github-router 0.3.17 → 0.3.18

package/dist/main.js

@@ -4,17 +4,16 @@ import consola from "consola";
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
-import { randomBytes, randomUUID } from "node:crypto";
+import { randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
 import process$1 from "node:process";
+import { execFileSync, spawn } from "node:child_process";
 import fs$1 from "node:fs";
 import { Writable } from "node:stream";
-import { execFileSync, spawn } from "node:child_process";
 import { serve } from "srvx";
 import { getProxyForUrl } from "proxy-from-env";
 import { Agent, ProxyAgent, setGlobalDispatcher } from "undici";
 import { Hono } from "hono";
 import { cors } from "hono/cors";
-import { streamSSE } from "hono/streaming";
 import { events } from "fetch-event-stream";
 import { z } from "zod";
 import clipboard from "clipboardy";
@@ -35,12 +34,23 @@ const PATHS = {
 	},
 	get CODEX_HOME() {
 		return path.join(appDir(), "codex-isolated");
+	},
+	get CLAUDE_RUNTIME_DIR() {
+		return path.join(appDir(), "runtime");
 	}
 };
 async function ensurePaths() {
 	await fs.mkdir(PATHS.APP_DIR, { recursive: true });
 	await fs.mkdir(PATHS.CODEX_HOME, { recursive: true });
+	await fs.mkdir(PATHS.CLAUDE_RUNTIME_DIR, { recursive: true });
+	await chmodIfPossible(PATHS.CLAUDE_RUNTIME_DIR, 448);
 	await ensureFile(PATHS.GITHUB_TOKEN_PATH);
+	await sweepStaleRuntimeFiles().catch((err) => {
+		consola.debug("Runtime sweep skipped:", err);
+	});
+	await sweepStalePeerAgentMdFiles().catch((err) => {
+		consola.debug("Peer-agent .md sweep skipped:", err);
+	});
 }
 async function ensureFile(filePath) {
 	try {
@@ -50,6 +60,129 @@ async function ensureFile(filePath) {
 		await fs.chmod(filePath, 384);
 	}
 }
+async function chmodIfPossible(target, mode) {
+	if (process.platform === "win32") return;
+	try {
+		await fs.chmod(target, mode);
+	} catch (err) {
+		consola.debug(`chmod ${target} ${mode.toString(8)} failed:`, err);
+	}
+}
+/**
+* Write a runtime tempfile securely.
+*
+*   - Mode `0o600` so other local users (multi-tenant boxes, shared
+*     dev containers) can't read the per-launch nonce or runtime URL.
+*   - `flag: "wx"` (O_CREAT | O_EXCL | O_WRONLY) refuses to overwrite
+*     an existing path. POSIX open(2) with O_EXCL also rejects
+*     pre-placed symlinks, killing the symlink-clobber attack vector.
+*   - The caller's responsibility to pick a path NOT yet in use.
+*     We intentionally do NOT pre-unlink: an `lstat` + `unlink` +
+*     `open(O_EXCL)` sequence still has a TOCTOU window where an
+*     attacker can drop a symlink between unlink and open. Letting
+*     `wx` fail is the safer behavior — surfaces the conflict
+*     instead of silently following.
+*/
+async function writeRuntimeFileSecure(filePath, content) {
+	await fs.writeFile(filePath, content, {
+		mode: 384,
+		flag: "wx"
+	});
+}
+/**
+* Sweep stale runtime tempfiles. Removes files whose embedded PID is no
+* longer a live process. A proxy crash (`kill -9`, OS reboot) leaves
+* orphans that would otherwise accumulate forever — and worse, a stale
+* config pointing at a now-recycled port could route MCP traffic to
+* whatever process bound that port next.
+*
+* Naming convention: `peer-mcp-<pid>.json` and `peer-agents-<pid>.json`.
+* Files not matching either pattern are left alone — this directory
+* is shared with future runtime artifacts.
+*
+* We deliberately do NOT age-prune files whose PID is alive. A
+* legitimately long-running proxy can have a tempfile older than any
+* arbitrary threshold; deleting it out from under the live process
+* breaks the spawned Claude Code child's MCP/agent wiring with no clean
+* recovery. PID-wraparound risk is mitigated by (a) PID reuse on Linux
+* being slow under typical loads, and (b) the file is only consulted by
+* github-router itself — an unrelated process that inherits the PID
+* never reads it.
+*/
+async function sweepStaleRuntimeFiles() {
+	const dir = PATHS.CLAUDE_RUNTIME_DIR;
+	let entries;
+	try {
+		entries = await fs.readdir(dir);
+	} catch (err) {
+		if (err.code === "ENOENT") return;
+		throw err;
+	}
+	for (const name$1 of entries) {
+		const match = /^peer-(?:mcp|agents)-(\d+)(?:-[0-9a-f]+)?\.json$/.exec(name$1);
+		if (!match) continue;
+		const pid = Number.parseInt(match[1], 10);
+		const filePath = path.join(dir, name$1);
+		if (isPidAlive(pid)) continue;
+		await fs.unlink(filePath).catch(() => {});
+	}
+}
+function isPidAlive(pid) {
+	if (!Number.isInteger(pid) || pid <= 0) return false;
+	try {
+		process.kill(pid, 0);
+		return true;
+	} catch (err) {
+		if (err.code === "EPERM") return true;
+		return false;
+	}
+}
+/**
+* Sweep stale peer-* subagent .md files from `~/.claude/agents/`. Phase
+* 2.5 writes one .md per peer agent into the canonical agents directory
+* so they appear in Claude Code's Task `subagent_type` enum. Files are
+* named `peer-<pid>-<rand>-<agentName>.md` so this sweep can drop
+* orphans from crashed prior proxy sessions without touching the user's
+* own .md files.
+*
+* Same liveness rule as `sweepStaleRuntimeFiles`: only delete when the
+* file's embedded PID is no longer alive. Live PIDs keep their files —
+* a long-running proxy doesn't lose its agent registrations.
+*
+* Regex tightening (Phase 2.6, codex-critic + gemini-critic 2-lab finding):
+* the original sweep regex `^peer-(\d+)(?:-[0-9a-f]+)?-.+\.md$` was too
+* permissive — a user-authored `peer-12345-meeting-notes.md` matches
+* (`12345` = "PID", `-meeting-notes` = trailing `.+`) and would be
+* silently unlinked when 12345 happens to be a dead PID (overwhelmingly
+* likely). Tightened to require BOTH the 8-hex-char random suffix AND
+* an exact-match persona name suffix, eliminating the risk for any
+* realistic user filename.
+*/
+async function sweepStalePeerAgentMdFiles() {
+	const dir = path.join(os.homedir(), ".claude", "agents");
+	let entries;
+	try {
+		entries = await fs.readdir(dir);
+	} catch (err) {
+		if (err.code === "ENOENT") return;
+		throw err;
+	}
+	for (const name$1 of entries) {
+		const match = PEER_AGENT_MD_FILENAME.exec(name$1);
+		if (!match) continue;
+		if (isPidAlive(Number.parseInt(match[1], 10))) continue;
+		await fs.unlink(path.join(dir, name$1)).catch(() => {});
+	}
+}
+/**
+* Strict regex matching only files this proxy writes:
+*   peer-<pid>-<8 hex>-<exact persona/coordinator name>.md
+* The persona-name allowlist is the load-bearing protection against
+* deleting user files. Update this list whenever a new persona is added
+* to `PERSONAS_READ` / `PERSONAS_WRITE` in `peer-mcp-personas.ts` or a
+* new coordinator-style agent is added in `codex-mcp-config.ts`.
+*/
+const PEER_AGENT_MD_FILENAME = /^peer-(\d+)-[0-9a-f]{8}-(?:codex-critic|codex-reviewer|gemini-critic|codex-implementer|peer-review-coordinator)\.md$/;
 
 //#endregion
 //#region src/lib/state.ts
@@ -76,14 +209,14 @@ function copilotVersion(state$1) {
 const API_VERSION = "2026-01-09";
 const copilotBaseUrl = (state$1) => state$1.copilotApiUrl ?? "https://api.githubcopilot.com";
 const copilotHeaders = (state$1, vision = false, integrationId = "vscode-chat") => {
-	const version = copilotVersion(state$1);
+	const version$1 = copilotVersion(state$1);
 	const headers = {
 		Authorization: `Bearer ${state$1.copilotToken}`,
 		"content-type": standardHeaders()["content-type"],
 		"copilot-integration-id": integrationId,
 		"editor-version": `vscode/${state$1.vsCodeVersion}`,
-		"editor-plugin-version": `copilot-chat/${version}`,
-		"user-agent": `GitHubCopilotChat/${version}`,
+		"editor-plugin-version": `copilot-chat/${version$1}`,
+		"user-agent": `GitHubCopilotChat/${version$1}`,
 		"openai-intent": "conversation-panel",
 		"x-interaction-type": "conversation-panel",
 		"x-github-api-version": API_VERSION,
@@ -119,7 +252,7 @@ var HTTPError = class extends Error {
 	}
 };
 async function forwardError(c, error) {
-	consola.error("Error occurred:", error);
+	consola.error(`Error occurred at ${c.req.path}:`, error);
 	if (error instanceof HTTPError) {
 		const errorText = await error.response.text().catch(() => "");
 		let errorJson;
@@ -473,9 +606,9 @@ const cacheVSCodeVersion = async () => {
 	consola.info(`Using VSCode version: ${response}`);
 };
 const cacheCopilotVersion = async () => {
-	const version = await getCopilotChatVersion();
-	state.copilotVersion = version;
-	consola.info(`Using Copilot Chat version: ${version}`);
+	const version$1 = await getCopilotChatVersion();
+	state.copilotVersion = version$1;
+	consola.info(`Using Copilot Chat version: ${version$1}`);
 };
 
 //#endregion
@@ -520,18 +653,62 @@ const setupCopilotToken = async () => {
 	consola.debug("GitHub Copilot Token fetched successfully!");
 	if (state.showToken) consola.info("Copilot token:", token);
 	const refreshInterval = Math.max((refresh_in - 60) * 1e3, 1e3);
-	setInterval(async () => {
-		consola.debug("Refreshing Copilot token");
+	setInterval(() => {
+		refreshCopilotToken("interval");
+	}, refreshInterval);
+};
+let inflightRefresh;
+let lastRefreshSuccess = 0;
+let lastRefreshFailure = 0;
+const REFRESH_SUCCESS_COOLDOWN_MS = 3e4;
+const REFRESH_FAILURE_COOLDOWN_MS = 5e3;
+async function refreshCopilotToken(reason) {
+	if (inflightRefresh) return inflightRefresh;
+	if (reason === "401-retry") {
+		const now = Date.now();
+		if (now - lastRefreshSuccess < REFRESH_SUCCESS_COOLDOWN_MS) {
+			consola.debug(`refreshCopilotToken(${reason}) skipped: prior success within ${REFRESH_SUCCESS_COOLDOWN_MS}ms`);
+			return;
+		}
+		if (now - lastRefreshFailure < REFRESH_FAILURE_COOLDOWN_MS) {
+			consola.debug(`refreshCopilotToken(${reason}) skipped: prior failure within ${REFRESH_FAILURE_COOLDOWN_MS}ms`);
+			return;
+		}
+	}
+	inflightRefresh = (async () => {
+		consola.debug(`Refreshing Copilot token (reason=${reason})`);
 		try {
-			const { token: token$1 } = await getCopilotToken();
-			state.copilotToken = token$1;
+			const { token } = await getCopilotToken();
+			state.copilotToken = token;
+			lastRefreshSuccess = Date.now();
 			consola.debug("Copilot token refreshed");
-			if (state.showToken) consola.info("Refreshed Copilot token:", token$1);
+			if (state.showToken) consola.info("Refreshed Copilot token:", token);
 		} catch (error) {
-			consola.error("Failed to refresh Copilot token:", error);
+			lastRefreshFailure = Date.now();
+			consola.error(`Failed to refresh Copilot token (reason=${reason}):`, error);
+		} finally {
+			inflightRefresh = void 0;
 		}
-	}, refreshInterval);
-};
+	})();
+	return inflightRefresh;
+}
+/**
+* Try `request()`. If it returns a 401, refresh the Copilot token (subject
+* to the single-flight + refresh-storm-protection of `refreshCopilotToken`)
+* and retry once. After one retry, propagate whatever the second attempt
+* returned — the caller's existing 401-handling path is preserved.
+*
+* The `request` callback is responsible for capturing `state.copilotToken`
+* locally before any await; this helper does NOT re-build the request
+* itself, just re-invokes the callback after a refresh.
+*/
+async function tryRefreshAndRetry(request, routePath) {
+	const first = await request();
+	if (first.status !== 401) return first;
+	consola.warn(`${routePath}: upstream returned 401, attempting one token refresh + retry`);
+	await refreshCopilotToken("401-retry");
+	return request();
+}
 async function setupGitHubToken(options) {
 	try {
 		const githubToken = await readGithubToken();
@@ -627,13 +804,13 @@ const checkUsage = defineCommand({
 			const premiumUsed = premiumTotal - premium.remaining;
 			const premiumPercentUsed = premiumTotal > 0 ? premiumUsed / premiumTotal * 100 : 0;
 			const premiumPercentRemaining = premium.percent_remaining;
-			function summarizeQuota(name, snap) {
-				if (!snap) return `${name}: N/A`;
+			function summarizeQuota(name$1, snap) {
+				if (!snap) return `${name$1}: N/A`;
 				const total = snap.entitlement;
 				const used = total - snap.remaining;
 				const percentUsed = total > 0 ? used / total * 100 : 0;
 				const percentRemaining = snap.percent_remaining;
-				return `${name}: ${used}/${total} used (${percentUsed.toFixed(1)}% used, ${percentRemaining.toFixed(1)}% remaining)`;
+				return `${name$1}: ${used}/${total} used (${percentUsed.toFixed(1)}% used, ${percentRemaining.toFixed(1)}% remaining)`;
 			}
 			const premiumLine = `Premium: ${premiumUsed}/${premiumTotal} used (${premiumPercentUsed.toFixed(1)}% used, ${premiumPercentRemaining.toFixed(1)}% remaining)`;
 			const chatLine = summarizeQuota("Chat", usage.quota_snapshots.chat);
@@ -646,100 +823,6 @@ const checkUsage = defineCommand({
 	}
 });
 
-//#endregion
-//#region src/lib/file-log-reporter.ts
-const MAX_LOG_BYTES = 1024 * 1024;
-const DEDUP_MAX = 1e3;
-const ARG_MAX_LEN = 2048;
-const DEDUP_KEY_MAX_LEN = 200;
-const CREDENTIAL_RE = /\b(eyJ[A-Za-z0-9_-]{20,}(?:\.[A-Za-z0-9_-]+){0,2}|gh[opsu]_[A-Za-z0-9_]{20,}|Bearer\s+\S{20,})\b/g;
-const ALLOWED_TYPES = new Set([
-	"fatal",
-	"error",
-	"warn"
-]);
-function sanitize(line) {
-	return line.replace(CREDENTIAL_RE, "[REDACTED]");
-}
-function serializeArg(arg) {
-	if (typeof arg === "string") return arg;
-	if (arg instanceof Error) {
-		const parts = [arg.message];
-		if (arg.stack) parts.push(arg.stack);
-		return parts.join("\n");
-	}
-	return String(arg);
-}
-function formatLogLine(logObj) {
-	return sanitize(`${logObj.date.toISOString()} [${(logObj.type ?? "error").toUpperCase()}] ${logObj.args.map((a) => {
-		const s = serializeArg(a);
-		return s.length > ARG_MAX_LEN ? s.slice(0, ARG_MAX_LEN) + "…" : s;
-	}).join(" ").replace(/\r\n|\r|\n/g, "\\n")}\n`);
-}
-function makeDedupeKey(logObj) {
-	const firstArg = logObj.args.length > 0 ? serializeArg(logObj.args[0]) : "";
-	const key = `${logObj.type}:${firstArg}`;
-	return key.length > DEDUP_KEY_MAX_LEN ? key.slice(0, DEDUP_KEY_MAX_LEN) : key;
-}
-function rotateIfNeeded(filePath) {
-	let size;
-	try {
-		size = fs$1.statSync(filePath).size;
-	} catch {
-		return;
-	}
-	if (size <= MAX_LOG_BYTES) return;
-	try {
-		fs$1.renameSync(filePath, filePath + ".1");
-	} catch {}
-}
-var FileLogReporter = class {
-	filePath;
-	seen = /* @__PURE__ */ new Set();
-	writing = false;
-	constructor(filePath) {
-		this.filePath = filePath;
-		rotateIfNeeded(filePath);
-	}
-	log(logObj, _ctx) {
-		if (!ALLOWED_TYPES.has(logObj.type)) return;
-		if (this.writing) return;
-		const key = makeDedupeKey(logObj);
-		if (this.seen.has(key)) return;
-		if (this.seen.size >= DEDUP_MAX) this.seen.clear();
-		this.seen.add(key);
-		const line = formatLogLine(logObj);
-		this.writing = true;
-		try {
-			const fd = fs$1.openSync(this.filePath, "a", 384);
-			fs$1.writeSync(fd, line);
-			fs$1.closeSync(fd);
-		} catch {} finally {
-			this.writing = false;
-		}
-	}
-};
-const nullStream = new Writable({ write(_chunk, _encoding, cb) {
-	cb();
-} });
-/**
-* Switch consola to file-only mode for TUI sessions.
-* Removes the terminal reporter and installs a file reporter that
-* persists errors and warnings to disk with dedup and credential scrubbing.
-*
-* Also sinks consola's stdout/stderr streams as belt-and-suspenders:
-* even if a terminal reporter is re-added, it cannot write to the terminal.
-* Crash handlers that call process.stderr.write() directly are unaffected.
-* FileLogReporter uses fs.writeSync() directly and is also unaffected.
-*/
-function enableFileLogging() {
-	const reporter = new FileLogReporter(PATHS.ERROR_LOG_PATH);
-	consola.options.throttle = 0;
-	consola.setReporters([reporter]);
-	consola.options.stdout = nullStream;
-	consola.options.stderr = nullStream;
-}
-
 //#endregion
 //#region src/lib/port.ts
 const DEFAULT_PORT = 8787;
@@ -781,6 +864,18 @@ const PORT_RANGE_MAX = 65535;
 function generateRandomPort() {
 	return Math.floor(Math.random() * (PORT_RANGE_MAX - PORT_RANGE_MIN + 1)) + PORT_RANGE_MIN;
 }
+function envInt(key, fallback) {
+	const raw = process.env[key];
+	if (!raw) return fallback;
+	if (!/^[0-9]+$/.test(raw.trim())) {
+		consola.warn(`${key}=${JSON.stringify(raw)} is not a non-negative integer; using fallback ${fallback}`);
+		return fallback;
+	}
+	const parsed = Number.parseInt(raw, 10);
+	return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+const UPSTREAM_FETCH_TIMEOUT_MS = envInt("UPSTREAM_FETCH_TIMEOUT_MS", 0);
+const UPSTREAM_INACTIVITY_TIMEOUT_MS = envInt("UPSTREAM_INACTIVITY_TIMEOUT_MS", 3e5);
 
 //#endregion
 //#region src/lib/launch.ts
@@ -827,34 +922,95 @@ function sanitizeParentEnv(parent) {
 	for (const key of STRIPPED_PARENT_ENV_KEYS) delete sanitized[key];
 	return sanitized;
 }
-function commandExists(name) {
+function commandExists(name$1) {
 	try {
-		execFileSync(process$1.platform === "win32" ? "where.exe" : "which", [name], { stdio: "ignore" });
+		execFileSync(process$1.platform === "win32" ? "where.exe" : "which", [name$1], { stdio: "ignore" });
 		return true;
 	} catch {
 		return false;
 	}
 }
+/**
+* Provider-config flags (`-c model_providers.github_router=...`) that
+* point Codex at our proxy. Extracted from `buildCodexCmd` so the new
+* `codex mcp-server` MCP-config builder can reuse the exact same
+* provider definition — drift between the two paths would silently
+* break the MCP wiring.
+*/
+function buildCodexProviderConfigFlags(serverUrl) {
+	return [
+		"-c",
+		`model_providers.github_router={name="github-router",base_url="${serverUrl}/v1",wire_api="responses",env_key="OPENAI_API_KEY"}`,
+		"-c",
+		"model_provider=github_router"
+	];
+}
+/**
+* Inspect the installed `codex` binary. Used by the codex-MCP wiring
+* in `claude.ts` to gate `--codex-cli`. Codex 0.129.0 introduced the
+* `mcp-server` subcommand; older versions don't expose it, so we
+* downgrade to the HTTP backend with a warning.
+*/
+function getCodexVersion() {
+	if (!commandExists("codex")) return { ok: false };
+	let raw;
+	try {
+		raw = execFileSync("codex", ["--version"], {
+			encoding: "utf8",
+			stdio: [
+				"ignore",
+				"pipe",
+				"ignore"
+			]
+		}).trim();
+	} catch {
+		return { ok: false };
+	}
+	const m = /(\d+)\.(\d+)\.(\d+)/.exec(raw);
+	if (!m) return {
+		ok: false,
+		version: raw
+	};
+	const major = Number.parseInt(m[1], 10);
+	const minor = Number.parseInt(m[2], 10);
+	const version$1 = `${m[1]}.${m[2]}.${m[3]}`;
+	return {
+		ok: major > 0 || major === 0 && minor >= 129,
+		version: version$1
+	};
+}
+/**
+* Codex 0.129.0 broke two things the launcher had been relying on:
+*   (1) `--full-auto` was removed in favor of `--sandbox` + `--ask-for-approval`;
+*       passing it now exits the child immediately with
+*       `error: unexpected argument '--full-auto' found`.
+*   (2) `OPENAI_BASE_URL` is silently ignored — Codex hardcodes
+*       `https://api.openai.com/v1/responses` and 401s out without an
+*       explicit `-c model_providers.<name>.base_url` override.
+*
+* `buildCodexCmd` builds the launch argv that works on Codex 0.129+ while
+* still being compatible with older versions that accept the same flags.
+*/
+function buildCodexCmd(target) {
+	const cmd = ["codex"];
+	if (target.serverUrl) cmd.push(...buildCodexProviderConfigFlags(target.serverUrl));
+	cmd.push("--sandbox", "workspace-write", "--ask-for-approval", "on-request", "-m", target.model ?? DEFAULT_CODEX_MODEL, ...target.extraArgs);
+	return cmd;
+}
 function buildLaunchCommand(target) {
 	return {
 		cmd: target.kind === "claude-code" ? [
 			"claude",
 			"--dangerously-skip-permissions",
 			...target.extraArgs
-		] : [
-			"codex",
-			"--full-auto",
-			"-m",
-			target.model ?? DEFAULT_CODEX_MODEL,
-			...target.extraArgs
-		],
+		] : buildCodexCmd(target),
 		env: {
 			...sanitizeParentEnv(process$1.env),
 			...target.envVars
 		}
 	};
 }
-function launchChild(target, server$1) {
+function launchChild(target, server$1, options = {}) {
 	const { cmd, env } = buildLaunchCommand(target);
 	const executable = cmd[0];
 	if (!commandExists(executable)) {
@@ -879,6 +1035,7 @@ function launchChild(target, server$1) {
 		consola.error(msg);
 		process$1.stderr.write(msg + "\n");
 		server$1.close(true).catch(() => {});
+		if (options.onShutdown) Promise.resolve(options.onShutdown()).catch(() => {});
 		process$1.exit(1);
 	}
 	let cleaned = false;
@@ -893,6 +1050,9 @@ function launchChild(target, server$1) {
 		try {
 			await server$1.close(true);
 		} catch {}
+		if (options.onShutdown) try {
+			await options.onShutdown();
+		} catch {}
 		clearTimeout(timeout);
 	}
 	function exit(code) {
@@ -914,6 +1074,606 @@ function launchChild(target, server$1) {
 	});
 }
 
+//#endregion
+//#region src/lib/peer-mcp-personas.ts
+const CRITIC_RUBRIC = `
+Apply this grading rubric:
+  - Score 1–5 on three axes:
+      A. assumption-soundness   (are stated assumptions accurate? are unstated ones load-bearing?)
+      B. failure-mode coverage  (which realistic failure modes are unaddressed?)
+      C. alternative-considered (was a meaningfully different approach weighed and rejected with reason?)
+  - If every axis scores ≥ 4, reply with the literal string "no material objection" and stop. Do not invent issues to satisfy this rubric.
+  - Otherwise, the lowest-scoring axis IS your critique. Lead with that single critique; secondary observations may follow as "additional notes".
+
+Reply format (markdown):
+  ## Verdict
+  <"no material objection" OR a one-sentence summary of the load-bearing critique>
+  ## Scores
+  - assumption-soundness: <n>/5
+  - failure-mode coverage: <n>/5
+  - alternative-considered: <n>/5
+  ## Critique
+  <only when at least one axis < 4 — concrete, specific, actionable>
+  ## Additional notes (optional)
+  <secondary observations; omit if none>
+
+Self-reminder (read before every reply):
+  Am I still acting as the adversarial critic per the rubric above?
+  If I just produced agreement, restart and apply the grading rubric instead.
+  Sycophancy is the failure mode I exist to fight; manufactured contrarianism is a different failure of the same shape — do neither.
+`.trim();
+const COLD_START_CONTRACT = `
+Cold-start contract for the lead orchestrator (Opus):
+  When delegating to me, paste a self-contained brief. I have no access to your scrollback, CLAUDE.md, or the project tree. Always include:
+    (a) the artifact under review verbatim (code/diff/plan text),
+    (b) the constraints or "done" criteria,
+    (c) any prior decisions I should not relitigate.
+  If your brief lacks (a), I will reply with a one-line request for the artifact instead of speculating.
+`.trim();
+const CRITIC_BASE = `You are codex-critic, an adversarial reviewer running on gpt-5.5. Your single job is to overcome the lead orchestrator's blind spots — assumptions it didn't notice it was making, failure modes it didn't enumerate, alternatives it didn't consider.
+
+You are NOT a helpful assistant. You are NOT a coach. Sycophancy is the failure mode you exist to fight. Manufactured contrarianism is a different failure of the same shape — silence on good work is a valid and welcome answer.
+
+${COLD_START_CONTRACT}
+
+${CRITIC_RUBRIC}`;
+const GEMINI_CRITIC_BASE = `You are gemini-critic, an adversarial reviewer running on Gemini 3.1 Pro. You exist to provide a second-lab perspective: your training data, RLHF priors, and attention patterns are systematically different from the lead orchestrator's (Opus, Anthropic) and from codex-critic (gpt-5.5, OpenAI). Use that to surface blind spots both miss.
+
+Your strengths the lead may want to draw on:
+  - long-context reasoning over large artifacts (the brief may include >50k tokens of context)
+  - math, proofs, and formally-stated invariants
+  - cross-checking conclusions where codex-critic has already weighed in (the lead may forward you both the artifact and codex-critic's verdict)
+
+You are NOT a helpful assistant. Sycophancy is the failure mode you exist to fight; do not invent issues to look thorough.
+
+${COLD_START_CONTRACT}
+
+${CRITIC_RUBRIC}`;
+const REVIEWER_BASE = `You are codex-reviewer, a line-level code reviewer running on gpt-5.3-codex. You are the code-specialist persona — your job is to read concrete code (diffs, single files, function bodies) and surface bugs, edge cases, security issues, and idiom violations.
+
+You are not a critic-of-architecture. If the brief is a plan or a high-level design, redirect: "this looks like architecture review; consider codex-critic or gemini-critic." Your tool is the magnifying glass, not the wide-angle lens.
+
+${COLD_START_CONTRACT}
+
+Reply format (markdown):
+  ## Summary
+  <one sentence: clean / N findings / blocking issue>
+  ## Findings
+  For each:
+    ### <severity: info | low | medium | high | critical> — <one-line title>
+    - location: <file:line[-line]>
+    - issue: <what's wrong, why it matters in this codebase>
+    - suggested fix: <minimal change OR "needs design discussion">
+  Number the findings if there are more than one. List them in severity-descending order (critical first).
+  If there are zero findings of any severity, reply only with "## Summary\\nClean review — no findings." and stop.
+
+Self-reminder (read before every reply):
+  Am I citing real code at real line numbers in the brief? If a finding doesn't have a concrete file:line citation, drop it.
+  Did I rank the finding's severity by impact-in-this-codebase, not by general-principle?
+  If everything looks fine, say so cleanly — do not pad with stylistic nitpicks.`;
+const IMPLEMENTER_BASE = `You are codex-implementer, a focused implementation specialist running on gpt-5.3-codex with workspace-write access. You execute scoped, well-specified coding tasks end-to-end: read the relevant files, make the change, verify it, report back.
+
+You are not a planner. If the brief is vague or missing acceptance criteria, ask the lead for the missing piece BEFORE editing anything. A wasted edit is worse than a clarifying question.
+
+${COLD_START_CONTRACT}
+
+What "done" looks like for an implementation task:
+  - Exactly the files specified by the brief have been changed (or you reported back why a different scope was needed).
+  - The change is minimal — surrounding cleanup is out of scope unless requested.
+  - You ran the relevant test(s) / typecheck / linter for the touched files and report the results.
+  - The summary you return enumerates each file changed with a one-line description.
+
+Reply format (markdown):
+  ## Status
+  <complete | needs-clarification | blocked>
+  ## Files changed
+  - path/one.ts: <one-line description>
+  - path/two.ts: <one-line description>
+  ## Verification
+  <commands run + outcomes>
+  ## Notes
+  <anything the lead must know to integrate, e.g. follow-ups intentionally not done>
+
+Resilience reminder:
+  If your session terminates abnormally before "Status: complete", the lead will retry once. On recovery, ask the lead to confirm what's already been done before re-applying changes — duplicate edits are worse than a slow restart.`;
+const PERSONAS_READ = Object.freeze([
+	{
+		agentName: "codex-critic",
+		toolNameHttp: "codex_critic",
+		model: "gpt-5.5",
+		endpoint: "/v1/responses",
+		description: "Adversarial second opinion on plans, designs, code, or systems-engineering tradeoffs. Backed by gpt-5.5 (OpenAI) — different model, different training data, different blind spots than Opus. Uses a calibrated 1–5 grading rubric and is allowed to reply 'no material objection' on solid artifacts. **CALL BEFORE: ExitPlanMode for any plan involving >2 files or new architecture; finalizing a major design choice; TeamCreate when the team's task is non-trivial.** **CALL AFTER: any commit touching concurrency, security, or streaming code paths.** If the artifact is large (>20 KB), prefer to break it into 2-4 focused batches and call this tool once per batch IN PARALLEL — each call must complete under the Claude Code MCP per-tool-call ceiling (~150s on v2.1.138 per regression #50289), so monolithic large-artifact calls will time out client-side. Aggregate findings yourself. Always pass: (a) the artifact verbatim, (b) the constraints/'done' criteria, (c) any prior decisions. Optionally pass `effort: 'xhigh'` for explicit deep dives or `effort: 'medium'` for quick sanity checks (default 'high'). The subagent has no access to your scrollback or CLAUDE.md.",
+		baseInstructions: CRITIC_BASE,
+		agentPrompt: "",
+		writeCapable: false,
+		requiresHttp: false
+	},
+	{
+		agentName: "gemini-critic",
+		toolNameHttp: "gemini_critic",
+		model: "gemini-3.1-pro-preview",
+		endpoint: "/v1/chat/completions",
+		description: "Adversarial second opinion from a different lab. Backed by gemini-3.1-pro-preview (Google) — different training data and RLHF priors than Opus AND codex-critic, the strongest blind-spot-buster when the lead wants triangulation across three labs. Use for long-context artifacts (>50k tokens), math/proof-shaped reasoning, or as a tie-breaker after codex-critic has weighed in. **CALL BEFORE: ExitPlanMode for plans where Opus + codex-critic agree (use as triangulation); finalizing irreversible architectural choices.** **CALL AFTER: commits where you want a third-lab cross-check.** If the artifact is large (>100 KB), prefer to break into batches and call in parallel — gemini handles long context well but each per-call MCP wait is still bounded (~150s on v2.1.138). Always pass: (a) the artifact verbatim, (b) the constraints/'done' criteria, (c) any prior decisions. The `effort` parameter is forwarded but may be silently ignored by Copilot's gemini route — gemini-3.x reasoning is largely auto-applied. The subagent has no access to your scrollback or CLAUDE.md.",
+		baseInstructions: GEMINI_CRITIC_BASE,
+		agentPrompt: "",
+		writeCapable: false,
+		requiresHttp: true
+	},
+	{
+		agentName: "codex-reviewer",
+		toolNameHttp: "codex_reviewer",
+		model: "gpt-5.3-codex",
+		endpoint: "/v1/responses",
+		description: "Line-level code review of a specific diff or file. Backed by gpt-5.3-codex (OpenAI) — the code-specialist sibling of gpt-5.5, trained heavily on code-review datasets so it catches different bugs than Opus. Prefer over codex-critic when the artifact is a concrete diff or single file (codex-critic is for plans/designs). **CALL AFTER: any non-trivial commit (>50 lines OR touching critical paths: streaming, auth, concurrency, persistence, security).** **CALL BEFORE: opening a PR or pushing changes a peer would review.** For diffs >20 KB, split by file-group and call once per group in parallel — each per-call wait is bounded (~150s on v2.1.138). Always pass: (a) the diff or file verbatim, (b) the change's intent, (c) test status. Optionally pass `effort: 'xhigh'` when reviewing security-critical code, `effort: 'medium'` for routine reviews (default 'high'). The subagent has no access to your scrollback or CLAUDE.md.",
+		baseInstructions: REVIEWER_BASE,
+		agentPrompt: "",
+		writeCapable: false,
+		requiresHttp: false
+	}
+]);
+const PERSONAS_WRITE = Object.freeze([{
+	agentName: "codex-implementer",
+	toolNameHttp: "codex_implementer",
+	model: "gpt-5.3-codex",
+	endpoint: "/v1/responses",
+	description: "Targeted implementation of a self-contained coding task — actual file edits via Codex's tool-use sandbox. Backed by gpt-5.3-codex with workspace-write access (only registered when --codex-cli is set). Use only when the task has a clear spec and acceptance criteria; for tasks needing iterative tool-use across many files, prefer a Claude teammate (Agent Team). Always pass: (a) the spec, (b) the files in scope, (c) the acceptance criteria. The subagent has no access to your scrollback or CLAUDE.md.",
+	baseInstructions: IMPLEMENTER_BASE,
+	agentPrompt: "",
+	writeCapable: true,
+	requiresHttp: false
+}]);
+/**
+* Build the agent-prompt body Claude Code uses as the subagent's full
+* system prompt. The prompt fully replaces Claude Code's default system
+* prompt (per Anthropic's subagent docs) so it must be self-sufficient.
+*
+* Two modes branch on `codexCli`:
+*   - HTTP backend: subagent calls the per-persona tool
+*     `mcp__gh-router-peers__<toolNameHttp>` with `{prompt, context}`;
+*     model + instructions are server-baked.
+*   - codex-cli backend: subagent calls the single
+*     `mcp__codex-cli__codex` tool with `{prompt, model: <persona.model>,
+*     base-instructions: <persona.baseInstructions>}`. Gemini stays on
+*     HTTP regardless because Codex CLI can't run Gemini.
+*/
+function buildAgentPrompt(persona, opts) {
+	const useStdio = opts.codexCli && !persona.requiresHttp;
+	const toolPath = useStdio ? "mcp__codex-cli__codex" : `mcp__gh-router-peers__${persona.toolNameHttp}`;
+	const invocationBlock = useStdio ? [
+		`Always invoke the \`${toolPath}\` tool with these arguments:`,
+		"  - `prompt`: the lead's brief, copied verbatim",
+		`  - \`model\`: "${persona.model}"`,
+		"  - `base-instructions`: the persona text below (paste verbatim, do not paraphrase)",
+		...persona.writeCapable ? ["  - `sandbox`: \"workspace-write\"", "  - `approval-policy`: \"on-request\""] : ["  - `sandbox`: \"read-only\""]
+	].join("\n") : [
+		`Always invoke the \`${toolPath}\` tool with these arguments:`,
+		"  - `prompt`: the lead's brief, copied verbatim",
+		"  - `context` (optional): any additional file/diff content the persona needs",
+		"Do NOT pass model or instructions — they are server-baked into this tool."
+	].join("\n");
+	return [
+		`# Subagent: ${persona.agentName}`,
+		"",
+		persona.baseInstructions,
+		"",
+		"---",
+		"",
+		"## Routing instructions for this subagent",
+		"",
+		invocationBlock,
+		"",
+		"When the tool returns, surface its output to the lead verbatim. Do not summarize, paraphrase, or add your own commentary on top — the lead integrates the persona's reply directly."
+	].join("\n");
+}
+/** Convenience: every persona that should be registered for the given mode. */
+function personasFor(opts) {
+	const result = [];
+	for (const p of PERSONAS_READ) {
+		if (p.requiresHttp && !opts.geminiAvailable) continue;
+		result.push(p);
+	}
+	if (opts.codexCli) for (const p of PERSONAS_WRITE) result.push(p);
+	return result;
+}
+
+//#endregion
+//#region src/lib/codex-mcp-config.ts
+/**
+* Decide which MCP backend serves the codex personas.
+*
+*   - User passed `--codex-cli` AND codex 0.129+ is on PATH → "cli".
+*     The peer config registers `codex-cli` as a stdio MCP server
+*     spawning `codex mcp-server`; codex personas route there;
+*     gemini-critic stays on the HTTP backend (Codex CLI can't run
+*     Gemini).
+*   - User passed `--codex-cli` but codex is missing or < 0.129 →
+*     fallback to "http" with a warning. Never break
+*     `github-router claude` over a missing optional dep.
+*   - User did not pass `--codex-cli` → "http", read-only personas only.
+*/
+function resolveCodexCliBackend(opts) {
+	if (!opts.requested) return "http";
+	if (!opts.codexInfo || !opts.codexInfo.ok) {
+		const detail = opts.codexInfo?.version ? `installed version "${opts.codexInfo.version}" is too old (need 0.129+)` : "codex CLI not found on PATH";
+		consola.warn(`--codex-cli requested but ${detail}; falling back to HTTP-only Codex MCP backend (codex-implementer will not be registered).`);
+		return "http";
+	}
+	return "cli";
+}
+/**
+* Build the JSON payload for `claude --mcp-config <path>`.
+*
+* Always registers `gh-router-peers` (HTTP) — that's the home of all
+* read-only personas, and it's the only path Gemini can take. When
+* `codexCli` is true, also registers `codex-cli` (stdio) which spawns
+* `codex mcp-server` with the proxy's provider-config flags so codex
+* runs through our Copilot-routed billing path rather than its
+* default api.openai.com.
+*/
+function buildPeerMcpConfig(serverUrl, opts) {
+	const mcpServers = { "gh-router-peers": {
+		type: "http",
+		url: `${serverUrl}/mcp`,
+		headers: { Authorization: `Bearer ${opts.nonce}` }
+	} };
+	if (opts.codexCli) mcpServers["codex-cli"] = {
+		command: "codex",
+		args: ["mcp-server", ...buildCodexProviderConfigFlags(serverUrl)],
+		env: {
+			OPENAI_BASE_URL: `${serverUrl}/v1`,
+			OPENAI_API_KEY: "dummy",
+			CODEX_HOME: opts.codexHome
+		}
+	};
+	return { mcpServers };
+}
+/**
+* The `peer-review-coordinator` Claude Code subagent — the strongest
+* auto-invocation lever per Phase 2A of the peer-MCP plan. It is NOT a
+* peer-MCP tool; it is a regular Claude Code subagent that runs inside
+* the spawned-claude context, has tool access to the peer MCP tools
+* (codex_critic, codex_reviewer, gemini_critic), and fans out + aggregates.
+*
+* The "use proactively" phrase in the description is the documented Claude
+* Code idiom for subagents the parent (Opus) should delegate to without
+* explicit user request — at the natural checkpoints listed below.
+*
+* Empirically the polling-loop reliability for "use proactively" is ~60%
+* (claude-code-guide expert estimate); the plan calls for an acceptance
+* test (≥7/10 sessions delegate at the right checkpoints) before declaring
+* "auto-invoked". If <7/10 we flip the optional PreToolUse hook on
+* ExitPlanMode to default-on (env-disable-able).
+*/
+function buildCoordinatorAgent(opts) {
+	const peers = ["codex-critic"];
+	if (opts.geminiAvailable) peers.push("gemini-critic");
+	peers.push("codex-reviewer");
+	return {
+		description: "Coordinates cross-lab adversarial review. **Use proactively before ExitPlanMode for non-trivial plans and after non-trivial commits** (>50 lines OR touching streaming/auth/concurrency/persistence/security). Routes to codex-critic / codex-reviewer / gemini-critic in parallel based on artifact type and aggregates findings. Cheaper than calling each peer manually for the common case where you want a multi-lab triangulation. The subagent has no access to your scrollback or CLAUDE.md — pass the artifact verbatim.",
+		prompt: [
+			"# Subagent: peer-review-coordinator",
+			"",
+			"You orchestrate cross-lab adversarial review for the lead orchestrator (Opus). You have access to these peer-MCP subagents:",
+			"",
+			peers.map((p) => `- \`${p}\``).join("\n"),
+			"",
+			"## When the lead invokes you",
+			"",
+			"The lead's brief will include an artifact (plan, design, diff, or code) and a goal (e.g. 'review before exit-plan', 'review the commit I just made', 'cross-check codex-critic's verdict'). Pick the right peers for the artifact type:",
+			"",
+			"- **Plan / design / architecture choice** → fan out to `codex-critic`" + (opts.geminiAvailable ? " AND `gemini-critic` in parallel" : "") + ". codex-reviewer is the wrong tool for plans (it's a code-specialist, not an architecture critic).",
+			"- **Concrete diff or single file** → fan out to `codex-reviewer`" + (opts.geminiAvailable ? " AND `gemini-critic` (gemini for cross-lab triangulation)" : "") + ". For very small changes (<20 lines), one `codex-reviewer` call is enough.",
+			"- **Tie-breaker after codex-critic has weighed in** → call `gemini-critic`" + (opts.geminiAvailable ? "" : " (NOT REGISTERED in this session — gemini-3.x not in catalog; tie-break unavailable)") + " with the artifact AND codex-critic's verdict for cross-lab cross-check.",
+			"- **Long-context artifact (>100 KB)** → prefer `gemini-critic`" + (opts.geminiAvailable ? "" : " (NOT REGISTERED in this session)") + ". Otherwise, decompose into 2-4 batches and fan out across `codex-critic` calls in parallel.",
+			"",
+			"## Decomposition for large artifacts",
+			"",
+			"Each per-call MCP wait is bounded (~150s on Claude Code v2.1.138 per regression #50289). For artifacts >20 KB, split into 2-4 logical batches BY CONCERN (not by raw size — semantic batches give better per-batch reviews) and call peers in parallel. The proxy's MCP cap allows up to 8 in-flight calls. Aggregate findings yourself before reporting back.",
+			"",
+			"## Aggregation contract",
+			"",
+			"When fan-out completes, return a SEVERITY-GROUPED, DEDUPLICATED finding list. Format:",
+			"",
+			"  ## Findings",
+			"  ### HIGH",
+			"  1. <one-line title> — `<file:line>` — sources: codex-critic, gemini-critic (3-lab confirmed if applicable)",
+			"     - bug: <one sentence>",
+			"     - mitigation: <one sentence>",
+			"  ### MEDIUM",
+			"  ...",
+			"  ### LOW",
+			"  ...",
+			"",
+			"Cite which peer raised each finding. If two or more peers raised the SAME finding (cross-lab confirmation), call it out — those are the highest-confidence bugs.",
+			"",
+			"## What NOT to do",
+			"",
+			"- Do not paraphrase or summarize per-peer verdicts BEFORE aggregating; aggregate from the raw verdicts.",
+			"- Do not invent severity labels not present in the source verdicts.",
+			"- Do not call peers serially (waste of wall-clock); always fan out in parallel.",
+			"- Do not consult yourself — you are the coordinator, not a critic.",
+			"",
+			"Self-reminder (read before every reply):",
+			"  Did I fan out in parallel to the right peers for this artifact type?",
+			"  Did I aggregate findings by severity, citing which peer raised each?",
+			"  If two peers agreed, did I flag the cross-lab confirmation?"
+		].join("\n")
+	};
+}
+/**
+* Build the JSON payload for `claude --agents <path>`.
+*
+* Always includes the read-only personas applicable to the mode (gemini
+* is dropped if absent from the catalog); adds `codex-implementer` only
+* when `codexCli` is true. Always appends the `peer-review-coordinator`
+* meta-subagent — the strongest "use proactively" auto-invocation lever
+* per Phase 2A of the peer-MCP plan.
+*/
+function buildPeerAgentDefinitions(opts) {
+	const out = {};
+	const personas = personasFor({
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable
+	});
+	for (const persona of personas) out[persona.agentName] = {
+		description: persona.description,
+		prompt: buildAgentPrompt(persona, { codexCli: opts.codexCli })
+	};
+	out["peer-review-coordinator"] = buildCoordinatorAgent({
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable
+	});
+	return out;
+}
+/**
+* Default location Claude Code reads subagent .md files from at session
+* startup. Files placed here populate the Task `subagent_type` enum.
+*
+* We pin to the user's `~/.claude/agents/` because `getClaudeCodeEnvVars`
+* sets `CLAUDE_CONFIG_DIR=$HOME/.claude` (the Spawned-CLI auth isolation
+* trick) — the spawned child reads from this exact path.
+*/
+function defaultAgentsDir() {
+	return path.join(os.homedir(), ".claude", "agents");
+}
+/**
+* YAML frontmatter string-escape — sufficient for our use case where
+* descriptions can contain colons, quotes, newlines. Wraps the value
+* in double-quotes and escapes:
+*   - `\` and `"` (canonical YAML)
+*   - `\n`, `\r`, `\t` (whitespace controls — `\r` matters on Windows-edited
+*     literals; strict YAML 1.2 parsers reject raw `\r` in double-quoted
+*     scalars)
+*   - other C0 control chars (\x00-\x08, \x0B, \x0C, \x0E-\x1F) and
+*     DEL (\x7F) — encoded as `\xNN` so the YAML stays valid even if
+*     a future description sources data from an external file
+*
+* NOT a general-purpose YAML serializer; we control the inputs.
+*/
+function escapeYamlString(s) {
+	return `"${s.replace(/\\/g, "\\\\").replace(/"/g, "\\\"").replace(/\n/g, "\\n").replace(/\r/g, "\\r").replace(/\t/g, "\\t").replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, (c) => `\\x${c.charCodeAt(0).toString(16).padStart(2, "0")}`)}"`;
+}
+/**
+* Strict allowlist for subagent names — controls both the YAML
+* frontmatter `name:` field AND the filename suffix. Defense-in-depth:
+* even if a future contributor wires in a dynamic agent name from
+* outside, the validator at the top of `writePeerAgentMdFiles` rejects
+* anything that wouldn't be a safe bare YAML scalar AND a safe path
+* component.
+*/
+const VALID_AGENT_NAME = /^[a-z][a-z0-9-]*$/;
+/** Build a single subagent .md file body (frontmatter + system prompt). */
+function buildAgentMd(spec) {
+	return [
+		"---",
+		`name: ${spec.name}`,
+		`description: ${escapeYamlString(spec.description)}`,
+		"---",
+		"",
+		spec.prompt,
+		""
+	].join("\n");
+}
+/**
+* Write per-launch subagent .md files into the user's `~/.claude/agents/`
+* directory so they appear in Claude Code's Task `subagent_type` enum
+* (which `--agents` JSON files do NOT, per claude-code-guide expert).
+*
+* Filenames follow `peer-<pid>-<rand>-<agentName>.md` so the boot-time
+* sweep (`sweepStalePeerAgentMdFiles` in paths.ts) can drop orphans
+* from crashed prior proxy sessions without touching the user's other
+* `.claude/agents/` files. The `name:` field in the frontmatter is the
+* canonical agent identifier — matching across files would cause Claude
+* Code to (un)deterministically pick one, so concurrent proxies running
+* the same agents need different filenames but resolve to the same
+* agent name (intended — they're the same subagent, just registered
+* twice).
+*
+* Returns the file paths plus a cleanup() that unlinks them.
+*/
+async function writePeerAgentMdFiles(agents, opts) {
+	for (const name$1 of Object.keys(agents)) if (!VALID_AGENT_NAME.test(name$1)) throw new Error(`writePeerAgentMdFiles: invalid agent name ${JSON.stringify(name$1)} — must match ${VALID_AGENT_NAME.source}`);
+	const dir = opts.agentsDir ?? defaultAgentsDir();
+	await fs.mkdir(dir, { recursive: true });
+	const paths = [];
+	try {
+		for (const [name$1, def] of Object.entries(agents)) {
+			const filePath = path.join(dir, `peer-${opts.fileSuffix}-${name$1}.md`);
+			await fs.unlink(filePath).catch(() => {});
+			await writeRuntimeFileSecure(filePath, buildAgentMd({
+				name: name$1,
+				description: def.description,
+				prompt: def.prompt
+			}));
+			paths.push(filePath);
+		}
+	} catch (err) {
+		await Promise.allSettled(paths.map((p) => fs.unlink(p)));
+		throw err;
+	}
+	const cleanup = async () => {
+		await Promise.allSettled(paths.map((p) => fs.unlink(p)));
+	};
+	return {
+		paths,
+		cleanup
+	};
+}
+/**
+* Generate a per-launch nonce, write the MCP config + agents JSON
+* tempfiles under `CLAUDE_RUNTIME_DIR` with mode 0o600 and `O_EXCL`,
+* and return a `cleanup()` to unlink them on shutdown.
+*
+* Filenames are `peer-mcp-<pid>-<rand>.json` and `peer-agents-<pid>-<rand>.json`.
+* The PID prefix is what the boot-time sweep (`sweepStaleRuntimeFiles` in
+* paths.ts) keys off to drop orphans from crashed prior sessions; the
+* random suffix prevents two concurrent calls within the same process
+* from clobbering each other's files (e.g., a proxy that internally
+* relaunches its spawned child without restarting itself).
+*/
+async function writePeerMcpRuntimeFiles(serverUrl, opts) {
+	const nonce = opts.nonce ?? randomBytes(32).toString("hex");
+	const runtimeDir = opts.runtimeDir ?? PATHS.CLAUDE_RUNTIME_DIR;
+	const codexHome = opts.codexHome ?? PATHS.CODEX_HOME;
+	await fs.mkdir(runtimeDir, { recursive: true });
+	if (process.platform !== "win32") await fs.chmod(runtimeDir, 448).catch(() => {});
+	const fileSuffix = `${process.pid}-${randomBytes(4).toString("hex")}`;
+	const mcpConfigPath = path.join(runtimeDir, `peer-mcp-${fileSuffix}.json`);
+	const agentsPath = path.join(runtimeDir, `peer-agents-${fileSuffix}.json`);
+	const mcpConfig = buildPeerMcpConfig(serverUrl, {
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable,
+		nonce,
+		codexHome
+	});
+	const agents = buildPeerAgentDefinitions({
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable,
+		nonce,
+		codexHome
+	});
+	await fs.unlink(mcpConfigPath).catch(() => {});
+	await fs.unlink(agentsPath).catch(() => {});
+	await writeRuntimeFileSecure(mcpConfigPath, JSON.stringify(mcpConfig, null, 2));
+	await writeRuntimeFileSecure(agentsPath, JSON.stringify(agents, null, 2));
+	const mdResult = await writePeerAgentMdFiles(agents, {
+		agentsDir: opts.agentsDir,
+		fileSuffix
+	});
+	const personas = personasFor({
+		codexCli: opts.codexCli,
+		geminiAvailable: opts.geminiAvailable
+	});
+	const cleanup = async () => {
+		await Promise.allSettled([
+			fs.unlink(mcpConfigPath),
+			fs.unlink(agentsPath),
+			mdResult.cleanup()
+		]);
+	};
+	return {
+		mcpConfigPath,
+		agentsPath,
+		agentMdPaths: mdResult.paths,
+		nonce,
+		personas,
+		cleanup
+	};
+}
+
+//#endregion
+//#region src/lib/file-log-reporter.ts
+const MAX_LOG_BYTES = 1024 * 1024;
+const DEDUP_MAX = 1e3;
+const ARG_MAX_LEN = 2048;
+const DEDUP_KEY_MAX_LEN = 200;
+const CREDENTIAL_RE = /\b(eyJ[A-Za-z0-9_-]{20,}(?:\.[A-Za-z0-9_-]+){0,2}|gh[opsu]_[A-Za-z0-9_]{20,}|Bearer\s+\S{20,})\b/g;
+const ALLOWED_TYPES = new Set([
+	"fatal",
+	"error",
+	"warn"
+]);
+function sanitize(line) {
+	return line.replace(CREDENTIAL_RE, "[REDACTED]");
+}
+function serializeArg(arg) {
+	if (typeof arg === "string") return arg;
+	if (arg instanceof Error) {
+		const parts = [arg.message];
+		if (arg.stack) parts.push(arg.stack);
+		return parts.join("\n");
+	}
+	return String(arg);
+}
+function formatLogLine(logObj) {
+	return sanitize(`${logObj.date.toISOString()} [${(logObj.type ?? "error").toUpperCase()}] ${logObj.args.map((a) => {
+		const s = serializeArg(a);
+		return s.length > ARG_MAX_LEN ? s.slice(0, ARG_MAX_LEN) + "…" : s;
+	}).join(" ").replace(/\r\n|\r|\n/g, "\\n")}\n`);
+}
+function makeDedupeKey(logObj) {
+	const firstArg = logObj.args.length > 0 ? serializeArg(logObj.args[0]) : "";
+	const key = `${logObj.type}:${firstArg}`;
+	return key.length > DEDUP_KEY_MAX_LEN ? key.slice(0, DEDUP_KEY_MAX_LEN) : key;
+}
+function rotateIfNeeded(filePath) {
+	let size;
+	try {
+		size = fs$1.statSync(filePath).size;
+	} catch {
+		return;
+	}
+	if (size <= MAX_LOG_BYTES) return;
+	try {
+		fs$1.renameSync(filePath, filePath + ".1");
+	} catch {}
+}
+var FileLogReporter = class {
+	filePath;
+	seen = /* @__PURE__ */ new Set();
+	constructor(filePath) {
+		this.filePath = filePath;
+		rotateIfNeeded(filePath);
+	}
+	log(logObj, _ctx) {
+		if (!ALLOWED_TYPES.has(logObj.type)) return;
+		const key = makeDedupeKey(logObj);
+		if (this.seen.has(key)) return;
+		if (this.seen.size >= DEDUP_MAX) this.seen.clear();
+		this.seen.add(key);
+		const line = formatLogLine(logObj);
+		let fd;
+		try {
+			fd = fs$1.openSync(this.filePath, "a", 384);
+			fs$1.writeSync(fd, line);
+		} catch {} finally {
+			if (fd !== void 0) try {
+				fs$1.closeSync(fd);
+			} catch {}
+		}
+	}
+};
+const nullStream = new Writable({ write(_chunk, _encoding, cb) {
+	cb();
+} });
+/**
+* Switch consola to file-only mode for TUI sessions.
+* Removes the terminal reporter and installs a file reporter that
+* persists errors and warnings to disk with dedup and credential scrubbing.
+*
+* Also sinks consola's stdout/stderr streams as belt-and-suspenders:
+* even if a terminal reporter is re-added, it cannot write to the terminal.
+* Crash handlers that call process.stderr.write() directly are unaffected.
+* FileLogReporter uses fs.writeSync() directly and is also unaffected.
+*/
+function enableFileLogging() {
+	const reporter = new FileLogReporter(PATHS.ERROR_LOG_PATH);
+	consola.options.throttle = 0;
+	consola.setReporters([reporter]);
+	consola.options.stdout = nullStream;
+	consola.options.stderr = nullStream;
+}
+
 //#endregion
 //#region src/lib/model-validation.ts
 const ENDPOINT_ALIASES = {
@@ -1008,6 +1768,11 @@ function initProxyFromEnv() {
 	}
 }
 
+//#endregion
+//#region package.json
+var name = "github-router";
+var version = "0.3.18";
+
 //#endregion
 //#region src/lib/approval.ts
 const awaitApproval = async () => {
@@ -1016,8 +1781,27 @@ const awaitApproval = async () => {
 
 //#endregion
 //#region src/lib/rate-limit.ts
+const RATE_LIMIT_QUEUE_TIMEOUT_MS = 5e3;
+let rateLimitChain = Promise.resolve();
 async function checkRateLimit(state$1) {
 	if (state$1.rateLimitSeconds === void 0) return;
+	const ticket = { aborted: false };
+	const myTurn = rateLimitChain.then(() => doCheck(state$1, ticket));
+	rateLimitChain = myTurn.catch(() => {});
+	return Promise.race([myTurn, sleep(RATE_LIMIT_QUEUE_TIMEOUT_MS).then(() => {
+		ticket.aborted = true;
+		throw new HTTPError("Rate limit queue wait exceeded", Response.json({
+			type: "error",
+			error: {
+				type: "rate_limit_error",
+				message: `Rate limit queue exceeded ${RATE_LIMIT_QUEUE_TIMEOUT_MS}ms; try again`
+			}
+		}, { status: 429 }));
+	})]);
+}
+async function doCheck(state$1, ticket) {
+	if (state$1.rateLimitSeconds === void 0) return;
+	if (ticket.aborted) return;
 	const now = Date.now();
 	if (!state$1.lastRequestTimestamp) {
 		state$1.lastRequestTimestamp = now;
@@ -1036,6 +1820,7 @@ async function checkRateLimit(state$1) {
 	const waitTimeMs = waitTimeSeconds * 1e3;
 	consola.warn(`Rate limit reached. Waiting ${waitTimeSeconds} seconds before proceeding...`);
 	await sleep(waitTimeMs);
+	if (ticket.aborted) return;
 	state$1.lastRequestTimestamp = Date.now();
 	consola.info("Rate limit wait completed, proceeding with request");
 }
@@ -1098,6 +1883,169 @@ function detectCapabilityMismatch(info, model) {
 	return err.includes("token") || err.includes("context") || err.includes("too long") || err.includes("max_tokens") || err.includes("prompt is too long");
 }
 
+//#endregion
+//#region src/lib/stream-relay.ts
+const ENCODER$2 = new TextEncoder();
+/**
+* Detect the family of "controller has already closed" errors that Bun and
+* the WHATWG streams runtime throw when an enqueue/close call races with
+* the consumer cancelling its read. These are NOT upstream failures — they
+* mean the client has finished reading (or disconnected) and we should
+* exit pull() quietly without trying to write more bytes or log noise.
+*
+* Bun's wording: `TypeError: Invalid state: Controller is already closed`.
+* Other runtimes use `TypeError: The stream is closing` or
+* `TypeError: This ReadableStream is closed` or include "errored" / "cancelled".
+*/
+function isControllerClosedError(error) {
+	if (!(error instanceof Error)) return false;
+	const msg = error.message.toLowerCase();
+	return msg.includes("controller is already closed") || msg.includes("controller is already errored") || msg.includes("readablestream is closed") || msg.includes("readablestream is already closed") || msg.includes("stream is closing") || msg.includes("stream is already closed") || msg.includes("stream is closed");
+}
+/**
+* Wrap an upstream SSE byte stream so that:
+*   - Backpressure is respected (pull-based; only reads when downstream demands).
+*   - Mid-stream errors (undici "terminated", AbortError, network resets) are
+*     caught, logged with structured context, and converted to a final
+*     Anthropic-shape `event: error` SSE event before the downstream is closed.
+*   - Upstream inactivity (no chunk for `inactivityTimeoutMs`) is treated as a
+*     soft failure that emits an error event rather than hanging forever.
+*   - Consumer cancellation (client disconnects mid-read or finishes early)
+*     is recognized and handled silently — NOT logged as an upstream error,
+*     NOT followed by a futile event:error write that can corrupt the
+*     terminal bytes the client has already buffered.
+*
+* Pre-byte upstream errors (failure on the very first read) are handled by
+* the same code path: an `event: error` SSE event is emitted on a 200
+* response, then the connection is closed. Even if the consumer's SDK
+* silently swallows `event: error`, the immediate close triggers the
+* client's socket-disconnect handler — the user always sees an error
+* string, never a hang.
+*/
+function relayAnthropicStream(body, opts) {
+	const inactivityMs = opts.inactivityTimeoutMs ?? UPSTREAM_INACTIVITY_TIMEOUT_MS;
+	const reader = body.getReader();
+	let bytesRelayed = 0;
+	let upstreamFinished = false;
+	let consumerCancelled = false;
+	const safeClose = (controller) => {
+		try {
+			controller.close();
+		} catch {}
+	};
+	return new ReadableStream({
+		async pull(controller) {
+			if (consumerCancelled || upstreamFinished) {
+				safeClose(controller);
+				return;
+			}
+			try {
+				const result = await readWithInactivityTimeout(reader, inactivityMs);
+				if (consumerCancelled) {
+					safeClose(controller);
+					return;
+				}
+				if (result.done) {
+					if (bytesRelayed === 0) consola.warn(`Upstream returned empty SSE stream at ${opts.routePath}`);
+					upstreamFinished = true;
+					safeClose(controller);
+					return;
+				}
+				if (result.value) {
+					bytesRelayed += result.value.byteLength;
+					try {
+						controller.enqueue(result.value);
+					} catch (enqueueError) {
+						if (isControllerClosedError(enqueueError)) {
+							consumerCancelled = true;
+							return;
+						}
+						throw enqueueError;
+					}
+				}
+			} catch (error) {
+				upstreamFinished = true;
+				if (consumerCancelled) {
+					reader.cancel(error).catch(() => {});
+					safeClose(controller);
+					return;
+				}
+				const errName = error instanceof Error ? error.name : "Error";
+				const errMessage = error instanceof Error ? error.message : String(error);
+				consola.error(`Upstream stream interrupted at ${opts.routePath}: bytes=${bytesRelayed} errType=${errName} message=${JSON.stringify(errMessage)}`);
+				const event = buildAnthropicErrorEvent(errName, errMessage);
+				try {
+					controller.enqueue(ENCODER$2.encode(event));
+				} catch (enqueueError) {
+					if (!isControllerClosedError(enqueueError)) consola.warn(`Could not deliver error event to consumer at ${opts.routePath}: ${enqueueError instanceof Error ? enqueueError.message : String(enqueueError)}`);
+				}
+				reader.cancel(error).catch(() => {});
+				safeClose(controller);
+			}
+		},
+		cancel(reason) {
+			consumerCancelled = true;
+			upstreamFinished = true;
+			reader.cancel(reason).catch(() => {});
+		}
+	});
+}
+async function readWithInactivityTimeout(reader, timeoutMs) {
+	let timeoutHandle;
+	const timeoutPromise = new Promise((_, reject) => {
+		timeoutHandle = setTimeout(() => {
+			reject(Object.assign(/* @__PURE__ */ new Error("upstream_inactive"), { name: "InactivityTimeout" }));
+		}, timeoutMs);
+	});
+	timeoutPromise.catch(() => {});
+	try {
+		return await Promise.race([reader.read(), timeoutPromise]);
+	} finally {
+		if (timeoutHandle !== void 0) clearTimeout(timeoutHandle);
+	}
+}
+/**
+* Build the SSE wire bytes for an Anthropic-format streaming error event.
+* Per Anthropic streaming spec, errors are sent as:
+*   event: error
+*   data: {"type":"error","error":{"type":"...","message":"..."}}
+*/
+function buildAnthropicErrorEvent(errName, errMessage) {
+	const payload = {
+		type: "error",
+		error: {
+			type: classifyStreamError(errName),
+			message: `Upstream stream interrupted: ${errName}: ${errMessage}`
+		}
+	};
+	return `event: error\ndata: ${JSON.stringify(payload)}\n\n`;
+}
+/**
+* Build the SSE wire bytes for an OpenAI-format streaming error event,
+* followed by the `data: [DONE]` terminator that OpenAI clients expect.
+*/
+function buildOpenAIErrorEvent(errName, errMessage) {
+	const payload = { error: {
+		type: classifyStreamError(errName),
+		message: `Upstream stream interrupted: ${errName}: ${errMessage}`
+	} };
+	return `data: ${JSON.stringify(payload)}\n\ndata: [DONE]\n\n`;
+}
+function classifyStreamError(errName) {
+	if (errName === "AbortError") return "timeout_error";
+	if (errName === "InactivityTimeout") return "timeout_error";
+	return "api_error";
+}
+function logStreamError(routePath, error) {
+	const errName = error instanceof Error ? error.name : "Error";
+	const errMessage = error instanceof Error ? error.message : String(error);
+	consola.error(`Upstream stream interrupted at ${routePath}: errType=${errName} message=${JSON.stringify(errMessage)}`);
+	return {
+		errName,
+		errMessage
+	};
+}
+
 //#endregion
 //#region src/lib/tokenizer.ts
 const ENCODING_MAP = {
@@ -1296,20 +2244,29 @@ const getTokenCount = async (payload, model) => {
 
 //#endregion
 //#region src/services/copilot/create-chat-completions.ts
-const createChatCompletions = async (payload, modelHeaders) => {
+const createChatCompletions = async (payload, modelHeaders, callerSignal) => {
 	if (!state.copilotToken) throw new Error("Copilot token not found");
 	const enableVision = payload.messages.some((x) => typeof x.content !== "string" && x.content?.some((x$1) => x$1.type === "image_url"));
 	const isAgentCall = payload.messages.some((msg) => ["assistant", "tool"].includes(msg.role));
-	const headers = {
-		...copilotHeaders(state, enableVision),
-		...modelHeaders,
-		"X-Initiator": isAgentCall ? "agent" : "user"
+	const url = `${copilotBaseUrl(state)}/chat/completions`;
+	const doFetch = () => {
+		const fetchInit = {
+			method: "POST",
+			headers: {
+				...copilotHeaders(state, enableVision),
+				...modelHeaders,
+				"X-Initiator": isAgentCall ? "agent" : "user"
+			},
+			body: JSON.stringify(payload)
+		};
+		const signals = [];
+		if (UPSTREAM_FETCH_TIMEOUT_MS > 0) signals.push(AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS));
+		if (callerSignal) signals.push(callerSignal);
+		if (signals.length === 1) fetchInit.signal = signals[0];
+		else if (signals.length > 1) fetchInit.signal = AbortSignal.any(signals);
+		return fetch(url, fetchInit);
 	};
-	const response = await fetch(`${copilotBaseUrl(state)}/chat/completions`, {
-		method: "POST",
-		headers,
-		body: JSON.stringify(payload)
-	});
+	const response = await tryRefreshAndRetry(doFetch, "/chat/completions");
 	if (!response.ok) {
 		let errorBody = "";
 		try {
@@ -1352,23 +2309,28 @@ const InnerSchema = z.object({
 		annotations: z.array(z.object({ url_citation: z.object({
 			title: z.string(),
 			url: z.string()
-		}).optional() })).optional()
+		}).optional() })).nullable().optional()
 	}),
-	bing_searches: z.array(z.unknown()).optional()
+	bing_searches: z.array(z.unknown()).nullable().optional()
 });
 const MAX_SEARCHES_PER_SECOND = 3;
 let searchTimestamps = [];
+let throttleChain = Promise.resolve();
 async function throttleSearch() {
-	const now = Date.now();
-	searchTimestamps = searchTimestamps.filter((t) => now - t < 1e3);
-	if (searchTimestamps.length >= MAX_SEARCHES_PER_SECOND) {
-		const waitMs = 1e3 - (now - searchTimestamps[0]);
-		if (waitMs > 0) {
-			consola.debug(`Web search rate limited, waiting ${waitMs}ms`);
-			await sleep(waitMs);
+	const myTurn = throttleChain.then(async () => {
+		const now = Date.now();
+		searchTimestamps = searchTimestamps.filter((t) => now - t < 1e3);
+		if (searchTimestamps.length >= MAX_SEARCHES_PER_SECOND) {
+			const waitMs = 1e3 - (now - searchTimestamps[0]);
+			if (waitMs > 0) {
+				consola.debug(`Web search rate limited, waiting ${waitMs}ms`);
+				await sleep(waitMs);
+			}
 		}
-	}
-	searchTimestamps.push(Date.now());
+		searchTimestamps.push(Date.now());
+	});
+	throttleChain = myTurn.catch(() => {});
+	return myTurn;
 }
 function mcpHeaders(sid) {
 	if (!state.githubToken) throw new Error("GitHub token missing — re-run auth flow. Web search uses the GitHub PAT (not the Copilot token); the on-disk token at ~/.local/share/github-router/github_token must be present.");
@@ -1497,6 +2459,14 @@ async function searchWeb(query) {
 
 //#endregion
 //#region src/routes/chat-completions/handler.ts
+const ENCODER$1 = new TextEncoder();
+function formatSSE$1(chunk) {
+	const parts = [];
+	if (chunk.event) parts.push(`event: ${chunk.event}`);
+	if (chunk.data !== void 0) for (const line of String(chunk.data).split(/\r\n|\r|\n/)) parts.push(`data: ${line}`);
+	if (chunk.id !== void 0) parts.push(`id: ${String(chunk.id)}`);
+	return parts.join("\n") + "\n\n";
+}
 async function handleCompletion$1(c) {
 	const startTime = Date.now();
 	await checkRateLimit(state);
@@ -1545,16 +2515,91 @@ async function handleCompletion$1(c) {
 		inputTokens,
 		outputTokens,
 		status: 200,
-		streaming: isStreaming
-	}, selectedModel, startTime);
-	if (!isStreaming) {
-		if (debugEnabled) consola.debug("Non-streaming response:", JSON.stringify(response));
-		return c.json(response);
-	}
-	return streamSSE(c, async (stream) => {
-		for await (const chunk of response) {
-			if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(chunk));
-			await stream.writeSSE(chunk);
+		streaming: isStreaming
+	}, selectedModel, startTime);
+	if (!isStreaming) {
+		if (debugEnabled) consola.debug("Non-streaming response:", JSON.stringify(response));
+		return c.json(response);
+	}
+	const iterator = response[Symbol.asyncIterator]();
+	const firstResult = await iterator.next();
+	if (firstResult.done) consola.warn(`Upstream /chat/completions returned an empty stream at ${c.req.path}`);
+	let pendingFirstChunk = firstResult.done ? void 0 : firstResult.value;
+	let upstreamFinished = firstResult.done;
+	let consumerCancelled = false;
+	const safeClose = (controller) => {
+		try {
+			controller.close();
+		} catch {}
+	};
+	const releaseUpstream = (reason) => {
+		if (typeof iterator.return === "function") iterator.return(reason).catch(() => {});
+	};
+	const safeEnqueue = (controller, bytes) => {
+		try {
+			controller.enqueue(bytes);
+			return true;
+		} catch (e) {
+			if (isControllerClosedError(e)) {
+				consumerCancelled = true;
+				releaseUpstream(e);
+				return false;
+			}
+			throw e;
+		}
+	};
+	return new Response(new ReadableStream({
+		async pull(controller) {
+			if (consumerCancelled || upstreamFinished) {
+				safeClose(controller);
+				return;
+			}
+			if (pendingFirstChunk !== void 0) {
+				const chunk = pendingFirstChunk;
+				pendingFirstChunk = void 0;
+				if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(chunk));
+				safeEnqueue(controller, ENCODER$1.encode(formatSSE$1(chunk)));
+				return;
+			}
+			try {
+				const result = await iterator.next();
+				if (consumerCancelled) {
+					safeClose(controller);
+					return;
+				}
+				if (result.done) {
+					upstreamFinished = true;
+					safeClose(controller);
+					return;
+				}
+				if (result.value === void 0 || result.value === null) return;
+				if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(result.value));
+				safeEnqueue(controller, ENCODER$1.encode(formatSSE$1(result.value)));
+			} catch (error) {
+				upstreamFinished = true;
+				if (consumerCancelled) {
+					releaseUpstream(error);
+					safeClose(controller);
+					return;
+				}
+				const { errName, errMessage } = logStreamError(c.req.path, error);
+				safeEnqueue(controller, ENCODER$1.encode(buildOpenAIErrorEvent(errName, errMessage)));
+				releaseUpstream(error);
+				safeClose(controller);
+			}
+		},
+		cancel() {
+			consumerCancelled = true;
+			upstreamFinished = true;
+			releaseUpstream();
+		}
+	}), {
+		status: 200,
+		headers: {
+			"content-type": "text/event-stream",
+			"cache-control": "no-cache",
+			"transfer-encoding": "chunked",
+			connection: "keep-alive"
 		}
 	});
 }
@@ -1637,6 +2682,450 @@ embeddingRoutes.post("/", async (c) => {
 	}
 });
 
+//#endregion
+//#region src/services/copilot/create-responses.ts
+const createResponses = async (payload, modelHeaders, callerSignal) => {
+	if (!state.copilotToken) throw new Error("Copilot token not found");
+	const enableVision = detectVision(payload.input);
+	const isAgentCall = detectAgentCall(payload.input);
+	const url = `${copilotBaseUrl(state)}/responses`;
+	const doFetch = () => {
+		const fetchInit = {
+			method: "POST",
+			headers: {
+				...copilotHeaders(state, enableVision),
+				...modelHeaders,
+				"X-Initiator": isAgentCall ? "agent" : "user"
+			},
+			body: JSON.stringify(payload)
+		};
+		const signals = [];
+		if (UPSTREAM_FETCH_TIMEOUT_MS > 0) signals.push(AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS));
+		if (callerSignal) signals.push(callerSignal);
+		if (signals.length === 1) fetchInit.signal = signals[0];
+		else if (signals.length > 1) fetchInit.signal = AbortSignal.any(signals);
+		return fetch(url, fetchInit);
+	};
+	const response = await tryRefreshAndRetry(doFetch, "/responses");
+	if (!response.ok) {
+		consola.error("Failed to create responses", response);
+		throw new HTTPError("Failed to create responses", response);
+	}
+	if (payload.stream) return events(response);
+	return await response.json();
+};
+function detectVision(input) {
+	if (typeof input === "string") return false;
+	if (!Array.isArray(input)) return false;
+	return input.some((item) => {
+		if ("content" in item && Array.isArray(item.content)) return item.content.some((part) => part.type === "input_image");
+		return false;
+	});
+}
+function detectAgentCall(input) {
+	if (typeof input === "string") return false;
+	if (!Array.isArray(input)) return false;
+	return input.some((item) => {
+		if ("role" in item && item.role === "assistant") return true;
+		if ("type" in item && (item.type === "function_call" || item.type === "function_call_output")) return true;
+		return false;
+	});
+}
+
+//#endregion
+//#region src/routes/mcp/handler.ts
+const MCP_PROTOCOL_VERSION = "2025-06-18";
+const SERVER_NAME = "github-router-peers";
+const SERVER_VERSION = "1";
+/**
+* Reasoning effort levels accepted by Copilot's /v1/responses (gpt-5.x) and
+* /v1/chat/completions endpoints. Per the proxy's existing thinking-mode
+* translator (CLAUDE.md "Thinking-mode translation"), Copilot's adaptive-
+* thinking path uses these same buckets:
+*   <2k tokens → low, <8k → medium, <24k → high, else → xhigh.
+*
+* Default `high` for peer reviews — adversarial-by-design but still cost-
+* conscious. Callers can pass `xhigh` explicitly for deep dives, or `medium`
+* for quick sanity checks.
+*/
+const EFFORT_LEVELS = [
+	"low",
+	"medium",
+	"high",
+	"xhigh"
+];
+const DEFAULT_EFFORT = "high";
+function isEffort(v) {
+	return typeof v === "string" && EFFORT_LEVELS.includes(v);
+}
+/** Bounded concurrency. Originally capped at 2 (commit 4317a25) as a defensive
+*  pre-launch guess against Opus's natural pattern of fanning out to all three
+*  critics at once. Raised to 8 (Phase 2D of the peer-MCP plan) so the
+*  decomposition pattern Phase 2B teaches Opus — "split a >20 KB artifact
+*  into 2-4 batches and call in parallel" — can actually run in parallel
+*  without the (3+)th call returning isError "queue full". The persona
+*  handlers (`callPersona`) hold no shared mutable state — there's no race
+*  the cap is hiding; the upstream Copilot's own rate-limit (surfaced as a
+*  per-call 429 → tool isError) is the real backpressure mechanism. 8 covers
+*  a 7-fork wave with one slot of headroom and is still a hard upper bound
+*  against runaway clients. See docs/research/peer-mcp-investigation.md
+*  § "Concurrency cap investigation" for the full justification.  */
+const MAX_INFLIGHT_TOOLS_CALL = 8;
+let inFlightToolsCall = 0;
+const RPC_PARSE_ERROR = -32700;
+const RPC_INVALID_REQUEST = -32600;
+const RPC_METHOD_NOT_FOUND = -32601;
+const RPC_INVALID_PARAMS = -32602;
+const RPC_INTERNAL_ERROR = -32603;
+function rpcError(id, code, message, data) {
+	return {
+		jsonrpc: "2.0",
+		id: id ?? null,
+		error: data === void 0 ? {
+			code,
+			message
+		} : {
+			code,
+			message,
+			data
+		}
+	};
+}
+function rpcResult(id, result) {
+	return {
+		jsonrpc: "2.0",
+		id: id ?? null,
+		result
+	};
+}
+function isLoopbackHost(host) {
+	if (!host) return false;
+	const idx = host.lastIndexOf(":");
+	const hostname = idx >= 0 ? host.slice(0, idx) : host;
+	return hostname === "127.0.0.1" || hostname === "localhost";
+}
+/**
+* Constant-time bearer compare. Random per-launch nonces aren't really
+* timing-attackable in practice, but this costs nothing.
+*/
+function nonceMatches(provided, expected) {
+	if (provided.length !== expected.length) return false;
+	const a = Buffer.from(provided);
+	const b = Buffer.from(expected);
+	try {
+		return timingSafeEqual(a, b);
+	} catch {
+		return false;
+	}
+}
+function checkAuth(c) {
+	if (!isLoopbackHost(c.req.header("host"))) return {
+		ok: false,
+		status: 403,
+		reason: "non-loopback Host header rejected"
+	};
+	const expected = state.peerMcpNonce;
+	if (!expected) return {
+		ok: false,
+		status: 401,
+		reason: "/mcp not enabled in this proxy session"
+	};
+	const auth$1 = c.req.header("authorization") ?? "";
+	const m = /^Bearer\s+(.+)$/i.exec(auth$1);
+	if (!m || !nonceMatches(m[1], expected)) return {
+		ok: false,
+		status: 401,
+		reason: "missing or invalid Authorization bearer"
+	};
+	return { ok: true };
+}
+function geminiAvailable() {
+	const models = state.models?.data;
+	if (!models) return false;
+	return models.some((m) => /^gemini-3\..*pro/i.test(m.id));
+}
+function activePersonas() {
+	return PERSONAS_READ.filter((p) => !p.requiresHttp || geminiAvailable());
+}
+function toolEntries() {
+	return activePersonas().map((p) => ({
+		name: p.toolNameHttp,
+		description: p.description,
+		inputSchema: {
+			type: "object",
+			required: ["prompt"],
+			additionalProperties: false,
+			properties: {
+				prompt: {
+					type: "string",
+					description: "The lead's brief — the artifact under review plus constraints."
+				},
+				context: {
+					type: "string",
+					description: "Optional additional context (extra file content, prior decisions). Concatenated to the brief before sending."
+				},
+				effort: {
+					type: "string",
+					enum: [...EFFORT_LEVELS],
+					description: `Reasoning depth (low | medium | high | xhigh). Default "${DEFAULT_EFFORT}". Use 'xhigh' for explicit deep dives where you want maximum reasoning. Use 'medium' for quick sanity checks. Note: for non-OpenAI models routed via /v1/chat/completions (gemini-3.x), the upstream may silently ignore this knob.`
+				}
+			}
+		}
+	}));
+}
+function buildUserText(prompt, context) {
+	if (!context) return prompt;
+	return `${prompt}\n\n---\n\nAdditional context:\n${context}`;
+}
+function extractResponsesText(response) {
+	const out = [];
+	for (const item of response.output) {
+		if (typeof item !== "object" || item === null) continue;
+		const obj = item;
+		if (obj.type !== "message" || obj.role !== "assistant") continue;
+		const content = obj.content;
+		if (!Array.isArray(content)) continue;
+		for (const part of content) {
+			if (typeof part !== "object" || part === null) continue;
+			const p = part;
+			if ((p.type === "output_text" || p.type === "text") && typeof p.text === "string") out.push(p.text);
+		}
+	}
+	return out.join("");
+}
+function extractChatCompletionText(response) {
+	const choice = response.choices?.[0];
+	if (!choice) return "";
+	const c = choice.message?.content;
+	return typeof c === "string" ? c : "";
+}
+function toolError(message) {
+	return {
+		content: [{
+			type: "text",
+			text: message
+		}],
+		isError: true
+	};
+}
+async function callPersona(persona, prompt, context, effort) {
+	const resolvedModel = resolveModel(persona.model);
+	const userText = buildUserText(prompt, context);
+	if (persona.endpoint === "/v1/responses") {
+		const text$1 = extractResponsesText(await createResponses({
+			model: resolvedModel,
+			instructions: persona.baseInstructions,
+			input: [{
+				role: "user",
+				content: [{
+					type: "input_text",
+					text: userText
+				}]
+			}],
+			stream: false,
+			reasoning: { effort }
+		}));
+		if (!text$1) return toolError(`persona ${persona.agentName}: empty assistant output`);
+		return { content: [{
+			type: "text",
+			text: text$1
+		}] };
+	}
+	const text = extractChatCompletionText(await createChatCompletions({
+		model: resolvedModel,
+		messages: [{
+			role: "system",
+			content: persona.baseInstructions
+		}, {
+			role: "user",
+			content: userText
+		}],
+		stream: false,
+		reasoning_effort: effort
+	}));
+	if (!text) return toolError(`persona ${persona.agentName}: empty assistant output`);
+	return { content: [{
+		type: "text",
+		text
+	}] };
+}
+function logTelemetry(t) {
+	const parts = [
+		`[peer-mcp]`,
+		`name=${t.name}`,
+		`model=${t.model}`,
+		`duration_ms=${t.durationMs}`,
+		`result=${t.result}`
+	];
+	if (t.errorMessage) parts.push(`error=${JSON.stringify(t.errorMessage)}`);
+	process.stderr.write(parts.join(" ") + "\n");
+}
+async function handleToolsCall(body) {
+	const params = body.params ?? {};
+	const name$1 = typeof params.name === "string" ? params.name : "";
+	const args = params.arguments ?? {};
+	const prompt = typeof args.prompt === "string" ? args.prompt : "";
+	const context = typeof args.context === "string" ? args.context : void 0;
+	let effort = DEFAULT_EFFORT;
+	if (args.effort !== void 0) {
+		if (!isEffort(args.effort)) return rpcError(body.id, RPC_INVALID_PARAMS, `tools/call: arguments.effort must be one of ${EFFORT_LEVELS.join("|")}; got ${JSON.stringify(args.effort)}`);
+		effort = args.effort;
+	}
+	if (!name$1) return rpcError(body.id, RPC_INVALID_PARAMS, "tools/call missing name");
+	const persona = activePersonas().find((p) => p.toolNameHttp === name$1);
+	if (!persona) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
+	if (!prompt) return rpcError(body.id, RPC_INVALID_PARAMS, `tools/call: arguments.prompt is required`);
+	if (inFlightToolsCall >= MAX_INFLIGHT_TOOLS_CALL) return rpcResult(body.id, {
+		content: [{
+			type: "text",
+			text: `Peer MCP queue full (${MAX_INFLIGHT_TOOLS_CALL} in-flight). Retry shortly, or wait for the current persona calls to complete.`
+		}],
+		isError: true
+	});
+	inFlightToolsCall++;
+	const startedAt = Date.now();
+	try {
+		const result = await callPersona(persona, prompt, context, effort);
+		logTelemetry({
+			name: persona.agentName,
+			model: persona.model,
+			durationMs: Date.now() - startedAt,
+			result: result.isError ? "isError" : "ok"
+		});
+		return rpcResult(body.id, result);
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		logTelemetry({
+			name: persona.agentName,
+			model: persona.model,
+			durationMs: Date.now() - startedAt,
+			result: "exception",
+			errorMessage: message
+		});
+		return rpcResult(body.id, {
+			content: [{
+				type: "text",
+				text: `persona ${persona.agentName} failed: ${message}`
+			}],
+			isError: true
+		});
+	} finally {
+		inFlightToolsCall--;
+	}
+}
+async function handleRpc(_c, body) {
+	if (body === null || typeof body !== "object" || Array.isArray(body)) return {
+		status: 200,
+		body: rpcError(null, RPC_INVALID_REQUEST, "jsonrpc 2.0 envelope required")
+	};
+	if (body.jsonrpc !== "2.0" || typeof body.method !== "string") return {
+		status: 200,
+		body: rpcError(body.id ?? null, RPC_INVALID_REQUEST, "jsonrpc 2.0 envelope required")
+	};
+	const isNotification = body.id === void 0;
+	switch (body.method) {
+		case "initialize":
+			if (isNotification) return {
+				status: 202,
+				body: null
+			};
+			return {
+				status: 200,
+				body: rpcResult(body.id, {
+					protocolVersion: MCP_PROTOCOL_VERSION,
+					capabilities: { tools: { listChanged: false } },
+					serverInfo: {
+						name: SERVER_NAME,
+						version: SERVER_VERSION
+					}
+				})
+			};
+		case "notifications/initialized": return {
+			status: 202,
+			body: null
+		};
+		case "tools/list":
+			if (isNotification) return {
+				status: 202,
+				body: null
+			};
+			return {
+				status: 200,
+				body: rpcResult(body.id, { tools: toolEntries() })
+			};
+		case "tools/call":
+			if (isNotification) return {
+				status: 202,
+				body: null
+			};
+			return {
+				status: 200,
+				body: await handleToolsCall(body)
+			};
+		case "ping":
+			if (isNotification) return {
+				status: 202,
+				body: null
+			};
+			return {
+				status: 200,
+				body: rpcResult(body.id, {})
+			};
+		default:
+			if (isNotification) return {
+				status: 202,
+				body: null
+			};
+			return {
+				status: 200,
+				body: rpcError(body.id, RPC_METHOD_NOT_FOUND, `unknown method: ${body.method}`)
+			};
+	}
+}
+async function handleMcpPost(c) {
+	const auth$1 = checkAuth(c);
+	if (!auth$1.ok) return c.json(rpcError(null, RPC_INVALID_REQUEST, auth$1.reason), auth$1.status);
+	let body;
+	try {
+		body = await c.req.json();
+	} catch (err) {
+		consola.debug("/mcp parse error:", err);
+		return c.json(rpcError(null, RPC_PARSE_ERROR, "request body is not valid JSON"), 200);
+	}
+	try {
+		const { status, body: respBody } = await handleRpc(c, body);
+		if (respBody === null) return c.body(null, status);
+		return c.json(respBody, status);
+	} catch (err) {
+		consola.error("/mcp handler error:", err);
+		const echoId = typeof body === "object" && body !== null && !Array.isArray(body) ? body.id ?? null : null;
+		return c.json(rpcError(echoId, RPC_INTERNAL_ERROR, err instanceof Error ? err.message : String(err)), 200);
+	}
+}
+function handleMcpDelete(c) {
+	const auth$1 = checkAuth(c);
+	if (!auth$1.ok) return c.json(rpcError(null, RPC_INVALID_REQUEST, auth$1.reason), auth$1.status);
+	return c.body(null, 200);
+}
+
+//#endregion
+//#region src/routes/mcp/route.ts
+const mcpRoutes = new Hono();
+mcpRoutes.post("/", async (c) => {
+	try {
+		return await handleMcpPost(c);
+	} catch (error) {
+		return await forwardError(c, error);
+	}
+});
+mcpRoutes.delete("/", (c) => {
+	try {
+		return handleMcpDelete(c);
+	} catch {
+		return c.body(null, 500);
+	}
+});
+
 //#endregion
 //#region src/services/copilot/create-messages.ts
 /**
@@ -1676,14 +3165,18 @@ function buildHeaders(extraHeaders) {
 */
 async function createMessages(body, extraHeaders) {
 	if (!state.copilotToken) throw new Error("Copilot token not found");
-	const headers = buildHeaders(extraHeaders);
 	const url = `${copilotBaseUrl(state)}/v1/messages?beta=true`;
 	consola.debug(`Forwarding to ${url}`);
-	const response = await fetch(url, {
-		method: "POST",
-		headers,
-		body
-	});
+	const doFetch = () => {
+		const fetchInit = {
+			method: "POST",
+			headers: buildHeaders(extraHeaders),
+			body
+		};
+		if (UPSTREAM_FETCH_TIMEOUT_MS > 0) fetchInit.signal = AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS);
+		return fetch(url, fetchInit);
+	};
+	const response = await tryRefreshAndRetry(doFetch, "/v1/messages");
 	if (!response.ok) {
 		let errorBody = "";
 		try {
@@ -1706,14 +3199,18 @@ async function createMessages(body, extraHeaders) {
 */
 async function countTokens(body, extraHeaders) {
 	if (!state.copilotToken) throw new Error("Copilot token not found");
-	const headers = buildHeaders(extraHeaders);
 	const url = `${copilotBaseUrl(state)}/v1/messages/count_tokens?beta=true`;
 	consola.debug(`Forwarding to ${url}`);
-	const response = await fetch(url, {
-		method: "POST",
-		headers,
-		body
-	});
+	const doFetch = () => {
+		const fetchInit = {
+			method: "POST",
+			headers: buildHeaders(extraHeaders),
+			body
+		};
+		if (UPSTREAM_FETCH_TIMEOUT_MS > 0) fetchInit.signal = AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS);
+		return fetch(url, fetchInit);
+	};
+	const response = await tryRefreshAndRetry(doFetch, "/v1/messages/count_tokens");
 	if (!response.ok) {
 		let errorBody = "";
 		try {
@@ -1731,6 +3228,22 @@ async function countTokens(body, extraHeaders) {
 	return response;
 }
 
+//#endregion
+//#region src/lib/diagnose-response.ts
+const PREVIEW_LIMIT = 200;
+async function parseJsonOrDiagnose(response, routePath) {
+	const cloned = response.clone();
+	try {
+		return await response.json();
+	} catch (error) {
+		const contentType = response.headers.get("content-type") ?? "(none)";
+		const bodyText = await cloned.text().catch(() => "(unreadable)");
+		const preview = bodyText.length > PREVIEW_LIMIT ? bodyText.slice(0, PREVIEW_LIMIT) + "...(truncated)" : bodyText;
+		consola.error(`Upstream JSON parse failed at ${routePath}: status=${response.status} content-type="${contentType}" body[0..${PREVIEW_LIMIT}]=${JSON.stringify(preview)}`);
+		throw error;
+	}
+}
+
 //#endregion
 //#region src/routes/messages/count-tokens-handler.ts
 const isWebSearchTool$1 = (tool) => typeof tool.type === "string" && tool.type.startsWith("web_search") || tool.name === "web_search";
@@ -1778,7 +3291,7 @@ async function handleCountTokens(c) {
 		...selectedModel?.requestHeaders,
 		...extraHeaders
 	});
-	const responseBody = await response.json();
+	const responseBody = await parseJsonOrDiagnose(response, c.req.path);
 	logRequest({
 		method: "POST",
 		path: c.req.path,
@@ -1969,7 +3482,17 @@ async function handleCompletion(c) {
 		}
 		throw error;
 	}
-	if ((response.headers.get("content-type") ?? "").includes("text/event-stream")) {
+	const contentType = response.headers.get("content-type") ?? "";
+	const clientAcceptsSSE = (c.req.header("accept") ?? "").includes("text/event-stream");
+	let isStreaming = contentType.includes("text/event-stream");
+	if (!isStreaming && clientAcceptsSSE) {
+		if (contentType === "" || contentType === "application/octet-stream") {
+			consola.warn(`Upstream /v1/messages returned status=${response.status} content-type=${JSON.stringify(contentType)} but client requested streaming; treating response body as SSE`);
+			isStreaming = true;
+		}
+	}
+	if (debugEnabled) consola.debug(`Upstream /v1/messages: status=${response.status} content-type="${contentType}" isStreaming=${isStreaming}`);
+	if (isStreaming) {
 		logRequest({
 			method: "POST",
 			path: c.req.path,
@@ -1982,18 +3505,19 @@ async function handleCompletion(c) {
 		const streamHeaders = {
 			"content-type": "text/event-stream",
 			"cache-control": "no-cache",
+			"transfer-encoding": "chunked",
 			connection: "keep-alive"
 		};
 		const requestId = response.headers.get("x-request-id");
 		if (requestId) streamHeaders["x-request-id"] = requestId;
 		const reqId = response.headers.get("request-id");
 		if (reqId) streamHeaders["request-id"] = reqId;
-		return new Response(response.body, {
+		return new Response(response.body ? relayAnthropicStream(response.body, { routePath: c.req.path }) : null, {
 			status: response.status,
 			headers: streamHeaders
 		});
 	}
-	const responseBody = await response.json();
+	const responseBody = await parseJsonOrDiagnose(response, c.req.path);
 	logRequest({
 		method: "POST",
 		path: c.req.path,
@@ -2200,49 +3724,16 @@ modelRoutes.get("/", async (c) => {
 	}
 });
 
-//#endregion
-//#region src/services/copilot/create-responses.ts
-const createResponses = async (payload, modelHeaders) => {
-	if (!state.copilotToken) throw new Error("Copilot token not found");
-	const enableVision = detectVision(payload.input);
-	const isAgentCall = detectAgentCall(payload.input);
-	const headers = {
-		...copilotHeaders(state, enableVision),
-		...modelHeaders,
-		"X-Initiator": isAgentCall ? "agent" : "user"
-	};
-	const response = await fetch(`${copilotBaseUrl(state)}/responses`, {
-		method: "POST",
-		headers,
-		body: JSON.stringify(payload)
-	});
-	if (!response.ok) {
-		consola.error("Failed to create responses", response);
-		throw new HTTPError("Failed to create responses", response);
-	}
-	if (payload.stream) return events(response);
-	return await response.json();
-};
-function detectVision(input) {
-	if (typeof input === "string") return false;
-	if (!Array.isArray(input)) return false;
-	return input.some((item) => {
-		if ("content" in item && Array.isArray(item.content)) return item.content.some((part) => part.type === "input_image");
-		return false;
-	});
-}
-function detectAgentCall(input) {
-	if (typeof input === "string") return false;
-	if (!Array.isArray(input)) return false;
-	return input.some((item) => {
-		if ("role" in item && item.role === "assistant") return true;
-		if ("type" in item && (item.type === "function_call" || item.type === "function_call_output")) return true;
-		return false;
-	});
-}
-
 //#endregion
 //#region src/routes/responses/handler.ts
+const ENCODER = new TextEncoder();
+function formatSSE(chunk) {
+	const parts = [];
+	if (chunk.event) parts.push(`event: ${chunk.event}`);
+	if (chunk.data !== void 0) for (const line of String(chunk.data).split(/\r\n|\r|\n/)) parts.push(`data: ${line}`);
+	if (chunk.id !== void 0) parts.push(`id: ${String(chunk.id)}`);
+	return parts.join("\n") + "\n\n";
+}
 async function handleResponses(c) {
 	const startTime = Date.now();
 	await checkRateLimit(state);
@@ -2283,16 +3774,106 @@ async function handleResponses(c) {
 		if (debugEnabled) consola.debug("Non-streaming response:", JSON.stringify(response));
 		return c.json(response);
 	}
-	return streamSSE(c, async (stream) => {
-		for await (const chunk of response) {
-			if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(chunk));
-			if (chunk.data === "[DONE]") break;
-			if (!chunk.data) continue;
-			await stream.writeSSE({
-				data: chunk.data,
-				event: chunk.event,
-				id: chunk.id?.toString()
-			});
+	const iterator = response[Symbol.asyncIterator]();
+	let firstChunk;
+	let upstreamFinished = false;
+	while (true) {
+		const r = await iterator.next();
+		if (r.done) {
+			upstreamFinished = true;
+			break;
+		}
+		if (r.value === void 0 || r.value === null) continue;
+		if (r.value.data === "[DONE]") {
+			upstreamFinished = true;
+			break;
+		}
+		if (!r.value.data) continue;
+		firstChunk = r.value;
+		break;
+	}
+	if (firstChunk === void 0) consola.warn(`Upstream /responses returned no payload events at ${c.req.path}`);
+	let pendingFirstChunk = firstChunk;
+	let consumerCancelled = false;
+	const safeClose = (controller) => {
+		try {
+			controller.close();
+		} catch {}
+	};
+	const releaseUpstream = (reason) => {
+		if (typeof iterator.return === "function") iterator.return(reason).catch(() => {});
+	};
+	const safeEnqueue = (controller, bytes) => {
+		try {
+			controller.enqueue(bytes);
+			return true;
+		} catch (e) {
+			if (isControllerClosedError(e)) {
+				consumerCancelled = true;
+				releaseUpstream(e);
+				return false;
+			}
+			throw e;
+		}
+	};
+	return new Response(new ReadableStream({
+		async pull(controller) {
+			if (consumerCancelled || upstreamFinished) {
+				safeClose(controller);
+				return;
+			}
+			if (pendingFirstChunk !== void 0) {
+				const chunk = pendingFirstChunk;
+				pendingFirstChunk = void 0;
+				if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(chunk));
+				safeEnqueue(controller, ENCODER.encode(formatSSE(chunk)));
+				return;
+			}
+			try {
+				const result = await iterator.next();
+				if (consumerCancelled) {
+					safeClose(controller);
+					return;
+				}
+				if (result.done) {
+					upstreamFinished = true;
+					safeClose(controller);
+					return;
+				}
+				if (result.value === void 0 || result.value === null) return;
+				if (result.value.data === "[DONE]") {
+					upstreamFinished = true;
+					safeClose(controller);
+					return;
+				}
+				if (!result.value.data) return;
+				if (debugEnabled) consola.debug("Streaming chunk:", JSON.stringify(result.value));
+				safeEnqueue(controller, ENCODER.encode(formatSSE(result.value)));
+			} catch (error) {
+				upstreamFinished = true;
+				if (consumerCancelled) {
+					releaseUpstream(error);
+					safeClose(controller);
+					return;
+				}
+				const { errName, errMessage } = logStreamError(c.req.path, error);
+				safeEnqueue(controller, ENCODER.encode(buildOpenAIErrorEvent(errName, errMessage)));
+				releaseUpstream(error);
+				safeClose(controller);
+			}
+		},
+		cancel() {
+			consumerCancelled = true;
+			upstreamFinished = true;
+			releaseUpstream();
+		}
+	}), {
+		status: 200,
+		headers: {
+			"content-type": "text/event-stream",
+			"cache-control": "no-cache",
+			"transfer-encoding": "chunked",
+			connection: "keep-alive"
 		}
 	});
 }
@@ -2494,6 +4075,11 @@ usageRoute.get("/", async (c) => {
 const server = new Hono();
 server.use(cors());
 server.get("/", (c) => c.text("Server running"));
+server.get("/version", (c) => c.json({
+	name,
+	version,
+	gitSha: process.env.GITHUB_SHA ?? "unknown"
+}));
 server.on("HEAD", ["/"], (c) => c.body(null, 200));
 server.route("/chat/completions", completionRoutes);
 server.route("/responses", responsesRoutes);
@@ -2508,6 +4094,7 @@ server.route("/v1/models", modelRoutes);
 server.route("/v1/embeddings", embeddingRoutes);
 server.route("/v1/search", searchRoutes);
 server.route("/v1/messages", messageRoutes);
+server.route("/mcp", mcpRoutes);
 server.post("/api/event_logging/batch", (c) => c.body(null, 200));
 server.notFound((c) => c.json({
 	type: "error",
@@ -2717,6 +4304,7 @@ function getClaudeCodeEnvVars(serverUrl, model) {
 		ANTHROPIC_BASE_URL: serverUrl,
 		ANTHROPIC_AUTH_TOKEN: "dummy",
 		CLAUDE_CONFIG_DIR: path.join(os.homedir(), ".claude"),
+		MCP_TIMEOUT: "600000",
 		DISABLE_NON_ESSENTIAL_MODEL_CALLS: "1",
 		CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: "1"
 	};
@@ -2756,6 +4344,21 @@ const claude = defineCommand({
 			alias: "m",
 			type: "string",
 			description: "Override the default model for Claude Code"
+		},
+		"codex-mcp": {
+			type: "boolean",
+			default: true,
+			description: "Wire peer-model MCP personas (codex-critic, codex-reviewer, gemini-critic) into the spawned Claude Code session"
+		},
+		"codex-cli": {
+			type: "boolean",
+			default: false,
+			description: "Add a `codex mcp-server` stdio backend so codex-implementer can mutate files. Requires codex CLI 0.129+; gracefully falls back to HTTP-only if absent."
+		},
+		"codex-mcp-only": {
+			type: "boolean",
+			default: false,
+			description: "Pass --strict-mcp-config to claude code so only github-router's MCP servers are loaded (hides user's existing MCP servers)"
 		}
 	},
 	async run({ args }) {
@@ -2800,12 +4403,36 @@ const claude = defineCommand({
 		}
 		const banner = chosenSlug === resolvedSlug ? chosenSlug : `${chosenSlug} → ${resolvedSlug}`;
 		process$1.stderr.write(`Server ready on ${serverUrl}, launching Claude Code (${banner})...\n`);
+		const envVars = getClaudeCodeEnvVars(serverUrl, chosenSlug);
+		const extraArgs = args._ ?? [];
+		let onShutdown;
+		if (args["codex-mcp"] !== false) try {
+			const requestedCli = args["codex-cli"] ?? false;
+			const backend = resolveCodexCliBackend({
+				requested: requestedCli,
+				codexInfo: requestedCli ? getCodexVersion() : null
+			});
+			const geminiAvailable$1 = state.models?.data.some((m) => /^gemini-3\..*pro/i.test(m.id)) ?? false;
+			if (!geminiAvailable$1) consola.info("gemini-3.1-pro-preview not found in your Copilot model catalog; gemini-critic persona will not be registered.");
+			const runtime = await writePeerMcpRuntimeFiles(serverUrl, {
+				codexCli: backend === "cli",
+				geminiAvailable: geminiAvailable$1
+			});
+			state.peerMcpNonce = runtime.nonce;
+			onShutdown = runtime.cleanup;
+			extraArgs.push("--mcp-config", runtime.mcpConfigPath);
+			if (args["codex-mcp-only"] === true) extraArgs.push("--strict-mcp-config");
+			const personaNames = runtime.personas.map((p) => p.agentName).join(", ");
+			process$1.stderr.write(`Peer MCP wired (backend=${backend}, personas=[${personaNames}], subagent .md files=${runtime.agentMdPaths.length}).\n`);
+		} catch (err) {
+			consola.warn(`Peer MCP wiring failed (claude will launch without it): ${err instanceof Error ? err.message : String(err)}`);
+		}
 		launchChild({
 			kind: "claude-code",
-			envVars: getClaudeCodeEnvVars(serverUrl, chosenSlug),
-			extraArgs: args._ ?? [],
+			envVars,
+			extraArgs,
 			model: chosenSlug
-		}, server$1);
+		}, server$1, { onShutdown });
 	}
 });
 
@@ -2873,7 +4500,8 @@ const codex = defineCommand({
 			kind: "codex",
 			envVars: getCodexEnvVars(serverUrl),
 			extraArgs: args._ ?? [],
-			model: codexModel
+			model: codexModel,
+			serverUrl
 		}, server$1);
 	}
 });
@@ -2906,9 +4534,9 @@ async function checkTokenExists() {
 	}
 }
 async function getDebugInfo() {
-	const [version, tokenExists] = await Promise.all([getPackageVersion(), checkTokenExists()]);
+	const [version$1, tokenExists] = await Promise.all([getPackageVersion(), checkTokenExists()]);
 	return {
-		version,
+		version: version$1,
 		runtime: getRuntimeInfo(),
 		paths: {
 			APP_DIR: PATHS.APP_DIR,