- add explicit access modes so remote users see setup guidance instead of an ambiguous login
- redesign the login page with remote setup messaging, password visibility, and light/dark controls
- cover the access-state contract and login UI with focused tests