diff --git a/internal/admin/sqs_handler.go b/internal/admin/sqs_handler.go
index 1c090d87..11ecf2c6 100644
--- a/internal/admin/sqs_handler.go
+++ b/internal/admin/sqs_handler.go
@@ -40,16 +40,9 @@ type QueueSummary struct {
 	CreatedAt  *time.Time        `json:"created_at,omitempty"`
 	Attributes map[string]string `json:"attributes,omitempty"`
 	Counters   QueueCounters     `json:"counters"`
-	// IsDLQ is true when at least one other queue's RedrivePolicy
-	// resolves its deadLetterTargetArn to this queue. The SPA uses
-	// the flag to switch the Messages-tab framing and the Purge
-	// button label between "Purge messages" and "Purge DLQ".
+	// True when another queue's RedrivePolicy points at this one.
 	IsDLQ bool `json:"is_dlq"`
-	// DLQSources lists the names of queues whose RedrivePolicy
-	// points at this queue, sorted lexicographically. Empty when
-	// IsDLQ is false; the SPA renders these as chips on the queue
-	// detail page so the operator confirms what feeds the DLQ
-	// before purging.
+	// Source queue names that point at this DLQ, sorted lex.
 	DLQSources []string `json:"dlq_sources,omitempty"`
 }
 
@@ -698,10 +691,9 @@ func writeQueuesError(w http.ResponseWriter, err error, logger *slog.Logger, r *
 	}
 }
 
-// writePurgeInProgress emits the 429 response shape the design doc
-// §3.4 specifies: Retry-After header (rounded up to whole seconds so
-// a client retrying exactly at the deadline is guaranteed to clear)
-// + JSON body { code, message, retry_after_seconds }.
+// writePurgeInProgress emits the 429 wire shape (Retry-After header
+// + JSON body { error, message, retry_after_seconds }). Whole-second
+// rounding-up so a deadline-exact retry is guaranteed to clear.
 func writePurgeInProgress(w http.ResponseWriter, err *PurgeInProgressError) {
 	secs := int64(err.RetryAfter / time.Second)
 	if err.RetryAfter%time.Second != 0 {
@@ -712,10 +704,11 @@ func writePurgeInProgress(w http.ResponseWriter, err *PurgeInProgressError) {
 	}
 	w.Header().Set("Retry-After", strconv.FormatInt(secs, 10))
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.Header().Set("X-Content-Type-Options", "nosniff")
 	w.Header().Set("Cache-Control", "no-store")
 	w.WriteHeader(http.StatusTooManyRequests)
 	_ = json.NewEncoder(w).Encode(map[string]any{
-		"code":                "PurgeQueueInProgress",
+		"error":               "PurgeQueueInProgress",
 		"message":             "only one PurgeQueue operation on each queue is allowed every 60 seconds",
 		"retry_after_seconds": secs,
 	})
diff --git a/internal/admin/sqs_handler_test.go b/internal/admin/sqs_handler_test.go
index f39fd01a..2309c8ad 100644
--- a/internal/admin/sqs_handler_test.go
+++ b/internal/admin/sqs_handler_test.go
@@ -347,7 +347,10 @@ func TestSqsHandler_PurgeQueue_RateLimited429(t *testing.T) {
 	require.Equal(t, "43", rec.Header().Get("Retry-After"))
 	var body map[string]any
 	require.NoError(t, json.Unmarshal(rec.Body.Bytes(), &body))
-	require.Equal(t, "PurgeQueueInProgress", body["code"])
+	// The "error" key (not "code") matches writeJSONError's envelope
+	// so apiFetch.ts can extract the AWS-style sentinel consistently
+	// with every other 4xx error.
+	require.Equal(t, "PurgeQueueInProgress", body["error"])
 	require.EqualValues(t, 43, body["retry_after_seconds"])
 }
 
diff --git a/web/admin/src/api/client.ts b/web/admin/src/api/client.ts
index ad8a318a..4c248437 100644
--- a/web/admin/src/api/client.ts
+++ b/web/admin/src/api/client.ts
@@ -210,12 +210,48 @@ export interface SqsQueueSummary {
   created_at?: string;
   attributes?: Record<string, string>;
   counters: SqsQueueCounters;
+  // True when another queue's RedrivePolicy points at this one.
+  is_dlq: boolean;
+  // Source queue names that point at this DLQ, sorted lex.
+  dlq_sources?: string[];
 }
 
 export interface SqsQueueList {
   queues: string[];
 }
 
+// SqsPeekedAttribute mirrors AWS's typed MessageAttribute shape;
+// binary_value arrives base64-encoded.
+export interface SqsPeekedAttribute {
+  data_type: string;
+  string_value?: string;
+  binary_value?: string;
+}
+
+export interface SqsPeekedMessage {
+  message_id: string;
+  body: string;
+  body_truncated: boolean;
+  body_original_size: number;
+  sent_timestamp: string;
+  receive_count: number;
+  group_id?: string;
+  deduplication_id?: string;
+  attributes?: Record<string, SqsPeekedAttribute>;
+}
+
+export interface SqsPeekResult {
+  messages: SqsPeekedMessage[];
+  // Omitted when the walk has fully completed for this MVCC snapshot.
+  next_cursor?: string;
+}
+
+export interface SqsPeekOptions {
+  limit?: number;
+  cursor?: string;
+  body_max_bytes?: number;
+}
+
 // KeyViz wire shapes mirror internal/admin/keyviz_handler.go
 // (KeyVizMatrix / KeyVizRow). Go []byte fields arrive as
 // base64-encoded strings via encoding/json — keep them as `string` on
@@ -311,6 +347,21 @@ export const api = {
     apiFetch<SqsQueueSummary>(`/sqs/queues/${encodeURIComponent(name)}`, { signal }),
   deleteQueue: (name: string) =>
     apiFetch<void>(`/sqs/queues/${encodeURIComponent(name)}`, { method: "DELETE" }),
+  // Non-destructive peek of currently-visible messages. Server clamps
+  // limit to [1, 100] and body_max_bytes to [256, 262144].
+  peekQueue: (name: string, opts?: SqsPeekOptions, signal?: AbortSignal) =>
+    apiFetch<SqsPeekResult>(`/sqs/queues/${encodeURIComponent(name)}/messages`, {
+      query: {
+        limit: opts?.limit,
+        cursor: opts?.cursor,
+        body_max_bytes: opts?.body_max_bytes,
+      },
+      signal,
+    }),
+  // Drains the queue's messages while leaving meta/ARN/RedrivePolicy intact.
+  // 60-second rate limit per queue: second purge inside the window → 429.
+  purgeQueue: (name: string) =>
+    apiFetch<void>(`/sqs/queues/${encodeURIComponent(name)}/messages`, { method: "DELETE" }),
   keyVizMatrix: (params: KeyVizParams, signal?: AbortSignal) =>
     apiFetch<KeyVizMatrix>("/keyviz/matrix", {
       query: {
diff --git a/web/admin/src/pages/SqsDetail.tsx b/web/admin/src/pages/SqsDetail.tsx
index 2ad32c7c..73bdb56a 100644
--- a/web/admin/src/pages/SqsDetail.tsx
+++ b/web/admin/src/pages/SqsDetail.tsx
@@ -1,9 +1,28 @@
-import { useState } from "react";
+import { useCallback, useEffect, useRef, useState } from "react";
 import { Link, useNavigate, useParams } from "react-router-dom";
-import { api } from "../api/client";
+import {
+  api,
+  type SqsPeekResult,
+  type SqsPeekedMessage,
+} from "../api/client";
 import { Modal } from "../components/Modal";
 import { formatApiError, useApiQuery } from "../lib/useApi";
 
+// kPeekPageSize is the documented Phase 5 default the SPA sends on
+// every Messages-tab fetch. The server clamps to [1, 100]; staying
+// at 20 keeps the worst-case response (20 rows × 256 KiB) at 5 MiB
+// well under typical network and JSON-parse budgets.
+const kPeekPageSize = 20;
+
+// kPeekBodyMaxBytes is the eager full-body fetch size: 256 KiB matches
+// SQS's hard cap on stored message size, so the detail modal renders
+// directly from the row already in memory — no re-peek round-trip on
+// modal open, eliminating the "row disappeared between list and
+// modal" failure modes (concurrent purge, ReceiveMessage from another
+// client, visibility timer started). Trade is initial fetch size
+// for modal-open consistency; design doc §3.5 lays out the reasoning.
+const kPeekBodyMaxBytes = 262144;
+
 export function SqsDetailPage() {
   const { name = "" } = useParams<{ name: string }>();
   const detail = useApiQuery((signal) => api.describeQueue(name, signal), [name]);
@@ -11,14 +30,10 @@ export function SqsDetailPage() {
   const [deleting, setDeleting] = useState(false);
   const [deleteError, setDeleteError] = useState<string | null>(null);
   const navigate = useNavigate();
-  // The delete button is gated by the backend's live-role check
-  // (internal/admin/sqs_handler.go principalForWrite), not the JWT
-  // role cached in this session. A JWT minted as read_only stays
-  // read_only in the cookie until logout, but the operator may have
-  // been promoted to full in the live role store after login — so
-  // gating the button on session.role would hide it for users who
-  // are currently authorized. A read_only operator who clicks delete
-  // gets a 403 from the backend, surfaced in the modal's error area.
+  // The delete / purge buttons are gated by the backend's live-role
+  // check (internal/admin/sqs_handler.go principalForWrite), not the
+  // JWT role cached in this session. See SqsDetail's pre-Phase-5
+  // comment for the rationale.
 
   const onDelete = async () => {
     setDeleting(true);
@@ -42,6 +57,11 @@ export function SqsDetailPage() {
             {detail.data.is_fifo ? "FIFO" : "Standard"}
           </span>
         )}
+        {detail.data?.is_dlq && (
+          <span className="pill-accent" title="Another queue's RedrivePolicy points at this queue">
+            DLQ
+          </span>
+        )}
         {detail.data && (
           <button
             type="button"
@@ -76,6 +96,23 @@ export function SqsDetailPage() {
         )}
       </section>
 
+      {detail.data?.is_dlq && detail.data.dlq_sources && detail.data.dlq_sources.length > 0 && (
+        <section className="card">
+          <h2 className="text-sm font-semibold mb-3">DLQ for</h2>
+          <div className="flex flex-wrap gap-2">
+            {detail.data.dlq_sources.map((src) => (
+              <Link
+                key={src}
+                to={`/sqs/${encodeURIComponent(src)}`}
+                className="pill-muted hover:text-ink font-mono text-xs"
+              >
+                {src}
+              </Link>
+            ))}
+          </div>
+        </section>
+      )}
+
       {detail.data && (
         <section className="card">
           <div className="flex items-center justify-between mb-3">
@@ -103,6 +140,16 @@ export function SqsDetailPage() {
         </section>
       )}
 
+      {detail.data && (
+        <MessagesSection
+          queue={name}
+          isFifo={detail.data.is_fifo}
+          isDLQ={detail.data.is_dlq}
+          inFlightCount={detail.data.counters.not_visible}
+          onPurged={() => detail.reload()}
+        />
+      )}
+
       <Modal
         title="Delete queue"
         open={confirmDelete}
@@ -137,6 +184,357 @@ export function SqsDetailPage() {
   );
 }
 
+interface MessagesSectionProps {
+  queue: string;
+  isFifo: boolean;
+  isDLQ: boolean;
+  inFlightCount: number;
+  onPurged: () => void;
+}
+
+// MessagesSection renders the design doc §3.5 Messages tab as a
+// section beneath the queue's counters. Eager-fetches full bodies
+// (256 KiB cap) so the detail modal renders directly from the row
+// in memory, avoiding a re-peek race against concurrent purge /
+// receive / visibility timer.
+function MessagesSection({ queue, isFifo, isDLQ, inFlightCount, onPurged }: MessagesSectionProps) {
+  const [result, setResult] = useState<SqsPeekResult | null>(null);
+  const [cursor, setCursor] = useState<string | undefined>(undefined);
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [selected, setSelected] = useState<SqsPeekedMessage | null>(null);
+  const [confirmPurge, setConfirmPurge] = useState(false);
+  const [purgeName, setPurgeName] = useState("");
+  const [purging, setPurging] = useState(false);
+  const [purgeError, setPurgeError] = useState<string | null>(null);
+  // Cancels the prior peek so a slow response cannot overwrite newer state.
+  const pendingAbortRef = useRef<AbortController | null>(null);
+
+  const fetchPage = useCallback(
+    async (pageCursor: string | undefined) => {
+      pendingAbortRef.current?.abort();
+      const ctl = new AbortController();
+      pendingAbortRef.current = ctl;
+      setLoading(true);
+      setError(null);
+      try {
+        const res = await api.peekQueue(
+          queue,
+          { limit: kPeekPageSize, cursor: pageCursor, body_max_bytes: kPeekBodyMaxBytes },
+          ctl.signal,
+        );
+        if (ctl.signal.aborted) return;
+        setResult(res);
+        setCursor(pageCursor);
+        setLoading(false);
+      } catch (err) {
+        if (ctl.signal.aborted) return;
+        if (err instanceof DOMException && err.name === "AbortError") return;
+        // Clear stale rows so a failed fetch after a queue change does
+        // not leave the prior queue's messages visible (Codex r3 P2).
+        setResult(null);
+        setCursor(undefined);
+        setError(formatApiError(err));
+        setLoading(false);
+      }
+    },
+    [queue],
+  );
+
+  useEffect(() => {
+    // Clear prior queue's table when the queue prop changes so the
+    // brief loading window does not show cross-queue data.
+    setResult(null);
+    setCursor(undefined);
+    void fetchPage(undefined);
+    return () => pendingAbortRef.current?.abort();
+  }, [fetchPage]);
+
+  const onPurgeSubmit = async () => {
+    if (purgeName !== queue) {
+      setPurgeError(`Type "${queue}" exactly to confirm.`);
+      return;
+    }
+    setPurging(true);
+    setPurgeError(null);
+    try {
+      await api.purgeQueue(queue);
+      setConfirmPurge(false);
+      setPurgeName("");
+      onPurged();
+      void fetchPage(undefined);
+    } catch (err) {
+      // Server includes the remaining cooldown in both the
+      // Retry-After header and the body's retry_after_seconds, but
+      // ApiError only carries code+message. formatApiError already
+      // includes the message ("only one PurgeQueue operation on each
+      // queue is allowed every 60 seconds") so showing it verbatim
+      // is sufficient; a future apiFetch enhancement could surface
+      // the typed duration if it becomes worth it.
+      setPurgeError(formatApiError(err));
+    } finally {
+      setPurging(false);
+    }
+  };
+
+  const purgeLabel = isDLQ ? "Purge DLQ" : "Purge messages";
+  const purgeConfirmCopy = isDLQ
+    ? `This queue is the DLQ for one or more source queues. Purging deletes every failed message routed here. Type ${queue} to confirm.`
+    : `This will permanently delete every message in ${queue}. The queue itself remains. Type ${queue} to confirm.`;
+
+  return (
+    <section className="card">
+      <div className="flex items-center justify-between mb-3">
+        <h2 className="text-sm font-semibold">Messages</h2>
+        <button type="button" className="btn-danger text-xs" onClick={() => setConfirmPurge(true)}>
+          {purgeLabel}
+        </button>
+      </div>
+      <div className="text-xs text-muted mb-2">
+        Showing {result?.messages.length ?? 0} visible message
+        {(result?.messages.length ?? 0) === 1 ? "" : "s"}
+        {inFlightCount > 0 && (
+          <> ({inFlightCount} currently in-flight, not shown)</>
+        )}
+      </div>
+      {error && <div className="text-sm text-danger mb-2">{error}</div>}
+      {loading && <div className="text-sm text-muted">Loading…</div>}
+      {!loading && result && result.messages.length === 0 && (
+        <div className="text-sm text-muted">No visible messages.</div>
+      )}
+      {!loading && result && result.messages.length > 0 && (
+        <MessagesTable
+          messages={result.messages}
+          showGroup={isFifo}
+          onSelect={(m) => setSelected(m)}
+        />
+      )}
+      <div className="flex items-center gap-2 mt-3 text-xs">
+        <button
+          type="button"
+          className="btn-secondary text-xs"
+          onClick={() => void fetchPage(undefined)}
+          disabled={loading || cursor === undefined}
+        >
+          First page
+        </button>
+        <button
+          type="button"
+          className="btn-secondary text-xs"
+          onClick={() => void fetchPage(result?.next_cursor)}
+          disabled={loading || !result?.next_cursor}
+        >
+          Next page
+        </button>
+        <button
+          type="button"
+          className="btn-secondary text-xs ml-auto"
+          onClick={() => void fetchPage(cursor)}
+          disabled={loading}
+        >
+          Refresh
+        </button>
+      </div>
+
+      <Modal title="Message detail" open={selected !== null} onClose={() => setSelected(null)}>
+        {selected && <MessageDetail message={selected} queue={queue} />}
+      </Modal>
+
+      <Modal
+        title={purgeLabel}
+        open={confirmPurge}
+        onClose={() => {
+          if (purging) return;
+          setConfirmPurge(false);
+          setPurgeName("");
+          setPurgeError(null);
+        }}
+        busy={purging}
+      >
+        <p className="text-sm">{purgeConfirmCopy}</p>
+        <label className="block mt-3 text-xs text-muted">Type the queue name to confirm</label>
+        <input
+          type="text"
+          className="input mt-1 font-mono"
+          value={purgeName}
+          onChange={(e) => setPurgeName(e.target.value)}
+          disabled={purging}
+          autoFocus
+        />
+        {purgeError && <div className="mt-3 text-sm text-danger">{purgeError}</div>}
+        <div className="flex justify-end gap-2 pt-4">
+          <button
+            type="button"
+            className="btn-secondary"
+            onClick={() => {
+              setConfirmPurge(false);
+              setPurgeName("");
+              setPurgeError(null);
+            }}
+            disabled={purging}
+          >
+            Cancel
+          </button>
+          <button
+            type="button"
+            className="btn-danger"
+            onClick={() => void onPurgeSubmit()}
+            disabled={purging || purgeName !== queue}
+          >
+            {purging ? "Purging…" : purgeLabel}
+          </button>
+        </div>
+      </Modal>
+    </section>
+  );
+}
+
+interface MessagesTableProps {
+  messages: SqsPeekedMessage[];
+  showGroup: boolean;
+  onSelect: (m: SqsPeekedMessage) => void;
+}
+
+function MessagesTable({ messages, showGroup, onSelect }: MessagesTableProps) {
+  return (
+    <table className="w-full text-xs">
+      <thead className="text-muted text-left">
+        <tr>
+          <th className="py-1 pr-3">Message ID</th>
+          <th className="py-1 pr-3">Sent</th>
+          {showGroup && <th className="py-1 pr-3">Group</th>}
+          <th className="py-1 pr-3">Recv</th>
+          <th className="py-1 pr-3">Body</th>
+          <th className="py-1 pr-3">Size</th>
+        </tr>
+      </thead>
+      <tbody>
+        {messages.map((m) => (
+          <tr
+            key={m.message_id}
+            className="border-t border-border hover:bg-surface cursor-pointer"
+            onClick={() => onSelect(m)}
+          >
+            <td className="py-1 pr-3 font-mono" title={m.message_id}>
+              {m.message_id.slice(0, 8)}
+            </td>
+            <td className="py-1 pr-3 font-mono">{new Date(m.sent_timestamp).toLocaleString()}</td>
+            {showGroup && <td className="py-1 pr-3 font-mono">{m.group_id ?? ""}</td>}
+            <td className={`py-1 pr-3 font-mono ${m.receive_count === 0 ? "text-muted" : ""}`}>
+              {m.receive_count}
+            </td>
+            <td className="py-1 pr-3 font-mono truncate max-w-md">{previewBody(m)}</td>
+            <td className="py-1 pr-3 font-mono text-muted">{formatBytes(m.body_original_size)}</td>
+          </tr>
+        ))}
+      </tbody>
+    </table>
+  );
+}
+
+interface MessageDetailProps {
+  message: SqsPeekedMessage;
+  queue: string;
+}
+
+function MessageDetail({ message, queue }: MessageDetailProps) {
+  const [copied, setCopied] = useState(false);
+  const [copyError, setCopyError] = useState<string | null>(null);
+  const onCopyJson = async () => {
+    // Schema version per design doc §3.5; downstream tooling pins it.
+    const payload = {
+      schema_version: 1,
+      queue,
+      exported_at: new Date().toISOString(),
+      message,
+    };
+    const json = JSON.stringify(payload, null, 2);
+    // navigator.clipboard is secure-context-only. On insecure /
+    // unavailable, point the operator at the body <pre> in the
+    // modal rather than window.prompt (blocking modal pre-empts the
+    // error message and some browsers truncate ~350KiB payloads).
+    if (typeof navigator !== "undefined" && navigator.clipboard?.writeText) {
+      try {
+        await navigator.clipboard.writeText(json);
+        setCopied(true);
+        setCopyError(null);
+        setTimeout(() => setCopied(false), 1500);
+        return;
+      } catch (err) {
+        setCopyError(`Copy failed: ${String(err)}. Select the body text above to copy manually.`);
+        return;
+      }
+    }
+    setCopyError("Clipboard API unavailable (insecure context). Select the body text above to copy manually.");
+  };
+
+  return (
+    <div className="space-y-3 text-sm">
+      <dl className="grid grid-cols-3 gap-x-4 gap-y-1 text-xs">
+        <dt className="text-muted">Message ID</dt>
+        <dd className="col-span-2 font-mono">{message.message_id}</dd>
+        <dt className="text-muted">Sent</dt>
+        <dd className="col-span-2 font-mono">{new Date(message.sent_timestamp).toLocaleString()}</dd>
+        <dt className="text-muted">Receive count</dt>
+        <dd className="col-span-2 font-mono">{message.receive_count}</dd>
+        {message.group_id && (
+          <>
+            <dt className="text-muted">Group ID</dt>
+            <dd className="col-span-2 font-mono">{message.group_id}</dd>
+          </>
+        )}
+        {message.deduplication_id && (
+          <>
+            <dt className="text-muted">Deduplication ID</dt>
+            <dd className="col-span-2 font-mono">{message.deduplication_id}</dd>
+          </>
+        )}
+        <dt className="text-muted">Original size</dt>
+        <dd className="col-span-2 font-mono">{formatBytes(message.body_original_size)}</dd>
+      </dl>
+      <div>
+        <div className="flex items-center justify-between mb-1">
+          <span className="text-xs text-muted">Body</span>
+          {message.body_truncated && (
+            <span className="text-xs text-danger">
+              Truncated to {formatBytes(utf8ByteLength(message.body))} of {formatBytes(message.body_original_size)}
+            </span>
+          )}
+        </div>
+        <pre className="text-xs font-mono bg-surface p-2 rounded overflow-x-auto max-h-64 whitespace-pre-wrap break-all">
+          {message.body}
+        </pre>
+      </div>
+      {message.attributes && Object.keys(message.attributes).length > 0 && (
+        <div>
+          <div className="text-xs text-muted mb-1">Attributes</div>
+          <dl className="grid grid-cols-[max-content_max-content_1fr] gap-x-4 gap-y-1 text-xs">
+            {Object.entries(message.attributes).map(([k, v]) => (
+              <div key={k} className="contents">
+                <dt className="font-mono">{k}</dt>
+                <dd className="text-muted">{v.data_type}</dd>
+                <dd className="font-mono break-all">
+                  {v.string_value ?? (v.binary_value ? `<binary, ${base64DecodedByteLength(v.binary_value)} bytes>` : "")}
+                </dd>
+              </div>
+            ))}
+          </dl>
+        </div>
+      )}
+      {copyError && <div className="text-xs text-danger">{copyError}</div>}
+      <div className="flex justify-end">
+        <button
+          type="button"
+          className="btn-secondary text-xs"
+          onClick={() => void onCopyJson()}
+        >
+          {copied ? "Copied!" : "Copy as JSON"}
+        </button>
+      </div>
+    </div>
+  );
+}
+
 function CounterCard({ label, value }: { label: string; value: number }) {
   return (
     <div className="rounded-md border border-border bg-surface p-3">
@@ -145,3 +543,33 @@ function CounterCard({ label, value }: { label: string; value: number }) {
     </div>
   );
 }
+
+function previewBody(m: SqsPeekedMessage): string {
+  const max = 96;
+  if (m.body.length <= max) return m.body || "(empty)";
+  return m.body.slice(0, max) + "…";
+}
+
+function formatBytes(n: number): string {
+  if (n < 1024) return `${n} B`;
+  if (n < 1024 * 1024) return `${(n / 1024).toFixed(1)} KiB`;
+  return `${(n / (1024 * 1024)).toFixed(1)} MiB`;
+}
+
+// utf8ByteLength: server applies BodyMaxBytes to UTF-8 bytes, not
+// UTF-16 code units; CJK/emoji bodies would otherwise under-report.
+function utf8ByteLength(s: string): number {
+  if (typeof TextEncoder !== "undefined") {
+    return new TextEncoder().encode(s).byteLength;
+  }
+  return s.length;
+}
+
+// Decoded length without actually decoding: 4 chars → 3 bytes, minus padding.
+function base64DecodedByteLength(b64: string): number {
+  if (b64.length === 0) return 0;
+  let padding = 0;
+  if (b64.endsWith("==")) padding = 2;
+  else if (b64.endsWith("=")) padding = 1;
+  return Math.floor(b64.length * 3 / 4) - padding;
+}