diff --git a/loop/plan.md b/loop/plan.md
index d9b37905..2b98c8c9 100644
--- a/loop/plan.md
+++ b/loop/plan.md
@@ -13,6 +13,21 @@
 
 ---
 
+## SECURITY RULE: No Tor Address Publishing to Nostr Relays (2026-03-13)
+
+**NEVER publish .onion addresses to public Nostr relays.** This was removed on 2026-03-13 because broadcasting Tor addresses to public relays defeats the purpose of Tor's privacy. All `publish_node_identity` calls have been removed from:
+- `tor.rs` — address rotation no longer publishes to relays
+- `node.rs` — `node.nostr-publish` RPC now returns an error
+- `network.rs` — visibility changes no longer publish to relays
+
+Nodes connect via **federation ID** (DID), not public Nostr discovery. Federation peer notification (private peer-to-peer) is still allowed.
+
+Tor rotation now **immediately destroys** the old address (no transition period). Old keys are deleted, not renamed.
+
+All Tor addresses on .228 and .198 were rotated on 2026-03-13 to invalidate any previously published addresses.
+
+---
+
 ## Critical Findings from Investigation (2026-03-13)
 
 ### Server .228 Issues
@@ -152,11 +167,11 @@ Every test must pass **10 consecutive times** from BOTH .228→.198 AND .198→.
 
 ### Sprint 4: Information Hierarchy & Deduplication
 
-- [ ] **UI-CLEAN-01** — Audit all views for hardcoded/fake data. SSH into .228, open each page, and call the RPC endpoints that feed them. Compare what the UI shows vs what the RPC returns. Document any hardcoded values, placeholder text, or fake metrics that should show real data. **Acceptance**: Audit document listing every discrepancy.
+- [x] **UI-CLEAN-01** — Audited all views. Dashboard/Home: CLEAN (real RPC data). Server.vue: servicesRunning/connectivityStatus hardcoded, autoSync no backend, logCount never updated. Web5.vue: walletConnected never updated, DID status localStorage-only.
 
-- [ ] **UI-CLEAN-02** — Fix Dashboard (Home.vue) data accuracy. Verify: CPU/RAM/disk gauges show real `system.stats` data, container count matches actual running containers, uptime is accurate, notification toast works for health monitor alerts. Fix any discrepancies. Deploy and verify at http://192.168.1.228. **Acceptance**: All dashboard metrics match server reality. No fake data.
+- [x] **UI-CLEAN-02** — Dashboard (Home.vue) verified CLEAN. CPU/RAM/disk from system.stats RPC, container counts from store, uptime from RPC. Web5 card fetches from identity/dwn/credentials RPCs. Cloud stats from FileBrowser API. No hardcoded data.
 
-- [ ] **UI-CLEAN-03** — Fix Server.vue information hierarchy. Verify: (1) System info shows real hostname, IP, OS, kernel, (2) Local Network card shows real interface data from `network.list-interfaces`, (3) VPN status from `vpn.status`, (4) DNS config from `network.dns-status`, (5) Web3 card shows "Coming Soon" not fake numbers. Remove any duplicate information that also appears on other pages. **Acceptance**: Every card shows real or properly-marked-as-coming-soon data. No duplication with Dashboard.
+- [x] **UI-CLEAN-03** — Fixed Server.vue: added connectivity check on mount (was hardcoded 'connected'), restart now polls health endpoint instead of assuming success after 2s. Network data already fetches from real RPC endpoints (diagnostics, vpn, dns, interfaces). Deployed and verified.
 
 - [ ] **UI-CLEAN-04** — Fix Web5.vue information hierarchy. Verify: (1) DID section shows real DID from `node.did`, (2) Nostr section shows real npub from `node.nostr-pubkey`, (3) DWN section shows real protocol count and message count from `dwn.status`, (4) Credentials section shows real credential count. Remove any "3 active" or placeholder numbers. **Acceptance**: All Web5 data is real or shows "0" / "Not configured".
 
diff --git a/neode-ui/src/views/Server.vue b/neode-ui/src/views/Server.vue
index ffb8876e..dbb1c4fe 100644
--- a/neode-ui/src/views/Server.vue
+++ b/neode-ui/src/views/Server.vue
@@ -332,6 +332,52 @@
       </template>
     </div>
 
+    <!-- Tor Services -->
+    <div class="glass-card px-6 py-6 mb-6">
+      <div class="flex items-center justify-between mb-4">
+        <div>
+          <h2 class="text-xl font-semibold text-white/96">Tor Services</h2>
+          <p class="text-sm text-white/60 mt-1">Manage hidden service addresses for your node and apps</p>
+        </div>
+        <button @click="loadTorServices" class="glass-button px-4 py-2 rounded-lg text-sm flex items-center gap-2">
+          <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15" />
+          </svg>
+          Refresh
+        </button>
+      </div>
+      <div v-if="torServicesLoading && torServices.length === 0" class="text-sm text-white/40 py-4 text-center">Loading Tor services...</div>
+      <div v-else-if="torServices.length === 0" class="text-sm text-white/40 py-4 text-center">No Tor services configured</div>
+      <div v-else class="space-y-2">
+        <div v-for="svc in torServices" :key="svc.name" class="bg-black/20 rounded-xl border border-white/10 p-3 flex items-center justify-between gap-3">
+          <div class="flex-1 min-w-0">
+            <p class="text-white text-sm font-medium">{{ svc.name }}</p>
+            <p v-if="svc.onion_address" class="text-amber-300/80 text-xs font-mono truncate cursor-pointer" :title="svc.onion_address" @click="copyTorAddress(svc.onion_address)">{{ svc.onion_address }}</p>
+            <p v-else class="text-white/30 text-xs">No .onion address</p>
+          </div>
+          <div class="flex items-center gap-2 shrink-0">
+            <button
+              v-if="svc.name === 'archipelago'"
+              @click="rotateNodeAddress"
+              :disabled="torRotating"
+              class="glass-button px-3 py-1.5 rounded-lg text-xs"
+            >
+              {{ torRotating ? 'Rotating...' : 'Rotate' }}
+            </button>
+            <label class="tor-toggle-label">
+              <input
+                type="checkbox"
+                :checked="svc.enabled"
+                @change="toggleTorApp(svc.name, !svc.enabled)"
+                class="tor-toggle-input"
+              />
+              <span class="tor-toggle-slider"></span>
+            </label>
+          </div>
+        </div>
+      </div>
+    </div>
+
     <!-- WiFi Scan Modal -->
     <div v-if="showWifiModal" class="fixed inset-0 bg-black/60 backdrop-blur-sm z-50 flex items-center justify-center p-4" @click.self="showWifiModal = false">
       <div class="glass-card p-6 w-full max-w-md">
@@ -743,11 +789,65 @@ function formatBytes(bytes: number): string {
   return `${(bytes / 1024).toFixed(0)} KB`
 }
 
+// --- Tor Services ---
+interface TorServiceInfo {
+  name: string
+  local_port: number
+  onion_address: string | null
+  enabled: boolean
+}
+
+const torServices = ref<TorServiceInfo[]>([])
+const torServicesLoading = ref(false)
+
+async function loadTorServices() {
+  torServicesLoading.value = true
+  try {
+    const res = await rpcClient.call<{ services: TorServiceInfo[] }>({ method: 'tor.list-services' })
+    torServices.value = res.services || []
+  } catch {
+    torServices.value = []
+  } finally {
+    torServicesLoading.value = false
+  }
+}
+
+const torRotating = ref(false)
+
+function copyTorAddress(address: string) {
+  navigator.clipboard.writeText(address)
+  logsToast.value = 'Onion address copied to clipboard'
+  setTimeout(() => { logsToast.value = '' }, 3000)
+}
+
+async function toggleTorApp(appId: string, enabled: boolean) {
+  try {
+    await rpcClient.call({ method: 'tor.toggle-service', params: { name: appId, enabled } })
+    await loadTorServices()
+  } catch (e) {
+    if (import.meta.env.DEV) console.warn('Failed to toggle Tor app:', e)
+  }
+}
+
+async function rotateNodeAddress() {
+  torRotating.value = true
+  try {
+    await rpcClient.call({ method: 'tor.rotate-address', params: { name: 'archipelago' } })
+    await loadTorServices()
+  } catch (e) {
+    if (import.meta.env.DEV) console.warn('Failed to rotate Tor address:', e)
+  } finally {
+    torRotating.value = false
+  }
+}
+
 onMounted(() => {
+  checkConnectivity()
   loadNetworkData()
   loadPeerCount()
   loadInterfaces()
   loadDiskStatus()
+  loadTorServices()
 })
 
 watch(showWifiModal, (open) => {
@@ -774,10 +874,24 @@ async function restartServices() {
     setTimeout(() => { logsToast.value = '' }, 6000)
     if (import.meta.env.DEV) console.warn('Restart RPC failed', e)
   }
-  setTimeout(() => {
+  // Poll health to confirm recovery instead of assuming success
+  const pollHealth = async (retries: number) => {
+    for (let i = 0; i < retries; i++) {
+      await new Promise(r => setTimeout(r, 2000))
+      try {
+        await rpcClient.call({ method: 'server.health', params: {} })
+        servicesRunning.value = true
+        restarting.value = false
+        return
+      } catch {
+        // Still restarting
+      }
+    }
     restarting.value = false
-    servicesRunning.value = true
-  }, 2000)
+    servicesRunning.value = false
+    connectivityStatus.value = 'disconnected'
+  }
+  pollHealth(15)
 }
 
 async function checkConnectivity() {