diff --git a/Panel/CHANGELOG.md b/Panel/CHANGELOG.md
index 5b0e7a9f..5218a1f9 100644
--- a/Panel/CHANGELOG.md
+++ b/Panel/CHANGELOG.md
@@ -7,6 +7,7 @@
 - **Updater layout hardening + pre-update patch framework:** Reworked `modules/administration/panel_update.php` to resolve explicit GSP root/Panel/Website paths, run mandatory preflight checks, self-update updater files before main sync when drift is detected, and apply ordered required patches from `modules/update/patches/` with DB/local state tracking. Backup/rollback now includes both Panel + Website archives and root `version.json`, logs moved to root `logs/update_trace.log`, and the admin Update UI now exposes preflight, patch apply, Apache path scan/fix, backup, update, and rollback actions.
 - **Billing runtime relocation + portable path bootstrap:** Re-homed storefront runtime to `Panel/modules/billing`, added portable runtime helpers (`billing_bootstrap.php`, `site_config.php`, `site_config.example.php`) with env/local override support for base path and panel path, normalized critical storefront redirects/links to computed billing URLs, and added `Website` compatibility wrappers for key billing entrypoints.
 - **Panel updater panel-subtree safety:** Hardened updater logic to treat repository `/panel` as the update source when present (ZIP + git flows) so root-level docs/examples/scripts are no longer candidates for panel file overwrite during updates.
+- **Updater root-layout hardening + pre-update patch workflow:** Reworked the admin updater to treat `/var/www/html/GSP` as repo root (with explicit `Panel/` + `Website/` handling), added mandatory preflight + required patch execution (`Panel/modules/update/patches` + persisted patch-state file), implemented updater self-refresh detection/resume, expanded backups/rollback to include Panel+Website+`version.json` with retention, and added Apache stale-path scan/repair tooling with backups + `apache2ctl configtest` safeguards.
 - **Panel registration stability + captcha fallback hardening:** Fixed a fatal syntax error in `modules/register/register-exec.php`, removed hardcoded/legacy registration redirects, added structured registration logging to `modules/register/logs/register.log` (auto-creates missing log dir), added duplicate username checks, added optional `users_pass_hash` write for PHP 8.3-compatible auth upgrades, and implemented graceful reCAPTCHA fallback when keys are missing/legacy-invalid or the widget reports an error so the themed registration flow no longer crashes with raw PHP errors.
 
 ## 2026-05-13
diff --git a/Panel/docs/COPILOT_TODO.md b/Panel/docs/COPILOT_TODO.md
index 439e581a..b8498d9d 100644
--- a/Panel/docs/COPILOT_TODO.md
+++ b/Panel/docs/COPILOT_TODO.md
@@ -16,6 +16,7 @@
 - Add an admin/serverlist UI badge that shows detected service OS variant (Windows/Linux/Any) from XML metadata next to each purchasable service row.
 - Add a panel settings health check that validates reCAPTCHA site/secret keys against active panel/storefront domains and warns admins before registration users see widget errors.
 - Add an automated deployment check that fails when `Website/timestamp.txt` and `modules/billing/timestamp.txt` diverge after storefront/content changes.
+- Add an integration smoke test that exercises updater preflight, required patch state persistence, Apache path scan output, and rollback restore of Panel/Website/version.json artifacts.
 - Add an admin preview/diff panel for Apache path repairs so staff can review exact vhost line changes before confirming `Fix Apache Paths`.
 - Add Phase 2 Workshop Content UX in `addonsmanager`: browse/search/select Workshop items with metadata while reusing the Phase 1 per-home saved-ID action pipeline.
 - Add localized language strings/tooltips for the new cron scheduler `server_content_*` action labels across all supported panel locales.
diff --git a/Panel/modules/update/patches/20260518_layout_safety.php b/Panel/modules/update/patches/20260518_layout_safety.php
new file mode 100644
index 00000000..d7f61dca
--- /dev/null
+++ b/Panel/modules/update/patches/20260518_layout_safety.php
@@ -0,0 +1,43 @@
+<?php
+
+if (!function_exists('gsp_patch_20260518_layout_safety')) {
+function gsp_patch_20260518_layout_safety($context)
+{
+$required_dirs = [
+GSP_ROOT_DIR,
+GSP_PANEL_DIR,
+GSP_WEBSITE_DIR,
+GSP_ROOT_DIR . '/examples',
+GSP_ROOT_DIR . '/backups',
+GSP_ROOT_DIR . '/logs',
+GSP_ROOT_DIR . '/includes',
+];
+
+foreach ($required_dirs as $dir) {
+if (!is_dir($dir) && !@mkdir($dir, 0755, true)) {
+return [
+'success' => false,
+'message' => 'Failed to create required layout directory: ' . $dir,
+];
+}
+if (!is_writable($dir)) {
+return [
+'success' => false,
+'message' => 'Required layout directory is not writable: ' . $dir,
+];
+}
+}
+
+return [
+'success' => true,
+'message' => 'Canonical GSP layout directories verified.',
+];
+}
+}
+
+return [
+'id' => '20260518_layout_safety',
+'title' => 'Ensure canonical GSP layout directories are present and writable',
+'required' => true,
+'handler' => 'gsp_patch_20260518_layout_safety',
+];