github-router 0.3.16 → 0.3.18

package/dist/main.js

@@ -4,18 +4,18 @@ import consola from "consola";
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
-import { randomBytes, randomUUID } from "node:crypto";
+import { randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
 import process$1 from "node:process";
+import { execFileSync, spawn } from "node:child_process";
 import fs$1 from "node:fs";
 import { Writable } from "node:stream";
-import { execFileSync, spawn } from "node:child_process";
 import { serve } from "srvx";
 import { getProxyForUrl } from "proxy-from-env";
 import { Agent, ProxyAgent, setGlobalDispatcher } from "undici";
 import { Hono } from "hono";
 import { cors } from "hono/cors";
-import { streamSSE } from "hono/streaming";
 import { events } from "fetch-event-stream";
+import { z } from "zod";
 import clipboard from "clipboardy";
 
 //#region src/lib/paths.ts
@@ -31,11 +31,26 @@ const PATHS = {
 	},
 	get ERROR_LOG_PATH() {
 		return path.join(appDir(), "error.log");
+	},
+	get CODEX_HOME() {
+		return path.join(appDir(), "codex-isolated");
+	},
+	get CLAUDE_RUNTIME_DIR() {
+		return path.join(appDir(), "runtime");
 	}
 };
 async function ensurePaths() {
 	await fs.mkdir(PATHS.APP_DIR, { recursive: true });
+	await fs.mkdir(PATHS.CODEX_HOME, { recursive: true });
+	await fs.mkdir(PATHS.CLAUDE_RUNTIME_DIR, { recursive: true });
+	await chmodIfPossible(PATHS.CLAUDE_RUNTIME_DIR, 448);
 	await ensureFile(PATHS.GITHUB_TOKEN_PATH);
+	await sweepStaleRuntimeFiles().catch((err) => {
+		consola.debug("Runtime sweep skipped:", err);
+	});
+	await sweepStalePeerAgentMdFiles().catch((err) => {
+		consola.debug("Peer-agent .md sweep skipped:", err);
+	});
 }
 async function ensureFile(filePath) {
 	try {
@@ -45,6 +60,129 @@ async function ensureFile(filePath) {
 		await fs.chmod(filePath, 384);
 	}
 }
+async function chmodIfPossible(target, mode) {
+	if (process.platform === "win32") return;
+	try {
+		await fs.chmod(target, mode);
+	} catch (err) {
+		consola.debug(`chmod ${target} ${mode.toString(8)} failed:`, err);
+	}
+}
+/**
+* Write a runtime tempfile securely.
+*
+*   - Mode `0o600` so other local users (multi-tenant boxes, shared
+*     dev containers) can't read the per-launch nonce or runtime URL.
+*   - `flag: "wx"` (O_CREAT | O_EXCL | O_WRONLY) refuses to overwrite
+*     an existing path. POSIX open(2) with O_EXCL also rejects
+*     pre-placed symlinks, killing the symlink-clobber attack vector.
+*   - The caller's responsibility to pick a path NOT yet in use.
+*     We intentionally do NOT pre-unlink: an `lstat` + `unlink` +
+*     `open(O_EXCL)` sequence still has a TOCTOU window where an
+*     attacker can drop a symlink between unlink and open. Letting
+*     `wx` fail is the safer behavior — surfaces the conflict
+*     instead of silently following.
+*/
+async function writeRuntimeFileSecure(filePath, content) {
+	await fs.writeFile(filePath, content, {
+		mode: 384,
+		flag: "wx"
+	});
+}
+/**
+* Sweep stale runtime tempfiles. Removes files whose embedded PID is no
+* longer a live process. A proxy crash (`kill -9`, OS reboot) leaves
+* orphans that would otherwise accumulate forever — and worse, a stale
+* config pointing at a now-recycled port could route MCP traffic to
+* whatever process bound that port next.
+*
+* Naming convention: `peer-mcp-<pid>.json` and `peer-agents-<pid>.json`.
+* Files not matching either pattern are left alone — this directory
+* is shared with future runtime artifacts.
+*
+* We deliberately do NOT age-prune files whose PID is alive. A
+* legitimately long-running proxy can have a tempfile older than any
+* arbitrary threshold; deleting it out from under the live process
+* breaks the spawned Claude Code child's MCP/agent wiring with no clean
+* recovery. PID-wraparound risk is mitigated by (a) PID reuse on Linux
+* being slow under typical loads, and (b) the file is only consulted by
+* github-router itself — an unrelated process that inherits the PID
+* never reads it.
+*/
+async function sweepStaleRuntimeFiles() {
+	const dir = PATHS.CLAUDE_RUNTIME_DIR;
+	let entries;
+	try {
+		entries = await fs.readdir(dir);
+	} catch (err) {
+		if (err.code === "ENOENT") return;
+		throw err;
+	}
+	for (const name$1 of entries) {
+		const match = /^peer-(?:mcp|agents)-(\d+)(?:-[0-9a-f]+)?\.json$/.exec(name$1);
+		if (!match) continue;
+		const pid = Number.parseInt(match[1], 10);
+		const filePath = path.join(dir, name$1);
+		if (isPidAlive(pid)) continue;
+		await fs.unlink(filePath).catch(() => {});
+	}
+}
+function isPidAlive(pid) {
+	if (!Number.isInteger(pid) || pid <= 0) return false;
+	try {
+		process.kill(pid, 0);
+		return true;
+	} catch (err) {
+		if (err.code === "EPERM") return true;
+		return false;
+	}
+}
+/**
+* Sweep stale peer-* subagent .md files from `~/.claude/agents/`. Phase
+* 2.5 writes one .md per peer agent into the canonical agents directory
+* so they appear in Claude Code's Task `subagent_type` enum. Files are
+* named `peer-<pid>-<rand>-<agentName>.md` so this sweep can drop
+* orphans from crashed prior proxy sessions without touching the user's
+* own .md files.
+*
+* Same liveness rule as `sweepStaleRuntimeFiles`: only delete when the
+* file's embedded PID is no longer alive. Live PIDs keep their files —
+* a long-running proxy doesn't lose its agent registrations.
+*
+* Regex tightening (Phase 2.6, codex-critic + gemini-critic 2-lab finding):
+* the original sweep regex `^peer-(\d+)(?:-[0-9a-f]+)?-.+\.md$` was too
+* permissive — a user-authored `peer-12345-meeting-notes.md` matches
+* (`12345` = "PID", `-meeting-notes` = trailing `.+`) and would be
+* silently unlinked when 12345 happens to be a dead PID (overwhelmingly
+* likely). Tightened to require BOTH the 8-hex-char random suffix AND
+* an exact-match persona name suffix, eliminating the risk for any
+* realistic user filename.
+*/
+async function sweepStalePeerAgentMdFiles() {
+	const dir = path.join(os.homedir(), ".claude", "agents");
+	let entries;
+	try {
+		entries = await fs.readdir(dir);
+	} catch (err) {
+		if (err.code === "ENOENT") return;
+		throw err;
+	}
+	for (const name$1 of entries) {
+		const match = PEER_AGENT_MD_FILENAME.exec(name$1);
+		if (!match) continue;
+		if (isPidAlive(Number.parseInt(match[1], 10))) continue;
+		await fs.unlink(path.join(dir, name$1)).catch(() => {});
+	}
+}
+/**
+* Strict regex matching only files this proxy writes:
+*   peer-<pid>-<8 hex>-<exact persona/coordinator name>.md
+* The persona-name allowlist is the load-bearing protection against
+* deleting user files. Update this list whenever a new persona is added
+* to `PERSONAS_READ` / `PERSONAS_WRITE` in `peer-mcp-personas.ts` or a
+* new coordinator-style agent is added in `codex-mcp-config.ts`.
+*/
+const PEER_AGENT_MD_FILENAME = /^peer-(\d+)-[0-9a-f]{8}-(?:codex-critic|codex-reviewer|gemini-critic|codex-implementer|peer-review-coordinator)\.md$/;
 
 //#endregion
 //#region src/lib/state.ts
@@ -68,17 +206,17 @@ const DEFAULT_COPILOT_VERSION = "0.43.2026033101";
 function copilotVersion(state$1) {
 	return state$1.copilotVersion ?? DEFAULT_COPILOT_VERSION;
 }
-const API_VERSION = "2025-10-01";
+const API_VERSION = "2026-01-09";
 const copilotBaseUrl = (state$1) => state$1.copilotApiUrl ?? "https://api.githubcopilot.com";
 const copilotHeaders = (state$1, vision = false, integrationId = "vscode-chat") => {
-	const version = copilotVersion(state$1);
+	const version$1 = copilotVersion(state$1);
 	const headers = {
 		Authorization: `Bearer ${state$1.copilotToken}`,
 		"content-type": standardHeaders()["content-type"],
 		"copilot-integration-id": integrationId,
 		"editor-version": `vscode/${state$1.vsCodeVersion}`,
-		"editor-plugin-version": `copilot-chat/${version}`,
-		"user-agent": `GitHubCopilotChat/${version}`,
+		"editor-plugin-version": `copilot-chat/${version$1}`,
+		"user-agent": `GitHubCopilotChat/${version$1}`,
 		"openai-intent": "conversation-panel",
 		"x-interaction-type": "conversation-panel",
 		"x-github-api-version": API_VERSION,
@@ -114,7 +252,7 @@ var HTTPError = class extends Error {
 	}
 };
 async function forwardError(c, error) {
-	consola.error("Error occurred:", error);
+	consola.error(`Error occurred at ${c.req.path}:`, error);
 	if (error instanceof HTTPError) {
 		const errorText = await error.response.text().catch(() => "");
 		let errorJson;
@@ -123,6 +261,17 @@ async function forwardError(c, error) {
 		} catch {
 			errorJson = void 0;
 		}
+		if (isContextOverflow(error.response.status, errorJson, errorText)) {
+			const upstream = resolveErrorMessage(errorJson, errorText);
+			consola.error("HTTP error (mapped to overflow):", errorJson ?? errorText);
+			return c.json({
+				type: "error",
+				error: {
+					type: "invalid_request_error",
+					message: `prompt is too long: ${upstream}`
+				}
+			}, 400);
+		}
 		if (isAnthropicError(errorJson)) {
 			consola.error("HTTP error:", errorJson);
 			return c.json(errorJson, error.response.status);
@@ -167,6 +316,29 @@ function isAnthropicError(json) {
 	const inner = record.error;
 	return typeof inner.type === "string" && typeof inner.message === "string";
 }
+const CONTEXT_OVERFLOW_SUBSTRINGS = [
+	"prompt is too long",
+	"context_length_exceeded",
+	"context length exceeded",
+	"input is too long",
+	"maximum context length",
+	"too many tokens"
+];
+/**
+* Detect upstream context-overflow errors so we can remap them to a 400
+* "prompt is too long" shape that triggers Claude Code self-compaction.
+*
+* Always remaps 413 (treated as a hard payload-size signal regardless of
+* body wording). Remaps 400 only when the error text contains one of the
+* known overflow substrings — a regular 400 (e.g. "model not found") must
+* NOT remap.
+*/
+function isContextOverflow(status, errorJson, errorText) {
+	if (status === 413) return true;
+	if (status !== 400) return false;
+	const haystack = (errorText + " " + (typeof errorJson === "object" && errorJson !== null ? JSON.stringify(errorJson) : "")).toLowerCase();
+	return CONTEXT_OVERFLOW_SUBSTRINGS.some((s) => haystack.includes(s));
+}
 /**
 * Map HTTP status to Anthropic error type.
 */
@@ -182,11 +354,35 @@ function resolveErrorType(status) {
 
 //#endregion
 //#region src/services/github/get-copilot-token.ts
+/**
+* Allowlist of hosts the router will trust as the Copilot API base URL.
+* Anything else returned in `endpoints.api` (e.g. via a tampered or
+* misconfigured token-exchange response) is rejected — otherwise a
+* malicious value would receive the long-lived GitHub PAT we send to
+* `/mcp` for web search (see `src/services/copilot/web-search.ts`).
+*/
+const COPILOT_HOST_ALLOWLIST = [
+	"api.githubcopilot.com",
+	"api.individual.githubcopilot.com",
+	"api.business.githubcopilot.com",
+	"api.enterprise.githubcopilot.com"
+];
+function isAllowedCopilotHost(rawUrl) {
+	let parsed;
+	try {
+		parsed = new URL(rawUrl);
+	} catch {
+		return false;
+	}
+	if (parsed.protocol !== "https:") return false;
+	return COPILOT_HOST_ALLOWLIST.includes(parsed.hostname);
+}
 const getCopilotToken = async () => {
 	const response = await fetch(`${GITHUB_API_BASE_URL}/copilot_internal/v2/token`, { headers: githubHeaders(state) });
 	if (!response.ok) throw new HTTPError("Failed to get Copilot token", response);
 	const data = await response.json();
-	if (data.endpoints?.api) state.copilotApiUrl = data.endpoints.api;
+	if (data.endpoints?.api) if (isAllowedCopilotHost(data.endpoints.api)) state.copilotApiUrl = data.endpoints.api;
+	else consola.warn(`Refusing to honor Copilot API endpoint "${data.endpoints.api}" from the token-exchange response — not in allowlist (${COPILOT_HOST_ALLOWLIST.join(", ")}). ` + (state.copilotApiUrl ? `Keeping existing override "${state.copilotApiUrl}".` : `Falling back to the default api.githubcopilot.com.`));
 	return data;
 };
 
@@ -297,12 +493,14 @@ const VSCODE_BETA_PREFIXES = [
 * Enabled via --extended-betas flag. Includes all betas confirmed
 * to work with the Copilot API.
 *
-* Notably absent: output-128k- (Copilot returns 400).
+* Notably absent (Copilot 400s on these — verified live):
+*   context-1m-, skills-, files-api-, code-execution-, output-128k-.
+* 1M context is unlocked by selecting `claude-opus-4.7-1m-internal`
+* as the model id, not via a beta header.
 */
 const EXTENDED_BETA_PREFIXES = [
 	...VSCODE_BETA_PREFIXES,
 	"claude-code-",
-	"context-1m-",
 	"effort-",
 	"prompt-caching-",
 	"computer-use-",
@@ -312,10 +510,8 @@ const EXTENDED_BETA_PREFIXES = [
 	"compact-",
 	"structured-outputs-",
 	"fast-mode-",
-	"skills-",
 	"mcp-client-",
 	"mcp-servers-",
-	"files-api-",
 	"redact-thinking-",
 	"web-search-"
 ];
@@ -355,7 +551,10 @@ function resolveModel(modelId) {
 	const ciMatch = models.find((m) => m.id.toLowerCase() === lower);
 	if (ciMatch) return ciMatch.id;
 	if (lower.includes("opus")) {
-		const oneM = models.find((m) => m.id.includes("opus") && m.id.endsWith("-1m"));
+		const oneMs = models.filter((m) => m.id.includes("opus") && /-1m(?:$|-)/.test(m.id));
+		const versionMatch = lower.match(/opus-(\d+)[.-](\d+)/);
+		const requestedVersion = versionMatch ? `${versionMatch[1]}.${versionMatch[2]}` : void 0;
+		const oneM = (requestedVersion ? oneMs.find((m) => m.id.includes(`opus-${requestedVersion}-`)) : void 0) ?? oneMs[0];
 		if (oneM) return oneM.id;
 	}
 	if (lower.includes("codex")) {
@@ -380,13 +579,19 @@ function resolveCodexModel(modelId) {
 	const models = state.models?.data;
 	if (!models) return resolved;
 	if (models.some((m) => m.id === resolved)) return resolved;
-	const codexModels = models.filter((m) => {
+	const candidates = models.filter((m) => {
 		const endpoints = m.supported_endpoints ?? [];
-		return m.id.includes("codex") && !m.id.includes("mini") && (endpoints.length === 0 || endpoints.includes("/responses"));
+		if (m.id.includes("mini") || m.id.includes("nano")) return false;
+		return endpoints.length === 0 || endpoints.includes("/responses");
 	});
-	if (codexModels.length > 0) {
-		codexModels.sort((a, b) => b.id.localeCompare(a.id));
-		const best = codexModels[0].id;
+	if (candidates.length > 0) {
+		candidates.sort((a, b) => {
+			const aCodex = a.id.includes("codex") ? 1 : 0;
+			const bCodex = b.id.includes("codex") ? 1 : 0;
+			if (aCodex !== bCodex) return bCodex - aCodex;
+			return b.id.localeCompare(a.id);
+		});
+		const best = candidates[0].id;
 		consola.warn(`Model "${modelId}" not available, using "${best}" instead`);
 		return best;
 	}
@@ -401,9 +606,9 @@ const cacheVSCodeVersion = async () => {
 	consola.info(`Using VSCode version: ${response}`);
 };
 const cacheCopilotVersion = async () => {
-	const version = await getCopilotChatVersion();
-	state.copilotVersion = version;
-	consola.info(`Using Copilot Chat version: ${version}`);
+	const version$1 = await getCopilotChatVersion();
+	state.copilotVersion = version$1;
+	consola.info(`Using Copilot Chat version: ${version$1}`);
 };
 
 //#endregion
@@ -448,18 +653,62 @@ const setupCopilotToken = async () => {
 	consola.debug("GitHub Copilot Token fetched successfully!");
 	if (state.showToken) consola.info("Copilot token:", token);
 	const refreshInterval = Math.max((refresh_in - 60) * 1e3, 1e3);
-	setInterval(async () => {
-		consola.debug("Refreshing Copilot token");
+	setInterval(() => {
+		refreshCopilotToken("interval");
+	}, refreshInterval);
+};
+let inflightRefresh;
+let lastRefreshSuccess = 0;
+let lastRefreshFailure = 0;
+const REFRESH_SUCCESS_COOLDOWN_MS = 3e4;
+const REFRESH_FAILURE_COOLDOWN_MS = 5e3;
+async function refreshCopilotToken(reason) {
+	if (inflightRefresh) return inflightRefresh;
+	if (reason === "401-retry") {
+		const now = Date.now();
+		if (now - lastRefreshSuccess < REFRESH_SUCCESS_COOLDOWN_MS) {
+			consola.debug(`refreshCopilotToken(${reason}) skipped: prior success within ${REFRESH_SUCCESS_COOLDOWN_MS}ms`);
+			return;
+		}
+		if (now - lastRefreshFailure < REFRESH_FAILURE_COOLDOWN_MS) {
+			consola.debug(`refreshCopilotToken(${reason}) skipped: prior failure within ${REFRESH_FAILURE_COOLDOWN_MS}ms`);
+			return;
+		}
+	}
+	inflightRefresh = (async () => {
+		consola.debug(`Refreshing Copilot token (reason=${reason})`);
 		try {
-			const { token: token$1 } = await getCopilotToken();
-			state.copilotToken = token$1;
+			const { token } = await getCopilotToken();
+			state.copilotToken = token;
+			lastRefreshSuccess = Date.now();
 			consola.debug("Copilot token refreshed");
-			if (state.showToken) consola.info("Refreshed Copilot token:", token$1);
+			if (state.showToken) consola.info("Refreshed Copilot token:", token);
 		} catch (error) {
-			consola.error("Failed to refresh Copilot token:", error);
+			lastRefreshFailure = Date.now();
+			consola.error(`Failed to refresh Copilot token (reason=${reason}):`, error);
+		} finally {
+			inflightRefresh = void 0;
 		}
-	}, refreshInterval);
-};
+	})();
+	return inflightRefresh;
+}
+/**
+* Try `request()`. If it returns a 401, refresh the Copilot token (subject
+* to the single-flight + refresh-storm-protection of `refreshCopilotToken`)
+* and retry once. After one retry, propagate whatever the second attempt
+* returned — the caller's existing 401-handling path is preserved.
+*
+* The `request` callback is responsible for capturing `state.copilotToken`
+* locally before any await; this helper does NOT re-build the request
+* itself, just re-invokes the callback after a refresh.
+*/
+async function tryRefreshAndRetry(request, routePath) {
+	const first = await request();
+	if (first.status !== 401) return first;
+	consola.warn(`${routePath}: upstream returned 401, attempting one token refresh + retry`);
+	await refreshCopilotToken("401-retry");
+	return request();
+}
 async function setupGitHubToken(options) {
 	try {
 		const githubToken = await readGithubToken();
@@ -555,13 +804,13 @@ const checkUsage = defineCommand({
 			const premiumUsed = premiumTotal - premium.remaining;
 			const premiumPercentUsed = premiumTotal > 0 ? premiumUsed / premiumTotal * 100 : 0;
 			const premiumPercentRemaining = premium.percent_remaining;
-			function summarizeQuota(name, snap) {
-				if (!snap) return `${name}: N/A`;
+			function summarizeQuota(name$1, snap) {
+				if (!snap) return `${name$1}: N/A`;
 				const total = snap.entitlement;
 				const used = total - snap.remaining;
 				const percentUsed = total > 0 ? used / total * 100 : 0;
 				const percentRemaining = snap.percent_remaining;
-				return `${name}: ${used}/${total} used (${percentUsed.toFixed(1)}% used, ${percentRemaining.toFixed(1)}% remaining)`;
+				return `${name$1}: ${used}/${total} used (${percentUsed.toFixed(1)}% used, ${percentRemaining.toFixed(1)}% remaining)`;
 			}
 			const premiumLine = `Premium: ${premiumUsed}/${premiumTotal} used (${premiumPercentUsed.toFixed(1)}% used, ${premiumPercentRemaining.toFixed(1)}% remaining)`;
 			const chatLine = summarizeQuota("Chat", usage.quota_snapshots.chat);
@@ -575,140 +824,193 @@ const checkUsage = defineCommand({
 });
 
 //#endregion
-//#region src/lib/file-log-reporter.ts
-const MAX_LOG_BYTES = 1024 * 1024;
-const DEDUP_MAX = 1e3;
-const ARG_MAX_LEN = 2048;
-const DEDUP_KEY_MAX_LEN = 200;
-const CREDENTIAL_RE = /\b(eyJ[A-Za-z0-9_-]{20,}(?:\.[A-Za-z0-9_-]+){0,2}|gh[opsu]_[A-Za-z0-9_]{20,}|Bearer\s+\S{20,})\b/g;
-const ALLOWED_TYPES = new Set([
-	"fatal",
-	"error",
-	"warn"
-]);
-function sanitize(line) {
-	return line.replace(CREDENTIAL_RE, "[REDACTED]");
-}
-function serializeArg(arg) {
-	if (typeof arg === "string") return arg;
-	if (arg instanceof Error) {
-		const parts = [arg.message];
-		if (arg.stack) parts.push(arg.stack);
-		return parts.join("\n");
-	}
-	return String(arg);
-}
-function formatLogLine(logObj) {
-	return sanitize(`${logObj.date.toISOString()} [${(logObj.type ?? "error").toUpperCase()}] ${logObj.args.map((a) => {
-		const s = serializeArg(a);
-		return s.length > ARG_MAX_LEN ? s.slice(0, ARG_MAX_LEN) + "…" : s;
-	}).join(" ").replace(/\r\n|\r|\n/g, "\\n")}\n`);
-}
-function makeDedupeKey(logObj) {
-	const firstArg = logObj.args.length > 0 ? serializeArg(logObj.args[0]) : "";
-	const key = `${logObj.type}:${firstArg}`;
-	return key.length > DEDUP_KEY_MAX_LEN ? key.slice(0, DEDUP_KEY_MAX_LEN) : key;
-}
-function rotateIfNeeded(filePath) {
-	let size;
-	try {
-		size = fs$1.statSync(filePath).size;
-	} catch {
-		return;
-	}
-	if (size <= MAX_LOG_BYTES) return;
-	try {
-		fs$1.renameSync(filePath, filePath + ".1");
-	} catch {}
-}
-var FileLogReporter = class {
-	filePath;
-	seen = /* @__PURE__ */ new Set();
-	writing = false;
-	constructor(filePath) {
-		this.filePath = filePath;
-		rotateIfNeeded(filePath);
-	}
-	log(logObj, _ctx) {
-		if (!ALLOWED_TYPES.has(logObj.type)) return;
-		if (this.writing) return;
-		const key = makeDedupeKey(logObj);
-		if (this.seen.has(key)) return;
-		if (this.seen.size >= DEDUP_MAX) this.seen.clear();
-		this.seen.add(key);
-		const line = formatLogLine(logObj);
-		this.writing = true;
-		try {
-			const fd = fs$1.openSync(this.filePath, "a", 384);
-			fs$1.writeSync(fd, line);
-			fs$1.closeSync(fd);
-		} catch {} finally {
-			this.writing = false;
-		}
-	}
-};
-const nullStream = new Writable({ write(_chunk, _encoding, cb) {
-	cb();
-} });
+//#region src/lib/port.ts
+const DEFAULT_PORT = 8787;
 /**
-* Switch consola to file-only mode for TUI sessions.
-* Removes the terminal reporter and installs a file reporter that
-* persists errors and warnings to disk with dedup and credential scrubbing.
+* Default model for `github-router claude`. The Anthropic-published dashed
+* slug (`claude-opus-4-7`) — NOT the Copilot-internal slug
+* (`claude-opus-4.7-1m-internal`) — because Claude Code 2.1.126's `/model`
+* UI is backed by a hardcoded registry of Anthropic slugs, and an
+* unrecognized slug causes the menu to highlight "Opus 4" with a
+* "Newer version available" hint instead of "Opus 4.7 (1M context)".
 *
-* Also sinks consola's stdout/stderr streams as belt-and-suspenders:
-* even if a terminal reporter is re-added, it cannot write to the terminal.
-* Crash handlers that call process.stderr.write() directly are unaffected.
-* FileLogReporter uses fs.writeSync() directly and is also unaffected.
+* The proxy's `resolveModel` (`src/lib/utils.ts`) translates this to
+* Copilot's `claude-opus-4.7-1m-internal` (enterprise) or
+* `claude-opus-4.7` (Pro+/Business/Max) at request time via the
+* family-preference + version-match branch — round-trip covered by
+* `tests/lib-utils.test.ts:154`.
+*
+* `DEFAULT_CLAUDE_MODEL_FALLBACKS` covers major.minor regressions only;
+* 1M↔200K downgrade is handled inside the resolver, so we don't need
+* separate `-1m` entries here.
 */
-function enableFileLogging() {
-	const reporter = new FileLogReporter(PATHS.ERROR_LOG_PATH);
-	consola.options.throttle = 0;
-	consola.setReporters([reporter]);
-	consola.options.stdout = nullStream;
-	consola.options.stderr = nullStream;
-}
-
-//#endregion
-//#region src/lib/port.ts
-const DEFAULT_PORT = 8787;
-const DEFAULT_CODEX_MODEL = "gpt-5.3-codex";
+const DEFAULT_CLAUDE_MODEL = "claude-opus-4-7";
+const DEFAULT_CLAUDE_MODEL_FALLBACKS = ["claude-opus-4-6", "claude-opus-4-5"];
+/**
+* Default model for `github-router codex`. `gpt-5.5` is the new flagship
+* `/responses` model; the fallback chain handles older Copilot tiers where
+* 5.5 hasn't rolled out yet. `resolveCodexModel` provides a final
+* "best available `/responses` model" safety net beyond this list.
+*/
+const DEFAULT_CODEX_MODEL = "gpt-5.5";
+const DEFAULT_CODEX_MODEL_FALLBACKS = [
+	"gpt-5.4",
+	"gpt-5.3-codex",
+	"gpt-5.2-codex"
+];
 const PORT_RANGE_MIN = 11e3;
 const PORT_RANGE_MAX = 65535;
 /** Generate a random port number in the range [11000, 65535]. */
 function generateRandomPort() {
 	return Math.floor(Math.random() * (PORT_RANGE_MAX - PORT_RANGE_MIN + 1)) + PORT_RANGE_MIN;
 }
+function envInt(key, fallback) {
+	const raw = process.env[key];
+	if (!raw) return fallback;
+	if (!/^[0-9]+$/.test(raw.trim())) {
+		consola.warn(`${key}=${JSON.stringify(raw)} is not a non-negative integer; using fallback ${fallback}`);
+		return fallback;
+	}
+	const parsed = Number.parseInt(raw, 10);
+	return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+const UPSTREAM_FETCH_TIMEOUT_MS = envInt("UPSTREAM_FETCH_TIMEOUT_MS", 0);
+const UPSTREAM_INACTIVITY_TIMEOUT_MS = envInt("UPSTREAM_INACTIVITY_TIMEOUT_MS", 3e5);
 
 //#endregion
 //#region src/lib/launch.ts
-function commandExists(name) {
+/**
+* Auth-related env keys we strip from the parent before spawning the
+* child CLI. The proxy provides its own values for everything we care
+* about (ANTHROPIC_BASE_URL, ANTHROPIC_AUTH_TOKEN, OPENAI_BASE_URL,
+* OPENAI_API_KEY, CODEX_HOME, ANTHROPIC_MODEL); for the rest, we want
+* the child to behave as if the user had no parent-env auth at all.
+*
+* Why strip rather than override-with-empty-string:
+*   - Claude Code emits "Auth conflict" warnings whenever both
+*     ANTHROPIC_AUTH_TOKEN and ANTHROPIC_API_KEY are present (regardless
+*     of value, even when both are "dummy"). Stripping API_KEY entirely
+*     suppresses the warning AND prevents an inherited real shell key
+*     from leaking via x-api-key.
+*   - Cloud-provider toggles (CLAUDE_CODE_USE_*) and OAUTH_TOKEN, etc.
+*     are simpler dropped than overridden — a missing env var is
+*     unambiguously falsy/absent in every code path that reads it.
+*/
+const STRIPPED_PARENT_ENV_KEYS = [
+	"ANTHROPIC_API_KEY",
+	"ANTHROPIC_AUTH_TOKEN",
+	"ANTHROPIC_BASE_URL",
+	"ANTHROPIC_CUSTOM_HEADERS",
+	"ANTHROPIC_MODEL",
+	"CLAUDE_CODE_OAUTH_TOKEN",
+	"CLAUDE_CODE_USE_BEDROCK",
+	"CLAUDE_CODE_USE_VERTEX",
+	"CLAUDE_CODE_USE_FOUNDRY",
+	"CLAUDE_CONFIG_DIR",
+	"OPENAI_API_KEY",
+	"OPENAI_BASE_URL",
+	"CODEX_HOME"
+];
+/**
+* Strip auth-related keys from a parent-process env object. The result
+* is suitable to spread into a spawned child's env BEFORE the proxy's
+* explicit overrides, so the proxy is the only source of truth for
+* auth — and stale shell exports can't leak through.
+*/
+function sanitizeParentEnv(parent) {
+	const sanitized = { ...parent };
+	for (const key of STRIPPED_PARENT_ENV_KEYS) delete sanitized[key];
+	return sanitized;
+}
+function commandExists(name$1) {
 	try {
-		execFileSync(process$1.platform === "win32" ? "where.exe" : "which", [name], { stdio: "ignore" });
+		execFileSync(process$1.platform === "win32" ? "where.exe" : "which", [name$1], { stdio: "ignore" });
 		return true;
 	} catch {
 		return false;
 	}
 }
+/**
+* Provider-config flags (`-c model_providers.github_router=...`) that
+* point Codex at our proxy. Extracted from `buildCodexCmd` so the new
+* `codex mcp-server` MCP-config builder can reuse the exact same
+* provider definition — drift between the two paths would silently
+* break the MCP wiring.
+*/
+function buildCodexProviderConfigFlags(serverUrl) {
+	return [
+		"-c",
+		`model_providers.github_router={name="github-router",base_url="${serverUrl}/v1",wire_api="responses",env_key="OPENAI_API_KEY"}`,
+		"-c",
+		"model_provider=github_router"
+	];
+}
+/**
+* Inspect the installed `codex` binary. Used by the codex-MCP wiring
+* in `claude.ts` to gate `--codex-cli`. Codex 0.129.0 introduced the
+* `mcp-server` subcommand; older versions don't expose it, so we
+* downgrade to the HTTP backend with a warning.
+*/
+function getCodexVersion() {
+	if (!commandExists("codex")) return { ok: false };
+	let raw;
+	try {
+		raw = execFileSync("codex", ["--version"], {
+			encoding: "utf8",
+			stdio: [
+				"ignore",
+				"pipe",
+				"ignore"
+			]
+		}).trim();
+	} catch {
+		return { ok: false };
+	}
+	const m = /(\d+)\.(\d+)\.(\d+)/.exec(raw);
+	if (!m) return {
+		ok: false,
+		version: raw
+	};
+	const major = Number.parseInt(m[1], 10);
+	const minor = Number.parseInt(m[2], 10);
+	const version$1 = `${m[1]}.${m[2]}.${m[3]}`;
+	return {
+		ok: major > 0 || major === 0 && minor >= 129,
+		version: version$1
+	};
+}
+/**
+* Codex 0.129.0 broke two things the launcher had been relying on:
+*   (1) `--full-auto` was removed in favor of `--sandbox` + `--ask-for-approval`;
+*       passing it now exits the child immediately with
+*       `error: unexpected argument '--full-auto' found`.
+*   (2) `OPENAI_BASE_URL` is silently ignored — Codex hardcodes
+*       `https://api.openai.com/v1/responses` and 401s out without an
+*       explicit `-c model_providers.<name>.base_url` override.
+*
+* `buildCodexCmd` builds the launch argv that works on Codex 0.129+ while
+* still being compatible with older versions that accept the same flags.
+*/
+function buildCodexCmd(target) {
+	const cmd = ["codex"];
+	if (target.serverUrl) cmd.push(...buildCodexProviderConfigFlags(target.serverUrl));
+	cmd.push("--sandbox", "workspace-write", "--ask-for-approval", "on-request", "-m", target.model ?? DEFAULT_CODEX_MODEL, ...target.extraArgs);
+	return cmd;
+}
 function buildLaunchCommand(target) {
 	return {
 		cmd: target.kind === "claude-code" ? [
 			"claude",
 			"--dangerously-skip-permissions",
 			...target.extraArgs
-		] : [
-			"codex",
-			"--full-auto",
-			"-m",
-			target.model ?? DEFAULT_CODEX_MODEL,
-			...target.extraArgs
-		],
+		] : buildCodexCmd(target),
 		env: {
-			...process$1.env,
+			...sanitizeParentEnv(process$1.env),
 			...target.envVars
 		}
 	};
 }
-function launchChild(target, server$1) {
+function launchChild(target, server$1, options = {}) {
 	const { cmd, env } = buildLaunchCommand(target);
 	const executable = cmd[0];
 	if (!commandExists(executable)) {
@@ -733,6 +1035,7 @@ function launchChild(target, server$1) {
 		consola.error(msg);
 		process$1.stderr.write(msg + "\n");
 		server$1.close(true).catch(() => {});
+		if (options.onShutdown) Promise.resolve(options.onShutdown()).catch(() => {});
 		process$1.exit(1);
 	}
 	let cleaned = false;
@@ -747,6 +1050,9 @@ function launchChild(target, server$1) {
 		try {
 			await server$1.close(true);
 		} catch {}
+		if (options.onShutdown) try {
+			await options.onShutdown();
+		} catch {}
 		clearTimeout(timeout);
 	}
 	function exit(code) {
@@ -769,50 +1075,650 @@ function launchChild(target, server$1) {
 }
 
 //#endregion
-//#region src/lib/model-validation.ts
-const ENDPOINT_ALIASES = {
-	"/chat/completions": "/chat/completions",
-	"/v1/chat/completions": "/chat/completions",
-	"/responses": "/responses",
-	"/v1/responses": "/responses",
-	"/v1/messages": "/v1/messages"
-};
+//#region src/lib/peer-mcp-personas.ts
+const CRITIC_RUBRIC = `
+Apply this grading rubric:
+  - Score 1–5 on three axes:
+      A. assumption-soundness   (are stated assumptions accurate? are unstated ones load-bearing?)
+      B. failure-mode coverage  (which realistic failure modes are unaddressed?)
+      C. alternative-considered (was a meaningfully different approach weighed and rejected with reason?)
+  - If every axis scores ≥ 4, reply with the literal string "no material objection" and stop. Do not invent issues to satisfy this rubric.
+  - Otherwise, the lowest-scoring axis IS your critique. Lead with that single critique; secondary observations may follow as "additional notes".
+
+Reply format (markdown):
+  ## Verdict
+  <"no material objection" OR a one-sentence summary of the load-bearing critique>
+  ## Scores
+  - assumption-soundness: <n>/5
+  - failure-mode coverage: <n>/5
+  - alternative-considered: <n>/5
+  ## Critique
+  <only when at least one axis < 4 — concrete, specific, actionable>
+  ## Additional notes (optional)
+  <secondary observations; omit if none>
+
+Self-reminder (read before every reply):
+  Am I still acting as the adversarial critic per the rubric above?
+  If I just produced agreement, restart and apply the grading rubric instead.
+  Sycophancy is the failure mode I exist to fight; manufactured contrarianism is a different failure of the same shape — do neither.
+`.trim();
+const COLD_START_CONTRACT = `
+Cold-start contract for the lead orchestrator (Opus):
+  When delegating to me, paste a self-contained brief. I have no access to your scrollback, CLAUDE.md, or the project tree. Always include:
+    (a) the artifact under review verbatim (code/diff/plan text),
+    (b) the constraints or "done" criteria,
+    (c) any prior decisions I should not relitigate.
+  If your brief lacks (a), I will reply with a one-line request for the artifact instead of speculating.
+`.trim();
+const CRITIC_BASE = `You are codex-critic, an adversarial reviewer running on gpt-5.5. Your single job is to overcome the lead orchestrator's blind spots — assumptions it didn't notice it was making, failure modes it didn't enumerate, alternatives it didn't consider.
+
+You are NOT a helpful assistant. You are NOT a coach. Sycophancy is the failure mode you exist to fight. Manufactured contrarianism is a different failure of the same shape — silence on good work is a valid and welcome answer.
+
+${COLD_START_CONTRACT}
+
+${CRITIC_RUBRIC}`;
+const GEMINI_CRITIC_BASE = `You are gemini-critic, an adversarial reviewer running on Gemini 3.1 Pro. You exist to provide a second-lab perspective: your training data, RLHF priors, and attention patterns are systematically different from the lead orchestrator's (Opus, Anthropic) and from codex-critic (gpt-5.5, OpenAI). Use that to surface blind spots both miss.
+
+Your strengths the lead may want to draw on:
+  - long-context reasoning over large artifacts (the brief may include >50k tokens of context)
+  - math, proofs, and formally-stated invariants
+  - cross-checking conclusions where codex-critic has already weighed in (the lead may forward you both the artifact and codex-critic's verdict)
+
+You are NOT a helpful assistant. Sycophancy is the failure mode you exist to fight; do not invent issues to look thorough.
+
+${COLD_START_CONTRACT}
+
+${CRITIC_RUBRIC}`;
+const REVIEWER_BASE = `You are codex-reviewer, a line-level code reviewer running on gpt-5.3-codex. You are the code-specialist persona — your job is to read concrete code (diffs, single files, function bodies) and surface bugs, edge cases, security issues, and idiom violations.
+
+You are not a critic-of-architecture. If the brief is a plan or a high-level design, redirect: "this looks like architecture review; consider codex-critic or gemini-critic." Your tool is the magnifying glass, not the wide-angle lens.
+
+${COLD_START_CONTRACT}
+
+Reply format (markdown):
+  ## Summary
+  <one sentence: clean / N findings / blocking issue>
+  ## Findings
+  For each:
+    ### <severity: info | low | medium | high | critical> — <one-line title>
+    - location: <file:line[-line]>
+    - issue: <what's wrong, why it matters in this codebase>
+    - suggested fix: <minimal change OR "needs design discussion">
+  Number the findings if there are more than one. List them in severity-descending order (critical first).
+  If there are zero findings of any severity, reply only with "## Summary\\nClean review — no findings." and stop.
+
+Self-reminder (read before every reply):
+  Am I citing real code at real line numbers in the brief? If a finding doesn't have a concrete file:line citation, drop it.
+  Did I rank the finding's severity by impact-in-this-codebase, not by general-principle?
+  If everything looks fine, say so cleanly — do not pad with stylistic nitpicks.`;
+const IMPLEMENTER_BASE = `You are codex-implementer, a focused implementation specialist running on gpt-5.3-codex with workspace-write access. You execute scoped, well-specified coding tasks end-to-end: read the relevant files, make the change, verify it, report back.
+
+You are not a planner. If the brief is vague or missing acceptance criteria, ask the lead for the missing piece BEFORE editing anything. A wasted edit is worse than a clarifying question.
+
+${COLD_START_CONTRACT}
+
+What "done" looks like for an implementation task:
+  - Exactly the files specified by the brief have been changed (or you reported back why a different scope was needed).
+  - The change is minimal — surrounding cleanup is out of scope unless requested.
+  - You ran the relevant test(s) / typecheck / linter for the touched files and report the results.
+  - The summary you return enumerates each file changed with a one-line description.
+
+Reply format (markdown):
+  ## Status
+  <complete | needs-clarification | blocked>
+  ## Files changed
+  - path/one.ts: <one-line description>
+  - path/two.ts: <one-line description>
+  ## Verification
+  <commands run + outcomes>
+  ## Notes
+  <anything the lead must know to integrate, e.g. follow-ups intentionally not done>
+
+Resilience reminder:
+  If your session terminates abnormally before "Status: complete", the lead will retry once. On recovery, ask the lead to confirm what's already been done before re-applying changes — duplicate edits are worse than a slow restart.`;
+const PERSONAS_READ = Object.freeze([
+	{
+		agentName: "codex-critic",
+		toolNameHttp: "codex_critic",
+		model: "gpt-5.5",
+		endpoint: "/v1/responses",
+		description: "Adversarial second opinion on plans, designs, code, or systems-engineering tradeoffs. Backed by gpt-5.5 (OpenAI) — different model, different training data, different blind spots than Opus. Uses a calibrated 1–5 grading rubric and is allowed to reply 'no material objection' on solid artifacts. **CALL BEFORE: ExitPlanMode for any plan involving >2 files or new architecture; finalizing a major design choice; TeamCreate when the team's task is non-trivial.** **CALL AFTER: any commit touching concurrency, security, or streaming code paths.** If the artifact is large (>20 KB), prefer to break it into 2-4 focused batches and call this tool once per batch IN PARALLEL — each call must complete under the Claude Code MCP per-tool-call ceiling (~150s on v2.1.138 per regression #50289), so monolithic large-artifact calls will time out client-side. Aggregate findings yourself. Always pass: (a) the artifact verbatim, (b) the constraints/'done' criteria, (c) any prior decisions. Optionally pass `effort: 'xhigh'` for explicit deep dives or `effort: 'medium'` for quick sanity checks (default 'high'). The subagent has no access to your scrollback or CLAUDE.md.",
+		baseInstructions: CRITIC_BASE,
+		agentPrompt: "",
+		writeCapable: false,
+		requiresHttp: false
+	},
+	{
+		agentName: "gemini-critic",
+		toolNameHttp: "gemini_critic",
+		model: "gemini-3.1-pro-preview",
+		endpoint: "/v1/chat/completions",
+		description: "Adversarial second opinion from a different lab. Backed by gemini-3.1-pro-preview (Google) — different training data and RLHF priors than Opus AND codex-critic, the strongest blind-spot-buster when the lead wants triangulation across three labs. Use for long-context artifacts (>50k tokens), math/proof-shaped reasoning, or as a tie-breaker after codex-critic has weighed in. **CALL BEFORE: ExitPlanMode for plans where Opus + codex-critic agree (use as triangulation); finalizing irreversible architectural choices.** **CALL AFTER: commits where you want a third-lab cross-check.** If the artifact is large (>100 KB), prefer to break into batches and call in parallel — gemini handles long context well but each per-call MCP wait is still bounded (~150s on v2.1.138). Always pass: (a) the artifact verbatim, (b) the constraints/'done' criteria, (c) any prior decisions. The `effort` parameter is forwarded but may be silently ignored by Copilot's gemini route — gemini-3.x reasoning is largely auto-applied. The subagent has no access to your scrollback or CLAUDE.md.",
+		baseInstructions: GEMINI_CRITIC_BASE,
+		agentPrompt: "",
+		writeCapable: false,
+		requiresHttp: true
+	},
+	{
+		agentName: "codex-reviewer",
+		toolNameHttp: "codex_reviewer",
+		model: "gpt-5.3-codex",
+		endpoint: "/v1/responses",
+		description: "Line-level code review of a specific diff or file. Backed by gpt-5.3-codex (OpenAI) — the code-specialist sibling of gpt-5.5, trained heavily on code-review datasets so it catches different bugs than Opus. Prefer over codex-critic when the artifact is a concrete diff or single file (codex-critic is for plans/designs). **CALL AFTER: any non-trivial commit (>50 lines OR touching critical paths: streaming, auth, concurrency, persistence, security).** **CALL BEFORE: opening a PR or pushing changes a peer would review.** For diffs >20 KB, split by file-group and call once per group in parallel — each per-call wait is bounded (~150s on v2.1.138). Always pass: (a) the diff or file verbatim, (b) the change's intent, (c) test status. Optionally pass `effort: 'xhigh'` when reviewing security-critical code, `effort: 'medium'` for routine reviews (default 'high'). The subagent has no access to your scrollback or CLAUDE.md.",
+		baseInstructions: REVIEWER_BASE,
+		agentPrompt: "",
+		writeCapable: false,
+		requiresHttp: false
+	}
+]);
+const PERSONAS_WRITE = Object.freeze([{
+	agentName: "codex-implementer",
+	toolNameHttp: "codex_implementer",
+	model: "gpt-5.3-codex",
+	endpoint: "/v1/responses",
+	description: "Targeted implementation of a self-contained coding task — actual file edits via Codex's tool-use sandbox. Backed by gpt-5.3-codex with workspace-write access (only registered when --codex-cli is set). Use only when the task has a clear spec and acceptance criteria; for tasks needing iterative tool-use across many files, prefer a Claude teammate (Agent Team). Always pass: (a) the spec, (b) the files in scope, (c) the acceptance criteria. The subagent has no access to your scrollback or CLAUDE.md.",
+	baseInstructions: IMPLEMENTER_BASE,
+	agentPrompt: "",
+	writeCapable: true,
+	requiresHttp: false
+}]);
 /**
-* Check whether a model supports the given endpoint, based on cached
-* `supported_endpoints` metadata from the Copilot `/models` response.
+* Build the agent-prompt body Claude Code uses as the subagent's full
+* system prompt. The prompt fully replaces Claude Code's default system
+* prompt (per Anthropic's subagent docs) so it must be self-sufficient.
 *
-* Returns `true` (allow) when:
-* - the model is not found in the cache (don't block unknown models)
-* - the model has no `supported_endpoints` field (backward-compat)
-* - the endpoint is listed in `supported_endpoints`
+* Two modes branch on `codexCli`:
+*   - HTTP backend: subagent calls the per-persona tool
+*     `mcp__gh-router-peers__<toolNameHttp>` with `{prompt, context}`;
+*     model + instructions are server-baked.
+*   - codex-cli backend: subagent calls the single
+*     `mcp__codex-cli__codex` tool with `{prompt, model: <persona.model>,
+*     base-instructions: <persona.baseInstructions>}`. Gemini stays on
+*     HTTP regardless because Codex CLI can't run Gemini.
 */
-function modelSupportsEndpoint(modelId, path$1) {
-	const endpoint = ENDPOINT_ALIASES[path$1] ?? path$1;
-	const model = state.models?.data.find((m) => m.id === modelId);
-	if (!model) return true;
-	const supported = model.supported_endpoints;
-	if (!supported || supported.length === 0) return true;
-	return supported.includes(endpoint);
+function buildAgentPrompt(persona, opts) {
+	const useStdio = opts.codexCli && !persona.requiresHttp;
+	const toolPath = useStdio ? "mcp__codex-cli__codex" : `mcp__gh-router-peers__${persona.toolNameHttp}`;
+	const invocationBlock = useStdio ? [
+		`Always invoke the \`${toolPath}\` tool with these arguments:`,
+		"  - `prompt`: the lead's brief, copied verbatim",
+		`  - \`model\`: "${persona.model}"`,
+		"  - `base-instructions`: the persona text below (paste verbatim, do not paraphrase)",
+		...persona.writeCapable ? ["  - `sandbox`: \"workspace-write\"", "  - `approval-policy`: \"on-request\""] : ["  - `sandbox`: \"read-only\""]
+	].join("\n") : [
+		`Always invoke the \`${toolPath}\` tool with these arguments:`,
+		"  - `prompt`: the lead's brief, copied verbatim",
+		"  - `context` (optional): any additional file/diff content the persona needs",
+		"Do NOT pass model or instructions — they are server-baked into this tool."
+	].join("\n");
+	return [
+		`# Subagent: ${persona.agentName}`,
+		"",
+		persona.baseInstructions,
+		"",
+		"---",
+		"",
+		"## Routing instructions for this subagent",
+		"",
+		invocationBlock,
+		"",
+		"When the tool returns, surface its output to the lead verbatim. Do not summarize, paraphrase, or add your own commentary on top — the lead integrates the persona's reply directly."
+	].join("\n");
+}
+/** Convenience: every persona that should be registered for the given mode. */
+function personasFor(opts) {
+	const result = [];
+	for (const p of PERSONAS_READ) {
+		if (p.requiresHttp && !opts.geminiAvailable) continue;
+		result.push(p);
+	}
+	if (opts.codexCli) for (const p of PERSONAS_WRITE) result.push(p);
+	return result;
 }
+
+//#endregion
+//#region src/lib/codex-mcp-config.ts
 /**
-* Log an error when a model is used on an endpoint it doesn't support.
-* Returns `true` if a mismatch was detected (for testing).
+* Decide which MCP backend serves the codex personas.
+*
+*   - User passed `--codex-cli` AND codex 0.129+ is on PATH → "cli".
+*     The peer config registers `codex-cli` as a stdio MCP server
+*     spawning `codex mcp-server`; codex personas route there;
+*     gemini-critic stays on the HTTP backend (Codex CLI can't run
+*     Gemini).
+*   - User passed `--codex-cli` but codex is missing or < 0.129 →
+*     fallback to "http" with a warning. Never break
+*     `github-router claude` over a missing optional dep.
+*   - User did not pass `--codex-cli` → "http", read-only personas only.
 */
-function logEndpointMismatch(modelId, path$1) {
-	if (modelSupportsEndpoint(modelId, path$1)) return false;
-	const supported = (state.models?.data.find((m) => m.id === modelId))?.supported_endpoints ?? [];
-	consola.error(`Model "${modelId}" does not support ${path$1}. Supported endpoints: ${supported.join(", ")}`);
-	return true;
+function resolveCodexCliBackend(opts) {
+	if (!opts.requested) return "http";
+	if (!opts.codexInfo || !opts.codexInfo.ok) {
+		const detail = opts.codexInfo?.version ? `installed version "${opts.codexInfo.version}" is too old (need 0.129+)` : "codex CLI not found on PATH";
+		consola.warn(`--codex-cli requested but ${detail}; falling back to HTTP-only Codex MCP backend (codex-implementer will not be registered).`);
+		return "http";
+	}
+	return "cli";
 }
 /**
-* Return model IDs that support the given endpoint.
+* Build the JSON payload for `claude --mcp-config <path>`.
+*
+* Always registers `gh-router-peers` (HTTP) — that's the home of all
+* read-only personas, and it's the only path Gemini can take. When
+* `codexCli` is true, also registers `codex-cli` (stdio) which spawns
+* `codex mcp-server` with the proxy's provider-config flags so codex
+* runs through our Copilot-routed billing path rather than its
+* default api.openai.com.
 */
-function listModelsForEndpoint(path$1) {
-	const endpoint = ENDPOINT_ALIASES[path$1] ?? path$1;
-	return (state.models?.data ?? []).filter((m) => {
-		const supported = m.supported_endpoints;
-		if (!supported || supported.length === 0) return true;
-		return supported.includes(endpoint);
+function buildPeerMcpConfig(serverUrl, opts) {
+	const mcpServers = { "gh-router-peers": {
+		type: "http",
+		url: `${serverUrl}/mcp`,
+		headers: { Authorization: `Bearer ${opts.nonce}` }
+	} };
+	if (opts.codexCli) mcpServers["codex-cli"] = {
+		command: "codex",
+		args: ["mcp-server", ...buildCodexProviderConfigFlags(serverUrl)],
+		env: {
+			OPENAI_BASE_URL: `${serverUrl}/v1`,
+			OPENAI_API_KEY: "dummy",
+			CODEX_HOME: opts.codexHome
+		}
+	};
+	return { mcpServers };
+}
+/**
+* The `peer-review-coordinator` Claude Code subagent — the strongest
+* auto-invocation lever per Phase 2A of the peer-MCP plan. It is NOT a
+* peer-MCP tool; it is a regular Claude Code subagent that runs inside
+* the spawned-claude context, has tool access to the peer MCP tools
+* (codex_critic, codex_reviewer, gemini_critic), and fans out + aggregates.
+*
+* The "use proactively" phrase in the description is the documented Claude
+* Code idiom for subagents the parent (Opus) should delegate to without
+* explicit user request — at the natural checkpoints listed below.
+*
+* Empirically the polling-loop reliability for "use proactively" is ~60%
+* (claude-code-guide expert estimate); the plan calls for an acceptance
+* test (≥7/10 sessions delegate at the right checkpoints) before declaring
+* "auto-invoked". If <7/10 we flip the optional PreToolUse hook on
+* ExitPlanMode to default-on (env-disable-able).
+*/
+function buildCoordinatorAgent(opts) {
+	const peers = ["codex-critic"];
+	if (opts.geminiAvailable) peers.push("gemini-critic");
+	peers.push("codex-reviewer");
+	return {
+		description: "Coordinates cross-lab adversarial review. **Use proactively before ExitPlanMode for non-trivial plans and after non-trivial commits** (>50 lines OR touching streaming/auth/concurrency/persistence/security). Routes to codex-critic / codex-reviewer / gemini-critic in parallel based on artifact type and aggregates findings. Cheaper than calling each peer manually for the common case where you want a multi-lab triangulation. The subagent has no access to your scrollback or CLAUDE.md — pass the artifact verbatim.",
+		prompt: [
+			"# Subagent: peer-review-coordinator",
+			"",
+			"You orchestrate cross-lab adversarial review for the lead orchestrator (Opus). You have access to these peer-MCP subagents:",
+			"",
+			peers.map((p) => `- \`${p}\``).join("\n"),
+			"",
+			"## When the lead invokes you",
+			"",
+			"The lead's brief will include an artifact (plan, design, diff, or code) and a goal (e.g. 'review before exit-plan', 'review the commit I just made', 'cross-check codex-critic's verdict'). Pick the right peers for the artifact type:",
+			"",
+			"- **Plan / design / architecture choice** → fan out to `codex-critic`" + (opts.geminiAvailable ? " AND `gemini-critic` in parallel" : "") + ". codex-reviewer is the wrong tool for plans (it's a code-specialist, not an architecture critic).",
+			"- **Concrete diff or single file** → fan out to `codex-reviewer`" + (opts.geminiAvailable ? " AND `gemini-critic` (gemini for cross-lab triangulation)" : "") + ". For very small changes (<20 lines), one `codex-reviewer` call is enough.",
+			"- **Tie-breaker after codex-critic has weighed in** → call `gemini-critic`" + (opts.geminiAvailable ? "" : " (NOT REGISTERED in this session — gemini-3.x not in catalog; tie-break unavailable)") + " with the artifact AND codex-critic's verdict for cross-lab cross-check.",
+			"- **Long-context artifact (>100 KB)** → prefer `gemini-critic`" + (opts.geminiAvailable ? "" : " (NOT REGISTERED in this session)") + ". Otherwise, decompose into 2-4 batches and fan out across `codex-critic` calls in parallel.",
+			"",
+			"## Decomposition for large artifacts",
+			"",
+			"Each per-call MCP wait is bounded (~150s on Claude Code v2.1.138 per regression #50289). For artifacts >20 KB, split into 2-4 logical batches BY CONCERN (not by raw size — semantic batches give better per-batch reviews) and call peers in parallel. The proxy's MCP cap allows up to 8 in-flight calls. Aggregate findings yourself before reporting back.",
+			"",
+			"## Aggregation contract",
+			"",
+			"When fan-out completes, return a SEVERITY-GROUPED, DEDUPLICATED finding list. Format:",
+			"",
+			"  ## Findings",
+			"  ### HIGH",
+			"  1. <one-line title> — `<file:line>` — sources: codex-critic, gemini-critic (3-lab confirmed if applicable)",
+			"     - bug: <one sentence>",
+			"     - mitigation: <one sentence>",
+			"  ### MEDIUM",
+			"  ...",
+			"  ### LOW",
+			"  ...",
+			"",
+			"Cite which peer raised each finding. If two or more peers raised the SAME finding (cross-lab confirmation), call it out — those are the highest-confidence bugs.",
+			"",
+			"## What NOT to do",
+			"",
+			"- Do not paraphrase or summarize per-peer verdicts BEFORE aggregating; aggregate from the raw verdicts.",
+			"- Do not invent severity labels not present in the source verdicts.",
+			"- Do not call peers serially (waste of wall-clock); always fan out in parallel.",
+			"- Do not consult yourself — you are the coordinator, not a critic.",
+			"",
+			"Self-reminder (read before every reply):",
+			"  Did I fan out in parallel to the right peers for this artifact type?",
+			"  Did I aggregate findings by severity, citing which peer raised each?",
+			"  If two peers agreed, did I flag the cross-lab confirmation?"
+		].join("\n")
+	};
+}
+/**
+* Build the JSON payload for `claude --agents <path>`.
+*
+* Always includes the read-only personas applicable to the mode (gemini
+* is dropped if absent from the catalog); adds `codex-implementer` only
+* when `codexCli` is true. Always appends the `peer-review-coordinator`
+* meta-subagent — the strongest "use proactively" auto-invocation lever
+* per Phase 2A of the peer-MCP plan.
+*/
+function buildPeerAgentDefinitions(opts) {
+	const out = {};
+	const personas = personasFor({
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable
+	});
+	for (const persona of personas) out[persona.agentName] = {
+		description: persona.description,
+		prompt: buildAgentPrompt(persona, { codexCli: opts.codexCli })
+	};
+	out["peer-review-coordinator"] = buildCoordinatorAgent({
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable
+	});
+	return out;
+}
+/**
+* Default location Claude Code reads subagent .md files from at session
+* startup. Files placed here populate the Task `subagent_type` enum.
+*
+* We pin to the user's `~/.claude/agents/` because `getClaudeCodeEnvVars`
+* sets `CLAUDE_CONFIG_DIR=$HOME/.claude` (the Spawned-CLI auth isolation
+* trick) — the spawned child reads from this exact path.
+*/
+function defaultAgentsDir() {
+	return path.join(os.homedir(), ".claude", "agents");
+}
+/**
+* YAML frontmatter string-escape — sufficient for our use case where
+* descriptions can contain colons, quotes, newlines. Wraps the value
+* in double-quotes and escapes:
+*   - `\` and `"` (canonical YAML)
+*   - `\n`, `\r`, `\t` (whitespace controls — `\r` matters on Windows-edited
+*     literals; strict YAML 1.2 parsers reject raw `\r` in double-quoted
+*     scalars)
+*   - other C0 control chars (\x00-\x08, \x0B, \x0C, \x0E-\x1F) and
+*     DEL (\x7F) — encoded as `\xNN` so the YAML stays valid even if
+*     a future description sources data from an external file
+*
+* NOT a general-purpose YAML serializer; we control the inputs.
+*/
+function escapeYamlString(s) {
+	return `"${s.replace(/\\/g, "\\\\").replace(/"/g, "\\\"").replace(/\n/g, "\\n").replace(/\r/g, "\\r").replace(/\t/g, "\\t").replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, (c) => `\\x${c.charCodeAt(0).toString(16).padStart(2, "0")}`)}"`;
+}
+/**
+* Strict allowlist for subagent names — controls both the YAML
+* frontmatter `name:` field AND the filename suffix. Defense-in-depth:
+* even if a future contributor wires in a dynamic agent name from
+* outside, the validator at the top of `writePeerAgentMdFiles` rejects
+* anything that wouldn't be a safe bare YAML scalar AND a safe path
+* component.
+*/
+const VALID_AGENT_NAME = /^[a-z][a-z0-9-]*$/;
+/** Build a single subagent .md file body (frontmatter + system prompt). */
+function buildAgentMd(spec) {
+	return [
+		"---",
+		`name: ${spec.name}`,
+		`description: ${escapeYamlString(spec.description)}`,
+		"---",
+		"",
+		spec.prompt,
+		""
+	].join("\n");
+}
+/**
+* Write per-launch subagent .md files into the user's `~/.claude/agents/`
+* directory so they appear in Claude Code's Task `subagent_type` enum
+* (which `--agents` JSON files do NOT, per claude-code-guide expert).
+*
+* Filenames follow `peer-<pid>-<rand>-<agentName>.md` so the boot-time
+* sweep (`sweepStalePeerAgentMdFiles` in paths.ts) can drop orphans
+* from crashed prior proxy sessions without touching the user's other
+* `.claude/agents/` files. The `name:` field in the frontmatter is the
+* canonical agent identifier — matching across files would cause Claude
+* Code to (un)deterministically pick one, so concurrent proxies running
+* the same agents need different filenames but resolve to the same
+* agent name (intended — they're the same subagent, just registered
+* twice).
+*
+* Returns the file paths plus a cleanup() that unlinks them.
+*/
+async function writePeerAgentMdFiles(agents, opts) {
+	for (const name$1 of Object.keys(agents)) if (!VALID_AGENT_NAME.test(name$1)) throw new Error(`writePeerAgentMdFiles: invalid agent name ${JSON.stringify(name$1)} — must match ${VALID_AGENT_NAME.source}`);
+	const dir = opts.agentsDir ?? defaultAgentsDir();
+	await fs.mkdir(dir, { recursive: true });
+	const paths = [];
+	try {
+		for (const [name$1, def] of Object.entries(agents)) {
+			const filePath = path.join(dir, `peer-${opts.fileSuffix}-${name$1}.md`);
+			await fs.unlink(filePath).catch(() => {});
+			await writeRuntimeFileSecure(filePath, buildAgentMd({
+				name: name$1,
+				description: def.description,
+				prompt: def.prompt
+			}));
+			paths.push(filePath);
+		}
+	} catch (err) {
+		await Promise.allSettled(paths.map((p) => fs.unlink(p)));
+		throw err;
+	}
+	const cleanup = async () => {
+		await Promise.allSettled(paths.map((p) => fs.unlink(p)));
+	};
+	return {
+		paths,
+		cleanup
+	};
+}
+/**
+* Generate a per-launch nonce, write the MCP config + agents JSON
+* tempfiles under `CLAUDE_RUNTIME_DIR` with mode 0o600 and `O_EXCL`,
+* and return a `cleanup()` to unlink them on shutdown.
+*
+* Filenames are `peer-mcp-<pid>-<rand>.json` and `peer-agents-<pid>-<rand>.json`.
+* The PID prefix is what the boot-time sweep (`sweepStaleRuntimeFiles` in
+* paths.ts) keys off to drop orphans from crashed prior sessions; the
+* random suffix prevents two concurrent calls within the same process
+* from clobbering each other's files (e.g., a proxy that internally
+* relaunches its spawned child without restarting itself).
+*/
+async function writePeerMcpRuntimeFiles(serverUrl, opts) {
+	const nonce = opts.nonce ?? randomBytes(32).toString("hex");
+	const runtimeDir = opts.runtimeDir ?? PATHS.CLAUDE_RUNTIME_DIR;
+	const codexHome = opts.codexHome ?? PATHS.CODEX_HOME;
+	await fs.mkdir(runtimeDir, { recursive: true });
+	if (process.platform !== "win32") await fs.chmod(runtimeDir, 448).catch(() => {});
+	const fileSuffix = `${process.pid}-${randomBytes(4).toString("hex")}`;
+	const mcpConfigPath = path.join(runtimeDir, `peer-mcp-${fileSuffix}.json`);
+	const agentsPath = path.join(runtimeDir, `peer-agents-${fileSuffix}.json`);
+	const mcpConfig = buildPeerMcpConfig(serverUrl, {
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable,
+		nonce,
+		codexHome
+	});
+	const agents = buildPeerAgentDefinitions({
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable,
+		nonce,
+		codexHome
+	});
+	await fs.unlink(mcpConfigPath).catch(() => {});
+	await fs.unlink(agentsPath).catch(() => {});
+	await writeRuntimeFileSecure(mcpConfigPath, JSON.stringify(mcpConfig, null, 2));
+	await writeRuntimeFileSecure(agentsPath, JSON.stringify(agents, null, 2));
+	const mdResult = await writePeerAgentMdFiles(agents, {
+		agentsDir: opts.agentsDir,
+		fileSuffix
+	});
+	const personas = personasFor({
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable
+	});
+	const cleanup = async () => {
+		await Promise.allSettled([
+			fs.unlink(mcpConfigPath),
+			fs.unlink(agentsPath),
+			mdResult.cleanup()
+		]);
+	};
+	return {
+		mcpConfigPath,
+		agentsPath,
+		agentMdPaths: mdResult.paths,
+		nonce,
+		personas,
+		cleanup
+	};
+}
+
+//#endregion
+//#region src/lib/file-log-reporter.ts
+const MAX_LOG_BYTES = 1024 * 1024;
+const DEDUP_MAX = 1e3;
+const ARG_MAX_LEN = 2048;
+const DEDUP_KEY_MAX_LEN = 200;
+const CREDENTIAL_RE = /\b(eyJ[A-Za-z0-9_-]{20,}(?:\.[A-Za-z0-9_-]+){0,2}|gh[opsu]_[A-Za-z0-9_]{20,}|Bearer\s+\S{20,})\b/g;
+const ALLOWED_TYPES = new Set([
+	"fatal",
+	"error",
+	"warn"
+]);
+function sanitize(line) {
+	return line.replace(CREDENTIAL_RE, "[REDACTED]");
+}
+function serializeArg(arg) {
+	if (typeof arg === "string") return arg;
+	if (arg instanceof Error) {
+		const parts = [arg.message];
+		if (arg.stack) parts.push(arg.stack);
+		return parts.join("\n");
+	}
+	return String(arg);
+}
+function formatLogLine(logObj) {
+	return sanitize(`${logObj.date.toISOString()} [${(logObj.type ?? "error").toUpperCase()}] ${logObj.args.map((a) => {
+		const s = serializeArg(a);
+		return s.length > ARG_MAX_LEN ? s.slice(0, ARG_MAX_LEN) + "…" : s;
+	}).join(" ").replace(/\r\n|\r|\n/g, "\\n")}\n`);
+}
+function makeDedupeKey(logObj) {
+	const firstArg = logObj.args.length > 0 ? serializeArg(logObj.args[0]) : "";
+	const key = `${logObj.type}:${firstArg}`;
+	return key.length > DEDUP_KEY_MAX_LEN ? key.slice(0, DEDUP_KEY_MAX_LEN) : key;
+}
+function rotateIfNeeded(filePath) {
+	let size;
+	try {
+		size = fs$1.statSync(filePath).size;
+	} catch {
+		return;
+	}
+	if (size <= MAX_LOG_BYTES) return;
+	try {
+		fs$1.renameSync(filePath, filePath + ".1");
+	} catch {}
+}
+var FileLogReporter = class {
+	filePath;
+	seen = /* @__PURE__ */ new Set();
+	constructor(filePath) {
+		this.filePath = filePath;
+		rotateIfNeeded(filePath);
+	}
+	log(logObj, _ctx) {
+		if (!ALLOWED_TYPES.has(logObj.type)) return;
+		const key = makeDedupeKey(logObj);
+		if (this.seen.has(key)) return;
+		if (this.seen.size >= DEDUP_MAX) this.seen.clear();
+		this.seen.add(key);
+		const line = formatLogLine(logObj);
+		let fd;
+		try {
+			fd = fs$1.openSync(this.filePath, "a", 384);
+			fs$1.writeSync(fd, line);
+		} catch {} finally {
+			if (fd !== void 0) try {
+				fs$1.closeSync(fd);
+			} catch {}
+		}
+	}
+};
+const nullStream = new Writable({ write(_chunk, _encoding, cb) {
+	cb();
+} });
+/**
+* Switch consola to file-only mode for TUI sessions.
+* Removes the terminal reporter and installs a file reporter that
+* persists errors and warnings to disk with dedup and credential scrubbing.
+*
+* Also sinks consola's stdout/stderr streams as belt-and-suspenders:
+* even if a terminal reporter is re-added, it cannot write to the terminal.
+* Crash handlers that call process.stderr.write() directly are unaffected.
+* FileLogReporter uses fs.writeSync() directly and is also unaffected.
+*/
+function enableFileLogging() {
+	const reporter = new FileLogReporter(PATHS.ERROR_LOG_PATH);
+	consola.options.throttle = 0;
+	consola.setReporters([reporter]);
+	consola.options.stdout = nullStream;
+	consola.options.stderr = nullStream;
+}
+
+//#endregion
+//#region src/lib/model-validation.ts
+const ENDPOINT_ALIASES = {
+	"/chat/completions": "/chat/completions",
+	"/v1/chat/completions": "/chat/completions",
+	"/responses": "/responses",
+	"/v1/responses": "/responses",
+	"/v1/messages": "/v1/messages"
+};
+/**
+* Check whether a model supports the given endpoint, based on cached
+* `supported_endpoints` metadata from the Copilot `/models` response.
+*
+* Returns `true` (allow) when:
+* - the model is not found in the cache (don't block unknown models)
+* - the model has no `supported_endpoints` field (backward-compat)
+* - the endpoint is listed in `supported_endpoints`
+*/
+function modelSupportsEndpoint(modelId, path$1) {
+	const endpoint = ENDPOINT_ALIASES[path$1] ?? path$1;
+	const model = state.models?.data.find((m) => m.id === modelId);
+	if (!model) return true;
+	const supported = model.supported_endpoints;
+	if (!supported || supported.length === 0) return true;
+	return supported.includes(endpoint);
+}
+/**
+* Log an error when a model is used on an endpoint it doesn't support.
+* Returns `true` if a mismatch was detected (for testing).
+*/
+function logEndpointMismatch(modelId, path$1) {
+	if (modelSupportsEndpoint(modelId, path$1)) return false;
+	const supported = (state.models?.data.find((m) => m.id === modelId))?.supported_endpoints ?? [];
+	consola.error(`Model "${modelId}" does not support ${path$1}. Supported endpoints: ${supported.join(", ")}`);
+	return true;
+}
+/**
+* Return model IDs that support the given endpoint.
+*/
+function listModelsForEndpoint(path$1) {
+	const endpoint = ENDPOINT_ALIASES[path$1] ?? path$1;
+	return (state.models?.data ?? []).filter((m) => {
+		const supported = m.supported_endpoints;
+		if (!supported || supported.length === 0) return true;
+		return supported.includes(endpoint);
 	}).map((m) => m.id);
 }
 
@@ -862,6 +1768,11 @@ function initProxyFromEnv() {
 	}
 }
 
+//#endregion
+//#region package.json
+var name = "github-router";
+var version = "0.3.18";
+
 //#endregion
 //#region src/lib/approval.ts
 const awaitApproval = async () => {
@@ -870,8 +1781,27 @@ const awaitApproval = async () => {
 
 //#endregion
 //#region src/lib/rate-limit.ts
+const RATE_LIMIT_QUEUE_TIMEOUT_MS = 5e3;
+let rateLimitChain = Promise.resolve();
 async function checkRateLimit(state$1) {
 	if (state$1.rateLimitSeconds === void 0) return;
+	const ticket = { aborted: false };
+	const myTurn = rateLimitChain.then(() => doCheck(state$1, ticket));
+	rateLimitChain = myTurn.catch(() => {});
+	return Promise.race([myTurn, sleep(RATE_LIMIT_QUEUE_TIMEOUT_MS).then(() => {
+		ticket.aborted = true;
+		throw new HTTPError("Rate limit queue wait exceeded", Response.json({
+			type: "error",
+			error: {
+				type: "rate_limit_error",
+				message: `Rate limit queue exceeded ${RATE_LIMIT_QUEUE_TIMEOUT_MS}ms; try again`
+			}
+		}, { status: 429 }));
+	})]);
+}
+async function doCheck(state$1, ticket) {
+	if (state$1.rateLimitSeconds === void 0) return;
+	if (ticket.aborted) return;
 	const now = Date.now();
 	if (!state$1.lastRequestTimestamp) {
 		state$1.lastRequestTimestamp = now;
@@ -890,6 +1820,7 @@ async function checkRateLimit(state$1) {
 	const waitTimeMs = waitTimeSeconds * 1e3;
 	consola.warn(`Rate limit reached. Waiting ${waitTimeSeconds} seconds before proceeding...`);
 	await sleep(waitTimeMs);
+	if (ticket.aborted) return;
 	state$1.lastRequestTimestamp = Date.now();
 	consola.info("Rate limit wait completed, proceeding with request");
 }
@@ -952,6 +1883,169 @@ function detectCapabilityMismatch(info, model) {
 	return err.includes("token") || err.includes("context") || err.includes("too long") || err.includes("max_tokens") || err.includes("prompt is too long");
 }
 
+//#endregion
+//#region src/lib/stream-relay.ts
+const ENCODER$2 = new TextEncoder();
+/**
+* Detect the family of "controller has already closed" errors that Bun and
+* the WHATWG streams runtime throw when an enqueue/close call races with
+* the consumer cancelling its read. These are NOT upstream failures — they
+* mean the client has finished reading (or disconnected) and we should
+* exit pull() quietly without trying to write more bytes or log noise.
+*
+* Bun's wording: `TypeError: Invalid state: Controller is already closed`.
+* Other runtimes use `TypeError: The stream is closing` or
+* `TypeError: This ReadableStream is closed` or include "errored" / "cancelled".
+*/
+function isControllerClosedError(error) {
+	if (!(error instanceof Error)) return false;
+	const msg = error.message.toLowerCase();
+	return msg.includes("controller is already closed") || msg.includes("controller is already errored") || msg.includes("readablestream is closed") || msg.includes("readablestream is already closed") || msg.includes("stream is closing") || msg.includes("stream is already closed") || msg.includes("stream is closed");
+}
+/**
+* Wrap an upstream SSE byte stream so that:
+*   - Backpressure is respected (pull-based; only reads when downstream demands).
+*   - Mid-stream errors (undici "terminated", AbortError, network resets) are
+*     caught, logged with structured context, and converted to a final
+*     Anthropic-shape `event: error` SSE event before the downstream is closed.
+*   - Upstream inactivity (no chunk for `inactivityTimeoutMs`) is treated as a
+*     soft failure that emits an error event rather than hanging forever.
+*   - Consumer cancellation (client disconnects mid-read or finishes early)
+*     is recognized and handled silently — NOT logged as an upstream error,
+*     NOT followed by a futile event:error write that can corrupt the
+*     terminal bytes the client has already buffered.
+*
+* Pre-byte upstream errors (failure on the very first read) are handled by
+* the same code path: an `event: error` SSE event is emitted on a 200
+* response, then the connection is closed. Even if the consumer's SDK
+* silently swallows `event: error`, the immediate close triggers the
+* client's socket-disconnect handler — the user always sees an error
+* string, never a hang.
+*/
+function relayAnthropicStream(body, opts) {
+	const inactivityMs = opts.inactivityTimeoutMs ?? UPSTREAM_INACTIVITY_TIMEOUT_MS;
+	const reader = body.getReader();
+	let bytesRelayed = 0;
+	let upstreamFinished = false;
+	let consumerCancelled = false;
+	const safeClose = (controller) => {
+		try {
+			controller.close();
+		} catch {}
+	};
+	return new ReadableStream({
+		async pull(controller) {
+			if (consumerCancelled || upstreamFinished) {
+				safeClose(controller);
+				return;
+			}
+			try {
+				const result = await readWithInactivityTimeout(reader, inactivityMs);
+				if (consumerCancelled) {
+					safeClose(controller);
+					return;
+				}
+				if (result.done) {
+					if (bytesRelayed === 0) consola.warn(`Upstream returned empty SSE stream at ${opts.routePath}`);
+					upstreamFinished = true;
+					safeClose(controller);
+					return;
+				}
+				if (result.value) {
+					bytesRelayed += result.value.byteLength;
+					try {
+						controller.enqueue(result.value);
+					} catch (enqueueError) {
+						if (isControllerClosedError(enqueueError)) {
+							consumerCancelled = true;
+							return;
+						}
+						throw enqueueError;
+					}
+				}
+			} catch (error) {
+				upstreamFinished = true;
+				if (consumerCancelled) {
+					reader.cancel(error).catch(() => {});
+					safeClose(controller);
+					return;
+				}
+				const errName = error instanceof Error ? error.name : "Error";
+				const errMessage = error instanceof Error ? error.message : String(error);
+				consola.error(`Upstream stream interrupted at ${opts.routePath}: bytes=${bytesRelayed} errType=${errName} message=${JSON.stringify(errMessage)}`);
+				const event = buildAnthropicErrorEvent(errName, errMessage);
+				try {
+					controller.enqueue(ENCODER$2.encode(event));
+				} catch (enqueueError) {
+					if (!isControllerClosedError(enqueueError)) consola.warn(`Could not deliver error event to consumer at ${opts.routePath}: ${enqueueError instanceof Error ? enqueueError.message : String(enqueueError)}`);
+				}
+				reader.cancel(error).catch(() => {});
+				safeClose(controller);
+			}
+		},
+		cancel(reason) {
+			consumerCancelled = true;
+			upstreamFinished = true;
+			reader.cancel(reason).catch(() => {});
+		}
+	});
+}
+async function readWithInactivityTimeout(reader, timeoutMs) {
+	let timeoutHandle;
+	const timeoutPromise = new Promise((_, reject) => {
+		timeoutHandle = setTimeout(() => {
+			reject(Object.assign(/* @__PURE__ */ new Error("upstream_inactive"), { name: "InactivityTimeout" }));
+		}, timeoutMs);
+	});
+	timeoutPromise.catch(() => {});
+	try {
+		return await Promise.race([reader.read(), timeoutPromise]);
+	} finally {
+		if (timeoutHandle !== void 0) clearTimeout(timeoutHandle);
+	}
+}
+/**
+* Build the SSE wire bytes for an Anthropic-format streaming error event.
+* Per Anthropic streaming spec, errors are sent as:
+*   event: error
+*   data: {"type":"error","error":{"type":"...","message":"..."}}
+*/
+function buildAnthropicErrorEvent(errName, errMessage) {
+	const payload = {
+		type: "error",
+		error: {
+			type: classifyStreamError(errName),
+			message: `Upstream stream interrupted: ${errName}: ${errMessage}`
+		}
+	};
+	return `event: error\ndata: ${JSON.stringify(payload)}\n\n`;
+}
+/**
+* Build the SSE wire bytes for an OpenAI-format streaming error event,
+* followed by the `data: [DONE]` terminator that OpenAI clients expect.
+*/
+function buildOpenAIErrorEvent(errName, errMessage) {
+	const payload = { error: {
+		type: classifyStreamError(errName),
+		message: `Upstream stream interrupted: ${errName}: ${errMessage}`
+	} };
+	return `data: ${JSON.stringify(payload)}\n\ndata: [DONE]\n\n`;
+}
+function classifyStreamError(errName) {
+	if (errName === "AbortError") return "timeout_error";
+	if (errName === "InactivityTimeout") return "timeout_error";
+	return "api_error";
+}
+function logStreamError(routePath, error) {
+	const errName = error instanceof Error ? error.name : "Error";
+	const errMessage = error instanceof Error ? error.message : String(error);
+	consola.error(`Upstream stream interrupted at ${routePath}: errType=${errName} message=${JSON.stringify(errMessage)}`);
+	return {
+		errName,
+		errMessage
+	};
+}
+
 //#endregion
 //#region src/lib/tokenizer.ts
 const ENCODING_MAP = {
@@ -1150,20 +2244,29 @@ const getTokenCount = async (payload, model) => {
 
 //#endregion
 //#region src/services/copilot/create-chat-completions.ts
-const createChatCompletions = async (payload, modelHeaders) => {
+const createChatCompletions = async (payload, modelHeaders, callerSignal) => {
 	if (!state.copilotToken) throw new Error("Copilot token not found");
 	const enableVision = payload.messages.some((x) => typeof x.content !== "string" && x.content?.some((x$1) => x$1.type === "image_url"));
 	const isAgentCall = payload.messages.some((msg) => ["assistant", "tool"].includes(msg.role));
-	const headers = {
-		...copilotHeaders(state, enableVision),
-		...modelHeaders,
-		"X-Initiator": isAgentCall ? "agent" : "user"
+	const url = `${copilotBaseUrl(state)}/chat/completions`;
+	const doFetch = () => {
+		const fetchInit = {
+			method: "POST",
+			headers: {
+				...copilotHeaders(state, enableVision),
+				...modelHeaders,
+				"X-Initiator": isAgentCall ? "agent" : "user"
+			},
+			body: JSON.stringify(payload)
+		};
+		const signals = [];
+		if (UPSTREAM_FETCH_TIMEOUT_MS > 0) signals.push(AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS));
+		if (callerSignal) signals.push(callerSignal);
+		if (signals.length === 1) fetchInit.signal = signals[0];
+		else if (signals.length > 1) fetchInit.signal = AbortSignal.any(signals);
+		return fetch(url, fetchInit);
 	};
-	const response = await fetch(`${copilotBaseUrl(state)}/chat/completions`, {
-		method: "POST",
-		headers,
-		body: JSON.stringify(payload)
-	});
+	const response = await tryRefreshAndRetry(doFetch, "/chat/completions");
 	if (!response.ok) {
 		let errorBody = "";
 		try {
@@ -1185,73 +2288,185 @@ const createChatCompletions = async (payload, modelHeaders) => {
 
 //#endregion
 //#region src/services/copilot/web-search.ts
+const RpcSchema = z.object({
+	jsonrpc: z.literal("2.0"),
+	id: z.number().optional(),
+	result: z.object({
+		content: z.array(z.object({
+			type: z.literal("text"),
+			text: z.string()
+		})).optional(),
+		isError: z.boolean().optional()
+	}).optional(),
+	error: z.object({
+		code: z.number(),
+		message: z.string()
+	}).optional()
+});
+const InnerSchema = z.object({
+	text: z.object({
+		value: z.string(),
+		annotations: z.array(z.object({ url_citation: z.object({
+			title: z.string(),
+			url: z.string()
+		}).optional() })).nullable().optional()
+	}),
+	bing_searches: z.array(z.unknown()).nullable().optional()
+});
 const MAX_SEARCHES_PER_SECOND = 3;
 let searchTimestamps = [];
+let throttleChain = Promise.resolve();
 async function throttleSearch() {
-	const now = Date.now();
-	searchTimestamps = searchTimestamps.filter((t) => now - t < 1e3);
-	if (searchTimestamps.length >= MAX_SEARCHES_PER_SECOND) {
-		const waitMs = 1e3 - (now - searchTimestamps[0]);
-		if (waitMs > 0) {
-			consola.debug(`Web search rate limited, waiting ${waitMs}ms`);
-			await sleep(waitMs);
+	const myTurn = throttleChain.then(async () => {
+		const now = Date.now();
+		searchTimestamps = searchTimestamps.filter((t) => now - t < 1e3);
+		if (searchTimestamps.length >= MAX_SEARCHES_PER_SECOND) {
+			const waitMs = 1e3 - (now - searchTimestamps[0]);
+			if (waitMs > 0) {
+				consola.debug(`Web search rate limited, waiting ${waitMs}ms`);
+				await sleep(waitMs);
+			}
 		}
-	}
-	searchTimestamps.push(Date.now());
+		searchTimestamps.push(Date.now());
+	});
+	throttleChain = myTurn.catch(() => {});
+	return myTurn;
 }
-function threadsHeaders() {
-	return copilotHeaders(state, false, "copilot-chat");
+function mcpHeaders(sid) {
+	if (!state.githubToken) throw new Error("GitHub token missing — re-run auth flow. Web search uses the GitHub PAT (not the Copilot token); the on-disk token at ~/.local/share/github-router/github_token must be present.");
+	const headers = {
+		Authorization: `Bearer ${state.githubToken}`,
+		"content-type": "application/json",
+		accept: "application/json, text/event-stream",
+		"X-MCP-Host": "copilot-cli",
+		"X-MCP-Toolsets": "web_search",
+		"Mcp-Protocol-Version": "2025-06-18",
+		"user-agent": `GitHubCopilotChat/${copilotVersion(state)}`
+	};
+	if (sid) headers["Mcp-Session-Id"] = sid;
+	return headers;
 }
-async function createThread() {
-	const response = await fetch(`${copilotBaseUrl(state)}/github/chat/threads`, {
+async function postMcp(body, sid, retry = true) {
+	const url = `${copilotBaseUrl(state)}/mcp`;
+	const res = await fetch(url, {
 		method: "POST",
-		headers: threadsHeaders(),
-		body: JSON.stringify({})
+		headers: mcpHeaders(sid),
+		body: JSON.stringify(body)
 	});
-	if (!response.ok) {
-		consola.error("Failed to create chat thread", response.status);
-		throw new Error(`Failed to create chat thread: ${response.status}`);
+	if (!res.ok && retry && res.status >= 500) {
+		await sleep(500);
+		return postMcp(body, sid, false);
 	}
-	return (await response.json()).thread_id;
-}
-async function sendThreadMessage(threadId, query) {
-	const response = await fetch(`${copilotBaseUrl(state)}/github/chat/threads/${threadId}/messages`, {
-		method: "POST",
-		headers: threadsHeaders(),
-		body: JSON.stringify({
-			content: query,
-			intent: "conversation",
-			skills: ["web-search"],
-			references: []
-		})
-	});
-	if (!response.ok) {
-		consola.error("Failed to send thread message", response.status);
-		throw new Error(`Failed to send thread message: ${response.status}`);
-	}
-	return await response.json();
+	return res;
 }
 async function searchWeb(query) {
-	if (!state.copilotToken) throw new Error("Copilot token not found");
 	await throttleSearch();
-	consola.info(`Web search: "${query.slice(0, 80)}"`);
-	const response = await sendThreadMessage(await createThread(), query);
-	const references = [];
-	for (const ref of response.message.references ?? []) if (ref.results) {
-		for (const result of ref.results) if (result.url && result.reference_type !== "bing_search") references.push({
-			title: result.title,
-			url: result.url
+	consola.info(`Web search (MCP): "${query.slice(0, 80)}"`);
+	const callId = Math.floor(Math.random() * 1e9);
+	let sid;
+	try {
+		const initRes = await postMcp({
+			jsonrpc: "2.0",
+			id: 1,
+			method: "initialize",
+			params: {
+				protocolVersion: "2024-11-05",
+				capabilities: {},
+				clientInfo: {
+					name: "GitHubCopilotChat",
+					version: copilotVersion(state)
+				}
+			}
 		});
+		if (!initRes.ok) {
+			consola.error("MCP initialize failed", initRes.status);
+			throw new HTTPError("MCP initialize failed", initRes);
+		}
+		sid = initRes.headers.get("mcp-session-id") ?? void 0;
+		if (!sid) throw new HTTPError("MCP initialize: missing Mcp-Session-Id header", initRes);
+		const notifRes = await postMcp({
+			jsonrpc: "2.0",
+			method: "notifications/initialized"
+		}, sid);
+		if (!notifRes.ok && notifRes.status !== 202) {
+			consola.error("MCP notifications/initialized failed", notifRes.status);
+			throw new HTTPError("MCP notifications/initialized failed", notifRes);
+		}
+		const callRes = await postMcp({
+			jsonrpc: "2.0",
+			id: callId,
+			method: "tools/call",
+			params: {
+				name: "web_search",
+				arguments: { query }
+			}
+		}, sid);
+		if (!callRes.ok) {
+			consola.error("MCP tools/call failed", callRes.status);
+			throw new HTTPError("MCP tools/call failed", callRes);
+		}
+		let rpc;
+		for await (const ev of events(callRes)) {
+			if (!ev.data) continue;
+			let parsedJson;
+			try {
+				parsedJson = JSON.parse(ev.data);
+			} catch {
+				continue;
+			}
+			const parsed = RpcSchema.safeParse(parsedJson);
+			if (parsed.success && parsed.data.id === callId) {
+				rpc = parsed.data;
+				break;
+			}
+		}
+		if (!rpc) throw new HTTPError("MCP tools/call: no matching response id in SSE stream", callRes);
+		if (rpc.error) throw new HTTPError(`MCP error ${rpc.error.code}: ${rpc.error.message}`, callRes);
+		if (rpc.result?.isError) throw new HTTPError("MCP web_search tool error", callRes);
+		const text = rpc.result?.content?.[0]?.text;
+		if (!text) throw new HTTPError("MCP web_search: empty content", callRes);
+		let innerRaw;
+		try {
+			innerRaw = JSON.parse(text);
+		} catch (err) {
+			throw new HTTPError(`MCP web_search: inner content not JSON: ${err instanceof Error ? err.message : String(err)}`, callRes);
+		}
+		const innerParsed = InnerSchema.safeParse(innerRaw);
+		if (!innerParsed.success) throw new HTTPError(`MCP web_search: inner content shape changed (${innerParsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ")})`, callRes);
+		const inner = innerParsed.data;
+		const references = [];
+		for (const ann of inner.text.annotations ?? []) {
+			const cite = ann.url_citation;
+			if (cite && !cite.url.toLowerCase().includes("bing.com/search")) references.push({
+				title: cite.title,
+				url: cite.url
+			});
+		}
+		consola.debug(`Web search returned ${references.length} references`);
+		return {
+			content: inner.text.value,
+			references
+		};
+	} finally {
+		if (sid) try {
+			fetch(`${copilotBaseUrl(state)}/mcp`, {
+				method: "DELETE",
+				headers: mcpHeaders(sid)
+			}).catch(() => {});
+		} catch {}
 	}
-	consola.debug(`Web search returned ${references.length} references`);
-	return {
-		content: response.message.content,
-		references
-	};
 }
 
 //#endregion
 //#region src/routes/chat-completions/handler.ts
+const ENCODER$1 = new TextEncoder();
+function formatSSE$1(chunk) {
+	const parts = [];
+	if (chunk.event) parts.push(`event: ${chunk.event}`);
+	if (chunk.data !== void 0) for (const line of String(chunk.data).split(/\r\n|\r|\n/)) parts.push(`data: ${line}`);
+	if (chunk.id !== void 0) parts.push(`id: ${String(chunk.id)}`);
+	return parts.join("\n") + "\n\n";
+}
 async function handleCompletion$1(c) {
 	const startTime = Date.now();
 	await checkRateLimit(state);
@@ -1306,89 +2521,608 @@ async function handleCompletion$1(c) {
 		if (debugEnabled) consola.debug("Non-streaming response:", JSON.stringify(response));
 		return c.json(response);
 	}
-	return streamSSE(c, async (stream) => {
-		for await (const chunk of response) {
-			if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(chunk));
-			await stream.writeSSE(chunk);
+	const iterator = response[Symbol.asyncIterator]();
+	const firstResult = await iterator.next();
+	if (firstResult.done) consola.warn(`Upstream /chat/completions returned an empty stream at ${c.req.path}`);
+	let pendingFirstChunk = firstResult.done ? void 0 : firstResult.value;
+	let upstreamFinished = firstResult.done;
+	let consumerCancelled = false;
+	const safeClose = (controller) => {
+		try {
+			controller.close();
+		} catch {}
+	};
+	const releaseUpstream = (reason) => {
+		if (typeof iterator.return === "function") iterator.return(reason).catch(() => {});
+	};
+	const safeEnqueue = (controller, bytes) => {
+		try {
+			controller.enqueue(bytes);
+			return true;
+		} catch (e) {
+			if (isControllerClosedError(e)) {
+				consumerCancelled = true;
+				releaseUpstream(e);
+				return false;
+			}
+			throw e;
+		}
+	};
+	return new Response(new ReadableStream({
+		async pull(controller) {
+			if (consumerCancelled || upstreamFinished) {
+				safeClose(controller);
+				return;
+			}
+			if (pendingFirstChunk !== void 0) {
+				const chunk = pendingFirstChunk;
+				pendingFirstChunk = void 0;
+				if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(chunk));
+				safeEnqueue(controller, ENCODER$1.encode(formatSSE$1(chunk)));
+				return;
+			}
+			try {
+				const result = await iterator.next();
+				if (consumerCancelled) {
+					safeClose(controller);
+					return;
+				}
+				if (result.done) {
+					upstreamFinished = true;
+					safeClose(controller);
+					return;
+				}
+				if (result.value === void 0 || result.value === null) return;
+				if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(result.value));
+				safeEnqueue(controller, ENCODER$1.encode(formatSSE$1(result.value)));
+			} catch (error) {
+				upstreamFinished = true;
+				if (consumerCancelled) {
+					releaseUpstream(error);
+					safeClose(controller);
+					return;
+				}
+				const { errName, errMessage } = logStreamError(c.req.path, error);
+				safeEnqueue(controller, ENCODER$1.encode(buildOpenAIErrorEvent(errName, errMessage)));
+				releaseUpstream(error);
+				safeClose(controller);
+			}
+		},
+		cancel() {
+			consumerCancelled = true;
+			upstreamFinished = true;
+			releaseUpstream();
+		}
+	}), {
+		status: 200,
+		headers: {
+			"content-type": "text/event-stream",
+			"cache-control": "no-cache",
+			"transfer-encoding": "chunked",
+			connection: "keep-alive"
+		}
+	});
+}
+const isNonStreaming$1 = (response) => Object.hasOwn(response, "choices");
+async function injectWebSearchIfNeeded$1(payload) {
+	if (!payload.tools?.some((t) => "type" in t && t.type === "web_search" || t.function?.name === "web_search")) return;
+	const query = payload.messages.some((msg) => msg.role === "tool") ? void 0 : extractUserQuery$2(payload.messages);
+	if (query) try {
+		const results = await searchWeb(query);
+		const searchContext = [
+			"[Web Search Results]",
+			results.content,
+			"",
+			results.references.map((r) => `- [${r.title}](${r.url})`).join("\n"),
+			"[End Web Search Results]"
+		].join("\n");
+		const systemMsg = payload.messages.find((msg) => msg.role === "system");
+		if (systemMsg) systemMsg.content = `${searchContext}\n\n${typeof systemMsg.content === "string" ? systemMsg.content : Array.isArray(systemMsg.content) ? systemMsg.content.filter((p) => p.type === "text").map((p) => "text" in p ? p.text : "").join("\n") : ""}`;
+		else payload.messages.unshift({
+			role: "system",
+			content: searchContext
+		});
+	} catch (error) {
+		consola.warn("Web search failed, continuing without results:", error);
+	}
+	payload.tools = payload.tools?.filter((t) => !("type" in t && t.type === "web_search" || t.function?.name === "web_search"));
+	if (payload.tools?.length === 0) payload.tools = void 0;
+	if (!payload.tools) payload.tool_choice = void 0;
+	else if (payload.tool_choice && typeof payload.tool_choice === "object" && "type" in payload.tool_choice && payload.tool_choice.type === "function") {
+		const toolChoiceName = payload.tool_choice.function?.name;
+		if (toolChoiceName && !payload.tools.some((tool) => tool.function.name === toolChoiceName)) payload.tool_choice = void 0;
+	}
+}
+function extractUserQuery$2(messages) {
+	for (let i = messages.length - 1; i >= 0; i--) {
+		const msg = messages[i];
+		if (msg.role === "user") {
+			if (typeof msg.content === "string") return msg.content;
+			if (Array.isArray(msg.content)) {
+				const text = msg.content.find((p) => p.type === "text");
+				if (text && "text" in text) return text.text;
+			}
+		}
+	}
+}
+
+//#endregion
+//#region src/routes/chat-completions/route.ts
+const completionRoutes = new Hono();
+completionRoutes.post("/", async (c) => {
+	try {
+		return await handleCompletion$1(c);
+	} catch (error) {
+		return await forwardError(c, error);
+	}
+});
+
+//#endregion
+//#region src/services/copilot/create-embeddings.ts
+const createEmbeddings = async (payload) => {
+	if (!state.copilotToken) throw new Error("Copilot token not found");
+	const response = await fetch(`${copilotBaseUrl(state)}/embeddings`, {
+		method: "POST",
+		headers: copilotHeaders(state),
+		body: JSON.stringify(payload)
+	});
+	if (!response.ok) throw new HTTPError("Failed to create embeddings", response);
+	return await response.json();
+};
+
+//#endregion
+//#region src/routes/embeddings/route.ts
+const embeddingRoutes = new Hono();
+embeddingRoutes.post("/", async (c) => {
+	try {
+		const response = await createEmbeddings(await c.req.json());
+		return c.json(response);
+	} catch (error) {
+		return await forwardError(c, error);
+	}
+});
+
+//#endregion
+//#region src/services/copilot/create-responses.ts
+const createResponses = async (payload, modelHeaders, callerSignal) => {
+	if (!state.copilotToken) throw new Error("Copilot token not found");
+	const enableVision = detectVision(payload.input);
+	const isAgentCall = detectAgentCall(payload.input);
+	const url = `${copilotBaseUrl(state)}/responses`;
+	const doFetch = () => {
+		const fetchInit = {
+			method: "POST",
+			headers: {
+				...copilotHeaders(state, enableVision),
+				...modelHeaders,
+				"X-Initiator": isAgentCall ? "agent" : "user"
+			},
+			body: JSON.stringify(payload)
+		};
+		const signals = [];
+		if (UPSTREAM_FETCH_TIMEOUT_MS > 0) signals.push(AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS));
+		if (callerSignal) signals.push(callerSignal);
+		if (signals.length === 1) fetchInit.signal = signals[0];
+		else if (signals.length > 1) fetchInit.signal = AbortSignal.any(signals);
+		return fetch(url, fetchInit);
+	};
+	const response = await tryRefreshAndRetry(doFetch, "/responses");
+	if (!response.ok) {
+		consola.error("Failed to create responses", response);
+		throw new HTTPError("Failed to create responses", response);
+	}
+	if (payload.stream) return events(response);
+	return await response.json();
+};
+function detectVision(input) {
+	if (typeof input === "string") return false;
+	if (!Array.isArray(input)) return false;
+	return input.some((item) => {
+		if ("content" in item && Array.isArray(item.content)) return item.content.some((part) => part.type === "input_image");
+		return false;
+	});
+}
+function detectAgentCall(input) {
+	if (typeof input === "string") return false;
+	if (!Array.isArray(input)) return false;
+	return input.some((item) => {
+		if ("role" in item && item.role === "assistant") return true;
+		if ("type" in item && (item.type === "function_call" || item.type === "function_call_output")) return true;
+		return false;
+	});
+}
+
+//#endregion
+//#region src/routes/mcp/handler.ts
+const MCP_PROTOCOL_VERSION = "2025-06-18";
+const SERVER_NAME = "github-router-peers";
+const SERVER_VERSION = "1";
+/**
+* Reasoning effort levels accepted by Copilot's /v1/responses (gpt-5.x) and
+* /v1/chat/completions endpoints. Per the proxy's existing thinking-mode
+* translator (CLAUDE.md "Thinking-mode translation"), Copilot's adaptive-
+* thinking path uses these same buckets:
+*   <2k tokens → low, <8k → medium, <24k → high, else → xhigh.
+*
+* Default `high` for peer reviews — adversarial-by-design but still cost-
+* conscious. Callers can pass `xhigh` explicitly for deep dives, or `medium`
+* for quick sanity checks.
+*/
+const EFFORT_LEVELS = [
+	"low",
+	"medium",
+	"high",
+	"xhigh"
+];
+const DEFAULT_EFFORT = "high";
+function isEffort(v) {
+	return typeof v === "string" && EFFORT_LEVELS.includes(v);
+}
+/** Bounded concurrency. Originally capped at 2 (commit 4317a25) as a defensive
+*  pre-launch guess against Opus's natural pattern of fanning out to all three
+*  critics at once. Raised to 8 (Phase 2D of the peer-MCP plan) so the
+*  decomposition pattern Phase 2B teaches Opus — "split a >20 KB artifact
+*  into 2-4 batches and call in parallel" — can actually run in parallel
+*  without the (3+)th call returning isError "queue full". The persona
+*  handlers (`callPersona`) hold no shared mutable state — there's no race
+*  the cap is hiding; the upstream Copilot's own rate-limit (surfaced as a
+*  per-call 429 → tool isError) is the real backpressure mechanism. 8 covers
+*  a 7-fork wave with one slot of headroom and is still a hard upper bound
+*  against runaway clients. See docs/research/peer-mcp-investigation.md
+*  § "Concurrency cap investigation" for the full justification.  */
+const MAX_INFLIGHT_TOOLS_CALL = 8;
+let inFlightToolsCall = 0;
+const RPC_PARSE_ERROR = -32700;
+const RPC_INVALID_REQUEST = -32600;
+const RPC_METHOD_NOT_FOUND = -32601;
+const RPC_INVALID_PARAMS = -32602;
+const RPC_INTERNAL_ERROR = -32603;
+function rpcError(id, code, message, data) {
+	return {
+		jsonrpc: "2.0",
+		id: id ?? null,
+		error: data === void 0 ? {
+			code,
+			message
+		} : {
+			code,
+			message,
+			data
+		}
+	};
+}
+function rpcResult(id, result) {
+	return {
+		jsonrpc: "2.0",
+		id: id ?? null,
+		result
+	};
+}
+function isLoopbackHost(host) {
+	if (!host) return false;
+	const idx = host.lastIndexOf(":");
+	const hostname = idx >= 0 ? host.slice(0, idx) : host;
+	return hostname === "127.0.0.1" || hostname === "localhost";
+}
+/**
+* Constant-time bearer compare. Random per-launch nonces aren't really
+* timing-attackable in practice, but this costs nothing.
+*/
+function nonceMatches(provided, expected) {
+	if (provided.length !== expected.length) return false;
+	const a = Buffer.from(provided);
+	const b = Buffer.from(expected);
+	try {
+		return timingSafeEqual(a, b);
+	} catch {
+		return false;
+	}
+}
+function checkAuth(c) {
+	if (!isLoopbackHost(c.req.header("host"))) return {
+		ok: false,
+		status: 403,
+		reason: "non-loopback Host header rejected"
+	};
+	const expected = state.peerMcpNonce;
+	if (!expected) return {
+		ok: false,
+		status: 401,
+		reason: "/mcp not enabled in this proxy session"
+	};
+	const auth$1 = c.req.header("authorization") ?? "";
+	const m = /^Bearer\s+(.+)$/i.exec(auth$1);
+	if (!m || !nonceMatches(m[1], expected)) return {
+		ok: false,
+		status: 401,
+		reason: "missing or invalid Authorization bearer"
+	};
+	return { ok: true };
+}
+function geminiAvailable() {
+	const models = state.models?.data;
+	if (!models) return false;
+	return models.some((m) => /^gemini-3\..*pro/i.test(m.id));
+}
+function activePersonas() {
+	return PERSONAS_READ.filter((p) => !p.requiresHttp || geminiAvailable());
+}
+function toolEntries() {
+	return activePersonas().map((p) => ({
+		name: p.toolNameHttp,
+		description: p.description,
+		inputSchema: {
+			type: "object",
+			required: ["prompt"],
+			additionalProperties: false,
+			properties: {
+				prompt: {
+					type: "string",
+					description: "The lead's brief — the artifact under review plus constraints."
+				},
+				context: {
+					type: "string",
+					description: "Optional additional context (extra file content, prior decisions). Concatenated to the brief before sending."
+				},
+				effort: {
+					type: "string",
+					enum: [...EFFORT_LEVELS],
+					description: `Reasoning depth (low | medium | high | xhigh). Default "${DEFAULT_EFFORT}". Use 'xhigh' for explicit deep dives where you want maximum reasoning. Use 'medium' for quick sanity checks. Note: for non-OpenAI models routed via /v1/chat/completions (gemini-3.x), the upstream may silently ignore this knob.`
+				}
+			}
 		}
-	});
+	}));
 }
-const isNonStreaming$1 = (response) => Object.hasOwn(response, "choices");
-async function injectWebSearchIfNeeded$1(payload) {
-	if (!payload.tools?.some((t) => "type" in t && t.type === "web_search" || t.function?.name === "web_search")) return;
-	const query = payload.messages.some((msg) => msg.role === "tool") ? void 0 : extractUserQuery$2(payload.messages);
-	if (query) try {
-		const results = await searchWeb(query);
-		const searchContext = [
-			"[Web Search Results]",
-			results.content,
-			"",
-			results.references.map((r) => `- [${r.title}](${r.url})`).join("\n"),
-			"[End Web Search Results]"
-		].join("\n");
-		const systemMsg = payload.messages.find((msg) => msg.role === "system");
-		if (systemMsg) systemMsg.content = `${searchContext}\n\n${typeof systemMsg.content === "string" ? systemMsg.content : Array.isArray(systemMsg.content) ? systemMsg.content.filter((p) => p.type === "text").map((p) => "text" in p ? p.text : "").join("\n") : ""}`;
-		else payload.messages.unshift({
+function buildUserText(prompt, context) {
+	if (!context) return prompt;
+	return `${prompt}\n\n---\n\nAdditional context:\n${context}`;
+}
+function extractResponsesText(response) {
+	const out = [];
+	for (const item of response.output) {
+		if (typeof item !== "object" || item === null) continue;
+		const obj = item;
+		if (obj.type !== "message" || obj.role !== "assistant") continue;
+		const content = obj.content;
+		if (!Array.isArray(content)) continue;
+		for (const part of content) {
+			if (typeof part !== "object" || part === null) continue;
+			const p = part;
+			if ((p.type === "output_text" || p.type === "text") && typeof p.text === "string") out.push(p.text);
+		}
+	}
+	return out.join("");
+}
+function extractChatCompletionText(response) {
+	const choice = response.choices?.[0];
+	if (!choice) return "";
+	const c = choice.message?.content;
+	return typeof c === "string" ? c : "";
+}
+function toolError(message) {
+	return {
+		content: [{
+			type: "text",
+			text: message
+		}],
+		isError: true
+	};
+}
+async function callPersona(persona, prompt, context, effort) {
+	const resolvedModel = resolveModel(persona.model);
+	const userText = buildUserText(prompt, context);
+	if (persona.endpoint === "/v1/responses") {
+		const text$1 = extractResponsesText(await createResponses({
+			model: resolvedModel,
+			instructions: persona.baseInstructions,
+			input: [{
+				role: "user",
+				content: [{
+					type: "input_text",
+					text: userText
+				}]
+			}],
+			stream: false,
+			reasoning: { effort }
+		}));
+		if (!text$1) return toolError(`persona ${persona.agentName}: empty assistant output`);
+		return { content: [{
+			type: "text",
+			text: text$1
+		}] };
+	}
+	const text = extractChatCompletionText(await createChatCompletions({
+		model: resolvedModel,
+		messages: [{
 			role: "system",
-			content: searchContext
+			content: persona.baseInstructions
+		}, {
+			role: "user",
+			content: userText
+		}],
+		stream: false,
+		reasoning_effort: effort
+	}));
+	if (!text) return toolError(`persona ${persona.agentName}: empty assistant output`);
+	return { content: [{
+		type: "text",
+		text
+	}] };
+}
+function logTelemetry(t) {
+	const parts = [
+		`[peer-mcp]`,
+		`name=${t.name}`,
+		`model=${t.model}`,
+		`duration_ms=${t.durationMs}`,
+		`result=${t.result}`
+	];
+	if (t.errorMessage) parts.push(`error=${JSON.stringify(t.errorMessage)}`);
+	process.stderr.write(parts.join(" ") + "\n");
+}
+async function handleToolsCall(body) {
+	const params = body.params ?? {};
+	const name$1 = typeof params.name === "string" ? params.name : "";
+	const args = params.arguments ?? {};
+	const prompt = typeof args.prompt === "string" ? args.prompt : "";
+	const context = typeof args.context === "string" ? args.context : void 0;
+	let effort = DEFAULT_EFFORT;
+	if (args.effort !== void 0) {
+		if (!isEffort(args.effort)) return rpcError(body.id, RPC_INVALID_PARAMS, `tools/call: arguments.effort must be one of ${EFFORT_LEVELS.join("|")}; got ${JSON.stringify(args.effort)}`);
+		effort = args.effort;
+	}
+	if (!name$1) return rpcError(body.id, RPC_INVALID_PARAMS, "tools/call missing name");
+	const persona = activePersonas().find((p) => p.toolNameHttp === name$1);
+	if (!persona) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
+	if (!prompt) return rpcError(body.id, RPC_INVALID_PARAMS, `tools/call: arguments.prompt is required`);
+	if (inFlightToolsCall >= MAX_INFLIGHT_TOOLS_CALL) return rpcResult(body.id, {
+		content: [{
+			type: "text",
+			text: `Peer MCP queue full (${MAX_INFLIGHT_TOOLS_CALL} in-flight). Retry shortly, or wait for the current persona calls to complete.`
+		}],
+		isError: true
+	});
+	inFlightToolsCall++;
+	const startedAt = Date.now();
+	try {
+		const result = await callPersona(persona, prompt, context, effort);
+		logTelemetry({
+			name: persona.agentName,
+			model: persona.model,
+			durationMs: Date.now() - startedAt,
+			result: result.isError ? "isError" : "ok"
 		});
-	} catch (error) {
-		consola.warn("Web search failed, continuing without results:", error);
+		return rpcResult(body.id, result);
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		logTelemetry({
+			name: persona.agentName,
+			model: persona.model,
+			durationMs: Date.now() - startedAt,
+			result: "exception",
+			errorMessage: message
+		});
+		return rpcResult(body.id, {
+			content: [{
+				type: "text",
+				text: `persona ${persona.agentName} failed: ${message}`
+			}],
+			isError: true
+		});
+	} finally {
+		inFlightToolsCall--;
 	}
-	payload.tools = payload.tools?.filter((t) => !("type" in t && t.type === "web_search" || t.function?.name === "web_search"));
-	if (payload.tools?.length === 0) payload.tools = void 0;
-	if (!payload.tools) payload.tool_choice = void 0;
-	else if (payload.tool_choice && typeof payload.tool_choice === "object" && "type" in payload.tool_choice && payload.tool_choice.type === "function") {
-		const toolChoiceName = payload.tool_choice.function?.name;
-		if (toolChoiceName && !payload.tools.some((tool) => tool.function.name === toolChoiceName)) payload.tool_choice = void 0;
+}
+async function handleRpc(_c, body) {
+	if (body === null || typeof body !== "object" || Array.isArray(body)) return {
+		status: 200,
+		body: rpcError(null, RPC_INVALID_REQUEST, "jsonrpc 2.0 envelope required")
+	};
+	if (body.jsonrpc !== "2.0" || typeof body.method !== "string") return {
+		status: 200,
+		body: rpcError(body.id ?? null, RPC_INVALID_REQUEST, "jsonrpc 2.0 envelope required")
+	};
+	const isNotification = body.id === void 0;
+	switch (body.method) {
+		case "initialize":
+			if (isNotification) return {
+				status: 202,
+				body: null
+			};
+			return {
+				status: 200,
+				body: rpcResult(body.id, {
+					protocolVersion: MCP_PROTOCOL_VERSION,
+					capabilities: { tools: { listChanged: false } },
+					serverInfo: {
+						name: SERVER_NAME,
+						version: SERVER_VERSION
+					}
+				})
+			};
+		case "notifications/initialized": return {
+			status: 202,
+			body: null
+		};
+		case "tools/list":
+			if (isNotification) return {
+				status: 202,
+				body: null
+			};
+			return {
+				status: 200,
+				body: rpcResult(body.id, { tools: toolEntries() })
+			};
+		case "tools/call":
+			if (isNotification) return {
+				status: 202,
+				body: null
+			};
+			return {
+				status: 200,
+				body: await handleToolsCall(body)
+			};
+		case "ping":
+			if (isNotification) return {
+				status: 202,
+				body: null
+			};
+			return {
+				status: 200,
+				body: rpcResult(body.id, {})
+			};
+		default:
+			if (isNotification) return {
+				status: 202,
+				body: null
+			};
+			return {
+				status: 200,
+				body: rpcError(body.id, RPC_METHOD_NOT_FOUND, `unknown method: ${body.method}`)
+			};
 	}
 }
-function extractUserQuery$2(messages) {
-	for (let i = messages.length - 1; i >= 0; i--) {
-		const msg = messages[i];
-		if (msg.role === "user") {
-			if (typeof msg.content === "string") return msg.content;
-			if (Array.isArray(msg.content)) {
-				const text = msg.content.find((p) => p.type === "text");
-				if (text && "text" in text) return text.text;
-			}
-		}
+async function handleMcpPost(c) {
+	const auth$1 = checkAuth(c);
+	if (!auth$1.ok) return c.json(rpcError(null, RPC_INVALID_REQUEST, auth$1.reason), auth$1.status);
+	let body;
+	try {
+		body = await c.req.json();
+	} catch (err) {
+		consola.debug("/mcp parse error:", err);
+		return c.json(rpcError(null, RPC_PARSE_ERROR, "request body is not valid JSON"), 200);
+	}
+	try {
+		const { status, body: respBody } = await handleRpc(c, body);
+		if (respBody === null) return c.body(null, status);
+		return c.json(respBody, status);
+	} catch (err) {
+		consola.error("/mcp handler error:", err);
+		const echoId = typeof body === "object" && body !== null && !Array.isArray(body) ? body.id ?? null : null;
+		return c.json(rpcError(echoId, RPC_INTERNAL_ERROR, err instanceof Error ? err.message : String(err)), 200);
 	}
 }
+function handleMcpDelete(c) {
+	const auth$1 = checkAuth(c);
+	if (!auth$1.ok) return c.json(rpcError(null, RPC_INVALID_REQUEST, auth$1.reason), auth$1.status);
+	return c.body(null, 200);
+}
 
 //#endregion
-//#region src/routes/chat-completions/route.ts
-const completionRoutes = new Hono();
-completionRoutes.post("/", async (c) => {
+//#region src/routes/mcp/route.ts
+const mcpRoutes = new Hono();
+mcpRoutes.post("/", async (c) => {
 	try {
-		return await handleCompletion$1(c);
+		return await handleMcpPost(c);
 	} catch (error) {
 		return await forwardError(c, error);
 	}
 });
-
-//#endregion
-//#region src/services/copilot/create-embeddings.ts
-const createEmbeddings = async (payload) => {
-	if (!state.copilotToken) throw new Error("Copilot token not found");
-	const response = await fetch(`${copilotBaseUrl(state)}/embeddings`, {
-		method: "POST",
-		headers: copilotHeaders(state),
-		body: JSON.stringify(payload)
-	});
-	if (!response.ok) throw new HTTPError("Failed to create embeddings", response);
-	return await response.json();
-};
-
-//#endregion
-//#region src/routes/embeddings/route.ts
-const embeddingRoutes = new Hono();
-embeddingRoutes.post("/", async (c) => {
+mcpRoutes.delete("/", (c) => {
 	try {
-		const response = await createEmbeddings(await c.req.json());
-		return c.json(response);
-	} catch (error) {
-		return await forwardError(c, error);
+		return handleMcpDelete(c);
+	} catch {
+		return c.body(null, 500);
 	}
 });
 
@@ -1414,7 +3148,7 @@ embeddingRoutes.post("/", async (c) => {
 * (anthropic-beta) so Copilot enables extended features.
 */
 function buildHeaders(extraHeaders) {
-	const headers = {
+	return {
 		...copilotHeaders(state),
 		accept: "application/json",
 		"openai-intent": "messages-proxy",
@@ -1424,8 +3158,6 @@ function buildHeaders(extraHeaders) {
 		"X-Interaction-Id": randomUUID(),
 		...extraHeaders
 	};
-	delete headers["copilot-integration-id"];
-	return headers;
 }
 /**
 * Forward an Anthropic Messages API request to Copilot's native /v1/messages endpoint.
@@ -1433,14 +3165,18 @@ function buildHeaders(extraHeaders) {
 */
 async function createMessages(body, extraHeaders) {
 	if (!state.copilotToken) throw new Error("Copilot token not found");
-	const headers = buildHeaders(extraHeaders);
 	const url = `${copilotBaseUrl(state)}/v1/messages?beta=true`;
 	consola.debug(`Forwarding to ${url}`);
-	const response = await fetch(url, {
-		method: "POST",
-		headers,
-		body
-	});
+	const doFetch = () => {
+		const fetchInit = {
+			method: "POST",
+			headers: buildHeaders(extraHeaders),
+			body
+		};
+		if (UPSTREAM_FETCH_TIMEOUT_MS > 0) fetchInit.signal = AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS);
+		return fetch(url, fetchInit);
+	};
+	const response = await tryRefreshAndRetry(doFetch, "/v1/messages");
 	if (!response.ok) {
 		let errorBody = "";
 		try {
@@ -1463,14 +3199,18 @@ async function createMessages(body, extraHeaders) {
 */
 async function countTokens(body, extraHeaders) {
 	if (!state.copilotToken) throw new Error("Copilot token not found");
-	const headers = buildHeaders(extraHeaders);
 	const url = `${copilotBaseUrl(state)}/v1/messages/count_tokens?beta=true`;
 	consola.debug(`Forwarding to ${url}`);
-	const response = await fetch(url, {
-		method: "POST",
-		headers,
-		body
-	});
+	const doFetch = () => {
+		const fetchInit = {
+			method: "POST",
+			headers: buildHeaders(extraHeaders),
+			body
+		};
+		if (UPSTREAM_FETCH_TIMEOUT_MS > 0) fetchInit.signal = AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS);
+		return fetch(url, fetchInit);
+	};
+	const response = await tryRefreshAndRetry(doFetch, "/v1/messages/count_tokens");
 	if (!response.ok) {
 		let errorBody = "";
 		try {
@@ -1488,6 +3228,22 @@ async function countTokens(body, extraHeaders) {
 	return response;
 }
 
+//#endregion
+//#region src/lib/diagnose-response.ts
+const PREVIEW_LIMIT = 200;
+async function parseJsonOrDiagnose(response, routePath) {
+	const cloned = response.clone();
+	try {
+		return await response.json();
+	} catch (error) {
+		const contentType = response.headers.get("content-type") ?? "(none)";
+		const bodyText = await cloned.text().catch(() => "(unreadable)");
+		const preview = bodyText.length > PREVIEW_LIMIT ? bodyText.slice(0, PREVIEW_LIMIT) + "...(truncated)" : bodyText;
+		consola.error(`Upstream JSON parse failed at ${routePath}: status=${response.status} content-type="${contentType}" body[0..${PREVIEW_LIMIT}]=${JSON.stringify(preview)}`);
+		throw error;
+	}
+}
+
 //#endregion
 //#region src/routes/messages/count-tokens-handler.ts
 const isWebSearchTool$1 = (tool) => typeof tool.type === "string" && tool.type.startsWith("web_search") || tool.name === "web_search";
@@ -1535,7 +3291,7 @@ async function handleCountTokens(c) {
 		...selectedModel?.requestHeaders,
 		...extraHeaders
 	});
-	const responseBody = await response.json();
+	const responseBody = await parseJsonOrDiagnose(response, c.req.path);
 	logRequest({
 		method: "POST",
 		path: c.req.path,
@@ -1702,9 +3458,8 @@ async function handleCompletion(c) {
 	if (debugEnabled) consola.debug("Anthropic request body:", rawBody.slice(0, 2e3));
 	if (state.manualApprove) await awaitApproval();
 	const betaHeaders = extractBetaHeaders(c);
-	const { body: resolvedBody, originalModel, resolvedModel } = resolveModelInBody(await processWebSearch(rawBody));
+	const { body: resolvedBody, originalModel, resolvedModel, selectedModel } = resolveModelInBody(await processWebSearch(rawBody));
 	const modelId = resolvedModel ?? originalModel;
-	const selectedModel = state.models?.data.find((m) => m.id === modelId);
 	if (modelId) logEndpointMismatch(modelId, "/v1/messages");
 	const effectiveBetas = applyDefaultBetas(betaHeaders, resolvedModel ?? originalModel);
 	let response;
@@ -1727,7 +3482,17 @@ async function handleCompletion(c) {
 		}
 		throw error;
 	}
-	if ((response.headers.get("content-type") ?? "").includes("text/event-stream")) {
+	const contentType = response.headers.get("content-type") ?? "";
+	const clientAcceptsSSE = (c.req.header("accept") ?? "").includes("text/event-stream");
+	let isStreaming = contentType.includes("text/event-stream");
+	if (!isStreaming && clientAcceptsSSE) {
+		if (contentType === "" || contentType === "application/octet-stream") {
+			consola.warn(`Upstream /v1/messages returned status=${response.status} content-type=${JSON.stringify(contentType)} but client requested streaming; treating response body as SSE`);
+			isStreaming = true;
+		}
+	}
+	if (debugEnabled) consola.debug(`Upstream /v1/messages: status=${response.status} content-type="${contentType}" isStreaming=${isStreaming}`);
+	if (isStreaming) {
 		logRequest({
 			method: "POST",
 			path: c.req.path,
@@ -1740,18 +3505,19 @@ async function handleCompletion(c) {
 		const streamHeaders = {
 			"content-type": "text/event-stream",
 			"cache-control": "no-cache",
+			"transfer-encoding": "chunked",
 			connection: "keep-alive"
 		};
 		const requestId = response.headers.get("x-request-id");
 		if (requestId) streamHeaders["x-request-id"] = requestId;
 		const reqId = response.headers.get("request-id");
 		if (reqId) streamHeaders["request-id"] = reqId;
-		return new Response(response.body, {
+		return new Response(response.body ? relayAnthropicStream(response.body, { routePath: c.req.path }) : null, {
 			status: response.status,
 			headers: streamHeaders
 		});
 	}
-	const responseBody = await response.json();
+	const responseBody = await parseJsonOrDiagnose(response, c.req.path);
 	logRequest({
 		method: "POST",
 		path: c.req.path,
@@ -1770,8 +3536,9 @@ async function handleCompletion(c) {
 }
 /**
 * Parse the JSON body, resolve the model name, sanitize cache_control
-* fields, and re-serialize. Returns the body string plus the original
-* and resolved model names.
+* fields, translate thinking-mode shape for adaptive-thinking models,
+* and re-serialize. Returns the body string, original/resolved model
+* names, and the matching model metadata (if any).
 *
 * Re-serialization is skipped when no modifications are needed.
 */
@@ -1791,13 +3558,84 @@ function resolveModelInBody(rawBody) {
 			modified = true;
 		}
 	}
-	if (rawBody.includes("\"scope\"") && sanitizeCacheControl(parsed)) modified = true;
 	const resolvedModel = typeof parsed.model === "string" ? parsed.model : originalModel;
+	const selectedModel = resolvedModel ? state.models?.data.find((m) => m.id === resolvedModel) : void 0;
+	if (translateThinking(parsed, selectedModel)) modified = true;
+	if (rawBody.includes("\"scope\"") && sanitizeCacheControl(parsed)) modified = true;
 	return {
 		body: modified ? JSON.stringify(parsed) : rawBody,
 		originalModel,
-		resolvedModel
+		resolvedModel,
+		selectedModel
+	};
+}
+const EFFORT_ORDER = [
+	"low",
+	"medium",
+	"high",
+	"xhigh"
+];
+/**
+* Bucket a thinking budget into a Copilot reasoning-effort string.
+* `<2000`→low, `<8000`→medium, `<24000`→high, else→xhigh.
+* Defaults missing/non-numeric budgets to 8000 ("high").
+*/
+function bucketEffort(budget) {
+	const n = typeof budget === "number" && Number.isFinite(budget) ? budget : 8e3;
+	if (n < 2e3) return "low";
+	if (n < 8e3) return "medium";
+	if (n < 24e3) return "high";
+	return "xhigh";
+}
+/**
+* Clamp a bucketed effort to the closest value in `supported`. Ties
+* resolve to the lower-tier option (per EFFORT_ORDER).
+*
+* Iterates EFFORT_ORDER (canonical low→xhigh) so the first match on a
+* given distance is always the lower-tier value, regardless of input
+* order in `supported`.
+*/
+function clampEffort(bucketed, supported) {
+	if (supported.includes(bucketed)) return bucketed;
+	const targetIdx = EFFORT_ORDER.indexOf(bucketed);
+	let best;
+	let bestDist = Infinity;
+	for (let i = 0; i < EFFORT_ORDER.length; i++) {
+		const value = EFFORT_ORDER[i];
+		if (!supported.includes(value)) continue;
+		const dist = Math.abs(i - targetIdx);
+		if (dist < bestDist) {
+			bestDist = dist;
+			best = value;
+		}
+	}
+	return best ?? bucketed;
+}
+/**
+* Translate Anthropic-shape `thinking:{type:"enabled", budget_tokens}` to
+* Copilot-shape `thinking:{type:"adaptive"}` + `output_config.effort`
+* when the resolved model declares `adaptive_thinking: true`.
+*
+* Returns true if the body was modified. No-op when the model doesn't
+* support adaptive thinking, when thinking is missing/disabled/already
+* adaptive, or when `body` isn't a plain object. Client-supplied
+* `output_config.effort` always wins over the bucketed value.
+*/
+function translateThinking(body, model) {
+	if (!model?.capabilities?.supports?.adaptive_thinking) return false;
+	const thinking = body.thinking;
+	if (!thinking || typeof thinking !== "object") return false;
+	if (thinking.type !== "enabled") return false;
+	const bucketed = bucketEffort(thinking.budget_tokens);
+	const supported = model.capabilities.supports.reasoning_effort;
+	const effort = Array.isArray(supported) && supported.length > 0 ? clampEffort(bucketed, supported) : bucketed;
+	body.thinking = { type: "adaptive" };
+	const existing = body.output_config && typeof body.output_config === "object" ? body.output_config : {};
+	body.output_config = {
+		...existing,
+		effort: existing.effort ?? effort
 	};
+	return true;
 }
 /**
 * Strip the `scope` field from all `cache_control` objects in the body.
@@ -1864,21 +3702,18 @@ const modelRoutes = new Hono();
 modelRoutes.get("/", async (c) => {
 	try {
 		if (!state.models) await cacheModels();
-		const models = state.models?.data.map((model) => ({
-			id: model.id,
-			object: "model",
-			type: model.capabilities?.type ?? "model",
-			created: 0,
-			created_at: (/* @__PURE__ */ new Date(0)).toISOString(),
-			owned_by: model.vendor,
-			display_name: model.name,
-			capabilities: model.capabilities,
-			supported_endpoints: model.supported_endpoints,
-			preview: model.preview,
-			version: model.version,
-			model_picker_enabled: model.model_picker_enabled,
-			policy: model.policy
-		}));
+		const models = state.models?.data.map((model) => {
+			const { requestHeaders,...rest } = model;
+			return {
+				...rest,
+				object: "model",
+				type: model.capabilities?.type ?? "model",
+				created: 0,
+				created_at: (/* @__PURE__ */ new Date(0)).toISOString(),
+				owned_by: model.vendor,
+				display_name: model.name
+			};
+		});
 		return c.json({
 			object: "list",
 			data: models,
@@ -1889,75 +3724,16 @@ modelRoutes.get("/", async (c) => {
 	}
 });
 
-//#endregion
-//#region src/services/copilot/create-responses.ts
-const createResponses = async (payload, modelHeaders) => {
-	if (!state.copilotToken) throw new Error("Copilot token not found");
-	const enableVision = detectVision(payload.input);
-	const isAgentCall = detectAgentCall(payload.input);
-	const headers = {
-		...copilotHeaders(state, enableVision),
-		...modelHeaders,
-		"X-Initiator": isAgentCall ? "agent" : "user"
-	};
-	const filteredPayload = filterUnsupportedTools(payload);
-	const response = await fetch(`${copilotBaseUrl(state)}/responses`, {
-		method: "POST",
-		headers,
-		body: JSON.stringify(filteredPayload)
-	});
-	if (!response.ok) {
-		consola.error("Failed to create responses", response);
-		throw new HTTPError("Failed to create responses", response);
-	}
-	if (payload.stream) return events(response);
-	return await response.json();
-};
-function detectVision(input) {
-	if (typeof input === "string") return false;
-	if (!Array.isArray(input)) return false;
-	return input.some((item) => {
-		if ("content" in item && Array.isArray(item.content)) return item.content.some((part) => part.type === "input_image");
-		return false;
-	});
-}
-function detectAgentCall(input) {
-	if (typeof input === "string") return false;
-	if (!Array.isArray(input)) return false;
-	return input.some((item) => {
-		if ("role" in item && item.role === "assistant") return true;
-		if ("type" in item && (item.type === "function_call" || item.type === "function_call_output")) return true;
-		return false;
-	});
-}
-function filterUnsupportedTools(payload) {
-	if (!payload.tools || !Array.isArray(payload.tools)) return payload;
-	const supported = payload.tools.filter((tool) => {
-		const isSupported = tool.type === "function";
-		if (!isSupported) consola.debug(`Stripping unsupported tool type: ${tool.type}`);
-		return isSupported;
-	});
-	let toolChoice = payload.tool_choice;
-	if (supported.length === 0) toolChoice = void 0;
-	else if (toolChoice && typeof toolChoice === "object") {
-		const supportedNames = new Set(supported.map((tool) => tool.name).filter(Boolean));
-		const toolChoiceName = getToolChoiceName(toolChoice);
-		if (toolChoiceName && !supportedNames.has(toolChoiceName)) toolChoice = void 0;
-	}
-	return {
-		...payload,
-		tools: supported.length > 0 ? supported : void 0,
-		tool_choice: toolChoice
-	};
-}
-function getToolChoiceName(toolChoice) {
-	if (typeof toolChoice !== "object") return void 0;
-	if ("function" in toolChoice && toolChoice.function && typeof toolChoice.function === "object") return toolChoice.function.name;
-	if ("name" in toolChoice) return toolChoice.name;
-}
-
 //#endregion
 //#region src/routes/responses/handler.ts
+const ENCODER = new TextEncoder();
+function formatSSE(chunk) {
+	const parts = [];
+	if (chunk.event) parts.push(`event: ${chunk.event}`);
+	if (chunk.data !== void 0) for (const line of String(chunk.data).split(/\r\n|\r|\n/)) parts.push(`data: ${line}`);
+	if (chunk.id !== void 0) parts.push(`id: ${String(chunk.id)}`);
+	return parts.join("\n") + "\n\n";
+}
 async function handleResponses(c) {
 	const startTime = Date.now();
 	await checkRateLimit(state);
@@ -1998,16 +3774,106 @@ async function handleResponses(c) {
 		if (debugEnabled) consola.debug("Non-streaming response:", JSON.stringify(response));
 		return c.json(response);
 	}
-	return streamSSE(c, async (stream) => {
-		for await (const chunk of response) {
-			if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(chunk));
-			if (chunk.data === "[DONE]") break;
-			if (!chunk.data) continue;
-			await stream.writeSSE({
-				data: chunk.data,
-				event: chunk.event,
-				id: chunk.id?.toString()
-			});
+	const iterator = response[Symbol.asyncIterator]();
+	let firstChunk;
+	let upstreamFinished = false;
+	while (true) {
+		const r = await iterator.next();
+		if (r.done) {
+			upstreamFinished = true;
+			break;
+		}
+		if (r.value === void 0 || r.value === null) continue;
+		if (r.value.data === "[DONE]") {
+			upstreamFinished = true;
+			break;
+		}
+		if (!r.value.data) continue;
+		firstChunk = r.value;
+		break;
+	}
+	if (firstChunk === void 0) consola.warn(`Upstream /responses returned no payload events at ${c.req.path}`);
+	let pendingFirstChunk = firstChunk;
+	let consumerCancelled = false;
+	const safeClose = (controller) => {
+		try {
+			controller.close();
+		} catch {}
+	};
+	const releaseUpstream = (reason) => {
+		if (typeof iterator.return === "function") iterator.return(reason).catch(() => {});
+	};
+	const safeEnqueue = (controller, bytes) => {
+		try {
+			controller.enqueue(bytes);
+			return true;
+		} catch (e) {
+			if (isControllerClosedError(e)) {
+				consumerCancelled = true;
+				releaseUpstream(e);
+				return false;
+			}
+			throw e;
+		}
+	};
+	return new Response(new ReadableStream({
+		async pull(controller) {
+			if (consumerCancelled || upstreamFinished) {
+				safeClose(controller);
+				return;
+			}
+			if (pendingFirstChunk !== void 0) {
+				const chunk = pendingFirstChunk;
+				pendingFirstChunk = void 0;
+				if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(chunk));
+				safeEnqueue(controller, ENCODER.encode(formatSSE(chunk)));
+				return;
+			}
+			try {
+				const result = await iterator.next();
+				if (consumerCancelled) {
+					safeClose(controller);
+					return;
+				}
+				if (result.done) {
+					upstreamFinished = true;
+					safeClose(controller);
+					return;
+				}
+				if (result.value === void 0 || result.value === null) return;
+				if (result.value.data === "[DONE]") {
+					upstreamFinished = true;
+					safeClose(controller);
+					return;
+				}
+				if (!result.value.data) return;
+				if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(result.value));
+				safeEnqueue(controller, ENCODER.encode(formatSSE(result.value)));
+			} catch (error) {
+				upstreamFinished = true;
+				if (consumerCancelled) {
+					releaseUpstream(error);
+					safeClose(controller);
+					return;
+				}
+				const { errName, errMessage } = logStreamError(c.req.path, error);
+				safeEnqueue(controller, ENCODER.encode(buildOpenAIErrorEvent(errName, errMessage)));
+				releaseUpstream(error);
+				safeClose(controller);
+			}
+		},
+		cancel() {
+			consumerCancelled = true;
+			upstreamFinished = true;
+			releaseUpstream();
+		}
+	}), {
+		status: 200,
+		headers: {
+			"content-type": "text/event-stream",
+			"cache-control": "no-cache",
+			"transfer-encoding": "chunked",
+			connection: "keep-alive"
 		}
 	});
 }
@@ -2018,8 +3884,7 @@ async function injectWebSearchIfNeeded(payload) {
 		if (payload.input.some((item) => item.type === "function_call_output")) return;
 	}
 	const query = extractUserQuery(payload.input);
-	if (!query) return;
-	try {
+	if (query) try {
 		const results = await searchWeb(query);
 		const searchContext = [
 			"[Web Search Results]",
@@ -2032,6 +3897,13 @@ async function injectWebSearchIfNeeded(payload) {
 	} catch (error) {
 		consola.warn("Web search failed, continuing without results:", error);
 	}
+	payload.tools = payload.tools?.filter((t) => t.type !== "web_search");
+	if (payload.tools && payload.tools.length === 0) payload.tools = void 0;
+	if (!payload.tools) payload.tool_choice = void 0;
+	else if (payload.tool_choice && typeof payload.tool_choice === "object") {
+		const choice = payload.tool_choice;
+		if ((choice.function?.name ?? choice.name) === "web_search") payload.tool_choice = void 0;
+	}
 }
 function extractUserQuery(input) {
 	if (typeof input === "string") return input;
@@ -2203,6 +4075,11 @@ usageRoute.get("/", async (c) => {
 const server = new Hono();
 server.use(cors());
 server.get("/", (c) => c.text("Server running"));
+server.get("/version", (c) => c.json({
+	name,
+	version,
+	gitSha: process.env.GITHUB_SHA ?? "unknown"
+}));
 server.on("HEAD", ["/"], (c) => c.body(null, 200));
 server.route("/chat/completions", completionRoutes);
 server.route("/responses", responsesRoutes);
@@ -2217,6 +4094,8 @@ server.route("/v1/models", modelRoutes);
 server.route("/v1/embeddings", embeddingRoutes);
 server.route("/v1/search", searchRoutes);
 server.route("/v1/messages", messageRoutes);
+server.route("/mcp", mcpRoutes);
+server.post("/api/event_logging/batch", (c) => c.body(null, 200));
 server.notFound((c) => c.json({
 	type: "error",
 	error: {
@@ -2382,22 +4261,73 @@ function parseSharedArgs(args) {
 		extendedBetas: args["extended-betas"]
 	};
 }
-/** Build environment variables for Claude Code. */
+/**
+* Build environment variables for Claude Code.
+*
+* The parent env is sanitized of every key in `STRIPPED_PARENT_ENV_KEYS`
+* (see `src/lib/launch.ts`) BEFORE these overrides are merged in, so we
+* only need to provide the positive values.
+*
+* Auth precedence in Claude Code (https://code.claude.com/docs/en/iam):
+*   1. Cloud provider (CLAUDE_CODE_USE_BEDROCK / VERTEX / FOUNDRY) — stripped at parent.
+*   2. ANTHROPIC_AUTH_TOKEN — set here to "dummy"; wins over #4–#6.
+*   3. ANTHROPIC_API_KEY — stripped at parent, intentionally NOT re-set
+*      (Claude Code emits an Auth conflict warning when both AUTH_TOKEN
+*      and API_KEY are present, even with dummy values).
+*   4. apiKeyHelper in settings.json — beaten by #2.
+*   5. CLAUDE_CODE_OAUTH_TOKEN — stripped at parent.
+*   6. Subscription OAuth (Keychain / ~/.claude/.credentials.json) —
+*      INVISIBLE to the spawned child via the CLAUDE_CONFIG_DIR trick
+*      below. The credential file is left in place so `claude /logout`
+*      still works outside the proxy.
+*
+* `CLAUDE_CONFIG_DIR` activates Claude Code's per-config-dir keychain
+* isolation. Per binary-grep of Claude Code 2.1.126's `iN()` function:
+*
+*   function iN(H = "") {
+*     let _ = B6(),  // resolved config-dir path
+*         K = !process.env.CLAUDE_CONFIG_DIR ? "" : `-${sha256(_).slice(0, 8)}`;
+*     return `Claude Code${OAUTH_FILE_SUFFIX}${H}${K}`
+*   }
+*
+* The conditional is on PRESENCE, not value. When CLAUDE_CONFIG_DIR is
+* unset (the user's normal `claude` usage), the keychain service name is
+* "Claude Code" and their `/login` credential is found there. When set
+* (the proxy session), the service name becomes "Claude Code-<hash>" —
+* the user's credential is invisible, `iCH()` returns null, and all
+* three auth-conflict warnings fire `false`. The path resolves to the
+* default config-dir, so settings.json/skills/MCP/plugins/hooks/CLAUDE.md
+* still load from `~/.claude` as normal.
+*/
 function getClaudeCodeEnvVars(serverUrl, model) {
 	const vars = {
 		ANTHROPIC_BASE_URL: serverUrl,
 		ANTHROPIC_AUTH_TOKEN: "dummy",
+		CLAUDE_CONFIG_DIR: path.join(os.homedir(), ".claude"),
+		MCP_TIMEOUT: "600000",
 		DISABLE_NON_ESSENTIAL_MODEL_CALLS: "1",
 		CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: "1"
 	};
 	if (model) vars.ANTHROPIC_MODEL = model;
 	return vars;
 }
-/** Build environment variables for Codex CLI. */
+/**
+* Build environment variables for Codex CLI.
+*
+* Like `getClaudeCodeEnvVars`, the parent env is sanitized of
+* `OPENAI_API_KEY` / `OPENAI_BASE_URL` / `CODEX_HOME` (see
+* `STRIPPED_PARENT_ENV_KEYS` in `src/lib/launch.ts`) before these
+* overrides are merged, so a stale shell `OPENAI_API_KEY` can't leak
+* through. Codex caches a ChatGPT subscription login under
+* `$CODEX_HOME/auth.json` which can override `OPENAI_API_KEY` per
+* openai/codex#2733; pointing `CODEX_HOME` at an isolated directory
+* masks any cached login.
+*/
 function getCodexEnvVars(serverUrl) {
 	return {
 		OPENAI_BASE_URL: `${serverUrl}/v1`,
-		OPENAI_API_KEY: "dummy"
+		OPENAI_API_KEY: "dummy",
+		CODEX_HOME: PATHS.CODEX_HOME
 	};
 }
 
@@ -2414,6 +4344,21 @@ const claude = defineCommand({
 			alias: "m",
 			type: "string",
 			description: "Override the default model for Claude Code"
+		},
+		"codex-mcp": {
+			type: "boolean",
+			default: true,
+			description: "Wire peer-model MCP personas (codex-critic, codex-reviewer, gemini-critic) into the spawned Claude Code session"
+		},
+		"codex-cli": {
+			type: "boolean",
+			default: false,
+			description: "Add a `codex mcp-server` stdio backend so codex-implementer can mutate files. Requires codex CLI 0.129+; gracefully falls back to HTTP-only if absent."
+		},
+		"codex-mcp-only": {
+			type: "boolean",
+			default: false,
+			description: "Pass --strict-mcp-config to claude code so only github-router's MCP servers are loaded (hides user's existing MCP servers)"
 		}
 	},
 	async run({ args }) {
@@ -2437,22 +4382,57 @@ const claude = defineCommand({
 			process$1.exit(1);
 		}
 		enableFileLogging();
-		let resolvedModel;
-		if (args.model) {
-			resolvedModel = resolveModel(args.model);
-			if (resolvedModel !== args.model) consola.info(`Model "${args.model}" resolved to "${resolvedModel}"`);
-			if (!state.models?.data.find((m) => m.id === resolvedModel)) {
-				const available = listModelsForEndpoint("/v1/messages");
-				consola.warn(`Model "${resolvedModel}" not found. Available claude models: ${available.join(", ")}`);
+		const usingDefault = !args.model;
+		let chosenSlug = args.model ?? DEFAULT_CLAUDE_MODEL;
+		let resolvedSlug = resolveModel(chosenSlug);
+		if (usingDefault && state.models) {
+			const inCache = (slug) => state.models?.data.some((m) => m.id === resolveModel(slug)) ?? false;
+			if (!inCache(chosenSlug)) {
+				for (const fallback of DEFAULT_CLAUDE_MODEL_FALLBACKS) if (inCache(fallback)) {
+					consola.info(`Default model "${chosenSlug}" not in your Copilot model list; falling back to "${fallback}".`);
+					chosenSlug = fallback;
+					resolvedSlug = resolveModel(fallback);
+					break;
+				}
 			}
 		}
-		process$1.stderr.write(`Server ready on ${serverUrl}, launching Claude Code...\n`);
+		if (resolvedSlug !== chosenSlug) consola.info(`Model "${chosenSlug}" resolved to "${resolvedSlug}"`);
+		if (!state.models?.data.find((m) => m.id === resolvedSlug)) {
+			const available = listModelsForEndpoint("/v1/messages");
+			consola.warn(`Model "${resolvedSlug}" not found. Available claude models: ${available.join(", ")}`);
+		}
+		const banner = chosenSlug === resolvedSlug ? chosenSlug : `${chosenSlug} → ${resolvedSlug}`;
+		process$1.stderr.write(`Server ready on ${serverUrl}, launching Claude Code (${banner})...\n`);
+		const envVars = getClaudeCodeEnvVars(serverUrl, chosenSlug);
+		const extraArgs = args._ ?? [];
+		let onShutdown;
+		if (args["codex-mcp"] !== false) try {
+			const requestedCli = args["codex-cli"] ?? false;
+			const backend = resolveCodexCliBackend({
+				requested: requestedCli,
+				codexInfo: requestedCli ? getCodexVersion() : null
+			});
+			const geminiAvailable$1 = state.models?.data.some((m) => /^gemini-3\..*pro/i.test(m.id)) ?? false;
+			if (!geminiAvailable$1) consola.info("gemini-3.1-pro-preview not found in your Copilot model catalog; gemini-critic persona will not be registered.");
+			const runtime = await writePeerMcpRuntimeFiles(serverUrl, {
+				codexCli: backend === "cli",
+				geminiAvailable: geminiAvailable$1
+			});
+			state.peerMcpNonce = runtime.nonce;
+			onShutdown = runtime.cleanup;
+			extraArgs.push("--mcp-config", runtime.mcpConfigPath);
+			if (args["codex-mcp-only"] === true) extraArgs.push("--strict-mcp-config");
+			const personaNames = runtime.personas.map((p) => p.agentName).join(", ");
+			process$1.stderr.write(`Peer MCP wired (backend=${backend}, personas=[${personaNames}], subagent .md files=${runtime.agentMdPaths.length}).\n`);
+		} catch (err) {
+			consola.warn(`Peer MCP wiring failed (claude will launch without it): ${err instanceof Error ? err.message : String(err)}`);
+		}
 		launchChild({
 			kind: "claude-code",
-			envVars: getClaudeCodeEnvVars(serverUrl, resolvedModel ?? args.model),
-			extraArgs: args._ ?? [],
-			model: resolvedModel ?? args.model
-		}, server$1);
+			envVars,
+			extraArgs,
+			model: chosenSlug
+		}, server$1, { onShutdown });
 	}
 });
 
@@ -2491,10 +4471,22 @@ const codex = defineCommand({
 			consola.error("Failed to start server:", error instanceof Error ? error.message : error);
 			process$1.exit(1);
 		}
+		const usingDefault = !args.model;
 		const requestedModel = args.model ?? DEFAULT_CODEX_MODEL;
 		enableFileLogging();
-		const codexModel = resolveCodexModel(requestedModel);
+		let codexModel = resolveCodexModel(requestedModel);
 		if (codexModel !== requestedModel) consola.info(`Model "${requestedModel}" resolved to "${codexModel}"`);
+		if (usingDefault && state.models) {
+			const inCache = (id) => state.models?.data.some((m) => m.id === id) ?? false;
+			if (!inCache(codexModel)) for (const fallback of DEFAULT_CODEX_MODEL_FALLBACKS) {
+				const resolved = resolveCodexModel(fallback);
+				if (inCache(resolved)) {
+					consola.info(`Default model "${codexModel}" not in your Copilot model list; falling back to "${resolved}".`);
+					codexModel = resolved;
+					break;
+				}
+			}
+		}
 		const modelEntry = state.models?.data.find((m) => m.id === codexModel);
 		if (!modelEntry) {
 			const available = listModelsForEndpoint("/responses");
@@ -2508,7 +4500,8 @@ const codex = defineCommand({
 			kind: "codex",
 			envVars: getCodexEnvVars(serverUrl),
 			extraArgs: args._ ?? [],
-			model: codexModel
+			model: codexModel,
+			serverUrl
 		}, server$1);
 	}
 });
@@ -2541,9 +4534,9 @@ async function checkTokenExists() {
 	}
 }
 async function getDebugInfo() {
-	const [version, tokenExists] = await Promise.all([getPackageVersion(), checkTokenExists()]);
+	const [version$1, tokenExists] = await Promise.all([getPackageVersion(), checkTokenExists()]);
 	return {
-		version,
+		version: version$1,
 		runtime: getRuntimeInfo(),
 		paths: {
 			APP_DIR: PATHS.APP_DIR,