diff --git a/audit/internal/webui/server.go b/audit/internal/webui/server.go
index 2425021..163874a 100644
--- a/audit/internal/webui/server.go
+++ b/audit/internal/webui/server.go
@@ -104,19 +104,13 @@ func NewHandler(opts HandlerOptions) http.Handler {
 		}
 		http.ServeFile(w, r, filepath.Join(exportDir, clean))
 	})
-	mux.HandleFunc("GET /", func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc("GET /viewer", func(w http.ResponseWriter, r *http.Request) {
 		snapshot, err := loadSnapshot(auditPath)
 		if err != nil && !errors.Is(err, os.ErrNotExist) {
 			http.Error(w, fmt.Sprintf("read audit snapshot: %v", err), http.StatusInternalServerError)
 			return
 		}
-		noticeTitle, noticeBody := runtimeNotice(filepath.Join(exportDir, "runtime-health.json"))
-		html, err := viewer.RenderHTMLWithOptions(snapshot, title, viewer.RenderOptions{
-			DownloadArchiveURL:   "/export/support.tar.gz",
-			DownloadArchiveLabel: "Download support bundle",
-			NoticeTitle:          noticeTitle,
-			NoticeBody:           noticeBody,
-		})
+		html, err := viewer.RenderHTML(snapshot, title)
 		if err != nil {
 			http.Error(w, fmt.Sprintf("render snapshot: %v", err), http.StatusInternalServerError)
 			return
@@ -125,6 +119,13 @@ func NewHandler(opts HandlerOptions) http.Handler {
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		_, _ = w.Write(html)
 	})
+	mux.HandleFunc("GET /", func(w http.ResponseWriter, r *http.Request) {
+		noticeTitle, noticeBody := runtimeNotice(filepath.Join(exportDir, "runtime-health.json"))
+		body := renderShellPage(title, noticeTitle, noticeBody)
+		w.Header().Set("Cache-Control", "no-store")
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		_, _ = w.Write([]byte(body))
+	})
 	return mux
 }
 
@@ -195,6 +196,41 @@ func renderExportIndex(exportDir string) (string, error) {
 	return body.String(), nil
 }
 
+func renderShellPage(title, noticeTitle, noticeBody string) string {
+	var body strings.Builder
+	body.WriteString("<!DOCTYPE html><html><head><meta charset=\"utf-8\"><meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">")
+	body.WriteString("<title>" + html.EscapeString(title) + "</title>")
+	body.WriteString(`<style>
+body{margin:0;font-family:system-ui,-apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif;background:#f4f1ea;color:#1b1b18}
+.shell{min-height:100vh;display:grid;grid-template-rows:auto auto 1fr}
+.header{padding:18px 20px 12px;border-bottom:1px solid rgba(0,0,0,.08);background:#fbf8f2}
+.header h1{margin:0;font-size:24px}
+.header p{margin:6px 0 0;color:#5a5a52}
+.actions{display:flex;flex-wrap:wrap;gap:10px;padding:12px 20px;background:#fbf8f2}
+.actions a{display:inline-block;text-decoration:none;padding:10px 14px;border-radius:999px;background:#1f5f4a;color:#fff;font-weight:600}
+.actions a.secondary{background:#d8e5dd;color:#17372b}
+.notice{margin:16px 20px 0;padding:14px 16px;border-radius:14px;background:#fff7df;border:1px solid #ead9a4}
+.notice h2{margin:0 0 6px;font-size:16px}
+.notice p{margin:0;color:#4f4a37}
+.viewer-wrap{padding:16px 20px 20px}
+.viewer{width:100%;height:calc(100vh - 170px);border:0;border-radius:18px;background:#fff;box-shadow:0 12px 40px rgba(0,0,0,.08)}
+@media (max-width:720px){.viewer{height:calc(100vh - 240px)}}
+</style></head><body><div class="shell">`)
+	body.WriteString("<header class=\"header\"><h1>" + html.EscapeString(title) + "</h1><p>Audit viewer with support bundle and raw export access.</p></header>")
+	body.WriteString("<nav class=\"actions\">")
+	body.WriteString("<a href=\"/export/support.tar.gz\">Download support bundle</a>")
+	body.WriteString("<a class=\"secondary\" href=\"/audit.json\">Open audit.json</a>")
+	body.WriteString("<a class=\"secondary\" href=\"/runtime-health.json\">Open runtime-health.json</a>")
+	body.WriteString("<a class=\"secondary\" href=\"/export/\">Browse export files</a>")
+	body.WriteString("</nav>")
+	if strings.TrimSpace(noticeTitle) != "" {
+		body.WriteString("<section class=\"notice\"><h2>" + html.EscapeString(noticeTitle) + "</h2><p>" + html.EscapeString(noticeBody) + "</p></section>")
+	}
+	body.WriteString("<main class=\"viewer-wrap\"><iframe class=\"viewer\" src=\"/viewer\" loading=\"eager\" referrerpolicy=\"same-origin\"></iframe></main>")
+	body.WriteString("</div></body></html>")
+	return body.String()
+}
+
 func firstNonEmpty(value, fallback string) string {
 	value = strings.TrimSpace(value)
 	if value == "" {
diff --git a/audit/internal/webui/server_test.go b/audit/internal/webui/server_test.go
index 61d2cc0..5f17b3b 100644
--- a/audit/internal/webui/server_test.go
+++ b/audit/internal/webui/server_test.go
@@ -9,7 +9,7 @@ import (
 	"testing"
 )
 
-func TestRootRendersLatestSnapshot(t *testing.T) {
+func TestRootRendersShellWithIframe(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "audit.json")
 	exportDir := filepath.Join(dir, "export")
@@ -31,8 +31,8 @@ func TestRootRendersLatestSnapshot(t *testing.T) {
 	if first.Code != http.StatusOK {
 		t.Fatalf("first status=%d", first.Code)
 	}
-	if !strings.Contains(first.Body.String(), "SERIAL-OLD") {
-		t.Fatalf("first body missing old serial: %s", first.Body.String())
+	if !strings.Contains(first.Body.String(), `iframe`) || !strings.Contains(first.Body.String(), `src="/viewer"`) {
+		t.Fatalf("first body missing iframe viewer: %s", first.Body.String())
 	}
 	if !strings.Contains(first.Body.String(), "/export/support.tar.gz") {
 		t.Fatalf("first body missing support bundle link: %s", first.Body.String())
@@ -50,11 +50,42 @@ func TestRootRendersLatestSnapshot(t *testing.T) {
 	if second.Code != http.StatusOK {
 		t.Fatalf("second status=%d", second.Code)
 	}
+	if !strings.Contains(second.Body.String(), `src="/viewer"`) {
+		t.Fatalf("second body missing iframe viewer: %s", second.Body.String())
+	}
+}
+
+func TestViewerRendersLatestSnapshot(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "audit.json")
+	if err := os.WriteFile(path, []byte(`{"collected_at":"2026-03-15T00:00:00Z","hardware":{"board":{"serial_number":"SERIAL-OLD"}}}`), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	handler := NewHandler(HandlerOptions{AuditPath: path})
+	first := httptest.NewRecorder()
+	handler.ServeHTTP(first, httptest.NewRequest(http.MethodGet, "/viewer", nil))
+	if first.Code != http.StatusOK {
+		t.Fatalf("first status=%d", first.Code)
+	}
+	if !strings.Contains(first.Body.String(), "SERIAL-OLD") {
+		t.Fatalf("viewer body missing old serial: %s", first.Body.String())
+	}
+
+	if err := os.WriteFile(path, []byte(`{"collected_at":"2026-03-15T00:05:00Z","hardware":{"board":{"serial_number":"SERIAL-NEW"}}}`), 0644); err != nil {
+		t.Fatal(err)
+	}
+
+	second := httptest.NewRecorder()
+	handler.ServeHTTP(second, httptest.NewRequest(http.MethodGet, "/viewer", nil))
+	if second.Code != http.StatusOK {
+		t.Fatalf("second status=%d", second.Code)
+	}
 	if !strings.Contains(second.Body.String(), "SERIAL-NEW") {
-		t.Fatalf("second body missing new serial: %s", second.Body.String())
+		t.Fatalf("viewer body missing new serial: %s", second.Body.String())
 	}
 	if strings.Contains(second.Body.String(), "SERIAL-OLD") {
-		t.Fatalf("second body still contains old serial: %s", second.Body.String())
+		t.Fatalf("viewer body still contains old serial: %s", second.Body.String())
 	}
 }