browser-debug-mcp-bridge 1.10.0 → 1.11.1

package/apps/mcp-server/dist/mcp/server.js

@@ -1,10 +1,20 @@
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
-import { existsSync, readFileSync } from 'fs';
+import { createHash, randomUUID } from 'crypto';
+import { existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from 'fs';
 import { dirname, resolve } from 'path';
 import { z } from 'zod';
 import { getConnection } from '../db/connection.js';
+import { diagnoseOverridePoc, insertOverridePlanAudit, listOverridePlanAudits, listOverridePocRequests, listOverridePocRuns, } from '../override-audit.js';
+import { createOverrideProfileConfig, OVERRIDE_PROFILE_ADAPTERS, } from '../override-profile-generator.js';
+import { assertOverrideResponseRequestCaptureSafe, classifyOverrideResponseRequestCapability, } from '../override-capabilities.js';
+import { getOverridePocConfigSummary } from '../override-poc.js';
+import { normalizeOverrideRequestMethod } from '../override-rule-types.js';
+import { mapNextOverrideAssetsWithDrift } from '../next-asset-mapper.js';
+import { planNextSourceOverride } from '../next-source-override-planner.js';
+import { listObservedOverrideAssets, persistObservedOverrideAssets } from '../override-observed-assets.js';
+import { planOverrideResponsePatch } from '../override-response-planner.js';
 function createDefaultMcpLogger() {
     const write = (level, message, payload) => {
         process.stderr.write(`${message} ${JSON.stringify({ level, ...payload })}\n`);
@@ -270,6 +280,13 @@ const TOOL_SCHEMAS = {
             sessionId: { type: 'string' },
         },
     },
+    get_live_session_health: {
+        type: 'object',
+        required: ['sessionId'],
+        properties: {
+            sessionId: { type: 'string' },
+        },
+    },
     get_recent_events: {
         type: 'object',
         properties: {
@@ -470,13 +487,6 @@ const TOOL_SCHEMAS = {
             maxTextLength: { type: 'number' },
         },
     },
-    get_live_session_health: {
-        type: 'object',
-        required: ['sessionId'],
-        properties: {
-            sessionId: { type: 'string' },
-        },
-    },
     set_viewport: {
         type: 'object',
         required: ['sessionId', 'width', 'height'],
@@ -577,6 +587,224 @@ const TOOL_SCHEMAS = {
             maxResponseBytes: { type: 'number' },
         },
     },
+    list_override_profiles: {
+        type: 'object',
+        properties: {},
+    },
+    create_override_profile: {
+        type: 'object',
+        required: ['targetBaseUrl'],
+        properties: {
+            adapter: { type: 'string' },
+            mode: { type: 'string' },
+            targetBaseUrl: { type: 'string' },
+            projectRoot: { type: 'string' },
+            assetRoot: { type: 'string' },
+            nextDir: { type: 'string' },
+            configPath: { type: 'string' },
+            profileId: { type: 'string' },
+            profileName: { type: 'string' },
+            enabled: { type: 'boolean' },
+            profileEnabled: { type: 'boolean' },
+            autoReload: { type: 'boolean' },
+            includeManifestFiles: { type: 'boolean' },
+            includeStaticFiles: { type: 'boolean' },
+            extensions: { type: 'array', items: { type: 'string' } },
+            maxRules: { type: 'number' },
+            writeConfig: { type: 'boolean' },
+            overwrite: { type: 'boolean' },
+        },
+    },
+    validate_override_profile: {
+        type: 'object',
+        properties: {
+            profileId: { type: 'string' },
+        },
+    },
+    preflight_overrides: {
+        type: 'object',
+        required: ['sessionId'],
+        properties: {
+            sessionId: { type: 'string' },
+            profileId: { type: 'string' },
+        },
+    },
+    observe_override_assets: {
+        type: 'object',
+        required: ['sessionId'],
+        properties: {
+            sessionId: { type: 'string' },
+            tabId: { type: 'number' },
+            includePerformance: { type: 'boolean' },
+        },
+    },
+    capture_override_response_body: {
+        type: 'object',
+        required: ['sessionId'],
+        properties: {
+            sessionId: { type: 'string' },
+            tabId: { type: 'number' },
+            targetUrl: { type: 'string' },
+            targetAssetUrl: { type: 'string' },
+            captureMode: { type: 'string', enum: ['extension-fetch', 'cdp-response'] },
+            triggerReload: { type: 'boolean' },
+            matchMode: { type: 'string', enum: ['exact', 'prefix'] },
+            ruleType: { type: 'string' },
+            requestMethod: { type: 'string' },
+            requestHeaders: { type: 'object' },
+            timeoutMs: { type: 'number' },
+            maxBodyBytes: { type: 'number' },
+            includeBody: { type: 'boolean' },
+        },
+    },
+    list_observed_override_assets: {
+        type: 'object',
+        required: ['sessionId'],
+        properties: {
+            sessionId: { type: 'string' },
+            limit: { type: 'number' },
+            sinceTimestamp: { type: 'number' },
+        },
+    },
+    map_next_override_assets: {
+        type: 'object',
+        required: ['projectRoot'],
+        properties: {
+            sessionId: { type: 'string' },
+            tabId: { type: 'number' },
+            projectRoot: { type: 'string' },
+            nextDir: { type: 'string' },
+            route: { type: 'string' },
+            sourcePaths: { type: 'array', items: { type: 'string' } },
+            observedAssets: { type: 'array', items: { type: 'object' } },
+            maxResults: { type: 'number' },
+            fetchProductionAssets: { type: 'boolean' },
+            productionFetchTimeoutMs: { type: 'number' },
+            maxProductionAssetBytes: { type: 'number' },
+            maxDriftCandidates: { type: 'number' },
+            productionFetchConcurrency: { type: 'number' },
+        },
+    },
+    plan_override_response_patch: {
+        type: 'object',
+        properties: {
+            sessionId: { type: 'string' },
+            tabId: { type: 'number' },
+            targetUrl: { type: 'string' },
+            targetAssetUrl: { type: 'string' },
+            captureMode: { type: 'string', enum: ['extension-fetch', 'cdp-response'] },
+            triggerReload: { type: 'boolean' },
+            ruleType: { type: 'string' },
+            requestMethod: { type: 'string' },
+            matchMode: { type: 'string', enum: ['exact', 'prefix'] },
+            requestHeaders: { type: 'object' },
+            timeoutMs: { type: 'number' },
+            contentType: { type: 'string' },
+            responseBodyText: { type: 'string' },
+            bodyText: { type: 'string' },
+            responseBodyBase64: { type: 'string' },
+            bodyBase64: { type: 'string' },
+            textPatches: { type: 'array', items: { type: 'object' } },
+            jsonPatches: { type: 'array', items: { type: 'object' } },
+            documentPatches: { type: 'array', items: { type: 'object' } },
+            maxBodyBytes: { type: 'number' },
+            outputRoot: { type: 'string' },
+            configPath: { type: 'string' },
+            writeBody: { type: 'boolean' },
+            writeConfig: { type: 'boolean' },
+            overwrite: { type: 'boolean' },
+            enabled: { type: 'boolean' },
+            profileEnabled: { type: 'boolean' },
+            autoReload: { type: 'boolean' },
+            profileId: { type: 'string' },
+            profileName: { type: 'string' },
+            ruleId: { type: 'string' },
+            includePreview: { type: 'boolean' },
+        },
+    },
+    plan_next_source_override: {
+        type: 'object',
+        required: ['projectRoot', 'sourceEdits'],
+        properties: {
+            sessionId: { type: 'string' },
+            tabId: { type: 'number' },
+            projectRoot: { type: 'string' },
+            nextDir: { type: 'string' },
+            route: { type: 'string' },
+            sourcePaths: { type: 'array', items: { type: 'string' } },
+            sourceEdits: { type: 'array', items: { type: 'object' } },
+            observedAssets: { type: 'array', items: { type: 'object' } },
+            configPath: { type: 'string' },
+            writeConfig: { type: 'boolean' },
+            overwrite: { type: 'boolean' },
+            enabled: { type: 'boolean' },
+            profileEnabled: { type: 'boolean' },
+            autoReload: { type: 'boolean' },
+            profileId: { type: 'string' },
+            profileName: { type: 'string' },
+            buildTimeoutMs: { type: 'number' },
+            maxRules: { type: 'number' },
+            fetchProductionAssets: { type: 'boolean' },
+            productionFetchTimeoutMs: { type: 'number' },
+            maxProductionAssetBytes: { type: 'number' },
+            maxDriftCandidates: { type: 'number' },
+            productionFetchConcurrency: { type: 'number' },
+            overlayTtlMs: { type: 'number' },
+        },
+    },
+    enable_overrides: {
+        type: 'object',
+        required: ['sessionId'],
+        properties: {
+            sessionId: { type: 'string' },
+            tabId: { type: 'number' },
+            profileId: { type: 'string' },
+        },
+    },
+    disable_overrides: {
+        type: 'object',
+        required: ['sessionId'],
+        properties: {
+            sessionId: { type: 'string' },
+        },
+    },
+    get_override_status: {
+        type: 'object',
+        properties: {
+            sessionId: { type: 'string' },
+            profileId: { type: 'string' },
+        },
+    },
+    get_override_request_log: {
+        type: 'object',
+        required: ['sessionId'],
+        properties: {
+            sessionId: { type: 'string' },
+            runId: { type: 'string' },
+            limit: { type: 'number' },
+            offset: { type: 'number' },
+            maxResponseBytes: { type: 'number' },
+        },
+    },
+    get_override_plan_log: {
+        type: 'object',
+        required: ['sessionId'],
+        properties: {
+            sessionId: { type: 'string' },
+            planId: { type: 'string' },
+            limit: { type: 'number' },
+            offset: { type: 'number' },
+            maxResponseBytes: { type: 'number' },
+        },
+    },
+    diagnose_overrides: {
+        type: 'object',
+        required: ['sessionId'],
+        properties: {
+            sessionId: { type: 'string' },
+            runId: { type: 'string' },
+        },
+    },
     explain_last_failure: {
         type: 'object',
         required: ['sessionId'],
@@ -841,6 +1069,22 @@ const TOOL_DESCRIPTIONS = {
     wait_for_page_state: 'Poll compact page state until a structured assertion becomes true',
     capture_ui_snapshot: 'Capture redacted UI snapshot (DOM/styles/optional PNG) and persist it',
     get_live_console_logs: 'Read in-memory live console logs for a connected session',
+    list_override_profiles: 'List configured browser override profiles',
+    create_override_profile: 'Generate a candidate browser override profile from local build assets',
+    validate_override_profile: 'Validate the current browser override profile and local asset readiness',
+    preflight_overrides: 'Run production-safety checks before enabling browser overrides for a live session',
+    observe_override_assets: 'Observe production render artifacts from a live extension tab',
+    capture_override_response_body: 'Capture a bounded text response body from a live extension session for override planning, using extension fetch or explicit CDP response-stage capture',
+    list_observed_override_assets: 'List persisted production render artifacts observed for a session',
+    map_next_override_assets: 'Map observed production Next.js assets to local build chunks and source paths',
+    plan_override_response_patch: 'Patch a supplied or live-captured text response body with literal textPatches or JSON Pointer jsonPatches and write an exact or prefix override rule for supported response types',
+    plan_next_source_override: 'Apply source edits in a temp Next.js overlay build and plan exact browser override rules',
+    enable_overrides: 'Enable browser overrides for a live extension session',
+    disable_overrides: 'Disable browser overrides for a live extension session',
+    get_override_status: 'Read live or persisted browser override status for a session',
+    get_override_request_log: 'Read persisted browser override request audit rows',
+    get_override_plan_log: 'Read persisted generated override plan audit rows with previews, hashes, and rollback metadata',
+    diagnose_overrides: 'Diagnose persisted browser override runs and failure indicators',
     explain_last_failure: 'Explain the latest failure timeline',
     get_event_correlation: 'Correlate related events by window',
     list_snapshots: 'List snapshot metadata by session/time/trigger',
@@ -870,6 +1114,18 @@ const DEFAULT_NETWORK_POLL_TIMEOUT_MS = 15_000;
 const MAX_NETWORK_POLL_TIMEOUT_MS = 120_000;
 const DEFAULT_NETWORK_POLL_INTERVAL_MS = 250;
 const LIVE_SESSION_DISCONNECTED_CODE = 'LIVE_SESSION_DISCONNECTED';
+const OVERRIDE_LIVE_COMMAND_TIMEOUT_CODE = 'OVERRIDE_LIVE_COMMAND_TIMEOUT';
+const OVERRIDE_LIVE_COMMAND_FAILED_CODE = 'OVERRIDE_LIVE_COMMAND_FAILED';
+const STALE_LIVE_CONNECTION_GRACE_WINDOW_MS = 30 * 60 * 1000;
+const NOISE_SESSION_HOST_PATTERNS = [
+    /(^|\.)adtrafficquality\.google$/i,
+    /(^|\.)doubleclick\.net$/i,
+    /(^|\.)googlesyndication\.com$/i,
+    /(^|\.)googleadservices\.com$/i,
+    /(^|\.)recaptcha\.net$/i,
+    /(^|\.)gstatic\.com$/i,
+];
+const NOISE_SESSION_PATH_PATTERNS = [/\/sodar/i, /\/recaptcha/i, /runner\.html$/i];
 const NETWORK_CALL_SELECT_COLUMNS = `
   request_id, session_id, trace_id, tab_id, ts_start, duration_ms, method, url, origin, status, initiator, error_class, response_size_est,
   request_content_type, request_body_text, request_body_json, request_body_bytes, request_body_truncated, request_body_chunk_ref,
@@ -1076,128 +1332,1058 @@ function resolveLastUrl(payload) {
     }
     return undefined;
 }
-function mapEventRecord(row, profile = 'legacy', options = {}) {
-    const payload = readJsonPayload(row.payload_json);
-    if (profile === 'compact') {
-        const compact = {
-            eventId: row.event_id,
-            sessionId: row.session_id,
-            timestamp: row.ts,
-            type: row.type,
-            summary: describeEvent(row.type, payload),
+function classifySessionUrl(urlValue) {
+    if (!urlValue) {
+        return {
+            kind: 'unknown',
+            note: 'No session URL is available yet.',
         };
-        if (row.type === 'console') {
-            compact.level = typeof payload.level === 'string' ? payload.level : undefined;
-            compact.message = typeof payload.message === 'string' ? payload.message : undefined;
-        }
-        if (row.type === 'nav') {
-            compact.url = resolveLastUrl(payload);
+    }
+    try {
+        const parsed = new URL(urlValue);
+        const host = parsed.hostname.toLowerCase();
+        const pathname = parsed.pathname.toLowerCase();
+        const origin = parsed.origin;
+        const isLocalhost = host === 'localhost' || host === '127.0.0.1';
+        if (NOISE_SESSION_HOST_PATTERNS.some((pattern) => pattern.test(host))
+            || NOISE_SESSION_PATH_PATTERNS.some((pattern) => pattern.test(pathname))) {
+            return {
+                kind: 'likely_iframe_noise',
+                note: 'Last URL looks like third-party iframe/ad traffic rather than the app surface.',
+                origin,
+                host,
+                isLocalhost,
+            };
         }
-        if (options.includePayload === true) {
-            compact.payload = payload;
+        if (parsed.protocol === 'http:' || parsed.protocol === 'https:') {
+            return {
+                kind: 'top_level_page',
+                note: isLocalhost
+                    ? 'Last URL looks like a local top-level app page.'
+                    : 'Last URL looks like a top-level app page.',
+                origin,
+                host,
+                isLocalhost,
+            };
         }
-        return compact;
+    }
+    catch {
+        return {
+            kind: 'unknown',
+            note: 'Session URL could not be parsed.',
+        };
     }
     return {
-        eventId: row.event_id,
-        sessionId: row.session_id,
-        timestamp: row.ts,
-        type: row.type,
-        tabId: row.tab_id ?? (typeof payload.tabId === 'number' ? payload.tabId : undefined),
-        origin: row.origin
-            ?? (typeof payload.origin === 'string' ? payload.origin : undefined)
-            ?? undefined,
-        payload,
+        kind: 'unknown',
+        note: 'Session URL does not use an http(s) page origin.',
     };
 }
-function classifyNetworkFailure(status, errorClass) {
-    if (errorClass && errorClass.length > 0) {
-        return errorClass;
+function getSessionStatus(row) {
+    if (row.ended_at) {
+        return 'ended';
     }
-    if (typeof status === 'number' && status >= 400) {
-        return 'http_error';
+    if (row.paused_at) {
+        return 'paused';
     }
-    return 'unknown';
+    return 'active';
 }
-function buildNetworkFailureFilter(errorType) {
-    if (typeof errorType !== 'string' || errorType.length === 0) {
-        return '(error_class IS NOT NULL OR COALESCE(status, 0) >= 400)';
+function buildOverrideProfileRecords() {
+    const summary = getOverridePocConfigSummary();
+    return summary.profiles.map((profile) => ({
+        profileId: profile.profileId,
+        name: profile.name,
+        active: profile.profileId === summary.activeProfileId,
+        configEnabled: summary.configEnabled,
+        enabled: profile.enabled,
+        effectiveEnabled: summary.configEnabled && profile.enabled && profile.enabledRuleCount > 0,
+        autoReload: profile.autoReload,
+        configPath: summary.configPath,
+        fileExists: profile.fileExists,
+        ruleCount: profile.ruleCount,
+        enabledRuleCount: profile.enabledRuleCount,
+        rules: profile.rules,
+    }));
+}
+function resolveOverrideProfileRecord(value) {
+    const profiles = buildOverrideProfileRecords();
+    const fallbackProfileId = typeof profiles[0]?.profileId === 'string' ? profiles[0].profileId : 'poc';
+    const requestedProfileId = typeof value === 'string' && value.trim().length > 0 ? value.trim() : fallbackProfileId;
+    const profile = profiles.find((candidate) => candidate.profileId === requestedProfileId);
+    if (!profile) {
+        throw new Error(`Unknown override profile: ${requestedProfileId}`);
+    }
+    return profile;
+}
+const SHA256_HEX_PATTERN = /^[a-f0-9]{64}$/;
+function sha256Text(value) {
+    return createHash('sha256').update(value, 'utf8').digest('hex');
+}
+function isRecordWithRscFlightMetadata(value) {
+    return isRecord(value)
+        && (value.productionMode === 'structured-flight-v1' && value.patchKind === 'string-value-text'
+            || value.productionMode === 'literal-response-v1' && value.patchKind === 'literal-text')
+        && value.source !== undefined
+        && value.patchKind !== undefined;
+}
+function normalizeRuleStringHeaders(value) {
+    if (!isRecord(value)) {
+        return undefined;
     }
-    if (errorType === 'http_error') {
-        return "(error_class = 'http_error' OR (error_class IS NULL AND COALESCE(status, 0) >= 400))";
+    const headers = {};
+    for (const [name, rawValue] of Object.entries(value)) {
+        if (typeof rawValue !== 'string') {
+            continue;
+        }
+        const normalizedName = name.trim().toLowerCase();
+        const normalizedValue = rawValue.trim();
+        if (normalizedName.length > 0 && normalizedValue.length > 0) {
+            headers[normalizedName] = normalizedValue;
+        }
     }
-    return 'error_class = ?';
+    return Object.keys(headers).length > 0 ? headers : undefined;
 }
-function resolveWindowSeconds(value, fallback, maxValue) {
-    if (typeof value !== 'number' || !Number.isFinite(value)) {
-        return fallback;
+function getRscFlightRuleRequestHeaders(rule) {
+    return isRecord(rule.rscFlight) ? normalizeRuleStringHeaders(rule.rscFlight.requestHeaders) : undefined;
+}
+function getOverrideRuleRequestHeaders(rule) {
+    return normalizeRuleStringHeaders(rule.requestHeaders) ?? getRscFlightRuleRequestHeaders(rule);
+}
+function buildRscFlightRuleIssues(rule) {
+    const ruleId = String(rule.ruleId ?? 'unknown');
+    const issues = [];
+    const rscFlight = rule.rscFlight;
+    if (!isRecordWithRscFlightMetadata(rscFlight)) {
+        return [{
+                code: 'UNSUPPORTED_RSC_FLIGHT_RULE',
+                severity: 'error',
+                message: `Rule ${ruleId} targets a Next.js RSC flight response without production RSC metadata generated by the response planner.`,
+            }];
+    }
+    const source = rscFlight.source;
+    if (source !== 'cdp-response' && source !== 'extension-fetch') {
+        issues.push({
+            code: 'RSC_FLIGHT_METADATA_INVALID',
+            severity: 'error',
+            message: `Rule ${ruleId} RSC metadata source must be cdp-response or extension-fetch.`,
+        });
     }
-    const floored = Math.floor(value);
-    if (floored < 1) {
-        return fallback;
+    if (!Array.isArray(rscFlight.textPatches) || rscFlight.textPatches.length === 0) {
+        issues.push({
+            code: 'RSC_FLIGHT_PATCHES_INVALID',
+            severity: 'error',
+            message: `Rule ${ruleId} RSC flight metadata must include string-value text patches.`,
+        });
     }
-    return Math.min(floored, maxValue);
-}
-function resolveOptionalTimestamp(value) {
-    if (typeof value !== 'number' || !Number.isFinite(value)) {
-        return undefined;
+    else {
+        for (const [index, patch] of rscFlight.textPatches.entries()) {
+            if (!isRecord(patch)
+                || typeof patch.search !== 'string'
+                || patch.search.length === 0
+                || typeof patch.replacement !== 'string'
+                || typeof patch.expectedCount !== 'number'
+                || !Number.isFinite(patch.expectedCount)
+                || patch.expectedCount < 0) {
+                issues.push({
+                    code: 'RSC_FLIGHT_PATCHES_INVALID',
+                    severity: 'error',
+                    message: `Rule ${ruleId} RSC flight textPatches[${index}] is invalid.`,
+                });
+            }
+        }
     }
-    const floored = Math.floor(value);
-    return floored < 0 ? undefined : floored;
-}
-function resolveChunkBytes(value, fallback) {
-    if (typeof value !== 'number' || !Number.isFinite(value)) {
-        return fallback;
+    const requestMethod = normalizeOverrideRequestMethod(rule.requestMethod);
+    const requestHeaders = getRscFlightRuleRequestHeaders(rule);
+    const isCapturedPostRscFlight = requestMethod === 'POST' && requestHeaders?.rsc === '1';
+    if (requestMethod !== 'GET' && !isCapturedPostRscFlight) {
+        issues.push({
+            code: 'RSC_FLIGHT_METHOD_UNSUPPORTED',
+            severity: 'error',
+            message: `Rule ${ruleId} RSC flight overrides only support GET requests or captured POST RSC response-stage patches.`,
+        });
     }
-    const floored = Math.floor(value);
-    if (floored < 1) {
-        return fallback;
+    const targetAssetUrl = typeof rule.targetAssetUrl === 'string' ? rule.targetAssetUrl : '';
+    try {
+        const parsed = new URL(targetAssetUrl);
+        if (requestMethod === 'GET' && !parsed.searchParams.has('_rsc')) {
+            issues.push({
+                code: 'RSC_FLIGHT_TARGET_INVALID',
+                severity: 'error',
+                message: `Rule ${ruleId} RSC flight targetAssetUrl must include the _rsc search parameter.`,
+            });
+        }
     }
-    return Math.min(floored, MAX_SNAPSHOT_ASSET_CHUNK_BYTES);
-}
-function resolveDurationMs(value, fallback, maxValue) {
-    if (typeof value !== 'number' || !Number.isFinite(value)) {
-        return fallback;
+    catch {
+        issues.push({
+            code: 'RSC_FLIGHT_TARGET_INVALID',
+            severity: 'error',
+            message: `Rule ${ruleId} RSC flight targetAssetUrl must be an absolute http(s) URL.`,
+        });
     }
-    const floored = Math.floor(value);
-    if (floored < 1) {
-        return fallback;
+    const contentType = typeof rule.contentType === 'string' ? rule.contentType : '';
+    const metadataContentType = typeof rscFlight.contentType === 'string' ? rscFlight.contentType : '';
+    if (!contentType.toLowerCase().includes('text/x-component') || !metadataContentType.toLowerCase().includes('text/x-component')) {
+        issues.push({
+            code: 'RSC_FLIGHT_CONTENT_TYPE_INVALID',
+            severity: 'error',
+            message: `Rule ${ruleId} RSC flight overrides require text/x-component content types.`,
+        });
     }
-    return Math.min(floored, maxValue);
-}
-function resolveBodyChunkBytes(value) {
-    if (typeof value !== 'number' || !Number.isFinite(value)) {
-        return DEFAULT_BODY_CHUNK_BYTES;
+    const originalSha256 = typeof rscFlight.originalSha256 === 'string' ? rscFlight.originalSha256 : '';
+    const patchedSha256 = typeof rscFlight.patchedSha256 === 'string' ? rscFlight.patchedSha256 : '';
+    if (!SHA256_HEX_PATTERN.test(originalSha256) || !SHA256_HEX_PATTERN.test(patchedSha256) || originalSha256 === patchedSha256) {
+        issues.push({
+            code: 'RSC_FLIGHT_HASH_INVALID',
+            severity: 'error',
+            message: `Rule ${ruleId} RSC flight metadata must include distinct original and patched sha256 hashes.`,
+        });
     }
-    const floored = Math.floor(value);
-    if (floored < 1) {
-        return DEFAULT_BODY_CHUNK_BYTES;
+    const patchedBytes = typeof rscFlight.patchedBytes === 'number' && Number.isFinite(rscFlight.patchedBytes)
+        ? Math.floor(rscFlight.patchedBytes)
+        : null;
+    if (patchedBytes === null || patchedBytes < 1) {
+        issues.push({
+            code: 'RSC_FLIGHT_BYTES_INVALID',
+            severity: 'error',
+            message: `Rule ${ruleId} RSC flight metadata must include a positive patchedBytes value.`,
+        });
     }
-    return Math.min(floored, MAX_BODY_CHUNK_BYTES);
-}
-function resolveTimeoutMs(value, fallback, maxValue) {
-    if (typeof value !== 'number' || !Number.isFinite(value)) {
-        return fallback;
+    const fileSizeBytes = typeof rule.fileSizeBytes === 'number' && Number.isFinite(rule.fileSizeBytes)
+        ? Math.floor(rule.fileSizeBytes)
+        : null;
+    if (patchedBytes !== null && fileSizeBytes !== null && patchedBytes !== fileSizeBytes) {
+        issues.push({
+            code: 'RSC_FLIGHT_LOCAL_FILE_MISMATCH',
+            severity: 'error',
+            message: `Rule ${ruleId} local RSC file size does not match patchedBytes metadata.`,
+        });
     }
-    const floored = Math.floor(value);
-    if (floored < 100) {
-        return fallback;
+    const resolvedLocalFilePath = typeof rule.resolvedLocalFilePath === 'string' ? rule.resolvedLocalFilePath : '';
+    if (resolvedLocalFilePath && existsSync(resolvedLocalFilePath) && SHA256_HEX_PATTERN.test(patchedSha256)) {
+        const body = readFileSync(resolvedLocalFilePath, 'utf8');
+        if (!/(^|\n)\d+:/u.test(body)) {
+            issues.push({
+                code: 'RSC_FLIGHT_BODY_INVALID',
+                severity: 'error',
+                message: `Rule ${ruleId} local RSC file does not match the supported Flight payload shape.`,
+            });
+        }
+        if (sha256Text(body) !== patchedSha256) {
+            issues.push({
+                code: 'RSC_FLIGHT_LOCAL_FILE_MISMATCH',
+                severity: 'error',
+                message: `Rule ${ruleId} local RSC file hash does not match patchedSha256 metadata.`,
+            });
+        }
     }
-    return Math.min(floored, maxValue);
+    return issues;
 }
-function normalizeHttpMethod(value) {
-    if (typeof value !== 'string') {
-        return undefined;
+function buildOverrideProfileIssues(profile) {
+    const issues = [];
+    const rules = Array.isArray(profile.rules)
+        ? profile.rules.filter((rule) => isRecord(rule))
+        : [];
+    if (profile.configEnabled !== true) {
+        issues.push({
+            code: 'CONFIG_DISABLED',
+            severity: 'warning',
+            message: 'The override config is disabled and cannot replace requests until enabled.',
+        });
     }
-    const normalized = value.trim().toUpperCase();
-    return normalized.length > 0 ? normalized : undefined;
-}
-function normalizeOptionalString(value) {
-    if (typeof value !== 'string') {
-        return undefined;
+    if (profile.enabled !== true) {
+        issues.push({
+            code: 'PROFILE_DISABLED',
+            severity: 'warning',
+            message: 'The override profile is disabled and cannot replace requests until enabled.',
+        });
     }
-    const trimmed = value.trim();
-    return trimmed.length > 0 ? trimmed : undefined;
+    if (rules.length === 0 || !rules.some((rule) => rule.enabled === true)) {
+        issues.push({
+            code: 'NO_ENABLED_RULES',
+            severity: 'error',
+            message: 'The override profile has no enabled rules.',
+        });
+    }
+    for (const rule of rules) {
+        if (rule.enabled !== true) {
+            continue;
+        }
+        if (typeof rule.targetAssetUrl !== 'string' || !rule.targetAssetUrl.startsWith('http')) {
+            issues.push({
+                code: 'TARGET_URL_INVALID',
+                severity: 'error',
+                message: `Rule ${String(rule.ruleId ?? 'unknown')} targetAssetUrl must be an absolute http(s) URL.`,
+            });
+        }
+        if (rule.fileExists !== true) {
+            issues.push({
+                code: 'LOCAL_FILE_MISSING',
+                severity: 'error',
+                message: `Rule ${String(rule.ruleId ?? 'unknown')} local override file does not exist.`,
+            });
+        }
+        issues.push(...classifyOverrideResponseRequestCapability({
+            ruleId: rule.ruleId,
+            requestMethod: rule.requestMethod,
+            requestHeaders: getOverrideRuleRequestHeaders(rule),
+            ruleType: rule.ruleType,
+        }).issues.map((issue) => ({ ...issue })));
+        if (rule.ruleType === 'rsc-flight') {
+            issues.push(...buildRscFlightRuleIssues(rule));
+        }
+    }
+    return issues;
+}
+function buildOverrideProfileNextActions(profile, issues) {
+    if (issues.some((issue) => issue.code === 'SERVER_ACTION_UNSUPPORTED')) {
+        return [{
+                code: 'REPLAN_SERVER_ACTION_OVERRIDE',
+                message: 'Server actions stay unsupported in production override mode; replace the flow with a GET document/data/API response path instead.',
+            }];
+    }
+    if (issues.some((issue) => issue.code === 'MUTATION_REPLAY_UNSUPPORTED')) {
+        return [{
+                code: 'REPLAN_MUTATION_OVERRIDE',
+                message: 'Mutation responses are not replay-safe; move the override to a GET document/data/API response or remove the non-GET rule.',
+            }];
+    }
+    if (issues.some((issue) => issue.code === 'UNSAFE_REQUEST_METHOD')) {
+        return [{
+                code: 'REPLAN_GET_ONLY_OVERRIDE',
+                message: 'Response override rules are production-safe only for GET requests; regenerate or remove non-GET rules.',
+            }];
+    }
+    if (issues.some((issue) => issue.code === 'LOCAL_FILE_MISSING')) {
+        return [{
+                code: 'REBUILD_OR_FIX_LOCAL_PATHS',
+                message: 'Rebuild the local app or fix localFilePath values before enabling overrides.',
+            }];
+    }
+    if (issues.some((issue) => issue.code === 'NO_ENABLED_RULES')) {
+        return [{
+                code: 'ENABLE_RULES',
+                message: 'Enable at least one rule in the selected override profile.',
+            }];
+    }
+    if (issues.some((issue) => issue.code === 'TARGET_URL_INVALID')) {
+        return [{
+                code: 'FIX_TARGET_URLS',
+                message: 'Use absolute http(s) production URLs for every targetAssetUrl.',
+            }];
+    }
+    if (issues.some((issue) => typeof issue.code === 'string' && issue.code.startsWith('RSC_FLIGHT_'))
+        || issues.some((issue) => issue.code === 'UNSUPPORTED_RSC_FLIGHT_RULE')) {
+        return [{
+                code: 'REPLAN_RSC_RESPONSE_OVERRIDE',
+                message: 'Regenerate the RSC rule with plan_override_response_patch from a captured text/x-component response body.',
+            }];
+    }
+    if (profile.configEnabled !== true) {
+        return [{
+                code: 'ENABLE_CONFIG',
+                message: 'Set the root override config enabled=true after reviewing the profile.',
+            }];
+    }
+    if (profile.enabled !== true) {
+        return [{
+                code: 'ENABLE_PROFILE',
+                message: 'Set the selected override profile enabled=true after reviewing its rules.',
+            }];
+    }
+    return [{
+            code: 'ENABLE_OVERRIDES',
+            message: 'Enable overrides on a connected session, then reload the target tab if needed.',
+        }];
+}
+function hasEnabledExperimentalRscFlightRule(profile) {
+    const rules = Array.isArray(profile.rules)
+        ? profile.rules.filter((rule) => isRecord(rule))
+        : [];
+    return rules.some((rule) => {
+        return rule.enabled === true
+            && rule.ruleType === 'rsc-flight'
+            && rule.allowExperimentalRscFlightFulfillment === true;
+    });
+}
+function canBypassPreflightForExperimentalRsc(profile, blockingCodes) {
+    const allowedExperimentalBlockers = new Set([
+        'UNSUPPORTED_RSC_FLIGHT_RULE',
+        'NO_OBSERVED_ASSETS',
+        'TARGET_ASSET_NOT_OBSERVED',
+    ]);
+    return blockingCodes.length > 0
+        && blockingCodes.includes('UNSUPPORTED_RSC_FLIGHT_RULE')
+        && blockingCodes.every((code) => allowedExperimentalBlockers.has(code))
+        && hasEnabledExperimentalRscFlightRule(profile);
+}
+const OVERRIDE_VARIANT_HEADER_ALLOWLIST = new Set([
+    'accept',
+    'content-type',
+    'next-router-prefetch',
+    'next-router-state-tree',
+    'purpose',
+    'rsc',
+    'x-nextjs-data',
+]);
+function normalizeOverrideVariantHeaders(value) {
+    if (!isRecord(value)) {
+        return {};
+    }
+    const normalized = {};
+    for (const [rawName, rawValue] of Object.entries(value)) {
+        const name = rawName.trim().toLowerCase();
+        if (!OVERRIDE_VARIANT_HEADER_ALLOWLIST.has(name)) {
+            continue;
+        }
+        if (typeof rawValue === 'string' && rawValue.trim().length > 0) {
+            normalized[name] = rawValue.trim();
+            continue;
+        }
+        if (typeof rawValue === 'number' || typeof rawValue === 'boolean') {
+            normalized[name] = String(rawValue);
+        }
+    }
+    return normalized;
+}
+function buildOverrideVariantContext(options) {
+    const targetUrl = normalizeOptionalString(options.targetUrl);
+    if (!targetUrl) {
+        return null;
+    }
+    const requestMethod = normalizeOverrideRequestMethod(options.requestMethod);
+    const matchMode = normalizeOptionalString(options.matchMode) ?? 'exact';
+    const ruleType = normalizeOptionalString(options.ruleType) ?? 'document';
+    const captureMode = normalizeOptionalString(options.captureMode);
+    const source = normalizeOptionalString(options.source);
+    const headers = normalizeOverrideVariantHeaders(options.requestHeaders);
+    const isPrefetchVariant = headers['next-router-prefetch'] === '1'
+        || headers.purpose?.toLowerCase() === 'prefetch';
+    const isRscRequest = ruleType === 'rsc-flight' || headers.rsc === '1';
+    let isNextDataRequest = ruleType === 'next-data' || headers['x-nextjs-data'] === '1';
+    let origin;
+    let pathname;
+    let searchParams = [];
+    try {
+        const parsed = new URL(targetUrl);
+        origin = parsed.origin;
+        pathname = parsed.pathname;
+        searchParams = Array.from(parsed.searchParams.entries()).map(([name, value]) => ({ name, value }));
+        if (pathname.startsWith('/_next/data/')) {
+            isNextDataRequest = true;
+        }
+    }
+    catch {
+        pathname = undefined;
+    }
+    const searchParamKeys = [...new Set(searchParams.map((entry) => entry.name))].sort();
+    const variantBasis = {
+        targetUrl,
+        origin: origin ?? null,
+        pathname: pathname ?? null,
+        searchParams,
+        requestMethod,
+        matchMode,
+        ruleType,
+        captureMode: captureMode ?? null,
+        source: source ?? null,
+        triggerReload: options.triggerReload === true,
+        headers,
+        isPrefetchVariant,
+        isRscRequest,
+        isNextDataRequest,
+    };
+    return {
+        ...variantBasis,
+        searchParamKeys,
+        variantKey: sha256Text(JSON.stringify(variantBasis)),
+    };
+}
+function extractPlanVariantContext(plan) {
+    if (isRecord(plan.patchSummary) && isRecord(plan.patchSummary.variantContext)) {
+        return plan.patchSummary.variantContext;
+    }
+    if (isRecord(plan.capturedFromLiveSession)) {
+        if (isRecord(plan.capturedFromLiveSession.variantContext)) {
+            return plan.capturedFromLiveSession.variantContext;
+        }
+        return buildOverrideVariantContext({
+            targetUrl: plan.capturedFromLiveSession.targetUrl ?? plan.targetAssetUrl,
+            requestMethod: plan.capturedFromLiveSession.requestMethod ?? plan.requestMethod,
+            matchMode: plan.capturedFromLiveSession.matchMode ?? plan.matchMode,
+            ruleType: plan.capturedFromLiveSession.ruleType ?? plan.ruleType,
+            captureMode: plan.capturedFromLiveSession.captureMode,
+            source: plan.capturedFromLiveSession.source,
+            triggerReload: plan.capturedFromLiveSession.triggerReload,
+            requestHeaders: plan.capturedFromLiveSession.requestHeaders,
+        });
+    }
+    return buildOverrideVariantContext({
+        targetUrl: plan.targetAssetUrl,
+        requestMethod: plan.requestMethod,
+        matchMode: plan.matchMode,
+        ruleType: plan.ruleType,
+    });
+}
+function pushOverridePreflightIssue(issues, issue) {
+    const code = typeof issue.code === 'string' ? issue.code : '';
+    const source = typeof issue.source === 'string' ? issue.source : '';
+    const message = typeof issue.message === 'string' ? issue.message : '';
+    if (issues.some((existing) => existing.code === code && existing.source === source && existing.message === message)) {
+        return;
+    }
+    issues.push(issue);
+}
+function getPreflightIssues(preflight) {
+    return Array.isArray(preflight?.issues)
+        ? preflight.issues.filter((issue) => isRecord(issue))
+        : [];
+}
+function getBlockingPreflightCodes(preflight) {
+    return getPreflightIssues(preflight)
+        .filter((issue) => issue.severity === 'error')
+        .map((issue) => String(issue.code ?? 'UNKNOWN'));
+}
+function hasPreflightIssue(preflight, codes) {
+    const expected = new Set(codes);
+    return getPreflightIssues(preflight).some((issue) => expected.has(String(issue.code ?? '')));
+}
+function shouldRefreshObservedAssetsForEnable(preflight) {
+    const assetReadinessCodes = new Set([
+        'NO_OBSERVED_ASSETS',
+        'TARGET_ASSET_NOT_OBSERVED',
+        'SESSION_SCOPE_DRIFT',
+    ]);
+    const blockingCodes = getBlockingPreflightCodes(preflight);
+    if (blockingCodes.length === 0 || !blockingCodes.every((code) => assetReadinessCodes.has(code))) {
+        return false;
+    }
+    return hasPreflightIssue(preflight, [
+        'NO_OBSERVED_ASSETS',
+        'TARGET_ASSET_NOT_OBSERVED',
+        'SESSION_SCOPE_DRIFT',
+    ]);
+}
+function buildOverridePreflight(options) {
+    const session = options.db
+        .prepare(`
+      SELECT
+        session_id,
+        created_at,
+        last_seen_at,
+        paused_at,
+        ended_at,
+        tab_id,
+        window_id,
+        url_start,
+        url_last,
+        user_agent,
+        viewport_w,
+        viewport_h,
+        dpr,
+        safe_mode,
+        pinned
+      FROM sessions
+      WHERE session_id = ?
+      LIMIT 1
+    `)
+        .get(options.sessionId);
+    const profile = resolveOverrideProfileRecord(options.profileId);
+    const issues = [];
+    const observedAssets = session
+        ? listObservedOverrideAssets(options.db, { sessionId: options.sessionId, limit: 200 })
+        : [];
+    const latestRun = session ? listOverridePocRuns(options.db, options.sessionId, 1, 0).runs[0] ?? null : null;
+    const recentPlans = session
+        ? listOverridePlanAudits(options.db, { sessionId: options.sessionId, limit: 5, offset: 0 }).plans
+        : [];
+    const variantContexts = [...new Map(recentPlans
+            .map((plan) => extractPlanVariantContext(plan))
+            .filter((context) => context !== null)
+            .map((context) => [String(context.variantKey ?? JSON.stringify(context)), context])).values()];
+    const sessionState = options.getSessionConnectionState?.(options.sessionId);
+    const hasLiveConnectionLookup = typeof options.getSessionConnectionState === 'function';
+    const diagnosis = session ? diagnoseOverridePoc(options.db, options.sessionId, latestRun?.runId) : null;
+    const observedAssetTabs = [...new Set(observedAssets
+            .map((asset) => asset.tabId)
+            .filter((tabId) => typeof tabId === 'number' && Number.isFinite(tabId)))].sort((a, b) => a - b);
+    const observedAssetPageUrls = [...new Set(observedAssets
+            .map((asset) => asset.pageUrl)
+            .filter((pageUrl) => typeof pageUrl === 'string' && pageUrl.trim().length > 0))].slice(0, 5);
+    const sessionTabId = typeof session?.tab_id === 'number' ? session.tab_id : undefined;
+    const observedAssetsWithKnownTabs = observedAssets.filter((asset) => typeof asset.tabId === 'number');
+    const topLevelScopeLikely = sessionTabId === undefined
+        || observedAssets.length === 0
+        || observedAssetsWithKnownTabs.length === 0
+        || observedAssetsWithKnownTabs.some((asset) => asset.tabId === sessionTabId);
+    for (const issue of buildOverrideProfileIssues(profile)) {
+        pushOverridePreflightIssue(issues, { ...issue, source: 'profile' });
+    }
+    if (!session) {
+        pushOverridePreflightIssue(issues, {
+            code: 'SESSION_NOT_FOUND',
+            severity: 'error',
+            source: 'session',
+            message: `Session not found: ${options.sessionId}`,
+        });
+    }
+    else {
+        const sessionStatus = getSessionStatus(session);
+        if (sessionStatus === 'paused') {
+            pushOverridePreflightIssue(issues, {
+                code: 'SESSION_PAUSED',
+                severity: 'error',
+                source: 'session',
+                message: `Session ${options.sessionId} is paused and cannot enable overrides until it resumes.`,
+            });
+        }
+        if (sessionStatus === 'ended') {
+            pushOverridePreflightIssue(issues, {
+                code: 'SESSION_ENDED',
+                severity: 'error',
+                source: 'session',
+                message: `Session ${options.sessionId} has ended and cannot enable overrides.`,
+            });
+        }
+        if (hasLiveConnectionLookup && (!sessionState || sessionState.connected !== true)) {
+            pushOverridePreflightIssue(issues, {
+                code: LIVE_SESSION_DISCONNECTED_CODE,
+                severity: 'error',
+                source: 'connection',
+                message: sessionState
+                    ? `Session ${options.sessionId} is not currently connected to the live extension bridge. Last disconnect reason: ${sessionState.disconnectReason ?? 'unknown'}.`
+                    : `Session ${options.sessionId} has no current live extension connection state.`,
+                disconnectedAt: sessionState?.disconnectedAt,
+                disconnectReason: sessionState?.disconnectReason,
+            });
+        }
+    }
+    const enabledRules = Array.isArray(profile.rules)
+        ? profile.rules.filter((rule) => isRecord(rule) && rule.enabled === true)
+        : [];
+    const enabledRuleAssetReadiness = enabledRules
+        .map((rule) => {
+        const targetAssetUrl = normalizeOptionalString(rule.targetAssetUrl);
+        if (!targetAssetUrl) {
+            return null;
+        }
+        const requestMethod = normalizeOverrideRequestMethod(rule.requestMethod);
+        const matchMode = String(rule.matchMode ?? 'exact');
+        const matchingAssets = observedAssets.filter((asset) => {
+            const methodMatches = normalizeOverrideRequestMethod(asset.requestMethod) === requestMethod;
+            if (!methodMatches) {
+                return false;
+            }
+            return matchMode === 'prefix'
+                ? asset.url.startsWith(targetAssetUrl)
+                : asset.url === targetAssetUrl;
+        });
+        return {
+            ruleId: String(rule.ruleId ?? 'unknown'),
+            targetAssetUrl,
+            requestMethod,
+            matchMode,
+            captureProven: rule.ruleType === 'rsc-flight' && isRecordWithRscFlightMetadata(rule.rscFlight),
+            matchingAssets,
+        };
+    })
+        .filter((readiness) => readiness !== null);
+    const matchedTargetAssetCount = enabledRuleAssetReadiness.filter((readiness) => readiness.matchingAssets.length > 0).length;
+    const capturedTargetAssetCount = enabledRuleAssetReadiness
+        .filter((readiness) => readiness.matchingAssets.length === 0 && readiness.captureProven)
+        .length;
+    const unobservedTargetAssetCount = enabledRuleAssetReadiness.length - matchedTargetAssetCount;
+    const unsatisfiedTargetAssetCount = enabledRuleAssetReadiness.length - matchedTargetAssetCount - capturedTargetAssetCount;
+    const targetAssetObserved = observedAssets.length > 0 && matchedTargetAssetCount > 0;
+    const targetAssetReadinessSatisfied = observedAssets.length > 0
+        && (enabledRuleAssetReadiness.length === 0 || matchedTargetAssetCount > 0 || capturedTargetAssetCount > 0);
+    const anyServiceWorkerControlled = observedAssets.some((asset) => asset.serviceWorkerControlled);
+    const cspMetaTags = [...new Set(observedAssets.flatMap((asset) => asset.cspMetaTags))];
+    if (observedAssets.length === 0) {
+        pushOverridePreflightIssue(issues, {
+            code: 'NO_OBSERVED_ASSETS',
+            severity: 'error',
+            source: 'observed-assets',
+            message: 'No observed production assets are stored for this session yet; the target route is not capture-ready for override enablement.',
+        });
+    }
+    else if (!topLevelScopeLikely) {
+        pushOverridePreflightIssue(issues, {
+            code: 'SESSION_SCOPE_DRIFT',
+            severity: 'error',
+            source: 'observed-assets',
+            message: `Observed override assets were recorded only for tab(s) ${observedAssetTabs.join(', ')}, but the session top-level tab is ${sessionTabId}.`,
+            observedAssetTabs,
+            sessionTabId,
+            observedPageUrls: observedAssetPageUrls,
+        });
+    }
+    if (observedAssets.length > 0 && enabledRuleAssetReadiness.length > 0 && matchedTargetAssetCount === 0 && capturedTargetAssetCount === 0) {
+        const sampleTargets = enabledRuleAssetReadiness.slice(0, 5).map((readiness) => ({
+            ruleId: readiness.ruleId,
+            requestMethod: readiness.requestMethod,
+            matchMode: readiness.matchMode,
+            targetAssetUrl: readiness.targetAssetUrl,
+        }));
+        pushOverridePreflightIssue(issues, {
+            code: 'TARGET_ASSET_NOT_OBSERVED',
+            severity: 'error',
+            source: 'observed-assets',
+            message: enabledRuleAssetReadiness.length === 1
+                ? `Rule ${enabledRuleAssetReadiness[0].ruleId} target asset was not observed for ${enabledRuleAssetReadiness[0].requestMethod} ${enabledRuleAssetReadiness[0].targetAssetUrl}.`
+                : `None of the ${enabledRuleAssetReadiness.length} enabled override targets were observed for this session.`,
+            checkedTargetAssetCount: enabledRuleAssetReadiness.length,
+            sampleTargets,
+        });
+    }
+    for (const readiness of enabledRuleAssetReadiness) {
+        if (readiness.matchingAssets.length === 0) {
+            if (readiness.captureProven) {
+                continue;
+            }
+            pushOverridePreflightIssue(issues, {
+                code: 'TARGET_ASSET_NOT_OBSERVED_FOR_RULE',
+                severity: 'warning',
+                source: 'observed-assets',
+                message: `Rule ${readiness.ruleId} target asset was not observed for ${readiness.requestMethod} ${readiness.targetAssetUrl}.`,
+            });
+            continue;
+        }
+        for (const asset of readiness.matchingAssets) {
+            if (typeof asset.integrity === 'string' && asset.integrity.length > 0) {
+                pushOverridePreflightIssue(issues, {
+                    code: 'TARGET_ASSET_SRI_PRESENT',
+                    severity: 'error',
+                    source: 'observed-assets',
+                    message: `Rule ${readiness.ruleId} target asset ${asset.url} includes integrity="${asset.integrity}" and cannot be overridden safely.`,
+                });
+            }
+        }
+    }
+    if (anyServiceWorkerControlled) {
+        pushOverridePreflightIssue(issues, {
+            code: 'SERVICE_WORKER_CONTROLLED',
+            severity: 'warning',
+            source: 'observed-assets',
+            message: 'The observed page is service-worker controlled; verify the target requests still reach the network path that the debugger can fulfill.',
+        });
+    }
+    if (cspMetaTags.length > 0) {
+        pushOverridePreflightIssue(issues, {
+            code: 'CSP_META_PRESENT',
+            severity: 'warning',
+            source: 'observed-assets',
+            message: `The observed page emitted ${cspMetaTags.length} CSP meta tag(s); document or bootstrap rewrites may still be constrained by page policy.`,
+        });
+    }
+    const ready = !issues.some((issue) => issue.severity === 'error');
+    const nextActions = !ready
+        ? issues.some((issue) => issue.code === 'SESSION_NOT_FOUND' || issue.code === 'SESSION_PAUSED' || issue.code === 'SESSION_ENDED' || issue.code === LIVE_SESSION_DISCONNECTED_CODE)
+            ? [{ code: 'RECONNECT_SESSION', message: 'Reconnect or resume the target session before enabling overrides.' }]
+            : issues.some((issue) => issue.code === 'SESSION_SCOPE_DRIFT')
+                ? [{ code: 'FOCUS_BOUND_TAB', message: 'Focus or reselect the bound top-level tab, then observe override assets again.' }]
+                : issues.some((issue) => issue.code === 'SERVER_ACTION_UNSUPPORTED')
+                    ? [{
+                            code: 'REPLAN_SERVER_ACTION_OVERRIDE',
+                            message: 'Server actions stay unsupported in production override mode; move the override to a GET document/data/API response.',
+                        }]
+                    : issues.some((issue) => issue.code === 'MUTATION_REPLAY_UNSUPPORTED')
+                        ? [{
+                                code: 'REPLAN_MUTATION_OVERRIDE',
+                                message: 'Mutation responses are not replay-safe; use a GET document/data/API response path instead.',
+                            }]
+                        : issues.some((issue) => issue.code === 'UNSAFE_REQUEST_METHOD')
+                            ? [{ code: 'REPLAN_GET_ONLY_OVERRIDE', message: 'Remove or regenerate non-GET rules before enabling overrides.' }]
+                            : issues.some((issue) => issue.code === 'TARGET_ASSET_SRI_PRESENT')
+                                ? [{ code: 'CHOOSE_ANOTHER_OVERRIDE_PATH', message: 'Choose a document/data response path or remove SRI on the production asset before enabling overrides.' }]
+                                : issues.some((issue) => issue.code === 'NO_OBSERVED_ASSETS')
+                                    ? [{ code: 'OBSERVE_OVERRIDE_ASSETS', message: 'Observe the bound target route before enabling overrides.' }]
+                                    : issues.some((issue) => issue.code === 'TARGET_ASSET_NOT_OBSERVED')
+                                        ? [{ code: 'OBSERVE_TARGET_ROUTE', message: 'Load the route that requests the configured target and observe assets again.' }]
+                                        : buildOverrideProfileNextActions(profile, issues)
+        : observedAssets.length === 0
+            ? [{ code: 'OBSERVE_OVERRIDE_ASSETS', message: 'Run observe_override_assets on the target route before enabling overrides in production workflows.' }]
+            : [{ code: 'ENABLE_OVERRIDES', message: 'Preflight checks passed; the selected profile can be enabled on the live session.' }];
+    return {
+        ready,
+        profileId: profile.profileId,
+        profile,
+        session: session
+            ? {
+                sessionId: session.session_id,
+                status: getSessionStatus(session),
+                lastSeenAt: resolveSessionLastSeenAt(session, sessionState),
+                connected: sessionState?.connected === true,
+                disconnectedAt: sessionState?.disconnectedAt,
+                disconnectReason: sessionState?.disconnectReason,
+                urlLast: session.url_last ?? undefined,
+                tabId: session.tab_id ?? undefined,
+            }
+            : null,
+        issues,
+        checks: {
+            sessionFound: session !== undefined,
+            connected: sessionState?.connected === true,
+            captureReady: session !== undefined
+                && getSessionStatus(session) === 'active'
+                && (!hasLiveConnectionLookup || sessionState?.connected === true)
+                && observedAssets.length > 0
+                && topLevelScopeLikely
+                && !issues.some((issue) => issue.severity === 'error'),
+            topLevelScopeLikely,
+            observedAssetTabs,
+            observedAssetPageUrls,
+            observedAssetCount: observedAssets.length,
+            targetAssetObserved,
+            targetAssetReadinessSatisfied,
+            matchedTargetAssetCount,
+            capturedTargetAssetCount,
+            unobservedTargetAssetCount,
+            unsatisfiedTargetAssetCount,
+            serviceWorkerControlled: anyServiceWorkerControlled,
+            cspMetaTagCount: cspMetaTags.length,
+            recentPlanCount: recentPlans.length,
+            variantContextCount: variantContexts.length,
+        },
+        observedAssets: {
+            count: observedAssets.length,
+            tabIds: observedAssetTabs,
+            pageUrls: observedAssetPageUrls,
+            targetAssetObserved,
+            targetAssetReadinessSatisfied,
+            matchedTargetAssetCount,
+            capturedTargetAssetCount,
+            unobservedTargetAssetCount,
+            unsatisfiedTargetAssetCount,
+            serviceWorkerControlled: anyServiceWorkerControlled,
+            cspMetaTags,
+        },
+        latestRun,
+        recentPlans,
+        variantContexts,
+        diagnosis,
+        nextActions,
+    };
+}
+function normalizeOptionalBooleanInput(value, fieldName) {
+    if (value === undefined) {
+        return undefined;
+    }
+    if (typeof value !== 'boolean') {
+        throw new Error(`${fieldName} must be a boolean when provided`);
+    }
+    return value;
+}
+function normalizeOptionalNumberInput(value, fieldName) {
+    if (value === undefined) {
+        return undefined;
+    }
+    if (typeof value !== 'number' || !Number.isFinite(value)) {
+        throw new Error(`${fieldName} must be a finite number when provided`);
+    }
+    return value;
+}
+function normalizeOptionalStringArrayInput(value, fieldName) {
+    if (value === undefined) {
+        return undefined;
+    }
+    if (!Array.isArray(value)) {
+        throw new Error(`${fieldName} must be an array of strings when provided`);
+    }
+    return value.map((entry, index) => {
+        if (typeof entry !== 'string' || entry.trim().length === 0) {
+            throw new Error(`${fieldName}[${index}] must be a non-empty string`);
+        }
+        return entry.trim();
+    });
+}
+function resolveSessionLastSeenAt(row, state) {
+    return Math.max(row.created_at, row.last_seen_at ?? 0, row.paused_at ?? 0, row.ended_at ?? 0, state?.lastHeartbeatAt ?? 0);
+}
+function buildLiveConnectionRecord(row, scope, state) {
+    const status = getSessionStatus(row);
+    const lastSeenAt = resolveSessionLastSeenAt(row, state);
+    const heartbeatAt = state?.lastHeartbeatAt;
+    const heartbeatAgeMs = typeof heartbeatAt === 'number' ? Math.max(0, Date.now() - heartbeatAt) : undefined;
+    const likelyStale = Boolean(!state?.connected
+        && status === 'active'
+        && scope.kind !== 'likely_iframe_noise'
+        && typeof heartbeatAt === 'number'
+        && Date.now() - heartbeatAt <= STALE_LIVE_CONNECTION_GRACE_WINDOW_MS);
+    return {
+        connected: state?.connected === true,
+        connectedAt: state?.connectedAt,
+        lastHeartbeatAt: heartbeatAt,
+        heartbeatAgeMs,
+        disconnectedAt: state?.disconnectedAt,
+        disconnectReason: state?.disconnectReason ?? (status === 'ended' ? 'manual_stop' : undefined),
+        status: status === 'ended'
+            ? 'ended'
+            : status === 'paused'
+                ? 'paused'
+                : state?.connected
+                    ? 'connected'
+                    : likelyStale
+                        ? 'likely_stale'
+                        : 'disconnected',
+        captureReady: state?.connected === true && status === 'active',
+        recommendedForLiveCapture: state?.connected === true && status === 'active' && scope.kind !== 'likely_iframe_noise',
+        lastSeenAt,
+        activityAgeMs: Math.max(0, Date.now() - lastSeenAt),
+    };
+}
+function buildLiveSessionNextAction(liveConnection, scope) {
+    const liveStatus = typeof liveConnection.status === 'string' ? liveConnection.status : 'disconnected';
+    if (liveStatus === 'connected' && scope.kind !== 'likely_iframe_noise') {
+        return 'Use this session for live capture tools.';
+    }
+    if (liveStatus === 'connected' && scope.kind === 'likely_iframe_noise') {
+        return 'Reconnect on a top-level app tab before relying on live navigation or performance captures.';
+    }
+    if (liveStatus === 'likely_stale') {
+        return 'Retry list_sessions after a fresh app interaction or restart the session if live capture still fails.';
+    }
+    if (liveStatus === 'paused') {
+        return 'Resume the session from the extension popup before using live capture tools.';
+    }
+    if (liveStatus === 'ended') {
+        return 'Start a new extension session before using live capture tools.';
+    }
+    return 'Reconnect or restart the extension session before using live capture tools.';
+}
+function buildLiveSessionRecommendedAction(liveConnection, scope) {
+    const liveStatus = typeof liveConnection.status === 'string' ? liveConnection.status : 'disconnected';
+    if (liveStatus === 'connected' && scope.kind !== 'likely_iframe_noise') {
+        return 'ready';
+    }
+    if (liveStatus === 'ended') {
+        return 'start_new_session';
+    }
+    if (liveStatus === 'paused') {
+        return 'resume_session';
+    }
+    return 'reconnect_extension';
+}
+function mapEventRecord(row, profile = 'legacy', options = {}) {
+    const payload = readJsonPayload(row.payload_json);
+    if (profile === 'compact') {
+        const compact = {
+            eventId: row.event_id,
+            sessionId: row.session_id,
+            timestamp: row.ts,
+            type: row.type,
+            summary: describeEvent(row.type, payload),
+        };
+        if (row.type === 'console') {
+            compact.level = typeof payload.level === 'string' ? payload.level : undefined;
+            compact.message = typeof payload.message === 'string' ? payload.message : undefined;
+        }
+        if (row.type === 'nav') {
+            compact.url = resolveLastUrl(payload);
+        }
+        if (options.includePayload === true) {
+            compact.payload = payload;
+        }
+        return compact;
+    }
+    return {
+        eventId: row.event_id,
+        sessionId: row.session_id,
+        timestamp: row.ts,
+        type: row.type,
+        tabId: row.tab_id ?? (typeof payload.tabId === 'number' ? payload.tabId : undefined),
+        origin: row.origin
+            ?? (typeof payload.origin === 'string' ? payload.origin : undefined)
+            ?? undefined,
+        payload,
+    };
+}
+function classifyNetworkFailure(status, errorClass) {
+    if (errorClass && errorClass.length > 0) {
+        return errorClass;
+    }
+    if (typeof status === 'number' && status >= 400) {
+        return 'http_error';
+    }
+    return 'unknown';
+}
+function buildNetworkFailureFilter(errorType) {
+    if (typeof errorType !== 'string' || errorType.length === 0) {
+        return '(error_class IS NOT NULL OR COALESCE(status, 0) >= 400)';
+    }
+    if (errorType === 'http_error') {
+        return "(error_class = 'http_error' OR (error_class IS NULL AND COALESCE(status, 0) >= 400))";
+    }
+    return 'error_class = ?';
+}
+function resolveWindowSeconds(value, fallback, maxValue) {
+    if (typeof value !== 'number' || !Number.isFinite(value)) {
+        return fallback;
+    }
+    const floored = Math.floor(value);
+    if (floored < 1) {
+        return fallback;
+    }
+    return Math.min(floored, maxValue);
+}
+function resolveOptionalTimestamp(value) {
+    if (typeof value !== 'number' || !Number.isFinite(value)) {
+        return undefined;
+    }
+    const floored = Math.floor(value);
+    return floored < 0 ? undefined : floored;
+}
+function resolveChunkBytes(value, fallback) {
+    if (typeof value !== 'number' || !Number.isFinite(value)) {
+        return fallback;
+    }
+    const floored = Math.floor(value);
+    if (floored < 1) {
+        return fallback;
+    }
+    return Math.min(floored, MAX_SNAPSHOT_ASSET_CHUNK_BYTES);
+}
+function resolveDurationMs(value, fallback, maxValue) {
+    if (typeof value !== 'number' || !Number.isFinite(value)) {
+        return fallback;
+    }
+    const floored = Math.floor(value);
+    if (floored < 1) {
+        return fallback;
+    }
+    return Math.min(floored, maxValue);
+}
+function resolveBodyChunkBytes(value) {
+    if (typeof value !== 'number' || !Number.isFinite(value)) {
+        return DEFAULT_BODY_CHUNK_BYTES;
+    }
+    const floored = Math.floor(value);
+    if (floored < 1) {
+        return DEFAULT_BODY_CHUNK_BYTES;
+    }
+    return Math.min(floored, MAX_BODY_CHUNK_BYTES);
+}
+function resolveTimeoutMs(value, fallback, maxValue) {
+    if (typeof value !== 'number' || !Number.isFinite(value)) {
+        return fallback;
+    }
+    const floored = Math.floor(value);
+    if (floored < 100) {
+        return fallback;
+    }
+    return Math.min(floored, maxValue);
+}
+function normalizeHttpMethod(value) {
+    if (typeof value !== 'string') {
+        return undefined;
+    }
+    const normalized = value.trim().toUpperCase();
+    return normalized.length > 0 ? normalized : undefined;
+}
+function normalizeOptionalString(value) {
+    if (typeof value !== 'string') {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
 }
 function normalizeStatusIn(value) {
     if (!Array.isArray(value)) {
@@ -2138,6 +3324,66 @@ function normalizeCaptureError(sessionId, error) {
     }
     return fallback;
 }
+function isCaptureTimeoutMessage(message) {
+    const normalized = message.toLowerCase();
+    return normalized.includes('timed out') || normalized.includes('timeout');
+}
+function isRecoverableOverrideLiveCommandError(error) {
+    if (isLiveSessionDisconnectedError(error)) {
+        return true;
+    }
+    const message = error instanceof Error ? error.message : String(error);
+    return isCaptureTimeoutMessage(message);
+}
+function extractTimeoutMsFromMessage(message, fallback) {
+    const match = message.match(/(?:after|waiting)\s+(\d+)ms/i);
+    if (!match) {
+        return fallback;
+    }
+    const parsed = Number.parseInt(match[1] ?? '', 10);
+    return Number.isFinite(parsed) ? parsed : fallback;
+}
+function buildOverrideLiveCommandFailure(options) {
+    const originalMessage = options.error instanceof Error ? options.error.message : String(options.error);
+    const timeout = extractTimeoutMsFromMessage(originalMessage, options.timeoutMs);
+    const timedOut = isCaptureTimeoutMessage(originalMessage);
+    const disconnected = isLiveSessionDisconnectedError(options.error);
+    const sessionState = options.getSessionConnectionState?.(options.sessionId);
+    const code = disconnected
+        ? LIVE_SESSION_DISCONNECTED_CODE
+        : timedOut
+            ? OVERRIDE_LIVE_COMMAND_TIMEOUT_CODE
+            : OVERRIDE_LIVE_COMMAND_FAILED_CODE;
+    const message = timedOut
+        ? `${options.command} for session ${options.sessionId} timed out after ${timeout}ms before the live extension returned an override command result.`
+        : disconnected
+            ? `${options.command} for session ${options.sessionId} could not reach a connected live extension target.`
+            : `${options.command} for session ${options.sessionId} failed before returning an override command result.`;
+    return {
+        ok: false,
+        available: false,
+        code,
+        command: options.command,
+        timeoutMs: timeout,
+        timedOut,
+        disconnected,
+        message,
+        originalMessage,
+        sessionConnected: sessionState?.connected,
+        disconnectedAt: sessionState?.disconnectedAt,
+        disconnectReason: sessionState?.disconnectReason,
+    };
+}
+function createOverrideLiveCommandError(options) {
+    const failure = buildOverrideLiveCommandFailure(options);
+    const code = String(failure.code ?? OVERRIDE_LIVE_COMMAND_FAILED_CODE);
+    const message = `${code}: ${options.command} for session ${options.sessionId} ${failure.timedOut === true
+        ? `timed out after ${String(failure.timeoutMs)}ms`
+        : `failed`}. ${String(failure.message ?? '')} Original error: ${String(failure.originalMessage ?? 'unknown')}`;
+    const error = new Error(message);
+    Object.assign(error, { code, details: failure });
+    return error;
+}
 function isLiveSessionDisconnectedError(error) {
     return error instanceof LiveSessionDisconnectedError;
 }
@@ -2149,15 +3395,240 @@ async function executeLiveCapture(captureClient, sessionId, command, payload, ti
         throw normalizeCaptureError(sessionId, error);
     }
 }
+async function executeOverrideLiveCaptureWithDiagnostics(options) {
+    try {
+        const capture = await executeLiveCapture(options.captureClient, options.sessionId, options.command, options.payload, options.timeoutMs);
+        return { capture, payload: ensureCaptureSuccess(capture, options.sessionId) };
+    }
+    catch (error) {
+        throw createOverrideLiveCommandError({
+            sessionId: options.sessionId,
+            command: options.command,
+            timeoutMs: options.timeoutMs,
+            error,
+            getSessionConnectionState: options.getSessionConnectionState,
+        });
+    }
+}
 function ensureCaptureSuccess(result, sessionId) {
     if (!result.ok) {
         throw normalizeCaptureError(sessionId, new Error(result.error ?? 'Capture command failed'));
     }
     return result.payload ?? {};
 }
-function normalizeSnapshotResponsePayload(payload, options) {
-    const snapshotRecord = structuredClone(payload);
-    const snapshotRoot = snapshotRecord.snapshot;
+async function refreshObservedAssetsForOverrideEnable(options) {
+    const { payload } = await executeOverrideLiveCaptureWithDiagnostics({
+        captureClient: options.captureClient,
+        sessionId: options.sessionId,
+        command: 'CAPTURE_OVERRIDE_OBSERVE_ASSETS',
+        payload: { tabId: options.tabId, includePerformance: true },
+        timeoutMs: 5_000,
+        getSessionConnectionState: options.getSessionConnectionState,
+    });
+    persistObservedOverrideAssets(options.db, {
+        ...payload,
+        sessionId: options.sessionId,
+        tabId: payload.tabId ?? options.tabId,
+    });
+    return {
+        tabId: typeof payload.tabId === 'number' ? payload.tabId : options.tabId,
+        pageUrl: typeof payload.pageUrl === 'string' ? payload.pageUrl : undefined,
+        assetCount: Array.isArray(payload.assets) ? payload.assets.length : 0,
+    };
+}
+function buildPersistedOverrideStatus(options) {
+    let profile = null;
+    let profileError;
+    try {
+        profile = resolveOverrideProfileRecord(options.profileId);
+    }
+    catch (error) {
+        profileError = error instanceof Error ? error.message : String(error);
+    }
+    const latestRun = listOverridePocRuns(options.db, options.sessionId, 1, 0).runs[0] ?? null;
+    const recentRequests = listOverridePocRequests(options.db, options.sessionId, 5, 0, latestRun?.runId).requests;
+    const recentPlans = listOverridePlanAudits(options.db, { sessionId: options.sessionId, limit: 5, offset: 0 }).plans;
+    let preflight;
+    if (profileError) {
+        preflight = {
+            ready: false,
+            profileId: null,
+            profile: null,
+            issues: [{
+                    code: 'OVERRIDE_CONFIG_UNAVAILABLE',
+                    severity: 'error',
+                    source: 'profile',
+                    message: profileError,
+                }],
+            checks: {
+                sessionFound: auditSessionExists(options.db, options.sessionId),
+                connected: options.getSessionConnectionState?.(options.sessionId)?.connected === true,
+            },
+            nextActions: [{
+                    code: 'FIX_OVERRIDE_CONFIG_PATH',
+                    message: 'Create a readable override-poc config or point OVERRIDE_POC_CONFIG_PATH at the intended config, then retry override status.',
+                }],
+        };
+    }
+    else {
+        preflight = buildOverridePreflight({
+            db: options.db,
+            sessionId: options.sessionId,
+            profileId: options.profileId,
+            getSessionConnectionState: options.getSessionConnectionState,
+        });
+    }
+    return {
+        profile,
+        profileError,
+        latestRun,
+        recentRequests,
+        recentPlans,
+        preflight,
+        diagnosis: diagnoseOverridePoc(options.db, options.sessionId, latestRun?.runId),
+    };
+}
+function auditSessionExists(db, sessionId) {
+    const row = db.prepare('SELECT 1 FROM sessions WHERE session_id = ? LIMIT 1').get(sessionId);
+    return row !== undefined;
+}
+function hashLocalFileIfPresent(filePath) {
+    if (!filePath || !existsSync(filePath)) {
+        return { sha256: null, bytes: null };
+    }
+    const stat = statSync(filePath);
+    if (!stat.isFile()) {
+        return { sha256: null, bytes: null };
+    }
+    return {
+        sha256: createHash('sha256').update(readFileSync(filePath)).digest('hex'),
+        bytes: stat.size,
+    };
+}
+function resolveAuditProfileId(input) {
+    return normalizeOptionalString(input.profileId) ?? null;
+}
+function buildOverrideRollbackMetadata(options) {
+    return {
+        disableTool: 'disable_overrides',
+        validateTool: 'validate_override_profile',
+        sessionId: options.sessionId,
+        profileId: options.profileId,
+        configPath: options.configPath ?? null,
+        generatedFiles: Array.from(new Set(options.generatedFiles.filter((entry) => entry.trim().length > 0))),
+        generatedDirectories: Array.from(new Set((options.generatedDirectories ?? []).filter((entry) => entry.trim().length > 0))),
+        notes: [
+            'Disable overrides for this session before deleting generated files or config entries.',
+            'Re-run validate_override_profile after editing or removing generated config rules.',
+            options.note,
+        ].filter((entry) => typeof entry === 'string' && entry.length > 0),
+    };
+}
+function persistResponsePlanAudit(options) {
+    if (!options.sessionId || !options.plan.rule || !auditSessionExists(options.db, options.sessionId)) {
+        return undefined;
+    }
+    const profileId = resolveAuditProfileId(options.input);
+    const record = {
+        planId: randomUUID(),
+        sessionId: options.sessionId,
+        createdAt: Date.now(),
+        plannerKind: 'response-patch',
+        toolName: 'plan_override_response_patch',
+        profileId,
+        ruleId: options.plan.rule.ruleId,
+        ruleType: options.plan.rule.ruleType,
+        requestMethod: options.plan.requestMethod,
+        matchMode: options.plan.matchMode,
+        targetAssetUrl: options.plan.targetUrl,
+        localFilePath: options.plan.localFilePath ?? options.plan.rule.localFilePath,
+        configPath: options.plan.configPath ?? null,
+        contentType: options.plan.contentType,
+        originalSha256: options.plan.originalSha256,
+        patchedSha256: options.plan.patchedSha256,
+        originalBytes: options.plan.originalBytes,
+        patchedBytes: options.plan.patchedBytes,
+        patchSummary: {
+            textPatches: options.plan.patches,
+            jsonPatches: options.plan.jsonPatches,
+            documentPatches: options.plan.documentPatches,
+            ruleType: options.plan.ruleType,
+            configWritten: options.plan.configWritten,
+            rscFlight: options.plan.rule.rscFlight ?? null,
+            variantContext: options.variantContext ?? null,
+        },
+        preview: options.plan.preview ?? null,
+        warnings: options.plan.warnings,
+        blockers: options.plan.blockers,
+        capturedFromLiveSession: options.capturedFromLiveSession ?? null,
+        rollback: buildOverrideRollbackMetadata({
+            sessionId: options.sessionId,
+            profileId,
+            configPath: options.plan.configPath ?? null,
+            generatedFiles: options.plan.localFilePath ? [options.plan.localFilePath] : [],
+            note: 'Generated response override bodies are disposable once the override has been disabled.',
+        }),
+    };
+    return insertOverridePlanAudit(options.db, record);
+}
+function persistNextSourcePlanAudits(options) {
+    if (!options.sessionId || !auditSessionExists(options.db, options.sessionId)) {
+        return [];
+    }
+    const sessionId = options.sessionId;
+    const profileId = resolveAuditProfileId(options.input);
+    const generatedFiles = options.plan.rules.map((rule) => rule.localFilePath);
+    return options.plan.rules.map((rule) => {
+        const localFile = hashLocalFileIfPresent(rule.localFilePath);
+        const record = {
+            planId: randomUUID(),
+            sessionId: options.sessionId,
+            createdAt: Date.now(),
+            plannerKind: 'next-source-overlay',
+            toolName: 'plan_next_source_override',
+            profileId,
+            ruleId: rule.ruleId,
+            ruleType: rule.ruleType,
+            requestMethod: rule.requestMethod,
+            matchMode: rule.matchMode,
+            targetAssetUrl: rule.targetAssetUrl,
+            localFilePath: rule.localFilePath,
+            configPath: options.plan.configPath ?? null,
+            contentType: rule.contentType,
+            originalSha256: null,
+            patchedSha256: localFile.sha256,
+            originalBytes: null,
+            patchedBytes: localFile.bytes,
+            patchSummary: {
+                sourcePaths: options.plan.sourcePaths,
+                editsApplied: options.plan.editsApplied,
+                ruleReason: rule.reason,
+                confidence: rule.confidence,
+                score: rule.score,
+                matchedSourcePaths: rule.matchedSourcePaths,
+                originalAssetPath: rule.originalAssetPath ?? null,
+                build: options.plan.build,
+                configWritten: options.plan.configWritten,
+            },
+            preview: null,
+            warnings: [...options.plan.warnings, ...rule.blockers.map((blocker) => `rule ${rule.ruleId}: ${blocker}`)],
+            blockers: options.plan.blockers,
+            capturedFromLiveSession: null,
+            rollback: buildOverrideRollbackMetadata({
+                sessionId,
+                profileId,
+                configPath: options.plan.configPath ?? null,
+                generatedFiles,
+                generatedDirectories: [options.plan.overlayRoot],
+                note: 'Generated Next.js overlay folders are disposable once the override has been disabled.',
+            }),
+        };
+        return insertOverridePlanAudit(options.db, record);
+    });
+}
+function normalizeSnapshotResponsePayload(payload, options) {
+    const snapshotRecord = structuredClone(payload);
+    const snapshotRoot = snapshotRecord.snapshot;
     if (typeof snapshotRoot === 'object' && snapshotRoot !== null) {
         const snapshotObject = snapshotRoot;
         if (!options.includeDom) {
@@ -2265,7 +3736,12 @@ export function createV1ToolHandlers(getDb, getSessionConnectionState) {
             const where = [];
             const params = [];
             if (sinceMinutes !== undefined && Number.isFinite(sinceMinutes) && sinceMinutes > 0) {
-                where.push('created_at >= ?');
+                where.push(`
+          CASE
+            WHEN COALESCE(last_seen_at, 0) > created_at THEN COALESCE(last_seen_at, 0)
+            ELSE created_at
+          END >= ?
+        `);
                 params.push(Date.now() - Math.floor(sinceMinutes * 60_000));
             }
             const whereClause = where.length > 0 ? `WHERE ${where.join(' AND ')}` : '';
@@ -2273,6 +3749,7 @@ export function createV1ToolHandlers(getDb, getSessionConnectionState) {
         SELECT
           session_id,
           created_at,
+          last_seen_at,
           paused_at,
           ended_at,
           tab_id,
@@ -2287,49 +3764,48 @@ export function createV1ToolHandlers(getDb, getSessionConnectionState) {
           pinned
         FROM sessions
         ${whereClause}
-        ORDER BY created_at DESC
+        ORDER BY
+          CASE
+            WHEN COALESCE(last_seen_at, 0) > created_at THEN COALESCE(last_seen_at, 0)
+            ELSE created_at
+          END DESC,
+          created_at DESC
         LIMIT ? OFFSET ?
       `;
             const rows = db.prepare(sql).all(...params, limit + 1, offset);
             const truncatedByLimit = rows.length > limit;
-            const sessions = rows.slice(0, limit).map((row) => ({
-                sessionId: row.session_id,
-                createdAt: row.created_at,
-                pausedAt: row.paused_at ?? undefined,
-                endedAt: row.ended_at ?? undefined,
-                status: row.ended_at ? 'ended' : row.paused_at ? 'paused' : 'active',
-                tabId: row.tab_id ?? undefined,
-                windowId: row.window_id ?? undefined,
-                urlStart: row.url_start ?? undefined,
-                urlLast: row.url_last ?? undefined,
-                userAgent: row.user_agent ?? undefined,
-                viewport: row.viewport_w !== null && row.viewport_h !== null
-                    ? {
-                        width: row.viewport_w,
-                        height: row.viewport_h,
-                    }
-                    : undefined,
-                dpr: row.dpr ?? undefined,
-                safeMode: row.safe_mode === 1,
-                pinned: row.pinned === 1,
-                liveConnection: (() => {
-                    const state = getSessionConnectionState?.(row.session_id);
-                    if (!state) {
-                        return {
-                            connected: false,
-                            lastHeartbeatAt: undefined,
-                            disconnectReason: row.ended_at ? 'manual_stop' : undefined,
-                        };
-                    }
-                    return {
-                        connected: state.connected,
-                        connectedAt: state.connectedAt,
-                        lastHeartbeatAt: state.lastHeartbeatAt,
-                        disconnectedAt: state.disconnectedAt,
-                        disconnectReason: state.disconnectReason,
-                    };
-                })(),
-            }));
+            const sessions = rows.slice(0, limit).map((row) => {
+                const status = getSessionStatus(row);
+                const state = getSessionConnectionState?.(row.session_id);
+                const lastUrl = row.url_last ?? undefined;
+                const scope = classifySessionUrl(lastUrl);
+                const liveConnection = buildLiveConnectionRecord(row, scope, state);
+                return {
+                    sessionId: row.session_id,
+                    createdAt: row.created_at,
+                    lastSeenAt: resolveSessionLastSeenAt(row, state),
+                    pausedAt: row.paused_at ?? undefined,
+                    endedAt: row.ended_at ?? undefined,
+                    status,
+                    tabId: row.tab_id ?? undefined,
+                    windowId: row.window_id ?? undefined,
+                    urlStart: row.url_start ?? undefined,
+                    urlLast: lastUrl,
+                    lastUrl,
+                    userAgent: row.user_agent ?? undefined,
+                    viewport: row.viewport_w !== null && row.viewport_h !== null
+                        ? {
+                            width: row.viewport_w,
+                            height: row.viewport_h,
+                        }
+                        : undefined,
+                    dpr: row.dpr ?? undefined,
+                    safeMode: row.safe_mode === 1,
+                    pinned: row.pinned === 1,
+                    scope,
+                    liveConnection,
+                };
+            });
             const bytePage = applyByteBudget(sessions, maxResponseBytes);
             const truncated = truncatedByLimit || bytePage.truncatedByBytes;
             return {
@@ -2343,6 +3819,68 @@ export function createV1ToolHandlers(getDb, getSessionConnectionState) {
                 sessions: bytePage.items,
             };
         },
+        get_session_summary: async (input) => {
+            const db = getDb();
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            const session = db
+                .prepare('SELECT session_id, created_at, ended_at, url_last, pinned FROM sessions WHERE session_id = ?')
+                .get(sessionId);
+            if (!session) {
+                throw new Error(`Session not found: ${sessionId}`);
+            }
+            const counters = db
+                .prepare(`
+        SELECT
+          SUM(CASE WHEN type = 'error' THEN 1 ELSE 0 END) AS errors,
+          SUM(CASE WHEN type = 'console' AND json_extract(payload_json, '$.level') = 'warn' THEN 1 ELSE 0 END) AS warnings
+        FROM events
+        WHERE session_id = ?
+      `)
+                .get(sessionId);
+            const networkFails = db
+                .prepare(`
+        SELECT COUNT(*) AS count
+        FROM network
+        WHERE session_id = ?
+          AND (error_class IS NOT NULL OR COALESCE(status, 0) >= 400)
+      `)
+                .get(sessionId);
+            const latestNav = db
+                .prepare(`
+        SELECT payload_json
+        FROM events
+        WHERE session_id = ? AND type = 'nav'
+        ORDER BY ts DESC
+        LIMIT 1
+      `)
+                .get(sessionId);
+            const eventRange = db
+                .prepare(`
+        SELECT MIN(ts) AS start_ts, MAX(ts) AS end_ts
+        FROM events
+        WHERE session_id = ?
+      `)
+                .get(sessionId);
+            const navPayload = latestNav ? readJsonPayload(latestNav.payload_json) : {};
+            const lastUrl = resolveLastUrl(navPayload) ?? session.url_last ?? undefined;
+            return {
+                ...createBaseResponse(sessionId),
+                counts: {
+                    errors: counters.errors ?? 0,
+                    warnings: counters.warnings ?? 0,
+                    networkFails: networkFails.count,
+                },
+                lastUrl,
+                timeRange: {
+                    start: eventRange.start_ts ?? session.created_at,
+                    end: eventRange.end_ts ?? session.ended_at ?? session.created_at,
+                },
+                pinned: session.pinned === 1,
+            };
+        },
         get_live_session_health: async (input) => {
             const db = getDb();
             const sessionId = getSessionId(input);
@@ -2354,6 +3892,7 @@ export function createV1ToolHandlers(getDb, getSessionConnectionState) {
           SELECT
             session_id,
             created_at,
+            last_seen_at,
             paused_at,
             ended_at,
             tab_id,
@@ -2367,124 +3906,454 @@ export function createV1ToolHandlers(getDb, getSessionConnectionState) {
             pinned
           FROM sessions
           WHERE session_id = ?
-          LIMIT 1
         `)
                 .get(sessionId);
             if (!session) {
                 throw new Error(`Session not found: ${sessionId}`);
             }
-            const connection = getSessionConnectionState?.(sessionId);
-            const now = Date.now();
-            const lastSeenAt = connection?.connected
-                ? connection.lastHeartbeatAt
-                : connection?.disconnectedAt ?? session.ended_at ?? session.paused_at ?? session.created_at;
-            const staleForMs = lastSeenAt ? Math.max(0, now - lastSeenAt) : undefined;
+            const latestNav = db
+                .prepare(`
+          SELECT payload_json
+          FROM events
+          WHERE session_id = ? AND type = 'nav'
+          ORDER BY ts DESC
+          LIMIT 1
+        `)
+                .get(sessionId);
+            const navPayload = latestNav ? readJsonPayload(latestNav.payload_json) : {};
+            const lastUrl = resolveLastUrl(navPayload) ?? session.url_last ?? undefined;
+            const scope = classifySessionUrl(lastUrl);
+            const connectionState = getSessionConnectionState?.(sessionId);
+            const liveConnection = buildLiveConnectionRecord(session, scope, connectionState);
+            const status = getSessionStatus(session);
+            const lastSeenAt = resolveSessionLastSeenAt(session, connectionState);
+            const nextAction = buildLiveSessionNextAction(liveConnection, scope);
+            const recommendedAction = buildLiveSessionRecommendedAction(liveConnection, scope);
+            const sessionRecord = {
+                sessionId: session.session_id,
+                createdAt: session.created_at,
+                lastSeenAt,
+                pausedAt: session.paused_at ?? undefined,
+                endedAt: session.ended_at ?? undefined,
+                status,
+                tabId: session.tab_id ?? undefined,
+                windowId: session.window_id ?? undefined,
+                urlStart: session.url_start ?? undefined,
+                urlLast: session.url_last ?? undefined,
+                lastUrl,
+                viewport: session.viewport_w !== null && session.viewport_h !== null
+                    ? {
+                        width: session.viewport_w,
+                        height: session.viewport_h,
+                    }
+                    : undefined,
+                dpr: session.dpr ?? undefined,
+                safeMode: session.safe_mode === 1,
+                pinned: session.pinned === 1,
+            };
+            return {
+                ...createBaseResponse(sessionId),
+                status,
+                createdAt: session.created_at,
+                lastSeenAt,
+                pausedAt: session.paused_at ?? undefined,
+                endedAt: session.ended_at ?? undefined,
+                tabId: session.tab_id ?? undefined,
+                windowId: session.window_id ?? undefined,
+                lastUrl,
+                safeMode: session.safe_mode === 1,
+                pinned: session.pinned === 1,
+                session: sessionRecord,
+                scope,
+                liveConnection,
+                nextAction,
+                recommendedAction,
+            };
+        },
+        list_override_profiles: async () => {
+            const profiles = buildOverrideProfileRecords();
+            return {
+                ...createBaseResponse(),
+                limitsApplied: {
+                    maxResults: profiles.length,
+                    truncated: false,
+                },
+                profiles,
+                nextActions: profiles.length > 0
+                    ? [{ code: 'VALIDATE_PROFILE', message: 'Run validate_override_profile before enabling overrides.' }]
+                    : [{ code: 'CREATE_PROFILE', message: 'Run create_override_profile to generate a candidate profile.' }],
+            };
+        },
+        create_override_profile: async (input) => {
+            const adapterInput = normalizeOptionalString(input.adapter) ?? normalizeOptionalString(input.mode);
+            let adapter;
+            if (adapterInput !== undefined) {
+                if (!OVERRIDE_PROFILE_ADAPTERS.includes(adapterInput)) {
+                    throw new Error(`adapter must be one of: ${OVERRIDE_PROFILE_ADAPTERS.join(', ')}`);
+                }
+                adapter = adapterInput;
+            }
+            const targetBaseUrl = normalizeOptionalString(input.targetBaseUrl);
+            if (!targetBaseUrl) {
+                throw new Error('targetBaseUrl is required, for example https://example.com/_next/ or https://example.com/assets/');
+            }
+            const generated = createOverrideProfileConfig({
+                adapter,
+                targetBaseUrl,
+                projectRoot: normalizeOptionalString(input.projectRoot),
+                assetRoot: normalizeOptionalString(input.assetRoot),
+                nextDir: normalizeOptionalString(input.nextDir),
+                configPath: normalizeOptionalString(input.configPath),
+                profileId: normalizeOptionalString(input.profileId),
+                profileName: normalizeOptionalString(input.profileName),
+                enabled: normalizeOptionalBooleanInput(input.enabled, 'enabled'),
+                profileEnabled: normalizeOptionalBooleanInput(input.profileEnabled, 'profileEnabled'),
+                autoReload: normalizeOptionalBooleanInput(input.autoReload, 'autoReload'),
+                includeManifestFiles: normalizeOptionalBooleanInput(input.includeManifestFiles, 'includeManifestFiles'),
+                includeStaticFiles: normalizeOptionalBooleanInput(input.includeStaticFiles, 'includeStaticFiles'),
+                extensions: normalizeOptionalStringArrayInput(input.extensions, 'extensions'),
+                maxRules: normalizeOptionalNumberInput(input.maxRules, 'maxRules'),
+            });
+            const writeConfig = normalizeOptionalBooleanInput(input.writeConfig, 'writeConfig') ?? false;
+            const overwrite = normalizeOptionalBooleanInput(input.overwrite, 'overwrite') ?? false;
+            const write = {
+                written: false,
+                path: generated.suggestedConfigPath,
+            };
+            let nextActions = generated.nextActions;
+            if (writeConfig && generated.ruleCount === 0) {
+                write.failureCode = 'NO_RULES';
+                write.message = 'Generated profile has no rules; config was not written.';
+                nextActions = [{
+                        code: 'BUILD_APP',
+                        message: 'Build the app so local assets exist, then generate the profile again.',
+                    }];
+            }
+            else if (writeConfig && existsSync(generated.suggestedConfigPath) && !overwrite) {
+                write.failureCode = 'CONFIG_EXISTS';
+                write.message = 'Config file already exists; pass overwrite=true or choose another configPath.';
+                nextActions = [{
+                        code: 'OVERWRITE_OR_CHOOSE_CONFIG_PATH',
+                        message: 'Pass overwrite=true to replace the config file, or choose a different configPath.',
+                    }, ...generated.nextActions];
+            }
+            else if (writeConfig) {
+                mkdirSync(dirname(generated.suggestedConfigPath), { recursive: true });
+                writeFileSync(generated.suggestedConfigPath, generated.configJson, 'utf8');
+                write.written = true;
+                write.bytes = Buffer.byteLength(generated.configJson, 'utf8');
+                nextActions = generated.nextActions.filter((action) => action.code !== 'SAVE_LOCAL_CONFIG');
+            }
+            return {
+                ...createBaseResponse(),
+                limitsApplied: {
+                    maxResults: generated.ruleCount,
+                    truncated: generated.warnings.some((warning) => warning.startsWith('Rule generation was limited')),
+                },
+                adapter: generated.adapter,
+                mode: generated.mode,
+                projectRoot: generated.projectRoot,
+                assetRoot: generated.assetRoot,
+                nextDir: generated.nextDir,
+                targetBaseUrl: generated.targetBaseUrl,
+                suggestedConfigPath: generated.suggestedConfigPath,
+                ruleCount: generated.ruleCount,
+                manifestFiles: generated.manifestFiles,
+                staticFileCount: generated.staticFileCount,
+                missingManifestAssetCount: generated.missingManifestAssetCount,
+                warnings: generated.warnings,
+                nextActions,
+                write,
+                profile: generated.profile,
+                config: generated.config,
+                configJson: generated.configJson,
+            };
+        },
+        validate_override_profile: async (input) => {
+            const profile = resolveOverrideProfileRecord(input.profileId);
+            const issues = buildOverrideProfileIssues(profile);
+            return {
+                ...createBaseResponse(),
+                profileId: profile.profileId,
+                valid: !issues.some((issue) => issue.severity === 'error'),
+                issues,
+                nextActions: buildOverrideProfileNextActions(profile, issues),
+                profile,
+            };
+        },
+        preflight_overrides: async (input) => {
+            const db = getDb();
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            const preflight = buildOverridePreflight({
+                db,
+                sessionId,
+                profileId: input.profileId,
+                getSessionConnectionState,
+            });
+            return {
+                ...createBaseResponse(sessionId),
+                ...preflight,
+            };
+        },
+        list_observed_override_assets: async (input) => {
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            const assets = listObservedOverrideAssets(getDb(), {
+                sessionId,
+                limit: typeof input.limit === 'number' ? input.limit : undefined,
+                sinceTimestamp: typeof input.sinceTimestamp === 'number' ? input.sinceTimestamp : undefined,
+            });
             return {
                 ...createBaseResponse(sessionId),
                 limitsApplied: {
-                    maxResults: 1,
+                    maxResults: assets.length,
                     truncated: false,
                 },
-                session: {
-                    sessionId: session.session_id,
-                    createdAt: session.created_at,
-                    pausedAt: session.paused_at ?? undefined,
-                    endedAt: session.ended_at ?? undefined,
-                    status: session.ended_at ? 'ended' : session.paused_at ? 'paused' : 'active',
-                    tabId: session.tab_id ?? undefined,
-                    windowId: session.window_id ?? undefined,
-                    urlStart: session.url_start ?? undefined,
-                    urlLast: session.url_last ?? undefined,
-                    viewport: session.viewport_w !== null && session.viewport_h !== null
-                        ? {
-                            width: session.viewport_w,
-                            height: session.viewport_h,
-                        }
-                        : undefined,
-                    dpr: session.dpr ?? undefined,
-                    safeMode: session.safe_mode === 1,
-                    pinned: session.pinned === 1,
+                assets,
+            };
+        },
+        plan_override_response_patch: async (input) => {
+            const sessionId = getSessionId(input);
+            const plan = planOverrideResponsePatch(input);
+            const variantContext = buildOverrideVariantContext({
+                targetUrl: plan.targetUrl,
+                requestMethod: plan.requestMethod,
+                matchMode: plan.matchMode,
+                ruleType: plan.ruleType,
+                captureMode: input.captureMode,
+                source: input.source,
+                triggerReload: input.triggerReload,
+                requestHeaders: input.requestHeaders,
+            });
+            const auditPlan = persistResponsePlanAudit({
+                db: getDb(),
+                sessionId,
+                input,
+                plan,
+                variantContext,
+            });
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: plan.rule ? 1 : 0,
+                    truncated: false,
                 },
-                liveConnection: connection
-                    ? {
-                        connected: connection.connected,
-                        connectedAt: connection.connectedAt,
-                        lastHeartbeatAt: connection.lastHeartbeatAt,
-                        disconnectedAt: connection.disconnectedAt,
-                        disconnectReason: connection.disconnectReason,
-                        staleForMs,
-                    }
-                    : {
-                        connected: false,
-                        staleForMs,
-                    },
-                recommendedAction: connection?.connected
-                    ? 'ready'
-                    : session.ended_at
-                        ? 'start_new_session'
-                        : 'reconnect_extension',
+                variantContext,
+                audit: {
+                    persisted: auditPlan !== undefined,
+                    plans: auditPlan ? [auditPlan] : [],
+                },
+                ...plan,
             };
         },
-        get_session_summary: async (input) => {
+        map_next_override_assets: async (input) => {
+            const projectRoot = normalizeOptionalString(input.projectRoot);
+            if (!projectRoot) {
+                throw new Error('projectRoot is required');
+            }
+            const sessionId = getSessionId(input);
+            const observedAssets = Array.isArray(input.observedAssets)
+                ? input.observedAssets
+                : sessionId
+                    ? listObservedOverrideAssets(getDb(), { sessionId })
+                    : input.observedAssets;
+            const mapping = await mapNextOverrideAssetsWithDrift({
+                projectRoot,
+                nextDir: normalizeOptionalString(input.nextDir),
+                observedAssets,
+                sourcePaths: input.sourcePaths,
+                route: input.route,
+                maxResults: input.maxResults,
+                fetchProductionAssets: input.fetchProductionAssets,
+                productionFetchTimeoutMs: input.productionFetchTimeoutMs,
+                maxProductionAssetBytes: input.maxProductionAssetBytes,
+                maxDriftCandidates: input.maxDriftCandidates,
+                productionFetchConcurrency: input.productionFetchConcurrency,
+            });
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: mapping.candidates.length,
+                    truncated: false,
+                },
+                observedFromPersisted: !Array.isArray(input.observedAssets) && sessionId
+                    ? { sessionId, assetCount: Array.isArray(observedAssets) ? observedAssets.length : 0 }
+                    : undefined,
+                ...mapping,
+            };
+        },
+        plan_next_source_override: async (input) => {
+            const projectRoot = normalizeOptionalString(input.projectRoot);
+            if (!projectRoot) {
+                throw new Error('projectRoot is required');
+            }
+            const sessionId = getSessionId(input);
+            const observedAssets = Array.isArray(input.observedAssets)
+                ? input.observedAssets
+                : sessionId
+                    ? listObservedOverrideAssets(getDb(), { sessionId })
+                    : input.observedAssets;
+            const plan = await planNextSourceOverride({
+                projectRoot,
+                nextDir: normalizeOptionalString(input.nextDir),
+                observedAssets,
+                sourceEdits: input.sourceEdits,
+                sourcePaths: input.sourcePaths,
+                route: input.route,
+                configPath: input.configPath,
+                writeConfig: input.writeConfig,
+                overwrite: input.overwrite,
+                enabled: input.enabled,
+                profileEnabled: input.profileEnabled,
+                autoReload: input.autoReload,
+                profileId: input.profileId,
+                profileName: input.profileName,
+                buildTimeoutMs: input.buildTimeoutMs,
+                maxRules: input.maxRules,
+                fetchProductionAssets: input.fetchProductionAssets,
+                productionFetchTimeoutMs: input.productionFetchTimeoutMs,
+                maxProductionAssetBytes: input.maxProductionAssetBytes,
+                maxDriftCandidates: input.maxDriftCandidates,
+                productionFetchConcurrency: input.productionFetchConcurrency,
+                overlayTtlMs: input.overlayTtlMs,
+            });
+            const auditPlans = persistNextSourcePlanAudits({
+                db: getDb(),
+                sessionId,
+                input,
+                plan,
+            });
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: plan.rules.length,
+                    truncated: false,
+                },
+                observedFromPersisted: !Array.isArray(input.observedAssets) && sessionId
+                    ? { sessionId, assetCount: Array.isArray(observedAssets) ? observedAssets.length : 0 }
+                    : undefined,
+                audit: {
+                    persisted: auditPlans.length > 0,
+                    plans: auditPlans,
+                },
+                ...plan,
+            };
+        },
+        get_override_status: async (input) => {
+            const db = getDb();
+            const sessionId = getSessionId(input);
+            const profile = resolveOverrideProfileRecord(input.profileId);
+            const latestRun = sessionId ? listOverridePocRuns(db, sessionId, 1, 0).runs[0] ?? null : null;
+            const recentRequests = sessionId
+                ? listOverridePocRequests(db, sessionId, 5, 0, latestRun?.runId).requests
+                : [];
+            const recentPlans = sessionId
+                ? listOverridePlanAudits(db, { sessionId, limit: 5, offset: 0 }).plans
+                : [];
+            return {
+                ...createBaseResponse(sessionId),
+                profile,
+                latestRun,
+                recentRequests,
+                recentPlans,
+                preflight: sessionId
+                    ? buildOverridePreflight({
+                        db,
+                        sessionId,
+                        profileId: input.profileId,
+                        getSessionConnectionState,
+                    })
+                    : null,
+                diagnosis: sessionId ? diagnoseOverridePoc(db, sessionId, latestRun?.runId) : null,
+                nextActions: latestRun?.lastErrorCode
+                    ? [{ code: 'DIAGNOSE_OVERRIDES', message: 'Run diagnose_overrides for the latest failed override run.' }]
+                    : latestRun
+                        ? [{ code: 'GET_OVERRIDE_REQUEST_LOG', message: 'Inspect get_override_request_log for matched and fulfilled requests.' }]
+                        : [{ code: 'ENABLE_OVERRIDES', message: 'Enable overrides on a connected session after profile validation succeeds.' }],
+            };
+        },
+        get_override_request_log: async (input) => {
+            const db = getDb();
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            const limit = resolveLimit(input.limit, DEFAULT_EVENT_LIMIT);
+            const offset = resolveOffset(input.offset);
+            const maxResponseBytes = resolveMaxResponseBytes(input.maxResponseBytes);
+            const runId = typeof input.runId === 'string' && input.runId.trim().length > 0
+                ? input.runId.trim()
+                : undefined;
+            const result = listOverridePocRequests(db, sessionId, limit, offset, runId);
+            const bytePage = applyByteBudget(result.requests, maxResponseBytes);
+            const truncated = result.hasMore || bytePage.truncatedByBytes;
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: limit,
+                    truncated,
+                },
+                runId: runId ?? null,
+                pagination: buildOffsetPagination(offset, bytePage.items.length, truncated, maxResponseBytes),
+                responseBytes: bytePage.responseBytes,
+                requests: bytePage.items,
+                nextActions: bytePage.items.length === 0
+                    ? [{ code: 'RELOAD_TAB', message: 'Reload the selected tab after enabling overrides so matching requests are observed.' }]
+                    : [{ code: 'DIAGNOSE_OVERRIDES', message: 'Run diagnose_overrides if any matched request failed or did not fulfill.' }],
+            };
+        },
+        get_override_plan_log: async (input) => {
+            const db = getDb();
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            const limit = resolveLimit(input.limit, DEFAULT_EVENT_LIMIT);
+            const offset = resolveOffset(input.offset);
+            const maxResponseBytes = resolveMaxResponseBytes(input.maxResponseBytes);
+            const planId = typeof input.planId === 'string' && input.planId.trim().length > 0
+                ? input.planId.trim()
+                : undefined;
+            const result = listOverridePlanAudits(db, { sessionId, limit, offset, planId });
+            const bytePage = applyByteBudget(result.plans, maxResponseBytes);
+            const truncated = result.hasMore || bytePage.truncatedByBytes;
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: limit,
+                    truncated,
+                },
+                planId: planId ?? null,
+                pagination: buildOffsetPagination(offset, bytePage.items.length, truncated, maxResponseBytes),
+                responseBytes: bytePage.responseBytes,
+                plans: bytePage.items,
+                nextActions: bytePage.items.length === 0
+                    ? [{ code: 'PLAN_OVERRIDE', message: 'Run plan_override_response_patch or plan_next_source_override with sessionId to persist generated rule metadata.' }]
+                    : [{ code: 'REVIEW_ROLLBACK', message: 'Review rollback metadata before enabling or deleting generated override files.' }],
+            };
+        },
+        diagnose_overrides: async (input) => {
             const db = getDb();
             const sessionId = getSessionId(input);
             if (!sessionId) {
                 throw new Error('sessionId is required');
             }
-            const session = db
-                .prepare('SELECT session_id, created_at, ended_at, url_last, pinned FROM sessions WHERE session_id = ?')
-                .get(sessionId);
-            if (!session) {
-                throw new Error(`Session not found: ${sessionId}`);
-            }
-            const counters = db
-                .prepare(`
-        SELECT
-          SUM(CASE WHEN type = 'error' THEN 1 ELSE 0 END) AS errors,
-          SUM(CASE WHEN type = 'console' AND json_extract(payload_json, '$.level') = 'warn' THEN 1 ELSE 0 END) AS warnings
-        FROM events
-        WHERE session_id = ?
-      `)
-                .get(sessionId);
-            const networkFails = db
-                .prepare(`
-        SELECT COUNT(*) AS count
-        FROM network
-        WHERE session_id = ?
-          AND (error_class IS NOT NULL OR COALESCE(status, 0) >= 400)
-      `)
-                .get(sessionId);
-            const latestNav = db
-                .prepare(`
-        SELECT payload_json
-        FROM events
-        WHERE session_id = ? AND type = 'nav'
-        ORDER BY ts DESC
-        LIMIT 1
-      `)
-                .get(sessionId);
-            const eventRange = db
-                .prepare(`
-        SELECT MIN(ts) AS start_ts, MAX(ts) AS end_ts
-        FROM events
-        WHERE session_id = ?
-      `)
-                .get(sessionId);
-            const navPayload = latestNav ? readJsonPayload(latestNav.payload_json) : {};
-            const lastUrl = resolveLastUrl(navPayload) ?? session.url_last ?? undefined;
+            const runId = typeof input.runId === 'string' && input.runId.trim().length > 0
+                ? input.runId.trim()
+                : undefined;
+            const diagnosis = diagnoseOverridePoc(db, sessionId, runId);
+            const firstIssue = diagnosis.issues[0];
             return {
                 ...createBaseResponse(sessionId),
-                counts: {
-                    errors: counters.errors ?? 0,
-                    warnings: counters.warnings ?? 0,
-                    networkFails: networkFails.count,
-                },
-                lastUrl,
-                timeRange: {
-                    start: eventRange.start_ts ?? session.created_at,
-                    end: eventRange.end_ts ?? session.ended_at ?? session.created_at,
-                },
-                pinned: session.pinned === 1,
+                diagnosis,
+                nextActions: firstIssue?.suggestedActions[0]
+                    ? [{ code: firstIssue.code, message: firstIssue.suggestedActions[0] }]
+                    : [{ code: 'NO_DIAGNOSIS_ISSUES', message: 'No diagnosis issues were found for the selected override run.' }],
             };
         },
         get_recent_events: async (input) => {
@@ -3822,7 +5691,7 @@ export function createV1ToolHandlers(getDb, getSessionConnectionState) {
         },
     };
 }
-export function createV2ToolHandlers(captureClient) {
+export function createV2ToolHandlers(captureClient, getDb, getSessionConnectionState) {
     const capturePageState = async (sessionId, input) => {
         const maxItems = resolveStructuredMaxItems(input.maxItems, 40);
         const maxTextLength = resolveStructuredTextLength(input.maxTextLength, 80);
@@ -3845,6 +5714,601 @@ export function createV2ToolHandlers(captureClient) {
         };
     };
     return {
+        observe_override_assets: async (input) => {
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            const tabId = resolveOptionalTabId(input.tabId);
+            const { capture, payload } = await executeOverrideLiveCaptureWithDiagnostics({
+                captureClient,
+                sessionId,
+                command: 'CAPTURE_OVERRIDE_OBSERVE_ASSETS',
+                payload: { tabId, includePerformance: input.includePerformance !== false },
+                timeoutMs: 5_000,
+                getSessionConnectionState,
+            });
+            const assetCount = Array.isArray(payload.assets) ? payload.assets.length : 0;
+            const persisted = getDb
+                ? persistObservedOverrideAssets(getDb(), { ...payload, sessionId, tabId: payload.tabId ?? tabId })
+                : undefined;
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: assetCount,
+                    truncated: capture.truncated ?? false,
+                },
+                persisted,
+                ...payload,
+                nextActions: assetCount > 0
+                    ? [{ code: 'MAP_NEXT_ASSETS', message: 'Run map_next_override_assets with projectRoot and sourcePaths to score override candidates.' }]
+                    : [{ code: 'LOAD_ROUTE', message: 'Load or interact with the target route so document, asset, and fetch resources are requested, then observe again.' }],
+            };
+        },
+        capture_override_response_body: async (input) => {
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            const targetUrl = normalizeOptionalString(input.targetUrl) ?? normalizeOptionalString(input.targetAssetUrl);
+            if (!targetUrl) {
+                throw new Error('targetUrl is required');
+            }
+            assertOverrideResponseRequestCaptureSafe({
+                requestMethod: input.requestMethod,
+                requestHeaders: input.requestHeaders,
+                ruleType: input.ruleType,
+                subject: 'Response body capture request',
+            });
+            const tabId = resolveOptionalTabId(input.tabId);
+            const timeoutMs = resolveTimeoutMs(input.timeoutMs, 10_000, 60_000);
+            const { capture, payload } = await executeOverrideLiveCaptureWithDiagnostics({
+                captureClient,
+                sessionId,
+                command: 'CAPTURE_OVERRIDE_RESPONSE_BODY',
+                payload: {
+                    targetUrl,
+                    tabId,
+                    captureMode: normalizeOptionalString(input.captureMode),
+                    triggerReload: typeof input.triggerReload === 'boolean' ? input.triggerReload : undefined,
+                    matchMode: normalizeOptionalString(input.matchMode),
+                    ruleType: normalizeOptionalString(input.ruleType),
+                    requestMethod: input.requestMethod,
+                    requestHeaders: isRecord(input.requestHeaders) ? input.requestHeaders : undefined,
+                    timeoutMs,
+                    maxBodyBytes: input.maxBodyBytes,
+                    includeBody: input.includeBody === true,
+                },
+                timeoutMs: timeoutMs + 2_000,
+                getSessionConnectionState,
+            });
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: 1,
+                    truncated: capture.truncated ?? payload.truncated === true,
+                },
+                ...payload,
+                nextActions: payload.bodyCaptured === true
+                    ? [{ code: 'PLAN_RESPONSE_PATCH', message: 'Run plan_override_response_patch with textPatches or jsonPatches to generate an exact response override.' }]
+                    : [{ code: 'UNSUPPORTED_RESPONSE_BODY', message: 'Only bounded text-like response bodies can be patched safely.' }],
+            };
+        },
+        plan_override_response_patch: async (input) => {
+            const sessionId = getSessionId(input);
+            let plannerInput = input;
+            let capturedFromLiveSession;
+            const hasProvidedBody = typeof input.responseBodyText === 'string'
+                || typeof input.bodyText === 'string'
+                || typeof input.responseBodyBase64 === 'string'
+                || typeof input.bodyBase64 === 'string';
+            if (!hasProvidedBody && sessionId) {
+                const targetUrl = normalizeOptionalString(input.targetUrl) ?? normalizeOptionalString(input.targetAssetUrl);
+                if (!targetUrl) {
+                    throw new Error('targetUrl is required');
+                }
+                const tabId = resolveOptionalTabId(input.tabId);
+                const timeoutMs = resolveTimeoutMs(input.timeoutMs, 10_000, 60_000);
+                const { payload } = await executeOverrideLiveCaptureWithDiagnostics({
+                    captureClient,
+                    sessionId,
+                    command: 'CAPTURE_OVERRIDE_RESPONSE_BODY',
+                    payload: {
+                        targetUrl,
+                        tabId,
+                        captureMode: normalizeOptionalString(input.captureMode),
+                        triggerReload: typeof input.triggerReload === 'boolean' ? input.triggerReload : undefined,
+                        matchMode: normalizeOptionalString(input.matchMode),
+                        ruleType: normalizeOptionalString(input.ruleType),
+                        requestMethod: input.requestMethod,
+                        requestHeaders: isRecord(input.requestHeaders) ? input.requestHeaders : undefined,
+                        timeoutMs,
+                        maxBodyBytes: input.maxBodyBytes,
+                        includeBody: true,
+                    },
+                    timeoutMs: timeoutMs + 2_000,
+                    getSessionConnectionState,
+                });
+                if (payload.truncated === true) {
+                    throw new Error('Captured response body was truncated; increase maxBodyBytes before planning a patch.');
+                }
+                if (typeof payload.bodyText !== 'string') {
+                    throw new Error('Captured response did not include a text body that can be patched.');
+                }
+                plannerInput = {
+                    ...input,
+                    responseBodyText: payload.bodyText,
+                    contentType: input.contentType ?? payload.contentType,
+                    ruleType: input.ruleType ?? payload.ruleType,
+                    requestMethod: input.requestMethod ?? payload.requestMethod,
+                    captureMode: input.captureMode ?? payload.captureMode,
+                    source: payload.source,
+                    requestHeaders: payload.requestHeaders,
+                };
+                const variantContext = buildOverrideVariantContext({
+                    targetUrl: payload.targetUrl,
+                    requestMethod: input.requestMethod ?? payload.requestMethod,
+                    matchMode: payload.matchMode,
+                    ruleType: input.ruleType ?? payload.ruleType,
+                    captureMode: payload.captureMode,
+                    source: payload.source,
+                    triggerReload: payload.triggerReload,
+                    requestHeaders: payload.requestHeaders,
+                });
+                capturedFromLiveSession = {
+                    sessionId,
+                    targetUrl: payload.targetUrl,
+                    requestMethod: input.requestMethod ?? payload.requestMethod,
+                    statusCode: payload.statusCode,
+                    contentType: payload.contentType,
+                    bodyBytes: payload.bodyBytes,
+                    capturedBytes: payload.capturedBytes,
+                    truncated: payload.truncated === true,
+                    ruleType: payload.ruleType,
+                    matchMode: payload.matchMode,
+                    captureMode: payload.captureMode,
+                    source: payload.source,
+                    tabId: payload.tabId,
+                    triggerReload: payload.triggerReload,
+                    requestHeaders: payload.requestHeaders,
+                    variantContext,
+                };
+            }
+            const plan = planOverrideResponsePatch(plannerInput);
+            const variantContext = buildOverrideVariantContext({
+                targetUrl: plan.targetUrl,
+                requestMethod: plan.requestMethod,
+                matchMode: plan.matchMode,
+                ruleType: plan.ruleType,
+                captureMode: plannerInput.captureMode,
+                source: plannerInput.source,
+                triggerReload: plannerInput.triggerReload,
+                requestHeaders: plannerInput.requestHeaders,
+            });
+            const auditPlan = getDb
+                ? persistResponsePlanAudit({
+                    db: getDb(),
+                    sessionId,
+                    input,
+                    plan,
+                    capturedFromLiveSession,
+                    variantContext,
+                })
+                : undefined;
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: plan.rule ? 1 : 0,
+                    truncated: false,
+                },
+                capturedFromLiveSession,
+                variantContext,
+                audit: {
+                    persisted: auditPlan !== undefined,
+                    plans: auditPlan ? [auditPlan] : [],
+                },
+                ...plan,
+            };
+        },
+        map_next_override_assets: async (input) => {
+            const projectRoot = normalizeOptionalString(input.projectRoot);
+            if (!projectRoot) {
+                throw new Error('projectRoot is required');
+            }
+            const sessionId = getSessionId(input);
+            let observedAssets = input.observedAssets;
+            let observedFromLiveTab;
+            let observedFromPersisted;
+            if (!Array.isArray(observedAssets) && sessionId) {
+                const tabId = resolveOptionalTabId(input.tabId);
+                const command = 'CAPTURE_OVERRIDE_OBSERVE_ASSETS';
+                const timeoutMs = 5_000;
+                try {
+                    const capture = await executeLiveCapture(captureClient, sessionId, command, { tabId, includePerformance: true }, timeoutMs);
+                    observedFromLiveTab = ensureCaptureSuccess(capture, sessionId);
+                    observedAssets = observedFromLiveTab.assets;
+                    if (getDb) {
+                        persistObservedOverrideAssets(getDb(), { ...observedFromLiveTab, sessionId, tabId: observedFromLiveTab.tabId ?? tabId });
+                    }
+                }
+                catch (error) {
+                    if (getDb && isRecoverableOverrideLiveCommandError(error)) {
+                        observedAssets = listObservedOverrideAssets(getDb(), { sessionId });
+                        observedFromPersisted = { sessionId, assetCount: Array.isArray(observedAssets) ? observedAssets.length : 0 };
+                    }
+                    else if (isRecoverableOverrideLiveCommandError(error)) {
+                        throw createOverrideLiveCommandError({
+                            sessionId,
+                            command,
+                            timeoutMs,
+                            error,
+                            getSessionConnectionState,
+                        });
+                    }
+                    else {
+                        throw error;
+                    }
+                }
+            }
+            const mapping = await mapNextOverrideAssetsWithDrift({
+                projectRoot,
+                nextDir: normalizeOptionalString(input.nextDir),
+                observedAssets,
+                sourcePaths: input.sourcePaths,
+                route: input.route,
+                maxResults: input.maxResults,
+                fetchProductionAssets: input.fetchProductionAssets,
+                productionFetchTimeoutMs: input.productionFetchTimeoutMs,
+                maxProductionAssetBytes: input.maxProductionAssetBytes,
+                maxDriftCandidates: input.maxDriftCandidates,
+                productionFetchConcurrency: input.productionFetchConcurrency,
+            });
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: mapping.candidates.length,
+                    truncated: false,
+                },
+                observedFromLiveTab: observedFromLiveTab
+                    ? {
+                        pageUrl: observedFromLiveTab.pageUrl,
+                        tabId: observedFromLiveTab.tabId,
+                        assetCount: Array.isArray(observedFromLiveTab.assets) ? observedFromLiveTab.assets.length : 0,
+                    }
+                    : undefined,
+                observedFromPersisted,
+                ...mapping,
+            };
+        },
+        plan_next_source_override: async (input) => {
+            const projectRoot = normalizeOptionalString(input.projectRoot);
+            if (!projectRoot) {
+                throw new Error('projectRoot is required');
+            }
+            const sessionId = getSessionId(input);
+            let observedAssets = input.observedAssets;
+            let observedFromLiveTab;
+            let observedFromPersisted;
+            if (!Array.isArray(observedAssets) && sessionId) {
+                const tabId = resolveOptionalTabId(input.tabId);
+                const command = 'CAPTURE_OVERRIDE_OBSERVE_ASSETS';
+                const timeoutMs = 5_000;
+                try {
+                    const capture = await executeLiveCapture(captureClient, sessionId, command, { tabId, includePerformance: true }, timeoutMs);
+                    observedFromLiveTab = ensureCaptureSuccess(capture, sessionId);
+                    observedAssets = observedFromLiveTab.assets;
+                    if (getDb) {
+                        persistObservedOverrideAssets(getDb(), { ...observedFromLiveTab, sessionId, tabId: observedFromLiveTab.tabId ?? tabId });
+                    }
+                }
+                catch (error) {
+                    if (getDb && isRecoverableOverrideLiveCommandError(error)) {
+                        observedAssets = listObservedOverrideAssets(getDb(), { sessionId });
+                        observedFromPersisted = { sessionId, assetCount: Array.isArray(observedAssets) ? observedAssets.length : 0 };
+                    }
+                    else if (isRecoverableOverrideLiveCommandError(error)) {
+                        throw createOverrideLiveCommandError({
+                            sessionId,
+                            command,
+                            timeoutMs,
+                            error,
+                            getSessionConnectionState,
+                        });
+                    }
+                    else {
+                        throw error;
+                    }
+                }
+            }
+            const plan = await planNextSourceOverride({
+                projectRoot,
+                nextDir: normalizeOptionalString(input.nextDir),
+                observedAssets,
+                sourceEdits: input.sourceEdits,
+                sourcePaths: input.sourcePaths,
+                route: input.route,
+                configPath: input.configPath,
+                writeConfig: input.writeConfig,
+                overwrite: input.overwrite,
+                enabled: input.enabled,
+                profileEnabled: input.profileEnabled,
+                autoReload: input.autoReload,
+                profileId: input.profileId,
+                profileName: input.profileName,
+                buildTimeoutMs: input.buildTimeoutMs,
+                maxRules: input.maxRules,
+                fetchProductionAssets: input.fetchProductionAssets,
+                productionFetchTimeoutMs: input.productionFetchTimeoutMs,
+                maxProductionAssetBytes: input.maxProductionAssetBytes,
+                maxDriftCandidates: input.maxDriftCandidates,
+                productionFetchConcurrency: input.productionFetchConcurrency,
+                overlayTtlMs: input.overlayTtlMs,
+            });
+            const auditPlans = getDb
+                ? persistNextSourcePlanAudits({
+                    db: getDb(),
+                    sessionId,
+                    input,
+                    plan,
+                })
+                : [];
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: plan.rules.length,
+                    truncated: false,
+                },
+                observedFromLiveTab: observedFromLiveTab
+                    ? {
+                        pageUrl: observedFromLiveTab.pageUrl,
+                        tabId: observedFromLiveTab.tabId,
+                        assetCount: Array.isArray(observedFromLiveTab.assets) ? observedFromLiveTab.assets.length : 0,
+                    }
+                    : undefined,
+                observedFromPersisted,
+                audit: {
+                    persisted: auditPlans.length > 0,
+                    plans: auditPlans,
+                },
+                ...plan,
+            };
+        },
+        get_override_status: async (input) => {
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            const command = 'CAPTURE_OVERRIDE_POC_GET_STATUS';
+            const timeoutMs = 3_000;
+            let capture;
+            let payload;
+            try {
+                capture = await executeLiveCapture(captureClient, sessionId, command, {}, timeoutMs);
+                payload = ensureCaptureSuccess(capture, sessionId);
+            }
+            catch (error) {
+                if (!getDb || !isRecoverableOverrideLiveCommandError(error)) {
+                    throw error;
+                }
+                const persisted = buildPersistedOverrideStatus({
+                    db: getDb(),
+                    sessionId,
+                    profileId: input.profileId,
+                    getSessionConnectionState,
+                });
+                const liveStatus = buildOverrideLiveCommandFailure({
+                    sessionId,
+                    command,
+                    timeoutMs,
+                    error,
+                    getSessionConnectionState,
+                });
+                return {
+                    ...createBaseResponse(sessionId),
+                    limitsApplied: {
+                        maxResults: 1,
+                        truncated: false,
+                    },
+                    statusSource: 'persisted-audit',
+                    liveStatus,
+                    ...persisted,
+                    nextActions: [
+                        { code: 'RECONNECT_OR_RETRY_OVERRIDE_STATUS', message: 'Reconnect or rebind the top-level session, then retry get_override_status for live debugger state.' },
+                        { code: 'DIAGNOSE_OVERRIDES', message: 'Run diagnose_overrides to inspect persisted run and readiness signals while live status is unavailable.' },
+                    ],
+                };
+            }
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: 1,
+                    truncated: capture.truncated ?? false,
+                },
+                statusSource: 'live',
+                liveStatus: {
+                    available: true,
+                    command,
+                    timeoutMs,
+                },
+                preflight: getDb
+                    ? buildOverridePreflight({
+                        db: getDb(),
+                        sessionId,
+                        profileId: input.profileId,
+                        getSessionConnectionState,
+                    })
+                    : null,
+                ...payload,
+                nextActions: payload.lastErrorCode
+                    ? [{ code: 'DIAGNOSE_OVERRIDES', message: 'Run diagnose_overrides for the latest override failure.' }]
+                    : payload.active === true
+                        ? [{ code: 'GET_OVERRIDE_REQUEST_LOG', message: 'Inspect get_override_request_log after the target tab loads matching assets.' }]
+                        : [{ code: 'ENABLE_OVERRIDES', message: 'Enable overrides after validating the selected profile.' }],
+            };
+        },
+        preflight_overrides: async (input) => {
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            if (!getDb) {
+                throw new Error('preflight_overrides requires database-backed override state');
+            }
+            return {
+                ...createBaseResponse(sessionId),
+                ...buildOverridePreflight({
+                    db: getDb(),
+                    sessionId,
+                    profileId: input.profileId,
+                    getSessionConnectionState,
+                }),
+            };
+        },
+        enable_overrides: async (input) => {
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            const tabId = resolveOptionalTabId(input.tabId);
+            let preflight = getDb
+                ? buildOverridePreflight({
+                    db: getDb(),
+                    sessionId,
+                    profileId: input.profileId,
+                    getSessionConnectionState,
+                })
+                : null;
+            let observedBeforeEnable;
+            let observedAssetRefreshError;
+            const initialBlockingCodes = getBlockingPreflightCodes(preflight);
+            const initialProfile = isRecord(preflight?.profile) ? preflight.profile : {};
+            const initialExperimentalBypass = canBypassPreflightForExperimentalRsc(initialProfile, initialBlockingCodes);
+            if (preflight && getDb && !initialExperimentalBypass && shouldRefreshObservedAssetsForEnable(preflight)) {
+                try {
+                    observedBeforeEnable = await refreshObservedAssetsForOverrideEnable({
+                        captureClient,
+                        db: getDb(),
+                        sessionId,
+                        tabId,
+                        getSessionConnectionState,
+                    });
+                    preflight = buildOverridePreflight({
+                        db: getDb(),
+                        sessionId,
+                        profileId: input.profileId,
+                        getSessionConnectionState,
+                    });
+                }
+                catch (error) {
+                    observedAssetRefreshError = error instanceof Error ? error.message : String(error);
+                }
+            }
+            if (preflight && preflight.ready !== true) {
+                const blockingCodes = getBlockingPreflightCodes(preflight);
+                const profile = isRecord(preflight.profile) ? preflight.profile : {};
+                if (!canBypassPreflightForExperimentalRsc(profile, blockingCodes)) {
+                    const refreshSuffix = observedAssetRefreshError
+                        ? `; observed asset refresh failed: ${observedAssetRefreshError}`
+                        : '';
+                    throw new Error(`Override preflight failed: ${blockingCodes.join(', ') || 'UNKNOWN'}${refreshSuffix}`);
+                }
+            }
+            const command = 'CAPTURE_OVERRIDE_POC_ENABLE';
+            const timeoutMs = 8_000;
+            let capture;
+            let payload;
+            try {
+                capture = await executeLiveCapture(captureClient, sessionId, command, { tabId }, timeoutMs);
+                payload = ensureCaptureSuccess(capture, sessionId);
+            }
+            catch (error) {
+                throw createOverrideLiveCommandError({
+                    sessionId,
+                    command,
+                    timeoutMs,
+                    error,
+                    getSessionConnectionState,
+                });
+            }
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: 1,
+                    truncated: capture.truncated ?? false,
+                },
+                preflight,
+                observedBeforeEnable,
+                ...payload,
+                nextActions: [{ code: 'RELOAD_OR_INTERACT', message: 'Reload or interact with the tab so configured asset requests occur under the active override.' }],
+            };
+        },
+        disable_overrides: async (input) => {
+            const sessionId = getSessionId(input);
+            if (!sessionId) {
+                throw new Error('sessionId is required');
+            }
+            const command = 'CAPTURE_OVERRIDE_POC_DISABLE';
+            const timeoutMs = 5_000;
+            let capture;
+            let payload;
+            try {
+                capture = await executeLiveCapture(captureClient, sessionId, command, {}, timeoutMs);
+                payload = ensureCaptureSuccess(capture, sessionId);
+            }
+            catch (error) {
+                if (!getDb || !isRecoverableOverrideLiveCommandError(error)) {
+                    throw createOverrideLiveCommandError({
+                        sessionId,
+                        command,
+                        timeoutMs,
+                        error,
+                        getSessionConnectionState,
+                    });
+                }
+                const persisted = buildPersistedOverrideStatus({
+                    db: getDb(),
+                    sessionId,
+                    profileId: input.profileId,
+                    getSessionConnectionState,
+                });
+                const disableAttempt = buildOverrideLiveCommandFailure({
+                    sessionId,
+                    command,
+                    timeoutMs,
+                    error,
+                    getSessionConnectionState,
+                });
+                return {
+                    ...createBaseResponse(sessionId),
+                    limitsApplied: {
+                        maxResults: 1,
+                        truncated: false,
+                    },
+                    statusSource: 'persisted-audit',
+                    disableAttempt,
+                    ...persisted,
+                    nextActions: [
+                        { code: 'RECONNECT_OR_RETRY_DISABLE', message: 'Reconnect or rebind the top-level session, then retry disable_overrides to confirm debugger detachment.' },
+                        { code: 'GET_OVERRIDE_STATUS', message: 'Run get_override_status after reconnecting to verify whether the override is still active.' },
+                    ],
+                };
+            }
+            return {
+                ...createBaseResponse(sessionId),
+                limitsApplied: {
+                    maxResults: 1,
+                    truncated: capture.truncated ?? false,
+                },
+                statusSource: 'live',
+                disableAttempt: {
+                    ok: true,
+                    command,
+                    timeoutMs,
+                },
+                ...payload,
+                nextActions: [{ code: 'VERIFY_DISABLED', message: 'Run get_override_status if you need to confirm the debugger override is inactive.' }],
+            };
+        },
         get_dom_subtree: async (input) => {
             const sessionId = getSessionId(input);
             if (!sessionId) {
@@ -4522,7 +6986,9 @@ export async function routeToolCall(tools, toolName, input) {
 }
 export function createMCPServer(overrides = {}, options = {}) {
     const logger = options.logger ?? createDefaultMcpLogger();
-    const v2Handlers = options.captureClient ? createV2ToolHandlers(options.captureClient) : {};
+    const v2Handlers = options.captureClient
+        ? createV2ToolHandlers(options.captureClient, () => getConnection().db, options.getSessionConnectionState)
+        : {};
     const tools = createToolRegistry({
         ...createV1ToolHandlers(() => getConnection().db, options.getSessionConnectionState),
         ...v2Handlers,