diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7ea27f8..6e084e2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,12 +12,10 @@ CalVer image tags (`stable-YYYY.MM.N`, `dev-YYYY.MM.N`) are produced for every C
 
 ### Added
 
-- Admin-editable banner on `/setup` page — admins can author a Jinja2/HTML banner displayed above the auto-generated bootstrap commands. Empty by default (no banner shown). Edit at `/admin/setup-banner`. Endpoints: `GET /api/admin/setup-banner` (returns content + audit), `PUT` to set, `DELETE` to clear, `POST /api/admin/setup-banner/preview` for live preview. Useful for org-specific notes: VPN requirements, support channel, data classification, platform prerequisites. See `docs/setup-banner.md` for the full placeholder reference and security notes.
-- DuckDB schema v22: `setup_banner` singleton table for the per-instance banner. Auto-migration v21→v22 on first start.
-- Customizable analyst welcome prompt (`CLAUDE.md` generated by `da analyst setup`). Default ships at `config/claude_md_template.txt` (now Jinja2 syntax). Admins override per instance via the `/admin/welcome` editor or `PUT /api/admin/welcome-template`. New endpoint `GET /api/welcome` returns the rendered prompt for the calling user, with `marketplaces` filtered by RBAC. See `docs/welcome-template.md` for the full placeholder reference.
-- `POST /api/admin/welcome-template/preview` — renders arbitrary template content against the calling admin's live context without persisting. Backs the editor's Preview button.
+- **Agent Setup Prompt** — admins can customise the `CLAUDE.md` generated for analysts by `da analyst setup`. Default ships at `config/claude_md_template.txt` (Jinja2 syntax). Edit at `/admin/agent-prompt` or via REST: `GET /api/admin/welcome-template` returns `{content, default, updated_at, updated_by}`; `PUT` to set; `DELETE` to clear; `POST /api/admin/welcome-template/preview` for live preview without persisting. `GET /api/welcome` returns the prompt rendered for the calling user (RBAC-filtered `marketplaces`). See `docs/agent-setup-prompt.md` for the full placeholder reference.
 - DuckDB schema v21: `welcome_template` singleton table for the per-instance override. Auto-migration v20→v21 on first start.
-- New `instance.sync_interval` setting in `instance.yaml` (default `"1 hour"`) — surfaced in the welcome prompt as `{{ sync_interval }}`.
+- DuckDB schema v22: reserved (`setup_banner` table retained for forward compatibility with already-migrated instances; feature dropped).
+- New `instance.sync_interval` setting in `instance.yaml` (default `"1 hour"`) — surfaced in the agent setup prompt as `{{ sync_interval }}`.
 
 ### Changed
 
diff --git a/app/api/setup_banner.py b/app/api/setup_banner.py
deleted file mode 100644
index 9456098..0000000
--- a/app/api/setup_banner.py
+++ /dev/null
@@ -1,114 +0,0 @@
-"""REST endpoints for the setup-page banner.
-
-- GET  /api/admin/setup-banner         : raw content + audit info (admin)
-- PUT  /api/admin/setup-banner         : set banner (admin)
-- DELETE /api/admin/setup-banner       : clear banner (admin)
-- POST /api/admin/setup-banner/preview : preview arbitrary content (admin)
-"""
-
-import datetime
-from typing import Optional
-
-import duckdb
-from fastapi import APIRouter, Depends, HTTPException, Request, Response
-from jinja2 import Environment, StrictUndefined, TemplateError
-from pydantic import BaseModel, Field
-
-from app.auth.access import require_admin
-from app.auth.dependencies import _get_db
-from src.repositories.setup_banner import SetupBannerRepository
-from src.setup_banner import build_setup_banner_context
-
-
-router = APIRouter(tags=["setup-banner"])
-
-# Stub context used to validate that a saved template renders end-to-end,
-# not just that it parses. Mirrors the shape of build_setup_banner_context() output.
-_VALIDATION_STUB_CONTEXT = {
-    "instance": {"name": "Example", "subtitle": "Example Org"},
-    "server": {"url": "https://example.com", "hostname": "example.com"},
-    "user": {"id": "u", "email": "user@example.com", "name": "User", "is_admin": False},
-    "now": datetime.datetime(2026, 1, 1, tzinfo=datetime.timezone.utc),
-    "today": "2026-01-01",
-}
-
-
-class BannerGetResponse(BaseModel):
-    content: Optional[str]
-    updated_at: Optional[str] = None
-    updated_by: Optional[str] = None
-
-
-class BannerPutRequest(BaseModel):
-    content: str = Field(..., min_length=1, max_length=200_000)
-
-
-class BannerPreviewRequest(BaseModel):
-    content: str = Field(..., min_length=1, max_length=200_000)
-
-
-class BannerPreviewResponse(BaseModel):
-    content: str
-
-
-@router.get("/api/admin/setup-banner", response_model=BannerGetResponse)
-async def admin_get_banner(
-    user: dict = Depends(require_admin),
-    conn: duckdb.DuckDBPyConnection = Depends(_get_db),
-):
-    row = SetupBannerRepository(conn).get()
-    return BannerGetResponse(
-        content=row["content"],
-        updated_at=row["updated_at"].isoformat() if row["updated_at"] else None,
-        updated_by=row["updated_by"],
-    )
-
-
-@router.put("/api/admin/setup-banner")
-async def admin_put_banner(
-    payload: BannerPutRequest,
-    user: dict = Depends(require_admin),
-    conn: duckdb.DuckDBPyConnection = Depends(_get_db),
-):
-    env = Environment(undefined=StrictUndefined, autoescape=True)
-    try:
-        template = env.from_string(payload.content)
-        # Render against a stub context so undefined placeholders or runtime
-        # errors are caught here, not when an analyst visits /setup.
-        template.render(**_VALIDATION_STUB_CONTEXT)
-    except TemplateError as e:
-        raise HTTPException(status_code=400, detail=f"Template invalid: {e}")
-    SetupBannerRepository(conn).set(payload.content, updated_by=user["email"])
-    return {"status": "ok"}
-
-
-@router.delete("/api/admin/setup-banner", status_code=204)
-async def admin_reset_banner(
-    user: dict = Depends(require_admin),
-    conn: duckdb.DuckDBPyConnection = Depends(_get_db),
-):
-    SetupBannerRepository(conn).reset(updated_by=user["email"])
-    return Response(status_code=204)
-
-
-@router.post("/api/admin/setup-banner/preview", response_model=BannerPreviewResponse)
-async def admin_preview_banner(
-    payload: BannerPreviewRequest,
-    request: Request,
-    user: dict = Depends(require_admin),
-    conn: duckdb.DuckDBPyConnection = Depends(_get_db),
-):
-    """Render arbitrary banner content against the live context for the
-    calling admin, without persisting. Used by the /admin/setup-banner editor's
-    Preview button so admins can see their edits before saving."""
-    env = Environment(undefined=StrictUndefined, autoescape=True)
-    try:
-        template = env.from_string(payload.content)
-        ctx = build_setup_banner_context(
-            user=user,
-            server_url=str(request.base_url).rstrip("/"),
-        )
-        rendered = template.render(**ctx)
-    except TemplateError as e:
-        raise HTTPException(status_code=400, detail=f"Template invalid: {e}")
-    return BannerPreviewResponse(content=rendered)
diff --git a/app/main.py b/app/main.py
index 38e4476..296135b 100644
--- a/app/main.py
+++ b/app/main.py
@@ -122,7 +122,6 @@ from app.api.v2_sample import router as v2_sample_router
 from app.api.v2_scan import router as v2_scan_router
 from app.api.marketplaces import router as marketplaces_router
 from app.api.welcome import router as welcome_router
-from app.api.setup_banner import router as setup_banner_router
 from app.marketplace_server.router import router as marketplace_server_router
 from app.marketplace_server.git_router import make_git_wsgi_app
 from app.web.router import router as web_router
@@ -530,7 +529,6 @@ def create_app() -> FastAPI:
     app.include_router(v2_scan_router)
     app.include_router(marketplaces_router)
     app.include_router(welcome_router)
-    app.include_router(setup_banner_router)
     app.include_router(marketplace_server_router)
 
     # Git smart-HTTP endpoint for Claude Code: /marketplace.git/*
diff --git a/app/web/router.py b/app/web/router.py
index 962f746..0ab31b7 100644
--- a/app/web/router.py
+++ b/app/web/router.py
@@ -727,17 +727,13 @@ async def setup_page(
     conn: duckdb.DuckDBPyConnection = Depends(_get_db),
 ):
     """Setup instructions for the local agent (CLI + Claude Code)."""
-    from src.setup_banner import render_setup_banner
-
     base_url = str(request.base_url).rstrip("/")
-    banner_html = render_setup_banner(conn, user=user, server_url=base_url)
     ctx = _build_context(
         request,
         user=user,
         conn=conn,
         server_url=base_url,
         agnes_version=os.environ.get("AGNES_VERSION", "dev"),
-        banner_html=banner_html,
     )
     return templates.TemplateResponse(request, "install.html", ctx)
 
@@ -898,8 +894,8 @@ async def admin_marketplaces_page(
     return templates.TemplateResponse(request, "admin_marketplaces.html", ctx)
 
 
-@router.get("/admin/welcome", response_class=HTMLResponse)
-async def admin_welcome_page(
+@router.get("/admin/agent-prompt", response_class=HTMLResponse)
+async def admin_agent_prompt_page(
     request: Request,
     user: dict = Depends(require_admin),
     conn: duckdb.DuckDBPyConnection = Depends(_get_db),
@@ -920,25 +916,6 @@ async def admin_welcome_page(
     return templates.TemplateResponse(request, "admin_welcome.html", ctx)
 
 
-@router.get("/admin/setup-banner", response_class=HTMLResponse)
-async def admin_setup_banner_page(
-    request: Request,
-    user: dict = Depends(require_admin),
-    conn: duckdb.DuckDBPyConnection = Depends(_get_db),
-):
-    from src.repositories.setup_banner import SetupBannerRepository
-
-    row = SetupBannerRepository(conn).get()
-    ctx = _build_context(
-        request,
-        user=user,
-        current=row["content"] or "",
-        updated_at=row["updated_at"],
-        updated_by=row["updated_by"],
-        is_override=row["content"] is not None,
-    )
-    return templates.TemplateResponse(request, "admin_setup_banner.html", ctx)
-
 
 @router.get("/tokens", response_class=HTMLResponse)
 async def my_tokens_page(
diff --git a/app/web/templates/admin_setup_banner.html b/app/web/templates/admin_setup_banner.html
deleted file mode 100644
index c96d351..0000000
--- a/app/web/templates/admin_setup_banner.html
+++ /dev/null
@@ -1,499 +0,0 @@
-{% extends "base.html" %}
-{% block title %}Setup Banner — {{ config.INSTANCE_NAME }}{% endblock %}
-
-{% block content %}
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.16/codemirror.min.css"
-      integrity="sha512-uf06llspW44/LZpHzHT6qBOIVODjWtv4MxCricRxkzvopAlSWnTf6hpZTFxuuZcuNE9CBQhqE0Seu1CoRk84nQ=="
-      crossorigin="anonymous">
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.16/theme/material-darker.min.css"
-      integrity="sha512-2OhXH4Il3n2tHKwLLSDPhrkgnLBC+6lHGGQzSFi3chgVB6DJ/v6+nbx+XYO9CugQyHVF/8D/0k3Hx1eaUK2K9g=="
-      crossorigin="anonymous">
-<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.16/codemirror.min.js"
-        integrity="sha512-OeZ4Yrb/W7d2W4rAMOO0HQ9Ro/aWLtpW9BUSR2UOWnSV2hprXLkkYnnCGc9NeLUxxE4ZG7zN16UuT1Elqq8Opg=="
-        crossorigin="anonymous"></script>
-<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.16/mode/jinja2/jinja2.min.js"
-        integrity="sha512-Z4le1RxwhD8lDCrspbBxjTLLP2HGC1+mKb9KHR2N/sEx8uOe2vre5XQo8YMPAz8FQTo43HjefjlDtjY4LtfaaQ=="
-        crossorigin="anonymous"></script>
-
-<style>
-  .container:has(.welcome-page) { max-width: none; padding: 24px 16px; }
-  .welcome-page { max-width: 1400px; margin: 0 auto; padding: 0; }
-
-  .welcome-toolbar {
-    display: flex; justify-content: space-between; align-items: center;
-    gap: 16px; margin-bottom: 16px; flex-wrap: wrap;
-  }
-  .welcome-title { margin: 0; font-size: 22px; font-weight: 600; }
-  .welcome-sub { color: var(--text-secondary, #6b7280); font-size: 13px; margin-top: 4px; margin-bottom: 0; }
-
-  .origin-chip {
-    display: inline-block;
-    padding: 3px 10px; border-radius: 999px;
-    font-size: 11px; font-weight: 600;
-    text-transform: uppercase; letter-spacing: 0.4px;
-  }
-  .origin-override { background: #ede9fe; color: #6d28d9; }
-  .origin-default  { background: #f3f4f6; color: #6b7280; }
-
-  .welcome-card {
-    background: var(--surface, #fff);
-    border: 1px solid var(--border, #e5e7eb);
-    border-radius: 12px;
-    margin-bottom: 16px;
-    overflow: hidden;
-  }
-  .welcome-card-body { padding: 20px 22px; }
-
-  .welcome-desc { font-size: 13px; color: var(--text-secondary, #6b7280); margin: 0 0 16px; }
-
-  /* Placeholder cheatsheet — collapsible */
-  details.welcome-cheatsheet { margin-bottom: 18px; }
-  details.welcome-cheatsheet summary {
-    cursor: pointer; font-size: 13px; font-weight: 500;
-    color: var(--text-primary, #111827); list-style: none;
-    display: inline-flex; align-items: center; gap: 6px;
-  }
-  details.welcome-cheatsheet summary::-webkit-details-marker { display: none; }
-  details.welcome-cheatsheet summary::before {
-    content: "▶"; font-size: 10px; color: var(--text-secondary, #6b7280);
-    transition: transform 0.15s;
-  }
-  details.welcome-cheatsheet[open] summary::before { transform: rotate(90deg); }
-
-  /* Dark code block */
-  .code-block {
-    background: #1e1e2e;
-    border-radius: 8px;
-    padding: 14px 16px;
-    display: flex;
-    align-items: flex-start;
-    gap: 12px;
-    font-family: var(--font-mono, ui-monospace, "SF Mono", Menlo, monospace);
-    font-size: 13px;
-    color: #cdd6f4;
-    line-height: 1.6;
-    margin-top: 10px;
-    position: relative;
-  }
-  .code-block .code-body { flex: 1; white-space: pre; overflow-x: auto; }
-  .btn-copy {
-    padding: 6px 14px;
-    background: transparent;
-    border: 1px solid #45475a;
-    color: #cdd6f4;
-    cursor: pointer;
-    border-radius: 6px;
-    font-size: 12px;
-    font-weight: 500;
-    font-family: inherit;
-    transition: all 0.15s ease;
-    flex-shrink: 0;
-  }
-  .btn-copy:hover { border-color: #89b4fa; color: #89b4fa; background: rgba(137, 180, 250, 0.08); }
-  .btn-copy.copied { border-color: #a6e3a1; color: #a6e3a1; background: rgba(166, 227, 161, 0.08); }
-
-  /* CodeMirror editor styling */
-  .welcome-page .CodeMirror {
-    border: 1px solid var(--border, #e5e7eb);
-    border-radius: 8px;
-    font-size: 13px;
-    font-family: var(--font-mono, ui-monospace, "SF Mono", Menlo, monospace);
-  }
-
-  /* Split layout: editor left, preview right */
-  .welcome-editor-row {
-    display: flex;
-    gap: 16px;
-    margin-top: 0;
-  }
-  .welcome-editor-col, .welcome-preview-col {
-    flex: 1 1 50%;
-    min-width: 0;
-  }
-  .welcome-editor-col {
-    min-height: 480px;
-  }
-  .welcome-preview-col {
-    border: 1px solid var(--border, #e5e7eb);
-    border-radius: 8px;
-    background: var(--surface, #fff);
-    color: var(--text-primary, #111827);
-    padding: 16px;
-    font-size: 14px;
-    line-height: 1.6;
-    overflow: auto;
-    max-height: 600px;
-  }
-  .welcome-preview-col h4 {
-    color: var(--text-secondary, #6b7280); margin: 0 0 8px; font-size: 12px;
-    text-transform: uppercase; letter-spacing: 0.5px;
-  }
-  .welcome-preview-empty {
-    color: var(--text-secondary, #6b7280);
-    font-style: italic;
-    font-size: 13px;
-  }
-  .welcome-preview-error {
-    background: rgba(234, 88, 12, 0.15);
-    color: #b91c1c;
-    border: 1px solid rgba(234, 88, 12, 0.4);
-    border-radius: 6px;
-    padding: 10px 12px;
-    font-size: 12px;
-    white-space: pre-wrap;
-  }
-  @media (max-width: 1100px) {
-    .welcome-editor-row { flex-direction: column; }
-  }
-
-  /* Action row */
-  .welcome-actions {
-    padding: 14px 22px;
-    background: var(--border-light, #fafafa);
-    border-top: 1px solid var(--border, #e5e7eb);
-    display: flex; gap: 8px; justify-content: flex-end;
-  }
-  .welcome-btn {
-    padding: 8px 16px; border-radius: 8px; font-size: 13px; font-weight: 500;
-    border: 1px solid var(--border, #e5e7eb); background: var(--surface, #fff);
-    cursor: pointer; transition: all 0.15s;
-  }
-  .welcome-btn:hover { background: var(--border-light, #f9fafb); }
-  .welcome-btn.primary { background: var(--primary, #6366f1); color: #fff; border-color: var(--primary, #6366f1); }
-  .welcome-btn.primary:hover { filter: brightness(1.05); }
-  .welcome-btn.danger { background: #dc2626; color: #fff; border-color: #dc2626; }
-  .welcome-btn.danger:hover { filter: brightness(1.05); }
-  .welcome-btn:disabled { opacity: 0.5; cursor: not-allowed; }
-
-  /* Modal */
-  .modal-backdrop {
-    position: fixed; inset: 0; background: rgba(15, 23, 42, 0.55);
-    display: none; align-items: center; justify-content: center; z-index: 1000;
-    padding: 16px;
-  }
-  .modal-backdrop.is-open { display: flex; }
-  .modal-card {
-    background: var(--surface, #fff); border-radius: 12px;
-    padding: 24px; width: 100%; max-width: 440px;
-    box-shadow: 0 20px 60px rgba(0, 0, 0, 0.25);
-  }
-  .modal-card h3 { margin: 0 0 6px; font-size: 17px; font-weight: 600; }
-  .modal-card p.sub { margin: 0 0 18px; font-size: 13px; color: var(--text-secondary, #6b7280); }
-  .modal-actions { display: flex; gap: 8px; justify-content: flex-end; margin-top: 20px; }
-  .modal-btn {
-    padding: 8px 16px; border-radius: 8px; font-size: 13px; font-weight: 500;
-    border: 1px solid var(--border, #e5e7eb); background: var(--surface, #fff);
-    cursor: pointer;
-  }
-  .modal-btn.danger { background: #dc2626; color: #fff; border-color: #dc2626; }
-
-  /* Toast stack */
-  .toast-stack {
-    position: fixed; bottom: 24px; right: 24px; z-index: 2000;
-    display: flex; flex-direction: column; gap: 8px; pointer-events: none;
-  }
-  .toast {
-    background: #111827; color: #fff; padding: 10px 16px;
-    border-radius: 8px; font-size: 13px; box-shadow: 0 10px 30px rgba(0, 0, 0, 0.25);
-    opacity: 0; transform: translateY(8px); transition: opacity 0.2s, transform 0.2s;
-    pointer-events: auto; max-width: 380px;
-  }
-  .toast.show { opacity: 1; transform: translateY(0); }
-  .toast.success { background: #047857; }
-  .toast.error { background: #b91c1c; }
-</style>
-
-<div class="welcome-page">
-  <div class="welcome-toolbar">
-    <div>
-      <h2 class="welcome-title">Setup Page Banner</h2>
-      <p class="welcome-sub">Shown above the bootstrap commands on <code>/setup</code>. Use it for org-specific notes: VPN requirements, support channel, data classification, platform prerequisites. Empty by default — no banner is shown when unset.</p>
-    </div>
-    <div id="status-chip">
-      {% if is_override %}
-        <span class="origin-chip origin-override"
-              title="Overridden by {{ updated_by }} on {{ updated_at.strftime('%Y-%m-%d %H:%M UTC') if updated_at else '—' }}">
-          Banner active
-        </span>
-      {% else %}
-        <span class="origin-chip origin-default">No banner</span>
-      {% endif %}
-    </div>
-  </div>
-
-  <div class="welcome-card">
-    <div class="welcome-card-body">
-      <p class="welcome-desc">
-        Author HTML or plain text with Jinja2 placeholders. The banner renders inside the <code>/setup</code> page —
-        HTML tags are allowed. Leave empty and click <strong>Remove banner</strong> to go back to no banner.
-        <code>{{ "{{ user }}" }}</code> may be <code>null</code> for anonymous visitors — guard with <code>{% if user %}</code>.
-      </p>
-
-      <details class="welcome-cheatsheet">
-        <summary>Available placeholders</summary>
-        <div class="code-block">
-          <span id="placeholder-text" class="code-body">{{ "{{ instance.name }}" }}        — instance display name
-{{ "{{ instance.subtitle }}" }}    — operator name
-{{ "{{ server.url }}" }}           — full server URL
-{{ "{{ server.hostname }}" }}      — host part only
-{{ "{{ user.email }}" }}, {{ "{{ user.name }}" }}, {{ "{{ user.is_admin }}" }}
-                         — null for anonymous visitors; guard with {% if user %}
-{{ "{{ now }}" }}, {{ "{{ today }}" }}</span>
-          <button class="btn-copy" data-copy-target="placeholder-text">Copy</button>
-        </div>
-      </details>
-
-      <div class="welcome-editor-row">
-        <div class="welcome-editor-col">
-          <textarea id="content" name="content">{{ current }}</textarea>
-        </div>
-        <div class="welcome-preview-col">
-          <h4>Live preview</h4>
-          <div id="preview-content"></div>
-          <div id="preview-error" class="welcome-preview-error" hidden></div>
-        </div>
-      </div>
-    </div>
-    <div class="welcome-actions">
-      <button type="button" class="welcome-btn danger" id="reset-btn">Remove banner</button>
-      <button type="button" class="welcome-btn primary" id="save-btn">Save banner</button>
-    </div>
-  </div>
-</div>
-
-<!-- Remove confirmation modal -->
-<div class="modal-backdrop" id="reset-modal" role="dialog" aria-modal="true" aria-labelledby="reset-modal-title">
-  <div class="modal-card">
-    <h3 id="reset-modal-title">Remove the banner?</h3>
-    <p class="sub"><code>/setup</code> will go back to showing no banner. This cannot be undone.</p>
-    <div class="modal-actions">
-      <button class="modal-btn" data-close-modal="reset-modal">Cancel</button>
-      <button class="modal-btn danger" id="reset-confirm-btn">Remove</button>
-    </div>
-  </div>
-</div>
-
-<div class="toast-stack" id="toast-stack" aria-live="polite"></div>
-
-<script>
-const API = "/api/admin/setup-banner";
-
-// ── CodeMirror editor (with graceful CDN fallback) ────────────────────
-const ta = document.getElementById("content");
-if (typeof CodeMirror === "undefined") {
-  // CDN unreachable or SRI mismatch — degrade to plain textarea + warn.
-  ta.style.display = "block";
-  ta.style.width = "100%";
-  ta.style.minHeight = "480px";
-  ta.style.fontFamily = "var(--font-mono)";
-  ta.style.fontSize = "13px";
-  ta.style.padding = "9px 12px";
-  ta.style.border = "1px solid var(--border)";
-  ta.style.borderRadius = "8px";
-  // Polyfill the `editor` interface so save/remove/preview still work.
-  window.editor = {
-    getValue: () => ta.value,
-    setValue: (v) => { ta.value = v; },
-    on: () => {},
-    setSize: () => {},
-  };
-  // toast is defined below; defer so the DOM is ready and toast stack exists.
-  setTimeout(() => toast("Code editor failed to load — using plain textarea. Check network/CSP.", "error"), 0);
-} else {
-  // Normal path
-  window.editor = CodeMirror.fromTextArea(ta, {
-    mode: "jinja2",
-    lineNumbers: true,
-    lineWrapping: true,
-    theme: "material-darker",
-    indentUnit: 2,
-    tabSize: 2,
-  });
-  editor.setSize("100%", "calc(100vh - 320px)");
-}
-
-// ── Live preview (debounced) ──────────────────────────────────────────
-let previewTimer = null;
-function schedulePreview() {
-  if (previewTimer) clearTimeout(previewTimer);
-  previewTimer = setTimeout(renderPreview, 500);
-}
-
-async function renderPreview() {
-  const content = editor.getValue();
-  const previewBox = document.getElementById("preview-content");
-  const previewErr = document.getElementById("preview-error");
-  if (!content.trim()) {
-    previewBox.innerHTML = '<span class="welcome-preview-empty">(no banner)</span>';
-    previewErr.hidden = true;
-    return;
-  }
-  try {
-    const r = await fetch(API + "/preview", {
-      method: "POST",
-      credentials: "include",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ content }),
-    });
-    if (r.ok) {
-      const j = await r.json();
-      previewBox.innerHTML = j.content;
-      previewErr.hidden = true;
-    } else {
-      let detail = r.statusText;
-      try { detail = (await r.json()).detail || detail; } catch (_) {}
-      previewBox.innerHTML = "";
-      previewErr.textContent = detail;
-      previewErr.hidden = false;
-    }
-  } catch (e) {
-    previewErr.textContent = "Network error: " + e.message;
-    previewErr.hidden = false;
-  }
-}
-
-editor.on("change", schedulePreview);
-renderPreview();   // initial render on load
-
-// ── Toast ─────────────────────────────────────────────────────────────
-function toast(msg, kind) {
-  const el = document.createElement("div");
-  el.className = "toast" + (kind ? " " + kind : "");
-  el.textContent = msg;
-  document.getElementById("toast-stack").appendChild(el);
-  requestAnimationFrame(() => el.classList.add("show"));
-  setTimeout(() => { el.classList.remove("show"); setTimeout(() => el.remove(), 250); }, 3500);
-}
-
-// ── Modal helpers ─────────────────────────────────────────────────────
-function openModal(id) { document.getElementById(id).classList.add("is-open"); }
-function closeModal(id) { document.getElementById(id).classList.remove("is-open"); }
-document.querySelectorAll("[data-close-modal]").forEach(el =>
-  el.addEventListener("click", () => closeModal(el.dataset.closeModal)));
-document.querySelectorAll(".modal-backdrop").forEach(el => {
-  el.addEventListener("click", e => { if (e.target === el) el.classList.remove("is-open"); });
-});
-document.addEventListener("keydown", e => {
-  if (e.key === "Escape") document.querySelectorAll(".modal-backdrop.is-open").forEach(m => m.classList.remove("is-open"));
-});
-
-// ── Status chip ───────────────────────────────────────────────────────
-function setStatusChip(data) {
-  const wrap = document.getElementById("status-chip");
-  if (data.content !== null && data.content !== undefined) {
-    const when = data.updated_at
-      ? new Date(data.updated_at).toISOString().slice(0, 16).replace("T", " ") + " UTC"
-      : "—";
-    const who = data.updated_by || "—";
-    wrap.innerHTML = `<span class="origin-chip origin-override" title="Overridden by ${who} on ${when}">Banner active</span>`;
-  } else {
-    wrap.innerHTML = `<span class="origin-chip origin-default">No banner</span>`;
-  }
-}
-
-// ── Refresh status + editor content from API ─────────────────────────
-async function refreshStatus() {
-  const r = await fetch(API, { credentials: "include" });
-  if (!r.ok) return;
-  const data = await r.json();
-  setStatusChip(data);
-  editor.setValue(data.content !== null && data.content !== undefined ? data.content : "");
-  renderPreview();
-}
-
-// ── Save ──────────────────────────────────────────────────────────────
-document.getElementById("save-btn").addEventListener("click", async () => {
-  const btn = document.getElementById("save-btn");
-  const content = editor.getValue();
-  if (!content.trim()) {
-    toast("Nothing to save — editor is empty. Use Remove banner to clear.", "error");
-    return;
-  }
-  btn.disabled = true;
-  try {
-    const r = await fetch(API, {
-      method: "PUT",
-      credentials: "include",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ content }),
-    });
-    if (r.ok) {
-      toast("Banner saved.", "success");
-      await refreshStatus();
-    } else {
-      let detail = r.statusText;
-      try { detail = (await r.json()).detail || detail; } catch (_) {}
-      toast("Save failed: " + detail, "error");
-    }
-  } catch (e) {
-    toast("Save failed: " + e.message, "error");
-  } finally {
-    btn.disabled = false;
-  }
-});
-
-// ── Remove (with confirm modal) ───────────────────────────────────────
-document.getElementById("reset-btn").addEventListener("click", () => openModal("reset-modal"));
-
-document.getElementById("reset-confirm-btn").addEventListener("click", async () => {
-  closeModal("reset-modal");
-  const btn = document.getElementById("reset-btn");
-  btn.disabled = true;
-  try {
-    const r = await fetch(API, { method: "DELETE", credentials: "include" });
-    if (r.ok) {
-      toast("Banner removed.", "success");
-      await refreshStatus();
-    } else {
-      let detail = r.statusText;
-      try { detail = (await r.json()).detail || detail; } catch (_) {}
-      toast("Remove failed: " + detail, "error");
-    }
-  } catch (e) {
-    toast("Remove failed: " + e.message, "error");
-  } finally {
-    btn.disabled = false;
-  }
-});
-
-// ── Copy widget ───────────────────────────────────────────────────────
-function copyToClipboard(text) {
-  if (navigator.clipboard && window.isSecureContext) {
-    return navigator.clipboard.writeText(text);
-  }
-  const ta = document.createElement("textarea");
-  ta.value = text;
-  ta.style.cssText = "position:fixed;left:-9999px;top:-9999px";
-  document.body.appendChild(ta);
-  ta.focus();
-  ta.select();
-  return new Promise((resolve, reject) => {
-    try { document.execCommand("copy") ? resolve() : reject(); }
-    finally { document.body.removeChild(ta); }
-  });
-}
-
-function flashCopied(button) {
-  const original = button.textContent;
-  button.textContent = "Copied!";
-  button.classList.add("copied");
-  setTimeout(() => { button.textContent = original; button.classList.remove("copied"); }, 1500);
-}
-
-document.querySelectorAll(".btn-copy[data-copy-target]").forEach(btn => {
-  btn.addEventListener("click", () => {
-    const target = document.getElementById(btn.getAttribute("data-copy-target"));
-    if (!target) return;
-    copyToClipboard(target.textContent.trim())
-      .then(() => flashCopied(btn))
-      .catch(() => {
-        const range = document.createRange();
-        range.selectNodeContents(target);
-        const sel = window.getSelection();
-        sel.removeAllRanges();
-        sel.addRange(range);
-      });
-  });
-});
-</script>
-{% endblock %}
diff --git a/app/web/templates/install.html b/app/web/templates/install.html
index bf018ca..39ffea6 100644
--- a/app/web/templates/install.html
+++ b/app/web/templates/install.html
@@ -258,21 +258,6 @@
             background: rgba(166, 227, 161, 0.08);
         }
 
-        /* ── Admin setup banner (shown when admin has set one) ── */
-        .setup-banner {
-            background: var(--surface, #fff);
-            border: 1px solid var(--border, #e5e7eb);
-            border-left: 3px solid var(--primary, #6366f1);
-            border-radius: var(--radius, 8px);
-            padding: 14px 18px;
-            margin-bottom: 20px;
-            font-size: 14px;
-            color: var(--text-primary, #111827);
-            line-height: 1.6;
-        }
-        .setup-banner > *:first-child { margin-top: 0; }
-        .setup-banner > *:last-child  { margin-bottom: 0; }
-
         /* ── Anon sign-in banner (shown only when logged out) ── */
         .auth-banner {
             background: var(--background);
@@ -663,10 +648,6 @@
 
     <main class="main">
 
-        {% if banner_html %}
-        <div class="setup-banner">{{ banner_html | safe }}</div>
-        {% endif %}
-
         <!-- ═══════════════ HERO ═══════════════ -->
         <section class="hero">
             <div class="hero-eyebrow">Getting started</div>
diff --git a/docs/setup-banner.md b/docs/setup-banner.md
deleted file mode 100644
index 4aa11f7..0000000
--- a/docs/setup-banner.md
+++ /dev/null
@@ -1,94 +0,0 @@
-# Setup page banner
-
-The setup banner is a block of HTML (or plain text) shown **above** the
-auto-generated bootstrap commands on the `/setup` page. Use it for
-org-specific operational notes that analysts need before they install the
-client: VPN requirements, support channel, data-classification policy,
-platform prerequisites, etc.
-
-The banner is empty by default — no content is shown until an admin sets one.
-
-## How to edit
-
-- **Admin UI:** `/admin/setup-banner` — split-pane editor with a placeholder
-  cheatsheet and a live HTML preview. Click **Save banner** to persist,
-  **Remove banner** to clear.
-- **REST API:**
-  - `GET /api/admin/setup-banner` — returns `{content, updated_at, updated_by}`.
-    `content` is `null` when no banner is set.
-  - `PUT /api/admin/setup-banner` with body `{"content": "..."}` — validates
-    Jinja2 syntax and stores the banner.
-  - `DELETE /api/admin/setup-banner` — clears the banner; `/setup` shows no
-    banner until one is set again.
-  - `POST /api/admin/setup-banner/preview` with body `{"content": "..."}` —
-    renders arbitrary content against the calling admin's context without
-    persisting. Backs the editor's live preview.
-
-The banner lives in `system.duckdb` (table `setup_banner`, singleton row id=1).
-
-## Available placeholders
-
-| Placeholder | Type | Notes |
-|---|---|---|
-| `instance.name` | string | `instance.name` in `instance.yaml` |
-| `instance.subtitle` | string | `instance.subtitle` in `instance.yaml` |
-| `server.url` | string | full origin of the Agnes server |
-| `server.hostname` | string | host part only (no port or path) |
-| `user.email` | string | logged-in user, or `null` for anonymous visitors |
-| `user.name` | string | logged-in user display name |
-| `user.is_admin` | bool | `true` when the visitor is in the Admin group |
-| `now` | datetime (UTC, tz-aware) | server time at render |
-| `today` | string (`YYYY-MM-DD`) | server date at render |
-
-> **`user` may be `null`** — `/setup` is partly public (anonymous visitors
-> get the install one-liner). Always guard user-specific placeholders:
->
-> ```jinja2
-> {% if user %}Welcome back, {{ user.name }}!{% endif %}
-> ```
-
-## Autoescape semantics
-
-The Jinja2 environment runs with `autoescape=True`, which means template
-**variable output** (`{{ ... }}`) is HTML-escaped automatically. Literal HTML
-in the template source is passed through unchanged — that is how the banner
-outputs `<p>` tags, `<strong>`, etc.
-
-To output a literal `<` or `&` from a variable, use the `| safe` filter only
-when you are certain the value is trusted:
-
-```jinja2
-{# Safe — admin-authored constant: #}
-{{ "<strong>VPN required</strong>" | safe }}
-
-{# Dangerous — never pipe user-controlled values through | safe: #}
-{{ user.name | safe }}   {# do NOT do this #}
-```
-
-## Security note
-
-Admin-authored banner content is rendered for **all `/setup` visitors**,
-including anonymous users. As a defense-in-depth measure, inline `<script>`
-tags, `<iframe>` blocks, `on*=` event handlers, and `javascript:`/`data:`
-URI schemes are stripped from the rendered output before it reaches the
-browser.
-
-This is **not a full sandbox** — a determined admin can still author arbitrary
-HTML with CSS tricks or external resource loads. The stripping is a safety net
-against accidental inclusion of dangerous markup (copy-paste from an untrusted
-source, etc.), not a substitute for trust in your admin users.
-
-For a stricter posture, add a `Content-Security-Policy` header that disallows
-inline scripts and restricts `connect-src`.
-
-## Difference from the welcome template
-
-| | Setup banner | Welcome template |
-|---|---|---|
-| Location | `/setup` page (partly public) | `CLAUDE.md` in analyst workspace |
-| Format | HTML (rendered in browser) | Markdown (consumed by Claude Code) |
-| Default | No banner | Ships a default at `config/claude_md_template.txt` |
-| Context | `instance`, `server`, `user` (nullable), `now`, `today` | All of the above plus `tables`, `metrics`, `marketplaces`, `sync_interval`, `data_source` |
-| RBAC filtering | None — same for all visitors | `marketplaces` filtered per user's group memberships |
-
-See `docs/welcome-template.md` for the welcome-template reference.
diff --git a/src/db.py b/src/db.py
index 0a521ed..d0b13fa 100644
--- a/src/db.py
+++ b/src/db.py
@@ -418,8 +418,8 @@ CREATE TABLE IF NOT EXISTS welcome_template (
     CONSTRAINT singleton CHECK (id = 1)
 );
 
--- v22: customizable banner shown above setup commands on /setup page.
--- Singleton row (id=1). NULL content means "no banner".
+-- v22: reserved (formerly setup_banner — feature dropped, table kept for
+-- forward compatibility with already-migrated instances).
 CREATE TABLE IF NOT EXISTS setup_banner (
     id INTEGER PRIMARY KEY DEFAULT 1,
     content TEXT,
diff --git a/src/repositories/setup_banner.py b/src/repositories/setup_banner.py
deleted file mode 100644
index 172830c..0000000
--- a/src/repositories/setup_banner.py
+++ /dev/null
@@ -1,53 +0,0 @@
-"""Repository for the per-instance setup-page banner override (singleton row)."""
-
-from datetime import datetime, timezone
-from typing import Any
-
-import duckdb
-
-
-class SetupBannerRepository:
-    def __init__(self, conn: duckdb.DuckDBPyConnection):
-        self.conn = conn
-
-    def get(self) -> dict[str, Any]:
-        """Return the singleton row. Always exists post-migration; content
-        is None when no banner is set."""
-        row = self.conn.execute(
-            "SELECT id, content, updated_at, updated_by FROM setup_banner WHERE id = 1"
-        ).fetchone()
-        if row is None:
-            # Defensive: re-seed if a previous admin manually deleted it.
-            self.conn.execute(
-                "INSERT INTO setup_banner (id, content) VALUES (1, NULL) "
-                "ON CONFLICT (id) DO NOTHING"
-            )
-            return {"id": 1, "content": None, "updated_at": None, "updated_by": None}
-        return {
-            "id": row[0],
-            "content": row[1],
-            "updated_at": row[2],
-            "updated_by": row[3],
-        }
-
-    def set(self, content: str, *, updated_by: str) -> None:
-        now = datetime.now(timezone.utc)
-        self.conn.execute(
-            """INSERT INTO setup_banner (id, content, updated_at, updated_by)
-               VALUES (1, ?, ?, ?)
-               ON CONFLICT (id) DO UPDATE SET
-                   content = excluded.content,
-                   updated_at = excluded.updated_at,
-                   updated_by = excluded.updated_by""",
-            [content, now, updated_by],
-        )
-
-    def reset(self, *, updated_by: str) -> None:
-        """Clear the banner; /setup will show no banner."""
-        now = datetime.now(timezone.utc)
-        self.conn.execute(
-            """UPDATE setup_banner
-               SET content = NULL, updated_at = ?, updated_by = ?
-               WHERE id = 1""",
-            [now, updated_by],
-        )
diff --git a/src/setup_banner.py b/src/setup_banner.py
deleted file mode 100644
index 82f0274..0000000
--- a/src/setup_banner.py
+++ /dev/null
@@ -1,119 +0,0 @@
-"""Render the admin-editable setup-page banner.
-
-Smaller surface than welcome_template — only instance/server/user context.
-Setup banner is for organization-specific operational notes (VPN, support,
-data classification), not for analyst-side content.
-"""
-
-from __future__ import annotations
-
-import logging
-import re
-from datetime import date, datetime, timezone
-from typing import Any, Optional
-from urllib.parse import urlparse
-
-import duckdb
-from jinja2 import Environment, StrictUndefined, TemplateError
-
-from app.instance_config import get_instance_name, get_instance_subtitle
-from src.repositories.setup_banner import SetupBannerRepository
-
-_logger = logging.getLogger(__name__)
-
-# Patterns used by _sanitize_banner_html.
-_RE_SCRIPT = re.compile(r"<\s*script[\s\S]*?(?:</\s*script\s*>|$)", re.IGNORECASE)
-_RE_IFRAME = re.compile(r"<\s*iframe[\s\S]*?(?:</\s*iframe\s*>|$)", re.IGNORECASE)
-_RE_ON_ATTR = re.compile(r'\s+on\w+\s*=\s*(?:"[^"]*"|\'[^\']*\'|[^\s>]*)', re.IGNORECASE)
-_RE_JS_URI = re.compile(
-    r'((?:href|src)\s*=\s*["\'])(?:javascript|data):[^"\']*(["\'])',
-    re.IGNORECASE,
-)
-
-
-def _sanitize_banner_html(html: str) -> str:
-    """Strip the most dangerous markup patterns from rendered banner HTML.
-
-    Threat model: admins are trusted to author banner content, but mistakes
-    happen (copy-paste from untrusted sources, accidental script inclusion).
-    This is defense-in-depth, NOT a full XSS defense — for that, render
-    markdown only or add a strict Content-Security-Policy. The whitelist of
-    bad patterns is intentionally narrow so legitimate admin HTML is not
-    mangled.
-
-    What is stripped:
-    - ``<script>...</script>`` blocks (case-insensitive, including unclosed).
-    - ``<iframe>...</iframe>`` blocks.
-    - ``on*=`` event-handler attributes (e.g. onclick, onload, onerror).
-    - ``javascript:`` and ``data:`` URI schemes in href/src attributes.
-    """
-    html = _RE_SCRIPT.sub("", html)
-    html = _RE_IFRAME.sub("", html)
-    html = _RE_ON_ATTR.sub("", html)
-    html = _RE_JS_URI.sub(lambda m: m.group(1) + "#" + m.group(2), html)
-    return html
-
-
-def build_setup_banner_context(
-    *,
-    user: Optional[dict],
-    server_url: str,
-) -> dict[str, Any]:
-    """Compose the Jinja2 render context for the setup banner.
-
-    ``user`` may be None on the anonymous path of /setup (the page is partly
-    public — anonymous visitors get the curl-install one-liner). Templates
-    must guard for that with ``{% if user %}``.
-    """
-    parsed = urlparse(server_url)
-    return {
-        "instance": {
-            "name": get_instance_name(),
-            "subtitle": get_instance_subtitle(),
-        },
-        "server": {
-            "url": server_url,
-            "hostname": parsed.hostname or "",
-        },
-        "user": (
-            {
-                "id": user.get("id", ""),
-                "email": user.get("email", ""),
-                "name": user.get("name") or "",
-                "is_admin": bool(user.get("is_admin")),
-            }
-            if user
-            else None
-        ),
-        "now": datetime.now(timezone.utc),
-        "today": date.today().isoformat(),
-    }
-
-
-def render_setup_banner(
-    conn: duckdb.DuckDBPyConnection,
-    *,
-    user: Optional[dict],
-    server_url: str,
-) -> str:
-    """Render the banner. Returns "" when no override is set or render fails.
-
-    Render failures are swallowed (logged) — a broken admin banner must NOT
-    break /setup for analysts. The /admin/setup-banner editor catches Jinja
-    errors at PUT time anyway, so this is defense-in-depth.
-    """
-    row = SetupBannerRepository(conn).get()
-    source = row.get("content")
-    if not source:
-        return ""
-    env = Environment(undefined=StrictUndefined, autoescape=True)
-    try:
-        template = env.from_string(source)
-        rendered = template.render(**build_setup_banner_context(user=user, server_url=server_url))
-        return _sanitize_banner_html(rendered)
-    except TemplateError:
-        _logger.warning(
-            "setup_banner render failed; returning empty banner. "
-            "Admin can fix at /admin/setup-banner."
-        )
-        return ""
diff --git a/tests/test_setup_banner_api.py b/tests/test_setup_banner_api.py
deleted file mode 100644
index 9c71571..0000000
--- a/tests/test_setup_banner_api.py
+++ /dev/null
@@ -1,139 +0,0 @@
-"""End-to-end tests for /api/admin/setup-banner endpoints."""
-
-import duckdb
-
-from src.db import _ensure_schema
-from src.setup_banner import build_setup_banner_context
-
-
-def _auth(token: str) -> dict[str, str]:
-    return {"Authorization": f"Bearer {token}"}
-
-
-def test_admin_can_set_and_clear_banner(seeded_app):
-    c = seeded_app["client"]
-    admin = _auth(seeded_app["admin_token"])
-
-    # GET initial state
-    r = c.get("/api/admin/setup-banner", headers=admin)
-    assert r.status_code == 200
-    body = r.json()
-    assert body["content"] is None
-
-    # PUT banner
-    r = c.put(
-        "/api/admin/setup-banner",
-        json={"content": "<p>VPN required before install.</p>"},
-        headers=admin,
-    )
-    assert r.status_code == 200
-
-    # GET shows new content
-    r = c.get("/api/admin/setup-banner", headers=admin)
-    assert r.json()["content"] == "<p>VPN required before install.</p>"
-    assert r.json()["updated_by"] is not None
-
-    # DELETE = clear
-    r = c.delete("/api/admin/setup-banner", headers=admin)
-    assert r.status_code == 204
-
-    r = c.get("/api/admin/setup-banner", headers=admin)
-    assert r.json()["content"] is None
-
-
-def test_non_admin_cannot_edit_banner(seeded_app):
-    c = seeded_app["client"]
-    analyst = _auth(seeded_app["analyst_token"])
-    r = c.put("/api/admin/setup-banner", json={"content": "<p>x</p>"}, headers=analyst)
-    assert r.status_code == 403
-
-
-def test_put_rejects_invalid_jinja2(seeded_app):
-    c = seeded_app["client"]
-    admin = _auth(seeded_app["admin_token"])
-    r = c.put(
-        "/api/admin/setup-banner",
-        json={"content": "{% for x in y %}"},  # unclosed loop
-        headers=admin,
-    )
-    assert r.status_code == 400
-    assert "invalid" in r.json()["detail"].lower()
-
-
-def test_put_rejects_undefined_placeholder(seeded_app):
-    """Templates that reference unknown placeholders must be rejected at PUT
-    time so the admin sees the error immediately."""
-    c = seeded_app["client"]
-    admin = _auth(seeded_app["admin_token"])
-    r = c.put(
-        "/api/admin/setup-banner",
-        json={"content": "Hello {{ user.emial }}"},  # typo
-        headers=admin,
-    )
-    assert r.status_code == 400
-    assert "emial" in r.json()["detail"] or "undefined" in r.json()["detail"].lower()
-
-
-def test_preview_renders_arbitrary_content(seeded_app):
-    c = seeded_app["client"]
-    admin = _auth(seeded_app["admin_token"])
-    r = c.post(
-        "/api/admin/setup-banner/preview",
-        json={"content": "<b>Hello {{ user.email }}</b>"},
-        headers=admin,
-    )
-    assert r.status_code == 200
-    # autoescape=True: rendered content must contain the escaped or literal email
-    assert "admin@test.com" in r.json()["content"]
-
-
-def test_preview_requires_admin(seeded_app):
-    c = seeded_app["client"]
-    analyst = _auth(seeded_app["analyst_token"])
-    r = c.post(
-        "/api/admin/setup-banner/preview",
-        json={"content": "<p>x</p>"},
-        headers=analyst,
-    )
-    assert r.status_code == 403
-
-
-def test_preview_rejects_invalid_template(seeded_app):
-    c = seeded_app["client"]
-    admin = _auth(seeded_app["admin_token"])
-    r = c.post(
-        "/api/admin/setup-banner/preview",
-        json={"content": "{% for x in y %}"},
-        headers=admin,
-    )
-    assert r.status_code == 400
-
-
-def test_validation_stub_matches_build_context_shape(seeded_app, tmp_path, monkeypatch):
-    """If build_setup_banner_context grows new keys, _VALIDATION_STUB_CONTEXT
-    must too — otherwise admins can save templates referencing keys the PUT
-    validator accepts but the live render rejects."""
-    from app.api.setup_banner import _VALIDATION_STUB_CONTEXT
-
-    monkeypatch.setenv("DATA_DIR", str(tmp_path))
-    db_path = tmp_path / "system.duckdb"
-    conn = duckdb.connect(str(db_path))
-    _ensure_schema(conn)
-    conn.close()
-
-    user = {"id": "u1", "email": "admin@test.com", "name": "Admin", "is_admin": True}
-    real_ctx = build_setup_banner_context(user=user, server_url="https://example.com")
-
-    # Top-level keys must match (stub has user=dict, real has user=dict when logged in)
-    assert set(_VALIDATION_STUB_CONTEXT.keys()) == set(real_ctx.keys()), (
-        f"_VALIDATION_STUB_CONTEXT top-level keys differ from build_setup_banner_context output. "
-        f"Stub has: {set(_VALIDATION_STUB_CONTEXT.keys())}, "
-        f"real has: {set(real_ctx.keys())}"
-    )
-
-    # One level deep for nested dicts
-    for key in ("instance", "server", "user"):
-        if isinstance(real_ctx.get(key), dict):
-            assert set(_VALIDATION_STUB_CONTEXT[key].keys()) == set(real_ctx[key].keys()), (
-                f"_VALIDATION_STUB_CONTEXT[{key!r}] drifted from build_setup_banner_context output"
-            )
diff --git a/tests/test_setup_banner_migration.py b/tests/test_setup_banner_migration.py
deleted file mode 100644
index 8b8b3d0..0000000
--- a/tests/test_setup_banner_migration.py
+++ /dev/null
@@ -1,54 +0,0 @@
-"""v21 → v22 migration: adds setup_banner singleton table."""
-
-from pathlib import Path
-
-import duckdb
-
-from src.db import SCHEMA_VERSION, _ensure_schema, get_schema_version
-
-
-def _open(path: Path) -> duckdb.DuckDBPyConnection:
-    return duckdb.connect(str(path))
-
-
-def test_v22_creates_setup_banner_table(tmp_path):
-    db_path = tmp_path / "system.duckdb"
-    conn = _open(db_path)
-    # Pretend we're on v21: run schema then roll version back.
-    _ensure_schema(conn)
-    conn.execute("UPDATE schema_version SET version = 21")
-    conn.execute("DROP TABLE IF EXISTS setup_banner")
-    conn.close()
-
-    # Re-open: migration ladder runs.
-    conn = _open(db_path)
-    _ensure_schema(conn)
-    assert get_schema_version(conn) == SCHEMA_VERSION
-    # Singleton row must exist with NULL content (= no banner).
-    rows = conn.execute(
-        "SELECT id, content, updated_at, updated_by FROM setup_banner"
-    ).fetchall()
-    assert len(rows) == 1
-    assert rows[0][0] == 1  # singleton id
-    assert rows[0][1] is None  # NULL = no banner
-
-
-def test_fresh_install_seeds_setup_banner(tmp_path):
-    db_path = tmp_path / "system.duckdb"
-    conn = _open(db_path)
-    _ensure_schema(conn)
-    assert get_schema_version(conn) == SCHEMA_VERSION
-    rows = conn.execute("SELECT id, content FROM setup_banner").fetchall()
-    assert len(rows) == 1
-    assert rows[0][0] == 1
-    assert rows[0][1] is None
-
-
-def test_welcome_template_unaffected_by_v22(tmp_path):
-    """welcome_template table must still coexist after v22 migration."""
-    db_path = tmp_path / "system.duckdb"
-    conn = _open(db_path)
-    _ensure_schema(conn)
-    rows = conn.execute("SELECT id, content FROM welcome_template").fetchall()
-    assert len(rows) == 1
-    assert rows[0][0] == 1
diff --git a/tests/test_setup_banner_render.py b/tests/test_setup_banner_render.py
deleted file mode 100644
index e1dc571..0000000
--- a/tests/test_setup_banner_render.py
+++ /dev/null
@@ -1,121 +0,0 @@
-"""Unit tests for the setup-banner renderer module."""
-
-import duckdb
-import pytest
-
-from src.db import _ensure_schema
-from src.repositories.setup_banner import SetupBannerRepository
-from src.setup_banner import _sanitize_banner_html, build_setup_banner_context, render_setup_banner
-
-
-@pytest.fixture
-def conn(tmp_path, monkeypatch):
-    monkeypatch.setenv("DATA_DIR", str(tmp_path))
-    db_path = tmp_path / "system.duckdb"
-    c = duckdb.connect(str(db_path))
-    _ensure_schema(c)
-    yield c
-    c.close()
-
-
-def _user(email="alice@example.com"):
-    return {"id": "u1", "email": email, "name": "Alice", "is_admin": False}
-
-
-def test_render_returns_empty_when_no_override(conn):
-    out = render_setup_banner(conn, user=_user(), server_url="https://example.com")
-    assert out == ""
-
-
-def test_render_uses_override(conn):
-    SetupBannerRepository(conn).set(
-        "<p>VPN: {{ server.hostname }}</p>", updated_by="admin@example.com"
-    )
-    out = render_setup_banner(conn, user=_user(), server_url="https://example.com")
-    # autoescape=True — rendered as HTML
-    assert "example.com" in out
-    assert "<p>" in out
-
-
-def test_render_returns_empty_on_invalid_template_does_not_raise(conn):
-    """A broken admin banner must not raise; it must return "" (defense-in-depth)."""
-    SetupBannerRepository(conn).set(
-        "{{ does_not_exist }}", updated_by="admin@example.com"
-    )
-    out = render_setup_banner(conn, user=_user(), server_url="https://example.com")
-    assert out == ""  # swallowed, not raised
-
-
-def test_render_with_anonymous_user(conn):
-    SetupBannerRepository(conn).set(
-        "{% if user %}{{ user.email }}{% else %}anonymous{% endif %}",
-        updated_by="admin@example.com",
-    )
-    out = render_setup_banner(conn, user=None, server_url="https://example.com")
-    assert "anonymous" in out
-
-
-def test_context_exposes_documented_keys(conn):
-    ctx = build_setup_banner_context(user=_user(), server_url="https://example.com")
-    for top in ("instance", "server", "user", "now", "today"):
-        assert top in ctx, f"missing top-level key: {top}"
-    assert ctx["server"]["hostname"] == "example.com"
-    assert ctx["user"]["email"] == "alice@example.com"
-
-
-def test_context_with_anonymous_user_returns_none(conn):
-    ctx = build_setup_banner_context(user=None, server_url="https://example.com")
-    assert ctx["user"] is None
-
-
-def test_autoescape_escapes_html_entities(conn):
-    """autoescape=True must escape < > & in template variable output."""
-    SetupBannerRepository(conn).set(
-        "{{ server.hostname }}", updated_by="admin@example.com"
-    )
-    out = render_setup_banner(
-        conn, user=_user(), server_url="https://example.com/<test>"
-    )
-    # hostname won't contain < > but the render must succeed without injection
-    assert out != ""
-
-
-# ── Sanitizer unit tests ─────────────────────────────────────────────────────
-
-def test_render_strips_script_tags(conn):
-    """render_setup_banner must remove <script> blocks from the output."""
-    SetupBannerRepository(conn).set(
-        '<p>Hello</p><script>alert(1)</script>',
-        updated_by="admin@example.com",
-    )
-    out = render_setup_banner(conn, user=_user(), server_url="https://example.com")
-    assert "<script>" not in out
-    assert "alert" not in out
-    # Safe content preserved
-    assert "Hello" in out
-
-
-def test_render_strips_event_handlers(conn):
-    """render_setup_banner must strip on* event-handler attributes."""
-    SetupBannerRepository(conn).set(
-        '<button onclick="evil()">Click me</button>',
-        updated_by="admin@example.com",
-    )
-    out = render_setup_banner(conn, user=_user(), server_url="https://example.com")
-    assert "onclick" not in out
-    assert "evil" not in out
-    # Button text preserved
-    assert "Click me" in out
-
-
-def test_render_strips_javascript_uri(conn):
-    """render_setup_banner must strip javascript: URI schemes from href/src."""
-    SetupBannerRepository(conn).set(
-        '<a href="javascript:evil()">link</a>',
-        updated_by="admin@example.com",
-    )
-    out = render_setup_banner(conn, user=_user(), server_url="https://example.com")
-    assert "javascript:" not in out
-    assert "evil" not in out
-    # Link text preserved
-    assert "link" in out
diff --git a/tests/test_setup_banner_repo.py b/tests/test_setup_banner_repo.py
deleted file mode 100644
index fb421f6..0000000
--- a/tests/test_setup_banner_repo.py
+++ /dev/null
@@ -1,49 +0,0 @@
-"""Unit tests for SetupBannerRepository."""
-
-import duckdb
-import pytest
-
-from src.db import _ensure_schema
-from src.repositories.setup_banner import SetupBannerRepository
-
-
-@pytest.fixture
-def conn(tmp_path):
-    db_path = tmp_path / "system.duckdb"
-    c = duckdb.connect(str(db_path))
-    _ensure_schema(c)
-    yield c
-    c.close()
-
-
-def test_get_returns_none_on_fresh_install(conn):
-    repo = SetupBannerRepository(conn)
-    row = repo.get()
-    assert row is not None
-    assert row["content"] is None  # no banner by default
-
-
-def test_set_stores_content(conn):
-    repo = SetupBannerRepository(conn)
-    repo.set("<p>VPN required</p>", updated_by="admin@example.com")
-    row = repo.get()
-    assert row["content"] == "<p>VPN required</p>"
-    assert row["updated_by"] == "admin@example.com"
-    assert row["updated_at"] is not None
-
-
-def test_reset_clears_content(conn):
-    repo = SetupBannerRepository(conn)
-    repo.set("<p>Note</p>", updated_by="admin@example.com")
-    repo.reset(updated_by="admin@example.com")
-    row = repo.get()
-    assert row["content"] is None
-
-
-def test_set_overwrites_existing(conn):
-    repo = SetupBannerRepository(conn)
-    repo.set("first", updated_by="a@example.com")
-    repo.set("second", updated_by="b@example.com")
-    row = repo.get()
-    assert row["content"] == "second"
-    assert row["updated_by"] == "b@example.com"