@ait-co/devtools 0.1.41 → 0.1.44

package/dist/mcp/cli.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 import { createRequire } from "node:module";
-import { existsSync, realpathSync } from "node:fs";
+import { existsSync, mkdirSync, readFileSync, realpathSync, rmSync, writeFileSync } from "node:fs";
 import { argv } from "node:process";
 import { fileURLToPath } from "node:url";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
@@ -11,9 +11,13 @@ import { WebSocket } from "ws";
 import { createServer } from "node:http";
 import { spawn } from "node:child_process";
 import net from "node:net";
-import { platform } from "node:os";
+import { homedir, platform } from "node:os";
+import { join } from "node:path";
 import { createHmac, randomBytes, timingSafeEqual } from "node:crypto";
 import { Tunnel, bin, install } from "cloudflared";
+//#region \0rolldown/runtime.js
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+//#endregion
 //#region src/mcp/ait-chii-source.ts
 function isObject$4(value) {
 	return typeof value === "object" && value !== null;
@@ -49,6 +53,98 @@ var ChiiAitSource = class {
 	}
 };
 //#endregion
+//#region src/mcp/log.ts
+/**
+* Allowed field keys that may pass through to a log line.
+* Unknown keys are dropped. Values are still redact-scanned.
+*/
+const ALLOWED_KEYS = new Set([
+	"ts",
+	"level",
+	"event",
+	"msg",
+	"port",
+	"totpEnabled",
+	"env",
+	"tool",
+	"deploymentId",
+	"errorKind",
+	"reason",
+	"prevTargetId",
+	"mode"
+]);
+/**
+* Patterns that match secret values.
+* Match order matters — more-specific patterns first.
+*
+* #268 redact script covers: relay=wss://…, at=<TOTP>, _deploymentId=<uuid>.
+* Here we extend to in-process value-level patterns used in server logs.
+*/
+const SECRET_PATTERNS = [
+	/^\d{6}$/,
+	/^(aitcc_|AITCC_)/i,
+	/^[A-Za-z0-9_-]+=.{4,}/,
+	/^wss:\/\//,
+	/(?:^|[?&])at=[A-Z0-9]{6}/i
+];
+/**
+* Returns `true` when the string value matches any known-secret pattern.
+* Only string values are tested — numbers/booleans are always safe.
+*/
+function isSecretValue(value) {
+	return SECRET_PATTERNS.some((re) => re.test(value));
+}
+/**
+* Redacts a single scalar value.
+* - strings: return "***" if the value matches a secret pattern.
+* - other: return as-is.
+*/
+function redactValue(value) {
+	if (typeof value === "string" && isSecretValue(value)) return "***";
+	return value;
+}
+/**
+* Builds a safe log payload from raw fields.
+*
+* - Only keys in `ALLOWED_KEYS` are included.
+* - String values are scanned for secret patterns and replaced with "***".
+* - `ts` and `level` and `event` are always included (they are injected by the
+*   logger functions below, not by callers).
+*/
+function buildPayload(level, event, fields) {
+	const out = {
+		ts: (/* @__PURE__ */ new Date()).toISOString(),
+		level,
+		event
+	};
+	for (const [key, value] of Object.entries(fields)) {
+		if (!ALLOWED_KEYS.has(key)) continue;
+		if (key === "ts" || key === "level" || key === "event") continue;
+		out[key] = redactValue(value);
+	}
+	return out;
+}
+/**
+* Writes a single JSON log line to stderr.
+* MCP stdio transport uses stdout; all diagnostics go to stderr.
+*/
+function writeLog(level, event, fields = {}) {
+	const payload = buildPayload(level, event, fields);
+	process.stderr.write(`${JSON.stringify(payload)}\n`);
+}
+/** Log an informational structured event. */
+function logInfo(event, fields = {}) {
+	writeLog("info", event, fields);
+}
+/** Log a warning structured event. */
+function logWarn(event, fields = {}) {
+	writeLog("warn", event, fields);
+}
+/** Log an error structured event. */
+function logError(event, fields = {}) {
+	writeLog("error", event, fields);
+}
+//#endregion
 //#region src/mcp/chii-connection.ts
 /**
 * Production `CdpConnection` backed by the local Chii relay.
@@ -62,6 +158,12 @@ var ChiiAitSource = class {
 * events in ring buffers the tool layer reads via `getBufferedEvents`.
 *
 * Node-only: imports `ws`. Never bundled into the browser/in-app entries.
+*
+* Attach reliability (#281):
+*   `refreshTargets()` emits an internal 'target:attached' event whenever a
+*   new target is added to the relay. `waitForFirstTarget()` awaits that event
+*   (with a polling-interval fallback) so `build_attach_url wait_for_attach`
+*   resolves deterministically rather than racing between polling rounds.
 */
 /** Max events retained per domain ring buffer. */
 const DEFAULT_BUFFER_SIZE$1 = 500;
@@ -166,7 +268,7 @@ var ChiiCdpConnection = class {
 		}
 		if (newestTargetId !== null && this.activeTargetId !== null && newestTargetId !== this.activeTargetId) {
 			const prevId = this.activeTargetId;
-			process.stderr.write(`[ait-debug] 이전 page 세션 종료 — 새 attach로 교체 (prev=${prevId})\n`);
+			logInfo("page.detached", { prevTargetId: prevId });
 			this.evictTarget(prevId);
 		}
 		this.targets.clear();
@@ -181,12 +283,73 @@ var ChiiCdpConnection = class {
 		}
 		if (newestTargetId !== null) this.activeTargetId = newestTargetId;
 		else this.activeTargetId = null;
-		return [...this.targets.values()];
+		const result = [...this.targets.values()];
+		if (newestTargetId !== null) this.emitter.emit("target:attached", result);
+		return result;
 	}
 	listTargets() {
 		return [...this.targets.values()];
 	}
 	/**
+	* Waits until at least one target matching `filterFn` is attached, then
+	* resolves with the full target list at that moment.
+	*
+	* Resolution happens on whichever comes first:
+	*   (a) a `'target:attached'` event from `refreshTargets()` (triggered by
+	*       the /targets poll finding a new target), OR
+	*   (b) a `'target:attached'` event from `handleMessage()` (triggered by
+	*       the first inbound CDP message from a target — confirms the relay
+	*       websocket has data from the phone, not just a target entry in the map).
+	*
+	* This dual-signal approach eliminates the polling race that previously
+	* caused `wait_for_attach` to resolve before the first CDP message arrived.
+	*
+	* Falls back to checking `listTargets()` every `pollIntervalMs` in case the
+	* EventEmitter is missed (defensive belt-and-suspenders).
+	*
+	* @param filterFn  - Predicate that the returned targets must satisfy.
+	* @param timeoutMs - Reject after this many ms (default 90 000).
+	* @param pollIntervalMs - Fallback poll interval (default 500ms).
+	*/
+	waitForFirstTarget(filterFn, timeoutMs = 9e4, pollIntervalMs = 500) {
+		const current = this.listTargets();
+		if (filterFn(current)) return Promise.resolve(current);
+		return new Promise((resolve, reject) => {
+			let settled = false;
+			let pollHandle = null;
+			const settle = (targets) => {
+				if (settled) return;
+				settled = true;
+				clearTimeout(timeoutHandle);
+				if (pollHandle !== null) {
+					clearInterval(pollHandle);
+					pollHandle = null;
+				}
+				this.emitter.off("target:attached", onAttach);
+				resolve(targets);
+			};
+			const onAttach = (targets) => {
+				if (filterFn(targets)) settle(targets);
+			};
+			const timeoutHandle = setTimeout(() => {
+				if (settled) return;
+				settled = true;
+				if (pollHandle !== null) {
+					clearInterval(pollHandle);
+					pollHandle = null;
+				}
+				this.emitter.off("target:attached", onAttach);
+				reject(/* @__PURE__ */ new Error(`waitForFirstTarget: 타임아웃 (${timeoutMs}ms) — 폰이 relay에 attach되지 않았습니다.`));
+			}, timeoutMs);
+			this.emitter.on("target:attached", onAttach);
+			pollHandle = setInterval(() => {
+				this.refreshTargets().then((targets) => {
+					if (filterFn(targets)) settle(targets);
+				}, () => {});
+			}, pollIntervalMs);
+		});
+	}
+	/**
 	* Timestamp (ms since epoch) of the most recent crash/destroy/detach event
 	* detected since the last `enableDomains()` call, or `null` if none.
 	*/
@@ -423,7 +586,12 @@ var ChiiCdpConnection = class {
 			return;
 		}
 		const now = Date.now();
-		for (const targetId of this.targets.keys()) this.targetLastSeenAt.set(targetId, now);
+		let firstMessageSeen = false;
+		for (const targetId of this.targets.keys()) {
+			if (!this.targetLastSeenAt.has(targetId)) firstMessageSeen = true;
+			this.targetLastSeenAt.set(targetId, now);
+		}
+		if (firstMessageSeen && this.targets.size > 0) this.emitter.emit("target:attached", [...this.targets.values()]);
 		if (typeof message.method !== "string") return;
 		if (message.method === "Inspector.targetCrashed") {
 			this.handleTargetGone("crashed", null);
@@ -493,9 +661,9 @@ var ChiiCdpConnection = class {
 *   in any log, error message, or process output. `verifyAuth` is a black-box
 *   predicate from the caller's perspective; this module only forwards pass/fail.
 */
-const require = createRequire(import.meta.url);
+const require$1 = createRequire(import.meta.url);
 function loadChiiServer() {
-	const mod = require("chii");
+	const mod = require$1("chii");
 	if (typeof mod === "object" && mod !== null && "start" in mod && typeof mod.start === "function") return mod;
 	throw new Error("chii server module did not expose start()");
 }
@@ -548,6 +716,288 @@ async function startChiiRelay(options = {}) {
 	};
 }
 //#endregion
+//#region src/mcp/devtools-opener.ts
+/**
+* Base URL for the Chrome DevTools inspector hosted on appspot.
+*
+* The `@` path segment is the "latest / bleeding edge" alias which tracks the
+* current Chrome stable CDP protocol version — compatible with the chobitsu-
+* based CDP that Chii injects. A specific commit hash may be pinned here if
+* a regression is observed.
+*/
+const DEVTOOLS_FRONTEND_BASE = "https://chrome-devtools-frontend.appspot.com/serve_file/@/inspector.html";
+/**
+* Assembles the Chrome DevTools inspector URL that connects to a Chii relay
+* WebSocket.
+*
+* The `wss=` parameter expects a host-and-path string without the `wss://`
+* scheme prefix — the DevTools frontend prepends it automatically.
+*
+* @param wssRelayUrl - Full `wss://` URL of the Chii relay (public tunnel).
+*   Example: `wss://abc.trycloudflare.com`
+* @param panel - Initial panel. Defaults to `"console"`.
+*
+* @example
+* buildChromeDevtoolsUrl('wss://abc.trycloudflare.com')
+* // → 'https://chrome-devtools-frontend.appspot.com/serve_file/@/inspector.html?wss=abc.trycloudflare.com&panel=console'
+*/
+function buildChromeDevtoolsUrl(wssRelayUrl, panel = "console") {
+	const wssParam = wssRelayUrl.replace(/^wss:\/\//i, "");
+	return `${DEVTOOLS_FRONTEND_BASE}?${new URLSearchParams({
+		wss: wssParam,
+		panel
+	}).toString()}`;
+}
+/**
+* Returns `true` when auto-open is **disabled** via the `AIT_AUTO_DEVTOOLS`
+* env var. Only the explicit `"0"` value disables it; anything else (including
+* absent) leaves auto-open enabled.
+*/
+function isAutoDevtoolsDisabled() {
+	return process.env.AIT_AUTO_DEVTOOLS === "0";
+}
+/**
+* Opens the given URL in the OS default browser using a platform-appropriate
+* command. Returns `true` on success.
+*
+* Failures are silent from the caller's perspective — the caller should log
+* the URL to stderr as a fallback before calling this function.
+*/
+function openUrlInBrowser(url) {
+	if (process.env.AIT_AUTO_DEVTOOLS_TEST_SKIP_SPAWN === "1") return false;
+	const { spawnSync } = __require("node:child_process");
+	const platform = process.platform;
+	let candidates;
+	if (platform === "darwin") candidates = [{
+		cmd: "open",
+		args: [url]
+	}];
+	else if (platform === "win32") candidates = [{
+		cmd: "cmd",
+		args: [
+			"/c",
+			"start",
+			"",
+			url
+		]
+	}];
+	else candidates = [
+		{
+			cmd: "xdg-open",
+			args: [url]
+		},
+		{
+			cmd: "sensible-browser",
+			args: [url]
+		},
+		{
+			cmd: "x-www-browser",
+			args: [url]
+		}
+	];
+	for (const { cmd, args } of candidates) try {
+		const result = spawnSync(cmd, args, {
+			encoding: "utf8",
+			timeout: 5e3
+		});
+		if (!result.error && result.status === 0) return true;
+	} catch {}
+	return false;
+}
+/**
+* Manages auto-opening Chrome DevTools exactly once per relay attach session.
+*
+* Create one instance per `runDebugServer` call and pass its `open()` method
+* as the `onFirstAttach` callback to `startAttachWatcher`.
+*
+* The open fires at most once. Subsequent `open()` calls are no-ops.
+* Opt-out and mock-environment guard are checked at call time.
+*/
+var AutoDevtoolsOpener = class {
+	_opened = false;
+	/**
+	* Attempts to auto-open Chrome DevTools.
+	*
+	* No-op when any of the following conditions hold:
+	*   1. Already opened this session (`_opened` is true).
+	*   2. `AIT_AUTO_DEVTOOLS=0` opt-out is set.
+	*   3. Environment is `mock` (env 1 — F12 is already available).
+	*   4. `wssRelayUrl` is null/undefined/empty (tunnel not yet up).
+	*
+	* Always writes the DevTools URL to stderr so the developer can copy it
+	* if the browser open fails or the popup is blocked.
+	*
+	* @param wssRelayUrl - The public `wss://` relay URL (from tunnel status).
+	* @param env - Current MCP environment (`mock` | `relay`).
+	*/
+	open(wssRelayUrl, env) {
+		if (this._opened) return;
+		if (isAutoDevtoolsDisabled()) return;
+		if (env === "mock") return;
+		if (!wssRelayUrl) return;
+		this._opened = true;
+		const devtoolsUrl = buildChromeDevtoolsUrl(wssRelayUrl);
+		process.stderr.write(`[ait-debug] 기기가 연결됐습니다 — Chrome DevTools를 자동으로 엽니다.
+[ait-debug] Chrome DevTools URL: ${devtoolsUrl}\n[ait-debug] (AIT_AUTO_DEVTOOLS=0 으로 자동 열기를 끌 수 있습니다)
+`);
+		if (!openUrlInBrowser(devtoolsUrl)) process.stderr.write("[ait-debug] 브라우저 자동 열기 실패 — 위 URL을 브라우저에서 직접 여세요.\n");
+	}
+	/** Returns `true` if `open()` has passed all guards and fired once. */
+	get opened() {
+		return this._opened;
+	}
+};
+//#endregion
+//#region src/mcp/environment.ts
+/**
+* URL patterns that mark a CDP target as a real-device WebView relay.
+*
+* - `intoss-private://` is the Toss in-app private scheme — only ever observed
+*   inside the real Toss app WebView.
+* - `*.trycloudflare.com` (host suffix) is the cloudflared quick tunnel used as
+*   the relay transport. A target whose URL is on that host is, by construction,
+*   reached over the relay.
+*
+* Pattern-only matches — no specific tunnel host or deploymentId is hard-coded.
+*/
+const RELAY_URL_PATTERNS = [/^intoss-private:\/\//i, /:\/\/[a-z0-9-]+\.trycloudflare\.com(\/|$|:|\?)/i];
+/**
+* Returns true when the URL string looks like a real-device WebView attached
+* over the Chii relay. Used for `getEnvironment()` precedence step 2.
+*/
+function isRelayUrl(url) {
+	if (typeof url !== "string" || url.length === 0) return false;
+	return RELAY_URL_PATTERNS.some((p) => p.test(url));
+}
+/**
+* Test/override hook — when non-null, `getEnvironment()` returns this value
+* regardless of env vars or connection state. Cleared with `null`.
+*/
+let envOverride = null;
+/** Parses the `MCP_ENV` env var into a `McpEnvironment` if valid. */
+function readEnvVar() {
+	const raw = process.env.MCP_ENV;
+	if (raw === "mock" || raw === "relay") return raw;
+}
+/**
+* Returns the current MCP environment, applying the precedence rules:
+*   1. test override (if set)
+*   2. `MCP_ENV` env var
+*   3. CDP target URL pattern match
+*   4. default `mock`
+*/
+function getEnvironment(input = {}) {
+	if (envOverride !== null) return envOverride;
+	const fromEnv = readEnvVar();
+	if (fromEnv !== void 0) return fromEnv;
+	const { connection } = input;
+	if (connection !== void 0) {
+		const targets = connection.listTargets();
+		for (const t of targets) if (isRelayUrl(t.url)) return "relay";
+	}
+	return "mock";
+}
+/**
+* Returns the `EnvironmentReason` that drove the current `getEnvironment()`
+* result. Used by stderr logs and the rejection-reason payload on Tier A/B
+* mismatch errors. SECRET-HANDLING: only stable enum strings — no URL or
+* secret value is ever returned.
+*/
+function getEnvironmentReason(input = {}) {
+	if (envOverride !== null) return envOverride === "mock" ? "env-var-mock" : "env-var-relay";
+	const fromEnv = readEnvVar();
+	if (fromEnv === "mock") return "env-var-mock";
+	if (fromEnv === "relay") return "env-var-relay";
+	const { connection } = input;
+	if (connection !== void 0) {
+		const targets = connection.listTargets();
+		for (const t of targets) if (isRelayUrl(t.url)) return "cdp-target-url-relay-pattern";
+	}
+	return "default-mock";
+}
+//#endregion
+//#region src/mcp/errors.ts
+/**
+* 한국어 한 줄 "원인 + 다음 행동" 포맷으로 에러 결과를 빌드한다.
+*
+* @param message - 사용자에게 보여줄 에러 본문 (원인 + 다음 행동 포함).
+*/
+function mcpError(message) {
+	return {
+		content: [{
+			type: "text",
+			text: message
+		}],
+		isError: true
+	};
+}
+/**
+* Tier A/B 환경 불일치 거부 메시지.
+*
+* @param toolName    - 거부된 tool 이름.
+* @param requiredEnv - 해당 tool이 요구하는 환경 ('mock' | 'relay').
+* @param currentEnv  - 현재 세션 환경.
+* @param reason      - 환경이 결정된 근거 (EnvironmentReason 문자열).
+*/
+function tierRejectionError(toolName, requiredEnv, currentEnv, reason) {
+	return mcpError(`${`${toolName}은 ${requiredEnv === "relay" ? "relay (실기기 연결)" : "mock (로컬 브라우저)"} 환경에서만 사용할 수 있습니다. 현재 환경: ${currentEnv === "relay" ? "relay" : "mock"} (${reason}). ${requiredEnv === "relay" ? "build_attach_url → QR 스캔으로 실기기를 attach하세요." : "MCP_ENV=mock 또는 relay 환경변수를 확인하세요."}`}\n\n${`tool ${toolName} is available only in ${requiredEnv}. Current environment is ${currentEnv} (${reason}).`}`);
+}
+/**
+* 상태 1: tunnel 미가동 — cloudflared 터널이 아직 뜨지 않았다.
+*
+* `build_attach_url` 호출 시 tunnel.up === false 인 경우.
+*/
+function tunnelDownError() {
+	return mcpError("cloudflared 터널이 안 떠 있습니다. MCP 서버를 재시작하거나 잠시 후 list_pages로 터널 상태를 다시 확인하세요.");
+}
+/**
+* 상태 2: page 미attach — 터널은 살아 있으나 아직 페이지가 연결되지 않았다.
+*
+* enableDomains()가 "No mini-app page attached" 에러를 던질 때.
+*/
+function pageMissingError(toolName) {
+	return mcpError(`${toolName ? `${toolName}: ` : ""}페이지가 attach 안 됨. build_attach_url로 deep link를 생성하고 QR을 스캔해 미니앱을 attach하세요.`);
+}
+/**
+* 상태 3: page crash — 연결됐던 페이지가 crash/destroy됐다.
+*
+* chii-connection 이 'replaced-by-new-attach' / 'targetCrashed' / 'targetDestroyed' 를
+* 던질 때 이 메시지를 사용한다.
+*/
+function pageCrashError(toolName) {
+	return mcpError(`${toolName ? `${toolName}: ` : ""}페이지가 crash됐습니다. 토스 앱을 재실행한 뒤 build_attach_url → QR 스캔으로 재attach하세요.`);
+}
+/**
+* 상태 4: SDK 부재 — window.__sdkCall이 주입되지 않았다 (dogfood 빌드가 아님).
+*
+* call_sdk 호출 시 브리지가 없을 때.
+*/
+function sdkAbsentError(toolName) {
+	return mcpError(`${toolName ? `${toolName}: ` : ""}window.__sdkCall이 주입되지 않았습니다 (dogfood 빌드가 아닙니다). dogfood 채널(intoss-private)로 번들을 재배포한 뒤 재시도하세요.`);
+}
+/**
+* relay WebSocket 연결이 끊겼을 때 — 크래시가 아닌 네트워크/프로세스 종료.
+*/
+function relayDisconnectError(toolName) {
+	return mcpError(`${toolName ? `${toolName}: ` : ""}relay 연결이 끊겼습니다. list_pages로 상태를 확인하고, 필요하면 앱을 재실행 후 재attach하세요.`);
+}
+/**
+* CDP/AIT 명령 중 발생한 예외를 4상태로 분류해 적절한 에러 결과를 반환한다.
+*
+* - SDK 부재 패턴 (`window.__sdkCall is not available`) → sdkAbsentError
+* - crash 패턴 (`replaced-by-new-attach`, `targetCrashed`, `targetDestroyed`) → pageCrashError
+* - 연결 끊김 패턴 (`relay에 연결되어 있지 않습니다`, `relay WebSocket`) → relayDisconnectError
+* - 그 외 (일반 에러) → 원본 메시지를 포함한 mcpError
+*/
+function classifyToolError(err, toolName) {
+	const message = err instanceof Error ? err.message : String(err);
+	if (message.startsWith("tunnel-down:") || message.includes("터널이 안 떠 있습니다")) return tunnelDownError();
+	if (message.startsWith("sdk-absent:") || message.includes("__sdkCall이 주입되지 않았습니다") || message.includes("window.__sdkCall is not available") || message.includes("__sdkCall") && message.includes("not available")) return sdkAbsentError(toolName);
+	if (message.includes("replaced-by-new-attach") || message.includes("targetCrashed") || message.includes("targetDestroyed") || message.includes("detachedFromTarget")) return pageCrashError(toolName);
+	if (message.includes("relay에 연결되어 있지 않습니다") || message.includes("relay WebSocket")) return relayDisconnectError(toolName);
+	return mcpError(`${toolName} 실패: ${message}\nlist_pages로 미니앱이 relay에 attach됐는지 확인하세요.`);
+}
+//#endregion
 //#region src/mcp/local-connection.ts
 /**
 * Local-browser `CdpConnection` — attaches directly to a Chromium instance
@@ -1049,6 +1499,154 @@ function buildAttachHtml(qrDataUrl, safeLabel, safeAttachUrl) {
 </html>`;
 }
 //#endregion
+//#region src/mcp/server-lock.ts
+/**
+* Single debug session lock for the `devtools-mcp` debug server.
+*
+* At most one debug server process should run on a given machine at a time —
+* multiple concurrent instances create duplicate cloudflared tunnels, waste
+* resources, and confuse the user about which wssUrl to use.
+*
+* ## Lock file
+*
+* Location: `~/.ait-devtools/server.lock`
+*
+* Schema (JSON):
+* ```json
+* { "pid": 12345, "wssUrl": "wss://xxx.trycloudflare.com", "startedAt": "2026-01-01T00:00:00.000Z" }
+* ```
+*
+* ## Behaviour
+*
+* - **Acquire**: write PID + wssUrl + startedAt. Returns a `release()` handle.
+* - **Stale lock recovery**: if the stored PID is no longer alive
+*   (`process.kill(pid, 0)` throws ESRCH), the lock is silently replaced.
+* - **Live conflict (option B)**: if the stored PID is alive, `acquireLock`
+*   throws `ServerLockConflictError` with the existing PID and wssUrl so the
+*   caller can surface a clear message to the agent.
+* - **Release**: remove the lock file. Called on graceful shutdown (SIGINT /
+*   SIGTERM / SIGHUP). SIGKILL survivors leave a stale file — the next startup
+*   recovers it automatically via the alive check.
+*
+* ## wssUrl update
+*
+* The lock is written before cloudflared starts, so `wssUrl` begins as `null`
+* and is updated in place once the tunnel URL is known via `updateWssUrl`.
+*
+* Node-only.
+*/
+/** Thrown when a live server process already holds the lock. */
+var ServerLockConflictError = class extends Error {
+	/** PID of the existing server process. */
+	existingPid;
+	/** wssUrl from the existing lock — may be `null` if the tunnel is still starting. */
+	existingWssUrl;
+	constructor(existingPid, existingWssUrl) {
+		const urlNote = existingWssUrl != null ? `  relay URL: ${existingWssUrl}\n` : "  relay URL: (tunnel still starting — retry in a moment)\n";
+		super(`A debug server is already running (PID ${existingPid}).\n` + urlNote + `Stop the existing session before starting a new one.
+If it is already stopped but this error persists, remove the lock file:
+  rm "${lockFilePath()}"`);
+		this.name = "ServerLockConflictError";
+		this.existingPid = existingPid;
+		this.existingWssUrl = existingWssUrl;
+	}
+};
+/** Returns `~/.ait-devtools/server.lock` (or `AIT_DEVTOOLS_LOCK_DIR` override for tests). */
+function lockFilePath() {
+	return join(process.env.AIT_DEVTOOLS_LOCK_DIR ?? join(homedir(), ".ait-devtools"), "server.lock");
+}
+function ensureLockDir(lockPath) {
+	mkdirSync(join(lockPath, ".."), { recursive: true });
+}
+/**
+* Returns `true` when the given PID refers to a running process.
+*
+* Uses `process.kill(pid, 0)` — a no-op signal that succeeds when the process
+* exists and we have permission to signal it; throws ESRCH when it doesn't exist.
+*/
+function isPidAlive(pid) {
+	try {
+		process.kill(pid, 0);
+		return true;
+	} catch (err) {
+		if (err.code === "EPERM") return true;
+		return false;
+	}
+}
+function readLock(lockPath) {
+	if (!existsSync(lockPath)) return null;
+	try {
+		const raw = readFileSync(lockPath, "utf8");
+		const parsed = JSON.parse(raw);
+		if (typeof parsed === "object" && parsed !== null && "pid" in parsed && typeof parsed.pid === "number" && "startedAt" in parsed && typeof parsed.startedAt === "string") {
+			const p = parsed;
+			return {
+				pid: p.pid,
+				wssUrl: typeof p.wssUrl === "string" ? p.wssUrl : null,
+				startedAt: p.startedAt
+			};
+		}
+		return null;
+	} catch {
+		return null;
+	}
+}
+function writeLock(lockPath, data) {
+	ensureLockDir(lockPath);
+	writeFileSync(lockPath, JSON.stringify(data, null, 2), { encoding: "utf8" });
+}
+function removeLock(lockPath) {
+	try {
+		rmSync(lockPath);
+	} catch {}
+}
+/**
+* Reads the current lock file without acquiring it. Returns the parsed
+* `LockData` when the file exists and is valid, otherwise `null`. Used by
+* `get_diagnostics` to surface the `serverLockHolder` field without
+* interfering with the running lock owner.
+*/
+function readServerLock() {
+	return readLock(lockFilePath());
+}
+/**
+* Attempts to acquire the server lock.
+*
+* - If no lock exists (or the lock is stale): writes a new lock and returns a
+*   `LockHandle` with `updateWssUrl` + `release`.
+* - If a live process holds the lock: throws `ServerLockConflictError`.
+*
+* The initial `wssUrl` in the lock file is `null` — call
+* `handle.updateWssUrl(url)` once the cloudflared tunnel is ready.
+*/
+function acquireLock() {
+	const lockPath = lockFilePath();
+	const existing = readLock(lockPath);
+	if (existing !== null) {
+		if (isPidAlive(existing.pid)) throw new ServerLockConflictError(existing.pid, existing.wssUrl);
+		process.stderr.write(`[ait-debug] stale lock from PID ${existing.pid} recovered — starting fresh.\n`);
+	}
+	const data = {
+		pid: process.pid,
+		wssUrl: null,
+		startedAt: (/* @__PURE__ */ new Date()).toISOString()
+	};
+	writeLock(lockPath, data);
+	let released = false;
+	return {
+		updateWssUrl(wssUrl) {
+			if (released) return;
+			data.wssUrl = wssUrl;
+			writeLock(lockPath, data);
+		},
+		release() {
+			if (released) return;
+			released = true;
+			removeLock(lockPath);
+		}
+	};
+}
+//#endregion
 //#region src/mcp/deeplink.ts
 /**
 * Build a self-attaching dogfood deep link.
@@ -1327,7 +1925,8 @@ const DEBUG_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "list_network_requests",
@@ -1336,16 +1935,18 @@ const DEBUG_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "list_pages",
-		description: "Returns the single active page (at most one) the relay sees attached. When a second page attaches, the previous one is evicted (last-attach wins — single-attach model). The result includes `singleAttachModel: true` so the agent knows the array is always 0 or 1 entries. Also returns whether the cloudflared tunnel is up and the public wss relay URL. Each page entry includes a `lastSeenAt` ISO timestamp (last inbound CDP message from that target — useful to detect stale entries when the phone app backgrounded). The result also includes `crashDetectedAt` (ISO timestamp or null): when non-null, a page crash was detected via Inspector.targetCrashed / Target.targetDestroyed since the last attach, the pages list will be empty, and `crashWarning` shows a Korean hint to re-attach. Call this first to confirm a page is attached before reading console/network.",
+		description: "Returns the single active page (at most one) the relay sees attached. When a second page attaches, the previous one is evicted (last-attach wins — single-attach model). The result includes `singleAttachModel: true` so the agent knows the array is always 0 or 1 entries. Also returns whether the cloudflared tunnel is up and the public wss relay URL. The `tunnel` field includes `droppedAt` (ISO timestamp or null/undefined): when non-null the tunnel has permanently dropped after 3 failed reissue attempts — restart the debug server with `npx @ait-co/devtools devtools-mcp`. Each page entry includes a `lastSeenAt` ISO timestamp (last inbound CDP message from that target — useful to detect stale entries when the phone app backgrounded). The result also includes `crashDetectedAt` (ISO timestamp or null): when non-null, a page crash was detected via Inspector.targetCrashed / Target.targetDestroyed since the last attach, the pages list will be empty, and `crashWarning` shows a Korean hint to re-attach. Call this first to confirm a page is attached before reading console/network.",
 		inputSchema: {
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "build_attach_url",
@@ -1367,7 +1968,8 @@ const DEBUG_TOOL_DEFINITIONS = [
 				}
 			},
 			required: ["scheme_url"]
-		}
+		},
+		availableIn: "relay"
 	},
 	{
 		name: "get_dom_document",
@@ -1376,7 +1978,8 @@ const DEBUG_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "take_snapshot",
@@ -1385,7 +1988,8 @@ const DEBUG_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "take_screenshot",
@@ -1394,16 +1998,18 @@ const DEBUG_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "measure_safe_area",
-		description: "Runs a safe-area probe on the attached mini-app page via Runtime.evaluate and returns normalized safe-area insets, viewport geometry, device pixel ratio, and User-Agent. Read-only — does not modify page state. Use in a relay session (phone attached) to get ground-truth values for upgrading a viewport preset from extrapolated/placeholder to measured. Requires the relay to be attached — call list_pages first.",
+		description: "Runs a safe-area probe on the attached mini-app page via Runtime.evaluate and returns normalized safe-area insets, viewport geometry, device pixel ratio, and User-Agent. Read-only — does not modify page state. Tier C per RFC #277: the same Runtime.evaluate probe runs in both `mock` (devtools panel page with window.__ait state) and `relay` (real-device WebView with window.__sdk). The result includes a `source: \"mock\" | \"relay\"` field so consumers can identify provenance without inspecting payload values. Use in a relay session (phone attached) to get ground-truth values for upgrading a viewport preset from extrapolated/placeholder to measured. Requires a page to be attached — call list_pages first.",
 		inputSchema: {
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "evaluate",
@@ -1415,7 +2021,8 @@ const DEBUG_TOOL_DEFINITIONS = [
 				description: "JavaScript expression to evaluate in the page context."
 			} },
 			required: ["expression"]
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "list_exceptions",
@@ -1427,7 +2034,8 @@ const DEBUG_TOOL_DEFINITIONS = [
 				description: "Maximum number of exceptions to return (default 50, max 50)."
 			} },
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "call_sdk",
@@ -1446,7 +2054,8 @@ const DEBUG_TOOL_DEFINITIONS = [
 				}
 			},
 			required: ["name"]
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "AIT.getSdkCallHistory",
@@ -1455,7 +2064,8 @@ const DEBUG_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "AIT.getMockState",
@@ -1464,7 +2074,8 @@ const DEBUG_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "AIT.getOperationalEnvironment",
@@ -1473,7 +2084,21 @@ const DEBUG_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
+	},
+	{
+		name: "get_diagnostics",
+		description: "Returns a single-call server status snapshot so the agent can diagnose \"why is this not working?\" without calling multiple tools. Fields: mcpVersion (MCP SDK version), devtoolsVersion (@ait-co/devtools package version), tunnel (up/wssUrl/pid/startedAt), pages (list_pages result + lastSeenAt stats), lastAttachAt, lastDetachAt, recentErrors (last N server-side errors, PII/secret redacted), environment (getEnvironment() result + reason), serverLockHolder (pid + startedAt from the lock file, or null). All fields are nullable — missing data is null, not an error. Tier C (both mock and relay). Call this first when debugging session state.",
+		inputSchema: {
+			type: "object",
+			properties: { recent_errors_limit: {
+				type: "number",
+				description: "Maximum number of recent server-side errors to include (default 10, max 50)."
+			} },
+			required: []
+		},
+		availableIn: "both"
 	}
 ];
 const DEBUG_TOOL_NAMES = new Set(DEBUG_TOOL_DEFINITIONS.map((t) => t.name));
@@ -1481,6 +2106,34 @@ function isDebugToolName(name) {
 	return DEBUG_TOOL_NAMES.has(name);
 }
 /**
+* Returns the `ToolAvailability` declared on a registered debug tool, or
+* `undefined` when the name is not a known debug tool. Used by the tool
+* registry to filter `tools/list` by current env and by the call handler to
+* reject env-mismatch invocations.
+*/
+function getToolAvailability(name) {
+	for (const t of DEBUG_TOOL_DEFINITIONS) if (t.name === name) return t.availableIn;
+}
+/**
+* Returns true when the named tool is available in the given environment.
+* Unknown tools return `false` — callers should reject them as unknown rather
+* than as env-mismatched.
+*/
+function isToolAvailableIn(name, env) {
+	const availability = getToolAvailability(name);
+	if (availability === void 0) return false;
+	if (availability === "both") return true;
+	return availability === env;
+}
+/**
+* Filters a `DEBUG_TOOL_DEFINITIONS`-shaped list to those whose `availableIn`
+* matches the given env. Pure — preserves order; both Tier C ("both") and the
+* matching single-env tier pass through.
+*/
+function filterToolsByEnvironment(tools, env) {
+	return tools.filter((t) => t.availableIn === "both" || t.availableIn === env);
+}
+/**
 * Tool names that are available before any page attaches (bootstrap tier).
 *
 * `build_attach_url` — pure URL synthesis, no attach needed.
@@ -1489,7 +2142,11 @@ function isDebugToolName(name) {
 * All other tools require an attached page (`enableDomains` must succeed) and
 * are only advertised in `tools/list` once a target appears.
 */
-const BOOTSTRAP_TOOL_NAMES = new Set(["build_attach_url", "list_pages"]);
+const BOOTSTRAP_TOOL_NAMES = new Set([
+	"build_attach_url",
+	"get_diagnostics",
+	"list_pages"
+]);
 /** Renders a CDP `RemoteObject` console arg to a stable display string. */
 function renderRemoteObject(arg) {
 	if (arg.value !== void 0) {
@@ -1601,7 +2258,7 @@ function listPages(connection, tunnel) {
 * the scheme authority which is in the caller's input, not ours to own).
 */
 function buildAttachUrl(schemeUrl, tunnel) {
-	if (!tunnel.up || tunnel.wssUrl === null) throw new Error("No relay URL yet — the cloudflared quick tunnel is not up. Call list_pages to check tunnel status.");
+	if (!tunnel.up || tunnel.wssUrl === null) throw new Error("tunnel-down: cloudflared 터널이 안 떠 있습니다. MCP 서버를 재시작하거나 잠시 후 list_pages로 터널 상태를 다시 확인하세요.");
 	const authorityWarning = validateSchemeAuthority(schemeUrl) ?? void 0;
 	return {
 		attachUrl: buildDeepLinkAttachUrl(schemeUrl, tunnel.wssUrl),
@@ -1716,8 +2373,9 @@ function isLaunchFailureStderr(stderr) {
 /**
 * 로컬 HTTP 서버 URL(`http://127.0.0.1:<port>/attach?u=...`)을 OS 기본 브라우저로 연다.
 *
-* platform별 fallback chain으로 시도하며, 모두 실패해도 `opened: false` + `httpUrl`을
-* 반환해 사용자가 직접 브라우저에 붙여넣을 수 있게 한다.
+* platform별 fallback chain으로 시도하며, 모두 실패하면 1회 retry를 수행한다
+* (ephemeral process launch 타이밍 문제 대응). retry까지 실패해도 `opened: false` +
+* `httpUrl`을 반환해 사용자가 직접 브라우저에 붙여넣을 수 있게 한다.
 *
 * SECRET-HANDLING:
 *   - tmp 파일을 만들지 않는다 (HTML/PNG는 HTTP 서버가 메모리에서 응답).
@@ -1730,25 +2388,39 @@ function isLaunchFailureStderr(stderr) {
 */
 async function openQrInBrowser(httpUrl, pngUrl) {
 	const { spawnSync } = await import("node:child_process");
-	const candidates = getBrowserCandidates(httpUrl);
-	const stderrLines = [];
-	for (const { cmd, args } of candidates) {
-		const result = spawnSync(cmd, args, {
-			encoding: "utf8",
-			timeout: 5e3
-		});
-		if (result.error) {
-			stderrLines.push(`${cmd}: ${result.error.message}`);
-			continue;
+	/**
+	* 한 번의 fallback chain 시도. 성공하면 열린 후보 cmd를 반환, 실패하면 null.
+	* stderrLines에 각 후보의 stderr를 누적한다.
+	*/
+	function tryOnce(stderrLines) {
+		const candidates = getBrowserCandidates(httpUrl);
+		for (const { cmd, args } of candidates) {
+			const result = spawnSync(cmd, args, {
+				encoding: "utf8",
+				timeout: 5e3
+			});
+			if (result.error) {
+				stderrLines.push(`${cmd}: ${result.error.message}`);
+				continue;
+			}
+			const stderr = typeof result.stderr === "string" ? result.stderr : "";
+			if (stderr) stderrLines.push(`${cmd}: ${redactSecrets(stderr.trim())}`);
+			if (result.status === 0 && !isLaunchFailureStderr(stderr)) return true;
 		}
-		const stderr = typeof result.stderr === "string" ? result.stderr : "";
-		if (stderr) stderrLines.push(`${cmd}: ${redactSecrets(stderr.trim())}`);
-		if (result.status === 0 && !isLaunchFailureStderr(stderr)) return {
-			opened: true,
-			httpUrl,
-			pngUrl
-		};
+		return false;
 	}
+	const stderrLines = [];
+	if (tryOnce(stderrLines)) return {
+		opened: true,
+		httpUrl,
+		pngUrl
+	};
+	if (tryOnce(stderrLines)) return {
+		opened: true,
+		httpUrl,
+		pngUrl,
+		retried: true
+	};
 	return {
 		opened: false,
 		httpUrl,
@@ -1781,11 +2453,13 @@ async function takeScreenshot(connection) {
 * The JS probe injected via `Runtime.evaluate`. It reads:
 *   1. `env(safe-area-inset-*)` via a temporary element with padding set to
 *      those CSS env vars, then `getComputedStyle`.
-*   2. `window.__sdk.SafeAreaInsets.get()` (1st priority) or
-*      `window.__sdk.getSafeAreaInsets()` (2nd priority) — both surfaces
-*      confirmed live on iPhone 15 Pro relay. `window.__sdk` is only present
-*      in dogfood (__DEBUG_BUILD__) bundles; outside those it is undefined.
-*      If both paths fail the result carries `sdkInsetsError` explaining why.
+*   2. SDK insets via a priority chain so the SAME probe works on both relay
+*      (real device) and mock (devtools panel page):
+*        a. `window.__sdk.SafeAreaInsets.get()`  — dogfood bundle on real device.
+*        b. `window.__sdk.getSafeAreaInsets()`   — dogfood bundle (deprecated).
+*        c. `window.__ait.state.safeAreaInsets`  — devtools mock state (mock env).
+*      The probe records `sdkInsetsSource` = `'window.__sdk'` | `'window.__ait'`
+*      | `null`. If all paths fail the result carries `sdkInsetsError`.
 *   3. nav bar geometry: the SDK does not expose navBar height as a standalone
 *      API — `.ait-navbar` DOM height is read as a cross-check, and
 *      `navBarHeightSource` records where it came from.
@@ -1793,9 +2467,15 @@ async function takeScreenshot(connection) {
 *
 * Returns a plain JSON-serialisable object so `returnByValue: true` works.
 *
-* NOTE: This expression is evaluated in the page context on the real device.
-* It does not mutate any page state — the temporary element is removed after
-* reading. No secret or auth token is read or returned.
+* NOTE: This expression is evaluated in the page context — on the real device
+* (relay) or on the mock panel page. It does not mutate any page state — the
+* temporary element is removed after reading. No secret or auth token is read
+* or returned.
+*
+* RFC #277 Tier C parity: the SAME probe string runs in both envs. Mock fidelity
+* comes from the panel's `applyViewport` / `computeSafeAreaInsets` correctly
+* setting `window.__ait.state.safeAreaInsets` (#275). When that is correct,
+* the cssEnv + sdkInsets pair returned here matches the relay's shape.
 */
 const SAFE_AREA_PROBE_EXPRESSION = `
 (function() {
@@ -1815,17 +2495,28 @@ const SAFE_AREA_PROBE_EXPRESSION = `
   };
   document.documentElement.removeChild(el);
   var sdkInsets = null;
+  var sdkInsetsSource = null;
   var sdkInsetsError = undefined;
   try {
     var sdk = window.__sdk;
+    var ait = window.__ait;
     if (sdk && sdk.SafeAreaInsets && typeof sdk.SafeAreaInsets.get === 'function') {
       sdkInsets = sdk.SafeAreaInsets.get();
+      sdkInsetsSource = 'window.__sdk';
     } else if (sdk && typeof sdk.getSafeAreaInsets === 'function') {
       sdkInsets = sdk.getSafeAreaInsets();
-    } else if (!sdk) {
-      sdkInsetsError = 'window.__sdk not available (non-dogfood bundle)';
-    } else {
+      sdkInsetsSource = 'window.__sdk';
+    } else if (ait && ait.state && ait.state.safeAreaInsets &&
+               typeof ait.state.safeAreaInsets.top === 'number') {
+      var s = ait.state.safeAreaInsets;
+      sdkInsets = { top: s.top, bottom: s.bottom, left: s.left, right: s.right };
+      sdkInsetsSource = 'window.__ait';
+    } else if (!sdk && !ait) {
+      sdkInsetsError = 'neither window.__sdk (relay) nor window.__ait (mock) available';
+    } else if (sdk) {
       sdkInsetsError = 'neither SafeAreaInsets.get nor getSafeAreaInsets found on window.__sdk';
+    } else {
+      sdkInsetsError = 'window.__ait.state.safeAreaInsets is missing or malformed';
     }
   } catch(e) {
     sdkInsetsError = String(e && e.message || e);
@@ -1842,6 +2533,7 @@ const SAFE_AREA_PROBE_EXPRESSION = `
   var result = {
     cssEnv: cssEnv,
     sdkInsets: sdkInsets,
+    sdkInsetsSource: sdkInsetsSource,
     navBarHeight: navBarHeight,
     navBarHeightSource: navBarHeightSource,
     innerWidth: window.innerWidth,
@@ -1858,9 +2550,11 @@ const SAFE_AREA_PROBE_EXPRESSION = `
 * The probe returns a JSON string (because `returnByValue:true` with a plain
 * object works unreliably across Chii relay versions — stringifying is safer).
 *
+* `source` is supplied by the caller (`measureSafeArea`) from the env SSoT.
+*
 * Throws if the result is missing, contains an exception, or cannot be parsed.
 */
-function normalizeSafeAreaResult(rawValue) {
+function normalizeSafeAreaResult(rawValue, source) {
 	if (typeof rawValue !== "string") throw new Error(`measure_safe_area: probe returned unexpected type "${typeof rawValue}" — expected JSON string`);
 	let parsed;
 	try {
@@ -1889,6 +2583,7 @@ function normalizeSafeAreaResult(rawValue) {
 		left: 0
 	};
 	const sdkInsets = requireInsets("sdkInsets");
+	const sdkInsetsSource = obj.sdkInsetsSource === "window.__sdk" || obj.sdkInsetsSource === "window.__ait" ? obj.sdkInsetsSource : null;
 	const sdkInsetsError = typeof obj.sdkInsetsError === "string" ? obj.sdkInsetsError : void 0;
 	const navBarHeight = typeof obj.navBarHeight === "number" ? obj.navBarHeight : null;
 	const navBarHeightSource = typeof obj.navBarHeightSource === "string" ? obj.navBarHeightSource : "not-exposed-by-sdk";
@@ -1897,8 +2592,10 @@ function normalizeSafeAreaResult(rawValue) {
 	const devicePixelRatio = typeof obj.devicePixelRatio === "number" ? obj.devicePixelRatio : 1;
 	const userAgent = typeof obj.userAgent === "string" ? obj.userAgent : "";
 	return {
+		source,
 		cssEnv,
 		sdkInsets,
+		sdkInsetsSource,
 		...sdkInsetsError !== void 0 ? { sdkInsetsError } : {},
 		navBarHeight,
 		navBarHeightSource,
@@ -1912,9 +2609,16 @@ function normalizeSafeAreaResult(rawValue) {
 * Runs the safe-area probe on the attached page and returns a normalized
 * `SafeAreaMeasurement`. Read-only — does not mutate page state.
 *
+* `source` is supplied by the caller from the env detection SSoT (see
+* `src/mcp/environment.ts`). The same `Runtime.evaluate` call runs in both
+* envs — the probe expression tries `window.__sdk` first (relay) then
+* `window.__ait` (mock), so mock fidelity is enforced by the panel's
+* `applyViewport`/`computeSafeAreaInsets` keeping `__ait.state.safeAreaInsets`
+* correct (RFC #277 Tier C parity, #275 model).
+*
 * Throws on CDP error, probe exception, or result parse failure.
 */
-async function measureSafeArea(connection) {
+async function measureSafeArea(connection, source) {
 	const result = await connection.send("Runtime.evaluate", {
 		expression: SAFE_AREA_PROBE_EXPRESSION,
 		returnByValue: true,
@@ -1924,7 +2628,7 @@ async function measureSafeArea(connection) {
 		const msg = result.exceptionDetails.exception?.description ?? result.exceptionDetails.text ?? "Runtime.evaluate threw an exception";
 		throw new Error(`measure_safe_area: probe threw — ${msg}`);
 	}
-	return normalizeSafeAreaResult(result.result.value);
+	return normalizeSafeAreaResult(result.result.value, source);
 }
 /**
 * Evaluates an arbitrary JS expression on the attached page via
@@ -1962,7 +2666,7 @@ async function evaluate(connection, expression) {
 * any log or stderr by the caller.
 */
 function buildCallSdkExpression(name, args) {
-	return `(async () => { if (typeof window.__sdkCall !== 'function') {  return JSON.stringify({ok:false,error:'window.__sdkCall is not available — is this a dogfood (__DEBUG_BUILD__) bundle?'}); } try {  const r = await window.__sdkCall(${JSON.stringify(name)}, ...${JSON.stringify(args)});  return JSON.stringify({ok:true,value:r}); } catch(e) {  return JSON.stringify({ok:false,error:String(e && e.message || e)}); }})()`;
+	return `(async () => { if (typeof window.__sdkCall !== 'function') {  return JSON.stringify({ok:false,error:'sdk-absent: window.__sdkCall이 주입되지 않았습니다 (dogfood 빌드가 아닙니다). dogfood 채널로 재배포하세요.'}); } try {  const r = await window.__sdkCall(${JSON.stringify(name)}, ...${JSON.stringify(args)});  return JSON.stringify({ok:true,value:r}); } catch(e) {  return JSON.stringify({ok:false,error:String(e && e.message || e)}); }})()`;
 }
 /**
 * Parses the JSON envelope string returned by the `call_sdk` expression.
@@ -2081,6 +2785,145 @@ function getMockState(source) {
 function getOperationalEnvironment(source) {
 	return source.get("AIT.getOperationalEnvironment");
 }
+/** Secret-redaction patterns applied before error messages enter the buffer. */
+const SECRET_REDACT_PATTERNS = [
+	[/\bat=([^&\s"']+)/g, "at=<redacted>"],
+	[/((?:set-)?cookie)\s*:\s*.+/gi, "$1: <redacted>"],
+	[/AITCC_API_KEY\s*=\s*\S+/gi, "AITCC_API_KEY=<redacted>"],
+	[/Authorization\s*:\s*.+/gi, "Authorization: <redacted>"],
+	[/\bBearer\s+\S+/g, "Bearer <redacted>"]
+];
+/**
+* Applies all secret-redaction patterns to an error message string.
+* Used before storing errors in the `DiagnosticsCollector` ring buffer.
+*
+* SECRET-HANDLING: this is the single bottleneck for redaction — all error
+* strings must pass through here before reaching the buffer.
+*/
+function redactErrorMessage(message) {
+	let result = message;
+	for (const [pattern, replacement] of SECRET_REDACT_PATTERNS) result = result.replace(pattern, replacement);
+	return result;
+}
+/** Default max buffer size for the error ring buffer. */
+const DEFAULT_ERROR_BUFFER_SIZE = 50;
+/**
+* In-memory implementation of `DiagnosticsCollector`. Thread-safe in the
+* single-threaded Node.js sense (synchronous mutations only).
+*/
+var InMemoryDiagnosticsCollector = class {
+	buffer = [];
+	maxSize;
+	lastAttachAt = null;
+	lastDetachAt = null;
+	constructor(maxSize = DEFAULT_ERROR_BUFFER_SIZE) {
+		this.maxSize = maxSize;
+	}
+	recordError(message, category) {
+		const entry = {
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			message: redactErrorMessage(message),
+			...category !== void 0 ? { category } : {}
+		};
+		this.buffer.push(entry);
+		if (this.buffer.length > this.maxSize) this.buffer.shift();
+	}
+	getRecentErrors(limit) {
+		const cap = Math.min(Math.max(1, limit), DEFAULT_ERROR_BUFFER_SIZE);
+		return this.buffer.length > cap ? this.buffer.slice(this.buffer.length - cap) : [...this.buffer];
+	}
+	recordAttach() {
+		this.lastAttachAt = (/* @__PURE__ */ new Date()).toISOString();
+	}
+	recordDetach() {
+		this.lastDetachAt = (/* @__PURE__ */ new Date()).toISOString();
+	}
+	getLastAttachAt() {
+		return this.lastAttachAt;
+	}
+	getLastDetachAt() {
+		return this.lastDetachAt;
+	}
+};
+/**
+* Reads the `@modelcontextprotocol/sdk` package version from the installed
+* package's `package.json`. Returns `null` on any error (missing file, JSON
+* parse failure, etc.) — diagnostics must never throw.
+*
+* Node-only — uses dynamic `import()` so it does not pollute the browser
+* module graph.
+*/
+async function readMcpSdkVersion() {
+	try {
+		const { createRequire } = await import("node:module");
+		const pkgPath = createRequire(import.meta.url).resolve("@modelcontextprotocol/sdk/package.json");
+		const { readFileSync } = await import("node:fs");
+		const raw = readFileSync(pkgPath, "utf8");
+		const parsed = JSON.parse(raw);
+		return typeof parsed.version === "string" ? parsed.version : null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Returns the `@ait-co/devtools` package version injected at build time via
+* the `__VERSION__` define. Returns `null` when the global is absent (e.g. in
+* some test environments that skip the build step).
+*/
+function readDevtoolsVersion() {
+	try {
+		const v = globalThis.__VERSION__;
+		return typeof v === "string" && v.length > 0 ? v : null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Builds the `get_diagnostics` response. Pure — does not throw; missing data
+* fields are `null`. Async because `readMcpSdkVersion` needs `import()`.
+*
+* SECRET-HANDLING:
+*   - `recentErrors` messages are already redacted by `recordError` (via
+*     `redactErrorMessage`). No additional redaction needed here.
+*   - `tunnel.wssUrl` is a public cloudflared hostname — not a secret.
+*   - Lock file data contains only pid + startedAt + wssUrl — no secrets.
+*/
+async function getDiagnostics(input) {
+	const { tunnel, connection, env, envReason, collector, readLock: readLockFn, recentErrorsLimit = 10, getMcpVersion = readMcpSdkVersion } = input;
+	const [mcpVersion, devtoolsVersion] = await Promise.all([getMcpVersion(), Promise.resolve(readDevtoolsVersion())]);
+	const lockData = readLockFn();
+	const serverLockHolder = lockData ? {
+		pid: lockData.pid,
+		startedAt: lockData.startedAt,
+		wssUrl: lockData.wssUrl
+	} : null;
+	const tunnelInfo = {
+		up: tunnel.up,
+		wssUrl: tunnel.wssUrl,
+		pid: lockData?.pid ?? null,
+		startedAt: lockData?.startedAt ?? null
+	};
+	let pages = null;
+	if (connection !== void 0) try {
+		pages = listPages(connection, tunnel);
+	} catch {}
+	const limit = Math.min(Math.max(1, recentErrorsLimit), 50);
+	const recentErrors = collector.getRecentErrors(limit);
+	return {
+		mcpVersion,
+		devtoolsVersion,
+		tunnel: tunnelInfo,
+		pages,
+		lastAttachAt: collector.getLastAttachAt(),
+		lastDetachAt: collector.getLastDetachAt(),
+		recentErrors,
+		environment: {
+			env,
+			reason: envReason
+		},
+		serverLockHolder
+	};
+}
 //#endregion
 //#region src/mcp/totp.ts
 /**
@@ -2171,6 +3014,15 @@ function verifyTotp(secret, code, when = Date.now(), skew = 1) {
 * and would be stale by the time a human scans. The in-app deep-link builder
 * splices the live code at attach time.
 *
+* Tunnel health probe (`TunnelHealthProbe`):
+*   After the tunnel is up, a periodic HTTP HEAD probe hits the tunnel's
+*   `https://` URL every `probeIntervalMs` (default 60 s). Two consecutive
+*   failures trigger a reissue attempt (spawn a new cloudflared quick tunnel
+*   and redirect traffic). After `MAX_REISSUE_ATTEMPTS` (3) consecutive
+*   reissue failures, the probe gives up and marks the tunnel permanently
+*   dropped — `tunnelStatus.up` becomes false with `droppedAt` set. The caller
+*   should surface this to the agent so the user knows to restart the server.
+*
 * SECRET-HANDLING: The TOTP secret and computed code values MUST NOT appear
 * in any output from this module.
 *
@@ -2293,6 +3145,118 @@ async function printAttachBanner(input) {
 	const banner = await renderAttachBanner(input);
 	process.stderr.write(`${banner}\n`);
 }
+/**
+* Probes `https://` URL with an HTTP HEAD request.
+* Returns `true` when the server responds (any HTTP status), `false` on
+* network error or timeout.
+*
+* We treat any HTTP response (including 4xx/5xx) as "tunnel alive" because
+* cloudflared itself responds to the HEAD — if the tunnel process died, the
+* request fails at the network level rather than returning a status code.
+*
+* @param httpsUrl - The `https://` tunnel URL to probe.
+* @param timeoutMs - Abort timeout in ms. Default 10 000.
+*/
+async function probeTunnel(httpsUrl, timeoutMs = 1e4) {
+	const { default: https } = await import("node:https");
+	return new Promise((resolve) => {
+		const url = new URL(httpsUrl);
+		const timer = setTimeout(() => {
+			req.destroy();
+			resolve(false);
+		}, timeoutMs);
+		const req = https.request({
+			hostname: url.hostname,
+			port: 443,
+			path: url.pathname || "/",
+			method: "HEAD"
+		}, (_res) => {
+			clearTimeout(timer);
+			_res.resume();
+			resolve(true);
+		});
+		req.on("error", () => {
+			clearTimeout(timer);
+			resolve(false);
+		});
+		req.end();
+	});
+}
+/**
+* Starts a periodic health probe for a cloudflared quick tunnel.
+*
+* Every `probeIntervalMs` the probe sends an HTTP HEAD request to the tunnel's
+* `https://` URL. When `failuresBeforeReissue` consecutive failures are
+* detected, it attempts to spawn a new tunnel (up to `MAX_REISSUE_ATTEMPTS`
+* times). On success the caller is notified via `onReissue`; on permanent
+* failure via `onPermanentDrop`.
+*
+* @returns `stop` — call during server shutdown to clear the probe interval.
+*/
+function startTunnelHealthProbe(initialTunnel, localPort, options) {
+	const { probeIntervalMs = 6e4, failuresBeforeReissue = 2, onReissue, onPermanentDrop, log = (msg) => process.stderr.write(msg), probe = probeTunnel, spawnTunnel = startQuickTunnel } = options;
+	let currentTunnel = initialTunnel;
+	let consecutiveFailures = 0;
+	let reissueAttempts = 0;
+	let stopped = false;
+	const handle = setInterval(() => {
+		(async () => {
+			if (stopped) return;
+			const httpsUrl = currentTunnel.url;
+			if (await probe(httpsUrl)) {
+				if (consecutiveFailures > 0) log("[ait-debug] tunnel health probe: tunnel recovered\n");
+				consecutiveFailures = 0;
+				reissueAttempts = 0;
+				return;
+			}
+			consecutiveFailures += 1;
+			log(`[ait-debug] tunnel health probe: failure ${consecutiveFailures}/${failuresBeforeReissue} (url=${httpsUrl})\n`);
+			if (consecutiveFailures < failuresBeforeReissue) return;
+			reissueAttempts += 1;
+			if (reissueAttempts > 3) return;
+			log(`[ait-debug] tunnel drop detected — reissuing (attempt ${reissueAttempts}/3)\n`);
+			try {
+				const newTunnel = await spawnTunnel(localPort);
+				try {
+					currentTunnel.stop();
+				} catch {}
+				currentTunnel = newTunnel;
+				consecutiveFailures = 0;
+				log(`[ait-debug] tunnel reissued — new relay: ${newTunnel.wssUrl}\n`);
+				onReissue(newTunnel);
+			} catch (err) {
+				const message = err instanceof Error ? err.message : String(err);
+				log(`[ait-debug] tunnel reissue attempt ${reissueAttempts} failed: ${message}\n`);
+				if (reissueAttempts >= 3) {
+					clearInterval(handle);
+					stopped = true;
+					const droppedAt = (/* @__PURE__ */ new Date()).toISOString();
+					log(`[ait-debug] tunnel permanently dropped after 3 reissue attempts — restart the debug server to continue (npx @ait-co/devtools devtools-mcp).
+`);
+					onPermanentDrop(droppedAt);
+				}
+			}
+		})();
+	}, probeIntervalMs);
+	return { stop() {
+		stopped = true;
+		clearInterval(handle);
+	} };
+}
+/**
+* Builds a `TunnelStatus` snapshot that includes drop state.
+*
+* Convenience helper for callers (debug-server) that maintain a mutable
+* `tunnelStatus` object — keeps the shape construction in one place.
+*/
+function makeTunnelStatus(up, wssUrl, droppedAt = null, reissueAttempts = 0) {
+	return {
+		up,
+		wssUrl,
+		droppedAt,
+		reissueAttempts
+	};
+}
 //#endregion
 //#region src/mcp/debug-server.ts
 /**
@@ -2339,6 +3303,65 @@ async function printAttachBanner(input) {
 * Node-only.
 */
 /**
+* Parses `_deploymentId` from the query string of a scheme URL.
+*
+* Returns `null` when the param is absent or empty — callers treat that as
+* "no deploymentId filter; match on presence only" and fall back to the
+* original `attachedPages.length > 0` condition.
+*
+* SECRET-HANDLING: deploymentId is a public identifier and may appear in
+* debug output. Never confuse it with TOTP secrets or relay tunnel URLs.
+*/
+function extractDeploymentId(schemeUrl) {
+	try {
+		const qIndex = schemeUrl.indexOf("?");
+		if (qIndex === -1) return null;
+		const id = new URLSearchParams(schemeUrl.slice(qIndex + 1)).get("_deploymentId");
+		return id && id.length > 0 ? id : null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Waits for the first target matching `filterFn` to attach, using the
+* event-driven `waitForFirstTarget()` on `ChiiCdpConnection` instances, or
+* falling back to a polling loop for generic `CdpConnection` fakes (tests).
+*
+* This eliminates the polling-only race that previously caused `wait_for_attach`
+* to resolve before the relay had observed the first inbound CDP message from
+* the phone.
+*
+* @param connection - The CDP connection (production or fake).
+* @param filterFn   - Resolves when this predicate is satisfied.
+* @param timeoutMs  - Maximum wait time in ms.
+* @param pollIntervalMs - Fallback poll interval for non-ChiiCdpConnection.
+*/
+function waitForAttachWithEvents(connection, filterFn, timeoutMs, pollIntervalMs = 1e3) {
+	if (connection instanceof ChiiCdpConnection) return connection.waitForFirstTarget(filterFn, timeoutMs, pollIntervalMs);
+	return new Promise((resolve, reject) => {
+		const deadline = Date.now() + timeoutMs;
+		let settled = false;
+		const poll = setInterval(() => {
+			const targets = connection.listTargets();
+			if (filterFn(targets)) {
+				settled = true;
+				clearInterval(poll);
+				resolve(targets);
+			} else if (Date.now() >= deadline) {
+				settled = true;
+				clearInterval(poll);
+				reject(/* @__PURE__ */ new Error(`waitForAttachWithEvents: 타임아웃 (${timeoutMs}ms)`));
+			}
+		}, pollIntervalMs);
+		const targets = connection.listTargets();
+		if (!settled && filterFn(targets)) {
+			settled = true;
+			clearInterval(poll);
+			resolve(targets);
+		}
+	});
+}
+/**
 * Builds the debug-mode MCP server around an injected CDP connection + AIT
 * source + tunnel status getter. Pure wiring — does not start a relay or
 * tunnel, which is what makes the tool surface unit-testable.
@@ -2351,13 +3374,19 @@ async function printAttachBanner(input) {
 * naturally via `enableDomains`). The tier only controls visibility.
 */
 function createDebugServer(deps) {
-	const { connection, aitSource, getTunnelStatus, waitForAttachTimeoutMs = 9e4, qrHttpServer } = deps;
+	const { connection, aitSource, getTunnelStatus, waitForAttachTimeoutMs = 9e4, qrHttpServer, getEnvironment: getEnvDep, getEnvironmentReason: getEnvReasonDep, diagnosticsCollector: collectorDep } = deps;
+	const resolveEnvironment = getEnvDep ?? (() => getEnvironment({ connection }));
+	const resolveEnvironmentReason = getEnvReasonDep ?? (() => getEnvironmentReason({ connection }));
+	const collector = collectorDep ?? new InMemoryDiagnosticsCollector();
 	const server = new Server({
 		name: "ait-debug",
-		version: "0.1.41"
+		version: "0.1.44"
 	}, { capabilities: { tools: { listChanged: true } } });
 	server.setRequestHandler(ListToolsRequestSchema, () => {
-		return { tools: connection.listTargets().length > 0 ? DEBUG_TOOL_DEFINITIONS.map((tool) => ({ ...tool })) : DEBUG_TOOL_DEFINITIONS.filter((tool) => BOOTSTRAP_TOOL_NAMES.has(tool.name)).map((tool) => ({ ...tool })) };
+		const env = resolveEnvironment();
+		const attached = connection.listTargets().length > 0;
+		const envFiltered = filterToolsByEnvironment(DEBUG_TOOL_DEFINITIONS, env);
+		return { tools: attached ? envFiltered.map((tool) => ({ ...tool })) : envFiltered.filter((tool) => BOOTSTRAP_TOOL_NAMES.has(tool.name)).map((tool) => ({ ...tool })) };
 	});
 	server.setRequestHandler(CallToolRequestSchema, async (request) => {
 		const name = request.params.name;
@@ -2368,6 +3397,19 @@ function createDebugServer(deps) {
 			}],
 			isError: true
 		};
+		const env = resolveEnvironment();
+		if (!isToolAvailableIn(name, env)) {
+			const requiredEnv = getToolAvailability(name) ?? "unknown";
+			const envReason = resolveEnvironmentReason();
+			logWarn("tool.error", {
+				tool: name,
+				errorKind: "tier-filter",
+				requiredEnv,
+				currentEnv: env,
+				envReason
+			});
+			return tierRejectionError(name, requiredEnv, env, envReason);
+		}
 		if (isAitToolName(name)) try {
 			await connection.enableDomains();
 			switch (name) {
@@ -2379,78 +3421,147 @@ function createDebugServer(deps) {
 		} catch (err) {
 			return errorResult(err, name);
 		}
+		if (name === "get_diagnostics") try {
+			const rawLimit = request.params.arguments?.recent_errors_limit;
+			const recentErrorsLimit = typeof rawLimit === "number" && rawLimit > 0 ? rawLimit : 10;
+			return jsonResult$1(await getDiagnostics({
+				tunnel: getTunnelStatus(),
+				connection,
+				env: resolveEnvironment(),
+				envReason: resolveEnvironmentReason(),
+				collector,
+				readLock: readServerLock,
+				recentErrorsLimit
+			}));
+		} catch (err) {
+			return errorResult(err, name);
+		}
 		if (name === "build_attach_url") {
 			const schemeUrl = request.params.arguments?.scheme_url;
-			if (typeof schemeUrl !== "string" || schemeUrl === "") return {
-				content: [{
-					type: "text",
-					text: "build_attach_url requires a non-empty scheme_url."
-				}],
-				isError: true
-			};
+			if (typeof schemeUrl !== "string" || schemeUrl === "") return mcpError("build_attach_url: scheme_url이 비어 있습니다. `ait deploy --scheme-only`가 출력하는 intoss-private:// URL을 인자로 전달하세요.");
 			const waitForAttach = request.params.arguments?.wait_for_attach === true;
 			const openInBrowser = request.params.arguments?.open_in_browser !== false;
+			const deploymentId = extractDeploymentId(schemeUrl);
+			if (!deploymentId) logInfo("tool.call", {
+				tool: "build_attach_url",
+				msg: "no _deploymentId in scheme_url; matching on presence only"
+			});
+			/** Returns true when the page list satisfies the attach condition. */
+			const isMatchingPage = (pages) => {
+				if (pages.length === 0) return false;
+				if (deploymentId === null) return true;
+				return pages.some((p) => p.url.includes(deploymentId));
+			};
+			/** Builds a timeout error message with diagnostic context. */
+			const buildTimeoutError = (baseText, timeoutSec, observed) => {
+				const observedUrls = observed.slice(0, 3).map((p) => p.url.slice(0, 80)).join(", ");
+				const observedNote = observed.length > 0 ? ` — previously attached pages: [${observedUrls}]` : "";
+				return `${baseText}\n\nNo page${deploymentId ? ` matching deploymentId=${deploymentId}` : ""} attached within ${timeoutSec}s${observedNote} — call list_pages to retry.`;
+			};
 			try {
 				const { attachUrl, relayUrl, authorityWarning } = buildAttachUrl(schemeUrl, getTunnelStatus());
 				const warningPrefix = authorityWarning ? `⚠️  scheme_url 경고: ${authorityWarning}\n\n` : "";
 				const header = "This tool result is shown to the user directly — do NOT re-print the QR below in your reply (it wastes output tokens). Just tell the user to scan the QR in this output (Ctrl+O to expand if collapsed).";
-				if (openInBrowser && canOpenBrowser() && qrHttpServer) {
+				const guiAvailable = canOpenBrowser();
+				if (openInBrowser && !guiAvailable) {
+					const headlessNote = "[open_in_browser] GUI 환경이 감지되지 않았습니다 (headless/remote 환경). open_in_browser=false로 자동 폴백합니다. 텍스트 QR을 폰 카메라로 스캔하거나, 로컬 GUI 환경에서 실행하세요.\n\n";
+					const qrHeadless = await renderQr(attachUrl);
+					const headlessText = `${warningPrefix}${headlessNote}${header}\n${JSON.stringify({
+						attachUrl,
+						relayUrl
+					}, null, 2)}\n\n${qrHeadless}`;
+					if (!waitForAttach) return { content: [{
+						type: "text",
+						text: headlessText
+					}] };
+					let attachedPagesHl = [];
+					try {
+						attachedPagesHl = await waitForAttachWithEvents(connection, isMatchingPage, waitForAttachTimeoutMs);
+					} catch {
+						attachedPagesHl = connection.listTargets();
+						return {
+							content: [{
+								type: "text",
+								text: buildTimeoutError(headlessText, waitForAttachTimeoutMs / 1e3, attachedPagesHl)
+							}],
+							isError: true
+						};
+					}
+					const pagesResultHl = listPages(connection, getTunnelStatus());
+					return { content: [{
+						type: "text",
+						text: `${headlessText}\n\n${JSON.stringify(pagesResultHl, null, 2)}`
+					}] };
+				}
+				if (openInBrowser && guiAvailable && qrHttpServer) {
 					const browserResult = await openQrInBrowser(qrHttpServer.buildAttachPageUrl(attachUrl), `http://127.0.0.1:${qrHttpServer.port}/qr.png?u=${encodeURIComponent(attachUrl)}`);
 					if (browserResult.opened) {
-						const shortText = `${warningPrefix}${header}\n${JSON.stringify({ relayUrl }, null, 2)}\n\n브라우저에서 QR을 열었습니다. 폰 카메라로 스캔하세요.\nURL: ${browserResult.httpUrl}`;
+						const retriedNote = browserResult.retried ? " (1회 retry 후 성공)" : "";
+						const openResult = {
+							attempted: true,
+							succeeded: true,
+							...browserResult.retried ? { retried: true } : {}
+						};
+						const shortText = `${warningPrefix}${header}\n${JSON.stringify({
+							relayUrl,
+							openResult
+						}, null, 2)}\n\n브라우저에서 QR을 열었습니다${retriedNote}. 폰 카메라로 스캔하세요.\nURL: ${browserResult.httpUrl}`;
 						if (!waitForAttach) return { content: [{
 							type: "text",
 							text: shortText
 						}] };
-						const POLL_INTERVAL_MS = 1e3;
-						const TIMEOUT_MS = waitForAttachTimeoutMs;
-						const deadline = Date.now() + TIMEOUT_MS;
 						let attachedPages = [];
-						while (Date.now() < deadline) {
+						try {
+							attachedPages = await waitForAttachWithEvents(connection, isMatchingPage, waitForAttachTimeoutMs);
+						} catch {
 							attachedPages = connection.listTargets();
-							if (attachedPages.length > 0) break;
-							await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+							return {
+								content: [{
+									type: "text",
+									text: buildTimeoutError(shortText, waitForAttachTimeoutMs / 1e3, attachedPages)
+								}],
+								isError: true
+							};
 						}
-						if (attachedPages.length === 0) return {
-							content: [{
-								type: "text",
-								text: `${shortText}\n\nNo page attached within ${TIMEOUT_MS / 1e3}s — call list_pages to retry.`
-							}],
-							isError: true
-						};
 						const pagesResult = listPages(connection, getTunnelStatus());
 						return { content: [{
 							type: "text",
 							text: `${shortText}\n\n${JSON.stringify(pagesResult, null, 2)}`
 						}] };
 					}
+					const openResult = {
+						attempted: true,
+						succeeded: false,
+						failureReason: browserResult.error ?? "브라우저 실행 후보 모두 실패",
+						pngUrl: browserResult.pngUrl,
+						...browserResult.stderrSummary ? { stderrSummary: browserResult.stderrSummary } : {}
+					};
 					const stderrNote = browserResult.stderrSummary ? `\nstderr: ${browserResult.stderrSummary}` : "";
-					const fallbackNote = `브라우저 자동 열기에 실패했습니다. 다음 URL을 직접 브라우저에서 여세요:\n${browserResult.httpUrl}\n또는 PNG로 받기: ${browserResult.pngUrl}` + stderrNote + "\n\n";
+					const fallbackNote = `[open_in_browser] 브라우저 자동 열기에 실패했습니다. 다음 URL을 직접 브라우저에서 여세요:
+${browserResult.httpUrl}\n또는 PNG로 받기: ${browserResult.pngUrl}` + stderrNote + "\n\n";
 					const qr = await renderQr(attachUrl);
 					const baseText = `${warningPrefix}${fallbackNote}${header}\n${JSON.stringify({
 						attachUrl,
-						relayUrl
+						relayUrl,
+						openResult
 					}, null, 2)}\n\n${qr}`;
 					if (!waitForAttach) return { content: [{
 						type: "text",
 						text: baseText
 					}] };
-					const POLL_INTERVAL_MS_FB = 1e3;
-					const TIMEOUT_MS_FB = waitForAttachTimeoutMs;
-					const deadline2 = Date.now() + TIMEOUT_MS_FB;
 					let attachedPagesFb = [];
-					while (Date.now() < deadline2) {
+					try {
+						attachedPagesFb = await waitForAttachWithEvents(connection, isMatchingPage, waitForAttachTimeoutMs);
+					} catch {
 						attachedPagesFb = connection.listTargets();
-						if (attachedPagesFb.length > 0) break;
-						await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS_FB));
+						return {
+							content: [{
+								type: "text",
+								text: buildTimeoutError(baseText, waitForAttachTimeoutMs / 1e3, attachedPagesFb)
+							}],
+							isError: true
+						};
 					}
-					if (attachedPagesFb.length === 0) return {
-						content: [{
-							type: "text",
-							text: `${baseText}\n\nNo page attached within ${TIMEOUT_MS_FB / 1e3}s — call list_pages to retry.`
-						}],
-						isError: true
-					};
 					const pagesResultFb = listPages(connection, getTunnelStatus());
 					return { content: [{
 						type: "text",
@@ -2466,22 +3577,19 @@ function createDebugServer(deps) {
 					type: "text",
 					text: baseText
 				}] };
-				const POLL_INTERVAL_MS = 1e3;
-				const TIMEOUT_MS = waitForAttachTimeoutMs;
-				const deadline = Date.now() + TIMEOUT_MS;
 				let attachedPages = [];
-				while (Date.now() < deadline) {
+				try {
+					attachedPages = await waitForAttachWithEvents(connection, isMatchingPage, waitForAttachTimeoutMs);
+				} catch {
 					attachedPages = connection.listTargets();
-					if (attachedPages.length > 0) break;
-					await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+					return {
+						content: [{
+							type: "text",
+							text: buildTimeoutError(baseText, waitForAttachTimeoutMs / 1e3, attachedPages)
+						}],
+						isError: true
+					};
 				}
-				if (attachedPages.length === 0) return {
-					content: [{
-						type: "text",
-						text: `${baseText}\n\nNo page attached within ${TIMEOUT_MS / 1e3}s — call list_pages to retry.`
-					}],
-					isError: true
-				};
 				const pagesResult = listPages(connection, getTunnelStatus());
 				return { content: [{
 					type: "text",
@@ -2494,15 +3602,13 @@ function createDebugServer(deps) {
 		try {
 			await connection.enableDomains();
 		} catch (err) {
-			const message = err instanceof Error ? err.message : String(err);
-			if (name === "list_pages") return jsonResult$1(listPages(connection, getTunnelStatus()));
-			return {
-				content: [{
-					type: "text",
-					text: `${message}\nCall list_pages to confirm a mini-app has attached over the relay.`
-				}],
-				isError: true
-			};
+			if (name === "list_pages") {
+				if (connection instanceof ChiiCdpConnection) try {
+					await connection.refreshTargets();
+				} catch {}
+				return jsonResult$1(listPages(connection, getTunnelStatus()));
+			}
+			return classifyEnableDomainError(err, name);
 		}
 		try {
 			switch (name) {
@@ -2512,7 +3618,11 @@ function createDebugServer(deps) {
 					return jsonResult$1({ exceptions: listExceptions(connection, typeof rawLimit === "number" && rawLimit > 0 ? rawLimit : 50) });
 				}
 				case "list_network_requests": return jsonResult$1(listNetworkRequests(connection));
-				case "list_pages": return jsonResult$1(listPages(connection, getTunnelStatus()));
+				case "list_pages":
+					if (connection instanceof ChiiCdpConnection) try {
+						await connection.refreshTargets();
+					} catch {}
+					return jsonResult$1(listPages(connection, getTunnelStatus()));
 				case "get_dom_document": return jsonResult$1(await getDomDocument(connection));
 				case "take_snapshot": return jsonResult$1(await takeSnapshot(connection));
 				case "take_screenshot": {
@@ -2523,29 +3633,19 @@ function createDebugServer(deps) {
 						mimeType: shot.mimeType
 					}] };
 				}
-				case "measure_safe_area": return jsonResult$1(await measureSafeArea(connection));
+				case "measure_safe_area": return jsonResult$1(await measureSafeArea(connection, resolveEnvironment()));
 				case "evaluate": {
 					const expression = request.params.arguments?.expression;
-					if (typeof expression !== "string" || expression === "") return {
-						content: [{
-							type: "text",
-							text: "evaluate requires a non-empty expression."
-						}],
-						isError: true
-					};
+					if (typeof expression !== "string" || expression === "") return mcpError("evaluate: expression 인자가 비어 있습니다. 평가할 JavaScript 표현식을 전달하세요.");
 					return jsonResult$1(await evaluate(connection, expression));
 				}
 				case "call_sdk": {
 					const sdkName = request.params.arguments?.name;
-					if (typeof sdkName !== "string" || sdkName === "") return {
-						content: [{
-							type: "text",
-							text: "call_sdk requires a non-empty name."
-						}],
-						isError: true
-					};
+					if (typeof sdkName !== "string" || sdkName === "") return mcpError("call_sdk: name 인자가 비어 있습니다. 호출할 SDK 메서드 이름을 전달하세요.");
 					const rawArgs = request.params.arguments?.args;
-					return jsonResult$1(await callSdk(connection, sdkName, Array.isArray(rawArgs) ? rawArgs : []));
+					const sdkResult = await callSdk(connection, sdkName, Array.isArray(rawArgs) ? rawArgs : []);
+					if (!sdkResult.ok && typeof sdkResult.error === "string" && sdkResult.error.startsWith("sdk-absent:")) return sdkAbsentError("call_sdk");
+					return jsonResult$1(sdkResult);
 				}
 				default: return unknownTool(name);
 			}
@@ -2562,22 +3662,29 @@ function jsonResult$1(value) {
 	}] };
 }
 function unknownTool(name) {
-	return {
-		content: [{
-			type: "text",
-			text: `Unknown tool: ${name}`
-		}],
-		isError: true
-	};
+	return mcpError(`알 수 없는 tool: ${name}`);
+}
+/**
+* enableDomains()가 던진 에러를 4상태로 분류해 적절한 메시지를 반환한다.
+*
+* - "No mini-app page attached" → page 미attach (상태 2)
+* - crash/destroy/replaced 패턴 → page crash (상태 3)
+* - relay disconnect 패턴 → relay 연결 끊김
+* - 그 외 → 원본 메시지 + list_pages 안내
+*/
+function classifyEnableDomainError(err, toolName) {
+	const message = err instanceof Error ? err.message : String(err);
+	if (message.includes("No mini-app page attached") || message.includes("페이지가 attach 안")) return pageMissingError(toolName);
+	if (message.includes("replaced-by-new-attach") || message.includes("targetCrashed") || message.includes("targetDestroyed") || message.includes("detachedFromTarget")) return pageCrashError(toolName);
+	if (message.includes("relay에 연결되어 있지 않습니다") || message.includes("relay WebSocket") || message.includes("Chii relay connection closed")) return relayDisconnectError(toolName);
+	return classifyToolError(err, toolName);
 }
+/**
+* CDP/AIT 명령 실행 중 catch된 에러를 4상태로 분류해 tool 결과로 반환한다.
+* debug-server 내부 try/catch 블록에서 공통으로 사용한다.
+*/
 function errorResult(err, name) {
-	return {
-		content: [{
-			type: "text",
-			text: `${name} failed: ${err instanceof Error ? err.message : String(err)}\nCall list_pages to confirm a mini-app has attached over the relay.`
-		}],
-		isError: true
-	};
+	return classifyToolError(err, name);
 }
 /**
 * Starts a polling watcher that detects the first 0→N target transition on
@@ -2588,19 +3695,28 @@ function errorResult(err, name) {
 * `server.sendToolListChanged()` exactly once — on the first transition — then
 * clears itself. Shutdown calls `stop()` to clear the interval.
 *
+* `onFirstAttach` is called once on the 0→N transition (or immediately when
+* already attached). Use this to trigger side-effects such as auto-opening
+* Chrome DevTools (issue #282). The callback is optional; omitting it preserves
+* the previous behaviour exactly.
+*
 * SECRET-HANDLING: target `id`/`title`/`url` are not written to any log here.
 * Only an attach-detected stderr line is emitted (no target details).
 *
 * @returns `stop` — call this during shutdown to clear the interval.
 */
-function startAttachWatcher(connection, server, intervalMs = 1e3) {
+function startAttachWatcher(connection, server, intervalMs = 1e3, onFirstAttach) {
 	let wasAttached = connection.listTargets().length > 0;
-	if (wasAttached) server.sendToolListChanged();
+	if (wasAttached) {
+		server.sendToolListChanged();
+		onFirstAttach?.();
+	}
 	const handle = setInterval(() => {
 		const isAttached = connection.listTargets().length > 0;
 		if (!wasAttached && isAttached) {
 			wasAttached = true;
 			server.sendToolListChanged();
+			onFirstAttach?.();
 			clearInterval(handle);
 		}
 	}, intervalMs);
@@ -2640,6 +3756,7 @@ function buildRelayVerifyAuth() {
 *   4. expose the debug tools backed by a `ChiiCdpConnection` + `ChiiAitSource`.
 */
 async function runDebugServer(options = {}) {
+	const lockHandle = acquireLock();
 	const relayPort = options.relayPort ?? 0;
 	const verifyAuth = buildRelayVerifyAuth();
 	const totpEnabled = verifyAuth !== void 0;
@@ -2647,26 +3764,45 @@ async function runDebugServer(options = {}) {
 		port: relayPort,
 		verifyAuth
 	});
+	logInfo("server.start", {
+		port: relay.port,
+		totpEnabled
+	});
 	let tunnel = null;
-	let tunnelStatus = {
-		up: false,
-		wssUrl: null
-	};
+	let tunnelStatus = makeTunnelStatus(false, null);
 	generateAttachToken();
+	let tunnelProbe = null;
 	startQuickTunnel(relay.port).then((t) => {
 		tunnel = t;
-		tunnelStatus = {
-			up: true,
-			wssUrl: t.wssUrl
-		};
+		tunnelStatus = makeTunnelStatus(true, t.wssUrl);
+		lockHandle.updateWssUrl(t.wssUrl);
+		logInfo("tunnel.up", { totpEnabled });
+		tunnelProbe = startTunnelHealthProbe(t, relay.port, {
+			onReissue: (newTunnel) => {
+				tunnel = newTunnel;
+				tunnelStatus = makeTunnelStatus(true, newTunnel.wssUrl, null, 0);
+				lockHandle.updateWssUrl(newTunnel.wssUrl);
+				printAttachBanner({
+					wssUrl: newTunnel.wssUrl,
+					totpEnabled
+				}).then(() => {
+					logInfo("tunnel.up", {
+						totpEnabled,
+						reissued: true
+					});
+				});
+			},
+			onPermanentDrop: (droppedAt) => {
+				tunnelStatus = makeTunnelStatus(false, null, droppedAt, 3);
+				logError("tunnel.down", { msg: `tunnel permanently dropped (${droppedAt}). Restart: npx @ait-co/devtools devtools-mcp` });
+			}
+		});
 		return printAttachBanner({
 			wssUrl: t.wssUrl,
 			totpEnabled
 		});
 	}, (err) => {
-		const message = err instanceof Error ? err.message : String(err);
-		process.stderr.write(`[ait-debug] Failed to open cloudflared quick tunnel: ${message}\n[ait-debug] The relay is up locally; attach over the public URL is unavailable until the tunnel starts.
-`);
+		logError("tunnel.down", { msg: `Failed to open cloudflared quick tunnel: ${err instanceof Error ? err.message : String(err)}. The relay is up locally; attach over the public URL is unavailable until the tunnel starts.` });
 	});
 	const connection = new ChiiCdpConnection({ relayBaseUrl: relay.baseUrl });
 	const aitSource = new ChiiAitSource(connection);
@@ -2674,16 +3810,18 @@ async function runDebugServer(options = {}) {
 	try {
 		qrServer = await startQrHttpServer();
 	} catch (err) {
-		const message = err instanceof Error ? err.message : String(err);
-		process.stderr.write(`[ait-debug] QR HTTP 서버 시작 실패 (text QR fallback 사용): ${message}\n`);
+		logWarn("server.start", { msg: `QR HTTP 서버 시작 실패 (text QR fallback 사용): ${err instanceof Error ? err.message : String(err)}` });
 	}
+	const devtoolsOpener = new AutoDevtoolsOpener();
+	const diagnosticsCollector = new InMemoryDiagnosticsCollector();
 	const server = createDebugServer({
 		connection,
 		aitSource,
 		getTunnelStatus: () => tunnelStatus,
 		get qrHttpServer() {
 			return qrServer;
-		}
+		},
+		diagnosticsCollector
 	});
 	const transport = new StdioServerTransport();
 	let closed = false;
@@ -2692,11 +3830,13 @@ async function runDebugServer(options = {}) {
 		if (closed) return;
 		closed = true;
 		attachWatcher?.stop();
+		tunnelProbe?.stop();
 		connection.close();
 		tunnel?.stop();
 		relay.close();
 		server.close();
 		qrServer?.close();
+		lockHandle.release();
 	};
 	process.once("SIGINT", shutdown);
 	process.once("SIGTERM", shutdown);
@@ -2705,21 +3845,32 @@ async function runDebugServer(options = {}) {
 		if (!closed) {
 			closed = true;
 			attachWatcher?.stop();
+			tunnelProbe?.stop();
 			tunnel?.stop();
+			lockHandle.release();
 		}
 	});
 	process.on("uncaughtException", (err) => {
-		process.stderr.write(`[ait-debug] uncaughtException: ${String(err)}\n`);
+		logError("tool.error", {
+			msg: `uncaughtException: ${String(err)}`,
+			errorKind: "uncaught"
+		});
 		shutdown();
 		process.exit(1);
 	});
 	process.on("unhandledRejection", (reason) => {
-		process.stderr.write(`[ait-debug] unhandledRejection: ${String(reason)}\n`);
+		logError("tool.error", {
+			msg: `unhandledRejection: ${String(reason)}`,
+			errorKind: "unhandled-rejection"
+		});
 		shutdown();
 		process.exit(1);
 	});
 	await server.connect(transport);
-	attachWatcher = startAttachWatcher(connection, server);
+	attachWatcher = startAttachWatcher(connection, server, 1e3, () => {
+		diagnosticsCollector.recordAttach();
+		devtoolsOpener.open(tunnelStatus.wssUrl, getEnvironment({ connection }));
+	});
 }
 /**
 * Boots the local-browser debug stack and serves it over stdio:
@@ -2740,6 +3891,7 @@ async function runDebugServer(options = {}) {
 * expected and noted in the PR as an explicit out-of-scope follow-up.
 */
 async function runLocalDebugServer(options = {}) {
+	const lockHandle = acquireLock();
 	const chromium = await launchChromium({
 		port: options.cdpPort ?? 0,
 		devUrl: options.devUrl ?? process.env.AIT_DEVTOOLS_URL ?? "http://localhost:5173"
@@ -2766,6 +3918,7 @@ async function runLocalDebugServer(options = {}) {
 		connection.close();
 		chromium.stop();
 		server.close();
+		lockHandle.release();
 	};
 	process.once("SIGINT", shutdown);
 	process.once("SIGTERM", shutdown);
@@ -2775,15 +3928,24 @@ async function runLocalDebugServer(options = {}) {
 			closed = true;
 			attachWatcher?.stop();
 			chromium.stop();
+			lockHandle.release();
 		}
 	});
 	process.on("uncaughtException", (err) => {
-		process.stderr.write(`[ait-local-debug] uncaughtException: ${String(err)}\n`);
+		logError("tool.error", {
+			msg: `uncaughtException: ${String(err)}`,
+			errorKind: "uncaught",
+			mode: "local"
+		});
 		shutdown();
 		process.exit(1);
 	});
 	process.on("unhandledRejection", (reason) => {
-		process.stderr.write(`[ait-local-debug] unhandledRejection: ${String(reason)}\n`);
+		logError("tool.error", {
+			msg: `unhandledRejection: ${String(reason)}`,
+			errorKind: "unhandled-rejection",
+			mode: "local"
+		});
 		shutdown();
 		process.exit(1);
 	});
@@ -2863,7 +4025,13 @@ var HttpAitSource = class {
 *     }
 *   }
 */
-/** Tool descriptors served by the dev-mode server. */
+/**
+* Tool descriptors served by the dev-mode server.
+*
+* All dev-mode tools are Tier C (both envs) per RFC #277 — the dev-mode server
+* itself is the mock-side embodiment of those Tier C tools. `availableIn` is
+* declared so the surface stays consistent with the debug-mode registry.
+*/
 const DEV_TOOL_DEFINITIONS = [
 	{
 		name: "AIT.getMockState",
@@ -2872,7 +4040,8 @@ const DEV_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "AIT.getOperationalEnvironment",
@@ -2881,7 +4050,8 @@ const DEV_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "AIT.getSdkCallHistory",
@@ -2890,7 +4060,8 @@ const DEV_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	},
 	{
 		name: "devtools_get_mock_state",
@@ -2899,7 +4070,8 @@ const DEV_TOOL_DEFINITIONS = [
 			type: "object",
 			properties: {},
 			required: []
-		}
+		},
+		availableIn: "both"
 	}
 ];
 const DEV_TOOL_NAMES = new Set(DEV_TOOL_DEFINITIONS.map((t) => t.name));
@@ -2909,47 +4081,23 @@ function createDevServer(deps = {}) {
 	const aitSource = deps.aitSource ?? new HttpAitSource({ stateEndpoint });
 	const server = new Server({
 		name: "ait-devtools",
-		version: "0.1.41"
+		version: "0.1.44"
 	}, { capabilities: { tools: {} } });
 	server.setRequestHandler(ListToolsRequestSchema, () => ({ tools: DEV_TOOL_DEFINITIONS.map((tool) => ({ ...tool })) }));
 	server.setRequestHandler(CallToolRequestSchema, async (request) => {
 		const name = request.params.name;
-		if (!DEV_TOOL_NAMES.has(name)) return {
-			content: [{
-				type: "text",
-				text: `Unknown tool: ${name}`
-			}],
-			isError: true
-		};
+		if (!DEV_TOOL_NAMES.has(name)) return mcpError(`알 수 없는 tool: ${name}`);
 		try {
 			const effective = name === "devtools_get_mock_state" ? "AIT.getMockState" : name;
-			if (!isAitToolName(effective)) return {
-				content: [{
-					type: "text",
-					text: `Unknown tool: ${name}`
-				}],
-				isError: true
-			};
+			if (!isAitToolName(effective)) return mcpError(`알 수 없는 tool: ${name}`);
 			switch (effective) {
 				case "AIT.getMockState": return jsonResult(await getMockState(aitSource));
 				case "AIT.getOperationalEnvironment": return jsonResult(await getOperationalEnvironment(aitSource));
 				case "AIT.getSdkCallHistory": return jsonResult(await getSdkCallHistory(aitSource));
-				default: return {
-					content: [{
-						type: "text",
-						text: `Unknown tool: ${name}`
-					}],
-					isError: true
-				};
+				default: return mcpError(`알 수 없는 tool: ${name}`);
 			}
 		} catch (err) {
-			return {
-				content: [{
-					type: "text",
-					text: `${err instanceof Error ? err.message : String(err)}\nIs the Vite dev server running with the @ait-co/devtools unplugin option \`mcp: true\`? Is AIT_DEVTOOLS_URL set correctly?`
-				}],
-				isError: true
-			};
+			return mcpError(`${name} 실패: ${err instanceof Error ? err.message : String(err)}\nVite dev 서버가 @ait-co/devtools unplugin \`mcp: true\` 옵션으로 실행 중인지 확인하세요. AIT_DEVTOOLS_URL 환경변수가 올바르게 설정됐는지도 확인하세요.`);
 		}
 	});
 	return server;