@ait-co/devtools 0.1.43 → 0.1.45

package/dist/mcp/cli.js

@@ -53,6 +53,98 @@ var ChiiAitSource = class {
 	}
 };
 //#endregion
+//#region src/mcp/log.ts
+/**
+* Allowed field keys that may pass through to a log line.
+* Unknown keys are dropped. Values are still redact-scanned.
+*/
+const ALLOWED_KEYS = new Set([
+	"ts",
+	"level",
+	"event",
+	"msg",
+	"port",
+	"totpEnabled",
+	"env",
+	"tool",
+	"deploymentId",
+	"errorKind",
+	"reason",
+	"prevTargetId",
+	"mode"
+]);
+/**
+* Patterns that match secret values.
+* Match order matters — more-specific patterns first.
+*
+* #268 redact script covers: relay=wss://…, at=<TOTP>, _deploymentId=<uuid>.
+* Here we extend to in-process value-level patterns used in server logs.
+*/
+const SECRET_PATTERNS = [
+	/^\d{6}$/,
+	/^(aitcc_|AITCC_)/i,
+	/^[A-Za-z0-9_-]+=.{4,}/,
+	/^wss:\/\//,
+	/(?:^|[?&])at=[A-Z0-9]{6}/i
+];
+/**
+* Returns `true` when the string value matches any known-secret pattern.
+* Only string values are tested — numbers/booleans are always safe.
+*/
+function isSecretValue(value) {
+	return SECRET_PATTERNS.some((re) => re.test(value));
+}
+/**
+* Redacts a single scalar value.
+* - strings: return "***" if the value matches a secret pattern.
+* - other: return as-is.
+*/
+function redactValue(value) {
+	if (typeof value === "string" && isSecretValue(value)) return "***";
+	return value;
+}
+/**
+* Builds a safe log payload from raw fields.
+*
+* - Only keys in `ALLOWED_KEYS` are included.
+* - String values are scanned for secret patterns and replaced with "***".
+* - `ts` and `level` and `event` are always included (they are injected by the
+*   logger functions below, not by callers).
+*/
+function buildPayload(level, event, fields) {
+	const out = {
+		ts: (/* @__PURE__ */ new Date()).toISOString(),
+		level,
+		event
+	};
+	for (const [key, value] of Object.entries(fields)) {
+		if (!ALLOWED_KEYS.has(key)) continue;
+		if (key === "ts" || key === "level" || key === "event") continue;
+		out[key] = redactValue(value);
+	}
+	return out;
+}
+/**
+* Writes a single JSON log line to stderr.
+* MCP stdio transport uses stdout; all diagnostics go to stderr.
+*/
+function writeLog(level, event, fields = {}) {
+	const payload = buildPayload(level, event, fields);
+	process.stderr.write(`${JSON.stringify(payload)}\n`);
+}
+/** Log an informational structured event. */
+function logInfo(event, fields = {}) {
+	writeLog("info", event, fields);
+}
+/** Log a warning structured event. */
+function logWarn(event, fields = {}) {
+	writeLog("warn", event, fields);
+}
+/** Log an error structured event. */
+function logError(event, fields = {}) {
+	writeLog("error", event, fields);
+}
+//#endregion
 //#region src/mcp/chii-connection.ts
 /**
 * Production `CdpConnection` backed by the local Chii relay.
@@ -176,7 +268,7 @@ var ChiiCdpConnection = class {
 		}
 		if (newestTargetId !== null && this.activeTargetId !== null && newestTargetId !== this.activeTargetId) {
 			const prevId = this.activeTargetId;
-			process.stderr.write(`[ait-debug] 이전 page 세션 종료 — 새 attach로 교체 (prev=${prevId})\n`);
+			logInfo("page.detached", { prevTargetId: prevId });
 			this.evictTarget(prevId);
 		}
 		this.targets.clear();
@@ -758,6 +850,28 @@ var AutoDevtoolsOpener = class {
 //#endregion
 //#region src/mcp/environment.ts
 /**
+* Returns `true` when the environment is any relay variant (`relay-dev` or
+* `relay-live`). Use this instead of `env === 'relay'` for tier checks.
+*/
+function isRelayEnv(env) {
+	return env === "relay-dev" || env === "relay-live";
+}
+/**
+* Returns `true` when the environment is the LIVE relay (`relay-live`).
+* This is the guard condition for side-effect tool protection.
+*/
+function isLiveRelayEnv(env) {
+	return env === "relay-live";
+}
+/**
+* Maps the new `McpEnvironment` union to the legacy two-value union
+* (`'mock' | 'relay'`) for backward-compatible fields in diagnostics output.
+*/
+function toLegacyEnv(env) {
+	if (env === "mock") return "mock";
+	return "relay";
+}
+/**
 * URL patterns that mark a CDP target as a real-device WebView relay.
 *
 * - `intoss-private://` is the Toss in-app private scheme — only ever observed
@@ -782,28 +896,43 @@ function isRelayUrl(url) {
 * regardless of env vars or connection state. Cleared with `null`.
 */
 let envOverride = null;
-/** Parses the `MCP_ENV` env var into a `McpEnvironment` if valid. */
+/**
+* Parses the `MCP_ENV` env var into a `McpEnvironment` if valid.
+*
+* Accepted values:
+*   - `mock`        → `mock`
+*   - `relay-dev`   → `relay-dev`
+*   - `relay-live`  → `relay-live`
+*   - `relay`       → `relay-dev`  (backward-compat alias — resolves to relay-dev)
+*
+* Any other value is ignored and falls through to the next precedence step.
+*/
 function readEnvVar() {
 	const raw = process.env.MCP_ENV;
-	if (raw === "mock" || raw === "relay") return raw;
+	if (raw === "mock") return "mock";
+	if (raw === "relay-dev") return "relay-dev";
+	if (raw === "relay-live") return "relay-live";
+	if (raw === "relay") return "relay-dev";
 }
 /**
 * Returns the current MCP environment, applying the precedence rules:
 *   1. test override (if set)
 *   2. `MCP_ENV` env var
-*   3. CDP target URL pattern match
-*   4. default `mock`
+*   3. CDP target URL pattern match → `relay-dev` (conservative — LIVE
+*      requires explicit MCP_ENV=relay-live opt-in)
+*   4. caller-stated `defaultEnv` (intent hint from the CLI mode)
+*   5. baked-in default `mock`
 */
 function getEnvironment(input = {}) {
 	if (envOverride !== null) return envOverride;
 	const fromEnv = readEnvVar();
 	if (fromEnv !== void 0) return fromEnv;
-	const { connection } = input;
+	const { connection, defaultEnv } = input;
 	if (connection !== void 0) {
 		const targets = connection.listTargets();
-		for (const t of targets) if (isRelayUrl(t.url)) return "relay";
+		for (const t of targets) if (isRelayUrl(t.url)) return "relay-dev";
 	}
-	return "mock";
+	return defaultEnv ?? "mock";
 }
 /**
 * Returns the `EnvironmentReason` that drove the current `getEnvironment()`
@@ -812,18 +941,125 @@ function getEnvironment(input = {}) {
 * secret value is ever returned.
 */
 function getEnvironmentReason(input = {}) {
-	if (envOverride !== null) return envOverride === "mock" ? "env-var-mock" : "env-var-relay";
+	if (envOverride !== null) {
+		if (envOverride === "mock") return "env-var-mock";
+		if (envOverride === "relay-live") return "env-var-relay-live";
+		return "env-var-relay-dev";
+	}
+	const rawVar = process.env.MCP_ENV;
 	const fromEnv = readEnvVar();
 	if (fromEnv === "mock") return "env-var-mock";
-	if (fromEnv === "relay") return "env-var-relay";
-	const { connection } = input;
+	if (fromEnv === "relay-live") return "env-var-relay-live";
+	if (fromEnv === "relay-dev") return rawVar === "relay" ? "env-var-relay-compat" : "env-var-relay-dev";
+	const { connection, defaultEnv } = input;
 	if (connection !== void 0) {
 		const targets = connection.listTargets();
 		for (const t of targets) if (isRelayUrl(t.url)) return "cdp-target-url-relay-pattern";
 	}
+	if (defaultEnv === "relay-live") return "default-relay-live";
+	if (defaultEnv === "relay-dev") return "default-relay-dev";
 	return "default-mock";
 }
 //#endregion
+//#region src/mcp/errors.ts
+/**
+* 한국어 한 줄 "원인 + 다음 행동" 포맷으로 에러 결과를 빌드한다.
+*
+* @param message - 사용자에게 보여줄 에러 본문 (원인 + 다음 행동 포함).
+*/
+function mcpError(message) {
+	return {
+		content: [{
+			type: "text",
+			text: message
+		}],
+		isError: true
+	};
+}
+/**
+* Tier A/B 환경 불일치 거부 메시지.
+*
+* @param toolName    - 거부된 tool 이름.
+* @param requiredEnv - 해당 tool이 요구하는 환경 ('mock' | 'relay').
+* @param currentEnv  - 현재 세션 환경.
+* @param reason      - 환경이 결정된 근거 (EnvironmentReason 문자열).
+*/
+function tierRejectionError(toolName, requiredEnv, currentEnv, reason) {
+	return mcpError(`${`${toolName}은 ${requiredEnv === "relay" ? "relay (실기기 연결)" : "mock (로컬 브라우저)"} 환경에서만 사용할 수 있습니다. 현재 환경: ${currentEnv === "relay" ? "relay" : "mock"} (${reason}). ${requiredEnv === "relay" ? "relay로 전환하려면 MCP_ENV=relay 설정 후 서버를 재시작하고 build_attach_url → QR 스캔으로 실기기를 attach하세요." : "mock으로 전환하려면 MCP_ENV=mock 설정 후 서버를 재시작하세요."}`}\n\n${`tool ${toolName} is available only in ${requiredEnv}. Current environment is ${currentEnv} (${reason}).`}`);
+}
+/**
+* 상태 1: tunnel 미가동 — cloudflared 터널이 아직 뜨지 않았다.
+*
+* `build_attach_url` 호출 시 tunnel.up === false 인 경우.
+*/
+function tunnelDownError() {
+	return mcpError("cloudflared 터널이 안 떠 있습니다. MCP 서버를 재시작하거나 잠시 후 list_pages로 터널 상태를 다시 확인하세요.");
+}
+/**
+* 상태 2: page 미attach — 터널은 살아 있으나 아직 페이지가 연결되지 않았다.
+*
+* enableDomains()가 "No mini-app page attached" 에러를 던질 때.
+*/
+function pageMissingError(toolName) {
+	return mcpError(`${toolName ? `${toolName}: ` : ""}페이지가 attach 안 됨. dogfood 번들 배포 후 build_attach_url을 호출해 QR을 생성하세요: \`ait deploy --scheme-only\` → \`build_attach_url(scheme_url)\` → QR 스캔.`);
+}
+/**
+* 상태 3: page crash — 연결됐던 페이지가 crash/destroy됐다.
+*
+* chii-connection 이 'replaced-by-new-attach' / 'targetCrashed' / 'targetDestroyed' 를
+* 던질 때 이 메시지를 사용한다.
+*/
+function pageCrashError(toolName) {
+	return mcpError(`${toolName ? `${toolName}: ` : ""}페이지가 crash됐습니다. 토스 앱을 재실행한 뒤 build_attach_url → QR 스캔으로 재attach하세요.`);
+}
+/**
+* 상태 4: SDK 부재 — window.__sdkCall이 주입되지 않았다 (dogfood 빌드가 아님).
+*
+* call_sdk 호출 시 브리지가 없을 때.
+*/
+function sdkAbsentError(toolName) {
+	return mcpError(`${toolName ? `${toolName}: ` : ""}window.__sdkCall이 주입되지 않았습니다 (dogfood 빌드가 아닙니다). dogfood 채널(intoss-private)로 재배포 후 QR을 다시 스캔하세요: \`ait build && aitcc app deploy\`.`);
+}
+/**
+* relay-live 환경에서 side-effect 도구(`call_sdk`, `evaluate`)를 `confirm: true`
+* 없이 호출했을 때 반환하는 거부 메시지.
+*
+* 다음 행동을 두 가지로 제시한다:
+*   1. 같은 호출에 `confirm: true` 인자를 추가해 재시도.
+*   2. 읽기 전용 환경(relay-dev, mock)으로 전환.
+*/
+function liveGuardError(toolName) {
+	return mcpError(`[LIVE relay guard] ${toolName}은 현재 relay-live(실 출시 런타임) 세션에서 side-effect 호출입니다. 실유저에게 영향을 줄 수 있어 명시적 동의가 필요합니다.
+
+다음 중 하나를 선택하세요:
+  1. \`confirm: true\` 인자를 추가해 재호출: ${toolName}(…, confirm: true)\n  2. 읽기 전용 도구(list_pages, list_console_messages, take_screenshot 등)를 사용하세요.
+  3. dogfood 빌드(relay-dev 환경)에서 먼저 검증 후 live에 적용하세요.
+
+live-guard: MCP_ENV=relay-live + confirm: true missing`);
+}
+/**
+* relay WebSocket 연결이 끊겼을 때 — 크래시가 아닌 네트워크/프로세스 종료.
+*/
+function relayDisconnectError(toolName) {
+	return mcpError(`${toolName ? `${toolName}: ` : ""}relay 연결이 끊겼습니다. list_pages로 상태를 확인하고, 필요하면 앱을 재실행 후 재attach하세요.`);
+}
+/**
+* CDP/AIT 명령 중 발생한 예외를 4상태로 분류해 적절한 에러 결과를 반환한다.
+*
+* - SDK 부재 패턴 (`window.__sdkCall is not available`) → sdkAbsentError
+* - crash 패턴 (`replaced-by-new-attach`, `targetCrashed`, `targetDestroyed`) → pageCrashError
+* - 연결 끊김 패턴 (`relay에 연결되어 있지 않습니다`, `relay WebSocket`) → relayDisconnectError
+* - 그 외 (일반 에러) → 원본 메시지를 포함한 mcpError
+*/
+function classifyToolError(err, toolName) {
+	const message = err instanceof Error ? err.message : String(err);
+	if (message.startsWith("tunnel-down:") || message.includes("터널이 안 떠 있습니다")) return tunnelDownError();
+	if (message.startsWith("sdk-absent:") || message.includes("__sdkCall이 주입되지 않았습니다") || message.includes("window.__sdkCall is not available") || message.includes("__sdkCall") && message.includes("not available")) return sdkAbsentError(toolName);
+	if (message.includes("replaced-by-new-attach") || message.includes("targetCrashed") || message.includes("targetDestroyed") || message.includes("detachedFromTarget")) return pageCrashError(toolName);
+	if (message.includes("relay에 연결되어 있지 않습니다") || message.includes("relay WebSocket")) return relayDisconnectError(toolName);
+	return mcpError(`${toolName} 실패: ${message}\nlist_pages로 미니앱이 relay에 attach됐는지 확인하세요.`);
+}
+//#endregion
 //#region src/mcp/local-connection.ts
 /**
 * Local-browser `CdpConnection` — attaches directly to a Chromium instance
@@ -1367,7 +1603,9 @@ var ServerLockConflictError = class extends Error {
 	existingPid;
 	/** wssUrl from the existing lock — may be `null` if the tunnel is still starting. */
 	existingWssUrl;
-	constructor(existingPid, existingWssUrl) {
+	/** ISO timestamp from the existing lock — when that session started. */
+	existingStartedAt;
+	constructor(existingPid, existingWssUrl, existingStartedAt) {
 		const urlNote = existingWssUrl != null ? `  relay URL: ${existingWssUrl}\n` : "  relay URL: (tunnel still starting — retry in a moment)\n";
 		super(`A debug server is already running (PID ${existingPid}).\n` + urlNote + `Stop the existing session before starting a new one.
 If it is already stopped but this error persists, remove the lock file:
@@ -1375,6 +1613,7 @@ If it is already stopped but this error persists, remove the lock file:
 		this.name = "ServerLockConflictError";
 		this.existingPid = existingPid;
 		this.existingWssUrl = existingWssUrl;
+		this.existingStartedAt = existingStartedAt;
 	}
 };
 /** Returns `~/.ait-devtools/server.lock` (or `AIT_DEVTOOLS_LOCK_DIR` override for tests). */
@@ -1427,22 +1666,64 @@ function removeLock(lockPath) {
 	} catch {}
 }
 /**
+* Sends SIGTERM to `pid` and waits up to `graceMs` (default 2 000 ms) for it
+* to exit; then falls back to SIGKILL.  Synchronous — uses a busy-wait loop so
+* it is usable in the top-level startup path without async plumbing.
+*
+* Ignores errors from `process.kill` so that a race where the target exits
+* between the alive check and the kill call does not crash the caller.
+*/
+function killAndWait(pid, graceMs = 2e3) {
+	try {
+		process.kill(pid, "SIGTERM");
+	} catch {
+		return;
+	}
+	const deadline = Date.now() + graceMs;
+	while (isPidAlive(pid) && Date.now() < deadline) {
+		const end = Date.now() + 100;
+		while (Date.now() < end);
+	}
+	if (isPidAlive(pid)) try {
+		process.kill(pid, "SIGKILL");
+	} catch {}
+}
+/**
+* Reads the current lock file without acquiring it. Returns the parsed
+* `LockData` when the file exists and is valid, otherwise `null`. Used by
+* `get_diagnostics` to surface the `serverLockHolder` field without
+* interfering with the running lock owner.
+*/
+function readServerLock() {
+	return readLock(lockFilePath());
+}
+/**
 * Attempts to acquire the server lock.
 *
 * - If no lock exists (or the lock is stale): writes a new lock and returns a
 *   `LockHandle` with `updateWssUrl` + `release`.
-* - If a live process holds the lock: throws `ServerLockConflictError`.
+* - If a live process holds the lock and `force` is `false` (default): writes
+*   a clear recovery message to stderr and throws `ServerLockConflictError`.
+* - If a live process holds the lock and `force` is `true`: sends SIGTERM to
+*   that process (waiting up to 2 s then SIGKILL) and takes over the lock.
 *
 * The initial `wssUrl` in the lock file is `null` — call
 * `handle.updateWssUrl(url)` once the cloudflared tunnel is ready.
 */
-function acquireLock() {
+function acquireLock(options = {}) {
+	const { force = false } = options;
 	const lockPath = lockFilePath();
 	const existing = readLock(lockPath);
-	if (existing !== null) {
-		if (isPidAlive(existing.pid)) throw new ServerLockConflictError(existing.pid, existing.wssUrl);
-		process.stderr.write(`[ait-debug] stale lock from PID ${existing.pid} recovered — starting fresh.\n`);
+	if (existing !== null) if (isPidAlive(existing.pid)) if (force) {
+		process.stderr.write(`[ait-debug] --force: terminating existing session PID=${existing.pid} …\n`);
+		killAndWait(existing.pid);
+		process.stderr.write(`[ait-debug] --force: PID=${existing.pid} stopped, taking over.\n`);
+	} else {
+		const urlPart = existing.wssUrl != null ? `wssUrl=${existing.wssUrl}` : "wssUrl=(tunnel starting)";
+		process.stderr.write(`[ait-debug] 기존 debug-mode 세션이 이미 실행 중 — PID=${existing.pid}, started ${existing.startedAt}, ${urlPart}\n[ait-debug] 회복: \`kill ${existing.pid}\` 또는 \`npx @ait-co/devtools devtools-mcp --force\`\n`);
+		throw new ServerLockConflictError(existing.pid, existing.wssUrl, existing.startedAt);
 	}
+	else process.stderr.write(`[ait-debug] stale lock from PID ${existing.pid} recovered — starting fresh.\n`);
 	const data = {
 		pid: process.pid,
 		wssUrl: null,
@@ -1757,7 +2038,7 @@ const DEBUG_TOOL_DEFINITIONS = [
 	},
 	{
 		name: "list_pages",
-		description: "Returns the single active page (at most one) the relay sees attached. When a second page attaches, the previous one is evicted (last-attach wins — single-attach model). The result includes `singleAttachModel: true` so the agent knows the array is always 0 or 1 entries. Also returns whether the cloudflared tunnel is up and the public wss relay URL. Each page entry includes a `lastSeenAt` ISO timestamp (last inbound CDP message from that target — useful to detect stale entries when the phone app backgrounded). The result also includes `crashDetectedAt` (ISO timestamp or null): when non-null, a page crash was detected via Inspector.targetCrashed / Target.targetDestroyed since the last attach, the pages list will be empty, and `crashWarning` shows a Korean hint to re-attach. Call this first to confirm a page is attached before reading console/network.",
+		description: "Returns the single active page (at most one) the relay sees attached. When a second page attaches, the previous one is evicted (last-attach wins — single-attach model). The result includes `singleAttachModel: true` so the agent knows the array is always 0 or 1 entries. Also returns whether the cloudflared tunnel is up and the public wss relay URL. The `tunnel` field includes `droppedAt` (ISO timestamp or null/undefined): when non-null the tunnel has permanently dropped after 3 failed reissue attempts — restart the debug server with `npx @ait-co/devtools devtools-mcp`. Each page entry includes a `lastSeenAt` ISO timestamp (last inbound CDP message from that target — useful to detect stale entries when the phone app backgrounded). The result also includes `crashDetectedAt` (ISO timestamp or null): when non-null, a page crash was detected via Inspector.targetCrashed / Target.targetDestroyed since the last attach, the pages list will be empty, and `crashWarning` shows a Korean hint to re-attach. Call this first to confirm a page is attached before reading console/network. When a page attaches or detaches the server emits notifications/tools/list_changed — call tools/list again to get the full updated tool surface.",
 		inputSchema: {
 			type: "object",
 			properties: {},
@@ -1767,7 +2048,7 @@ const DEBUG_TOOL_DEFINITIONS = [
 	},
 	{
 		name: "build_attach_url",
-		description: "The tool result already shows the QR to the user directly (Claude Code renders MCP tool output to the user's screen; they press Ctrl+O to expand if it's collapsed). Do NOT re-print or re-render the QR in your reply — that just wastes output tokens. Simply tell the user to scan the QR shown in this tool's output with their phone camera. Turns an `ait deploy --scheme-only` URL (intoss-private://…?_deploymentId=<uuid>) into a self-attaching deep link by splicing in debug=1 and the live relay URL for this session. Returns the deep link JSON and a unicode QR of that deep link. Scan the QR with the phone camera to open the mini-app and attach it to this debug session (QR is the single entry path — no USB cable or platform CLI needed). Requires the tunnel to be up — call list_pages first. Set wait_for_attach=true to block until the phone scans and a page attaches (polls listTargets up to 90 s), then returns the attached page info too. When open_in_browser=true (default), saves the QR as a PNG and opens it in the OS default browser — only works when the MCP server runs on a local GUI machine (not headless/remote containers).",
+		description: "The tool result already shows the QR to the user directly (Claude Code renders MCP tool output to the user's screen; they press Ctrl+O to expand if it's collapsed). Do NOT re-print or re-render the QR in your reply — that just wastes output tokens. Simply tell the user to scan the QR shown in this tool's output with their phone camera. Turns an `ait deploy --scheme-only` URL (intoss-private://…?_deploymentId=<uuid>) into a self-attaching deep link by splicing in debug=1 and the live relay URL for this session. Returns the deep link JSON and a unicode QR of that deep link. Scan the QR with the phone camera to open the mini-app and attach it to this debug session (QR is the single entry path — no USB cable or platform CLI needed). Requires the tunnel to be up — call list_pages first. If the tunnel is not up, restart the MCP server: `npx @ait-co/devtools devtools-mcp`. Set wait_for_attach=true to block until the phone scans and a page attaches (polls listTargets up to 30 s by default), then returns the attached page info too. On timeout, call build_attach_url again to resume polling. When open_in_browser=true (default), saves the QR as a PNG and opens it in the OS default browser — only works when the MCP server runs on a local GUI machine (not headless/remote containers). Requires MCP_ENV=relay (set automatically when a relay tunnel is detected).",
 		inputSchema: {
 			type: "object",
 			properties: {
@@ -1777,7 +2058,7 @@ const DEBUG_TOOL_DEFINITIONS = [
 				},
 				wait_for_attach: {
 					type: "boolean",
-					description: "If true, block after returning the QR until a page attaches to the relay (polls listTargets ~1 s interval, timeout 90 s). On attach, the response includes the attached page list. On timeout, returns an error with a list_pages retry hint."
+					description: "If true, block after returning the QR until a page attaches to the relay (polls listTargets ~1 s interval, timeout 30 s). On attach, the response includes the attached page list. On timeout, call build_attach_url again to resume polling."
 				},
 				open_in_browser: {
 					type: "boolean",
@@ -1810,7 +2091,7 @@ const DEBUG_TOOL_DEFINITIONS = [
 	},
 	{
 		name: "take_screenshot",
-		description: "Captures a PNG screenshot of the attached mini-app page over CDP (Page.captureScreenshot) so the agent can see the phone screen directly. Read-only. Returns an image content block.",
+		description: "Captures a PNG screenshot of the attached mini-app page over CDP (Page.captureScreenshot) so the agent can see the phone screen directly. Read-only. Returns an image content block — this is the only debug tool that returns an image; all other debug tools return text (JSON).",
 		inputSchema: {
 			type: "object",
 			properties: {},
@@ -1830,13 +2111,19 @@ const DEBUG_TOOL_DEFINITIONS = [
 	},
 	{
 		name: "evaluate",
-		description: "Evaluates an arbitrary JavaScript expression on the attached mini-app page via CDP Runtime.evaluate (returnByValue: true) and returns the result. NOT read-only — the expression can have side effects (DOM mutations, SDK calls, state changes). Requires the relay to be attached — call list_pages first. Throws if the evaluation throws an exception on the page.",
+		description: "Evaluates an arbitrary JavaScript expression on the attached mini-app page via CDP Runtime.evaluate (returnByValue: true) and returns the result. NOT read-only — the expression can have side effects (DOM mutations, SDK calls, state changes). Requires the relay to be attached — call list_pages first. Throws if the evaluation throws an exception on the page.\n\nSECURITY: expression and result are not redacted — never include secrets or auth tokens in the expression.\n\nLIVE guard: when running against a live/production relay (relay-live env, MCP_ENV=relay-live), this tool requires `confirm: true` to acknowledge that the expression may affect real users. Without it the call is rejected with a structured error. mock and relay-dev sessions are unaffected.",
 		inputSchema: {
 			type: "object",
-			properties: { expression: {
-				type: "string",
-				description: "JavaScript expression to evaluate in the page context."
-			} },
+			properties: {
+				expression: {
+					type: "string",
+					description: "JavaScript expression to evaluate in the page context."
+				},
+				confirm: {
+					type: "boolean",
+					description: "Required when MCP_ENV=relay-live. Set to `true` to explicitly acknowledge that this expression may have side effects on real/live users. Omitting this in a relay-live session results in a structured rejection error. Has no effect in mock or relay-dev sessions."
+				}
+			},
 			required: ["expression"]
 		},
 		availableIn: "both"
@@ -1856,7 +2143,7 @@ const DEBUG_TOOL_DEFINITIONS = [
 	},
 	{
 		name: "call_sdk",
-		description: "Calls a dogfood SDK method via the window.__sdkCall bridge (exported by @apps-in-toss/web-framework only in __DEBUG_BUILD__ bundles). NOT read-only — SDK calls have side effects (navigation, payments, permissions, etc.). On env 2/3 (real device relay) this hits the real SDK; on env 1 (local mock) it hits the mock SDK. Requires the relay to be attached — call list_pages first. Returns {ok: true, value} on success or {ok: false, error} on failure. If a Runtime.exceptionThrown event was observed within [callStart-50ms, callEnd+200ms], the result also includes `recentException` for crash triage. Returns a clear error if window.__sdkCall is not available (non-dogfood bundle).\n\nIMPORTANT — 인자 시그니처 (잘못된 인자로 호출하면 토스 앱 crash 위험):\n  setDeviceOrientation:        call_sdk(\"setDeviceOrientation\", [{ type: \"landscape\" }])  // NOT \"landscape\"\n  setIosSwipeGestureEnabled:   call_sdk(\"setIosSwipeGestureEnabled\", [{ isEnabled: false }])\n  setSecureScreen:             call_sdk(\"setSecureScreen\", [{ enabled: true }])\n  setScreenAwakeMode:          call_sdk(\"setScreenAwakeMode\", [{ enabled: true }])\n  getOperationalEnvironment:   call_sdk(\"getOperationalEnvironment\", [])\n  getPlatformOS:               call_sdk(\"getPlatformOS\", [])\n  getDeviceId:                 call_sdk(\"getDeviceId\", [])\n  getLocale:                   call_sdk(\"getLocale\", [])\n  getNetworkStatus:            call_sdk(\"getNetworkStatus\", [])\n  getSchemeUri:                call_sdk(\"getSchemeUri\", [])\n  requestReview:               call_sdk(\"requestReview\", [])\n  closeView:                   call_sdk(\"closeView\", [])",
+		description: "Calls a dogfood SDK method via the window.__sdkCall bridge (exported by @apps-in-toss/web-framework only in __DEBUG_BUILD__ bundles). NOT read-only — SDK calls have side effects (navigation, payments, permissions, etc.). On env 2/3 (real device relay) this hits the real SDK; on env 1 (local mock) it hits the mock SDK. Requires the relay to be attached — call list_pages first. Returns {ok: true, value} on success or {ok: false, error} on failure. If a Runtime.exceptionThrown event was observed within [callStart-50ms, callEnd+200ms], the result also includes `recentException` for crash triage. Returns a clear error if window.__sdkCall is not available (non-dogfood bundle) — redeploy via dogfood channel: `ait build && aitcc app deploy`.\n\nSECURITY: method name, args, and result value are not redacted — never include secrets.\n\nLIVE guard: when running against a live/production relay (relay-live env, MCP_ENV=relay-live), this tool requires `confirm: true` to acknowledge that the SDK call may affect real users. Without it the call is rejected with a structured error. mock and relay-dev sessions are unaffected.\n\nIMPORTANT — 인자 시그니처 (잘못된 인자로 호출하면 토스 앱 crash 위험):\n  setDeviceOrientation:        call_sdk(\"setDeviceOrientation\", [{ type: \"landscape\" }])  // NOT \"landscape\"\n  setIosSwipeGestureEnabled:   call_sdk(\"setIosSwipeGestureEnabled\", [{ isEnabled: false }])\n  setSecureScreen:             call_sdk(\"setSecureScreen\", [{ enabled: true }])\n  setScreenAwakeMode:          call_sdk(\"setScreenAwakeMode\", [{ enabled: true }])\n  getOperationalEnvironment:   call_sdk(\"getOperationalEnvironment\", [])\n  getPlatformOS:               call_sdk(\"getPlatformOS\", [])\n  getDeviceId:                 call_sdk(\"getDeviceId\", [])\n  getLocale:                   call_sdk(\"getLocale\", [])\n  getNetworkStatus:            call_sdk(\"getNetworkStatus\", [])\n  getSchemeUri:                call_sdk(\"getSchemeUri\", [])\n  requestReview:               call_sdk(\"requestReview\", [])\n  closeView:                   call_sdk(\"closeView\", [])",
 		inputSchema: {
 			type: "object",
 			properties: {
@@ -1868,6 +2155,10 @@ const DEBUG_TOOL_DEFINITIONS = [
 					type: "array",
 					description: "Arguments to pass to the SDK method (optional, default []).",
 					items: {}
+				},
+				confirm: {
+					type: "boolean",
+					description: "Required when MCP_ENV=relay-live. Set to `true` to explicitly acknowledge that this SDK call may have side effects on real/live users. Omitting this in a relay-live session results in a structured rejection error. Has no effect in mock or relay-dev sessions."
 				}
 			},
 			required: ["name"]
@@ -1903,6 +2194,19 @@ const DEBUG_TOOL_DEFINITIONS = [
 			required: []
 		},
 		availableIn: "both"
+	},
+	{
+		name: "get_diagnostics",
+		description: "Returns a single-call server status snapshot so the agent can diagnose \"why is this not working?\" without calling multiple tools. Fields: mcpVersion (MCP SDK version), devtoolsVersion (@ait-co/devtools package version), tunnel (up/wssUrl/pid/startedAt), pages (list_pages result + lastSeenAt stats), lastAttachAt, lastDetachAt, recentErrors (last N server-side errors, PII/secret redacted), environment (kind: mock|relay-dev|relay-live, env: mock|relay backward-compat, reason, liveGuardActive: true when relay-live LIVE guard is active), serverLockHolder (pid + startedAt from the lock file, or null), nextRecommendedAction ({tool, reason} or null — the single next tool to call). All fields are nullable — missing data is null, not an error. debug-mode only — dev-mode (--mode=dev) does not support relay diagnostics. Tier C (both mock and relay). Call this first when debugging session state.",
+		inputSchema: {
+			type: "object",
+			properties: { recent_errors_limit: {
+				type: "number",
+				description: "Maximum number of recent server-side errors to include (default 10, max 50)."
+			} },
+			required: []
+		},
+		availableIn: "both"
 	}
 ];
 const DEBUG_TOOL_NAMES = new Set(DEBUG_TOOL_DEFINITIONS.map((t) => t.name));
@@ -1922,20 +2226,26 @@ function getToolAvailability(name) {
 * Returns true when the named tool is available in the given environment.
 * Unknown tools return `false` — callers should reject them as unknown rather
 * than as env-mismatched.
+*
+* Relay variants (`relay-dev`, `relay-live`) both satisfy the `'relay'`
+* availability tier — `isRelayEnv()` is used for the check.
 */
 function isToolAvailableIn(name, env) {
 	const availability = getToolAvailability(name);
 	if (availability === void 0) return false;
 	if (availability === "both") return true;
+	if (availability === "relay") return isRelayEnv(env);
 	return availability === env;
 }
 /**
 * Filters a `DEBUG_TOOL_DEFINITIONS`-shaped list to those whose `availableIn`
 * matches the given env. Pure — preserves order; both Tier C ("both") and the
 * matching single-env tier pass through.
+*
+* Relay variants (`relay-dev`, `relay-live`) both satisfy the `'relay'` tier.
 */
 function filterToolsByEnvironment(tools, env) {
-	return tools.filter((t) => t.availableIn === "both" || t.availableIn === env);
+	return tools.filter((t) => t.availableIn === "both" || t.availableIn === "relay" && isRelayEnv(env) || t.availableIn === env);
 }
 /**
 * Tool names that are available before any page attaches (bootstrap tier).
@@ -1946,7 +2256,11 @@ function filterToolsByEnvironment(tools, env) {
 * All other tools require an attached page (`enableDomains` must succeed) and
 * are only advertised in `tools/list` once a target appears.
 */
-const BOOTSTRAP_TOOL_NAMES = new Set(["build_attach_url", "list_pages"]);
+const BOOTSTRAP_TOOL_NAMES = new Set([
+	"build_attach_url",
+	"get_diagnostics",
+	"list_pages"
+]);
 /** Renders a CDP `RemoteObject` console arg to a stable display string. */
 function renderRemoteObject(arg) {
 	if (arg.value !== void 0) {
@@ -2058,7 +2372,7 @@ function listPages(connection, tunnel) {
 * the scheme authority which is in the caller's input, not ours to own).
 */
 function buildAttachUrl(schemeUrl, tunnel) {
-	if (!tunnel.up || tunnel.wssUrl === null) throw new Error("No relay URL yet — the cloudflared quick tunnel is not up. Call list_pages to check tunnel status.");
+	if (!tunnel.up || tunnel.wssUrl === null) throw new Error("tunnel-down: cloudflared 터널이 안 떠 있습니다. MCP 서버를 재시작하거나 잠시 후 list_pages로 터널 상태를 다시 확인하세요.");
 	const authorityWarning = validateSchemeAuthority(schemeUrl) ?? void 0;
 	return {
 		attachUrl: buildDeepLinkAttachUrl(schemeUrl, tunnel.wssUrl),
@@ -2173,8 +2487,9 @@ function isLaunchFailureStderr(stderr) {
 /**
 * 로컬 HTTP 서버 URL(`http://127.0.0.1:<port>/attach?u=...`)을 OS 기본 브라우저로 연다.
 *
-* platform별 fallback chain으로 시도하며, 모두 실패해도 `opened: false` + `httpUrl`을
-* 반환해 사용자가 직접 브라우저에 붙여넣을 수 있게 한다.
+* platform별 fallback chain으로 시도하며, 모두 실패하면 1회 retry를 수행한다
+* (ephemeral process launch 타이밍 문제 대응). retry까지 실패해도 `opened: false` +
+* `httpUrl`을 반환해 사용자가 직접 브라우저에 붙여넣을 수 있게 한다.
 *
 * SECRET-HANDLING:
 *   - tmp 파일을 만들지 않는다 (HTML/PNG는 HTTP 서버가 메모리에서 응답).
@@ -2187,25 +2502,39 @@ function isLaunchFailureStderr(stderr) {
 */
 async function openQrInBrowser(httpUrl, pngUrl) {
 	const { spawnSync } = await import("node:child_process");
-	const candidates = getBrowserCandidates(httpUrl);
-	const stderrLines = [];
-	for (const { cmd, args } of candidates) {
-		const result = spawnSync(cmd, args, {
-			encoding: "utf8",
-			timeout: 5e3
-		});
-		if (result.error) {
-			stderrLines.push(`${cmd}: ${result.error.message}`);
-			continue;
+	/**
+	* 한 번의 fallback chain 시도. 성공하면 열린 후보 cmd를 반환, 실패하면 null.
+	* stderrLines에 각 후보의 stderr를 누적한다.
+	*/
+	function tryOnce(stderrLines) {
+		const candidates = getBrowserCandidates(httpUrl);
+		for (const { cmd, args } of candidates) {
+			const result = spawnSync(cmd, args, {
+				encoding: "utf8",
+				timeout: 5e3
+			});
+			if (result.error) {
+				stderrLines.push(`${cmd}: ${result.error.message}`);
+				continue;
+			}
+			const stderr = typeof result.stderr === "string" ? result.stderr : "";
+			if (stderr) stderrLines.push(`${cmd}: ${redactSecrets(stderr.trim())}`);
+			if (result.status === 0 && !isLaunchFailureStderr(stderr)) return true;
 		}
-		const stderr = typeof result.stderr === "string" ? result.stderr : "";
-		if (stderr) stderrLines.push(`${cmd}: ${redactSecrets(stderr.trim())}`);
-		if (result.status === 0 && !isLaunchFailureStderr(stderr)) return {
-			opened: true,
-			httpUrl,
-			pngUrl
-		};
+		return false;
 	}
+	const stderrLines = [];
+	if (tryOnce(stderrLines)) return {
+		opened: true,
+		httpUrl,
+		pngUrl
+	};
+	if (tryOnce(stderrLines)) return {
+		opened: true,
+		httpUrl,
+		pngUrl,
+		retried: true
+	};
 	return {
 		opened: false,
 		httpUrl,
@@ -2451,7 +2780,7 @@ async function evaluate(connection, expression) {
 * any log or stderr by the caller.
 */
 function buildCallSdkExpression(name, args) {
-	return `(async () => { if (typeof window.__sdkCall !== 'function') {  return JSON.stringify({ok:false,error:'window.__sdkCall is not available — is this a dogfood (__DEBUG_BUILD__) bundle?'}); } try {  const r = await window.__sdkCall(${JSON.stringify(name)}, ...${JSON.stringify(args)});  return JSON.stringify({ok:true,value:r}); } catch(e) {  return JSON.stringify({ok:false,error:String(e && e.message || e)}); }})()`;
+	return `(async () => { if (typeof window.__sdkCall !== 'function') {  return JSON.stringify({ok:false,error:'sdk-absent: window.__sdkCall이 주입되지 않았습니다 (dogfood 빌드가 아닙니다). dogfood 채널로 재배포하세요.'}); } try {  const r = await window.__sdkCall(${JSON.stringify(name)}, ...${JSON.stringify(args)});  return JSON.stringify({ok:true,value:r}); } catch(e) {  return JSON.stringify({ok:false,error:String(e && e.message || e)}); }})()`;
 }
 /**
 * Parses the JSON envelope string returned by the `call_sdk` expression.
@@ -2570,6 +2899,175 @@ function getMockState(source) {
 function getOperationalEnvironment(source) {
 	return source.get("AIT.getOperationalEnvironment");
 }
+/** Secret-redaction patterns applied before error messages enter the buffer. */
+const SECRET_REDACT_PATTERNS = [
+	[/\bat=([^&\s"']+)/g, "at=<redacted>"],
+	[/((?:set-)?cookie)\s*:\s*.+/gi, "$1: <redacted>"],
+	[/AITCC_API_KEY\s*=\s*\S+/gi, "AITCC_API_KEY=<redacted>"],
+	[/Authorization\s*:\s*.+/gi, "Authorization: <redacted>"],
+	[/\bBearer\s+\S+/g, "Bearer <redacted>"]
+];
+/**
+* Applies all secret-redaction patterns to an error message string.
+* Used before storing errors in the `DiagnosticsCollector` ring buffer.
+*
+* SECRET-HANDLING: this is the single bottleneck for redaction — all error
+* strings must pass through here before reaching the buffer.
+*/
+function redactErrorMessage(message) {
+	let result = message;
+	for (const [pattern, replacement] of SECRET_REDACT_PATTERNS) result = result.replace(pattern, replacement);
+	return result;
+}
+/** Default max buffer size for the error ring buffer. */
+const DEFAULT_ERROR_BUFFER_SIZE = 50;
+/**
+* In-memory implementation of `DiagnosticsCollector`. Thread-safe in the
+* single-threaded Node.js sense (synchronous mutations only).
+*/
+var InMemoryDiagnosticsCollector = class {
+	buffer = [];
+	maxSize;
+	lastAttachAt = null;
+	lastDetachAt = null;
+	constructor(maxSize = DEFAULT_ERROR_BUFFER_SIZE) {
+		this.maxSize = maxSize;
+	}
+	recordError(message, category) {
+		const entry = {
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			message: redactErrorMessage(message),
+			...category !== void 0 ? { category } : {}
+		};
+		this.buffer.push(entry);
+		if (this.buffer.length > this.maxSize) this.buffer.shift();
+	}
+	getRecentErrors(limit) {
+		const cap = Math.min(Math.max(1, limit), DEFAULT_ERROR_BUFFER_SIZE);
+		return this.buffer.length > cap ? this.buffer.slice(this.buffer.length - cap) : [...this.buffer];
+	}
+	recordAttach() {
+		this.lastAttachAt = (/* @__PURE__ */ new Date()).toISOString();
+	}
+	recordDetach() {
+		this.lastDetachAt = (/* @__PURE__ */ new Date()).toISOString();
+	}
+	getLastAttachAt() {
+		return this.lastAttachAt;
+	}
+	getLastDetachAt() {
+		return this.lastDetachAt;
+	}
+};
+/**
+* Reads the `@modelcontextprotocol/sdk` package version from the installed
+* package's `package.json`. Returns `null` on any error (missing file, JSON
+* parse failure, etc.) — diagnostics must never throw.
+*
+* Node-only — uses dynamic `import()` so it does not pollute the browser
+* module graph.
+*/
+async function readMcpSdkVersion() {
+	try {
+		const { createRequire } = await import("node:module");
+		const pkgPath = createRequire(import.meta.url).resolve("@modelcontextprotocol/sdk/package.json");
+		const { readFileSync } = await import("node:fs");
+		const raw = readFileSync(pkgPath, "utf8");
+		const parsed = JSON.parse(raw);
+		return typeof parsed.version === "string" ? parsed.version : null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Returns the `@ait-co/devtools` package version injected at build time via
+* the `__VERSION__` define. Returns `null` when the global is absent (e.g. in
+* some test environments that skip the build step).
+*/
+function readDevtoolsVersion() {
+	try {
+		const v = globalThis.__VERSION__;
+		return typeof v === "string" && v.length > 0 ? v : null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Derives the next recommended action from a completed diagnostics snapshot.
+*
+* Branch rules (evaluated in priority order):
+*   1. tunnel.up === false                        → restart
+*   2. tunnel.up, pages empty, env === relay      → build_attach_url (start attach)
+*   3. pages has entry + crashDetectedAt non-null → build_attach_url (re-attach after crash)
+*   4. otherwise                                  → null (session looks healthy)
+*
+* Pure — does not throw; receives the final assembled snapshot fields.
+*/
+function computeNextRecommendedAction(tunnel, pages, env) {
+	if (!tunnel.up) return {
+		tool: "restart",
+		reason: "tunnel not up — run `npx @ait-co/devtools devtools-mcp` to restart"
+	};
+	if (isRelayEnv(env) && pages !== null && pages.pages.length === 0 && !pages.crashDetectedAt) return {
+		tool: "build_attach_url",
+		reason: "tunnel ready, no pages attached — call build_attach_url to generate the attach QR"
+	};
+	if (pages !== null && pages.crashDetectedAt !== null) return {
+		tool: "build_attach_url",
+		reason: `page crashed at ${pages.crashDetectedAt} — call build_attach_url to re-attach`
+	};
+	return null;
+}
+/**
+* Builds the `get_diagnostics` response. Pure — does not throw; missing data
+* fields are `null`. Async because `readMcpSdkVersion` needs `import()`.
+*
+* SECRET-HANDLING:
+*   - `recentErrors` messages are already redacted by `recordError` (via
+*     `redactErrorMessage`). No additional redaction needed here.
+*   - `tunnel.wssUrl` is a public cloudflared hostname — not a secret.
+*   - Lock file data contains only pid + startedAt + wssUrl — no secrets.
+*/
+async function getDiagnostics(input) {
+	const { tunnel, connection, env, envReason, collector, readLock: readLockFn, recentErrorsLimit = 10, getMcpVersion = readMcpSdkVersion } = input;
+	const [mcpVersion, devtoolsVersion] = await Promise.all([getMcpVersion(), Promise.resolve(readDevtoolsVersion())]);
+	const lockData = readLockFn();
+	const serverLockHolder = lockData ? {
+		pid: lockData.pid,
+		startedAt: lockData.startedAt,
+		wssUrl: lockData.wssUrl
+	} : null;
+	const tunnelInfo = {
+		up: tunnel.up,
+		wssUrl: tunnel.wssUrl,
+		pid: lockData?.pid ?? null,
+		startedAt: lockData?.startedAt ?? null
+	};
+	let pages = null;
+	if (connection !== void 0) try {
+		pages = listPages(connection, tunnel);
+	} catch {}
+	const limit = Math.min(Math.max(1, recentErrorsLimit), 50);
+	const recentErrors = collector.getRecentErrors(limit);
+	const nextRecommendedAction = computeNextRecommendedAction(tunnelInfo, pages, env);
+	return {
+		mcpVersion,
+		devtoolsVersion,
+		tunnel: tunnelInfo,
+		pages,
+		lastAttachAt: collector.getLastAttachAt(),
+		lastDetachAt: collector.getLastDetachAt(),
+		recentErrors,
+		environment: {
+			kind: env,
+			env: toLegacyEnv(env),
+			reason: envReason,
+			liveGuardActive: isLiveRelayEnv(env)
+		},
+		serverLockHolder,
+		nextRecommendedAction
+	};
+}
 //#endregion
 //#region src/mcp/totp.ts
 /**
@@ -2660,6 +3158,15 @@ function verifyTotp(secret, code, when = Date.now(), skew = 1) {
 * and would be stale by the time a human scans. The in-app deep-link builder
 * splices the live code at attach time.
 *
+* Tunnel health probe (`TunnelHealthProbe`):
+*   After the tunnel is up, a periodic HTTP HEAD probe hits the tunnel's
+*   `https://` URL every `probeIntervalMs` (default 60 s). Two consecutive
+*   failures trigger a reissue attempt (spawn a new cloudflared quick tunnel
+*   and redirect traffic). After `MAX_REISSUE_ATTEMPTS` (3) consecutive
+*   reissue failures, the probe gives up and marks the tunnel permanently
+*   dropped — `tunnelStatus.up` becomes false with `droppedAt` set. The caller
+*   should surface this to the agent so the user knows to restart the server.
+*
 * SECRET-HANDLING: The TOTP secret and computed code values MUST NOT appear
 * in any output from this module.
 *
@@ -2782,6 +3289,118 @@ async function printAttachBanner(input) {
 	const banner = await renderAttachBanner(input);
 	process.stderr.write(`${banner}\n`);
 }
+/**
+* Probes `https://` URL with an HTTP HEAD request.
+* Returns `true` when the server responds (any HTTP status), `false` on
+* network error or timeout.
+*
+* We treat any HTTP response (including 4xx/5xx) as "tunnel alive" because
+* cloudflared itself responds to the HEAD — if the tunnel process died, the
+* request fails at the network level rather than returning a status code.
+*
+* @param httpsUrl - The `https://` tunnel URL to probe.
+* @param timeoutMs - Abort timeout in ms. Default 10 000.
+*/
+async function probeTunnel(httpsUrl, timeoutMs = 1e4) {
+	const { default: https } = await import("node:https");
+	return new Promise((resolve) => {
+		const url = new URL(httpsUrl);
+		const timer = setTimeout(() => {
+			req.destroy();
+			resolve(false);
+		}, timeoutMs);
+		const req = https.request({
+			hostname: url.hostname,
+			port: 443,
+			path: url.pathname || "/",
+			method: "HEAD"
+		}, (_res) => {
+			clearTimeout(timer);
+			_res.resume();
+			resolve(true);
+		});
+		req.on("error", () => {
+			clearTimeout(timer);
+			resolve(false);
+		});
+		req.end();
+	});
+}
+/**
+* Starts a periodic health probe for a cloudflared quick tunnel.
+*
+* Every `probeIntervalMs` the probe sends an HTTP HEAD request to the tunnel's
+* `https://` URL. When `failuresBeforeReissue` consecutive failures are
+* detected, it attempts to spawn a new tunnel (up to `MAX_REISSUE_ATTEMPTS`
+* times). On success the caller is notified via `onReissue`; on permanent
+* failure via `onPermanentDrop`.
+*
+* @returns `stop` — call during server shutdown to clear the probe interval.
+*/
+function startTunnelHealthProbe(initialTunnel, localPort, options) {
+	const { probeIntervalMs = 6e4, failuresBeforeReissue = 2, onReissue, onPermanentDrop, log = (msg) => process.stderr.write(msg), probe = probeTunnel, spawnTunnel = startQuickTunnel } = options;
+	let currentTunnel = initialTunnel;
+	let consecutiveFailures = 0;
+	let reissueAttempts = 0;
+	let stopped = false;
+	const handle = setInterval(() => {
+		(async () => {
+			if (stopped) return;
+			const httpsUrl = currentTunnel.url;
+			if (await probe(httpsUrl)) {
+				if (consecutiveFailures > 0) log("[ait-debug] tunnel health probe: tunnel recovered\n");
+				consecutiveFailures = 0;
+				reissueAttempts = 0;
+				return;
+			}
+			consecutiveFailures += 1;
+			log(`[ait-debug] tunnel health probe: failure ${consecutiveFailures}/${failuresBeforeReissue} (url=${httpsUrl})\n`);
+			if (consecutiveFailures < failuresBeforeReissue) return;
+			reissueAttempts += 1;
+			if (reissueAttempts > 3) return;
+			log(`[ait-debug] tunnel drop detected — reissuing (attempt ${reissueAttempts}/3)\n`);
+			try {
+				const newTunnel = await spawnTunnel(localPort);
+				try {
+					currentTunnel.stop();
+				} catch {}
+				currentTunnel = newTunnel;
+				consecutiveFailures = 0;
+				log(`[ait-debug] tunnel reissued — new relay: ${newTunnel.wssUrl}\n`);
+				onReissue(newTunnel);
+			} catch (err) {
+				const message = err instanceof Error ? err.message : String(err);
+				log(`[ait-debug] tunnel reissue attempt ${reissueAttempts} failed: ${message}\n`);
+				if (reissueAttempts >= 3) {
+					clearInterval(handle);
+					stopped = true;
+					const droppedAt = (/* @__PURE__ */ new Date()).toISOString();
+					log(`[ait-debug] tunnel permanently dropped after 3 reissue attempts — restart the debug server to continue (npx @ait-co/devtools devtools-mcp).
+`);
+					onPermanentDrop(droppedAt);
+				}
+			}
+		})();
+	}, probeIntervalMs);
+	return { stop() {
+		stopped = true;
+		clearInterval(handle);
+	} };
+}
+/**
+* Builds a `TunnelStatus` snapshot that includes drop state.
+*
+* Convenience helper for callers (debug-server) that maintain a mutable
+* `tunnelStatus` object — keeps the shape construction in one place.
+*/
+function makeTunnelStatus(up, wssUrl, droppedAt = null, reissueAttempts = 0) {
+	return {
+		up,
+		wssUrl,
+		droppedAt,
+		reissueAttempts
+	};
+}
 //#endregion
 //#region src/mcp/debug-server.ts
 /**
@@ -2899,12 +3518,19 @@ function waitForAttachWithEvents(connection, filterFn, timeoutMs, pollIntervalMs
 * naturally via `enableDomains`). The tier only controls visibility.
 */
 function createDebugServer(deps) {
-	const { connection, aitSource, getTunnelStatus, waitForAttachTimeoutMs = 9e4, qrHttpServer, getEnvironment: getEnvDep, getEnvironmentReason: getEnvReasonDep } = deps;
-	const resolveEnvironment = getEnvDep ?? (() => getEnvironment({ connection }));
-	const resolveEnvironmentReason = getEnvReasonDep ?? (() => getEnvironmentReason({ connection }));
+	const { connection, aitSource, getTunnelStatus, waitForAttachTimeoutMs = 9e4, qrHttpServer, getEnvironment: getEnvDep, getEnvironmentReason: getEnvReasonDep, diagnosticsCollector: collectorDep, defaultEnv } = deps;
+	const resolveEnvironment = getEnvDep ?? (() => getEnvironment({
+		connection,
+		defaultEnv
+	}));
+	const resolveEnvironmentReason = getEnvReasonDep ?? (() => getEnvironmentReason({
+		connection,
+		defaultEnv
+	}));
+	const collector = collectorDep ?? new InMemoryDiagnosticsCollector();
 	const server = new Server({
 		name: "ait-debug",
-		version: "0.1.43"
+		version: "0.1.45"
 	}, { capabilities: { tools: { listChanged: true } } });
 	server.setRequestHandler(ListToolsRequestSchema, () => {
 		const env = resolveEnvironment();
@@ -2923,15 +3549,16 @@ function createDebugServer(deps) {
 		};
 		const env = resolveEnvironment();
 		if (!isToolAvailableIn(name, env)) {
-			const reason = `tool ${name} is available only in ${getToolAvailability(name)}. Current environment is ${env} (${resolveEnvironmentReason()}).`;
-			process.stderr.write(`[ait-debug] tier-filter rejected ${name}: ${reason}\n`);
-			return {
-				content: [{
-					type: "text",
-					text: reason
-				}],
-				isError: true
-			};
+			const requiredEnv = getToolAvailability(name) ?? "unknown";
+			const envReason = resolveEnvironmentReason();
+			logWarn("tool.error", {
+				tool: name,
+				errorKind: "tier-filter",
+				requiredEnv,
+				currentEnv: env,
+				envReason
+			});
+			return tierRejectionError(name, requiredEnv, env, envReason);
 		}
 		if (isAitToolName(name)) try {
 			await connection.enableDomains();
@@ -2944,19 +3571,31 @@ function createDebugServer(deps) {
 		} catch (err) {
 			return errorResult(err, name);
 		}
+		if (name === "get_diagnostics") try {
+			const rawLimit = request.params.arguments?.recent_errors_limit;
+			const recentErrorsLimit = typeof rawLimit === "number" && rawLimit > 0 ? rawLimit : 10;
+			return jsonResult$1(await getDiagnostics({
+				tunnel: getTunnelStatus(),
+				connection,
+				env: resolveEnvironment(),
+				envReason: resolveEnvironmentReason(),
+				collector,
+				readLock: readServerLock,
+				recentErrorsLimit
+			}));
+		} catch (err) {
+			return errorResult(err, name);
+		}
 		if (name === "build_attach_url") {
 			const schemeUrl = request.params.arguments?.scheme_url;
-			if (typeof schemeUrl !== "string" || schemeUrl === "") return {
-				content: [{
-					type: "text",
-					text: "build_attach_url requires a non-empty scheme_url."
-				}],
-				isError: true
-			};
+			if (typeof schemeUrl !== "string" || schemeUrl === "") return mcpError("build_attach_url: scheme_url이 비어 있습니다. `ait deploy --scheme-only`가 출력하는 intoss-private:// URL을 인자로 전달하세요.");
 			const waitForAttach = request.params.arguments?.wait_for_attach === true;
 			const openInBrowser = request.params.arguments?.open_in_browser !== false;
 			const deploymentId = extractDeploymentId(schemeUrl);
-			if (!deploymentId) process.stderr.write("[ait-debug] build_attach_url: no _deploymentId in scheme_url; matching on presence only\n");
+			if (!deploymentId) logInfo("tool.call", {
+				tool: "build_attach_url",
+				msg: "no _deploymentId in scheme_url; matching on presence only"
+			});
 			/** Returns true when the page list satisfies the attach condition. */
 			const isMatchingPage = (pages) => {
 				if (pages.length === 0) return false;
@@ -2973,10 +3612,50 @@ function createDebugServer(deps) {
 				const { attachUrl, relayUrl, authorityWarning } = buildAttachUrl(schemeUrl, getTunnelStatus());
 				const warningPrefix = authorityWarning ? `⚠️  scheme_url 경고: ${authorityWarning}\n\n` : "";
 				const header = "This tool result is shown to the user directly — do NOT re-print the QR below in your reply (it wastes output tokens). Just tell the user to scan the QR in this output (Ctrl+O to expand if collapsed).";
-				if (openInBrowser && canOpenBrowser() && qrHttpServer) {
+				const guiAvailable = canOpenBrowser();
+				if (openInBrowser && !guiAvailable) {
+					const headlessNote = "[open_in_browser] GUI 환경이 감지되지 않았습니다 (headless/remote 환경). open_in_browser=false로 자동 폴백합니다. 텍스트 QR을 폰 카메라로 스캔하거나, 로컬 GUI 환경에서 실행하세요.\n\n";
+					const qrHeadless = await renderQr(attachUrl);
+					const headlessText = `${warningPrefix}${headlessNote}${header}\n${JSON.stringify({
+						attachUrl,
+						relayUrl
+					}, null, 2)}\n\n${qrHeadless}`;
+					if (!waitForAttach) return { content: [{
+						type: "text",
+						text: headlessText
+					}] };
+					let attachedPagesHl = [];
+					try {
+						attachedPagesHl = await waitForAttachWithEvents(connection, isMatchingPage, waitForAttachTimeoutMs);
+					} catch {
+						attachedPagesHl = connection.listTargets();
+						return {
+							content: [{
+								type: "text",
+								text: buildTimeoutError(headlessText, waitForAttachTimeoutMs / 1e3, attachedPagesHl)
+							}],
+							isError: true
+						};
+					}
+					const pagesResultHl = listPages(connection, getTunnelStatus());
+					return { content: [{
+						type: "text",
+						text: `${headlessText}\n\n${JSON.stringify(pagesResultHl, null, 2)}`
+					}] };
+				}
+				if (openInBrowser && guiAvailable && qrHttpServer) {
 					const browserResult = await openQrInBrowser(qrHttpServer.buildAttachPageUrl(attachUrl), `http://127.0.0.1:${qrHttpServer.port}/qr.png?u=${encodeURIComponent(attachUrl)}`);
 					if (browserResult.opened) {
-						const shortText = `${warningPrefix}${header}\n${JSON.stringify({ relayUrl }, null, 2)}\n\n브라우저에서 QR을 열었습니다. 폰 카메라로 스캔하세요.\nURL: ${browserResult.httpUrl}`;
+						const retriedNote = browserResult.retried ? " (1회 retry 후 성공)" : "";
+						const openResult = {
+							attempted: true,
+							succeeded: true,
+							...browserResult.retried ? { retried: true } : {}
+						};
+						const shortText = `${warningPrefix}${header}\n${JSON.stringify({
+							relayUrl,
+							openResult
+						}, null, 2)}\n\n브라우저에서 QR을 열었습니다${retriedNote}. 폰 카메라로 스캔하세요.\nURL: ${browserResult.httpUrl}`;
 						if (!waitForAttach) return { content: [{
 							type: "text",
 							text: shortText
@@ -3000,12 +3679,21 @@ function createDebugServer(deps) {
 							text: `${shortText}\n\n${JSON.stringify(pagesResult, null, 2)}`
 						}] };
 					}
+					const openResult = {
+						attempted: true,
+						succeeded: false,
+						failureReason: browserResult.error ?? "브라우저 실행 후보 모두 실패",
+						pngUrl: browserResult.pngUrl,
+						...browserResult.stderrSummary ? { stderrSummary: browserResult.stderrSummary } : {}
+					};
 					const stderrNote = browserResult.stderrSummary ? `\nstderr: ${browserResult.stderrSummary}` : "";
-					const fallbackNote = `브라우저 자동 열기에 실패했습니다. 다음 URL을 직접 브라우저에서 여세요:\n${browserResult.httpUrl}\n또는 PNG로 받기: ${browserResult.pngUrl}` + stderrNote + "\n\n";
+					const fallbackNote = `[open_in_browser] 브라우저 자동 열기에 실패했습니다. 다음 URL을 직접 브라우저에서 여세요:
+${browserResult.httpUrl}\n또는 PNG로 받기: ${browserResult.pngUrl}` + stderrNote + "\n\n";
 					const qr = await renderQr(attachUrl);
 					const baseText = `${warningPrefix}${fallbackNote}${header}\n${JSON.stringify({
 						attachUrl,
-						relayUrl
+						relayUrl,
+						openResult
 					}, null, 2)}\n\n${qr}`;
 					if (!waitForAttach) return { content: [{
 						type: "text",
@@ -3064,20 +3752,13 @@ function createDebugServer(deps) {
 		try {
 			await connection.enableDomains();
 		} catch (err) {
-			const message = err instanceof Error ? err.message : String(err);
 			if (name === "list_pages") {
 				if (connection instanceof ChiiCdpConnection) try {
 					await connection.refreshTargets();
 				} catch {}
 				return jsonResult$1(listPages(connection, getTunnelStatus()));
 			}
-			return {
-				content: [{
-					type: "text",
-					text: `${message}\nCall list_pages to confirm a mini-app has attached over the relay.`
-				}],
-				isError: true
-			};
+			return classifyEnableDomainError(err, name);
 		}
 		try {
 			switch (name) {
@@ -3105,26 +3786,19 @@ function createDebugServer(deps) {
 				case "measure_safe_area": return jsonResult$1(await measureSafeArea(connection, resolveEnvironment()));
 				case "evaluate": {
 					const expression = request.params.arguments?.expression;
-					if (typeof expression !== "string" || expression === "") return {
-						content: [{
-							type: "text",
-							text: "evaluate requires a non-empty expression."
-						}],
-						isError: true
-					};
+					if (typeof expression !== "string" || expression === "") return mcpError("evaluate: expression 인자가 비어 있습니다. 평가할 JavaScript 표현식을 전달하세요.");
+					if (isLiveRelayEnv(env) && request.params.arguments?.confirm !== true) return liveGuardError("evaluate");
 					return jsonResult$1(await evaluate(connection, expression));
 				}
 				case "call_sdk": {
 					const sdkName = request.params.arguments?.name;
-					if (typeof sdkName !== "string" || sdkName === "") return {
-						content: [{
-							type: "text",
-							text: "call_sdk requires a non-empty name."
-						}],
-						isError: true
-					};
+					if (typeof sdkName !== "string" || sdkName === "") return mcpError("call_sdk: name 인자가 비어 있습니다. 호출할 SDK 메서드 이름을 전달하세요.");
 					const rawArgs = request.params.arguments?.args;
-					return jsonResult$1(await callSdk(connection, sdkName, Array.isArray(rawArgs) ? rawArgs : []));
+					const sdkArgs = Array.isArray(rawArgs) ? rawArgs : [];
+					if (isLiveRelayEnv(env) && request.params.arguments?.confirm !== true) return liveGuardError("call_sdk");
+					const sdkResult = await callSdk(connection, sdkName, sdkArgs);
+					if (!sdkResult.ok && typeof sdkResult.error === "string" && sdkResult.error.startsWith("sdk-absent:")) return sdkAbsentError("call_sdk");
+					return jsonResult$1(sdkResult);
 				}
 				default: return unknownTool(name);
 			}
@@ -3141,33 +3815,29 @@ function jsonResult$1(value) {
 	}] };
 }
 function unknownTool(name) {
-	return {
-		content: [{
-			type: "text",
-			text: `Unknown tool: ${name}`
-		}],
-		isError: true
-	};
+	return mcpError(`알 수 없는 tool: ${name}`);
 }
 /**
-* Detects whether an error is a relay/websocket disconnect error.
-* These are distinguished from "no page attached yet" errors because they
-* require enableDomains() to be called again (re-establish the websocket),
-* not just waiting for a target to appear.
+* enableDomains()가 던진 에러를 4상태로 분류해 적절한 메시지를 반환한다.
+*
+* - "No mini-app page attached" → page 미attach (상태 2)
+* - crash/destroy/replaced 패턴 → page crash (상태 3)
+* - relay disconnect 패턴 → relay 연결 끊김
+* - 그 외 → 원본 메시지 + list_pages 안내
 */
-function isDisconnectError(err) {
-	if (!(err instanceof Error)) return false;
-	const msg = err.message;
-	return msg.includes("relay에 연결되어 있지 않습니다") || msg.includes("relay WebSocket") || msg.includes("replaced-by-new-attach") || msg.includes("Chii relay connection closed");
+function classifyEnableDomainError(err, toolName) {
+	const message = err instanceof Error ? err.message : String(err);
+	if (message.includes("No mini-app page attached") || message.includes("페이지가 attach 안")) return pageMissingError(toolName);
+	if (message.includes("replaced-by-new-attach") || message.includes("targetCrashed") || message.includes("targetDestroyed") || message.includes("detachedFromTarget")) return pageCrashError(toolName);
+	if (message.includes("relay에 연결되어 있지 않습니다") || message.includes("relay WebSocket") || message.includes("Chii relay connection closed")) return relayDisconnectError(toolName);
+	return classifyToolError(err, toolName);
 }
+/**
+* CDP/AIT 명령 실행 중 catch된 에러를 4상태로 분류해 tool 결과로 반환한다.
+* debug-server 내부 try/catch 블록에서 공통으로 사용한다.
+*/
 function errorResult(err, name) {
-	return {
-		content: [{
-			type: "text",
-			text: `${name} failed: ${err instanceof Error ? err.message : String(err)}${isDisconnectError(err) ? "\n\nrelay 연결이 끊겼습니다. list_pages → enableDomains() 재호출로 재연결하세요. 폰이 백그라운드로 내려갔거나 미니앱이 종료됐을 수 있습니다." : "\nCall list_pages to confirm a mini-app has attached over the relay."}`
-		}],
-		isError: true
-	};
+	return classifyToolError(err, name);
 }
 /**
 * Starts a polling watcher that detects the first 0→N target transition on
@@ -3239,7 +3909,7 @@ function buildRelayVerifyAuth() {
 *   4. expose the debug tools backed by a `ChiiCdpConnection` + `ChiiAitSource`.
 */
 async function runDebugServer(options = {}) {
-	const lockHandle = acquireLock();
+	const lockHandle = acquireLock({ force: options.force ?? false });
 	const relayPort = options.relayPort ?? 0;
 	const verifyAuth = buildRelayVerifyAuth();
 	const totpEnabled = verifyAuth !== void 0;
@@ -3247,27 +3917,45 @@ async function runDebugServer(options = {}) {
 		port: relayPort,
 		verifyAuth
 	});
+	logInfo("server.start", {
+		port: relay.port,
+		totpEnabled
+	});
 	let tunnel = null;
-	let tunnelStatus = {
-		up: false,
-		wssUrl: null
-	};
+	let tunnelStatus = makeTunnelStatus(false, null);
 	generateAttachToken();
+	let tunnelProbe = null;
 	startQuickTunnel(relay.port).then((t) => {
 		tunnel = t;
-		tunnelStatus = {
-			up: true,
-			wssUrl: t.wssUrl
-		};
+		tunnelStatus = makeTunnelStatus(true, t.wssUrl);
 		lockHandle.updateWssUrl(t.wssUrl);
+		logInfo("tunnel.up", { totpEnabled });
+		tunnelProbe = startTunnelHealthProbe(t, relay.port, {
+			onReissue: (newTunnel) => {
+				tunnel = newTunnel;
+				tunnelStatus = makeTunnelStatus(true, newTunnel.wssUrl, null, 0);
+				lockHandle.updateWssUrl(newTunnel.wssUrl);
+				printAttachBanner({
+					wssUrl: newTunnel.wssUrl,
+					totpEnabled
+				}).then(() => {
+					logInfo("tunnel.up", {
+						totpEnabled,
+						reissued: true
+					});
+				});
+			},
+			onPermanentDrop: (droppedAt) => {
+				tunnelStatus = makeTunnelStatus(false, null, droppedAt, 3);
+				logError("tunnel.down", { msg: `tunnel permanently dropped (${droppedAt}). Restart: npx @ait-co/devtools devtools-mcp` });
+			}
+		});
 		return printAttachBanner({
 			wssUrl: t.wssUrl,
 			totpEnabled
 		});
 	}, (err) => {
-		const message = err instanceof Error ? err.message : String(err);
-		process.stderr.write(`[ait-debug] Failed to open cloudflared quick tunnel: ${message}\n[ait-debug] The relay is up locally; attach over the public URL is unavailable until the tunnel starts.
-`);
+		logError("tunnel.down", { msg: `Failed to open cloudflared quick tunnel: ${err instanceof Error ? err.message : String(err)}. The relay is up locally; attach over the public URL is unavailable until the tunnel starts.` });
 	});
 	const connection = new ChiiCdpConnection({ relayBaseUrl: relay.baseUrl });
 	const aitSource = new ChiiAitSource(connection);
@@ -3275,17 +3963,19 @@ async function runDebugServer(options = {}) {
 	try {
 		qrServer = await startQrHttpServer();
 	} catch (err) {
-		const message = err instanceof Error ? err.message : String(err);
-		process.stderr.write(`[ait-debug] QR HTTP 서버 시작 실패 (text QR fallback 사용): ${message}\n`);
+		logWarn("server.start", { msg: `QR HTTP 서버 시작 실패 (text QR fallback 사용): ${err instanceof Error ? err.message : String(err)}` });
 	}
 	const devtoolsOpener = new AutoDevtoolsOpener();
+	const diagnosticsCollector = new InMemoryDiagnosticsCollector();
 	const server = createDebugServer({
 		connection,
 		aitSource,
 		getTunnelStatus: () => tunnelStatus,
 		get qrHttpServer() {
 			return qrServer;
-		}
+		},
+		diagnosticsCollector,
+		defaultEnv: "relay-dev"
 	});
 	const transport = new StdioServerTransport();
 	let closed = false;
@@ -3294,6 +3984,7 @@ async function runDebugServer(options = {}) {
 		if (closed) return;
 		closed = true;
 		attachWatcher?.stop();
+		tunnelProbe?.stop();
 		connection.close();
 		tunnel?.stop();
 		relay.close();
@@ -3308,23 +3999,34 @@ async function runDebugServer(options = {}) {
 		if (!closed) {
 			closed = true;
 			attachWatcher?.stop();
+			tunnelProbe?.stop();
 			tunnel?.stop();
 			lockHandle.release();
 		}
 	});
 	process.on("uncaughtException", (err) => {
-		process.stderr.write(`[ait-debug] uncaughtException: ${String(err)}\n`);
+		logError("tool.error", {
+			msg: `uncaughtException: ${String(err)}`,
+			errorKind: "uncaught"
+		});
 		shutdown();
 		process.exit(1);
 	});
 	process.on("unhandledRejection", (reason) => {
-		process.stderr.write(`[ait-debug] unhandledRejection: ${String(reason)}\n`);
+		logError("tool.error", {
+			msg: `unhandledRejection: ${String(reason)}`,
+			errorKind: "unhandled-rejection"
+		});
 		shutdown();
 		process.exit(1);
 	});
 	await server.connect(transport);
 	attachWatcher = startAttachWatcher(connection, server, 1e3, () => {
-		devtoolsOpener.open(tunnelStatus.wssUrl, getEnvironment({ connection }));
+		diagnosticsCollector.recordAttach();
+		devtoolsOpener.open(tunnelStatus.wssUrl, getEnvironment({
+			connection,
+			defaultEnv: "relay-dev"
+		}));
 	});
 }
 /**
@@ -3346,7 +4048,7 @@ async function runDebugServer(options = {}) {
 * expected and noted in the PR as an explicit out-of-scope follow-up.
 */
 async function runLocalDebugServer(options = {}) {
-	const lockHandle = acquireLock();
+	const lockHandle = acquireLock({ force: options.force ?? false });
 	const chromium = await launchChromium({
 		port: options.cdpPort ?? 0,
 		devUrl: options.devUrl ?? process.env.AIT_DEVTOOLS_URL ?? "http://localhost:5173"
@@ -3361,7 +4063,8 @@ async function runLocalDebugServer(options = {}) {
 	const server = createDebugServer({
 		connection,
 		aitSource,
-		getTunnelStatus: () => tunnelStatus
+		getTunnelStatus: () => tunnelStatus,
+		defaultEnv: "mock"
 	});
 	const transport = new StdioServerTransport();
 	let closed = false;
@@ -3387,12 +4090,20 @@ async function runLocalDebugServer(options = {}) {
 		}
 	});
 	process.on("uncaughtException", (err) => {
-		process.stderr.write(`[ait-local-debug] uncaughtException: ${String(err)}\n`);
+		logError("tool.error", {
+			msg: `uncaughtException: ${String(err)}`,
+			errorKind: "uncaught",
+			mode: "local"
+		});
 		shutdown();
 		process.exit(1);
 	});
 	process.on("unhandledRejection", (reason) => {
-		process.stderr.write(`[ait-local-debug] unhandledRejection: ${String(reason)}\n`);
+		logError("tool.error", {
+			msg: `unhandledRejection: ${String(reason)}`,
+			errorKind: "unhandled-rejection",
+			mode: "local"
+		});
 		shutdown();
 		process.exit(1);
 	});
@@ -3458,6 +4169,27 @@ var HttpAitSource = class {
 * (dev). `devtools_get_mock_state` (the original devtools#130 name) is kept as a
 * backward-compatible alias of `AIT.getMockState`.
 *
+* Issue #305 (M2-1) — dev/debug tool-surface unification:
+* dev-mode now also exposes `list_pages`, `get_diagnostics`, `measure_safe_area`,
+* and `call_sdk` so the docs/qa/scenarios.md acceptance sequence
+* `list_pages → measure_safe_area → call_sdk` works in dev mode without
+* "Unknown tool" failures.
+*
+* - `list_pages`       — shim: returns the Vite dev URL as a single-entry array.
+* - `get_diagnostics`  — dumps dev-mode server state (endpoint URL, last fetch
+*                        error, reachability, mode/environment metadata).
+* - `measure_safe_area`— reads safeAreaInsets from the mock state snapshot
+*                        (source: 'mock-vite').
+* - `call_sdk`         — reads mock state and builds a mock-equivalent result
+*                        using window.__ait.state for supported methods; returns
+*                        an explicit tier-filter error for methods that require
+*                        a live CDP bridge.
+* - CDP-only tools (`evaluate`, `take_screenshot`, `get_dom_document`,
+*                   `take_snapshot`, `list_console_messages`,
+*                   `list_network_requests`, `list_exceptions`) — return an
+*                   explicit tier-filter error explaining that CDP is unavailable
+*                   in dev-mode and pointing to `--mode=local` or `--mode=debug`.
+*
 * This module is reached via the `devtools-mcp --mode=dev` CLI entry (see
 * `cli.ts`); the default (no flag) bin mode is the debug-mode CDP/Chii server.
 *
@@ -3472,12 +4204,18 @@ var HttpAitSource = class {
 *     }
 *   }
 */
+/** Error message prefix for CDP-dependent tools called in dev-mode. */
+const CDP_UNAVAILABLE_IN_DEV_MODE = "dev-mode에서는 CDP 연결이 없어 이 도구를 사용할 수 없습니다. 실기기 또는 로컬 Chromium에 붙이려면 `devtools-mcp --mode=local` 또는 `devtools-mcp` (debug 모드 기본)로 전환하세요.";
 /**
 * Tool descriptors served by the dev-mode server.
 *
 * All dev-mode tools are Tier C (both envs) per RFC #277 — the dev-mode server
 * itself is the mock-side embodiment of those Tier C tools. `availableIn` is
 * declared so the surface stays consistent with the debug-mode registry.
+*
+* Issue #305: CDP-only tools are also listed with explicit descriptions so
+* agents do not get "Unknown tool" failures — they get a clear tier-filter
+* error message instead.
 */
 const DEV_TOOL_DEFINITIONS = [
 	{
@@ -3519,56 +4257,292 @@ const DEV_TOOL_DEFINITIONS = [
 			required: []
 		},
 		availableIn: "both"
+	},
+	{
+		name: "list_pages",
+		description: "dev-mode: returns the Vite dev server URL as a single-entry page list. No CDP relay is involved — `tunnel.up` is always false and `devMode: true` marks this as a shim result. Call this first to confirm the dev server is reachable. In debug mode (`devtools-mcp` / `--mode=local`) this returns real attached pages.",
+		inputSchema: {
+			type: "object",
+			properties: {},
+			required: []
+		},
+		availableIn: "both"
+	},
+	{
+		name: "get_diagnostics",
+		description: "dev-mode: returns server diagnostics — Vite endpoint URL, last fetch timestamp/error, mock state endpoint reachability, mode (\"dev\"), and environment metadata. Call this when the dev server connection is suspect. In debug mode this returns tunnel/relay/attach status instead.",
+		inputSchema: {
+			type: "object",
+			properties: { recent_errors_limit: {
+				type: "number",
+				description: "Ignored in dev-mode (no error ring buffer). Present for schema parity."
+			} },
+			required: []
+		},
+		availableIn: "both"
+	},
+	{
+		name: "measure_safe_area",
+		description: "dev-mode: reads safe-area insets from the mock state snapshot via the Vite endpoint. Returns `{ source: \"mock-vite\", sdkInsets, sdkInsetsSource: \"window.__ait\", ... }`. Values reflect what the DevTools panel reports at the time of the last state push. In debug mode this runs a Runtime.evaluate CDP probe on the attached page.",
+		inputSchema: {
+			type: "object",
+			properties: {},
+			required: []
+		},
+		availableIn: "both"
+	},
+	{
+		name: "call_sdk",
+		description: "dev-mode: calls a mock SDK method via the Vite mock state endpoint. Supported methods read from window.__ait mock state (e.g. getOperationalEnvironment). Returns the same `{ok, value}` / `{ok, error}` envelope as debug mode. In debug mode this calls the real SDK via window.__sdkCall over CDP.",
+		inputSchema: {
+			type: "object",
+			properties: {
+				name: {
+					type: "string",
+					description: "Mock SDK method name to call (e.g. \"getOperationalEnvironment\")."
+				},
+				args: {
+					type: "array",
+					description: "Arguments (ignored in dev-mode mock path; present for schema parity).",
+					items: {}
+				}
+			},
+			required: ["name"]
+		},
+		availableIn: "both"
+	},
+	{
+		name: "evaluate",
+		description: "Evaluates an arbitrary JavaScript expression via CDP Runtime.evaluate. NOT available in dev-mode (no CDP connection). Switch to `--mode=local` or `--mode=debug` for CDP access.",
+		inputSchema: {
+			type: "object",
+			properties: { expression: {
+				type: "string",
+				description: "JavaScript expression to evaluate."
+			} },
+			required: ["expression"]
+		},
+		availableIn: "both"
+	},
+	{
+		name: "take_screenshot",
+		description: "Captures a PNG screenshot via CDP Page.captureScreenshot. NOT available in dev-mode (no CDP connection). Switch to `--mode=local` or `--mode=debug`.",
+		inputSchema: {
+			type: "object",
+			properties: {},
+			required: []
+		},
+		availableIn: "both"
+	},
+	{
+		name: "get_dom_document",
+		description: "Returns the DOM tree via CDP DOM.getDocument. NOT available in dev-mode (no CDP connection). Switch to `--mode=local` or `--mode=debug`.",
+		inputSchema: {
+			type: "object",
+			properties: {},
+			required: []
+		},
+		availableIn: "both"
+	},
+	{
+		name: "take_snapshot",
+		description: "Captures a serialized page snapshot via CDP DOMSnapshot.captureSnapshot. NOT available in dev-mode (no CDP connection). Switch to `--mode=local` or `--mode=debug`.",
+		inputSchema: {
+			type: "object",
+			properties: {},
+			required: []
+		},
+		availableIn: "both"
+	},
+	{
+		name: "list_console_messages",
+		description: "Lists console messages captured via CDP Runtime.consoleAPICalled. NOT available in dev-mode (no CDP connection). Switch to `--mode=local` or `--mode=debug`.",
+		inputSchema: {
+			type: "object",
+			properties: {},
+			required: []
+		},
+		availableIn: "both"
+	},
+	{
+		name: "list_network_requests",
+		description: "Lists network requests captured via CDP Network events. NOT available in dev-mode (no CDP connection). Switch to `--mode=local` or `--mode=debug`.",
+		inputSchema: {
+			type: "object",
+			properties: {},
+			required: []
+		},
+		availableIn: "both"
+	},
+	{
+		name: "list_exceptions",
+		description: "Lists JS exceptions captured via CDP Runtime.exceptionThrown. NOT available in dev-mode (no CDP connection). Switch to `--mode=local` or `--mode=debug`.",
+		inputSchema: {
+			type: "object",
+			properties: { limit: {
+				type: "number",
+				description: "Maximum exceptions to return."
+			} },
+			required: []
+		},
+		availableIn: "both"
 	}
 ];
+/** All tool names served in dev-mode (including tier-filter stubs). */
 const DEV_TOOL_NAMES = new Set(DEV_TOOL_DEFINITIONS.map((t) => t.name));
+/** CDP-only tools — return a tier-filter error in dev-mode. */
+const CDP_ONLY_TOOL_NAMES = new Set([
+	"evaluate",
+	"take_screenshot",
+	"get_dom_document",
+	"take_snapshot",
+	"list_console_messages",
+	"list_network_requests",
+	"list_exceptions"
+]);
+/**
+* Builds the `list_pages` dev-mode shim response.
+* Returns the Vite dev URL as a single-entry page list with `devMode: true`.
+*/
+function buildDevListPagesResult(devtoolsUrl) {
+	return {
+		pages: [{
+			url: devtoolsUrl,
+			title: "dev fixture",
+			attached: true
+		}],
+		tunnel: { up: false },
+		devMode: true,
+		singleAttachModel: true
+	};
+}
+/**
+* Builds the `get_diagnostics` dev-mode response.
+* Probes the mock state endpoint reachability and returns server metadata.
+*/
+async function buildDevDiagnostics(devtoolsUrl, stateEndpoint, fetchImpl) {
+	let reachable = false;
+	let lastFetchError = null;
+	let lastFetchAt = null;
+	try {
+		const res = await fetchImpl(stateEndpoint);
+		reachable = res.ok;
+		lastFetchAt = (/* @__PURE__ */ new Date()).toISOString();
+		if (!res.ok) lastFetchError = `HTTP ${res.status} ${res.statusText}`;
+	} catch (err) {
+		lastFetchError = err instanceof Error ? err.message : String(err);
+		lastFetchAt = (/* @__PURE__ */ new Date()).toISOString();
+	}
+	return {
+		mode: "dev",
+		devtoolsUrl,
+		mcpStateEndpoint: stateEndpoint,
+		mockStateEndpointReachable: reachable,
+		lastFetchAt,
+		lastFetchError,
+		environment: {
+			kind: "mock",
+			reason: "dev-mode — Vite HTTP endpoint, no CDP connection"
+		},
+		nextRecommendedAction: reachable ? null : "mock state endpoint가 응답하지 않습니다. Vite dev 서버가 `mcp: true` 옵션으로 실행 중인지 확인하고, 필요하면 dev 서버를 재시작하세요."
+	};
+}
+/**
+* Builds the `measure_safe_area` dev-mode response from mock state.
+* Reads `safeAreaInsets` from the AIT mock state and returns a parity-schema
+* result with `source: 'mock-vite'`.
+*/
+async function buildDevMeasureSafeArea(aitSource) {
+	const rawInsets = (await aitSource.get("AIT.getMockState")).safeAreaInsets;
+	let sdkInsets = null;
+	if (rawInsets !== null && typeof rawInsets === "object" && !Array.isArray(rawInsets)) {
+		const r = rawInsets;
+		sdkInsets = {
+			top: typeof r.top === "number" ? r.top : 0,
+			right: typeof r.right === "number" ? r.right : 0,
+			bottom: typeof r.bottom === "number" ? r.bottom : 0,
+			left: typeof r.left === "number" ? r.left : 0
+		};
+	}
+	return {
+		source: "mock-vite",
+		cssEnv: {
+			top: 0,
+			right: 0,
+			bottom: 0,
+			left: 0
+		},
+		sdkInsets,
+		sdkInsetsSource: sdkInsets !== null ? "window.__ait" : null,
+		...sdkInsets === null ? { sdkInsetsError: "window.__ait.state.safeAreaInsets not found in mock state snapshot" } : {},
+		innerWidth: null,
+		innerHeight: null,
+		devicePixelRatio: null,
+		userAgent: null,
+		navBarHeight: null,
+		navBarHeightSource: "not-available-in-dev-mode"
+	};
+}
+/**
+* Builds the `call_sdk` dev-mode response.
+*
+* Supported methods are served from the mock state snapshot. Unsupported
+* methods return `{ ok: false, error: 'dev-mode-unsupported: ...' }` so the
+* agent gets an informative message rather than a generic failure.
+*/
+async function buildDevCallSdk(methodName, aitSource) {
+	switch (methodName) {
+		case "getOperationalEnvironment": {
+			const env = await aitSource.get("AIT.getOperationalEnvironment");
+			return {
+				ok: true,
+				value: {
+					environment: env.environment,
+					sdkVersion: env.sdkVersion
+				}
+			};
+		}
+		default: return {
+			ok: false,
+			error: `dev-mode-unsupported: "${methodName}"은 dev-mode에서 직접 호출할 수 없습니다. CDP bridge(window.__sdkCall)가 없으므로 실제 SDK 호출은 \`--mode=local\` 또는 debug 모드에서만 가능합니다. 지원 메서드: getOperationalEnvironment (mock state에서 읽음).`
+		};
+	}
+}
 /** Builds the dev-mode MCP server (does not connect a transport). */
 function createDevServer(deps = {}) {
-	const stateEndpoint = `${process.env.AIT_DEVTOOLS_URL ?? "http://localhost:5173"}/api/ait-devtools/state`;
+	const devtoolsUrl = process.env.AIT_DEVTOOLS_URL ?? "http://localhost:5173";
+	const stateEndpoint = `${devtoolsUrl}/api/ait-devtools/state`;
 	const aitSource = deps.aitSource ?? new HttpAitSource({ stateEndpoint });
 	const server = new Server({
 		name: "ait-devtools",
-		version: "0.1.43"
+		version: "0.1.45"
 	}, { capabilities: { tools: {} } });
 	server.setRequestHandler(ListToolsRequestSchema, () => ({ tools: DEV_TOOL_DEFINITIONS.map((tool) => ({ ...tool })) }));
 	server.setRequestHandler(CallToolRequestSchema, async (request) => {
 		const name = request.params.name;
-		if (!DEV_TOOL_NAMES.has(name)) return {
-			content: [{
-				type: "text",
-				text: `Unknown tool: ${name}`
-			}],
-			isError: true
-		};
+		if (!DEV_TOOL_NAMES.has(name)) return mcpError(`알 수 없는 tool: ${name}`);
+		if (CDP_ONLY_TOOL_NAMES.has(name)) return mcpError(`${name}: ${CDP_UNAVAILABLE_IN_DEV_MODE}`);
 		try {
 			const effective = name === "devtools_get_mock_state" ? "AIT.getMockState" : name;
-			if (!isAitToolName(effective)) return {
-				content: [{
-					type: "text",
-					text: `Unknown tool: ${name}`
-				}],
-				isError: true
-			};
-			switch (effective) {
+			if (isAitToolName(effective)) switch (effective) {
 				case "AIT.getMockState": return jsonResult(await getMockState(aitSource));
 				case "AIT.getOperationalEnvironment": return jsonResult(await getOperationalEnvironment(aitSource));
 				case "AIT.getSdkCallHistory": return jsonResult(await getSdkCallHistory(aitSource));
-				default: return {
-					content: [{
-						type: "text",
-						text: `Unknown tool: ${name}`
-					}],
-					isError: true
-				};
+				default: return mcpError(`알 수 없는 tool: ${name}`);
+			}
+			switch (name) {
+				case "list_pages": return jsonResult(buildDevListPagesResult(devtoolsUrl));
+				case "get_diagnostics": return jsonResult(await buildDevDiagnostics(devtoolsUrl, stateEndpoint, (url) => fetch(url)));
+				case "measure_safe_area": return jsonResult(await buildDevMeasureSafeArea(aitSource));
+				case "call_sdk": {
+					const sdkName = request.params.arguments?.name;
+					if (typeof sdkName !== "string" || sdkName === "") return mcpError("call_sdk: name 인자가 비어 있습니다. 호출할 메서드 이름을 전달하세요.");
+					return jsonResult(await buildDevCallSdk(sdkName, aitSource));
+				}
+				default: return mcpError(`알 수 없는 tool: ${name}`);
 			}
 		} catch (err) {
-			return {
-				content: [{
-					type: "text",
-					text: `${err instanceof Error ? err.message : String(err)}\nIs the Vite dev server running with the @ait-co/devtools unplugin option \`mcp: true\`? Is AIT_DEVTOOLS_URL set correctly?`
-				}],
-				isError: true
-			};
+			return mcpError(`${name} 실패: ${err instanceof Error ? err.message : String(err)}\nVite dev 서버가 @ait-co/devtools unplugin \`mcp: true\` 옵션으로 실행 중인지 확인하세요. AIT_DEVTOOLS_URL 환경변수가 올바르게 설정됐는지도 확인하세요.`);
 		}
 	});
 	return server;
@@ -3606,6 +4580,15 @@ async function runDevServer() {
 *
 * Node-only stdio process.
 */
+/**
+* Returns `true` when `--force` or `--takeover` is present in argv.
+*
+* Both flags are accepted as aliases — `--force` is the short form listed in
+* the `--help` output; `--takeover` is a longer synonym.
+*/
+function parseForce(argv) {
+	return argv.includes("--force") || argv.includes("--takeover");
+}
 /** Parses `--mode=<value>` / `--mode <value>` from argv; default `debug`. */
 function parseMode(argv) {
 	for (let i = 0; i < argv.length; i++) {
@@ -3653,8 +4636,12 @@ function normalizeTarget(value) {
 async function main() {
 	const args = process.argv.slice(2);
 	if (parseMode(args) === "dev") await runDevServer();
-	else if (parseTarget(args) === "local") await runLocalDebugServer();
-	else await runDebugServer();
+	else {
+		const target = parseTarget(args);
+		const force = parseForce(args);
+		if (target === "local") await runLocalDebugServer({ force });
+		else await runDebugServer({ force });
+	}
 }
 /**
 * True when this file is the process entry (the bin), not an import.
@@ -3681,6 +4668,6 @@ if (isEntrypoint()) main().catch((err) => {
 	process.exitCode = 1;
 });
 //#endregion
-export { parseMode, parseTarget };
+export { parseForce, parseMode, parseTarget };
 
 //# sourceMappingURL=cli.js.map