github-router 0.3.30 → 0.3.32

package/dist/main.js

@@ -1,19 +1,22 @@
 #!/usr/bin/env node
-import { a as sweepRegistry, c as ensureClaudeConfigMirror, d as writeRuntimeFileSecure, i as registerExitHandlers, l as ensurePaths, n as getInstanceUuid, r as recordWorkerRepo, s as PATHS, t as WorktreeRegistry, u as removeOwnClaudeConfigMirror } from "./lifecycle-BrNqqJZH.js";
+import { c as writeRuntimeFileSecure, i as removeOwnClaudeConfigMirror, n as ensureClaudeConfigMirror, r as ensurePaths, t as PATHS } from "./paths-Cr2gfGiA.js";
+import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-3OXRVrtQ.js";
 import { createRequire } from "node:module";
 import { defineCommand, runMain } from "citty";
 import consola from "consola";
 import { createHash, randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
 import fs, { readFile, stat } from "node:fs/promises";
-import os from "node:os";
+import os, { homedir, platform } from "node:os";
 import * as path$1 from "node:path";
 import path from "node:path";
 import process$1 from "node:process";
 import { execFile, execFileSync, spawn, spawnSync } from "node:child_process";
 import { promisify } from "node:util";
-import fs$1, { closeSync, existsSync, openSync, readFileSync, realpathSync, renameSync, statSync, unlinkSync, writeSync } from "node:fs";
+import fs$1, { chmodSync, closeSync, existsSync, mkdirSync, openSync, readFileSync, realpathSync, renameSync, statSync, unlinkSync, writeFileSync, writeSync } from "node:fs";
 import { createInterface } from "node:readline";
 import Parser from "web-tree-sitter";
+import WebSocket from "ws";
+import { fileURLToPath } from "node:url";
 import { Type } from "typebox";
 import "partial-json";
 import { Compile } from "typebox/compile";
@@ -41,6 +44,7 @@ const state = {
 	rateLimitWait: false,
 	showToken: false,
 	extendedBetas: false,
+	browseEnabled: false,
 	sessionId: randomUUID(),
 	machineId: randomBytes(32).toString("hex")
 };
@@ -2048,8 +2052,8 @@ async function runStructuralPass(opts) {
 				consola.debug(`[code_search] structural skip ${relFile} (${size} bytes > cap)`);
 				continue;
 			}
-			let cached = cacheGet(absPath, mtimeMs);
-			if (!cached) {
+			let cached$1 = cacheGet(absPath, mtimeMs);
+			if (!cached$1) {
 				let source;
 				try {
 					source = readFileSync(absPath, "utf8");
@@ -2074,23 +2078,23 @@ async function runStructuralPass(opts) {
 				} catch (err) {
 					consola.debug(`[code_search] tree-sitter parse failed for ${relFile}: ${err.message}`);
 				}
-				cached = {
+				cached$1 = {
 					mtimeMs,
 					tree,
 					source: tree ? source : null
 				};
-				cachePut(absPath, cached);
+				cachePut(absPath, cached$1);
 				filesParsed += 1;
 			}
-			if (!cached.tree || !cached.source) continue;
+			if (!cached$1.tree || !cached$1.source) continue;
 			for (const entry of entries) {
-				const lineStart = lineStartByte(cached.source, entry.hit.line);
+				const lineStart = lineStartByte(cached$1.source, entry.hit.line);
 				if (lineStart < 0) continue;
 				const matchByteStart = lineStart + entry.hit.match_start;
 				const matchByteEnd = lineStart + entry.hit.match_end;
 				let node;
 				try {
-					node = cached.tree.rootNode.descendantForIndex(matchByteStart, matchByteEnd);
+					node = cached$1.tree.rootNode.descendantForIndex(matchByteStart, matchByteEnd);
 				} catch {
 					node = null;
 				}
@@ -2468,6 +2472,1086 @@ function round4(x) {
 	return Math.round(x * 1e4) / 1e4;
 }
 
+//#endregion
+//#region src/lib/browser-mcp/browser-detect.ts
+let cached;
+function probeWindows() {
+	const found = [];
+	const probe = (subkey) => {
+		try {
+			execFileSync("reg.exe", [
+				"query",
+				`HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\${subkey}`,
+				"/ve"
+			], {
+				windowsHide: true,
+				timeout: 3e3,
+				stdio: [
+					"ignore",
+					"pipe",
+					"ignore"
+				]
+			});
+			return true;
+		} catch {
+			try {
+				execFileSync("reg.exe", [
+					"query",
+					`HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\${subkey}`,
+					"/ve"
+				], {
+					windowsHide: true,
+					timeout: 3e3,
+					stdio: [
+						"ignore",
+						"pipe",
+						"ignore"
+					]
+				});
+				return true;
+			} catch {
+				return false;
+			}
+		}
+	};
+	if (probe("chrome.exe")) found.push("chrome");
+	if (probe("msedge.exe")) found.push("edge");
+	if (!found.includes("chrome")) {
+		const localApp = process$1.env.LOCALAPPDATA;
+		const pf = process$1.env["PROGRAMFILES"];
+		const pf86 = process$1.env["PROGRAMFILES(X86)"];
+		if ([
+			localApp ? path.join(localApp, "Google", "Chrome", "Application", "chrome.exe") : void 0,
+			pf ? path.join(pf, "Google", "Chrome", "Application", "chrome.exe") : void 0,
+			pf86 ? path.join(pf86, "Google", "Chrome", "Application", "chrome.exe") : void 0
+		].filter((p) => typeof p === "string").some(existsSync)) found.push("chrome");
+	}
+	if (!found.includes("edge")) {
+		const pf86 = process$1.env["PROGRAMFILES(X86)"];
+		const pf = process$1.env["PROGRAMFILES"];
+		if ([pf86 ? path.join(pf86, "Microsoft", "Edge", "Application", "msedge.exe") : void 0, pf ? path.join(pf, "Microsoft", "Edge", "Application", "msedge.exe") : void 0].filter((p) => typeof p === "string").some(existsSync)) found.push("edge");
+	}
+	return found;
+}
+function probeMacOS() {
+	const found = [];
+	if (existsSync("/Applications/Google Chrome.app")) found.push("chrome");
+	if (existsSync("/Applications/Microsoft Edge.app")) found.push("edge");
+	return found;
+}
+function probeLinux() {
+	const found = [];
+	const which = (cmd) => {
+		try {
+			execFileSync("which", [cmd], {
+				timeout: 2e3,
+				stdio: [
+					"ignore",
+					"pipe",
+					"ignore"
+				]
+			});
+			return true;
+		} catch {
+			return false;
+		}
+	};
+	if (which("google-chrome") || which("google-chrome-stable") || which("chromium") || which("chromium-browser")) found.push("chrome");
+	if (which("microsoft-edge") || which("microsoft-edge-stable")) found.push("edge");
+	return found;
+}
+/**
+* Returns the supported browsers detected on this host. Result is
+* cached on first call; restart the proxy to re-detect after a fresh
+* install.
+*/
+function detectSupportedBrowsers() {
+	if (cached !== void 0) return cached;
+	let found;
+	switch (process$1.platform) {
+		case "win32":
+			found = probeWindows();
+			break;
+		case "darwin":
+			found = probeMacOS();
+			break;
+		default:
+			found = probeLinux();
+			break;
+	}
+	cached = Object.freeze(found);
+	return cached;
+}
+/** Convenience: true iff Chrome OR Edge is detected. */
+function hasSupportedBrowserInstalled() {
+	return detectSupportedBrowsers().length > 0;
+}
+
+//#endregion
+//#region src/lib/browser-mcp/native-host-installer.ts
+const NMH_HOST_ID = "com.githubrouter.browser";
+/**
+* Compute the deterministic 32-char chrome-extension ID from the
+* base64-DER-encoded RSA public key in the extension's manifest.json
+* `key` field. Chrome's derivation:
+*
+*   1. base64-decode the key into DER bytes.
+*   2. SHA-256 the bytes.
+*   3. Take the first 16 bytes of the digest as 32 hex chars.
+*   4. Map each hex digit VALUE (0..15) to a letter (a..p). hex value
+*      0 → 'a', 1 → 'b', …, 15 → 'p'. The result is 32 chars long.
+*
+* See https://developer.chrome.com/docs/extensions/reference/manifest/key
+* for the spec.
+*/
+function computeExtensionIdFromKey(keyB64) {
+	const der = Buffer.from(keyB64, "base64");
+	const hex = createHash("sha256").update(der).digest().subarray(0, 16).toString("hex");
+	const aCode = "a".charCodeAt(0);
+	let out = "";
+	for (let i = 0; i < hex.length; i++) out += String.fromCharCode(aCode + parseInt(hex[i], 16));
+	return out;
+}
+function readManifestKey() {
+	const candidates = [path.resolve(extensionDir(), "manifest.json")];
+	for (const candidate of candidates) try {
+		const raw = readFileSync(candidate, "utf8");
+		const parsed = JSON.parse(raw);
+		if (typeof parsed.key === "string") return parsed.key;
+	} catch {}
+	throw new Error(`native-host-installer: could not read manifest.json from ${candidates.join(", ")}`);
+}
+/**
+* Walk up from a starting directory looking for the github-router
+* package.json. Returns the package root or undefined if not found
+* within `maxHops` levels.
+*/
+function findPackageRoot(startDir, maxHops = 10) {
+	let cur = startDir;
+	for (let i = 0; i < maxHops; i++) {
+		try {
+			const pkgPath = path.join(cur, "package.json");
+			const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
+			if (pkg.name && pkg.name.includes("github-router")) return cur;
+		} catch {}
+		const parent = path.dirname(cur);
+		if (parent === cur) break;
+		cur = parent;
+	}
+}
+/**
+* Resolve the github-router package root. Uses two sources in order:
+*   1. process.argv[1] — the entrypoint script, walks up from there.
+*   2. import.meta.url of THIS module, walks up from there.
+*   3. process.cwd() as last resort.
+*
+* Robust across bun (src/main.ts) and node (dist/main.js) launch paths.
+*/
+function packageRoot() {
+	const entryPath = typeof process$1?.argv?.[1] === "string" ? process$1.argv[1] : void 0;
+	if (entryPath) {
+		const fromEntry = findPackageRoot(path.dirname(entryPath));
+		if (fromEntry) return fromEntry;
+	}
+	try {
+		const fromHere = findPackageRoot(path.dirname(fileURLToPath(import.meta.url)));
+		if (fromHere) return fromHere;
+	} catch {}
+	return process$1?.cwd?.() ?? ".";
+}
+/**
+* Absolute path to the extension's source directory. Extension is
+* plain JS / JSON (no build pipeline) so `src/browser-ext/` is the
+* canonical location whether installed via npm or running from a
+* checkout.
+*/
+function extensionDir() {
+	return path.join(packageRoot(), "src", "browser-ext");
+}
+/** Absolute path to the bundled bridge entrypoint. */
+function bridgeBundlePath() {
+	return path.join(packageRoot(), "dist", "browser-bridge", "index.js");
+}
+function appBrowserMcpDir() {
+	const dir = path.join(PATHS.APP_DIR, "browser-mcp");
+	mkdirSync(dir, { recursive: true });
+	return dir;
+}
+/**
+* Pick a runtime interpreter for the bridge. The bridge uses Node's
+* binary-stdin framing for native messaging which Bun handles
+* differently (Bun closes the bridge prematurely as soon as anything
+* unexpected lands on stdin). So prefer `node` when available;
+* fall back to `process.execPath` (which may be bun or a packaged
+* binary) only if node isn't on PATH.
+*/
+function resolveBridgeInterpreter() {
+	const probeCmd = platform() === "win32" ? "where" : "which";
+	try {
+		const out = execFileSync(probeCmd, ["node"], {
+			stdio: [
+				"ignore",
+				"pipe",
+				"ignore"
+			],
+			timeout: 2e3,
+			windowsHide: true
+		}).toString().trim().split(/\r?\n/)[0];
+		if (out) return out;
+	} catch {}
+	return process$1.execPath;
+}
+function writeLauncherShim() {
+	const dir = appBrowserMcpDir();
+	const bridgeJs = bridgeBundlePath();
+	const interp = resolveBridgeInterpreter();
+	if (platform() === "win32") {
+		const batPath = path.join(dir, "launcher.bat");
+		writeFileSync(batPath, `@echo off\r\n"${interp}" "${bridgeJs}" %*\r\n`, "utf8");
+		return batPath;
+	}
+	const shPath = path.join(dir, "launcher.sh");
+	writeFileSync(shPath, `#!/usr/bin/env bash\nexec "${interp}" "${bridgeJs}" "$@"\n`, { mode: 493 });
+	try {
+		chmodSync(shPath, 493);
+	} catch {}
+	return shPath;
+}
+function nmhPathsFor(browser) {
+	switch (platform()) {
+		case "win32": {
+			const local = process$1.env.LOCALAPPDATA;
+			const base = local ? path.join(local, "github-router", "browser-mcp") : path.join(homedir(), "AppData", "Local", "github-router", "browser-mcp");
+			mkdirSync(base, { recursive: true });
+			return {
+				manifestPath: path.join(base, `${NMH_HOST_ID}.json`),
+				registryKey: browser === "chrome" ? `HKCU\\Software\\Google\\Chrome\\NativeMessagingHosts\\${NMH_HOST_ID}` : `HKCU\\Software\\Microsoft\\Edge\\NativeMessagingHosts\\${NMH_HOST_ID}`
+			};
+		}
+		case "darwin": {
+			const base = browser === "chrome" ? path.join(homedir(), "Library", "Application Support", "Google", "Chrome", "NativeMessagingHosts") : path.join(homedir(), "Library", "Application Support", "Microsoft Edge", "NativeMessagingHosts");
+			mkdirSync(base, { recursive: true });
+			return { manifestPath: path.join(base, `${NMH_HOST_ID}.json`) };
+		}
+		default: {
+			const base = browser === "chrome" ? path.join(homedir(), ".config", "google-chrome", "NativeMessagingHosts") : path.join(homedir(), ".config", "microsoft-edge", "NativeMessagingHosts");
+			mkdirSync(base, { recursive: true });
+			return { manifestPath: path.join(base, `${NMH_HOST_ID}.json`) };
+		}
+	}
+}
+/**
+* Write the NMH manifest + (Windows) registry key for a given browser.
+* Returns the manifest path written; throws if any step fails (caller
+* surfaces as part of install_required.reason).
+*/
+function installNativeHostFor(browser) {
+	const manifest = {
+		name: NMH_HOST_ID,
+		description: "github-router browser bridge",
+		path: writeLauncherShim(),
+		type: "stdio",
+		allowed_origins: [`chrome-extension://${computeExtensionIdFromKey(readManifestKey())}/`]
+	};
+	const { manifestPath, registryKey } = nmhPathsFor(browser);
+	writeFileSync(manifestPath, JSON.stringify(manifest, null, 2), "utf8");
+	if (platform() !== "win32") try {
+		chmodSync(manifestPath, 420);
+	} catch {}
+	if (registryKey) execFileSync("reg.exe", [
+		"add",
+		registryKey,
+		"/ve",
+		"/t",
+		"REG_SZ",
+		"/d",
+		manifestPath,
+		"/f"
+	], {
+		windowsHide: true,
+		timeout: 5e3,
+		stdio: [
+			"ignore",
+			"pipe",
+			"pipe"
+		]
+	});
+	return manifestPath;
+}
+/**
+* Install the NMH manifest for every supported browser detected on
+* this host. Returns the list of (browser, manifestPath) tuples
+* actually written so the install_required response can report what
+* auto-installed.
+*/
+function installNativeHostForAll(browsers) {
+	const results = [];
+	for (const b of browsers) try {
+		const manifestPath = installNativeHostFor(b);
+		results.push({
+			browser: b,
+			manifestPath
+		});
+	} catch (err) {
+		console.warn(`[browser-mcp] failed to install NMH manifest for ${b}:`, err instanceof Error ? err.message : String(err));
+	}
+	return results;
+}
+
+//#endregion
+//#region src/lib/browser-mcp/install-check.ts
+function discoveryPath() {
+	return path.join(PATHS.APP_DIR, "browser-mcp", "bridge.json");
+}
+function readBridgeDiscovery() {
+	try {
+		const raw = readFileSync(discoveryPath(), "utf8");
+		const parsed = JSON.parse(raw);
+		if (typeof parsed.pid === "number" && typeof parsed.port === "number" && typeof parsed.token === "string" && typeof parsed.startedAt === "number") return parsed;
+	} catch {}
+}
+async function probeHealth(port, token, timeoutMs = 500) {
+	const controller = new AbortController();
+	const timer = setTimeout(() => controller.abort(), timeoutMs);
+	try {
+		const res = await fetch(`http://127.0.0.1:${port}/health`, {
+			headers: { authorization: `Bearer ${token}` },
+			signal: controller.signal
+		});
+		if (!res.ok) return void 0;
+		return await res.json();
+	} catch {
+		return;
+	} finally {
+		clearTimeout(timer);
+	}
+}
+function bridgeBundleExists() {
+	try {
+		readFileSync(bridgeBundlePath());
+		return true;
+	} catch {
+		return false;
+	}
+}
+function loadStableExtensionId() {
+	try {
+		const raw = readFileSync(path.join(extensionDir(), "manifest.json"), "utf8");
+		const parsed = JSON.parse(raw);
+		if (typeof parsed.key === "string") return computeExtensionIdFromKey(parsed.key);
+	} catch {}
+	return "unknown";
+}
+function buildInstallRequired(reason, autoInstalled) {
+	return {
+		install_required: true,
+		reason,
+		auto_installed: autoInstalled,
+		manual_steps: {
+			load_unpacked_dir: extensionDir(),
+			expected_extension_id: loadStableExtensionId(),
+			instructions: reason === "no_supported_browser" ? "No Chrome or Edge installation was detected on this host. Install one and restart the github-router proxy." : reason === "bridge_bundle_missing" ? "The bridge bundle is missing. Run `bun run build` from the github-router checkout to produce dist/browser-bridge/index.js, then retry." : "Open chrome://extensions (or edge://extensions), enable Developer Mode, click 'Load unpacked', and select the load_unpacked_dir above. Then retry this tool call."
+		}
+	};
+}
+/**
+* Full pre-flight. Returns either `{install_required: false, port,
+* token, pid}` (bridge ready, extension connected) or an
+* `install_required` payload the dispatcher hands directly to the
+* model. Side effect: when reason is `extension_not_loaded`, attempts
+* to install the NMH manifest for every detected browser so that the
+* extension can connect immediately on load.
+*/
+async function ensureBridgeReady() {
+	const browsers = detectSupportedBrowsers();
+	if (browsers.length === 0) return buildInstallRequired("no_supported_browser", []);
+	if (!bridgeBundleExists()) return buildInstallRequired("bridge_bundle_missing", []);
+	const autoInstalled = installNativeHostForAll(browsers).flatMap((r) => [`nmh_manifest_${r.browser}`]);
+	const discovery = readBridgeDiscovery();
+	if (!discovery) return buildInstallRequired("bridge_not_running", autoInstalled);
+	const health = await probeHealth(discovery.port, discovery.token);
+	if (!health || !health.ok) return buildInstallRequired("bridge_not_running", autoInstalled);
+	if (!health.extension_connected) return buildInstallRequired("extension_not_loaded", autoInstalled);
+	return {
+		install_required: false,
+		port: discovery.port,
+		token: discovery.token,
+		pid: discovery.pid
+	};
+}
+function installRequiredToolResult(payload) {
+	return {
+		content: [{
+			type: "text",
+			text: JSON.stringify(payload, null, 2)
+		}],
+		isError: true
+	};
+}
+
+//#endregion
+//#region src/lib/browser-mcp/policy.ts
+const BLOCKED_URL_RE = /^(chrome|edge|brave|opera|vivaldi):\/\/(settings|preferences|extensions|policy|management|password|flags|flag-descriptions)/i;
+const BLOCKED_VIEW_SOURCE_RE = /^view-source:(chrome|edge):\/\/(settings|extensions)/i;
+const BLOCKED_OPTIONS_HTML_RE = /^(chrome|edge)-extension:\/\/.*\/(options|popup)\.html/i;
+const FILE_URL_RE = /^file:/i;
+function checkUrlPolicy(url) {
+	if (typeof url !== "string" || url.length === 0) return { blocked: false };
+	if (BLOCKED_URL_RE.test(url) || BLOCKED_VIEW_SOURCE_RE.test(url)) return {
+		blocked: true,
+		reason: "Browser-internal pages (settings / preferences / extensions / flags / passwords) are not accessible to the browser MCP. devtools:// is allowed."
+	};
+	if (BLOCKED_OPTIONS_HTML_RE.test(url)) return {
+		blocked: true,
+		reason: "Extension options / popup pages are not accessible to the browser MCP."
+	};
+	if (FILE_URL_RE.test(url) && process.env.GH_ROUTER_BROWSER_ALLOW_FILE_URLS !== "1") return {
+		blocked: true,
+		reason: "file:// URLs are blocked by default. Set GH_ROUTER_BROWSER_ALLOW_FILE_URLS=1 to enable."
+	};
+	return { blocked: false };
+}
+/**
+* Extract URL fields from a tool call's arguments. Returns the first
+* URL that violates policy, or undefined if all clear. Currently checks
+* the `url` field (used by browser_open_tab + browser_navigate).
+*/
+function preflightUrlPolicy(toolName, args) {
+	if (toolName !== "browser_open_tab" && toolName !== "browser_navigate") return { blocked: false };
+	return checkUrlPolicy(args.url);
+}
+
+//#endregion
+//#region src/lib/browser-mcp/dispatch.ts
+const PER_TOOL_TIMEOUTS = {
+	browser_list_tabs: {
+		defaultMs: 5e3,
+		maxMs: 1e4
+	},
+	browser_open_tab: {
+		defaultMs: 3e4,
+		maxMs: 6e4
+	},
+	browser_close_tab: {
+		defaultMs: 5e3,
+		maxMs: 1e4
+	},
+	browser_navigate: {
+		defaultMs: 3e4,
+		maxMs: 6e4
+	},
+	browser_screenshot: {
+		defaultMs: 15e3,
+		maxMs: 3e4
+	},
+	browser_read_page: {
+		defaultMs: 1e4,
+		maxMs: 3e4
+	},
+	browser_click: {
+		defaultMs: 1e4,
+		maxMs: 3e4
+	},
+	browser_fill: {
+		defaultMs: 1e4,
+		maxMs: 3e4
+	},
+	browser_scroll: {
+		defaultMs: 5e3,
+		maxMs: 1e4
+	},
+	browser_keyboard: {
+		defaultMs: 5e3,
+		maxMs: 1e4
+	},
+	browser_wait: {
+		defaultMs: 1e4,
+		maxMs: 6e4
+	},
+	browser_eval_js: {
+		defaultMs: 5e3,
+		maxMs: 3e4
+	},
+	browser_download: {
+		defaultMs: 6e4,
+		maxMs: 3e5
+	},
+	browser_console_logs: {
+		defaultMs: 5e3,
+		maxMs: 1e4
+	},
+	browser_network_log: {
+		defaultMs: 5e3,
+		maxMs: 1e4
+	}
+};
+function pickTimeout(tool) {
+	if (tool in PER_TOOL_TIMEOUTS) return PER_TOOL_TIMEOUTS[tool];
+	return {
+		defaultMs: 1e4,
+		maxMs: 3e4
+	};
+}
+/**
+* Send one request to the bridge over a fresh WebSocket connection.
+* Resolves to the bridge's response envelope or rejects on timeout /
+* transport failure. Honors the caller's AbortSignal — when the MCP
+* client sends notifications/cancelled, the WS is force-closed and
+* the promise rejects so the slot releases cleanly.
+*/
+async function bridgeCall(endpoint, tool, args, timeoutMs, signal) {
+	return new Promise((resolve, reject) => {
+		const id = randomUUID();
+		const ws = new WebSocket(`ws://127.0.0.1:${endpoint.port}`, { headers: { authorization: `Bearer ${endpoint.token}` } });
+		let settled = false;
+		const finish = (fn) => {
+			if (settled) return;
+			settled = true;
+			clearTimeout(timer);
+			if (signal) signal.removeEventListener("abort", onAbort);
+			try {
+				ws.close();
+			} catch {}
+			fn();
+		};
+		const onAbort = () => finish(() => reject(/* @__PURE__ */ new Error("aborted")));
+		if (signal) {
+			if (signal.aborted) {
+				onAbort();
+				return;
+			}
+			signal.addEventListener("abort", onAbort, { once: true });
+		}
+		const timer = setTimeout(() => finish(() => reject(/* @__PURE__ */ new Error(`timeout after ${timeoutMs}ms`))), timeoutMs);
+		ws.on("open", () => {
+			ws.send(JSON.stringify({
+				id,
+				tool,
+				args
+			}));
+		});
+		ws.on("message", (raw) => {
+			try {
+				const parsed = JSON.parse(raw.toString());
+				if (parsed && parsed.id === id) finish(() => resolve(parsed));
+			} catch (err) {
+				finish(() => reject(err));
+			}
+		});
+		ws.on("error", (err) => {
+			finish(() => reject(err));
+		});
+		ws.on("close", () => {
+			finish(() => reject(/* @__PURE__ */ new Error("bridge connection closed before response")));
+		});
+	});
+}
+/**
+* Real dispatcher for any browser_* tool. Used by the entries in
+* src/lib/browser-mcp/index.ts. Returns the standard MCP tool-result
+* envelope.
+*/
+async function dispatchBrowserTool(tool, args, signal, opts = {}) {
+	const policy = preflightUrlPolicy(tool, args);
+	if (policy.blocked) return {
+		content: [{
+			type: "text",
+			text: JSON.stringify({
+				blocked: true,
+				reason: policy.reason
+			}, null, 2)
+		}],
+		isError: true
+	};
+	const ready = await ensureBridgeReady();
+	if (ready.install_required) return installRequiredToolResult(ready);
+	const { defaultMs, maxMs } = pickTimeout(tool);
+	const callerTimeout = typeof opts.timeoutMs === "number" && opts.timeoutMs > 0 ? Math.min(opts.timeoutMs, maxMs) : defaultMs;
+	try {
+		const resp = await bridgeCall({
+			port: ready.port,
+			token: ready.token
+		}, tool, args, callerTimeout, signal);
+		if (resp.ok) {
+			const text = typeof resp.data === "string" ? resp.data : JSON.stringify(resp.data, null, 2);
+			logAudit$1({
+				tool,
+				argsBytes: argsByteSize(args),
+				durationMs: 0,
+				profile: typeof args.profile === "string" ? args.profile : "isolated",
+				result: "ok"
+			});
+			return { content: [{
+				type: "text",
+				text
+			}] };
+		}
+		logAudit$1({
+			tool,
+			argsBytes: argsByteSize(args),
+			durationMs: 0,
+			profile: typeof args.profile === "string" ? args.profile : "isolated",
+			result: "bridge_error",
+			error: resp.error
+		});
+		return {
+			content: [{
+				type: "text",
+				text: `${tool} failed: ${resp.error}${resp.code ? ` (${resp.code})` : ""}`
+			}],
+			isError: true
+		};
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		logAudit$1({
+			tool,
+			argsBytes: argsByteSize(args),
+			durationMs: 0,
+			profile: typeof args.profile === "string" ? args.profile : "isolated",
+			result: "exception",
+			error: message
+		});
+		return {
+			content: [{
+				type: "text",
+				text: `${tool} failed: ${message}`
+			}],
+			isError: true
+		};
+	}
+}
+function argsByteSize(args) {
+	try {
+		return Buffer.byteLength(JSON.stringify(args), "utf8");
+	} catch {
+		return -1;
+	}
+}
+function logAudit$1(record) {
+	if (process.env.GH_ROUTER_LOG_BROWSER_MCP !== "1") return;
+	(async () => {
+		try {
+			const fs$2 = await import("node:fs/promises");
+			const path$2 = await import("node:path");
+			const { PATHS: PATHS$1 } = await import("./paths-Cf3OVCaJ.js");
+			const dir = path$2.join(PATHS$1.APP_DIR, "browser-mcp");
+			await fs$2.mkdir(dir, { recursive: true });
+			const line = JSON.stringify({
+				ts: (/* @__PURE__ */ new Date()).toISOString(),
+				...record
+			}) + "\n";
+			await fs$2.appendFile(path$2.join(dir, "audit.log"), line, "utf8");
+		} catch {}
+	})();
+}
+
+//#endregion
+//#region src/lib/browser-mcp/index.ts
+/**
+* Browser-control MCP tools (`browser_*`). All entries route through
+* `dispatchBrowserTool()` which (1) runs the bridge-layer URL policy
+* check, (2) runs the install-check pre-flight (returning structured
+* install_required JSON when the bridge or extension isn't ready),
+* and (3) opens a WS to the bridge, sends the tool call, awaits the
+* response with a per-tool timeout.
+*
+* Each entry carries `capability: "browser"` so `browserToolsEnabled()`
+* in `src/routes/mcp/handler.ts` drops them at both list-time and
+* call-time when the operator hasn't opted in via `--browse` or
+* `GH_ROUTER_ENABLE_BROWSE=1`.
+*
+* v1 surface: 15 tools (Phases 3 + 4a + 4b).
+*/
+const BROWSER_TOOLS = Object.freeze([
+	{
+		toolNameHttp: "browser_list_tabs",
+		description: "List all open tabs across all browser windows. Returns each tab's id (used by other browser_* tools), URL, title, active flag, and window id.",
+		inputSchema: {
+			type: "object",
+			additionalProperties: false,
+			properties: {}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_list_tabs", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_open_tab",
+		description: "Open a URL in a new browser tab and wait for the page to finish loading. Returns the new tab's id, final URL after redirects, and HTTP status. Refuses to navigate to browser-internal settings / preferences / extensions / flags pages (returns {blocked: true, reason}); devtools://* is allowed.",
+		inputSchema: {
+			type: "object",
+			required: ["url"],
+			additionalProperties: false,
+			properties: {
+				url: {
+					type: "string",
+					description: "The URL to load. Maximum 8 KB. Settings / preferences / extensions / flags pages are blocked."
+				},
+				reuseActive: {
+					type: "boolean",
+					description: "When true, navigate the currently active tab instead of opening a new one. Default false."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_open_tab", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_close_tab",
+		description: "Close one or more tabs by tab id.",
+		inputSchema: {
+			type: "object",
+			required: ["tabIds"],
+			additionalProperties: false,
+			properties: { tabIds: {
+				type: "array",
+				items: { type: "number" },
+				description: "Array of tab ids to close (from browser_list_tabs)."
+			} }
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_close_tab", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_navigate",
+		description: "Navigate an existing tab: goto a URL, go back, go forward, or reload. Same URL-blocking policy as browser_open_tab.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId", "action"],
+			additionalProperties: false,
+			properties: {
+				tabId: {
+					type: "number",
+					description: "Tab id from browser_list_tabs / browser_open_tab."
+				},
+				action: {
+					type: "string",
+					enum: [
+						"goto",
+						"back",
+						"forward",
+						"reload"
+					],
+					description: "The navigation action."
+				},
+				url: {
+					type: "string",
+					description: "Required when action=goto. Max 8 KB."
+				},
+				hard: {
+					type: "boolean",
+					description: "Reload only: bypass cache (Ctrl+Shift+R behavior). Default false."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_navigate", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_screenshot",
+		description: "Capture a PNG screenshot of the visible area of a tab. Returns base64-encoded image bytes plus contentType. The tab must be active in its window; this tool auto-activates if needed.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId"],
+			additionalProperties: false,
+			properties: {
+				tabId: {
+					type: "number",
+					description: "Tab id from browser_list_tabs / browser_open_tab."
+				},
+				format: {
+					type: "string",
+					enum: ["png", "jpeg"],
+					description: "Image format. Default 'png'."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_screenshot", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_read_page",
+		description: "Extract rendered page text plus the list of interactive elements (refs, roles, names, bounding boxes). Element refs returned here are intended as the input to a follow-up browser_click / browser_fill / browser_scroll — preferred over CSS selectors because refs are stable across dynamic class names. Text is capped at 256 KiB.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId"],
+			additionalProperties: false,
+			properties: { tabId: {
+				type: "number",
+				description: "Tab id from browser_list_tabs / browser_open_tab."
+			} }
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_read_page", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_click",
+		description: "Click an element by ref (from a prior browser_read_page) or CSS selector. Returns {ok, navigated} where navigated=true if the URL changed within ~300ms of the click.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId"],
+			additionalProperties: false,
+			properties: {
+				tabId: { type: "number" },
+				ref: {
+					type: "string",
+					description: "Element ref from browser_read_page (preferred)."
+				},
+				selector: {
+					type: "string",
+					description: "CSS selector (fallback when no ref)."
+				},
+				button: {
+					type: "string",
+					enum: ["left", "right"],
+					description: "Mouse button. Default 'left'."
+				},
+				clickCount: {
+					type: "number",
+					description: "Number of times to click. Default 1."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_click", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_fill",
+		description: "Type into an input / textarea, select from a dropdown, or toggle a checkbox / radio. Dispatches native input and change events so React-style controlled inputs see the value.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId", "value"],
+			additionalProperties: false,
+			properties: {
+				tabId: { type: "number" },
+				ref: {
+					type: "string",
+					description: "Element ref from browser_read_page (preferred)."
+				},
+				selector: {
+					type: "string",
+					description: "CSS selector (fallback when no ref)."
+				},
+				value: { description: "The value to set. String for inputs / textareas / select option value. Boolean for checkbox / radio. Max 1 MB." },
+				clearFirst: {
+					type: "boolean",
+					description: "Clear the input before typing (default true). No effect on select / checkbox."
+				},
+				pressEnter: {
+					type: "boolean",
+					description: "After typing, dispatch Enter keydown / keyup and call form.requestSubmit if available. Default false."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_fill", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_scroll",
+		description: "Scroll a tab to the top, to the bottom, by a pixel amount, or to a specific element by ref.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId", "target"],
+			additionalProperties: false,
+			properties: {
+				tabId: { type: "number" },
+				target: {
+					type: "string",
+					enum: [
+						"top",
+						"bottom",
+						"pixels",
+						"element"
+					],
+					description: "Scroll target type."
+				},
+				pixels: {
+					type: "number",
+					description: "Pixel delta when target=pixels. Positive scrolls down, negative scrolls up."
+				},
+				ref: {
+					type: "string",
+					description: "Element ref when target=element. Scrolls so the element is centered in the viewport."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_scroll", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_keyboard",
+		description: "Send a keystroke or chord to the focused element. Use 'Control+L' / 'Command+L' for browser shortcuts, single characters for typing. Uses chrome.debugger so browser-level shortcuts (Ctrl+T, Ctrl+W, etc) actually fire.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId", "keys"],
+			additionalProperties: false,
+			properties: {
+				tabId: { type: "number" },
+				keys: {
+					type: "string",
+					description: "Key or chord. Modifiers (Control, Alt, Shift, Meta / Command) joined with '+'. Example: 'Control+L'."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_keyboard", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_wait",
+		description: "Wait for an element to appear (until='selector'), the tab URL to match a regex (until='url'), or the network to go idle (until='networkIdle' - heuristic: tab status complete + 500ms quiet). Returns {ok: true, elapsedMs} on success, {ok: false, reason: 'timeout'} on miss.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId", "until"],
+			additionalProperties: false,
+			properties: {
+				tabId: { type: "number" },
+				until: {
+					type: "string",
+					enum: [
+						"selector",
+						"url",
+						"networkIdle"
+					],
+					description: "What to wait for."
+				},
+				selector: {
+					type: "string",
+					description: "CSS selector when until=selector."
+				},
+				urlPattern: {
+					type: "string",
+					description: "JS regex (string form) when until=url."
+				},
+				timeoutMs: {
+					type: "number",
+					description: "Max wait. Default 10000, hard cap 60000."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_wait", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_eval_js",
+		description: "Evaluate a JavaScript expression in the tab's main world (equivalent to typing in the DevTools console). Returns {result} or {error}. Awaits promises returned by the expression. Single narrowly-named escape hatch for behaviors the other tools don't cover.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId", "expression"],
+			additionalProperties: false,
+			properties: {
+				tabId: { type: "number" },
+				expression: {
+					type: "string",
+					description: "JS expression. Max 100 KB. Top-level await NOT supported - wrap in (async () => ...)()."
+				},
+				timeoutMs: {
+					type: "number",
+					description: "Max evaluation time. Default 5000, hard cap 30000."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_eval_js", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_download",
+		description: "Trigger a download by URL and wait for it to complete. Returns {downloadId, path, bytes, mimeType}. The file lands in Chrome's default Downloads dir unless saveAs is given.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId", "url"],
+			additionalProperties: false,
+			properties: {
+				tabId: {
+					type: "number",
+					description: "Tab id is logged but the download itself is window-scoped, not tab-scoped."
+				},
+				source: {
+					type: "string",
+					enum: ["url"],
+					description: "Download source. Only 'url' supported in v1; click-then-wait awaits Phase 5."
+				},
+				url: {
+					type: "string",
+					description: "Direct URL to download. Max 8 KB."
+				},
+				saveAs: {
+					type: "string",
+					description: "Optional filename / relative subdir under Downloads. Conflicts auto-uniquify."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_download", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_console_logs",
+		description: "Drain console messages a tab has emitted since the last call. The first call for a tab attaches chrome.debugger and starts capturing, so very-early-load messages from before the first call are missed; subsequent calls return everything since the previous drain. Buffer is capped at 1000 entries per tab.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId"],
+			additionalProperties: false,
+			properties: {
+				tabId: { type: "number" },
+				level: {
+					type: "string",
+					enum: [
+						"log",
+						"info",
+						"warn",
+						"error",
+						"debug",
+						"all"
+					],
+					description: "Filter by console level. Default 'all'."
+				}
+			}
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_console_logs", args, signal);
+		}
+	},
+	{
+		toolNameHttp: "browser_network_log",
+		description: "Drain network responses a tab has received since the last call. Same lazy-attach + cap-1000 behavior as browser_console_logs. Returns request URL, method, status, mime type, and timestamp per entry.",
+		inputSchema: {
+			type: "object",
+			required: ["tabId"],
+			additionalProperties: false,
+			properties: { tabId: { type: "number" } }
+		},
+		capability: "browser",
+		async handler(args, signal) {
+			return dispatchBrowserTool("browser_network_log", args, signal);
+		}
+	}
+]);
+
 //#endregion
 //#region src/vendor/pi/ai/api-registry.ts
 const apiProviderRegistry = /* @__PURE__ */ new Map();
@@ -2711,8 +3795,8 @@ function coerceWithJsonSchema(value, schema) {
 }
 function getValidator(schema) {
 	const key = schema;
-	const cached = validatorCache.get(key);
-	if (cached) return cached;
+	const cached$1 = validatorCache.get(key);
+	if (cached$1) return cached$1;
 	const validator = Compile(schema);
 	validatorCache.set(key, validator);
 	return validator;
@@ -4405,12 +5489,12 @@ function joinTextChunks(accum, idx) {
 */
 function makeLazyTextPart(chunks) {
 	const upTo = chunks.length;
-	let cached;
+	let cached$1;
 	return {
 		type: "text",
 		get text() {
-			if (cached === void 0) cached = upTo === chunks.length ? chunks.join("") : chunks.slice(0, upTo).join("");
-			return cached;
+			if (cached$1 === void 0) cached$1 = upTo === chunks.length ? chunks.join("") : chunks.slice(0, upTo).join("");
+			return cached$1;
 		}
 	};
 }
@@ -4874,6 +5958,35 @@ function geminiAvailable() {
 	return models.some((m) => /^gemini-3\..*pro/i.test(m.id));
 }
 /**
+* Gate for the `stand_in` tool.
+*
+* Returns true iff Copilot's live catalog (`state.models?.data`) contains
+* ALL THREE peer models the consensus protocol needs:
+*   - `gpt-5.5`             (codex_critic's model)
+*   - `claude-opus-4-7`     (opus_critic's model)
+*   - any `gemini-3.X.*pro` (gemini_critic's model family — matches the
+*     same regex `geminiAvailable()` uses, so the gate stays in sync if
+*     the GA slug renames `gemini-3.1-pro-preview` → `gemini-3.1-pro`)
+*
+* If any one is missing, `stand_in` is dropped from `tools/list` AND
+* fails `tools/call` with -32601 (mirroring the `worker` capability's
+* defense-in-depth pattern — the gated tool is functionally invisible).
+*
+* Tier-mismatch on `claude-opus-4-7`: the proxy's `resolveModel` will
+* fuzzy-match `claude-opus-4-7` to `claude-opus-4.7` (Copilot's dotted
+* slug). For the catalog probe we use the Anthropic-published dashed
+* slug too — `state.models?.data` mirrors Copilot's catalog where these
+* land under the dotted slug, so we match by Copilot's actual id shape.
+*/
+function standInToolEnabled() {
+	const models = state.models?.data;
+	if (!models) return false;
+	const hasGpt55 = models.some((m) => m.id === "gpt-5.5");
+	const hasOpus = models.some((m) => m.id === "claude-opus-4-7" || m.id === "claude-opus-4.7");
+	const hasGeminiPro = models.some((m) => /^gemini-3\..*pro/i.test(m.id));
+	return hasGpt55 && hasOpus && hasGeminiPro;
+}
+/**
 * Gate for the worker tools (`worker_explore`, `worker_implement`).
 *
 * Returns true iff BOTH:
@@ -4906,6 +6019,37 @@ function workerToolsEnabled() {
 	if (!found) return false;
 	return found.capabilities?.supports?.tool_calls === true;
 }
+/**
+* Gate for the browser-control MCP tools (`browser_*`).
+*
+* Returns true iff BOTH:
+*   1. The operator opted in via `--browse` (which sets
+*      `state.browseEnabled`) OR the equivalent env var
+*      `GH_ROUTER_ENABLE_BROWSE=1`. Default OFF — browser-control is
+*      side-effectful (mutates the user's browser session, downloads
+*      files, can navigate to phishing URLs the model was prompted with),
+*      so dormant-register is the safe default.
+*   2. At least one supported Chromium-family browser (Chrome or Edge)
+*      is detected on disk by `hasSupportedBrowserInstalled()`. No
+*      browser → nothing for the bridge to attach to → tools stay
+*      invisible rather than fail at call time. Detection is cached for
+*      the proxy lifetime; a fresh install requires a restart.
+*
+* Mirrors the defense-in-depth pattern of `workerToolsEnabled()` /
+* `standInToolEnabled()`: this same function gates BOTH the
+* `tools/list` filter in `toolEntries()` AND the call-time rejection in
+* `handleToolsCall` (returning -32601 for hard-coded tool-name
+* bypasses), so the two surfaces stay symmetric.
+*
+* The env-var check reads `process.env` directly instead of relying
+* solely on `state.browseEnabled` so a non-`setupAndServe` startup path
+* (tests, embedded use) can still flip the gate via env. The CLI flag
+* path is the canonical one for end users.
+*/
+function browserToolsEnabled() {
+	if (!(state.browseEnabled || process.env.GH_ROUTER_ENABLE_BROWSE === "1")) return false;
+	return hasSupportedBrowserInstalled();
+}
 function activePersonas() {
 	return PERSONAS_READ.filter((p) => !p.requiresGeminiCatalog || geminiAvailable());
 }
@@ -4934,7 +6078,12 @@ function toolEntries() {
 			}
 		}
 	}));
-	const nonPersonaEntries = NON_PERSONA_MCP_TOOLS.filter((t) => t.capability !== "worker" || workerToolsEnabled()).map((t) => ({
+	const nonPersonaEntries = NON_PERSONA_MCP_TOOLS.filter((t) => {
+		if (t.capability === "worker") return workerToolsEnabled();
+		if (t.capability === "stand_in") return standInToolEnabled();
+		if (t.capability === "browser") return browserToolsEnabled();
+		return true;
+	}).map((t) => ({
 		name: t.toolNameHttp,
 		description: t.description,
 		inputSchema: t.inputSchema
@@ -5054,10 +6203,21 @@ function jsonPathPreflightCap(body) {
 	const params = body.params ?? {};
 	const name$1 = typeof params.name === "string" ? params.name : "";
 	const args = params.arguments ?? {};
+	if (!name$1) return void 0;
+	if (name$1 === "stand_in") {
+		const decision = typeof args.decision === "string" ? args.decision : "";
+		const optionsRaw = Array.isArray(args.options) ? args.options : [];
+		const standInContext = typeof args.context === "string" ? args.context : "";
+		if (!decision || optionsRaw.length === 0) return void 0;
+		const briefBytes$1 = Buffer.byteLength(decision + JSON.stringify(optionsRaw) + standInContext, "utf8");
+		const STAND_IN_CAP_BYTES = 6 * 1024;
+		if (briefBytes$1 > STAND_IN_CAP_BYTES) return rpcResult(body.id, toolError(`pre-flight rejected: stand_in on a ${briefBytes$1}-byte input is predicted to exceed the JSON tools/call timeout (cap=${STAND_IN_CAP_BYTES} bytes). stand_in runs two sequential voting rounds across three frontier models — wall-clock is typically 2-3 minutes regardless of input size. Send Accept: text/event-stream to use the SSE path which bypasses this cap, or trim the decision/options/context.`));
+		return;
+	}
 	const prompt = typeof args.prompt === "string" ? args.prompt : "";
 	const context = typeof args.context === "string" ? args.context : void 0;
 	const rawEffort = args.effort;
-	if (!name$1 || !prompt) return void 0;
+	if (!prompt) return void 0;
 	const persona = activePersonas().find((p) => p.toolNameHttp === name$1);
 	if (!persona) return void 0;
 	if (rawEffort !== void 0 && !isEffort(rawEffort)) return void 0;
@@ -5069,60 +6229,81 @@ function jsonPathPreflightCap(body) {
 	if (!verdict.tooLong) return void 0;
 	return rpcResult(body.id, toolError(`pre-flight rejected: ${persona.toolNameHttp} at effort=${effort} on a ${briefBytes}-byte brief is empirically predicted to exceed the JSON tools/call timeout (cap=${verdict.capBytes} bytes for this tier). Either drop to a lower effort tier, split the brief into 2-4 parallel sub-calls per the decomposition guidance, or send Accept: text/event-stream to use the SSE path which bypasses this cap.`));
 }
-async function callPersona(persona, prompt, context, effort, signal) {
-	const resolvedModel = resolveModel(persona.model);
-	const userText = buildUserText(prompt, context);
-	if (persona.endpoint === "/v1/responses") {
-		const text$1 = extractResponsesText(await createResponses({
-			model: resolvedModel,
-			instructions: persona.baseInstructions,
-			input: [{
-				role: "user",
-				content: [{
-					type: "input_text",
-					text: userText
-				}]
-			}],
-			stream: false,
-			reasoning: { effort }
-		}, void 0, signal));
-		if (!text$1) return toolError(`persona ${persona.agentName}: empty assistant output`);
-		return { content: [{
-			type: "text",
-			text: text$1
-		}] };
-	}
-	if (persona.endpoint === "/v1/messages") {
-		const maxTokens = effort === "low" ? 4096 : effort === "medium" ? 8192 : effort === "high" ? 16384 : 32768;
-		const text$1 = extractMessagesText(await (await createMessages(JSON.stringify({
+/**
+* Per-endpoint wire dispatch for a single peer-model call. Returns the
+* assistant's raw text (possibly empty — caller decides what "empty"
+* means in their context). Upstream errors (network, 4xx, 5xx) propagate
+* as exceptions via `await`.
+*
+* Extracted from `callPersona()` so non-persona callers — specifically
+* the `stand_in` orchestrator in `src/lib/stand-in.ts` — can reuse the
+* same per-endpoint request shaping without re-implementing it. The
+* stand_in tool needs to drive its own per-round system prompts across
+* three concrete models (gpt-5.5, claude-opus-4-7, gemini-3.1-pro-preview),
+* each on a different endpoint; doing that with a `PersonaSpec` would
+* require either inventing throwaway personas per round or duplicating
+* the dispatch switch.
+*
+* NOTE on consumer-cancel signal: we deliberately do NOT pass
+* c.req.raw.signal into the upstream fetch. Bun/srvx aborts the
+* request signal as soon as the request body is fully consumed
+* (after `await c.req.json()`), which would make every call fail
+* immediately with "This operation was aborted". The caller creates
+* its own AbortController and threads it through `signal`. See CLAUDE.md
+* "Bun request-signal quirk" for full context.
+*/
+async function dispatchModelCall(args) {
+	const resolvedModel = resolveModel(args.model);
+	if (args.endpoint === "/v1/responses") return extractResponsesText(await createResponses({
+		model: resolvedModel,
+		instructions: args.instructions,
+		input: [{
+			role: "user",
+			content: [{
+				type: "input_text",
+				text: args.userText
+			}]
+		}],
+		stream: false,
+		reasoning: { effort: args.effort }
+	}, void 0, args.signal));
+	if (args.endpoint === "/v1/messages") {
+		const maxTokens = args.effort === "low" ? 4096 : args.effort === "medium" ? 8192 : args.effort === "high" ? 16384 : 32768;
+		return extractMessagesText(await (await createMessages(JSON.stringify({
 			model: resolvedModel,
 			max_tokens: maxTokens,
-			system: persona.baseInstructions,
+			system: args.instructions,
 			thinking: { type: "adaptive" },
-			output_config: { effort },
+			output_config: { effort: args.effort },
 			messages: [{
 				role: "user",
-				content: userText
+				content: args.userText
 			}]
-		}), void 0, signal)).json());
-		if (!text$1) return toolError(`persona ${persona.agentName}: empty assistant output`);
-		return { content: [{
-			type: "text",
-			text: text$1
-		}] };
+		}), void 0, args.signal)).json());
 	}
-	const text = extractChatCompletionText(await createChatCompletions({
+	return extractChatCompletionText(await createChatCompletions({
 		model: resolvedModel,
 		messages: [{
 			role: "system",
-			content: persona.baseInstructions
+			content: args.instructions
 		}, {
 			role: "user",
-			content: userText
+			content: args.userText
 		}],
 		stream: false,
-		reasoning_effort: effort
-	}, void 0, signal));
+		reasoning_effort: args.effort
+	}, void 0, args.signal));
+}
+async function callPersona(persona, prompt, context, effort, signal) {
+	const userText = buildUserText(prompt, context);
+	const text = await dispatchModelCall({
+		model: persona.model,
+		endpoint: persona.endpoint,
+		instructions: persona.baseInstructions,
+		userText,
+		effort,
+		signal
+	});
 	if (!text) return toolError(`persona ${persona.agentName}: empty assistant output`);
 	return { content: [{
 		type: "text",
@@ -5150,6 +6331,8 @@ async function handleToolsCall(body) {
 	const nonPersonaTool = persona ? void 0 : NON_PERSONA_MCP_TOOLS.find((t) => t.toolNameHttp === name$1);
 	if (!persona && !nonPersonaTool) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
 	if (nonPersonaTool && nonPersonaTool.capability === "worker" && !workerToolsEnabled()) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
+	if (nonPersonaTool && nonPersonaTool.capability === "stand_in" && !standInToolEnabled()) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
+	if (nonPersonaTool && nonPersonaTool.capability === "browser" && !browserToolsEnabled()) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
 	let personaPrompt;
 	let personaContext;
 	let personaEffort;
@@ -7980,6 +9163,341 @@ async function runWorkerAgent(opts) {
 	}
 }
 
+//#endregion
+//#region src/lib/stand-in.ts
+/**
+* The three frontier peers. Effort is FIXED per model — not caller-tunable.
+* The tool's purpose is "give me the best 3-lab judgment available";
+* exposing effort knobs would invite the caller to cheap out and would
+* muddy the consensus signal.
+*
+* gemini-3.1-pro-preview is pinned to `high` because the model rejects
+* `xhigh` at the wire with a Copilot 400. `high` is the realistic ceiling.
+*/
+const STAND_IN_MODELS = Object.freeze([
+	{
+		key: "gpt-5.5",
+		model: "gpt-5.5",
+		endpoint: "/v1/responses",
+		effort: "xhigh"
+	},
+	{
+		key: "claude-opus-4-7",
+		model: "claude-opus-4-7",
+		endpoint: "/v1/messages",
+		effort: "xhigh"
+	},
+	{
+		key: "gemini-3.1-pro-preview",
+		model: "gemini-3.1-pro-preview",
+		endpoint: "/v1/chat/completions",
+		effort: "high"
+	}
+]);
+const SYSTEM_PROMPT_R1 = `You are one of three frontier reasoning models the user has authorized to stand in for them on a bounded decision while they are unavailable. Your task: pick the best option from those provided.
+
+Respond with ONLY a single JSON object — no prose, no markdown fences, no preamble. Schema:
+
+{
+  "choice": "<option.id>" | null,
+  "confidence": <number between 0.0 and 1.0>,
+  "reasoning": "<one short sentence>",
+  "need_more_info": "<what context is missing, if you cannot decide>"
+}
+
+Calibration rules:
+- "confidence" reflects how sure you are this is the better option (not how confident you are in your prose). 0.5 = coin flip. 0.9 = clear winner. Be honestly calibrated; the orchestrator weighs your number directly.
+- If the question is genuinely under-specified — you'd need information you don't have to choose well — set "choice": null AND populate "need_more_info" with the specific gap. Do NOT guess.
+- One sentence of reasoning. Not a paragraph.
+- The other two models will vote independently and you will see their votes in round 2. There is no benefit to anticipating what they'll pick; vote on the merits.
+
+Output ONLY the JSON object. No preamble, no markdown fences, no closing remarks.`;
+const SYSTEM_PROMPT_R2 = `You are one of three frontier reasoning models standing in for the user on a bounded decision. Round 1 voting is complete; you will now see the other models' votes and reasoning. Reconsider with their input visible.
+
+Same JSON schema as round 1:
+
+{
+  "choice": "<option.id>" | null,
+  "confidence": <number between 0.0 and 1.0>,
+  "reasoning": "<one short sentence>",
+  "need_more_info": "<gap, if any>"
+}
+
+Calibration rules:
+- You may keep your round-1 vote OR change it. Do NOT change just to agree — agreement is not the goal, the right answer is. Capitulating to peer pressure when you still believe your original choice is better is a failure mode, not a success.
+- If a peer's reasoning identifies a consideration you missed or weighed wrong, update freely. The blind round was the anti-anchor mechanism; this round is where genuine evidence can move you.
+- If round 1 left you genuinely uncertain and peer reasoning hasn't resolved it, "choice": null is still the honest answer.
+
+Output ONLY the JSON object.`;
+const RETRY_PROMPT_SUFFIX = `\n\nYour previous response was not valid JSON matching the schema. Respond with ONLY the JSON object — no preamble, no markdown fences, no closing remarks. Schema reminder: {"choice": "<id>" | null, "confidence": 0.0-1.0, "reasoning": "<one sentence>", "need_more_info": "<gap, if any>"}`;
+/**
+* Run the two-round stand-in protocol. Returns a structured verdict
+* envelope. Throws only on systemic failure (e.g., all three upstream
+* calls failed) — model-level errors and parse failures are surfaced as
+* `VoteFailure` entries in the result.
+*/
+async function runStandIn(input, signal) {
+	const r1UserText = buildRound1UserText(input);
+	const r1 = await Promise.all(STAND_IN_MODELS.map((cfg) => callAndParse(cfg, SYSTEM_PROMPT_R1, r1UserText, signal)));
+	const successfulR1 = r1.filter((r) => isVote(r.vote));
+	if (successfulR1.length === STAND_IN_MODELS.length && successfulR1.every((r) => r.vote.needMoreInfo && r.vote.choice === null)) {
+		const gaps = successfulR1.map((r) => `- ${r.key}: ${r.vote.needMoreInfo}`).join("\n");
+		return {
+			verdict: "need_more_info",
+			recommendation: null,
+			confidence: 0,
+			votes: voteRecord(r1, null),
+			notes: `All three models reported they need more context to decide:\n${gaps}`
+		};
+	}
+	const r1Decision = aggregateVotes(successfulR1);
+	if (r1Decision.verdict === "consensus" && r1Decision.meanConfidence >= .8) return {
+		verdict: "consensus",
+		recommendation: r1Decision.winner,
+		confidence: round2(r1Decision.meanConfidence),
+		votes: voteRecord(r1, null),
+		notes: `All three models picked ${r1Decision.winner} in round 1 with high confidence (skipped round 2).`
+	};
+	if (successfulR1.length < 2) return {
+		verdict: "no_consensus",
+		recommendation: null,
+		confidence: 0,
+		votes: voteRecord(r1, null),
+		notes: `Only ${successfulR1.length} of 3 models returned a parseable round-1 vote; insufficient signal to run round 2.`
+	};
+	const r2UserTextBase = buildRound2UserTextBase(input, r1);
+	const r2 = await Promise.all(STAND_IN_MODELS.map((cfg) => callAndParse(cfg, SYSTEM_PROMPT_R2, r2UserTextBase + `\n\nYou are ${cfg.key}. Reconsider and vote.`, signal)));
+	const successfulR2 = r2.filter((r) => isVote(r.vote));
+	if (successfulR2.length < 2) return {
+		verdict: "no_consensus",
+		recommendation: null,
+		confidence: 0,
+		votes: voteRecord(r1, r2),
+		notes: `Only ${successfulR2.length} of 3 models returned a parseable round-2 vote; deferring to user.`
+	};
+	const r2Decision = aggregateVotes(successfulR2);
+	if (r2Decision.verdict === "consensus") return {
+		verdict: "consensus",
+		recommendation: r2Decision.winner,
+		confidence: round2(r2Decision.meanConfidence),
+		votes: voteRecord(r1, r2),
+		notes: `All three models picked ${r2Decision.winner} in round 2.`
+	};
+	if (r2Decision.verdict === "majority") {
+		const dissenters = successfulR2.filter((r) => r.vote.choice !== r2Decision.winner).map((r) => `${r.key} picked ${r.vote.choice ?? "abstain"} (${r.vote.reasoning})`).join("; ");
+		return {
+			verdict: "majority",
+			recommendation: r2Decision.winner,
+			confidence: round2(r2Decision.meanConfidence),
+			votes: voteRecord(r1, r2),
+			notes: `Majority (2 of 3) picked ${r2Decision.winner}. Dissent: ${dissenters}.`
+		};
+	}
+	return {
+		verdict: "no_consensus",
+		recommendation: null,
+		confidence: 0,
+		votes: voteRecord(r1, r2),
+		notes: `Models did not converge in round 2 (votes split). Defer to user.`
+	};
+}
+async function callAndParse(cfg, instructions, userText, signal) {
+	let raw;
+	try {
+		raw = await dispatchModelCall({
+			model: cfg.model,
+			endpoint: cfg.endpoint,
+			instructions,
+			userText,
+			effort: cfg.effort,
+			signal
+		});
+	} catch (err) {
+		return {
+			key: cfg.key,
+			vote: {
+				error: "upstream_error",
+				message: String(err)
+			}
+		};
+	}
+	const first = tryParseVote(raw);
+	if (first.ok) return {
+		key: cfg.key,
+		vote: first.vote
+	};
+	let retryRaw;
+	try {
+		retryRaw = await dispatchModelCall({
+			model: cfg.model,
+			endpoint: cfg.endpoint,
+			instructions,
+			userText: userText + RETRY_PROMPT_SUFFIX,
+			effort: cfg.effort,
+			signal
+		});
+	} catch (err) {
+		return {
+			key: cfg.key,
+			vote: {
+				error: "upstream_error",
+				message: `retry after parse failure: ${String(err)}`
+			}
+		};
+	}
+	const second = tryParseVote(retryRaw);
+	if (second.ok) return {
+		key: cfg.key,
+		vote: second.vote
+	};
+	return {
+		key: cfg.key,
+		vote: {
+			error: "parse_failure",
+			message: `Could not parse vote JSON after one retry. Last error: ${second.error}.`,
+			raw: retryRaw.slice(0, 500)
+		}
+	};
+}
+function tryParseVote(raw) {
+	if (!raw || !raw.trim()) return {
+		ok: false,
+		error: "empty response"
+	};
+	let parsed;
+	try {
+		parsed = JSON.parse(raw.trim());
+	} catch {
+		const fence = /```(?:json)?\s*([\s\S]*?)\s*```/.exec(raw);
+		if (!fence) return {
+			ok: false,
+			error: "not valid JSON and no code fence found"
+		};
+		try {
+			parsed = JSON.parse(fence[1]);
+		} catch {
+			return {
+				ok: false,
+				error: "code fence content was not valid JSON"
+			};
+		}
+	}
+	if (typeof parsed !== "object" || parsed === null) return {
+		ok: false,
+		error: "parsed value is not an object"
+	};
+	const obj = parsed;
+	const choice = obj.choice === null ? null : typeof obj.choice === "string" && obj.choice.length > 0 ? obj.choice : void 0;
+	if (choice === void 0) return {
+		ok: false,
+		error: "missing or invalid 'choice' field (string or null required)"
+	};
+	const confidenceRaw = obj.confidence;
+	const confidence = typeof confidenceRaw === "number" && Number.isFinite(confidenceRaw) ? Math.max(0, Math.min(1, confidenceRaw)) : void 0;
+	if (confidence === void 0) return {
+		ok: false,
+		error: "missing or invalid 'confidence' field (number 0-1 required)"
+	};
+	const reasoning = typeof obj.reasoning === "string" ? obj.reasoning : "";
+	if (!reasoning) return {
+		ok: false,
+		error: "missing or empty 'reasoning' field"
+	};
+	return {
+		ok: true,
+		vote: {
+			choice,
+			confidence,
+			reasoning,
+			needMoreInfo: typeof obj.need_more_info === "string" && obj.need_more_info.length > 0 ? obj.need_more_info : void 0
+		}
+	};
+}
+function aggregateVotes(results) {
+	const tally = /* @__PURE__ */ new Map();
+	for (const r of results) {
+		if (r.vote.choice === null) continue;
+		const entry = tally.get(r.vote.choice) ?? {
+			count: 0,
+			sumConfidence: 0
+		};
+		entry.count++;
+		entry.sumConfidence += r.vote.confidence;
+		tally.set(r.vote.choice, entry);
+	}
+	let topChoice = null;
+	let topCount = 0;
+	let topSumConfidence = 0;
+	for (const [choice, { count, sumConfidence }] of tally) if (count > topCount) {
+		topChoice = choice;
+		topCount = count;
+		topSumConfidence = sumConfidence;
+	}
+	const total = STAND_IN_MODELS.length;
+	if (topChoice && topCount === total) return {
+		verdict: "consensus",
+		winner: topChoice,
+		meanConfidence: topSumConfidence / topCount
+	};
+	if (topChoice && topCount >= 2) return {
+		verdict: "majority",
+		winner: topChoice,
+		meanConfidence: topSumConfidence / topCount
+	};
+	return {
+		verdict: "split",
+		winner: null,
+		meanConfidence: 0
+	};
+}
+function buildRound1UserText(input) {
+	const lines = [];
+	lines.push(`Decision: ${input.decision}`);
+	lines.push("");
+	lines.push("Options:");
+	for (const opt of input.options) {
+		const suffix = opt.detail ? ` — ${opt.detail}` : "";
+		lines.push(`- ${opt.id}: ${opt.summary}${suffix}`);
+	}
+	if (input.context) {
+		lines.push("");
+		lines.push("Context:");
+		lines.push(input.context);
+	}
+	return lines.join("\n");
+}
+function buildRound2UserTextBase(input, r1) {
+	const base = buildRound1UserText(input);
+	const summaries = ["", "Round 1 votes:"];
+	for (const r of r1) if (isVote(r.vote)) {
+		const choiceText = r.vote.choice === null ? "abstain" : r.vote.choice;
+		const gapText = r.vote.needMoreInfo ? ` (needs: ${r.vote.needMoreInfo})` : "";
+		summaries.push(`- ${r.key} picked ${choiceText}, confidence ${r.vote.confidence.toFixed(2)}, reasoning: ${r.vote.reasoning}${gapText}`);
+	} else summaries.push(`- ${r.key} did not return a valid round-1 vote (${r.vote.error}).`);
+	return base + "\n" + summaries.join("\n");
+}
+function isVote(v) {
+	return !("error" in v);
+}
+function voteRecord(r1, r2) {
+	const record = {};
+	for (const cfg of STAND_IN_MODELS) {
+		const r1Entry = r1.find((r) => r.key === cfg.key);
+		const r2Entry = r2?.find((r) => r.key === cfg.key) ?? null;
+		record[cfg.key] = {
+			round1: r1Entry?.vote ?? {
+				error: "upstream_error",
+				message: "no round-1 result recorded"
+			},
+			round2: r2Entry ? r2Entry.vote : null
+		};
+	}
+	return record;
+}
+function round2(n) {
+	return Math.round(n * 100) / 100;
+}
+
 //#endregion
 //#region src/lib/peer-mcp-personas.ts
 /**
@@ -8526,7 +10044,56 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 				signal
 			});
 		}
-	}
+	},
+	{
+		toolNameHttp: "stand_in",
+		capability: "stand_in",
+		description: "**Away-mode decision tiebreak.** Three-lab advisor (gpt-5.5 xhigh, opus-4.7 xhigh, gemini-3.1-pro high) for **when the user is unavailable and you are stuck between two or more concrete options**. Polls all three across two structured rounds (blind vote → informed re-vote with peer reasoning visible) and returns a ranked-choice verdict. Use when: you would otherwise halt and wait for the user. Do NOT use for: code review (use `peer-review-coordinator`), open-ended exploration, single-model second opinions (use `codex_critic` / `gemini_critic` / `opus_critic` directly), or as a substitute for user confirmation on irreversible actions (push, delete, drop, deploy — those still require the user even with three-lab consensus).",
+		inputSchema: {
+			type: "object",
+			required: ["decision", "options"],
+			additionalProperties: false,
+			properties: {
+				decision: {
+					type: "string",
+					description: "One-sentence framing of the choice the user would otherwise make. Be specific about what's being decided, not why."
+				},
+				options: {
+					type: "array",
+					minItems: 2,
+					maxItems: 6,
+					description: "2-6 concrete options for the panel to vote on. Caller-provided — do NOT ask the panel to generate options. The verdict cites the chosen option by `id`.",
+					items: {
+						type: "object",
+						required: ["id", "summary"],
+						additionalProperties: false,
+						properties: {
+							id: {
+								type: "string",
+								description: "Short stable identifier the verdict refers to (e.g., \"A\", \"lib-x\")."
+							},
+							summary: {
+								type: "string",
+								description: "One-line description of the option."
+							},
+							detail: {
+								type: "string",
+								description: "Optional longer context for the option (constraints, trade-offs)."
+							}
+						}
+					}
+				},
+				context: {
+					type: "string",
+					description: "Task / code background that informs the decision. Keep tight — the input is capped at ~6KB total across decision + options + context."
+				}
+			}
+		},
+		async handler(args, signal) {
+			return runStandInToolCall(args, signal);
+		}
+	},
+	...BROWSER_TOOLS
 ]);
 /**
 * Shared closure body for the two worker MCP tools. Validates the
@@ -8609,6 +10176,109 @@ async function runWorkerToolCall(call) {
 		isError: result.isError
 	};
 }
+/**
+* Shared closure body for the `stand_in` MCP tool. Validates the input
+* shape ({decision, options, context}) then calls `runStandIn`. The
+* orchestrator never throws — failure modes (upstream errors, parse
+* failures, abstains) all surface inside the structured `StandInResult`
+* envelope, which we JSON-stringify into the single MCP text block.
+*
+* Arg-validation policy mirrors `runWorkerToolCall` and `web_search`:
+* shape errors surface as `isError: true` tool-result envelopes (NOT
+* JSON-RPC -32602). The `tools/list` JSON schema documents required
+* fields; this runtime check is defense against a schema-ignoring
+* client.
+*
+* `isError` is FALSE for the no_consensus / need_more_info verdicts —
+* those are valid protocol outcomes the caller acts on, not errors.
+* `isError` is TRUE only for input-shape failures (bad arg types,
+* missing required fields).
+*/
+async function runStandInToolCall(args, signal) {
+	const decision = typeof args.decision === "string" ? args.decision : "";
+	if (!decision) return {
+		content: [{
+			type: "text",
+			text: "stand_in: arguments.decision is required (non-empty string)"
+		}],
+		isError: true
+	};
+	const optionsRaw = args.options;
+	if (!Array.isArray(optionsRaw)) return {
+		content: [{
+			type: "text",
+			text: "stand_in: arguments.options must be an array (2-6 entries)"
+		}],
+		isError: true
+	};
+	if (optionsRaw.length < 2 || optionsRaw.length > 6) return {
+		content: [{
+			type: "text",
+			text: `stand_in: arguments.options must contain 2-6 entries; got ${optionsRaw.length}`
+		}],
+		isError: true
+	};
+	const options = [];
+	const seenIds = /* @__PURE__ */ new Set();
+	for (let i = 0; i < optionsRaw.length; i++) {
+		const entry = optionsRaw[i];
+		if (typeof entry !== "object" || entry === null) return {
+			content: [{
+				type: "text",
+				text: `stand_in: arguments.options[${i}] must be an object`
+			}],
+			isError: true
+		};
+		const e = entry;
+		const id = typeof e.id === "string" ? e.id : "";
+		const summary = typeof e.summary === "string" ? e.summary : "";
+		if (!id) return {
+			content: [{
+				type: "text",
+				text: `stand_in: arguments.options[${i}].id is required (non-empty string)`
+			}],
+			isError: true
+		};
+		if (!summary) return {
+			content: [{
+				type: "text",
+				text: `stand_in: arguments.options[${i}].summary is required (non-empty string)`
+			}],
+			isError: true
+		};
+		if (seenIds.has(id)) return {
+			content: [{
+				type: "text",
+				text: `stand_in: arguments.options[${i}].id="${id}" is duplicated; ids must be unique`
+			}],
+			isError: true
+		};
+		seenIds.add(id);
+		const detail = typeof e.detail === "string" && e.detail.length > 0 ? e.detail : void 0;
+		options.push({
+			id,
+			summary,
+			detail
+		});
+	}
+	const context = args.context === void 0 ? void 0 : typeof args.context === "string" ? args.context : null;
+	if (context === null) return {
+		content: [{
+			type: "text",
+			text: "stand_in: arguments.context must be a string when provided"
+		}],
+		isError: true
+	};
+	const result = await runStandIn({
+		decision,
+		options,
+		context
+	}, signal);
+	return { content: [{
+		type: "text",
+		text: JSON.stringify(result)
+	}] };
+}
 
 //#endregion
 //#region src/lib/codex-mcp-config.ts
@@ -9194,7 +10864,7 @@ function initProxyFromEnv() {
 //#endregion
 //#region package.json
 var name = "github-router";
-var version = "0.3.30";
+var version = "0.3.32";
 
 //#endregion
 //#region src/lib/approval.ts
@@ -9411,8 +11081,8 @@ const calculateTokens = (messages, encoder, constants) => {
 */
 const getEncodeChatFunction = async (encoding) => {
 	if (encodingCache.has(encoding)) {
-		const cached = encodingCache.get(encoding);
-		if (cached) return cached;
+		const cached$1 = encodingCache.get(encoding);
+		if (cached$1) return cached$1;
 	}
 	const supportedEncoding = encoding;
 	if (!(supportedEncoding in ENCODING_MAP)) {
@@ -11071,6 +12741,7 @@ async function setupAndServe(options) {
 	state.rateLimitWait = options.rateLimitWait;
 	state.showToken = options.showToken;
 	state.extendedBetas = options.extendedBetas;
+	state.browseEnabled = options.browseEnabled || process.env.GH_ROUTER_ENABLE_BROWSE === "1";
 	if (process.env.COPILOT_API_URL) state.copilotApiUrl = process.env.COPILOT_API_URL;
 	await ensurePaths();
 	await cacheVSCodeVersion();
@@ -11173,6 +12844,11 @@ const sharedServerArgs = {
 		type: "boolean",
 		default: false,
 		description: "Forward extended beta headers for Claude CLI compatibility (default: VS Code-only)"
+	},
+	browse: {
+		type: "boolean",
+		default: false,
+		description: "Enable the browser-control MCP tools (browser_open_tab, browser_screenshot, browser_click, etc.) on /mcp. Requires Chrome or Edge installed; the bundled extension must be loaded on first tool call (the proxy returns install_required with Web Store URLs + a Load Unpacked fallback path). Off by default; can also be enabled with GH_ROUTER_ENABLE_BROWSE=1."
 	}
 };
 const allowedAccountTypes = new Set([
@@ -11209,7 +12885,8 @@ function parseSharedArgs(args) {
 		githubToken,
 		showToken: args["show-token"],
 		proxyEnv: args["proxy-env"],
-		extendedBetas: args["extended-betas"]
+		extendedBetas: args["extended-betas"],
+		browseEnabled: args.browse
 	};
 }
 /**
@@ -11606,8 +13283,8 @@ const debug = defineCommand({
 //#endregion
 //#region src/lib/shell.ts
 function getShell() {
-	const { platform, env } = process$1;
-	if (platform === "win32") {
+	const { platform: platform$1, env } = process$1;
+	if (platform$1 === "win32") {
 		if (env.SHELL) {
 			if (env.SHELL.endsWith("zsh")) return "zsh";
 			if (env.SHELL.endsWith("fish")) return "fish";