSchema: param?.schema || null, responseSchema: method.result?.schema || null }; }); }
+        function activeOperation() { return state.operations.find((operation) => operation.id === state.selectedId) || null; }
+        function activeBaseUrl() { return state.environments[state.activeEnvironment]?.baseUrl || CONFIG.apiBasePath || ""; }
+        function toAbsoluteUrl(path) { if (/^https?:\/\//i.test(path)) return path; const prefix = path.startsWith("/") ? path : `/${path}`; return `${window.location.origin}${prefix}`; }
+        function currentRequestSnapshot() { const operation = activeOperation(); if (!operation) return null; if (operation.protocol === "rest") { const pathValues = {}; document.querySelectorAll("[data-path-param]").forEach((input) => pathValues[input.dataset.pathParam] = input.value); const queryValues = {}; document.querySelectorAll("[data-query-param]").forEach((input) => queryValues[input.dataset.queryParam] = input.value); return { operationId: operation.id, pathValues, queryValues, body: $("body-editor")?.value || "" }; } return { operationId: operation.id, requestId: $("rpc-request-id")?.value || "", params: $("params-editor")?.value || "" }; }
+        function applySnapshot(snapshot) { if (!snapshot) return; selectOperation(snapshot.operationId, false); if (snapshot.pathValues) Object.entries(snapshot.pathValues).forEach(([key, value]) => { const input = document.querySelector(`[data-path-param="${CSS.escape(key)}"]`); if (input) input.value = value; }); if (snapshot.queryValues) Object.entries(snapshot.queryValues).forEach(([key, value]) => { const input = document.querySelector(`[data-query-param="${CSS.escape(key)}"]`); if (input) input.value = value; }); if ($("body-editor") && snapshot.body !== undefined) $("body-editor").value = snapshot.body; if ($("params-editor") && snapshot.params !== undefined) $("params-editor").value = snapshot.params; if ($("rpc-request-id") && snapshot.requestId !== undefined) $("rpc-request-id").value = snapshot.requestId; updateRequestUrl(); }
+        function renderOperations() { const query = $("operation-search").value.trim().toLowerCase(); const list = $("operation-list"); list.textContent = ""; state.operations.filter((operation) => `${operation.method} ${operation.label} ${operation.summary}`.toLowerCase().includes(query)).forEach((operation) => { const button = document.createElement("button"); button.className = `op ${operation.id === state.selectedId ? "active" : ""}`; button.type = "button"; button.addEventListener("click", () => selectOperation(operation.id)); const main = document.createElement("div"); main.className = "op-main"; const method = document.createElement("span"); method.className = `badge ${operation.method.toLowerCase()}`; method.textContent = operation.method; const name = document.createElement("span"); name.className = "op-name mono"; name.textContent = operation.label; const auth = document.createElement("span"); auth.className = operation.authRequired ? "badge lock" : "badge open"; auth.textContent = operation.authRequired ? "Auth" : "Open"; main.append(method, name, auth); const desc = document.createElement("div"); desc.className = "op-desc"; desc.textContent = operation.summary || operation.description || ""; button.append(main, desc); list.appendChild(button); }); if (!list.children.length) { const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = "No matching operations."; list.appendChild(empty); } }
+        function renderEnvironments() { const select = $("environment-select"); select.textContent = ""; state.environments.forEach((env, index) => { const option = document.createElement("option"); option.value = String(index); option.textContent = env.name; select.appendChild(option); }); select.value = String(state.activeEnvironment); $("base-url").value = activeBaseUrl(); }
+        function renderSaved() { const container = $("saved-list"); container.textContent = ""; const operation = activeOperation(); const items = operation ? (state.saved[operation.id] || []) : []; if (!items.length) { const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = operation ? "No saved requests for this operation." : "Select an operation."; container.appendChild(empty); return; } items.forEach((item, index) => { const row = document.createElement("div"); row.className = "saved-item"; const name = document.createElement("strong"); name.textContent = item.name; const time = document.createElement("span"); time.className = "hint"; time.textContent = new Date(item.createdAt).toLocaleString(); const load = document.createElement("button"); load.textContent = "Load"; load.addEventListener("click", () => applySnapshot(item.snapshot)); const remove = document.createElement("button"); remove.textContent = "Remove"; remove.addEventListener("click", () => { state.saved[operation.id].splice(index, 1); storageSet("saved", state.saved); renderSaved(); }); const actions = document.createElement("div"); actions.className = "row"; actions.append(load, remove); row.append(name, time, actions); container.appendChild(row); }); }
+        function renderHistory() { const container = $("history-list"); container.textContent = ""; if (!state.history.length) { const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = "Requests you send in this session appear here."; container.appendChild(empty); return; } state.history.forEach((item) => { const row = document.createElement("div"); row.className = "history-item"; const title = document.createElement("strong"); title.textContent = item.title; const meta = document.createElement("span"); meta.className = "hint"; meta.textContent = `${item.status} - ${item.duration}ms - ${new Date(item.createdAt).toLocaleTimeString()}`; const load = document.createElement("button"); load.textContent = "Load request"; load.addEventListener("click", () => applySnapshot(item.snapshot)); row.append(title, meta, load); container.appendChild(row); }); }
+        function renderRestForm(operation) { const fragment = document.createDocumentFragment(); [["Path parameters", operation.pathParams, "path"], ["Query parameters", operation.queryParams, "query"]].forEach(([title, params, kind]) => { if (!params.length) return; const group = document.createElement("div"); group.className = "field"; const label = document.createElement("div"); label.className = "section-title"; label.textContent = title; const rows = document.createElement("div"); rows.className = "params"; params.forEach((param) => { const row = document.createElement("div"); row.className = "param-row"; const name = document.createElement("div"); name.className = "name mono"; name.textContent = `${param.name}${param.required ? " *" : ""}`; const input = document.createElement("input"); input.placeholder = param.description || param.name; input.dataset[kind === "path" ? "pathParam" : "queryParam"] = param.name; input.addEventListener("input", updateRequestUrl); const type = document.createElement("span"); type.className = "badge"; type.textContent = schemaType(param.schema); row.append(name, input, type); rows.appendChild(row); }); group.append(label, rows); fragment.appendChild(group); }); if (operation.requestSchema) fragment.appendChild(editorBlock("JSON body", "body-editor", jsonPretty(exampleFromSchema(operation.requestSchema)))); return fragment; }
+        function renderRpcForm(operation) { const fragment = document.createDocumentFragment(); const grid = document.createElement("div"); grid.className = "grid2"; const idField = document.createElement("div"); idField.className = "field"; const idLabel = document.createElement("label"); idLabel.textContent = "Request ID"; idLabel.htmlFor = "rpc-request-id"; const idRow = document.createElement("div"); idRow.className = "row"; const idInput = document.createElement("input"); idInput.id = "rpc-request-id"; idInput.className = "grow"; idInput.value = requestId(); const regen = document.createElement("button"); regen.textContent = "Regenerate"; regen.addEventListener("click", () => idInput.value = requestId()); idRow.append(idInput, regen); idField.append(idLabel, idRow); const methodField = document.createElement("div"); methodField.className = "field"; const methodLabel = document.createElement("label"); methodLabel.textContent = "JSON-RPC method"; const methodValue = document.createElement("input"); methodValue.value = operation.label; methodValue.readOnly = true; methodField.append(methodLabel, methodValue); grid.append(idField, methodField); fragment.appendChild(grid); if (operation.paramsSchema) fragment.appendChild(editorBlock("Params", "params-editor", jsonPretty(exampleFromSchema(operation.paramsSchema)))); else { const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = "This method has no params."; fragment.appendChild(empty); } return fragment; }
+        function editorBlock(labelText, id, value) { const field = document.createElement("div"); field.className = "field"; const label = document.createElement("label"); label.textContent = labelText; label.htmlFor = id; const editor = document.createElement("textarea"); editor.id = id; editor.spellcheck = false; editor.value = value; field.append(label, editor); return field; }
+        function renderRequestForm() { const operation = activeOperation(); const form = $("request-form"); form.textContent = ""; $("send-request").disabled = !operation; if (!operation) { const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = "No operation selected."; form.appendChild(empty); return; } const auth = document.createElement("div"); auth.className = "row"; const authBadge = document.createElement("span"); authBadge.className = operation.authRequired ? "badge lock" : "badge open"; authBadge.textContent = operation.authRequired ? "Authentication required" : "No authentication required"; auth.appendChild(authBadge); operation.permissions.forEach((permission) => { const badge = document.createElement("span"); badge.className = "badge"; badge.textContent = permission; auth.appendChild(badge); }); form.appendChild(auth); form.appendChild(operation.protocol === "rest" ? renderRestForm(operation) : renderRpcForm(operation)); updateRequestUrl(); }
+        function selectOperation(id, rerenderList = true) { state.selectedId = id; const operation = activeOperation(); $("operation-title").textContent = operation ? `${operation.method} ${operation.label}` : "Select an operation"; $("operation-description").textContent = operation?.description || operation?.summary || "Prepare and send a request."; renderRequestForm(); renderSaved(); if (rerenderList) renderOperations(); }
+        function requestId() { return `req_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`; }
+        function updateRequestUrl() { const operation = activeOperation(); $("request-url").textContent = operation ? buildRequestPreview(operation) : ""; }
+        function buildRequestPreview(operation) { if (operation.protocol === "jsonrpc") return toAbsoluteUrl(activeBaseUrl()); let path = operation.path; document.querySelectorAll("[data-path-param]").forEach((input) => path = path.replace(`{${input.dataset.pathParam}}`, encodeURIComponent(input.value || `{${input.dataset.pathParam}}`))); const query = new URLSearchParams(); document.querySelectorAll("[data-query-param]").forEach((input) => { if (input.value) query.append(input.dataset.queryParam, input.value); }); const base = activeBaseUrl().replace(/\/$/, ""); return toAbsoluteUrl(`${base}${path}${query.toString() ? `?${query}` : ""}`); }
+        function buildRequest(operation) { const headers = { "Content-Type": "application/json" }; if (state.token) headers.Authorization = `Bearer ${state.token}`; if (operation.protocol === "rest") { const options = { method: operation.method, headers }; const body = $("body-editor")?.value.trim(); if (body) options.body = JSON.stringify(JSON.parse(body)); return { url: buildRequestPreview(operation), options, requestBody: body || "" }; } const payload = { jsonrpc: "2.0", method: operation.label, id: $("rpc-request-id")?.value || requestId() }; const params = $("params-editor")?.value.trim(); if (params) payload.params = JSON.parse(params); return { url: toAbsoluteUrl(activeBaseUrl()), options: { method: "POST", headers, body: JSON.stringify(payload) }, requestBody: JSON.stringify(payload, null, 2) }; }
+        async function sendCurrentRequest() { const operation = activeOperation(); if (!operation) return; const button = $("send-request"); button.disabled = true; button.textContent = "Sending"; const started = performance.now(); try { const request = buildRequest(operation); const response = await fetch(request.url, request.options); const duration = Math.round(performance.now() - started); const text = await response.text(); let body = text; try { body = JSON.parse(text); } catch (_) {} const headers = Object.fromEntries(response.headers.entries()); const isRpcError = operation.protocol === "jsonrpc" && body && body.error; const statusText = `${response.status} ${response.statusText || ""}`.trim(); state.lastResponse = { body: jsonPretty(body), headers: jsonPretty(headers), request: jsonPretty({ url: request.url, method: request.options.method, headers: request.options.headers, body: request.requestBody ? JSON.parse(request.requestBody) : undefined }) }; $("response-status").className = `status ${response.ok && !isRpcError ? "ok" : response.status < 500 ? "warn" : "err"}`; $("response-status").textContent = isRpcError ? "RPC error" : statusText; $("response-meta").textContent = `${operation.method} ${operation.label} - ${duration}ms`; state.history.unshift({ title: `${operation.method} ${operation.label}`, status: isRpcError ? "RPC error" : statusText, duration, createdAt: Date.now(), snapshot: currentRequestSnapshot() }); state.history = state.history.slice(0, 30); storageSet("history", state.history); renderHistory(); renderResponseOutput(); } catch (error) { $("response-status").className = "status err"; $("response-status").textContent = "Failed"; state.lastResponse = { body: error.message, headers: "", request: "" }; renderResponseOutput(); showToast(error.message); } finally { button.disabled = false; button.textContent = "Send"; } }
+        function renderResponseOutput() { $("response-output").textContent = state.lastResponse[state.responseTab] || ""; }
+        function saveCurrentRequest() { const operation = activeOperation(); const snapshot = currentRequestSnapshot(); if (!operation || !snapshot) return; const name = prompt("Saved request name", operation.label); if (!name) return; state.saved[operation.id] = state.saved[operation.id] || []; state.saved[operation.id].unshift({ name, snapshot, createdAt: Date.now() }); storageSet("saved", state.saved); renderSaved(); }
+        async function loadSpec() { $("service-name").textContent = `${CONFIG.serviceName} Explorer`; $("service-subtitle").textContent = CONFIG.protocol === "rest" ? "REST OpenAPI" : "JSON-RPC OpenRPC"; const response = await fetch(CONFIG.specPath, { headers: { Accept: "application/json" } }); if (!response.ok) throw new Error(`Failed to load API specification: ${response.status}`); state.spec = await response.json(); state.operations = CONFIG.protocol === "rest" ? normalizeOpenApi(state.spec) : normalizeOpenRpc(state.spec); renderOperations(); if (state.operations.length) selectOperation(state.operations[0].id); }
+        function bindEvents() { $("theme-toggle").addEventListener("click", () => { const current = document.documentElement.getAttribute("data-theme"); setTheme(current === "dark" ? "light" : "dark"); }); $("operation-search").addEventListener("input", renderOperations); $("environment-select").addEventListener("change", (event) => { state.activeEnvironment = Number(event.target.value); storageSet("activeEnvironment", state.activeEnvironment); renderEnvironments(); updateRequestUrl(); }); $("base-url").addEventListener("input", (event) => { state.environments[state.activeEnvironment].baseUrl = event.target.value; storageSet("environments", state.environments); updateRequestUrl(); }); $("add-environment").addEventListener("click", () => { const name = prompt("Environment name", `Env ${state.environments.length + 1}`); if (!name) return; state.environments.push({ name, baseUrl: activeBaseUrl() }); state.activeEnvironment = state.environments.length - 1; storageSet("environments", state.environments); storageSet("activeEnvironment", state.activeEnvironment); renderEnvironments(); }); $("save-token").addEventListener("click", () => { state.token = $("jwt-token").value.trim(); storageSet("bearer-token", state.token); $("auth-state").textContent = state.token ? "Token set" : "No token"; showToast(state.token ? "Token applied for this session" : "Token cleared"); }); $("clear-token").addEventListener("click", () => { state.token = ""; $("jwt-token").value = ""; sessionStorage.removeItem(`${storagePrefix}:bearer-token`); $("auth-state").textContent = "No token"; }); $("send-request").addEventListener("click", sendCurrentRequest); $("save-request").addEventListener("click", saveCurrentRequest); $("clear-saved").addEventListener("click", () => { const operation = activeOperation(); if (operation) { state.saved[operation.id] = []; storageSet("saved", state.saved); renderSaved(); } }); $("clear-history").addEventListener("click", () => { state.history = []; storageSet("history", state.history); renderHistory(); }); $("copy-response").addEventListener("click", async () => { await navigator.clipboard.writeText($("response-output").textContent); showToast("Copied response"); }); document.querySelectorAll("[data-response-tab]").forEach((tab) => tab.addEventListener("click", () => { state.responseTab = tab.dataset.responseTab; document.querySelectorAll("[data-response-tab]").forEach((item) => item.classList.toggle("active", item === tab)); renderResponseOutput(); })); }
+        document.addEventListener("DOMContentLoaded", async () => { initializeTheme(); state.environments = storageGet("environments", [{ name: "Default", baseUrl: CONFIG.apiBasePath || "/" }]); state.activeEnvironment = storageGet("activeEnvironment", 0); state.saved = storageGet("saved", {}); state.history = storageGet("history", []); state.token = storageGet("bearer-token", ""); $("jwt-token").value = state.token; $("auth-state").textContent = state.token ? "Token set" : "No token"; bindEvents(); renderEnvironments(); renderHistory(); renderSaved(); try { await loadSpec(); } catch (error) { $("operation-list").innerHTML = ""; const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = error.message; $("operation-list").appendChild(empty); showToast(error.message); } });
+    </script>
+</body>
+</html>
diff --git a/crates/rpc/ras-jsonrpc-macro/src/jsonrpc_explorer_template.html b/crates/rpc/ras-jsonrpc-macro/src/jsonrpc_explorer_template.html
deleted file mode 100644
index 9d0eb48..0000000
--- a/crates/rpc/ras-jsonrpc-macro/src/jsonrpc_explorer_template.html
+++ /dev/null
@@ -1,1212 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>{SERVICE_NAME} - JSON-RPC API Explorer</title>
-    <link rel="preconnect" href="https://fonts.googleapis.com">
-    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
-    <style>
-        /* Reset and base styles */
-        * {
-            margin: 0;
-            padding: 0;
-            box-sizing: border-box;
-        }
-
-        :root {
-            --primary-color: #2563eb;
-            --primary-hover: #1d4ed8;
-            --secondary-color: #64748b;
-            --success-color: #10b981;
-            --warning-color: #f59e0b;
-            --error-color: #ef4444;
-            --bg-primary: #ffffff;
-            --bg-secondary: #f8fafc;
-            --bg-tertiary: #f1f5f9;
-            --text-primary: #0f172a;
-            --text-secondary: #64748b;
-            --text-muted: #94a3b8;
-            --border-color: #e2e8f0;
-            --shadow-sm: 0 1px 2px 0 rgb(0 0 0 / 0.05);
-            --shadow-md: 0 4px 6px -1px rgb(0 0 0 / 0.1), 0 2px 4px -2px rgb(0 0 0 / 0.1);
-            --shadow-lg: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
-            --radius-sm: 0.375rem;
-            --radius-md: 0.5rem;
-            --radius-lg: 0.75rem;
-        }
-
-        [data-theme="dark"] {
-            --bg-primary: #0f172a;
-            --bg-secondary: #1e293b;
-            --bg-tertiary: #334155;
-            --text-primary: #f8fafc;
-            --text-secondary: #cbd5e1;
-            --text-muted: #64748b;
-            --border-color: #334155;
-        }
-
-        body {
-            font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
-            font-size: 14px;
-            line-height: 1.5;
-            color: var(--text-primary);
-            background-color: var(--bg-secondary);
-            min-height: 100vh;
-        }
-
-        /* Layout */
-        .app-container {
-            display: flex;
-            min-height: 100vh;
-        }
-
-        .sidebar {
-            width: 320px;
-            background: var(--bg-primary);
-            border-right: 1px solid var(--border-color);
-            overflow-y: auto;
-            flex-shrink: 0;
-        }
-
-        .main-content {
-            flex: 1;
-            overflow: hidden;
-            display: flex;
-            flex-direction: column;
-        }
-
-        /* Header */
-        .header {
-            background: var(--bg-primary);
-            border-bottom: 1px solid var(--border-color);
-            padding: 1rem 1.5rem;
-            display: flex;
-            align-items: center;
-            justify-content: space-between;
-            flex-shrink: 0;
-        }
-
-        .header h1 {
-            font-size: 1.25rem;
-            font-weight: 600;
-            color: var(--text-primary);
-        }
-
-        .header-actions {
-            display: flex;
-            align-items: center;
-            gap: 0.75rem;
-        }
-
-        /* Auth section */
-        .auth-section {
-            padding: 1rem;
-            border-bottom: 1px solid var(--border-color);
-        }
-
-        .auth-title {
-            font-size: 0.875rem;
-            font-weight: 600;
-            color: var(--text-primary);
-            margin-bottom: 0.75rem;
-            display: flex;
-            align-items: center;
-            gap: 0.5rem;
-        }
-
-        .auth-status {
-            width: 8px;
-            height: 8px;
-            border-radius: 50%;
-            background: var(--error-color);
-        }
-
-        .auth-status.authenticated {
-            background: var(--success-color);
-        }
-
-        .input-group {
-            margin-bottom: 0.75rem;
-        }
-
-        .input-label {
-            font-size: 0.75rem;
-            font-weight: 500;
-            color: var(--text-secondary);
-            margin-bottom: 0.25rem;
-            display: block;
-        }
-
-        .input-field {
-            width: 100%;
-            padding: 0.5rem 0.75rem;
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            background: var(--bg-primary);
-            color: var(--text-primary);
-            font-size: 0.875rem;
-            transition: border-color 0.2s;
-        }
-
-        .input-field:focus {
-            outline: none;
-            border-color: var(--primary-color);
-            box-shadow: 0 0 0 3px rgb(37 99 235 / 0.1);
-        }
-
-        .btn {
-            padding: 0.5rem 1rem;
-            border: none;
-            border-radius: var(--radius-md);
-            font-size: 0.875rem;
-            font-weight: 500;
-            cursor: pointer;
-            transition: all 0.2s;
-            display: inline-flex;
-            align-items: center;
-            gap: 0.5rem;
-        }
-
-        .btn-primary {
-            background: var(--primary-color);
-            color: white;
-        }
-
-        .btn-primary:hover {
-            background: var(--primary-hover);
-        }
-
-        .btn-secondary {
-            background: var(--bg-tertiary);
-            color: var(--text-primary);
-            border: 1px solid var(--border-color);
-        }
-
-        .btn-secondary:hover {
-            background: var(--border-color);
-        }
-
-        .btn-sm {
-            padding: 0.375rem 0.75rem;
-            font-size: 0.75rem;
-        }
-
-        /* Methods list */
-        .methods-section {
-            flex: 1;
-            overflow-y: auto;
-        }
-
-        .search-container {
-            padding: 1rem;
-            border-bottom: 1px solid var(--border-color);
-        }
-
-        .search-input {
-            width: 100%;
-            padding: 0.5rem 0.75rem;
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            background: var(--bg-primary);
-            color: var(--text-primary);
-            font-size: 0.875rem;
-        }
-
-        .search-input::placeholder {
-            color: var(--text-muted);
-        }
-
-        .methods-list {
-            padding: 0.5rem;
-        }
-
-        .method-item {
-            padding: 0.75rem;
-            margin-bottom: 0.5rem;
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            cursor: pointer;
-            transition: all 0.2s;
-            background: var(--bg-primary);
-        }
-
-        .method-item:hover {
-            border-color: var(--primary-color);
-            box-shadow: var(--shadow-sm);
-        }
-
-        .method-item.active {
-            border-color: var(--primary-color);
-            background: rgb(37 99 235 / 0.05);
-        }
-
-        .method-header {
-            display: flex;
-            align-items: center;
-            gap: 0.75rem;
-            margin-bottom: 0.25rem;
-        }
-
-        .method-name {
-            font-family: 'JetBrains Mono', 'Consolas', monospace;
-            font-size: 0.875rem;
-            color: var(--text-primary);
-            font-weight: 500;
-        }
-
-        .method-description {
-            font-size: 0.75rem;
-            color: var(--text-secondary);
-            margin-top: 0.25rem;
-        }
-
-        .auth-indicator {
-            font-size: 0.6875rem;
-            padding: 0.125rem 0.375rem;
-            border-radius: var(--radius-sm);
-            background: var(--bg-tertiary);
-            color: var(--text-muted);
-            margin-left: auto;
-        }
-
-        .auth-indicator.protected {
-            background: #fef3c7;
-            color: #92400e;
-        }
-
-        /* Request panel */
-        .request-panel {
-            flex: 1;
-            background: var(--bg-primary);
-            overflow-y: auto;
-            display: flex;
-            flex-direction: column;
-        }
-
-        .request-header {
-            padding: 1.5rem;
-            border-bottom: 1px solid var(--border-color);
-        }
-
-        .request-title {
-            display: flex;
-            align-items: center;
-            gap: 0.75rem;
-            margin-bottom: 0.5rem;
-        }
-
-        .request-title h2 {
-            font-size: 1.125rem;
-            font-weight: 600;
-            color: var(--text-primary);
-            font-family: 'JetBrains Mono', 'Consolas', monospace;
-        }
-
-        .request-description {
-            color: var(--text-secondary);
-            font-size: 0.875rem;
-        }
-
-        .request-form {
-            padding: 1.5rem;
-            flex: 1;
-        }
-
-        .form-section {
-            margin-bottom: 2rem;
-        }
-
-        .form-section h3 {
-            font-size: 0.875rem;
-            font-weight: 600;
-            color: var(--text-primary);
-            margin-bottom: 1rem;
-        }
-
-        .jsonrpc-info {
-            background: var(--bg-secondary);
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            padding: 0.75rem;
-            margin-bottom: 1rem;
-            font-size: 0.875rem;
-        }
-
-        .jsonrpc-info-row {
-            display: flex;
-            align-items: center;
-            gap: 0.5rem;
-            margin-bottom: 0.25rem;
-        }
-
-        .jsonrpc-info-row:last-child {
-            margin-bottom: 0;
-        }
-
-        .jsonrpc-label {
-            font-weight: 500;
-            color: var(--text-secondary);
-            min-width: 80px;
-        }
-
-        .jsonrpc-value {
-            font-family: 'JetBrains Mono', 'Consolas', monospace;
-            color: var(--text-primary);
-        }
-
-        .code-editor {
-            width: 100%;
-            min-height: 200px;
-            padding: 1rem;
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            background: var(--bg-secondary);
-            color: var(--text-primary);
-            font-family: 'JetBrains Mono', 'Consolas', monospace;
-            font-size: 0.875rem;
-            resize: vertical;
-        }
-
-        .send-button {
-            background: var(--success-color);
-            color: white;
-            padding: 0.75rem 1.5rem;
-            font-weight: 600;
-        }
-
-        .send-button:hover {
-            background: #059669;
-        }
-
-        .send-button:disabled {
-            background: var(--text-muted);
-            cursor: not-allowed;
-        }
-
-        /* Response panel */
-        .response-panel {
-            background: var(--bg-primary);
-            border-top: 1px solid var(--border-color);
-            max-height: 50vh;
-            overflow-y: auto;
-        }
-
-        .response-header {
-            padding: 1rem 1.5rem;
-            border-bottom: 1px solid var(--border-color);
-            display: flex;
-            align-items: center;
-            justify-content: space-between;
-        }
-
-        .response-title {
-            font-size: 0.875rem;
-            font-weight: 600;
-            color: var(--text-primary);
-        }
-
-        .response-status {
-            padding: 0.25rem 0.75rem;
-            border-radius: var(--radius-sm);
-            font-size: 0.75rem;
-            font-weight: 600;
-        }
-
-        .status-success { background: #dcfce7; color: #166534; }
-        .status-error { background: #fee2e2; color: #991b1b; }
-
-        .response-content {
-            padding: 1.5rem;
-        }
-
-        .response-body {
-            background: var(--bg-secondary);
-            border: 1px solid var(--border-color);
-            border-radius: var(--radius-md);
-            padding: 1rem;
-            font-family: 'JetBrains Mono', 'Consolas', monospace;
-            font-size: 0.875rem;
-            white-space: pre-wrap;
-            overflow-x: auto;
-            position: relative;
-        }
-
-        /* Dark mode toggle */
-        .theme-toggle {
-            background: var(--bg-secondary);
-            border: 1px solid var(--border-color);
-            color: var(--text-primary);
-            width: 2.5rem;
-            height: 2.5rem;
-            border-radius: var(--radius-md);
-            display: flex;
-            align-items: center;
-            justify-content: center;
-            cursor: pointer;
-        }
-
-        /* Responsive design */
-        @media (max-width: 768px) {
-            .app-container {
-                flex-direction: column;
-            }
-
-            .sidebar {
-                width: 100%;
-                height: auto;
-                border-right: none;
-                border-bottom: 1px solid var(--border-color);
-            }
-        }
-
-        /* Loading states */
-        .loading {
-            opacity: 0.6;
-            pointer-events: none;
-        }
-
-        .spinner {
-            width: 1rem;
-            height: 1rem;
-            border: 2px solid var(--border-color);
-            border-top: 2px solid var(--primary-color);
-            border-radius: 50%;
-            animation: spin 1s linear infinite;
-        }
-
-        @keyframes spin {
-            0% { transform: rotate(0deg); }
-            100% { transform: rotate(360deg); }
-        }
-
-        /* Error states */
-        .error-message {
-            background: #fee2e2;
-            color: #991b1b;
-            padding: 0.75rem;
-            border-radius: var(--radius-md);
-            font-size: 0.875rem;
-            margin-bottom: 1rem;
-        }
-
-        /* Copy button */
-        .copy-btn {
-            position: absolute;
-            top: 0.5rem;
-            right: 0.5rem;
-            background: var(--bg-primary);
-            border: 1px solid var(--border-color);
-            color: var(--text-secondary);
-            padding: 0.25rem 0.5rem;
-            border-radius: var(--radius-sm);
-            font-size: 0.75rem;
-            cursor: pointer;
-        }
-
-        .copy-btn:hover {
-            background: var(--bg-tertiary);
-        }
-
-        /* Toast notifications */
-        .toast {
-            position: fixed;
-            bottom: 2rem;
-            right: 2rem;
-            background: var(--bg-primary);
-            border: 1px solid var(--border-color);
-            padding: 0.75rem 1rem;
-            border-radius: var(--radius-md);
-            box-shadow: var(--shadow-lg);
-            display: flex;
-            align-items: center;
-            gap: 0.5rem;
-            transform: translateY(100px);
-            opacity: 0;
-            transition: all 0.3s;
-            z-index: 1000;
-        }
-
-        .toast.show {
-            transform: translateY(0);
-            opacity: 1;
-        }
-
-        .toast.success {
-            border-color: var(--success-color);
-        }
-
-        .toast.error {
-            border-color: var(--error-color);
-        }
-
-        .permissions-list {
-            display: flex;
-            flex-wrap: wrap;
-            gap: 0.25rem;
-            margin-top: 0.5rem;
-        }
-
-        .permission-badge {
-            background: var(--bg-tertiary);
-            color: var(--text-secondary);
-            padding: 0.125rem 0.5rem;
-            border-radius: var(--radius-sm);
-            font-size: 0.75rem;
-        }
-    </style>
-</head>
-<body>
-    <div class="app-container">
-        <!-- Sidebar -->
-        <div class="sidebar">
-            <!-- Authentication Section -->
-            <div class="auth-section">
-                <div class="auth-title">
-                    <span class="auth-status" id="auth-status"></span>
-                    Authentication
-                </div>
-                <div class="input-group">
-                    <label class="input-label" for="jwt-token">JWT Token</label>
-                    <input type="password" id="jwt-token" class="input-field" placeholder="Enter your JWT token...">
-                </div>
-                <label style="display: flex; align-items: center; gap: 0.5rem; font-size: 0.75rem; color: var(--text-secondary); margin-bottom: 0.75rem;">
-                    <input type="checkbox" id="remember-token">
-                    Remember for this tab
-                </label>
-                <div style="display: flex; gap: 0.5rem;">
-                    <button id="save-token" class="btn btn-primary btn-sm">Save Token</button>
-                    <button id="clear-token" class="btn btn-secondary btn-sm">Clear</button>
-                </div>
-            </div>
-
-            <!-- Search -->
-            <div class="search-container">
-                <input type="text" id="method-search" class="search-input" placeholder="Search methods...">
-            </div>
-
-            <!-- Methods List -->
-            <div class="methods-section">
-                <div class="methods-list" id="methods-list">
-                    <!-- Methods will be populated by JavaScript -->
-                </div>
-            </div>
-        </div>
-
-        <!-- Main Content -->
-        <div class="main-content">
-            <!-- Header -->
-            <div class="header">
-                <h1>{SERVICE_NAME} JSON-RPC Explorer</h1>
-                <div class="header-actions">
-                    <button class="theme-toggle" id="theme-toggle" title="Toggle dark mode">
-                        🌙
-                    </button>
-                </div>
-            </div>
-
-            <!-- Request Panel -->
-            <div class="request-panel" id="request-panel">
-                <div class="request-header">
-                    <div class="request-title">
-                        <h2 id="current-method">Select a method</h2>
-                    </div>
-                    <div class="request-description" id="current-description">
-                        Choose a method from the sidebar to get started
-                    </div>
-                </div>
-
-                <div class="request-form" id="request-form">
-                    <p style="color: var(--text-muted);">Select a method to see the request form</p>
-                </div>
-            </div>
-
-            <!-- Response Panel -->
-            <div class="response-panel" id="response-panel" style="display: none;">
-                <div class="response-header">
-                    <div class="response-title">Response</div>
-                    <div class="response-status" id="response-status"></div>
-                </div>
-                <div class="response-content">
-                    <div class="response-body" id="response-body">
-                        <button class="copy-btn" id="copy-response" title="Copy response">Copy</button>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-
-    <!-- Toast container -->
-    <div id="toast" class="toast"></div>
-
-    <script>
-        // HTML escape function to prevent XSS
-        function escapeHtml(unsafe) {
-            // Convert to string if not already
-            if (typeof unsafe !== 'string') {
-                unsafe = String(unsafe || '');
-            }
-            return unsafe
-                .replace(/&/g, "&amp;")
-                .replace(/</g, "&lt;")
-                .replace(/>/g, "&gt;")
-                .replace(/"/g, "&quot;")
-                .replace(/'/g, "&#039;");
-        }
-        
-        // Get type string from a property schema
-        function getTypeString(prop) {
-            if (!prop) return 'any';
-            
-            // Direct type
-            if (prop.type) {
-                if (typeof prop.type === 'string') {
-                    return prop.type;
-                }
-                if (Array.isArray(prop.type)) {
-                    return prop.type.join(' | ');
-                }
-            }
-            
-            // Handle anyOf (typically used for Option<T>)
-            if (prop.anyOf && Array.isArray(prop.anyOf)) {
-                const types = prop.anyOf.map(schema => {
-                    if (schema.type === 'null') return 'null';
-                    if (schema.type) return schema.type;
-                    if (schema.$ref) {
-                        const refName = schema.$ref.split('/').pop();
-                        return refName;
-                    }
-                    return 'object';
-                });
-                // For Option<T>, show as "T | null" or "T?"
-                if (types.includes('null') && types.length === 2) {
-                    const nonNullType = types.find(t => t !== 'null');
-                    return `${nonNullType}?`;
-                }
-                return types.join(' | ');
-            }
-            
-            // Handle oneOf
-            if (prop.oneOf && Array.isArray(prop.oneOf)) {
-                const types = prop.oneOf.map(schema => {
-                    if (schema.type) return schema.type;
-                    if (schema.$ref) {
-                        const refName = schema.$ref.split('/').pop();
-                        return refName;
-                    }
-                    return 'object';
-                });
-                return types.join(' | ');
-            }
-            
-            // Handle reference
-            if (prop.$ref) {
-                const refName = prop.$ref.split('/').pop();
-                return refName;
-            }
-            
-            return 'any';
-        }
-
-        // Global state
-        let openrpcDoc = null;
-        let currentMethod = null;
-        let jwtToken = '';
-
-        // Initialize the application
-        document.addEventListener('DOMContentLoaded', async () => {
-            await loadOpenRPCDoc();
-            initializeAuth();
-            initializeTheme();
-            initializeEventListeners();
-            renderMethods();
-        });
-
-        // Load OpenRPC document
-        async function loadOpenRPCDoc() {
-            try {
-                const response = await fetch('{OPENRPC_PATH}');
-                openrpcDoc = await response.json();
-                console.log('OpenRPC document loaded:', openrpcDoc);
-            } catch (error) {
-                console.error('Failed to load OpenRPC document:', error);
-                showToast('Failed to load API specification', 'error');
-            }
-        }
-
-        // Initialize authentication
-        function initializeAuth() {
-            const tokenInput = document.getElementById('jwt-token');
-            const authStatus = document.getElementById('auth-status');
-            const rememberToken = document.getElementById('remember-token');
-            const rememberedToken = sessionStorage.getItem('jwt-token') || '';
-            
-            if (rememberedToken) {
-                jwtToken = rememberedToken;
-                tokenInput.value = jwtToken;
-                rememberToken.checked = true;
-                authStatus.classList.add('authenticated');
-            }
-        }
-
-        // Initialize theme
-        function initializeTheme() {
-            const savedTheme = localStorage.getItem('theme') || 'light';
-            if (savedTheme === 'dark') {
-                document.documentElement.setAttribute('data-theme', 'dark');
-                document.getElementById('theme-toggle').textContent = '☀️';
-            }
-        }
-
-        // Initialize event listeners
-        function initializeEventListeners() {
-            // Authentication
-            document.getElementById('save-token').addEventListener('click', saveToken);
-            document.getElementById('clear-token').addEventListener('click', clearToken);
-            
-            // Theme toggle
-            document.getElementById('theme-toggle').addEventListener('click', toggleTheme);
-            
-            // Search
-            document.getElementById('method-search').addEventListener('input', filterMethods);
-            
-            // Copy response
-            document.getElementById('copy-response').addEventListener('click', copyResponse);
-        }
-
-        // Save JWT token
-        function saveToken() {
-            const tokenInput = document.getElementById('jwt-token');
-            const authStatus = document.getElementById('auth-status');
-            const rememberToken = document.getElementById('remember-token');
-            
-            jwtToken = tokenInput.value.trim();
-            sessionStorage.removeItem('jwt-token');
-            if (jwtToken && rememberToken.checked) {
-                sessionStorage.setItem('jwt-token', jwtToken);
-            }
-            
-            if (jwtToken) {
-                authStatus.classList.add('authenticated');
-                showToast(rememberToken.checked ? 'Token saved for this tab' : 'Token ready for this page', 'success');
-            } else {
-                authStatus.classList.remove('authenticated');
-            }
-        }
-
-        // Clear JWT token
-        function clearToken() {
-            jwtToken = '';
-            sessionStorage.removeItem('jwt-token');
-            document.getElementById('jwt-token').value = '';
-            document.getElementById('remember-token').checked = false;
-            document.getElementById('auth-status').classList.remove('authenticated');
-            showToast('Token cleared', 'success');
-        }
-
-        // Toggle theme
-        function toggleTheme() {
-            const currentTheme = document.documentElement.getAttribute('data-theme');
-            const newTheme = currentTheme === 'dark' ? 'light' : 'dark';
-            
-            document.documentElement.setAttribute('data-theme', newTheme);
-            localStorage.setItem('theme', newTheme);
-            
-            const toggle = document.getElementById('theme-toggle');
-            toggle.textContent = newTheme === 'dark' ? '☀️' : '🌙';
-        }
-
-        // Render methods list
-        function renderMethods() {
-            if (!openrpcDoc || !openrpcDoc.methods) return;
-            
-            const container = document.getElementById('methods-list');
-            container.innerHTML = '';
-            
-            openrpcDoc.methods.forEach(method => {
-                const methodEl = createMethodElement(method);
-                container.appendChild(methodEl);
-            });
-        }
-
-        // Create method element
-        function createMethodElement(method) {
-            const div = document.createElement('div');
-            div.className = 'method-item';
-            div.dataset.method = method.name;
-            
-            const isProtected = method['x-authentication'] !== false;
-            const permissions = method['x-permissions'] || [];
-            
-            let permissionsHtml = '';
-            if (permissions.length > 0) {
-                permissionsHtml = `
-                    <div class="permissions-list">
-                        ${permissions.map(p => `<span class="permission-badge">${escapeHtml(p)}</span>`).join('')}
-                    </div>
-                `;
-            }
-            
-            div.innerHTML = `
-                <div class="method-header">
-                    <span class="method-name">${escapeHtml(method.name)}</span>
-                    <span class="auth-indicator ${isProtected ? 'protected' : ''}">
-                        ${isProtected ? '🔒' : '🌐'}
-                    </span>
-                </div>
-                ${method.summary ? `<div class="method-description">${escapeHtml(method.summary)}</div>` : ''}
-                ${permissionsHtml}
-            `;
-            
-            div.addEventListener('click', () => selectMethod(method));
-            
-            return div;
-        }
-
-        // Select method
-        function selectMethod(method) {
-            // Update UI state
-            document.querySelectorAll('.method-item').forEach(el => el.classList.remove('active'));
-            const safeMethodSelector = CSS.escape ? CSS.escape(method.name) : method.name.replace(/[\"]/g, '\\$&');
-            document.querySelector(`[data-method="${safeMethodSelector}"]`).classList.add('active');
-            
-            currentMethod = method;
-            
-            // Update request panel
-            updateRequestPanel(method);
-        }
-
-        // Update request panel
-        function updateRequestPanel(method) {
-            document.getElementById('current-method').textContent = method.name;
-            document.getElementById('current-description').textContent = method.description || method.summary || '';
-            
-            // Generate request form
-            const formContainer = document.getElementById('request-form');
-            formContainer.innerHTML = generateRequestForm(method);
-            
-            // Add form event listeners
-            const sendButton = document.getElementById('send-request');
-            if (sendButton) {
-                sendButton.addEventListener('click', () => sendRequest(method));
-            }
-        }
-
-        // Generate request form
-        function generateRequestForm(method) {
-            let html = '';
-            
-            // JSON-RPC info section
-            html += `
-                <div class="form-section">
-                    <h3>JSON-RPC Request Info</h3>
-                    <div class="jsonrpc-info">
-                        <div class="jsonrpc-info-row">
-                            <span class="jsonrpc-label">Version:</span>
-                            <span class="jsonrpc-value">2.0</span>
-                        </div>
-                        <div class="jsonrpc-info-row">
-                            <span class="jsonrpc-label">Method:</span>
-                            <span class="jsonrpc-value">${escapeHtml(method.name)}</span>
-                        </div>
-                        <div class="jsonrpc-info-row">
-                            <span class="jsonrpc-label">Request ID:</span>
-                            <span class="jsonrpc-value" id="request-id">${generateRequestId()}</span>
-                        </div>
-                    </div>
-                </div>
-            `;
-            
-            // Parameters section
-            if (method.params && method.params.length > 0) {
-                const param = method.params[0];
-                const paramsSchema = param.schema;
-                const resolvedSchema = resolveSchemaRef(paramsSchema);
-                // Use the parameter's example if provided, otherwise generate from schema
-                const example = param.example || generateExampleFromSchema(paramsSchema);
-                
-                // Display parameter information
-                let paramInfo = '';
-                if (resolvedSchema && resolvedSchema.properties) {
-                    paramInfo = `
-                        <div style="margin-bottom: 1rem; padding: 1rem; background: var(--bg-secondary); border: 1px solid var(--border-color); border-radius: var(--radius-md);">
-                            <div style="font-size: 0.875rem; color: var(--text-secondary); margin-bottom: 0.75rem;">
-                                <strong>Parameters:</strong>
-                            </div>
-                            ${Object.entries(resolvedSchema.properties).map(([key, prop]) => {
-                                const required = resolvedSchema.required && resolvedSchema.required.includes(key);
-                                const propType = getTypeString(prop);
-                                const description = prop.description || '';
-                                return `
-                                    <div style="margin-bottom: 0.5rem; padding-left: 1rem;">
-                                        <code style="font-family: 'JetBrains Mono', monospace; color: var(--primary-color);">${escapeHtml(key)}</code>
-                                        <span style="color: var(--text-muted); font-size: 0.75rem;">
-                                            (${escapeHtml(propType)}${required ? ', required' : ''})
-                                        </span>
-                                        ${description ? `<div style="color: var(--text-secondary); font-size: 0.75rem; margin-left: 1rem;">${escapeHtml(description)}</div>` : ''}
-                                    </div>
-                                `;
-                            }).join('')}
-                        </div>
-                    `;
-                }
-                
-                html += `
-                    <div class="form-section">
-                        <h3>Parameters</h3>
-                        ${paramInfo}
-                        <textarea class="code-editor" id="request-params" placeholder="Enter JSON parameters...">${
-                            JSON.stringify(example, null, 2)
-                        }</textarea>
-                    </div>
-                `;
-            } else {
-                html += `
-                    <div class="form-section">
-                        <h3>Parameters</h3>
-                        <p style="color: var(--text-muted); font-size: 0.875rem;">This method has no parameters</p>
-                    </div>
-                `;
-            }
-            
-            // Authentication info
-            if (method['x-authentication'] !== false) {
-                const permissions = method['x-permissions'] || [];
-                html += `
-                    <div class="form-section">
-                        <h3>Authentication Required</h3>
-                        ${permissions.length > 0 ? `
-                            <p style="color: var(--text-secondary); font-size: 0.875rem; margin-bottom: 0.5rem;">
-                                Required permissions:
-                            </p>
-                            <div class="permissions-list">
-                                ${permissions.map(p => `<span class="permission-badge">${escapeHtml(p)}</span>`).join('')}
-                            </div>
-                        ` : `
-                            <p style="color: var(--text-secondary); font-size: 0.875rem;">
-                                This method requires authentication but no specific permissions.
-                            </p>
-                        `}
-                    </div>
-                `;
-            }
-            
-            // Send button
-            html += `
-                <div class="form-section">
-                    <button id="send-request" class="btn send-button">
-                        <span>Send Request</span>
-                    </button>
-                </div>
-            `;
-            
-            return html;
-        }
-
-        // Generate unique request ID
-        function generateRequestId() {
-            return `req_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
-        }
-
-        // Resolve schema reference
-        function resolveSchemaRef(schemaOrRef) {
-            if (!schemaOrRef) return null;
-            
-            // If it's a reference, resolve it
-            if (schemaOrRef['$ref']) {
-                const refPath = schemaOrRef['$ref'];
-                if (refPath.startsWith('#/components/schemas/')) {
-                    const schemaName = refPath.replace('#/components/schemas/', '');
-                    return openrpcDoc?.components?.schemas?.[schemaName] || null;
-                }
-            }
-            
-            // Otherwise return as-is
-            return schemaOrRef;
-        }
-
-        // Generate example from schema
-        function generateExampleFromSchema(schemaOrRef) {
-            const schema = resolveSchemaRef(schemaOrRef);
-            if (!schema) return {};
-            
-            if (schema.examples && schema.examples.length > 0) {
-                return schema.examples[0];
-            }
-            
-            if (schema.example) return schema.example;
-            
-            // Handle oneOf/anyOf schemas
-            if (schema.oneOf && schema.oneOf.length > 0) {
-                // Pick first non-null variant for better examples
-                const nonNullSchema = schema.oneOf.find(s => s.type !== 'null');
-                return generateExampleFromSchema(nonNullSchema || schema.oneOf[0]);
-            }
-            
-            if (schema.anyOf && schema.anyOf.length > 0) {
-                // For Option<T> (anyOf with null), generate example of T rather than null
-                const nonNullSchema = schema.anyOf.find(s => s.type !== 'null');
-                if (nonNullSchema) {
-                    return generateExampleFromSchema(nonNullSchema);
-                }
-                return generateExampleFromSchema(schema.anyOf[0]);
-            }
-            
-            if (schema.type === 'object' && schema.properties) {
-                const example = {};
-                Object.entries(schema.properties).forEach(([key, prop]) => {
-                    example[key] = generateExampleFromSchema(prop);
-                });
-                return example;
-            }
-            
-            if (schema.type === 'array') {
-                return [];
-            }
-            
-            if (schema.type === 'string') {
-                return schema.example || `example_${Math.random().toString(36).substr(2, 9)}`;
-            }
-            
-            if (schema.type === 'number' || schema.type === 'integer') {
-                return schema.example || 0;
-            }
-            
-            if (schema.type === 'boolean') {
-                return schema.example || false;
-            }
-            
-            return null;
-        }
-
-        // Send request
-        async function sendRequest(method) {
-            const sendButton = document.getElementById('send-request');
-            const originalText = sendButton.innerHTML;
-            sendButton.innerHTML = '<span class="spinner"></span> Sending...';
-            sendButton.disabled = true;
-            
-            try {
-                // Build JSON-RPC request
-                const requestId = document.getElementById('request-id').textContent;
-                const request = {
-                    jsonrpc: "2.0",
-                    method: method.name,
-                    id: requestId
-                };
-                
-                // Add parameters if present
-                if (method.params && method.params.length > 0) {
-                    const paramsEditor = document.getElementById('request-params');
-                    if (paramsEditor && paramsEditor.value.trim()) {
-                        try {
-                            request.params = JSON.parse(paramsEditor.value);
-                        } catch (e) {
-                            throw new Error('Invalid JSON in parameters');
-                        }
-                    }
-                }
-                
-                // Build request options
-                const options = {
-                    method: 'POST',
-                    headers: {
-                        'Content-Type': 'application/json',
-                    },
-                    body: JSON.stringify(request)
-                };
-                
-                // Add authorization header if token exists
-                if (jwtToken) {
-                    options.headers['Authorization'] = `Bearer ${jwtToken}`;
-                }
-                
-                // Use the configured RPC base path
-                const rpcEndpoint = '{RPC_BASE_PATH}';
-                
-                // Make request to the JSON-RPC endpoint
-                const response = await fetch(rpcEndpoint, options);
-                const responseData = await response.json();
-                
-                // Show response
-                showResponse(responseData);
-                
-            } catch (error) {
-                console.error('Request failed:', error);
-                showToast(error.message, 'error');
-            } finally {
-                sendButton.innerHTML = originalText;
-                sendButton.disabled = false;
-            }
-        }
-
-        // Show response
-        function showResponse(data) {
-            const panel = document.getElementById('response-panel');
-            const statusEl = document.getElementById('response-status');
-            const bodyEl = document.getElementById('response-body');
-            
-            panel.style.display = 'block';
-            
-            // Check if it's an error response
-            const isError = data.error !== undefined;
-            
-            // Update status
-            statusEl.className = `response-status ${isError ? 'status-error' : 'status-success'}`;
-            statusEl.textContent = isError ? 'Error' : 'Success';
-            
-            // Update body (excluding the copy button)
-            const copyBtn = bodyEl.querySelector('.copy-btn');
-            bodyEl.textContent = JSON.stringify(data, null, 2);
-            if (copyBtn) {
-                bodyEl.appendChild(copyBtn);
-            }
-        }
-
-        // Copy response
-        async function copyResponse() {
-            const bodyEl = document.getElementById('response-body');
-            const textContent = bodyEl.textContent.replace('Copy', '').trim();
-            
-            try {
-                await navigator.clipboard.writeText(textContent);
-                showToast('Response copied to clipboard', 'success');
-            } catch (error) {
-                console.error('Failed to copy:', error);
-                showToast('Failed to copy response', 'error');
-            }
-        }
-
-        // Filter methods
-        function filterMethods() {
-            const query = document.getElementById('method-search').value.toLowerCase();
-            const methods = document.querySelectorAll('.method-item');
-            
-            methods.forEach(method => {
-                const name = method.dataset.method.toLowerCase();
-                const text = method.textContent.toLowerCase();
-                
-                if (name.includes(query) || text.includes(query)) {
-                    method.style.display = 'block';
-                } else {
-                    method.style.display = 'none';
-                }
-            });
-        }
-
-        // Show toast notification
-        function showToast(message, type = 'success') {
-            const toast = document.getElementById('toast');
-            toast.textContent = message;
-            toast.className = `toast ${type}`;
-            toast.classList.add('show');
-            
-            setTimeout(() => {
-                toast.classList.remove('show');
-            }, 3000);
-        }
-    </script>
-</body>
-</html>
diff --git a/crates/rpc/ras-jsonrpc-macro/src/static_hosting.rs b/crates/rpc/ras-jsonrpc-macro/src/static_hosting.rs
index 60b6b9d..f2eb4b6 100644
--- a/crates/rpc/ras-jsonrpc-macro/src/static_hosting.rs
+++ b/crates/rpc/ras-jsonrpc-macro/src/static_hosting.rs
@@ -29,12 +29,9 @@ pub fn generate_static_hosting_code(
         return TokenStream::new();
     }
 
-    // Load the template content at macro compile time
-    const TEMPLATE_CONTENT: &str = include_str!("jsonrpc_explorer_template.html");
+    const TEMPLATE_CONTENT: &str = include_str!("api_explorer_template.html");
 
     let explorer_path_suffix = &config.explorer_path;
-    // Use path relative to explorer directory
-    let openrpc_path_js = "explorer/openrpc.json".to_string();
     let service_name_str = service_name.to_string();
     let service_name_lower = service_name_str.to_lowercase();
     let openrpc_fn_name_str = ["generate_", &service_name_lower, "_openrpc"].concat();
@@ -55,17 +52,21 @@ pub fn generate_static_hosting_code(
 
             let serve_explorer = {
                 let base_path = base_path.to_string();
-                move || async move {
-                    // Template is embedded at macro expansion time
-                    const TEMPLATE: &str = #template_lit;
+                let openrpc_path = openrpc_path.clone();
+                move || {
+                    let base_path = base_path.clone();
+                    let openrpc_path = openrpc_path.clone();
+                    async move {
+                        const TEMPLATE: &str = #template_lit;
 
-                    // Replace placeholders
-                    let html = TEMPLATE
-                        .replace("{SERVICE_NAME}", #service_name_str)
-                        .replace("{OPENRPC_PATH}", &#openrpc_path_js)
-                        .replace("{RPC_BASE_PATH}", &base_path);
+                        let html = TEMPLATE
+                            .replace("{SERVICE_NAME_JSON}", &::serde_json::to_string(#service_name_str).unwrap_or_else(|_| "\"API\"".to_string()))
+                            .replace("{PROTOCOL_JSON}", &::serde_json::to_string("jsonrpc").unwrap_or_else(|_| "\"jsonrpc\"".to_string()))
+                            .replace("{SPEC_PATH_JSON}", &::serde_json::to_string(&openrpc_path).unwrap_or_else(|_| "\"openrpc.json\"".to_string()))
+                            .replace("{API_BASE_PATH_JSON}", &::serde_json::to_string(&base_path).unwrap_or_else(|_| "\"/\"".to_string()));
 
-                    Html(html)
+                        Html(html)
+                    }
                 }
             };
 
diff --git a/crates/rpc/ras-jsonrpc-macro/tests/explorer_test.rs b/crates/rpc/ras-jsonrpc-macro/tests/explorer_test.rs
index 28f04a4..4d0c0d1 100644
--- a/crates/rpc/ras-jsonrpc-macro/tests/explorer_test.rs
+++ b/crates/rpc/ras-jsonrpc-macro/tests/explorer_test.rs
@@ -61,8 +61,11 @@ mod tests {
         assert_eq!(response.status(), 200);
 
         let content = response.text().await.unwrap();
-        assert!(content.contains("UserService JSON-RPC Explorer"));
-        assert!(content.contains("Authentication"));
+        assert!(content.contains("\"UserService\""));
+        assert!(content.contains("Bearer token"));
+        assert!(content.contains("Saved requests"));
+        assert!(content.contains("History"));
+        assert!(content.contains("\"jsonrpc\""));
 
         // Test that the OpenRPC document is accessible
         let response = reqwest::get(format!("http://{}/explorer/openrpc.json", addr))
diff --git a/crates/rpc/ras-jsonrpc-macro/tests/explorer_token_storage_test.rs b/crates/rpc/ras-jsonrpc-macro/tests/explorer_token_storage_test.rs
index cd5704a..5c92e87 100644
--- a/crates/rpc/ras-jsonrpc-macro/tests/explorer_token_storage_test.rs
+++ b/crates/rpc/ras-jsonrpc-macro/tests/explorer_token_storage_test.rs
@@ -1,8 +1,10 @@
 #[test]
 fn test_generated_explorer_does_not_store_jwt_in_local_storage() {
-    let template = include_str!("../src/jsonrpc_explorer_template.html");
+    let template = include_str!("../src/api_explorer_template.html");
     assert!(!template.contains("localStorage.getItem('jwt-token')"));
     assert!(!template.contains("localStorage.setItem('jwt-token'"));
     assert!(!template.contains("localStorage.removeItem('jwt-token'"));
-    assert!(template.contains("sessionStorage.setItem('jwt-token'"));
+    assert!(!template.contains("localStorage.setItem(`${storagePrefix}:bearer-token`"));
+    assert!(template.contains("sessionStorage.setItem(`${storagePrefix}:${key}`"));
+    assert!(template.contains("localStorage.setItem(\"ras-explorer-theme\""));
 }
diff --git a/tests/playwright/README.md b/tests/playwright/README.md
new file mode 100644
index 0000000..e23142c
--- /dev/null
+++ b/tests/playwright/README.md
@@ -0,0 +1,28 @@
+# API Explorer Playwright Tests
+
+These tests exercise the generated REST and JSON-RPC API explorers in a real
+browser. Dedicated Rust fixture servers are started by Playwright.
+
+## Local setup
+
+```bash
+npm --prefix tests/playwright install
+npm --prefix tests/playwright run install:browsers
+npm --prefix tests/playwright test
+```
+
+For headed debugging:
+
+```bash
+npm --prefix tests/playwright run test:headed
+```
+
+The fixtures use:
+
+- REST: `http://127.0.0.1:3101/api/v1/docs`
+- JSON-RPC: `http://127.0.0.1:3102/rpc/explorer`
+
+Test tokens:
+
+- `user-token`
+- `admin-token`
diff --git a/tests/playwright/fixtures/jsonrpc-fixture/Cargo.toml b/tests/playwright/fixtures/jsonrpc-fixture/Cargo.toml
new file mode 100644
index 0000000..84ce56e
--- /dev/null
+++ b/tests/playwright/fixtures/jsonrpc-fixture/Cargo.toml
@@ -0,0 +1,23 @@
+[package]
+name = "playwright-jsonrpc-fixture"
+version = "0.0.0"
+edition = "2024"
+publish = false
+
+[features]
+default = ["server"]
+server = ["ras-jsonrpc-macro/server"]
+client = ["ras-jsonrpc-macro/client"]
+
+[dependencies]
+anyhow = { workspace = true }
+axum = { workspace = true }
+ras-auth-core = { path = "../../../../crates/core/ras-auth-core" }
+ras-jsonrpc-core = { path = "../../../../crates/rpc/ras-jsonrpc-core" }
+ras-jsonrpc-macro = { path = "../../../../crates/rpc/ras-jsonrpc-macro" }
+ras-jsonrpc-types = { path = "../../../../crates/rpc/ras-jsonrpc-types" }
+reqwest = { workspace = true }
+schemars = { workspace = true }
+serde = { workspace = true }
+serde_json = { workspace = true }
+tokio = { workspace = true }
diff --git a/tests/playwright/fixtures/jsonrpc-fixture/src/main.rs b/tests/playwright/fixtures/jsonrpc-fixture/src/main.rs
new file mode 100644
index 0000000..18fa869
--- /dev/null
+++ b/tests/playwright/fixtures/jsonrpc-fixture/src/main.rs
@@ -0,0 +1,105 @@
+use std::collections::HashSet;
+
+use anyhow::Result;
+use axum::Router;
+use ras_jsonrpc_core::{AuthError, AuthFuture, AuthProvider, AuthenticatedUser};
+use ras_jsonrpc_macro::jsonrpc_service;
+use schemars::JsonSchema;
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct PingRequest {
+    pub message: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct PingResponse {
+    pub message: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct CreateWidgetRequest {
+    pub name: String,
+    pub owner: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct Widget {
+    pub id: String,
+    pub name: String,
+    pub owner: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct ProfileResponse {
+    pub user_id: String,
+    pub permissions: Vec<String>,
+}
+
+jsonrpc_service!({
+    service_name: ExplorerRpcFixture,
+    openrpc: true,
+    explorer: true,
+    methods: [
+        UNAUTHORIZED ping(PingRequest) -> PingResponse,
+        UNAUTHORIZED no_params(()) -> String,
+        WITH_PERMISSIONS(["admin"]) create_widget(CreateWidgetRequest) -> Widget,
+        WITH_PERMISSIONS(["user"]) current_profile(()) -> ProfileResponse,
+    ]
+});
+
+struct FixtureAuthProvider;
+
+impl AuthProvider for FixtureAuthProvider {
+    fn authenticate(&self, token: String) -> AuthFuture<'_> {
+        Box::pin(async move {
+            let (user_id, permissions) = match token.as_str() {
+                "user-token" => ("user-1", vec!["user"]),
+                "admin-token" => ("admin-1", vec!["user", "admin"]),
+                _ => return Err(AuthError::InvalidToken),
+            };
+
+            Ok(AuthenticatedUser {
+                user_id: user_id.to_string(),
+                permissions: permissions
+                    .into_iter()
+                    .map(str::to_string)
+                    .collect::<HashSet<_>>(),
+                metadata: None,
+            })
+        })
+    }
+}
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    let rpc_router = ExplorerRpcFixtureBuilder::new("/rpc")
+        .auth_provider(FixtureAuthProvider)
+        .ping_handler(|request| async move {
+            Ok(PingResponse {
+                message: format!("pong: {}", request.message),
+            })
+        })
+        .no_params_handler(|_request| async move { Ok("no params ok".to_string()) })
+        .create_widget_handler(|_user, request| async move {
+            Ok(Widget {
+                id: "rpc-created-widget".to_string(),
+                name: request.name,
+                owner: request.owner,
+            })
+        })
+        .current_profile_handler(|user, _request| async move {
+            Ok(ProfileResponse {
+                user_id: user.user_id.clone(),
+                permissions: user.permissions.iter().cloned().collect(),
+            })
+        })
+        .build()
+        .expect("fixture JSON-RPC service should build");
+
+    let app = Router::new().merge(rpc_router);
+    let listener = tokio::net::TcpListener::bind("127.0.0.1:3102").await?;
+    axum::serve(listener, app).await?;
+
+    Ok(())
+}
diff --git a/tests/playwright/fixtures/rest-fixture/Cargo.toml b/tests/playwright/fixtures/rest-fixture/Cargo.toml
new file mode 100644
index 0000000..7254c85
--- /dev/null
+++ b/tests/playwright/fixtures/rest-fixture/Cargo.toml
@@ -0,0 +1,25 @@
+[package]
+name = "playwright-rest-fixture"
+version = "0.0.0"
+edition = "2024"
+publish = false
+
+[features]
+default = ["server"]
+server = ["ras-rest-macro/server"]
+client = ["ras-rest-macro/client"]
+
+[dependencies]
+anyhow = { workspace = true }
+async-trait = { workspace = true }
+axum = { workspace = true }
+axum-extra = { workspace = true }
+ras-auth-core = { path = "../../../../crates/core/ras-auth-core" }
+ras-rest-core = { path = "../../../../crates/rest/ras-rest-core" }
+ras-rest-macro = { path = "../../../../crates/rest/ras-rest-macro" }
+reqwest = { workspace = true }
+schemars = { workspace = true }
+serde = { workspace = true }
+serde_json = { workspace = true }
+tokio = { workspace = true }
+tracing = { workspace = true }
diff --git a/tests/playwright/fixtures/rest-fixture/src/main.rs b/tests/playwright/fixtures/rest-fixture/src/main.rs
new file mode 100644
index 0000000..253fa84
--- /dev/null
+++ b/tests/playwright/fixtures/rest-fixture/src/main.rs
@@ -0,0 +1,146 @@
+use std::collections::HashSet;
+
+use anyhow::Result;
+use ras_auth_core::{AuthError, AuthFuture, AuthProvider, AuthenticatedUser};
+use ras_rest_core::{RestResponse, RestResult};
+use ras_rest_macro::rest_service;
+use schemars::JsonSchema;
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct HealthResponse {
+    pub status: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct Widget {
+    pub id: String,
+    pub name: String,
+    pub owner: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct WidgetsResponse {
+    pub widgets: Vec<Widget>,
+    pub total: usize,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct CreateWidgetRequest {
+    pub name: String,
+    pub owner: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
+pub struct ProfileResponse {
+    pub user_id: String,
+    pub permissions: Vec<String>,
+}
+
+rest_service!({
+    service_name: ExplorerRestFixture,
+    base_path: "/api/v1",
+    openapi: true,
+    serve_docs: true,
+    docs_path: "/docs",
+    endpoints: [
+        GET UNAUTHORIZED health() -> HealthResponse,
+        GET UNAUTHORIZED widgets/{id: String}() -> Widget,
+        GET UNAUTHORIZED search/widgets ? q: String & limit: Option<u32> () -> WidgetsResponse,
+        POST WITH_PERMISSIONS(["admin"]) widgets(CreateWidgetRequest) -> Widget,
+        GET WITH_PERMISSIONS(["user"]) profile() -> ProfileResponse,
+    ]
+});
+
+struct FixtureAuthProvider;
+
+impl AuthProvider for FixtureAuthProvider {
+    fn authenticate(&self, token: String) -> AuthFuture<'_> {
+        Box::pin(async move {
+            let (user_id, permissions) = match token.as_str() {
+                "user-token" => ("user-1", vec!["user"]),
+                "admin-token" => ("admin-1", vec!["user", "admin"]),
+                _ => return Err(AuthError::InvalidToken),
+            };
+
+            Ok(AuthenticatedUser {
+                user_id: user_id.to_string(),
+                permissions: permissions
+                    .into_iter()
+                    .map(str::to_string)
+                    .collect::<HashSet<_>>(),
+                metadata: None,
+            })
+        })
+    }
+}
+
+struct FixtureService;
+
+#[async_trait::async_trait]
+impl ExplorerRestFixtureTrait for FixtureService {
+    async fn get_health(&self) -> RestResult<HealthResponse> {
+        Ok(RestResponse::ok(HealthResponse {
+            status: "ok".to_string(),
+        }))
+    }
+
+    async fn get_widgets_by_id(&self, id: String) -> RestResult<Widget> {
+        Ok(RestResponse::ok(Widget {
+            id,
+            name: "Fixture Widget".to_string(),
+            owner: "public".to_string(),
+        }))
+    }
+
+    async fn get_search_widgets(
+        &self,
+        q: String,
+        limit: Option<u32>,
+    ) -> RestResult<WidgetsResponse> {
+        let count = limit.unwrap_or(2).min(5) as usize;
+        let widgets = (0..count)
+            .map(|idx| Widget {
+                id: format!("widget-{idx}"),
+                name: format!("{q}-{idx}"),
+                owner: "search".to_string(),
+            })
+            .collect::<Vec<_>>();
+
+        Ok(RestResponse::ok(WidgetsResponse {
+            total: widgets.len(),
+            widgets,
+        }))
+    }
+
+    async fn post_widgets(
+        &self,
+        _user: &AuthenticatedUser,
+        request: CreateWidgetRequest,
+    ) -> RestResult<Widget> {
+        Ok(RestResponse::created(Widget {
+            id: "created-widget".to_string(),
+            name: request.name,
+            owner: request.owner,
+        }))
+    }
+
+    async fn get_profile(&self, user: &AuthenticatedUser) -> RestResult<ProfileResponse> {
+        Ok(RestResponse::ok(ProfileResponse {
+            user_id: user.user_id.clone(),
+            permissions: user.permissions.iter().cloned().collect(),
+        }))
+    }
+}
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    let app = ExplorerRestFixtureBuilder::new(FixtureService)
+        .auth_provider(FixtureAuthProvider)
+        .build();
+
+    let listener = tokio::net::TcpListener::bind("127.0.0.1:3101").await?;
+    axum::serve(listener, app).await?;
+
+    Ok(())
+}
diff --git a/tests/playwright/package-lock.json b/tests/playwright/package-lock.json
new file mode 100644
index 0000000..5794c72
--- /dev/null
+++ b/tests/playwright/package-lock.json
@@ -0,0 +1,78 @@
+{
+  "name": "ras-api-explorer-e2e",
+  "version": "0.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "ras-api-explorer-e2e",
+      "version": "0.0.0",
+      "devDependencies": {
+        "@playwright/test": "1.58.2"
+      }
+    },
+    "node_modules/@playwright/test": {
+      "version": "1.58.2",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.58.2.tgz",
+      "integrity": "sha512-akea+6bHYBBfA9uQqSYmlJXn61cTa+jbO87xVLCWbTqbWadRVmhxlXATaOjOgcBaWU4ePo0wB41KMFv3o35IXA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright": "1.58.2"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/playwright": {
+      "version": "1.58.2",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.58.2.tgz",
+      "integrity": "sha512-vA30H8Nvkq/cPBnNw4Q8TWz1EJyqgpuinBcHET0YVJVFldr8JDNiU9LaWAE1KqSkRYazuaBhTpB5ZzShOezQ6A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright-core": "1.58.2"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "fsevents": "2.3.2"
+      }
+    },
+    "node_modules/playwright-core": {
+      "version": "1.58.2",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.58.2.tgz",
+      "integrity": "sha512-yZkEtftgwS8CsfYo7nm0KE8jsvm6i/PTgVtB8DL726wNf6H2IMsDuxCpJj59KDaxCtSnrWan2AeDqM7JBaultg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "playwright-core": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    }
+  }
+}
diff --git a/tests/playwright/package.json b/tests/playwright/package.json
new file mode 100644
index 0000000..f933c92
--- /dev/null
+++ b/tests/playwright/package.json
@@ -0,0 +1,13 @@
+{
+  "name": "ras-api-explorer-e2e",
+  "version": "0.0.0",
+  "private": true,
+  "scripts": {
+    "test": "playwright test",
+    "test:headed": "playwright test --headed",
+    "install:browsers": "playwright install --with-deps chromium"
+  },
+  "devDependencies": {
+    "@playwright/test": "1.58.2"
+  }
+}
diff --git a/tests/playwright/playwright.config.ts b/tests/playwright/playwright.config.ts
new file mode 100644
index 0000000..2d66581
--- /dev/null
+++ b/tests/playwright/playwright.config.ts
@@ -0,0 +1,37 @@
+import { defineConfig, devices } from '@playwright/test';
+
+export default defineConfig({
+  testDir: './tests',
+  fullyParallel: false,
+  retries: process.env.CI ? 2 : 0,
+  reporter: process.env.CI ? [['github'], ['html', { open: 'never' }]] : [['list'], ['html', { open: 'never' }]],
+  use: {
+    baseURL: 'http://127.0.0.1',
+    launchOptions: {
+      slowMo: Number(process.env.PLAYWRIGHT_SLOW_MO ?? 0)
+    },
+    trace: 'retain-on-failure',
+    screenshot: 'only-on-failure',
+    video: 'retain-on-failure'
+  },
+  projects: [
+    {
+      name: 'chromium',
+      use: { ...devices['Desktop Chrome'] }
+    }
+  ],
+  webServer: [
+    {
+      command: 'cargo run -p playwright-rest-fixture',
+      url: 'http://127.0.0.1:3101/api/v1/docs/openapi.json',
+      reuseExistingServer: !process.env.CI,
+      timeout: 120_000
+    },
+    {
+      command: 'cargo run -p playwright-jsonrpc-fixture',
+      url: 'http://127.0.0.1:3102/rpc/explorer/openrpc.json',
+      reuseExistingServer: !process.env.CI,
+      timeout: 120_000
+    }
+  ]
+});
diff --git a/tests/playwright/tests/jsonrpc-explorer.spec.ts b/tests/playwright/tests/jsonrpc-explorer.spec.ts
new file mode 100644
index 0000000..b90e54c
--- /dev/null
+++ b/tests/playwright/tests/jsonrpc-explorer.spec.ts
@@ -0,0 +1,113 @@
+import { expect, test, type Page } from '@playwright/test';
+
+const RPC_URL = 'http://127.0.0.1:3102/rpc/explorer';
+
+async function selectMethod(page: Page, name: string) {
+  await page.locator('.op').filter({ hasText: name }).click();
+}
+
+async function send(page: Page) {
+  await page.locator('#send-request').click();
+}
+
+test.describe('JSON-RPC API explorer', () => {
+  test.beforeEach(async ({ page }) => {
+    await page.goto(RPC_URL);
+    await expect(page.locator('#service-name')).toContainText('ExplorerRpcFixture Explorer');
+    await expect(page.locator('#operation-list .op').first()).toBeVisible();
+  });
+
+  test('loads in dark mode and renders OpenRPC methods', async ({ page }) => {
+    await expect(page.locator('html')).toHaveAttribute('data-theme', 'dark');
+    await expect(page.locator('#service-subtitle')).toContainText('JSON-RPC OpenRPC');
+    await expect(page.locator('#operation-list')).toContainText('ping');
+    await expect(page.locator('#operation-list')).toContainText('create_widget');
+    await expect(page.locator('#operation-list')).toContainText('current_profile');
+  });
+
+  test('searches methods and switches params editor without stale UI', async ({ page }) => {
+    await page.locator('#operation-search').fill('create');
+    await expect(page.locator('.op').filter({ hasText: 'create_widget' })).toBeVisible();
+    await expect(page.locator('.op').filter({ hasText: 'ping' })).toHaveCount(0);
+
+    await page.locator('#operation-search').fill('');
+    await selectMethod(page, 'ping');
+    await expect(page.locator('#params-editor')).toBeVisible();
+    await page.locator('#params-editor').fill(JSON.stringify({ message: 'hello' }, null, 2));
+    await expect(page.locator('#request-url')).toHaveText('http://127.0.0.1:3102/rpc');
+
+    await selectMethod(page, 'no_params');
+    await expect(page.locator('#params-editor')).toHaveCount(0);
+    await expect(page.locator('#request-form')).toContainText('This method has no params.');
+
+    await selectMethod(page, 'create_widget');
+    await expect(page.locator('#params-editor')).toBeVisible();
+    await expect(page.locator('#params-editor')).not.toHaveValue(/hello/);
+  });
+
+  test('sends public and authenticated JSON-RPC requests', async ({ page }) => {
+    await selectMethod(page, 'ping');
+    await page.locator('#params-editor').fill(JSON.stringify({ message: 'browser' }, null, 2));
+    const originalRequestId = await page.locator('#rpc-request-id').inputValue();
+    await page.getByRole('button', { name: 'Regenerate' }).click();
+    await expect(page.locator('#rpc-request-id')).not.toHaveValue(originalRequestId);
+
+    await send(page);
+    await expect(page.locator('#response-status')).toContainText('200');
+    await expect(page.locator('#response-output')).toContainText('pong: browser');
+    await expect(page.locator('#history-list')).toContainText('RPC ping');
+
+    await selectMethod(page, 'create_widget');
+    await page.locator('#params-editor').fill(JSON.stringify({ name: 'RPC Widget', owner: 'playwright' }, null, 2));
+    await send(page);
+    await expect(page.locator('#response-status')).toContainText('RPC error');
+    await expect(page.locator('#response-output')).toContainText('Authentication');
+
+    await page.locator('#jwt-token').fill('admin-token');
+    await page.locator('#save-token').click();
+    await expect(page.locator('#auth-state')).toContainText('Token set');
+    await send(page);
+    await expect(page.locator('#response-status')).toContainText('200');
+    await expect(page.locator('#response-output')).toContainText('rpc-created-widget');
+    await expect(page.locator('#response-output')).toContainText('RPC Widget');
+
+    await page.locator('[data-response-tab="request"]').click();
+    await expect(page.locator('#response-output')).toContainText('create_widget');
+    await expect(page.locator('#response-output')).toContainText('RPC Widget');
+  });
+
+  test('saves JSON-RPC requests, restores history, and keeps tokens out of localStorage', async ({ page }) => {
+    await selectMethod(page, 'create_widget');
+    await page.locator('#jwt-token').fill('admin-token');
+    await page.locator('#save-token').click();
+    await page.locator('#params-editor').fill(JSON.stringify({ name: 'Saved RPC', owner: 'saved-owner' }, null, 2));
+
+    page.once('dialog', async (dialog) => {
+      await dialog.accept('rpc saved request');
+    });
+    await page.locator('#save-request').click();
+    await expect(page.locator('#saved-list')).toContainText('rpc saved request');
+
+    await page.locator('#params-editor').fill(JSON.stringify({ name: 'Changed RPC', owner: 'changed' }, null, 2));
+    await page.locator('#saved-list').getByRole('button', { name: 'Load' }).click();
+    await expect(page.locator('#params-editor')).toHaveValue(/Saved RPC/);
+
+    await send(page);
+    await expect(page.locator('#history-list')).toContainText('RPC create_widget');
+    await page.locator('#params-editor').fill(JSON.stringify({ name: 'After History', owner: 'changed' }, null, 2));
+    await page.locator('#history-list').getByRole('button', { name: 'Load request' }).first().click();
+    await expect(page.locator('#params-editor')).toHaveValue(/Saved RPC/);
+
+    await page.reload();
+    await expect(page.locator('#service-name')).toContainText('ExplorerRpcFixture Explorer');
+    await selectMethod(page, 'create_widget');
+    await expect(page.locator('#saved-list')).toContainText('rpc saved request');
+    await expect(page.locator('#history-list')).toContainText('RPC create_widget');
+
+    const localStorageValues = await page.evaluate(() => Object.values(localStorage).join('\n'));
+    expect(localStorageValues).not.toContain('admin-token');
+    expect(localStorageValues).not.toContain('user-token');
+    const sessionStorageValues = await page.evaluate(() => Object.values(sessionStorage).join('\n'));
+    expect(sessionStorageValues).toContain('admin-token');
+  });
+});
diff --git a/tests/playwright/tests/rest-explorer.spec.ts b/tests/playwright/tests/rest-explorer.spec.ts
new file mode 100644
index 0000000..b3361d2
--- /dev/null
+++ b/tests/playwright/tests/rest-explorer.spec.ts
@@ -0,0 +1,120 @@
+import { expect, test, type Page } from '@playwright/test';
+
+const REST_URL = 'http://127.0.0.1:3101/api/v1/docs';
+
+async function selectOperation(page: Page, method: string, path: string) {
+  await page.locator('.op').filter({ hasText: method }).filter({ hasText: path }).click();
+}
+
+async function send(page: Page) {
+  await page.locator('#send-request').click();
+}
+
+test.describe('REST API explorer', () => {
+  test.beforeEach(async ({ page }) => {
+    await page.goto(REST_URL);
+    await expect(page.locator('#service-name')).toContainText('ExplorerRestFixture Explorer');
+    await expect(page.locator('#operation-list .op').first()).toBeVisible();
+  });
+
+  test('loads in dark mode and renders OpenAPI operations', async ({ page }) => {
+    await expect(page.locator('html')).toHaveAttribute('data-theme', 'dark');
+    await expect(page.locator('#service-subtitle')).toContainText('REST OpenAPI');
+    await expect(page.locator('#operation-list')).toContainText('/health');
+    await expect(page.locator('#operation-list')).toContainText('/widgets');
+    await expect(page.locator('#operation-list')).toContainText('/search/widgets');
+  });
+
+  test('searches operations and switches request forms without stale UI', async ({ page }) => {
+    await page.locator('#operation-search').fill('search');
+    await expect(page.locator('.op').filter({ hasText: '/search/widgets' })).toBeVisible();
+    await expect(page.locator('.op').filter({ hasText: '/health' })).toHaveCount(0);
+
+    await page.locator('#operation-search').fill('');
+    await selectOperation(page, 'GET', '/search/widgets');
+    await page.locator('[data-query-param="q"]').fill('alpha');
+    await page.locator('[data-query-param="limit"]').fill('2');
+    await expect(page.locator('#request-url')).toContainText('/api/v1/search/widgets');
+    await expect(page.locator('#request-url')).toContainText('q=alpha');
+    await expect(page.locator('#request-url')).toContainText('limit=2');
+
+    await selectOperation(page, 'GET', '/widgets/{id}');
+    await expect(page.locator('[data-query-param="q"]')).toHaveCount(0);
+    await page.locator('[data-path-param="id"]').fill('widget-123');
+    await expect(page.locator('#request-url')).toContainText('/api/v1/widgets/widget-123');
+
+    await selectOperation(page, 'GET', '/health');
+    await expect(page.locator('#body-editor')).toHaveCount(0);
+    await expect(page.locator('[data-path-param="id"]')).toHaveCount(0);
+  });
+
+  test('sends public and authenticated requests, then records history', async ({ page }) => {
+    await selectOperation(page, 'GET', '/health');
+    await send(page);
+    await expect(page.locator('#response-status')).toContainText('200');
+    await expect(page.locator('#response-output')).toContainText('"status": "ok"');
+    await expect(page.locator('#history-list')).toContainText('GET /health');
+
+    await selectOperation(page, 'POST', '/widgets');
+    await page.locator('#body-editor').fill(JSON.stringify({ name: 'Created From UI', owner: 'playwright' }, null, 2));
+    await send(page);
+    await expect(page.locator('#response-status')).toContainText('401');
+
+    await page.locator('#jwt-token').fill('admin-token');
+    await page.locator('#save-token').click();
+    await expect(page.locator('#auth-state')).toContainText('Token set');
+    await send(page);
+    await expect(page.locator('#response-status')).toContainText('201');
+    await expect(page.locator('#response-output')).toContainText('created-widget');
+    await expect(page.locator('#response-output')).toContainText('Created From UI');
+
+    await page.locator('[data-response-tab="headers"]').click();
+    await expect(page.locator('#response-output')).toContainText('content-type');
+    await page.locator('[data-response-tab="request"]').click();
+    await expect(page.locator('#response-output')).toContainText('Created From UI');
+  });
+
+  test('saves requests, restores history, and keeps tokens out of localStorage', async ({ page }) => {
+    await selectOperation(page, 'POST', '/widgets');
+    await page.locator('#jwt-token').fill('admin-token');
+    await page.locator('#save-token').click();
+    await page.locator('#body-editor').fill(JSON.stringify({ name: 'Saved Body', owner: 'saved-owner' }, null, 2));
+
+    page.once('dialog', async (dialog) => {
+      await dialog.accept('rest saved request');
+    });
+    await page.locator('#save-request').click();
+    await expect(page.locator('#saved-list')).toContainText('rest saved request');
+
+    await page.locator('#body-editor').fill(JSON.stringify({ name: 'Changed Body', owner: 'changed' }, null, 2));
+    await page.locator('#saved-list').getByRole('button', { name: 'Load' }).click();
+    await expect(page.locator('#body-editor')).toHaveValue(/Saved Body/);
+
+    await send(page);
+    await expect(page.locator('#history-list')).toContainText('POST /widgets');
+    await page.locator('#body-editor').fill(JSON.stringify({ name: 'After History', owner: 'changed' }, null, 2));
+    await page.locator('#history-list').getByRole('button', { name: 'Load request' }).first().click();
+    await expect(page.locator('#body-editor')).toHaveValue(/Saved Body/);
+
+    await page.reload();
+    await expect(page.locator('#service-name')).toContainText('ExplorerRestFixture Explorer');
+    await selectOperation(page, 'POST', '/widgets');
+    await expect(page.locator('#saved-list')).toContainText('rest saved request');
+    await expect(page.locator('#history-list')).toContainText('POST /widgets');
+
+    const localStorageValues = await page.evaluate(() => Object.values(localStorage).join('\n'));
+    expect(localStorageValues).not.toContain('admin-token');
+    expect(localStorageValues).not.toContain('user-token');
+    const sessionStorageValues = await page.evaluate(() => Object.values(sessionStorage).join('\n'));
+    expect(sessionStorageValues).toContain('admin-token');
+  });
+
+  test('persists theme preference in localStorage', async ({ page }) => {
+    await page.locator('#theme-toggle').click();
+    await expect(page.locator('html')).toHaveAttribute('data-theme', 'light');
+    await page.reload();
+    await expect(page.locator('html')).toHaveAttribute('data-theme', 'light');
+    const theme = await page.evaluate(() => localStorage.getItem('ras-explorer-theme'));
+    expect(theme).toBe('light');
+  });
+});

From d6b621df4419d42638f169a7bf0766d35fe16062 Mon Sep 17 00:00:00 2001
From: Mathias Myrland <jedimemo@gmail.com>
Date: Sat, 25 Apr 2026 20:55:57 +0200
Subject: [PATCH 2/3] Address API explorer review feedback

---
 .../src/api_explorer_template.html            |  14 +-
 .../rest/ras-rest-macro/src/static_hosting.rs |  26 +-
 .../ras-rest-macro/tests/http_integration.rs  |   4 +-
 .../src/api_explorer_template.html            | 439 ------------------
 .../ras-jsonrpc-macro/src/static_hosting.rs   |  33 +-
 .../ras-jsonrpc-macro/tests/explorer_test.rs  |   6 +-
 .../tests/explorer_token_storage_test.rs      |   2 +-
 tests/playwright/README.md                    |   6 +
 .../fixtures/jsonrpc-fixture/src/main.rs      |   4 +-
 .../fixtures/rest-fixture/src/main.rs         |   4 +-
 tests/playwright/playwright.config.ts         |  15 +-
 .../playwright/tests/jsonrpc-explorer.spec.ts |  14 +-
 tests/playwright/tests/rest-explorer.spec.ts  |  15 +-
 13 files changed, 95 insertions(+), 487 deletions(-)
 delete mode 100644 crates/rpc/ras-jsonrpc-macro/src/api_explorer_template.html

diff --git a/crates/rest/ras-rest-macro/src/api_explorer_template.html b/crates/rest/ras-rest-macro/src/api_explorer_template.html
index fdd8730..6b19b82 100644
--- a/crates/rest/ras-rest-macro/src/api_explorer_template.html
+++ b/crates/rest/ras-rest-macro/src/api_explorer_template.html
@@ -459,7 +459,7 @@ <h1>Response</h1>
                 </section>
                 <section class="panel">
                     <div class="panel-head">
-                        <strong>History</strong>
+                        <strong>History (last 30)</strong>
                         <button id="clear-history">Clear history</button>
                     </div>
                     <div id="history-list" class="panel-body"></div>
@@ -469,13 +469,10 @@ <h1>Response</h1>
     </div>
     <div id="toast" class="toast"></div>
 
+    <!-- Replaced by the Rust macro as raw JSON script content. Keep this token outside HTML attributes and JS strings. -->
+    <script id="ras-explorer-config" type="application/json">{EXPLORER_CONFIG_JSON}</script>
     <script>
-        const CONFIG = {
-            serviceName: {SERVICE_NAME_JSON},
-            protocol: {PROTOCOL_JSON},
-            specPath: {SPEC_PATH_JSON},
-            apiBasePath: {API_BASE_PATH_JSON}
-        };
+        const CONFIG = JSON.parse(document.getElementById("ras-explorer-config").textContent);
 
         const METHODS = ["get", "post", "put", "patch", "delete", "head", "options"];
         const state = {
@@ -945,6 +942,7 @@ <h1>Response</h1>
         }
 
         function requestId() {
+            if (globalThis.crypto?.randomUUID) return crypto.randomUUID();
             return `req_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
         }
 
@@ -1156,7 +1154,7 @@ <h1>Response</h1>
             try {
                 await loadSpec();
             } catch (error) {
-                $("operation-list").innerHTML = "";
+                $("operation-list").textContent = "";
                 const empty = document.createElement("div");
                 empty.className = "empty";
                 empty.textContent = error.message;
diff --git a/crates/rest/ras-rest-macro/src/static_hosting.rs b/crates/rest/ras-rest-macro/src/static_hosting.rs
index 239cc0d..119cbb2 100644
--- a/crates/rest/ras-rest-macro/src/static_hosting.rs
+++ b/crates/rest/ras-rest-macro/src/static_hosting.rs
@@ -58,15 +58,23 @@ pub fn generate_static_hosting_code(
     quote! {
         #[cfg(feature = "server")]
         async fn #docs_handler_name() -> ::axum::response::Html<String> {
-            const TEMPLATE: &str = #template_lit;
-
-            let html = TEMPLATE
-                .replace("{SERVICE_NAME_JSON}", &::serde_json::to_string(stringify!(#service_name)).unwrap_or_else(|_| "\"API\"".to_string()))
-                .replace("{PROTOCOL_JSON}", &::serde_json::to_string("rest").unwrap_or_else(|_| "\"rest\"".to_string()))
-                .replace("{SPEC_PATH_JSON}", &::serde_json::to_string(#spec_path).unwrap_or_else(|_| "\"/openapi.json\"".to_string()))
-                .replace("{API_BASE_PATH_JSON}", &::serde_json::to_string(#api_base_path).unwrap_or_else(|_| "\"/\"".to_string()));
-
-            ::axum::response::Html(html)
+            static HTML: ::std::sync::OnceLock<String> = ::std::sync::OnceLock::new();
+
+            let html = HTML.get_or_init(|| {
+                const TEMPLATE: &str = #template_lit;
+                let config_json = ::serde_json::json!({
+                    "serviceName": stringify!(#service_name),
+                    "protocol": "rest",
+                    "specPath": #spec_path,
+                    "apiBasePath": #api_base_path
+                })
+                .to_string()
+                .replace("<", "\\u003c");
+
+                TEMPLATE.replace("{EXPLORER_CONFIG_JSON}", &config_json)
+            });
+
+            ::axum::response::Html(html.clone())
         }
 
         #[cfg(feature = "server")]
diff --git a/crates/rest/ras-rest-macro/tests/http_integration.rs b/crates/rest/ras-rest-macro/tests/http_integration.rs
index ebe908a..64f10eb 100644
--- a/crates/rest/ras-rest-macro/tests/http_integration.rs
+++ b/crates/rest/ras-rest-macro/tests/http_integration.rs
@@ -481,8 +481,8 @@ async fn test_docs_explorer_routes_generated() {
     assert!(docs.contains("\"TestRestService\""));
     assert!(docs.contains("\"rest\""));
     assert!(docs.contains("/api/v1/docs/openapi.json"));
-    assert!(docs.contains("Bearer token"));
-    assert!(docs.contains("Saved requests"));
+    assert!(docs.contains("id=\"jwt-token\""));
+    assert!(docs.contains("id=\"saved-list\""));
 
     let spec_response = reqwest::get(format!("{}/api/v1/docs/openapi.json", base_url))
         .await
diff --git a/crates/rpc/ras-jsonrpc-macro/src/api_explorer_template.html b/crates/rpc/ras-jsonrpc-macro/src/api_explorer_template.html
deleted file mode 100644
index 558eab4..0000000
--- a/crates/rpc/ras-jsonrpc-macro/src/api_explorer_template.html
+++ /dev/null
@@ -1,439 +0,0 @@
-<!DOCTYPE html>
-<html lang="en" data-theme="dark">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>API Explorer</title>
-    <style>
-        * { box-sizing: border-box; }
-        :root {
-            color-scheme: dark;
-            --bg: #101114;
-            --panel: #17191f;
-            --panel-2: #20232b;
-            --panel-3: #292d36;
-            --text: #eef1f6;
-            --muted: #a7afbf;
-            --faint: #717b8f;
-            --border: #343946;
-            --accent: #4f8cff;
-            --accent-2: #46c2a8;
-            --warn: #f2b84b;
-            --danger: #ff6b6b;
-            --ok: #59d18c;
-            --shadow: 0 14px 40px rgb(0 0 0 / 0.32);
-        }
-        [data-theme="light"] {
-            color-scheme: light;
-            --bg: #f4f6fa;
-            --panel: #ffffff;
-            --panel-2: #f0f3f8;
-            --panel-3: #e5eaf2;
-            --text: #121722;
-            --muted: #4c586d;
-            --faint: #748096;
-            --border: #d9e0ec;
-            --accent: #1d5fd1;
-            --accent-2: #087f68;
-            --warn: #976508;
-            --danger: #c93333;
-            --ok: #167a42;
-            --shadow: 0 14px 34px rgb(27 39 60 / 0.16);
-        }
-        body {
-            margin: 0;
-            min-height: 100vh;
-            background: var(--bg);
-            color: var(--text);
-            font: 14px/1.45 Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
-        }
-        button, input, select, textarea { font: inherit; }
-        button {
-            border: 1px solid var(--border);
-            background: var(--panel-2);
-            color: var(--text);
-            border-radius: 7px;
-            padding: 0.48rem 0.68rem;
-            cursor: pointer;
-        }
-        button:hover { border-color: var(--accent); }
-        button.primary {
-            border-color: var(--accent);
-            background: var(--accent);
-            color: white;
-            font-weight: 650;
-        }
-        button.ghost { background: transparent; }
-        button:disabled { cursor: not-allowed; opacity: 0.62; }
-        input, select, textarea {
-            width: 100%;
-            border: 1px solid var(--border);
-            background: var(--panel-2);
-            color: var(--text);
-            border-radius: 7px;
-            padding: 0.55rem 0.65rem;
-            min-width: 0;
-        }
-        textarea {
-            min-height: 180px;
-            resize: vertical;
-            font-family: "JetBrains Mono", "SFMono-Regular", Consolas, monospace;
-            font-size: 12.5px;
-            line-height: 1.5;
-        }
-        code, pre, .mono { font-family: "JetBrains Mono", "SFMono-Regular", Consolas, monospace; }
-        .app {
-            display: grid;
-            grid-template-columns: minmax(250px, 330px) minmax(420px, 1fr) minmax(320px, 470px);
-            min-height: 100vh;
-        }
-        .sidebar, .workspace, .response {
-            min-width: 0;
-            border-right: 1px solid var(--border);
-            background: var(--panel);
-        }
-        .workspace { background: var(--bg); }
-        .response { border-right: 0; }
-        .topbar {
-            min-height: 68px;
-            padding: 0.85rem 1rem;
-            border-bottom: 1px solid var(--border);
-            display: flex;
-            align-items: center;
-            justify-content: space-between;
-            gap: 0.75rem;
-        }
-        .brand { min-width: 0; }
-        .brand h1 {
-            margin: 0;
-            font-size: 1rem;
-            font-weight: 700;
-            white-space: nowrap;
-            overflow: hidden;
-            text-overflow: ellipsis;
-        }
-        .brand .sub {
-            color: var(--muted);
-            font-size: 0.78rem;
-            margin-top: 0.15rem;
-        }
-        .stack { padding: 1rem; display: grid; gap: 0.75rem; }
-        .field { display: grid; gap: 0.35rem; }
-        .field label, .section-title {
-            color: var(--muted);
-            font-size: 0.74rem;
-            font-weight: 700;
-            text-transform: uppercase;
-            letter-spacing: 0.04em;
-        }
-        .row { display: flex; gap: 0.55rem; align-items: center; }
-        .row > * { min-width: 0; }
-        .row .grow { flex: 1; }
-        .search {
-            padding: 0.9rem 1rem;
-            border-top: 1px solid var(--border);
-            border-bottom: 1px solid var(--border);
-        }
-        .list {
-            padding: 0.65rem;
-            display: grid;
-            gap: 0.45rem;
-            overflow: auto;
-            max-height: calc(100vh - 226px);
-        }
-        .op {
-            text-align: left;
-            width: 100%;
-            background: var(--panel);
-            border-color: var(--border);
-            padding: 0.7rem;
-        }
-        .op.active {
-            border-color: var(--accent);
-            box-shadow: inset 3px 0 0 var(--accent);
-            background: var(--panel-2);
-        }
-        .op-main { display: flex; align-items: center; gap: 0.55rem; }
-        .op-name {
-            overflow: hidden;
-            text-overflow: ellipsis;
-            white-space: nowrap;
-            font-weight: 650;
-        }
-        .op-desc {
-            color: var(--muted);
-            font-size: 0.78rem;
-            margin-top: 0.28rem;
-            overflow: hidden;
-            text-overflow: ellipsis;
-            white-space: nowrap;
-        }
-        .badge {
-            display: inline-flex;
-            align-items: center;
-            min-height: 22px;
-            border-radius: 6px;
-            padding: 0.1rem 0.38rem;
-            border: 1px solid var(--border);
-            background: var(--panel-2);
-            color: var(--muted);
-            font-size: 0.72rem;
-            font-weight: 800;
-            white-space: nowrap;
-        }
-        .get { color: #74b9ff; }
-        .post { color: #59d18c; }
-        .put, .patch { color: #f2b84b; }
-        .delete { color: #ff8585; }
-        .lock { margin-left: auto; color: var(--warn); }
-        .open { margin-left: auto; color: var(--ok); }
-        .main-scroll, .response-scroll {
-            height: calc(100vh - 68px);
-            overflow: auto;
-            padding: 1rem;
-        }
-        .panel {
-            background: var(--panel);
-            border: 1px solid var(--border);
-            border-radius: 8px;
-            box-shadow: var(--shadow);
-            margin-bottom: 1rem;
-        }
-        .panel-head {
-            padding: 0.9rem 1rem;
-            border-bottom: 1px solid var(--border);
-            display: flex;
-            align-items: center;
-            justify-content: space-between;
-            gap: 0.75rem;
-        }
-        .panel-body { padding: 1rem; display: grid; gap: 0.9rem; }
-        .titleline { min-width: 0; }
-        .titleline h2 { margin: 0; font-size: 1.03rem; overflow-wrap: anywhere; }
-        .titleline p { margin: 0.25rem 0 0; color: var(--muted); }
-        .grid2 { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 0.75rem; }
-        .params { display: grid; gap: 0.55rem; }
-        .param-row {
-            display: grid;
-            grid-template-columns: minmax(110px, 0.85fr) minmax(160px, 1.4fr) minmax(76px, 0.5fr);
-            gap: 0.55rem;
-            align-items: center;
-        }
-        .param-row .name { overflow-wrap: anywhere; }
-        .hint { color: var(--muted); font-size: 0.82rem; }
-        .tabs { display: flex; gap: 0.45rem; flex-wrap: wrap; }
-        .tab.active { border-color: var(--accent); color: white; background: var(--accent); }
-        pre {
-            margin: 0;
-            min-height: 220px;
-            white-space: pre-wrap;
-            overflow: auto;
-            background: var(--panel-2);
-            border: 1px solid var(--border);
-            border-radius: 8px;
-            padding: 0.85rem;
-            font-size: 12.5px;
-        }
-        .status {
-            display: inline-flex;
-            align-items: center;
-            border-radius: 6px;
-            padding: 0.16rem 0.45rem;
-            font-weight: 800;
-            font-size: 0.75rem;
-            border: 1px solid var(--border);
-        }
-        .status.ok { color: var(--ok); }
-        .status.warn { color: var(--warn); }
-        .status.err { color: var(--danger); }
-        .history-item, .saved-item {
-            display: grid;
-            gap: 0.18rem;
-            padding: 0.55rem;
-            border: 1px solid var(--border);
-            border-radius: 7px;
-            background: var(--panel-2);
-        }
-        .history-item button, .saved-item button { justify-self: start; margin-top: 0.25rem; }
-        .toast {
-            position: fixed;
-            right: 1rem;
-            bottom: 1rem;
-            max-width: min(420px, calc(100vw - 2rem));
-            background: var(--panel);
-            border: 1px solid var(--border);
-            border-radius: 8px;
-            padding: 0.75rem 0.9rem;
-            box-shadow: var(--shadow);
-            opacity: 0;
-            transform: translateY(12px);
-            transition: opacity 0.18s, transform 0.18s;
-            pointer-events: none;
-        }
-        .toast.show { opacity: 1; transform: translateY(0); }
-        .empty {
-            color: var(--muted);
-            border: 1px dashed var(--border);
-            border-radius: 8px;
-            padding: 1rem;
-            text-align: center;
-        }
-        @media (max-width: 1180px) {
-            .app { grid-template-columns: minmax(240px, 310px) minmax(0, 1fr); }
-            .response { grid-column: 1 / -1; border-top: 1px solid var(--border); }
-            .response-scroll { height: auto; max-height: 60vh; }
-        }
-        @media (max-width: 760px) {
-            .app { display: block; }
-            .list { max-height: 42vh; }
-            .main-scroll, .response-scroll { height: auto; }
-            .grid2, .param-row { grid-template-columns: 1fr; }
-            .topbar { align-items: flex-start; }
-        }
-    </style>
-</head>
-<body>
-    <div class="app">
-        <aside class="sidebar">
-            <div class="topbar">
-                <div class="brand">
-                    <h1 id="service-name">API Explorer</h1>
-                    <div class="sub" id="service-subtitle">Loading specification</div>
-                </div>
-                <button id="theme-toggle" class="ghost" title="Toggle theme">Theme</button>
-            </div>
-            <div class="stack">
-                <div class="field">
-                    <label for="environment-select">Environment</label>
-                    <div class="row">
-                        <select id="environment-select" class="grow"></select>
-                        <button id="add-environment" title="Add environment">Add</button>
-                    </div>
-                </div>
-                <div class="field">
-                    <label for="base-url">Base URL</label>
-                    <input id="base-url" type="text" spellcheck="false">
-                </div>
-                <div class="field">
-                    <label for="jwt-token">Bearer token</label>
-                    <input id="jwt-token" type="password" autocomplete="off" placeholder="Token for this session">
-                </div>
-                <div class="row">
-                    <button id="save-token" class="primary">Apply token</button>
-                    <button id="clear-token">Clear</button>
-                    <span id="auth-state" class="badge">No token</span>
-                </div>
-            </div>
-            <div class="search">
-                <input id="operation-search" type="search" placeholder="Search operations">
-            </div>
-            <div id="operation-list" class="list"></div>
-        </aside>
-        <main class="workspace">
-            <div class="topbar">
-                <div class="titleline">
-                    <h2 id="operation-title">Select an operation</h2>
-                    <p id="operation-description">Choose an operation to prepare a request.</p>
-                </div>
-                <div class="row">
-                    <button id="save-request">Save</button>
-                    <button id="send-request" class="primary" disabled>Send</button>
-                </div>
-            </div>
-            <div class="main-scroll">
-                <section class="panel">
-                    <div class="panel-head">
-                        <strong>Request</strong>
-                        <span id="request-url" class="hint mono"></span>
-                    </div>
-                    <div id="request-form" class="panel-body">
-                        <div class="empty">No operation selected.</div>
-                    </div>
-                </section>
-                <section class="panel">
-                    <div class="panel-head">
-                        <strong>Saved requests</strong>
-                        <button id="clear-saved">Clear saved</button>
-                    </div>
-                    <div id="saved-list" class="panel-body"></div>
-                </section>
-            </div>
-        </main>
-        <aside class="response">
-            <div class="topbar">
-                <div class="brand">
-                    <h1>Response</h1>
-                    <div id="response-meta" class="sub">No request sent</div>
-                </div>
-                <button id="copy-response">Copy</button>
-            </div>
-            <div class="response-scroll">
-                <section class="panel">
-                    <div class="panel-head">
-                        <div class="tabs">
-                            <button class="tab active" data-response-tab="body">Body</button>
-                            <button class="tab" data-response-tab="headers">Headers</button>
-                            <button class="tab" data-response-tab="request">Request</button>
-                        </div>
-                        <span id="response-status" class="status">Idle</span>
-                    </div>
-                    <div class="panel-body">
-                        <pre id="response-output"></pre>
-                    </div>
-                </section>
-                <section class="panel">
-                    <div class="panel-head">
-                        <strong>History</strong>
-                        <button id="clear-history">Clear history</button>
-                    </div>
-                    <div id="history-list" class="panel-body"></div>
-                </section>
-            </div>
-        </aside>
-    </div>
-    <div id="toast" class="toast"></div>
-    <script>
-        const CONFIG = { serviceName: {SERVICE_NAME_JSON}, protocol: {PROTOCOL_JSON}, specPath: {SPEC_PATH_JSON}, apiBasePath: {API_BASE_PATH_JSON} };
-        const METHODS = ["get", "post", "put", "patch", "delete", "head", "options"];
-        const state = { spec: null, operations: [], selectedId: null, token: "", environments: [], activeEnvironment: 0, saved: {}, history: [], lastResponse: { body: "", headers: "", request: "" }, responseTab: "body" };
-        const storagePrefix = `ras-explorer:${CONFIG.protocol}:${CONFIG.serviceName}:${location.pathname}`;
-        const $ = (id) => document.getElementById(id);
-        function storageGet(key, fallback) { try { const value = sessionStorage.getItem(`${storagePrefix}:${key}`); return value ? JSON.parse(value) : fallback; } catch (_) { return fallback; } }
-        function storageSet(key, value) { sessionStorage.setItem(`${storagePrefix}:${key}`, JSON.stringify(value)); }
-        function showToast(message) { const toast = $("toast"); toast.textContent = message; toast.classList.add("show"); setTimeout(() => toast.classList.remove("show"), 2200); }
-        function setTheme(theme) { const next = theme === "light" ? "light" : "dark"; document.documentElement.setAttribute("data-theme", next); localStorage.setItem("ras-explorer-theme", next); }
-        function initializeTheme() { setTheme(localStorage.getItem("ras-explorer-theme") || "dark"); }
-        function resolveRef(schema) { if (!schema || !schema.$ref) return schema || null; const prefix = "#/components/schemas/"; if (schema.$ref.startsWith(prefix)) return state.spec?.components?.schemas?.[schema.$ref.slice(prefix.length)] || schema; return schema; }
-        function schemaType(schema) { const resolved = resolveRef(schema); if (!resolved) return "any"; if (resolved.$ref) return resolved.$ref.split("/").pop(); if (Array.isArray(resolved.type)) return resolved.type.filter((t) => t !== "null").join(" | ") || "null"; if (resolved.type) return resolved.nullable ? `${resolved.type}?` : resolved.type; if (resolved.enum) return "enum"; if (resolved.oneOf) return "oneOf"; if (resolved.anyOf) return "anyOf"; return "object"; }
-        function exampleFromSchema(schema, seen = new Set()) { const resolved = resolveRef(schema); if (!resolved) return {}; if (resolved.$ref) { if (seen.has(resolved.$ref)) return {}; seen.add(resolved.$ref); return exampleFromSchema(resolveRef(resolved), seen); } if (resolved.example !== undefined) return resolved.example; if (Array.isArray(resolved.examples) && resolved.examples.length) return resolved.examples[0]; if (resolved.default !== undefined) return resolved.default; if (Array.isArray(resolved.enum) && resolved.enum.length) return resolved.enum[0]; const variants = resolved.oneOf || resolved.anyOf; if (Array.isArray(variants) && variants.length) return exampleFromSchema(variants.find((item) => item.type !== "null") || variants[0], seen); const type = Array.isArray(resolved.type) ? resolved.type.find((item) => item !== "null") : resolved.type; if (type === "string") return "example"; if (type === "integer" || type === "number") return 0; if (type === "boolean") return false; if (type === "array") return [exampleFromSchema(resolved.items, seen)]; if (type === "object" || resolved.properties) { const output = {}; Object.entries(resolved.properties || {}).forEach(([key, prop]) => output[key] = exampleFromSchema(prop, seen)); return output; } return {}; }
-        function jsonPretty(value) { if (typeof value === "string") return value; return JSON.stringify(value, null, 2); }
-        function normalizePermissions(value) { if (!Array.isArray(value)) return []; if (value.every((item) => typeof item === "string")) return value; return value.map((item) => Array.isArray(item) ? item.join(" + ") : String(item)); }
-        function normalizeOpenApi(spec) { const operations = []; Object.entries(spec.paths || {}).forEach(([path, pathItem]) => { Object.entries(pathItem || {}).forEach(([method, operation]) => { if (!METHODS.includes(method)) return; const upper = method.toUpperCase(); const params = operation.parameters || []; const requestSchema = operation.requestBody?.content?.["application/json"]?.schema || null; const response = Object.entries(operation.responses || {}).find(([code]) => code.startsWith("2")); const responseSchema = response?.[1]?.content?.["application/json"]?.schema || null; operations.push({ id: `${upper} ${path}`, protocol: "rest", label: path, method: upper, path, summary: operation.summary || `${upper} ${path}`, description: operation.description || operation.summary || "", authRequired: Boolean(operation.security && operation.security.length), permissions: normalizePermissions(operation["x-permissions"]), pathParams: params.filter((param) => param.in === "path"), queryParams: params.filter((param) => param.in === "query"), requestSchema, responseSchema }); }); }); return operations; }
-        function normalizeOpenRpc(spec) { return (spec.methods || []).map((method) => { const auth = method["x-authentication"]; const param = Array.isArray(method.params) ? method.params[0] : null; return { id: method.name, protocol: "jsonrpc", label: method.name, method: "RPC", path: CONFIG.apiBasePath, summary: method.summary || method.name, description: method.description || method.summary || "", authRequired: Boolean(auth && auth.required !== false), permissions: normalizePermissions(method["x-permissions"]), paramsSchema: param?.schema || null, responseSchema: method.result?.schema || null }; }); }
-        function activeOperation() { return state.operations.find((operation) => operation.id === state.selectedId) || null; }
-        function activeBaseUrl() { return state.environments[state.activeEnvironment]?.baseUrl || CONFIG.apiBasePath || ""; }
-        function toAbsoluteUrl(path) { if (/^https?:\/\//i.test(path)) return path; const prefix = path.startsWith("/") ? path : `/${path}`; return `${window.location.origin}${prefix}`; }
-        function currentRequestSnapshot() { const operation = activeOperation(); if (!operation) return null; if (operation.protocol === "rest") { const pathValues = {}; document.querySelectorAll("[data-path-param]").forEach((input) => pathValues[input.dataset.pathParam] = input.value); const queryValues = {}; document.querySelectorAll("[data-query-param]").forEach((input) => queryValues[input.dataset.queryParam] = input.value); return { operationId: operation.id, pathValues, queryValues, body: $("body-editor")?.value || "" }; } return { operationId: operation.id, requestId: $("rpc-request-id")?.value || "", params: $("params-editor")?.value || "" }; }
-        function applySnapshot(snapshot) { if (!snapshot) return; selectOperation(snapshot.operationId, false); if (snapshot.pathValues) Object.entries(snapshot.pathValues).forEach(([key, value]) => { const input = document.querySelector(`[data-path-param="${CSS.escape(key)}"]`); if (input) input.value = value; }); if (snapshot.queryValues) Object.entries(snapshot.queryValues).forEach(([key, value]) => { const input = document.querySelector(`[data-query-param="${CSS.escape(key)}"]`); if (input) input.value = value; }); if ($("body-editor") && snapshot.body !== undefined) $("body-editor").value = snapshot.body; if ($("params-editor") && snapshot.params !== undefined) $("params-editor").value = snapshot.params; if ($("rpc-request-id") && snapshot.requestId !== undefined) $("rpc-request-id").value = snapshot.requestId; updateRequestUrl(); }
-        function renderOperations() { const query = $("operation-search").value.trim().toLowerCase(); const list = $("operation-list"); list.textContent = ""; state.operations.filter((operation) => `${operation.method} ${operation.label} ${operation.summary}`.toLowerCase().includes(query)).forEach((operation) => { const button = document.createElement("button"); button.className = `op ${operation.id === state.selectedId ? "active" : ""}`; button.type = "button"; button.addEventListener("click", () => selectOperation(operation.id)); const main = document.createElement("div"); main.className = "op-main"; const method = document.createElement("span"); method.className = `badge ${operation.method.toLowerCase()}`; method.textContent = operation.method; const name = document.createElement("span"); name.className = "op-name mono"; name.textContent = operation.label; const auth = document.createElement("span"); auth.className = operation.authRequired ? "badge lock" : "badge open"; auth.textContent = operation.authRequired ? "Auth" : "Open"; main.append(method, name, auth); const desc = document.createElement("div"); desc.className = "op-desc"; desc.textContent = operation.summary || operation.description || ""; button.append(main, desc); list.appendChild(button); }); if (!list.children.length) { const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = "No matching operations."; list.appendChild(empty); } }
-        function renderEnvironments() { const select = $("environment-select"); select.textContent = ""; state.environments.forEach((env, index) => { const option = document.createElement("option"); option.value = String(index); option.textContent = env.name; select.appendChild(option); }); select.value = String(state.activeEnvironment); $("base-url").value = activeBaseUrl(); }
-        function renderSaved() { const container = $("saved-list"); container.textContent = ""; const operation = activeOperation(); const items = operation ? (state.saved[operation.id] || []) : []; if (!items.length) { const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = operation ? "No saved requests for this operation." : "Select an operation."; container.appendChild(empty); return; } items.forEach((item, index) => { const row = document.createElement("div"); row.className = "saved-item"; const name = document.createElement("strong"); name.textContent = item.name; const time = document.createElement("span"); time.className = "hint"; time.textContent = new Date(item.createdAt).toLocaleString(); const load = document.createElement("button"); load.textContent = "Load"; load.addEventListener("click", () => applySnapshot(item.snapshot)); const remove = document.createElement("button"); remove.textContent = "Remove"; remove.addEventListener("click", () => { state.saved[operation.id].splice(index, 1); storageSet("saved", state.saved); renderSaved(); }); const actions = document.createElement("div"); actions.className = "row"; actions.append(load, remove); row.append(name, time, actions); container.appendChild(row); }); }
-        function renderHistory() { const container = $("history-list"); container.textContent = ""; if (!state.history.length) { const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = "Requests you send in this session appear here."; container.appendChild(empty); return; } state.history.forEach((item) => { const row = document.createElement("div"); row.className = "history-item"; const title = document.createElement("strong"); title.textContent = item.title; const meta = document.createElement("span"); meta.className = "hint"; meta.textContent = `${item.status} - ${item.duration}ms - ${new Date(item.createdAt).toLocaleTimeString()}`; const load = document.createElement("button"); load.textContent = "Load request"; load.addEventListener("click", () => applySnapshot(item.snapshot)); row.append(title, meta, load); container.appendChild(row); }); }
-        function renderRestForm(operation) { const fragment = document.createDocumentFragment(); [["Path parameters", operation.pathParams, "path"], ["Query parameters", operation.queryParams, "query"]].forEach(([title, params, kind]) => { if (!params.length) return; const group = document.createElement("div"); group.className = "field"; const label = document.createElement("div"); label.className = "section-title"; label.textContent = title; const rows = document.createElement("div"); rows.className = "params"; params.forEach((param) => { const row = document.createElement("div"); row.className = "param-row"; const name = document.createElement("div"); name.className = "name mono"; name.textContent = `${param.name}${param.required ? " *" : ""}`; const input = document.createElement("input"); input.placeholder = param.description || param.name; input.dataset[kind === "path" ? "pathParam" : "queryParam"] = param.name; input.addEventListener("input", updateRequestUrl); const type = document.createElement("span"); type.className = "badge"; type.textContent = schemaType(param.schema); row.append(name, input, type); rows.appendChild(row); }); group.append(label, rows); fragment.appendChild(group); }); if (operation.requestSchema) fragment.appendChild(editorBlock("JSON body", "body-editor", jsonPretty(exampleFromSchema(operation.requestSchema)))); return fragment; }
-        function renderRpcForm(operation) { const fragment = document.createDocumentFragment(); const grid = document.createElement("div"); grid.className = "grid2"; const idField = document.createElement("div"); idField.className = "field"; const idLabel = document.createElement("label"); idLabel.textContent = "Request ID"; idLabel.htmlFor = "rpc-request-id"; const idRow = document.createElement("div"); idRow.className = "row"; const idInput = document.createElement("input"); idInput.id = "rpc-request-id"; idInput.className = "grow"; idInput.value = requestId(); const regen = document.createElement("button"); regen.textContent = "Regenerate"; regen.addEventListener("click", () => idInput.value = requestId()); idRow.append(idInput, regen); idField.append(idLabel, idRow); const methodField = document.createElement("div"); methodField.className = "field"; const methodLabel = document.createElement("label"); methodLabel.textContent = "JSON-RPC method"; const methodValue = document.createElement("input"); methodValue.value = operation.label; methodValue.readOnly = true; methodField.append(methodLabel, methodValue); grid.append(idField, methodField); fragment.appendChild(grid); if (operation.paramsSchema) fragment.appendChild(editorBlock("Params", "params-editor", jsonPretty(exampleFromSchema(operation.paramsSchema)))); else { const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = "This method has no params."; fragment.appendChild(empty); } return fragment; }
-        function editorBlock(labelText, id, value) { const field = document.createElement("div"); field.className = "field"; const label = document.createElement("label"); label.textContent = labelText; label.htmlFor = id; const editor = document.createElement("textarea"); editor.id = id; editor.spellcheck = false; editor.value = value; field.append(label, editor); return field; }
-        function renderRequestForm() { const operation = activeOperation(); const form = $("request-form"); form.textContent = ""; $("send-request").disabled = !operation; if (!operation) { const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = "No operation selected."; form.appendChild(empty); return; } const auth = document.createElement("div"); auth.className = "row"; const authBadge = document.createElement("span"); authBadge.className = operation.authRequired ? "badge lock" : "badge open"; authBadge.textContent = operation.authRequired ? "Authentication required" : "No authentication required"; auth.appendChild(authBadge); operation.permissions.forEach((permission) => { const badge = document.createElement("span"); badge.className = "badge"; badge.textContent = permission; auth.appendChild(badge); }); form.appendChild(auth); form.appendChild(operation.protocol === "rest" ? renderRestForm(operation) : renderRpcForm(operation)); updateRequestUrl(); }
-        function selectOperation(id, rerenderList = true) { state.selectedId = id; const operation = activeOperation(); $("operation-title").textContent = operation ? `${operation.method} ${operation.label}` : "Select an operation"; $("operation-description").textContent = operation?.description || operation?.summary || "Prepare and send a request."; renderRequestForm(); renderSaved(); if (rerenderList) renderOperations(); }
-        function requestId() { return `req_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`; }
-        function updateRequestUrl() { const operation = activeOperation(); $("request-url").textContent = operation ? buildRequestPreview(operation) : ""; }
-        function buildRequestPreview(operation) { if (operation.protocol === "jsonrpc") return toAbsoluteUrl(activeBaseUrl()); let path = operation.path; document.querySelectorAll("[data-path-param]").forEach((input) => path = path.replace(`{${input.dataset.pathParam}}`, encodeURIComponent(input.value || `{${input.dataset.pathParam}}`))); const query = new URLSearchParams(); document.querySelectorAll("[data-query-param]").forEach((input) => { if (input.value) query.append(input.dataset.queryParam, input.value); }); const base = activeBaseUrl().replace(/\/$/, ""); return toAbsoluteUrl(`${base}${path}${query.toString() ? `?${query}` : ""}`); }
-        function buildRequest(operation) { const headers = { "Content-Type": "application/json" }; if (state.token) headers.Authorization = `Bearer ${state.token}`; if (operation.protocol === "rest") { const options = { method: operation.method, headers }; const body = $("body-editor")?.value.trim(); if (body) options.body = JSON.stringify(JSON.parse(body)); return { url: buildRequestPreview(operation), options, requestBody: body || "" }; } const payload = { jsonrpc: "2.0", method: operation.label, id: $("rpc-request-id")?.value || requestId() }; const params = $("params-editor")?.value.trim(); if (params) payload.params = JSON.parse(params); return { url: toAbsoluteUrl(activeBaseUrl()), options: { method: "POST", headers, body: JSON.stringify(payload) }, requestBody: JSON.stringify(payload, null, 2) }; }
-        async function sendCurrentRequest() { const operation = activeOperation(); if (!operation) return; const button = $("send-request"); button.disabled = true; button.textContent = "Sending"; const started = performance.now(); try { const request = buildRequest(operation); const response = await fetch(request.url, request.options); const duration = Math.round(performance.now() - started); const text = await response.text(); let body = text; try { body = JSON.parse(text); } catch (_) {} const headers = Object.fromEntries(response.headers.entries()); const isRpcError = operation.protocol === "jsonrpc" && body && body.error; const statusText = `${response.status} ${response.statusText || ""}`.trim(); state.lastResponse = { body: jsonPretty(body), headers: jsonPretty(headers), request: jsonPretty({ url: request.url, method: request.options.method, headers: request.options.headers, body: request.requestBody ? JSON.parse(request.requestBody) : undefined }) }; $("response-status").className = `status ${response.ok && !isRpcError ? "ok" : response.status < 500 ? "warn" : "err"}`; $("response-status").textContent = isRpcError ? "RPC error" : statusText; $("response-meta").textContent = `${operation.method} ${operation.label} - ${duration}ms`; state.history.unshift({ title: `${operation.method} ${operation.label}`, status: isRpcError ? "RPC error" : statusText, duration, createdAt: Date.now(), snapshot: currentRequestSnapshot() }); state.history = state.history.slice(0, 30); storageSet("history", state.history); renderHistory(); renderResponseOutput(); } catch (error) { $("response-status").className = "status err"; $("response-status").textContent = "Failed"; state.lastResponse = { body: error.message, headers: "", request: "" }; renderResponseOutput(); showToast(error.message); } finally { button.disabled = false; button.textContent = "Send"; } }
-        function renderResponseOutput() { $("response-output").textContent = state.lastResponse[state.responseTab] || ""; }
-        function saveCurrentRequest() { const operation = activeOperation(); const snapshot = currentRequestSnapshot(); if (!operation || !snapshot) return; const name = prompt("Saved request name", operation.label); if (!name) return; state.saved[operation.id] = state.saved[operation.id] || []; state.saved[operation.id].unshift({ name, snapshot, createdAt: Date.now() }); storageSet("saved", state.saved); renderSaved(); }
-        async function loadSpec() { $("service-name").textContent = `${CONFIG.serviceName} Explorer`; $("service-subtitle").textContent = CONFIG.protocol === "rest" ? "REST OpenAPI" : "JSON-RPC OpenRPC"; const response = await fetch(CONFIG.specPath, { headers: { Accept: "application/json" } }); if (!response.ok) throw new Error(`Failed to load API specification: ${response.status}`); state.spec = await response.json(); state.operations = CONFIG.protocol === "rest" ? normalizeOpenApi(state.spec) : normalizeOpenRpc(state.spec); renderOperations(); if (state.operations.length) selectOperation(state.operations[0].id); }
-        function bindEvents() { $("theme-toggle").addEventListener("click", () => { const current = document.documentElement.getAttribute("data-theme"); setTheme(current === "dark" ? "light" : "dark"); }); $("operation-search").addEventListener("input", renderOperations); $("environment-select").addEventListener("change", (event) => { state.activeEnvironment = Number(event.target.value); storageSet("activeEnvironment", state.activeEnvironment); renderEnvironments(); updateRequestUrl(); }); $("base-url").addEventListener("input", (event) => { state.environments[state.activeEnvironment].baseUrl = event.target.value; storageSet("environments", state.environments); updateRequestUrl(); }); $("add-environment").addEventListener("click", () => { const name = prompt("Environment name", `Env ${state.environments.length + 1}`); if (!name) return; state.environments.push({ name, baseUrl: activeBaseUrl() }); state.activeEnvironment = state.environments.length - 1; storageSet("environments", state.environments); storageSet("activeEnvironment", state.activeEnvironment); renderEnvironments(); }); $("save-token").addEventListener("click", () => { state.token = $("jwt-token").value.trim(); storageSet("bearer-token", state.token); $("auth-state").textContent = state.token ? "Token set" : "No token"; showToast(state.token ? "Token applied for this session" : "Token cleared"); }); $("clear-token").addEventListener("click", () => { state.token = ""; $("jwt-token").value = ""; sessionStorage.removeItem(`${storagePrefix}:bearer-token`); $("auth-state").textContent = "No token"; }); $("send-request").addEventListener("click", sendCurrentRequest); $("save-request").addEventListener("click", saveCurrentRequest); $("clear-saved").addEventListener("click", () => { const operation = activeOperation(); if (operation) { state.saved[operation.id] = []; storageSet("saved", state.saved); renderSaved(); } }); $("clear-history").addEventListener("click", () => { state.history = []; storageSet("history", state.history); renderHistory(); }); $("copy-response").addEventListener("click", async () => { await navigator.clipboard.writeText($("response-output").textContent); showToast("Copied response"); }); document.querySelectorAll("[data-response-tab]").forEach((tab) => tab.addEventListener("click", () => { state.responseTab = tab.dataset.responseTab; document.querySelectorAll("[data-response-tab]").forEach((item) => item.classList.toggle("active", item === tab)); renderResponseOutput(); })); }
-        document.addEventListener("DOMContentLoaded", async () => { initializeTheme(); state.environments = storageGet("environments", [{ name: "Default", baseUrl: CONFIG.apiBasePath || "/" }]); state.activeEnvironment = storageGet("activeEnvironment", 0); state.saved = storageGet("saved", {}); state.history = storageGet("history", []); state.token = storageGet("bearer-token", ""); $("jwt-token").value = state.token; $("auth-state").textContent = state.token ? "Token set" : "No token"; bindEvents(); renderEnvironments(); renderHistory(); renderSaved(); try { await loadSpec(); } catch (error) { $("operation-list").innerHTML = ""; const empty = document.createElement("div"); empty.className = "empty"; empty.textContent = error.message; $("operation-list").appendChild(empty); showToast(error.message); } });
-    </script>
-</body>
-</html>
diff --git a/crates/rpc/ras-jsonrpc-macro/src/static_hosting.rs b/crates/rpc/ras-jsonrpc-macro/src/static_hosting.rs
index f2eb4b6..5dc0807 100644
--- a/crates/rpc/ras-jsonrpc-macro/src/static_hosting.rs
+++ b/crates/rpc/ras-jsonrpc-macro/src/static_hosting.rs
@@ -29,7 +29,8 @@ pub fn generate_static_hosting_code(
         return TokenStream::new();
     }
 
-    const TEMPLATE_CONTENT: &str = include_str!("api_explorer_template.html");
+    const TEMPLATE_CONTENT: &str =
+        include_str!("../../../rest/ras-rest-macro/src/api_explorer_template.html");
 
     let explorer_path_suffix = &config.explorer_path;
     let service_name_str = service_name.to_string();
@@ -50,22 +51,26 @@ pub fn generate_static_hosting_code(
             let explorer_path = format!("{}{}", base_path, #explorer_path_suffix);
             let openrpc_path = format!("{}/openrpc.json", &explorer_path);
 
+            let explorer_html = {
+                const TEMPLATE: &str = #template_lit;
+                let config_json = ::serde_json::json!({
+                    "serviceName": #service_name_str,
+                    "protocol": "jsonrpc",
+                    "specPath": &openrpc_path,
+                    "apiBasePath": base_path
+                })
+                .to_string()
+                .replace("<", "\\u003c");
+
+                ::std::sync::Arc::new(TEMPLATE.replace("{EXPLORER_CONFIG_JSON}", &config_json))
+            };
+
             let serve_explorer = {
-                let base_path = base_path.to_string();
-                let openrpc_path = openrpc_path.clone();
+                let explorer_html = explorer_html.clone();
                 move || {
-                    let base_path = base_path.clone();
-                    let openrpc_path = openrpc_path.clone();
+                    let explorer_html = explorer_html.clone();
                     async move {
-                        const TEMPLATE: &str = #template_lit;
-
-                        let html = TEMPLATE
-                            .replace("{SERVICE_NAME_JSON}", &::serde_json::to_string(#service_name_str).unwrap_or_else(|_| "\"API\"".to_string()))
-                            .replace("{PROTOCOL_JSON}", &::serde_json::to_string("jsonrpc").unwrap_or_else(|_| "\"jsonrpc\"".to_string()))
-                            .replace("{SPEC_PATH_JSON}", &::serde_json::to_string(&openrpc_path).unwrap_or_else(|_| "\"openrpc.json\"".to_string()))
-                            .replace("{API_BASE_PATH_JSON}", &::serde_json::to_string(&base_path).unwrap_or_else(|_| "\"/\"".to_string()));
-
-                        Html(html)
+                        Html((*explorer_html).clone())
                     }
                 }
             };
diff --git a/crates/rpc/ras-jsonrpc-macro/tests/explorer_test.rs b/crates/rpc/ras-jsonrpc-macro/tests/explorer_test.rs
index 4d0c0d1..31ebd6d 100644
--- a/crates/rpc/ras-jsonrpc-macro/tests/explorer_test.rs
+++ b/crates/rpc/ras-jsonrpc-macro/tests/explorer_test.rs
@@ -62,9 +62,9 @@ mod tests {
 
         let content = response.text().await.unwrap();
         assert!(content.contains("\"UserService\""));
-        assert!(content.contains("Bearer token"));
-        assert!(content.contains("Saved requests"));
-        assert!(content.contains("History"));
+        assert!(content.contains("id=\"jwt-token\""));
+        assert!(content.contains("id=\"saved-list\""));
+        assert!(content.contains("id=\"history-list\""));
         assert!(content.contains("\"jsonrpc\""));
 
         // Test that the OpenRPC document is accessible
diff --git a/crates/rpc/ras-jsonrpc-macro/tests/explorer_token_storage_test.rs b/crates/rpc/ras-jsonrpc-macro/tests/explorer_token_storage_test.rs
index 5c92e87..6d51852 100644
--- a/crates/rpc/ras-jsonrpc-macro/tests/explorer_token_storage_test.rs
+++ b/crates/rpc/ras-jsonrpc-macro/tests/explorer_token_storage_test.rs
@@ -1,6 +1,6 @@
 #[test]
 fn test_generated_explorer_does_not_store_jwt_in_local_storage() {
-    let template = include_str!("../src/api_explorer_template.html");
+    let template = include_str!("../../../rest/ras-rest-macro/src/api_explorer_template.html");
     assert!(!template.contains("localStorage.getItem('jwt-token')"));
     assert!(!template.contains("localStorage.setItem('jwt-token'"));
     assert!(!template.contains("localStorage.removeItem('jwt-token'"));
diff --git a/tests/playwright/README.md b/tests/playwright/README.md
index e23142c..5510af7 100644
--- a/tests/playwright/README.md
+++ b/tests/playwright/README.md
@@ -22,6 +22,12 @@ The fixtures use:
 - REST: `http://127.0.0.1:3101/api/v1/docs`
 - JSON-RPC: `http://127.0.0.1:3102/rpc/explorer`
 
+To avoid local port collisions, override the ports before running the suite:
+
+```bash
+PLAYWRIGHT_REST_PORT=3201 PLAYWRIGHT_JSONRPC_PORT=3202 npm --prefix tests/playwright test
+```
+
 Test tokens:
 
 - `user-token`
diff --git a/tests/playwright/fixtures/jsonrpc-fixture/src/main.rs b/tests/playwright/fixtures/jsonrpc-fixture/src/main.rs
index 18fa869..a690edb 100644
--- a/tests/playwright/fixtures/jsonrpc-fixture/src/main.rs
+++ b/tests/playwright/fixtures/jsonrpc-fixture/src/main.rs
@@ -98,7 +98,9 @@ async fn main() -> Result<()> {
         .expect("fixture JSON-RPC service should build");
 
     let app = Router::new().merge(rpc_router);
-    let listener = tokio::net::TcpListener::bind("127.0.0.1:3102").await?;
+    let bind_addr =
+        std::env::var("PLAYWRIGHT_JSONRPC_ADDR").unwrap_or_else(|_| "127.0.0.1:3102".to_string());
+    let listener = tokio::net::TcpListener::bind(&bind_addr).await?;
     axum::serve(listener, app).await?;
 
     Ok(())
diff --git a/tests/playwright/fixtures/rest-fixture/src/main.rs b/tests/playwright/fixtures/rest-fixture/src/main.rs
index 253fa84..b97c40d 100644
--- a/tests/playwright/fixtures/rest-fixture/src/main.rs
+++ b/tests/playwright/fixtures/rest-fixture/src/main.rs
@@ -139,7 +139,9 @@ async fn main() -> Result<()> {
         .auth_provider(FixtureAuthProvider)
         .build();
 
-    let listener = tokio::net::TcpListener::bind("127.0.0.1:3101").await?;
+    let bind_addr =
+        std::env::var("PLAYWRIGHT_REST_ADDR").unwrap_or_else(|_| "127.0.0.1:3101".to_string());
+    let listener = tokio::net::TcpListener::bind(&bind_addr).await?;
     axum::serve(listener, app).await?;
 
     Ok(())
diff --git a/tests/playwright/playwright.config.ts b/tests/playwright/playwright.config.ts
index 2d66581..0126e22 100644
--- a/tests/playwright/playwright.config.ts
+++ b/tests/playwright/playwright.config.ts
@@ -1,5 +1,8 @@
 import { defineConfig, devices } from '@playwright/test';
 
+const restPort = process.env.PLAYWRIGHT_REST_PORT ?? '3101';
+const jsonrpcPort = process.env.PLAYWRIGHT_JSONRPC_PORT ?? '3102';
+
 export default defineConfig({
   testDir: './tests',
   fullyParallel: false,
@@ -22,16 +25,16 @@ export default defineConfig({
   ],
   webServer: [
     {
-      command: 'cargo run -p playwright-rest-fixture',
-      url: 'http://127.0.0.1:3101/api/v1/docs/openapi.json',
+      command: `PLAYWRIGHT_REST_ADDR=127.0.0.1:${restPort} cargo run -p playwright-rest-fixture`,
+      url: `http://127.0.0.1:${restPort}/api/v1/docs/openapi.json`,
       reuseExistingServer: !process.env.CI,
-      timeout: 120_000
+      timeout: 240_000
     },
     {
-      command: 'cargo run -p playwright-jsonrpc-fixture',
-      url: 'http://127.0.0.1:3102/rpc/explorer/openrpc.json',
+      command: `PLAYWRIGHT_JSONRPC_ADDR=127.0.0.1:${jsonrpcPort} cargo run -p playwright-jsonrpc-fixture`,
+      url: `http://127.0.0.1:${jsonrpcPort}/rpc/explorer/openrpc.json`,
       reuseExistingServer: !process.env.CI,
-      timeout: 120_000
+      timeout: 240_000
     }
   ]
 });
diff --git a/tests/playwright/tests/jsonrpc-explorer.spec.ts b/tests/playwright/tests/jsonrpc-explorer.spec.ts
index b90e54c..d10376e 100644
--- a/tests/playwright/tests/jsonrpc-explorer.spec.ts
+++ b/tests/playwright/tests/jsonrpc-explorer.spec.ts
@@ -1,6 +1,7 @@
 import { expect, test, type Page } from '@playwright/test';
 
-const RPC_URL = 'http://127.0.0.1:3102/rpc/explorer';
+const RPC_PORT = process.env.PLAYWRIGHT_JSONRPC_PORT ?? '3102';
+const RPC_URL = `http://127.0.0.1:${RPC_PORT}/rpc/explorer`;
 
 async function selectMethod(page: Page, name: string) {
   await page.locator('.op').filter({ hasText: name }).click();
@@ -34,7 +35,7 @@ test.describe('JSON-RPC API explorer', () => {
     await selectMethod(page, 'ping');
     await expect(page.locator('#params-editor')).toBeVisible();
     await page.locator('#params-editor').fill(JSON.stringify({ message: 'hello' }, null, 2));
-    await expect(page.locator('#request-url')).toHaveText('http://127.0.0.1:3102/rpc');
+    await expect(page.locator('#request-url')).toHaveText(`http://127.0.0.1:${RPC_PORT}/rpc`);
 
     await selectMethod(page, 'no_params');
     await expect(page.locator('#params-editor')).toHaveCount(0);
@@ -110,4 +111,13 @@ test.describe('JSON-RPC API explorer', () => {
     const sessionStorageValues = await page.evaluate(() => Object.values(sessionStorage).join('\n'));
     expect(sessionStorageValues).toContain('admin-token');
   });
+
+  test('persists theme preference in localStorage', async ({ page }) => {
+    await page.locator('#theme-toggle').click();
+    await expect(page.locator('html')).toHaveAttribute('data-theme', 'light');
+    await page.reload();
+    await expect(page.locator('html')).toHaveAttribute('data-theme', 'light');
+    const theme = await page.evaluate(() => localStorage.getItem('ras-explorer-theme'));
+    expect(theme).toBe('light');
+  });
 });
diff --git a/tests/playwright/tests/rest-explorer.spec.ts b/tests/playwright/tests/rest-explorer.spec.ts
index b3361d2..d42a983 100644
--- a/tests/playwright/tests/rest-explorer.spec.ts
+++ b/tests/playwright/tests/rest-explorer.spec.ts
@@ -1,6 +1,7 @@
 import { expect, test, type Page } from '@playwright/test';
 
-const REST_URL = 'http://127.0.0.1:3101/api/v1/docs';
+const REST_PORT = process.env.PLAYWRIGHT_REST_PORT ?? '3101';
+const REST_URL = `http://127.0.0.1:${REST_PORT}/api/v1/docs`;
 
 async function selectOperation(page: Page, method: string, path: string) {
   await page.locator('.op').filter({ hasText: method }).filter({ hasText: path }).click();
@@ -74,6 +75,18 @@ test.describe('REST API explorer', () => {
     await expect(page.locator('#response-output')).toContainText('Created From UI');
   });
 
+  test('shows permission denied responses for insufficient token permissions', async ({ page }) => {
+    await selectOperation(page, 'POST', '/widgets');
+    await page.locator('#body-editor').fill(JSON.stringify({ name: 'Denied Widget', owner: 'playwright' }, null, 2));
+    await page.locator('#jwt-token').fill('user-token');
+    await page.locator('#save-token').click();
+    await expect(page.locator('#auth-state')).toContainText('Token set');
+
+    await send(page);
+    await expect(page.locator('#response-status')).toContainText('403');
+    await expect(page.locator('#history-list')).toContainText('403');
+  });
+
   test('saves requests, restores history, and keeps tokens out of localStorage', async ({ page }) => {
     await selectOperation(page, 'POST', '/widgets');
     await page.locator('#jwt-token').fill('admin-token');

From 67a632ba22983b6b2102fe1cb8f4f3862a9ce52c Mon Sep 17 00:00:00 2001
From: Mathias Myrland <jedimemo@gmail.com>
Date: Sat, 25 Apr 2026 21:13:43 +0200
Subject: [PATCH 3/3] Fix benchmark workflow bench target invocation

---
 .github/workflows/bench.yml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml
index f2f8d51..ead5953 100644
--- a/.github/workflows/bench.yml
+++ b/.github/workflows/bench.yml
@@ -30,18 +30,19 @@ jobs:
         run: |
           set -euo pipefail
           mkdir -p bench-output
-          for crate in \
-            ras-jsonrpc-macro \
-            ras-rest-macro \
-            ras-file-macro \
-            ras-jsonrpc-bidirectional-macro
+          while read -r crate bench
           do
-            echo "::group::$crate"
-            cargo bench -p "$crate" -- \
+            echo "::group::$crate/$bench"
+            cargo bench -p "$crate" --bench "$bench" -- \
               --warm-up-time 1 --measurement-time 3 \
-              | tee "bench-output/$crate.txt"
+              | tee "bench-output/$crate-$bench.txt"
             echo "::endgroup::"
-          done
+          done <<'BENCHES'
+          ras-jsonrpc-macro dispatch
+          ras-rest-macro dispatch
+          ras-file-macro streaming
+          ras-jsonrpc-bidirectional-macro roundtrip
+          BENCHES
       - name: Upload bench artifacts
         if: always()
         uses: actions/upload-artifact@v4