npm - github-router - Versions diffs - 0.3.66 → 0.3.71 - Mend

github-router 0.3.66 → 0.3.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +6 -5
package/dist/browser-ext/manifest.json +1 -1
package/dist/{lifecycle-pWZ9tKxf.js → lifecycle-C2kZwv-z.js} +2 -2
package/dist/{lifecycle-hkBEjHb2.js → lifecycle-NQRdfY1u.js} +2 -2
package/dist/{lifecycle-hkBEjHb2.js.map → lifecycle-NQRdfY1u.js.map} +1 -1
package/dist/main.js +1154 -122
package/dist/main.js.map +1 -1
package/dist/{paths-CZvFif-e.js → paths-CoFnpNZl.js} +5 -2
package/dist/paths-CoFnpNZl.js.map +1 -0
package/dist/{paths-CW16Dz9_.js → paths-DhM3Yi80.js} +1 -1
package/package.json +1 -1
package/dist/paths-CZvFif-e.js.map +0 -1

package/dist/main.js CHANGED Viewed

@@ -1,22 +1,21 @@
 #!/usr/bin/env node
-import { a as removeOwnClaudeConfigMirror, i as isUnderClaudeConfigMirror, l as writeRuntimeFileSecure, n as ensureClaudeConfigMirror, r as ensurePaths, t as PATHS } from "./paths-CZvFif-e.js";
-import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-hkBEjHb2.js";
+import { a as removeOwnClaudeConfigMirror, i as isUnderClaudeConfigMirror, l as writeRuntimeFileSecure, n as ensureClaudeConfigMirror, r as ensurePaths, t as PATHS } from "./paths-CoFnpNZl.js";
+import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-NQRdfY1u.js";
 import { createRequire } from "node:module";
 import { defineCommand, runMain } from "citty";
 import consola from "consola";
 import { createHash, randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
-import fs, { readFile, stat } from "node:fs/promises";
+import fs, { chmod, copyFile, link, mkdir, open, readFile, readdir, rename, rm, stat, writeFile } from "node:fs/promises";
 import os, { homedir, platform } from "node:os";
 import * as path$1 from "node:path";
 import path, { dirname, join } from "node:path";
 import process$1 from "node:process";
 import { execFile, execFileSync, spawn, spawnSync } from "node:child_process";
-import { promisify } from "node:util";
 import fs$1, { chmodSync, closeSync, existsSync, mkdirSync, openSync, readFileSync, realpathSync, renameSync, statSync, unlinkSync, writeFileSync, writeSync } from "node:fs";
+import { fileURLToPath } from "node:url";
 import { createInterface } from "node:readline";
 import Parser from "web-tree-sitter";
 import WebSocket from "ws";
-import { fileURLToPath } from "node:url";
 import { events } from "fetch-event-stream";
 import { Type } from "typebox";
 import "partial-json";
@@ -26,6 +25,7 @@ import "yaml";
 import "ignore";
 import { z } from "zod";
 import { Writable } from "node:stream";
+import { gunzipSync, inflateRawSync } from "node:zlib";
 import { serve } from "srvx";
 import { getProxyForUrl } from "proxy-from-env";
 import { Agent, ProxyAgent, setGlobalDispatcher } from "undici";
@@ -757,24 +757,262 @@ const checkUsage = defineCommand({
 	}
 });
+//#endregion
+//#region src/lib/exec.ts
+/**
+* Parse a boolean-ish env value. Returns `undefined` when unset or
+* unrecognized so callers can apply their own default. Accepts
+* `1|true|yes|on` (true) and `0|false|no|off|<empty>` (false),
+* case-insensitive. The single shared parser for all new `GH_ROUTER_*`
+* flags so on/off semantics don't drift per call site.
+*/
+function parseBoolEnv(value) {
+	if (value === void 0) return void 0;
+	const v = value.trim().toLowerCase();
+	if (v === "1" || v === "true" || v === "yes" || v === "on") return true;
+	if (v === "0" || v === "false" || v === "no" || v === "off" || v === "") return false;
+}
+/** Read the PATH value from an env object, case-insensitively. */
+function pathValueOf(env) {
+	for (const key of Object.keys(env)) if (key.toLowerCase() === "path") return env[key] ?? "";
+	return "";
+}
+/**
+* Resolve an executable name to an absolute path against PATH, honoring
+* `PATHEXT` on Windows and **excluding the current working directory**.
+*
+* Returns `null` when unresolved — callers treat that as "tool absent"
+* and skip (best-effort). Spawning the returned absolute path means
+* `cmd.exe`'s implicit cwd-first lookup never applies, closing the
+* planted-`npm.cmd` vector.
+*/
+function resolveExecutable(name$1, opts = {}) {
+	const platform$1 = opts.platform ?? process$1.platform;
+	const env = opts.env ?? process$1.env;
+	const cwdRaw = opts.cwd ?? (typeof process$1.cwd === "function" ? process$1.cwd() : void 0);
+	const resolvedCwd = cwdRaw ? path.resolve(cwdRaw) : null;
+	const dirs = pathValueOf(env).split(path.delimiter).filter((d) => d.length > 0 && d !== ".");
+	const isWin = platform$1 === "win32";
+	if (!isWin && name$1.includes("/")) return existsSync(name$1) ? path.resolve(name$1) : null;
+	if (isWin && (name$1.includes("\\") || name$1.includes("/"))) return existsSync(name$1) ? path.resolve(name$1) : null;
+	const exts = isWin && path.extname(name$1) === "" ? (env.PATHEXT ?? ".COM;.EXE;.BAT;.CMD").split(";").map((e) => e.trim()).filter(Boolean) : [""];
+	for (const dir of dirs) {
+		if (resolvedCwd && path.resolve(dir) === resolvedCwd) continue;
+		for (const ext of exts) {
+			const candidate = path.join(dir, name$1 + ext);
+			if (existsSync(candidate)) return candidate;
+		}
+	}
+	return null;
+}
+/**
+* Quote one argument for a `cmd.exe /c "<line>"` command line so the
+* target program receives it verbatim and no `cmd.exe` metacharacter
+* retains shell meaning.
+*
+* Two phases (the canonical Windows approach — Colascione / Rust std):
+*   1. **argv quoting** so `CommandLineToArgvW` in the target parses
+*      the token as one argument (double-quote, backslash-escape).
+*   2. **caret-escaping** every `cmd.exe` metacharacter — including the
+*      quotes from phase 1 — so `cmd.exe` is never in quote-mode, strips
+*      the carets, and hands the argv-quoted string to the program.
+*
+* `%` is special: it cannot be reliably escaped on the `cmd.exe`
+* *command line* (caret does not stop `%VAR%` expansion there). Rather
+* than mis-escape, we **throw** — our callers never pass `%`, so this
+* fails closed on the one unescapable injection vector.
+*/
+function quoteWinArg(arg) {
+	if (arg.includes("%")) throw new Error("buildExecInvocation: argument contains '%', which cannot be safely escaped on the Windows command line; refusing to build the command.");
+	let quoted;
+	if (arg.length > 0 && !/[ \t\n\v"&|<>()^!]/.test(arg)) quoted = arg;
+	else {
+		let s = "\"";
+		let backslashes = 0;
+		for (const ch of arg) if (ch === "\\") backslashes++;
+		else if (ch === "\"") {
+			s += "\\".repeat(backslashes * 2 + 1) + "\"";
+			backslashes = 0;
+		} else {
+			s += "\\".repeat(backslashes) + ch;
+			backslashes = 0;
+		}
+		s += "\\".repeat(backslashes * 2) + "\"";
+		quoted = s;
+	}
+	return quoted.replace(/[()!^"<>&|]/g, "^$&");
+}
+/**
+* Build the platform-correct `spawn` invocation for a command given as
+* an argv array. Pure / unit-testable (no spawn).
+*
+*   - win32 → a single caret/argv-quoted command string + `shell:true`
+*     + empty args array (the empty array avoids the DEP0190 warning
+*     that fires when args and `shell:true` are combined). `cmd[0]`
+*     should already be an absolute path from `resolveExecutable`.
+*   - posix → `(cmd[0], cmd.slice(1))` with `shell:false` — no shell,
+*     no injection surface.
+*/
+function buildExecInvocation(cmd, platform$1 = process$1.platform) {
+	if (cmd.length === 0) throw new Error("buildExecInvocation: empty command");
+	if (platform$1 === "win32") return {
+		command: cmd.map(quoteWinArg).join(" "),
+		args: [],
+		shell: true
+	};
+	return {
+		command: cmd[0],
+		args: cmd.slice(1),
+		shell: false
+	};
+}
+function runInternal(cmd, stdoutMode, opts) {
+	const { command, args, shell } = buildExecInvocation(cmd);
+	return new Promise((resolve, reject) => {
+		let child;
+		try {
+			child = spawn(command, args, {
+				cwd: opts.cwd,
+				env: opts.env ?? process$1.env,
+				shell,
+				windowsHide: true,
+				stdio: [
+					"ignore",
+					stdoutMode,
+					stdoutMode === "inherit" ? "inherit" : "pipe"
+				]
+			});
+		} catch (err) {
+			reject(err instanceof Error ? err : new Error(String(err)));
+			return;
+		}
+		let stdout = "";
+		let stderr = "";
+		let timedOut = false;
+		let settled = false;
+		const timer = opts.timeoutMs ? setTimeout(() => {
+			timedOut = true;
+			killTree(child.pid);
+		}, opts.timeoutMs) : void 0;
+		timer?.unref?.();
+		child.stdout?.on("data", (c) => {
+			stdout += c.toString("utf8");
+		});
+		child.stderr?.on("data", (c) => {
+			stderr += c.toString("utf8");
+		});
+		child.stdout?.on("error", () => {});
+		child.stderr?.on("error", () => {});
+		const finish = (code) => {
+			if (settled) return;
+			settled = true;
+			if (timer) clearTimeout(timer);
+			resolve({
+				stdout,
+				stderr,
+				code,
+				timedOut
+			});
+		};
+		child.on("error", (err) => {
+			if (settled) return;
+			settled = true;
+			if (timer) clearTimeout(timer);
+			reject(err);
+		});
+		child.on("close", (code) => finish(code));
+	});
+}
+/** Kill a process tree best-effort (taskkill /T on Windows). */
+function killTree(pid) {
+	if (!pid) return;
+	try {
+		if (process$1.platform === "win32") spawn("taskkill", [
+			"/T",
+			"/F",
+			"/PID",
+			String(pid)
+		], {
+			stdio: "ignore",
+			windowsHide: true
+		});
+		else process$1.kill(pid, "SIGTERM");
+	} catch {}
+}
+/** Run a command and capture stdout/stderr. Rejects on spawn error. */
+function runCommandCapture(cmd, opts = {}) {
+	return runInternal(cmd, "pipe", opts);
+}
+/** Run a command discarding output (still captures stderr for errors). */
+function runCommandVoid(cmd, opts = {}) {
+	return runInternal(cmd, "pipe", opts);
+}
+//#endregion
+//#region src/lib/update-lock.ts
+/** A lock older than this is treated as stale (crashed holder) and stolen. */
+const STALE_LOCK_MS = 600 * 1e3;
+function lockPath(name$1) {
+	return path.join(os.homedir(), ".local", "share", "github-router", name$1);
+}
+/**
+* Run `fn` while holding an exclusive lockfile named `name` under the
+* app dir. Returns `true` if the lock was acquired and `fn` ran,
+* `false` if another process already holds it (caller skips silently).
+*
+* A lock left by a crashed process older than `STALE_LOCK_MS` is
+* stolen so the updater can never be wedged permanently.
+*/
+async function withInstallLock(name$1, fn) {
+	const p = lockPath(name$1);
+	let handle = await tryCreateLock(p);
+	if (!handle) {
+		let stale = false;
+		try {
+			const s = await stat(p);
+			stale = Date.now() - s.mtimeMs > STALE_LOCK_MS;
+		} catch {
+			stale = true;
+		}
+		if (!stale) return false;
+		await rm(p, { force: true }).catch(() => {});
+		handle = await tryCreateLock(p);
+		if (!handle) return false;
+	}
+	try {
+		await handle.close();
+		await fn();
+		return true;
+	} finally {
+		await rm(p, { force: true }).catch(() => {});
+	}
+}
+async function tryCreateLock(p) {
+	try {
+		return await open(p, "wx");
+	} catch {
+		return null;
+	}
+}
 //#endregion
 //#region src/lib/claude-version-check.ts
-const execFileAsync = promisify(execFile);
-const NPM_PACKAGE = "@anthropic-ai/claude-code";
-const THROTTLE_HOURS = 1;
-const NPM_VIEW_TIMEOUT_MS = 5e3;
+const NPM_PACKAGE$1 = "@anthropic-ai/claude-code";
+const THROTTLE_HOURS$1 = 1;
+const NPM_VIEW_TIMEOUT_MS$1 = 5e3;
+const CLAUDE_VERSION_TIMEOUT_MS = 3e3;
 const NPM_INSTALL_TIMEOUT_MS = 12e4;
 /** Path to the throttle cache. Created on demand. */
-function cacheFilePath() {
+function cacheFilePath$1() {
 	return path.join(os.homedir(), ".local", "share", "github-router", "last-update-check");
 }
 /**
 * Read the throttle cache. Returns null on missing/corrupt file —
 * triggers a fresh check.
 */
-async function readCache() {
+async function readCache$1() {
 	try {
-		const raw = await fs.readFile(cacheFilePath(), "utf8");
+		const raw = await fs.readFile(cacheFilePath$1(), "utf8");
 		const parsed = JSON.parse(raw);
 		if (typeof parsed.checkedAt !== "string" || parsed.installedVersion !== null && typeof parsed.installedVersion !== "string" || parsed.latestVersion !== null && typeof parsed.latestVersion !== "string") return null;
 		return parsed;
@@ -782,37 +1020,38 @@ async function readCache() {
 		return null;
 	}
 }
-async function writeCache(cache) {
+async function writeCache$1(cache) {
 	try {
-		await fs.mkdir(path.dirname(cacheFilePath()), { recursive: true });
-		await fs.writeFile(cacheFilePath(), JSON.stringify(cache), { mode: 384 });
+		await fs.mkdir(path.dirname(cacheFilePath$1()), { recursive: true });
+		await fs.writeFile(cacheFilePath$1(), JSON.stringify(cache), { mode: 384 });
 	} catch (err) {
 		consola.debug("Failed to write claude version-check cache:", err);
 	}
 }
 /** Check if it's been more than THROTTLE_HOURS since the last check. */
-function shouldCheckNow(cache) {
+function shouldCheckNow$1(cache) {
 	if (!cache) return true;
 	const lastCheck = new Date(cache.checkedAt).getTime();
 	if (Number.isNaN(lastCheck)) return true;
-	return (Date.now() - lastCheck) / 1e3 / 3600 >= THROTTLE_HOURS;
+	return (Date.now() - lastCheck) / 1e3 / 3600 >= THROTTLE_HOURS$1;
 }
 /**
 * Read the installed `claude` version. Returns null if claude is not
 * on PATH or the version probe fails (e.g. older versions that don't
 * support `--version` cleanly).
-*/
-function getInstalledVersion() {
+*
+* Windows-safe: `claude` is a `.cmd` shim that `execFile` cannot launch
+* directly. We resolve it to an absolute path (excluding the cwd, so a
+* planted `claude.cmd` in an untrusted repo can't run) and invoke it
+* through the shared exec helper.
+*/
+async function getInstalledVersion() {
+	const claudePath = resolveExecutable("claude");
+	if (!claudePath) return null;
 	try {
-		const match = execFileSync("claude", ["--version"], {
-			stdio: [
-				"ignore",
-				"pipe",
-				"ignore"
-			],
-			timeout: 3e3,
-			encoding: "utf8"
-		}).match(/^(\d+\.\d+\.\d+)/);
+		const { stdout, code } = await runCommandCapture([claudePath, "--version"], { timeoutMs: CLAUDE_VERSION_TIMEOUT_MS });
+		if (code !== 0) return null;
+		const match = stdout.match(/(\d+\.\d+\.\d+)/);
 		return match ? match[1] : null;
 	} catch {
 		return null;
@@ -821,15 +1060,22 @@ function getInstalledVersion() {
 /**
 * Fetch the latest version of @anthropic-ai/claude-code from the npm
 * registry. Returns null on network failure / npm unavailable.
+*
+* Windows-safe: `npm` is `npm.cmd`; resolved to an absolute path
+* (excluding cwd) before invocation.
 */
-async function getLatestVersion() {
+async function getLatestVersion$1() {
+	const npmPath = resolveExecutable("npm");
+	if (!npmPath) return null;
 	try {
-		const { stdout } = await execFileAsync("npm", [
+		const { stdout, code } = await runCommandCapture([
+			npmPath,
 			"view",
-			NPM_PACKAGE,
+			NPM_PACKAGE$1,
 			"version",
 			"--silent"
-		], { timeout: NPM_VIEW_TIMEOUT_MS });
+		], { timeoutMs: NPM_VIEW_TIMEOUT_MS$1 });
+		if (code !== 0) return null;
 		const v = stdout.trim();
 		return /^\d+\.\d+\.\d+/.test(v) ? v : null;
 	} catch {
@@ -867,8 +1113,8 @@ async function checkClaudeVersion(opts = {}) {
 		skipped: true,
 		skipReason: "disabled"
 	};
-	const cache = await readCache();
-	if (!opts.force && !shouldCheckNow(cache)) return {
+	const cache = await readCache$1();
+	if (!opts.force && !shouldCheckNow$1(cache)) return {
 		installed: cache?.installedVersion !== null,
 		installedVersion: cache?.installedVersion ?? null,
 		latestVersion: cache?.latestVersion ?? null,
@@ -876,7 +1122,7 @@ async function checkClaudeVersion(opts = {}) {
 		skipped: true,
 		skipReason: "throttled"
 	};
-	const installedVersion = getInstalledVersion();
+	const installedVersion = await getInstalledVersion();
 	if (installedVersion === null) return {
 		installed: false,
 		installedVersion: null,
@@ -885,8 +1131,8 @@ async function checkClaudeVersion(opts = {}) {
 		skipped: true,
 		skipReason: "no-claude"
 	};
-	const latestVersion = await getLatestVersion();
-	await writeCache({
+	const latestVersion = await getLatestVersion$1();
+	await writeCache$1({
 		checkedAt: (/* @__PURE__ */ new Date()).toISOString(),
 		installedVersion,
 		latestVersion
@@ -908,38 +1154,224 @@ async function checkClaudeVersion(opts = {}) {
 	};
 }
 /**
-* Run `npm install -g @anthropic-ai/claude-code@latest` synchronously.
-* Throws on failure — the caller decides whether to abort the launch
-* or continue with the older version.
-*/
-async function autoUpdateClaude(latestVersion) {
-	consola.info(`Updating ${NPM_PACKAGE} to ${latestVersion} (this may take ~30s)...`);
-	try {
-		await execFileAsync("npm", [
+* Heuristic: did `claude update` fail because the subcommand does not
+* exist (a build predating `claude update`), as opposed to a transient
+* update error? We only npm-fall-back on this specific signal — falling
+* back on any failure would install a conflicting npm copy on
+* native-installer machines.
+*
+* Matches the usage/Commander-style "unknown command" messages CLIs emit
+* for an unrecognized subcommand. Deliberately narrow.
+*/
+function looksLikeUnknownUpdateCommand(output) {
+	return /unknown command|unknown subcommand|unrecognized (sub)?command|invalid command|command not found|is not a (known|valid) command/i.test(output);
+}
+async function updateClaude(latestVersion, deps = {}) {
+	const _resolve = deps.resolveExecutable ?? resolveExecutable;
+	const _capture = deps.runCommandCapture ?? runCommandCapture;
+	const _void = deps.runCommandVoid ?? runCommandVoid;
+	const _lock = deps.withInstallLock ?? withInstallLock;
+	const claudePath = _resolve("claude");
+	if (!claudePath) throw new Error("claude not found on PATH");
+	if (!await _lock("claude-update.lock", async () => {
+		consola.info(`Updating Claude Code to ${latestVersion} via \`claude update\`...`);
+		const { code, stdout, stderr } = await _capture([claudePath, "update"], { timeoutMs: NPM_INSTALL_TIMEOUT_MS });
+		const combined = `${stdout}${stderr}`;
+		const trimmed = combined.trim();
+		if (trimmed) process.stdout.write(trimmed.endsWith("\n") ? trimmed : `${trimmed}\n`);
+		if (code === 0) {
+			consola.success(`Claude Code updated to ${latestVersion}`);
+			return;
+		}
+		if (!looksLikeUnknownUpdateCommand(combined)) throw new Error(`\`claude update\` exited with code ${code}`);
+		const npmPath = _resolve("npm");
+		if (!npmPath) throw new Error(`this Claude Code build predates \`claude update\` and npm is not on PATH; update manually: npm install -g ${NPM_PACKAGE$1}@latest`);
+		consola.warn(`This Claude Code build predates \`claude update\`; falling back to \`npm install -g ${NPM_PACKAGE$1}@latest\`.`);
+		const { code: npmCode, stderr: npmStderr } = await _void([
+			npmPath,
 			"install",
 			"-g",
-			`${NPM_PACKAGE}@latest`,
+			`${NPM_PACKAGE$1}@latest`,
 			"--silent"
-		], { timeout: NPM_INSTALL_TIMEOUT_MS });
-		consola.success(`${NPM_PACKAGE} updated to ${latestVersion}`);
+		], { timeoutMs: NPM_INSTALL_TIMEOUT_MS });
+		if (npmCode !== 0) throw new Error(`npm install failed: ${npmStderr.trim() || `exit ${npmCode}`}`);
+		consola.success(`${NPM_PACKAGE$1} updated to ${latestVersion}`);
+	})) consola.debug("Claude Code update already in progress in another process; skipping.");
+}
+//#endregion
+//#region src/lib/version.ts
+/**
+* Read this binary's published version from package.json at runtime.
+*
+* Done at runtime (not baked at build time) because release.yml builds
+* BEFORE `npm version patch` bumps the version — a build-time inline
+* would always ship the pre-bump value. The npm tarball ships package.json
+* alongside `dist/`, so a sibling-up lookup from import.meta.url resolves
+* cleanly in both dev (`src/lib/`) and bundled (`dist/`) layouts.
+*
+* Returns `"unknown"` if package.json can't be located or parsed —
+* never throws, so the CLI never fails to start over version reporting.
+*/
+function getPackageVersion() {
+	try {
+		const here = dirname(fileURLToPath(import.meta.url));
+		const candidates = [join(here, "..", "..", "package.json"), join(here, "..", "package.json")];
+		for (const path$2 of candidates) try {
+			const raw = readFileSync(path$2, "utf8");
+			const parsed = JSON.parse(raw);
+			if (typeof parsed.version === "string" && (parsed.name === "github-router" || parsed.name === "@animeshkundu/github-router")) return parsed.version;
+		} catch {}
+	} catch {}
+	return "unknown";
+}
+//#endregion
+//#region src/lib/self-update.ts
+const NPM_PACKAGE = "github-router";
+const THROTTLE_HOURS = 1;
+const NPM_VIEW_TIMEOUT_MS = 5e3;
+function cacheFilePath() {
+	return path.join(os.homedir(), ".local", "share", "github-router", "last-self-update-check");
+}
+async function readCache() {
+	try {
+		const parsed = JSON.parse(await fs.readFile(cacheFilePath(), "utf8"));
+		if (typeof parsed.checkedAt !== "string") return null;
+		return parsed;
+	} catch {
+		return null;
+	}
+}
+async function writeCache(cache) {
+	try {
+		await fs.mkdir(path.dirname(cacheFilePath()), { recursive: true });
+		await fs.writeFile(cacheFilePath(), JSON.stringify(cache), { mode: 384 });
+	} catch (err) {
+		consola.debug("Failed to write self-update cache:", err);
+	}
+}
+function shouldCheckNow(cache) {
+	if (!cache) return true;
+	const last = new Date(cache.checkedAt).getTime();
+	if (Number.isNaN(last)) return true;
+	return (Date.now() - last) / 1e3 / 3600 >= THROTTLE_HOURS;
+}
+async function getLatestVersion(npmPath) {
+	try {
+		const { stdout, code } = await runCommandCapture([
+			npmPath,
+			"view",
+			NPM_PACKAGE,
+			"version",
+			"--silent"
+		], { timeoutMs: NPM_VIEW_TIMEOUT_MS });
+		if (code !== 0) return null;
+		const v = stdout.trim();
+		return /^\d+\.\d+\.\d+/.test(v) ? v : null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Spawn a detached process that waits for THIS proxy (pid) to exit,
+* then runs `npm install -g github-router@latest`. Fully detached and
+* unref'd so it outlives the proxy; output discarded.
+*
+* The waiter is a tiny inline Node script (Node is guaranteed present —
+* the proxy runs on it) that polls `process.kill(pid, 0)` until the
+* parent is gone, then execs npm. This avoids the Windows file-lock by
+* never touching the global install while the proxy holds it open.
+*/
+function spawnDetachedUpdater(npmPath) {
+	const waiter = `
+    const pid = ${process.pid};
+    const { spawn } = require("node:child_process");
+    function alive() { try { process.kill(pid, 0); return true } catch { return false } }
+    const timer = setInterval(() => {
+      if (alive()) return;
+      clearInterval(timer);
+      const args = ["install", "-g", ${JSON.stringify(`${NPM_PACKAGE}@latest`)}, "--silent"];
+      const isWin = process.platform === "win32";
+      const child = spawn(${JSON.stringify(npmPath)}, args, {
+        stdio: "ignore", windowsHide: true, shell: isWin, detached: !isWin,
+      });
+      child.on("error", () => process.exit(0));
+      child.on("exit", () => process.exit(0));
+      // Safety: never hang forever.
+      setTimeout(() => process.exit(0), 180000).unref();
+    }, 500);
+    // Safety cap on the wait itself (e.g. extremely long sessions still
+    // eventually give up rather than leak the waiter).
+    setTimeout(() => { clearInterval(timer); process.exit(0); }, 24 * 3600 * 1000).unref();
+  `.trim();
+	spawn(process.execPath, ["-e", waiter], {
+		detached: true,
+		stdio: "ignore",
+		windowsHide: true
+	}).unref();
+}
+/**
+* Probe npm for a newer `github-router` and, if found, queue a detached
+* post-exit update. Returns quickly; never throws. Call AFTER the
+* server is listening so the bounded probe can't delay binding.
+*/
+async function runSelfUpdate(opts) {
+	if (!opts.selfUpdate) return;
+	if (parseBoolEnv(process.env.GH_ROUTER_NO_SELF_UPDATE) === true) return;
+	try {
+		const cache = await readCache();
+		if (!opts.force && !shouldCheckNow(cache)) return;
+		const installed = getPackageVersion();
+		if (installed === "unknown") return;
+		const npmPath = resolveExecutable("npm");
+		if (!npmPath) return;
+		const latest = await getLatestVersion(npmPath);
+		await writeCache({
+			checkedAt: (/* @__PURE__ */ new Date()).toISOString(),
+			installedVersion: installed,
+			latestVersion: latest
+		});
+		if (!latest || !isNewer(installed, latest)) return;
+		if (await withInstallLock("self-update.lock", async () => {
+			spawnDetachedUpdater(npmPath);
+		})) consola.info(`github-router ${installed} → ${latest} update queued; it takes effect on the next launch.`);
 	} catch (err) {
-		const msg = err instanceof Error ? err.message : String(err);
-		throw new Error(`npm install failed: ${msg}`);
+		consola.debug("Self-update check failed:", err);
 	}
 }
 //#endregion
 //#region src/lib/port.ts
 const DEFAULT_PORT = 8787;
-const DEFAULT_CLAUDE_MODEL_FALLBACKS = ["claude-opus-4-6", "claude-opus-4-5"];
+const DEFAULT_CLAUDE_MODEL_FALLBACKS = [
+	"claude-opus-4-7",
+	"claude-opus-4-6",
+	"claude-opus-4-5"
+];
 /**
 * Cap-aware default picker for `ANTHROPIC_MODEL` on the implicit-default
 * path. Returns `claude-opus-${family}[1m]` when the live Copilot catalog
-* contains an `opus-${family}-1m*` variant (enterprise tier), else the
-* bare `claude-opus-${family}` slug. `family` defaults to `"4.7"` so the
-* no-arg call preserves the original behavior; explicit values like
-* `"4.6"` or `"4.8"` are used to honor the `github-router claude
-* -m <version>` family shorthand.
+* shows the family is 1M-capable, else the bare `claude-opus-${family}`
+* slug. `family` defaults to `"4.8"` so the no-arg call selects the
+* current default; explicit values like `"4.7"` or `"4.6"` are used to
+* honor the `github-router claude -m <version>` family shorthand.
+*
+* **Dual-signal 1M detection**. The Opus families have evolved different
+* shapes in Copilot's catalog over time:
+*   1. **Sibling-slug signal** — `opus-${family}-1m` (or `opus-${family}-1m-internal`)
+*      exists as a separate catalog entry distinct from the base slug.
+*      This is how 4.6 and 4.7 ship (`claude-opus-4.6-1m`,
+*      `claude-opus-4.7-1m-internal`). Matched by the version-anchored
+*      regex below.
+*   2. **Base-slug capability signal** — the catalog entry whose id IS
+*      the base `opus-${family}` slug advertises
+*      `capabilities.limits.max_context_window_tokens >= 1_000_000`. This
+*      is how 4.8 ships — there is no `-1m` sibling; the single
+*      `claude-opus-4.8` id is the 1M variant.
+* Either signal flips on the `[1m]` decoration. Both signals together
+* also flip it on (no double-counting). The breadcrumb log names which
+* signal fired so users can spot catalog shape changes.
 *
 * The `[1m]` literal-bracket suffix is Claude Code's local 1M-context
 * unlock — cc-backup `src/utils/context.ts:35-40` matches `/\[1m\]/i`
@@ -949,14 +1381,14 @@ const DEFAULT_CLAUDE_MODEL_FALLBACKS = ["claude-opus-4-6", "claude-opus-4-5"];
 * proxy routes the underlying request.
 *
 * Cap-awareness matters because on non-enterprise Copilot tiers there
-* is no `-1m` opus backend; sending `[1m]` there would either 400 at
+* is no 1M opus backend; sending `[1m]` there would either 400 at
 * Copilot or (with `resolveModel`'s graceful-degrade) silently
 * downgrade upstream while Claude Code still over-accounts context.
 * This helper detects the catalog state at launch and only opts in
 * when the backend can actually serve 1M.
 *
 * Sonnet/Haiku families are intentionally NOT given `[1m]` defaults
-* because Copilot has no `-1m` backend for them (and Anthropic-side
+* because Copilot has no 1M backend for them (and Anthropic-side
 * `modelSupports1M` doesn't list haiku at all). See
 * `src/lib/server-setup.ts:getClaudeCodeEnvVars` for the
 * `ANTHROPIC_DEFAULT_{SONNET,HAIKU,OPUS}_MODEL` tier defaults.
@@ -966,18 +1398,25 @@ const DEFAULT_CLAUDE_MODEL_FALLBACKS = ["claude-opus-4-6", "claude-opus-4-5"];
 * can't tell the difference between "no catalog yet" and "no 1M
 * variant" — defaulting safe-side preserves the pre-change behavior).
 */
-const DEFAULT_OPUS_FAMILY = "4.7";
+const DEFAULT_OPUS_FAMILY = "4.8";
+const ONE_M_TOKENS = 1e6;
 function pickClaudeDefault(opusFamily = DEFAULT_OPUS_FAMILY) {
 	const dotted = opusFamily.replace(/-/g, ".");
 	const bareSlug = `claude-opus-${dotted.replace(/\./g, "-")}`;
 	const versionPattern = dotted.replace(/\./g, "[.-]");
 	const oneMRegex = new RegExp(`opus-${versionPattern}-1m(?:$|-)`, "i");
+	const baseSlugRegex = new RegExp(`^claude-opus-${versionPattern}$`, "i");
 	const familyRegex = new RegExp(`opus-${versionPattern}(?:$|[-.])`, "i");
 	const models$1 = state.models?.data ?? [];
-	const has1m = models$1.some((m) => oneMRegex.test(m.id));
+	const siblingOneM = models$1.some((m) => oneMRegex.test(m.id));
+	const baseSlugMaxContext = models$1.reduce((max, m) => baseSlugRegex.test(m.id) ? Math.max(max, m.capabilities?.limits?.max_context_window_tokens ?? 0) : max, 0);
+	const baseSlugOneM = baseSlugMaxContext >= ONE_M_TOKENS;
+	const has1m = siblingOneM || baseSlugOneM;
 	if (opusFamily !== DEFAULT_OPUS_FAMILY && state.models && models$1.length > 0 && !models$1.some((m) => familyRegex.test(m.id))) consola.warn(`Requested Opus family "${dotted}" not found in Copilot catalog; using "${bareSlug}" anyway (resolveModel may not find a backend for it).`);
 	if (has1m) {
-		consola.info(`Catalog contains opus-${dotted}-1m variant; defaulting ANTHROPIC_MODEL to "${bareSlug}[1m]" so Claude Code accounts for 1M context locally. Set CLAUDE_CODE_DISABLE_1M_CONTEXT=1 to opt out (HIPAA), or pass --model ${bareSlug} to pin 200K.`);
+		const signal = siblingOneM ? baseSlugOneM ? "sibling-slug + base-slug 1M capability" : `sibling slug opus-${dotted}-1m` : `base slug ${bareSlug} (max_context_window_tokens=${baseSlugMaxContext})`;
+		const pinHint = siblingOneM ? ` Pass --model ${bareSlug} to pin 200K.` : ` (No separate 200K variant of ${dotted} exists in the catalog — the bare slug IS the 1M backend.)`;
+		consola.info(`Catalog signals opus-${dotted} is 1M-capable (${signal}); defaulting ANTHROPIC_MODEL to "${bareSlug}[1m]" so Claude Code accounts for 1M context locally. Set CLAUDE_CODE_DISABLE_1M_CONTEXT=1 to opt out (HIPAA).${pinHint}`);
 		return `${bareSlug}[1m]`;
 	}
 	return bareSlug;
@@ -1013,6 +1452,47 @@ function envInt$1(key, fallback) {
 const UPSTREAM_FETCH_TIMEOUT_MS = envInt$1("UPSTREAM_FETCH_TIMEOUT_MS", 0);
 const UPSTREAM_INACTIVITY_TIMEOUT_MS = envInt$1("UPSTREAM_INACTIVITY_TIMEOUT_MS", 3e5);
+//#endregion
+//#region src/lib/toolbelt/path-inject.ts
+/**
+* The key under which `env` stores PATH, matched case-insensitively.
+* Falls back to the platform-conventional spelling when absent.
+*/
+function pathEnvKey(env) {
+	for (const key of Object.keys(env)) if (key.toLowerCase() === "path") return key;
+	return process.platform === "win32" ? "Path" : "PATH";
+}
+/**
+* Compute the PATH override that prepends `binDir`, reusing the parent's
+* existing key casing so a subsequent merge can't introduce a duplicate
+* case-variant key. Returns a single-entry patch suitable for
+* `Object.assign(vars, ...)`.
+*/
+function toolbeltPathOverride(parentEnv, binDir) {
+	const key = pathEnvKey(parentEnv);
+	const current = parentEnv[key] ?? "";
+	return { [key]: current ? `${binDir}${path.delimiter}${current}` : binDir };
+}
+/**
+* Defense-in-depth: collapse all case-variant PATH keys in `env` into a
+* single canonical key. Mutates and returns `env`. If duplicates with
+* differing values exist (only possible via a mismatched-casing merge),
+* the longest value wins — the toolbelt-prepended PATH is strictly
+* longer than the original, so this preserves the injection.
+*/
+function collapsePathKeys(env) {
+	const keys = Object.keys(env).filter((k) => k.toLowerCase() === "path");
+	if (keys.length <= 1) return env;
+	let bestValue = "";
+	for (const k of keys) {
+		const v = env[k] ?? "";
+		if (v.length >= bestValue.length) bestValue = v;
+		delete env[k];
+	}
+	env[process.platform === "win32" ? "Path" : "PATH"] = bestValue;
+	return env;
+}
 //#endregion
 //#region src/lib/launch.ts
 /**
@@ -1077,6 +1557,22 @@ function commandExists(name$1) {
 	}
 }
 /**
+* Whether the launcher can execute `executable`.
+*
+* `buildLaunchCommand` resolves the CLI to an ABSOLUTE path (anti-shadow).
+* `where.exe` (and POSIX `which`) reject a full path argument — `where`
+* returns "Could not find files for the given pattern(s)" for an absolute
+* path even when the file exists — so the where/which probe is only valid
+* for bare command names. For an absolute path (already resolved against
+* PATH and existence-checked by `resolveExecutable`), check the
+* filesystem directly. Without this split, every launch where the CLI is
+* installed fails with a spurious "not found on PATH".
+*/
+function isExecutableAvailable(executable) {
+	if (path.isAbsolute(executable)) return existsSync(executable);
+	return commandExists(executable);
+}
+/**
 * Provider-config flags (`-c model_providers.github_router=...`) that
 * point Codex at our proxy. Extracted from `buildCodexCmd` so the new
 * `codex mcp-server` MCP-config builder can reuse the exact same
@@ -1144,22 +1640,25 @@ function buildCodexCmd(target) {
 	return cmd;
 }
 function buildLaunchCommand(target) {
+	const cmd = target.kind === "claude-code" ? [
+		"claude",
+		"--dangerously-skip-permissions",
+		...target.extraArgs
+	] : buildCodexCmd(target);
+	const resolved = resolveExecutable(cmd[0], { env: process$1.env });
+	if (resolved) cmd[0] = resolved;
 	return {
-		cmd: target.kind === "claude-code" ? [
-			"claude",
-			"--dangerously-skip-permissions",
-			...target.extraArgs
-		] : buildCodexCmd(target),
-		env: {
+		cmd,
+		env: collapsePathKeys({
 			...sanitizeParentEnv(process$1.env),
 			...target.envVars
-		}
+		})
 	};
 }
 function launchChild(target, server$1, options = {}) {
 	const { cmd, env } = buildLaunchCommand(target);
 	const executable = cmd[0];
-	if (!commandExists(executable)) {
+	if (!isExecutableAvailable(executable)) {
 		const msg = `"${executable}" not found on PATH. Install it first, then try again.`;
 		consola.error(msg);
 		process$1.stderr.write(msg + "\n");
@@ -2473,33 +2972,6 @@ function round4(x) {
 	return Math.round(x * 1e4) / 1e4;
 }
-//#endregion
-//#region src/lib/version.ts
-/**
-* Read this binary's published version from package.json at runtime.
-*
-* Done at runtime (not baked at build time) because release.yml builds
-* BEFORE `npm version patch` bumps the version — a build-time inline
-* would always ship the pre-bump value. The npm tarball ships package.json
-* alongside `dist/`, so a sibling-up lookup from import.meta.url resolves
-* cleanly in both dev (`src/lib/`) and bundled (`dist/`) layouts.
-*
-* Returns `"unknown"` if package.json can't be located or parsed —
-* never throws, so the CLI never fails to start over version reporting.
-*/
-function getPackageVersion() {
-	try {
-		const here = dirname(fileURLToPath(import.meta.url));
-		const candidates = [join(here, "..", "..", "package.json"), join(here, "..", "package.json")];
-		for (const path$2 of candidates) try {
-			const raw = readFileSync(path$2, "utf8");
-			const parsed = JSON.parse(raw);
-			if (typeof parsed.version === "string" && (parsed.name === "github-router" || parsed.name === "@animeshkundu/github-router")) return parsed.version;
-		} catch {}
-	} catch {}
-	return "unknown";
-}
 //#endregion
 //#region src/lib/browser-mcp/browser-detect.ts
 let cached;
@@ -3470,7 +3942,7 @@ function logAudit$1(record) {
 		try {
 			const fs$2 = await import("node:fs/promises");
 			const path$2 = await import("node:path");
-			const { PATHS: PATHS$1 } = await import("./paths-CW16Dz9_.js");
+			const { PATHS: PATHS$1 } = await import("./paths-DhM3Yi80.js");
 			const dir = path$2.join(PATHS$1.APP_DIR, "browser-mcp");
 			await fs$2.mkdir(dir, { recursive: true });
 			const line = JSON.stringify({
@@ -8494,17 +8966,21 @@ function browserToolsEnabled() {
 	return hasSupportedBrowserInstalled();
 }
 /**
-* The 1M-context Opus variant (`claude-opus-4.7-1m-internal`,
-* `max_prompt_tokens` 936K), gated `restricted_to: ["enterprise"]`.
-* opus_critic prefers it so it can take large artifacts in one shot
+* The 1M-context Opus 4.6 variant (`claude-opus-4.6-1m`, `max_prompt_tokens`
+* 936K). opus_critic prefers it so it can take large artifacts in one shot
 * (the whole point of pairing it with gpt-5.5 as the big-window peers);
-* falls back to the 200K `claude-opus-4-7` when the catalog (non-
-* enterprise) doesn't carry a 1M opus slug.
-*/
-const OPUS_1M_RE = /opus-4\.7.*1m/i;
+* falls back to the 200K `claude-opus-4-6` when the catalog doesn't carry
+* a 1M 4.6 slug. The regex is version-anchored to 4.6 AND requires a
+* `-1m` suffix boundary (not a permissive `.*1m`), so it does NOT
+* false-positive on `claude-opus-4.7-1m-internal` (stand_in's pinned
+* 4.7 row), `claude-opus-4.6-1max` (hypothetical), or `claude-opus-4.8`
+* (1M-without-sibling). Tolerates dotted (`opus-4.6-1m`) and dashed
+* (`opus-4-6-1m`) catalog separators.
+*/
+const OPUS_1M_RE = /opus-4[.-]6-1m(?:$|-)/i;
 function resolveOpusCriticModel() {
 	const oneM = state.models?.data?.find((m) => OPUS_1M_RE.test(m.id));
-	return oneM ? oneM.id : "claude-opus-4-7";
+	return oneM ? oneM.id : "claude-opus-4-6";
 }
 function activePersonas() {
 	return PERSONAS_READ.filter((p) => !p.requiresGeminiCatalog || geminiAvailable()).map((p) => p.toolNameHttp === "opus_critic" ? {
@@ -8600,6 +9076,8 @@ function toolError(message) {
 *   gpt-5.3-codex high on ~600B = 16.0s → ~64s on 12KB
 *   claude-opus-4-7 medium (thinking=3000) on a trivial prompt = 22.5s
 *     but model self-paces budget → ~50s+ on a real ~6KB review
+*     (still applicable to stand_in's 4.7 row; opus_critic now runs on
+*     4.6 with similar empirical shape)
 *
 * Returns `{tooLong: true, capBytes}` when the (persona, effort, briefBytes)
 * tuple is empirically predicted to bust the 60s ceiling.
@@ -10194,6 +10672,239 @@ async function searchWeb(query, signal) {
 	}
 }
+//#endregion
+//#region src/lib/toolbelt/manifest.ts
+function platformArchKey(platform$1 = process.platform, arch = process.arch) {
+	return `${platform$1}-${arch}`;
+}
+function assetFor(spec, platform$1 = process.platform, arch = process.arch) {
+	return spec.assets[platformArchKey(platform$1, arch)];
+}
+const TOOLBELT_TOOLS = [
+	{
+		command: "fd",
+		binBasename: "fd",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/sharkdp/fd/releases/download/v10.4.2/fd-v10.4.2-x86_64-pc-windows-msvc.zip",
+				sha256: "b2816e506390a89941c63c9187d58a3cc10e9a55f2ef0685f9ea0eccaf7c98c8",
+				archive: "zip"
+			},
+			"win32-arm64": {
+				url: "https://github.com/sharkdp/fd/releases/download/v10.4.2/fd-v10.4.2-aarch64-pc-windows-msvc.zip",
+				sha256: "4f9110c2d5b33a7f760bfa5510f4c113d828109f7277d421b1053a9943c0fc92",
+				archive: "zip"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/sharkdp/fd/releases/download/v10.4.2/fd-v10.4.2-aarch64-apple-darwin.tar.gz",
+				sha256: "623dc0afc81b92e4d4606b380d7bc91916ba7b97814263e554d50923a39e480a",
+				archive: "tar.gz"
+			},
+			"linux-x64": {
+				url: "https://github.com/sharkdp/fd/releases/download/v10.4.2/fd-v10.4.2-x86_64-unknown-linux-musl.tar.gz",
+				sha256: "e3257d48e29a6be965187dbd24ce9af564e0fe67b3e73c9bdcd180f4ec11bdde",
+				archive: "tar.gz"
+			},
+			"linux-arm64": {
+				url: "https://github.com/sharkdp/fd/releases/download/v10.4.2/fd-v10.4.2-aarch64-unknown-linux-musl.tar.gz",
+				sha256: "f32d3657473fba74e2600babc8db0b93420d51169223b7e8143b2ed55d8fd9e8",
+				archive: "tar.gz"
+			}
+		}
+	},
+	{
+		command: "sd",
+		binBasename: "sd",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/chmln/sd/releases/download/v1.1.0/sd-v1.1.0-x86_64-pc-windows-msvc.zip",
+				sha256: "59837c2e7c911099aca1cc46b663bcdc5a949fd3e9fbbaf34fc73e5d5d71007c",
+				archive: "zip"
+			},
+			"darwin-x64": {
+				url: "https://github.com/chmln/sd/releases/download/v1.1.0/sd-v1.1.0-x86_64-apple-darwin.tar.gz",
+				sha256: "1fca1e9c91813a8aac6821063c923107ba0f66a83309e095edcd3b202f67f97e",
+				archive: "tar.gz"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/chmln/sd/releases/download/v1.1.0/sd-v1.1.0-aarch64-apple-darwin.tar.gz",
+				sha256: "4bd3c09226376ca0a1d69589c91e86276fae36c5fbaaee669afce583f6682030",
+				archive: "tar.gz"
+			},
+			"linux-x64": {
+				url: "https://github.com/chmln/sd/releases/download/v1.1.0/sd-v1.1.0-x86_64-unknown-linux-musl.tar.gz",
+				sha256: "02f00f4777d43e8e95b7b8d49e1a0d6e502fed4b8e79c1c8b8063857a30caa2e",
+				archive: "tar.gz"
+			},
+			"linux-arm64": {
+				url: "https://github.com/chmln/sd/releases/download/v1.1.0/sd-v1.1.0-aarch64-unknown-linux-musl.tar.gz",
+				sha256: "ec8c93c0533ff21f4851d11566808d4082544baf063d9b96ea77c27e98b7cd99",
+				archive: "tar.gz"
+			}
+		}
+	},
+	{
+		command: "jq",
+		binBasename: "jq",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-windows-amd64.exe",
+				sha256: "23cb60a1354eed6bcc8d9b9735e8c7b388cd1fdcb75726b93bc299ef22dd9334",
+				archive: "raw"
+			},
+			"darwin-x64": {
+				url: "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-macos-amd64",
+				sha256: "e80dbe0d2a2597e3c11c404f03337b981d74b4a8504b70586c354b7697a7c27f",
+				archive: "raw"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-macos-arm64",
+				sha256: "a9fe3ea2f86dfc72f6728417521ec9067b343277152b114f4e98d8cb0e263603",
+				archive: "raw"
+			},
+			"linux-x64": {
+				url: "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-linux-amd64",
+				sha256: "020468de7539ce70ef1bceaf7cde2e8c4f2ca6c3afb84642aabc5c97d9fc2a0d",
+				archive: "raw"
+			},
+			"linux-arm64": {
+				url: "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-linux-arm64",
+				sha256: "6bc62f25981328edd3cfcfe6fe51b073f2d7e7710d7ef7fcdac28d4e384fc3d4",
+				archive: "raw"
+			}
+		}
+	},
+	{
+		command: "yq",
+		binBasename: "yq",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_windows_amd64.exe",
+				sha256: "2aee32f1de46a20672f48c25df3018839798bd509143f2ce05fdab1550ff5592",
+				archive: "raw"
+			},
+			"win32-arm64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_windows_arm64.exe",
+				sha256: "448208550332ca33ef816e4cee49fc1e79987b8a08a451c6ae529703c8cfc8a9",
+				archive: "raw"
+			},
+			"darwin-x64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_darwin_amd64",
+				sha256: "616b0a0f6a5b79d746f05a169c2b9bb40dee00c605ef165b9a1c1681bba738ac",
+				archive: "raw"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_darwin_arm64",
+				sha256: "541ba2287560df70f561955e2d7f7e1cd00cf2a15a884f6b5c87a4bfa887bc07",
+				archive: "raw"
+			},
+			"linux-x64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_linux_amd64",
+				sha256: "d56bf5c6819e8e696340c312bd70f849dc1678a7cda9c2ad63eebd906371d56b",
+				archive: "raw"
+			},
+			"linux-arm64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_linux_arm64",
+				sha256: "03061b2a50c7a498de2bbb92d7cb078ce433011f085a4994117c2726be4106ea",
+				archive: "raw"
+			}
+		}
+	},
+	{
+		command: "ast-grep",
+		binBasename: "ast-grep",
+		aliases: ["sg"],
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-x86_64-pc-windows-msvc.zip",
+				sha256: "a4febbc8c48671e5729d85e29e4ebe5a051b7250d19545bca18e725ccf40ef61",
+				archive: "zip"
+			},
+			"win32-arm64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-aarch64-pc-windows-msvc.zip",
+				sha256: "a519fdd90324bf6858fde2d3feb2b862d67b834dc11af8f5b6c2c8143ab6a6c5",
+				archive: "zip"
+			},
+			"darwin-x64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-x86_64-apple-darwin.zip",
+				sha256: "6d703090b106747b2f56086b6ccc7e798fe78bcae70257aa20519b220153555b",
+				archive: "zip"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-aarch64-apple-darwin.zip",
+				sha256: "8c847d0a29aa4b3101b3361e0b3ee7fb53c7e497adc9ed1afc9615538cd40782",
+				archive: "zip"
+			},
+			"linux-x64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-x86_64-unknown-linux-gnu.zip",
+				sha256: "a26253a9c821d935f7e383e40f0de7c2ca62a4121de1f73a6d81ec32eae631e0",
+				archive: "zip"
+			},
+			"linux-arm64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-aarch64-unknown-linux-gnu.zip",
+				sha256: "e706846148493967f3ab8011334817edd86ce5acbec10718b2a7b40799c640ff",
+				archive: "zip"
+			}
+		}
+	}
+];
+//#endregion
+//#region src/lib/toolbelt/index.ts
+/** Default ON; disable with GH_ROUTER_DISABLE_TOOLBELT (truthy). */
+function toolbeltEnabled() {
+	return parseBoolEnv(process.env.GH_ROUTER_DISABLE_TOOLBELT) !== true;
+}
+/** Per-tool opt-out via GH_ROUTER_TOOLBELT_SKIP="jq,yq". */
+function toolbeltSkipSet() {
+	const raw = process.env.GH_ROUTER_TOOLBELT_SKIP;
+	if (!raw) return /* @__PURE__ */ new Set();
+	return new Set(raw.split(",").map((s) => s.trim().toLowerCase()).filter(Boolean));
+}
+/** Absolute path to the bundled `@vscode/ripgrep` binary, or null. */
+function vscodeRipgrepPath() {
+	try {
+		const mod = createRequire(import.meta.url)("@vscode/ripgrep");
+		if (mod.rgPath && existsSync(mod.rgPath)) return mod.rgPath;
+	} catch {}
+	return null;
+}
+/**
+* Every curated tool the spawned agent can actually invoke this launch
+* — whether it is already on the user's system PATH OR will be
+* materialized into the toolbelt bin (gap-fill). Used for the awareness
+* one-liner so the model is told about ALL available fast tools, not
+* just the ones we had to download. (Provisioning still only downloads
+* the gap-fill subset; this is purely the advertised set.)
+*/
+function availableToolCommands() {
+	if (!toolbeltEnabled()) return [];
+	const skip = toolbeltSkipSet();
+	const out = [];
+	if (!skip.has("rg") && (resolveExecutable("rg") || vscodeRipgrepPath())) out.push("rg");
+	for (const spec of TOOLBELT_TOOLS) {
+		if (skip.has(spec.command)) continue;
+		if (resolveExecutable(spec.command) || assetFor(spec)) out.push(spec.command);
+	}
+	return out;
+}
+const TOOL_DESC = {
+	rg: "rg (fast regex search)",
+	fd: "fd (fast file finder)",
+	jq: "jq (JSON processor)",
+	sd: "sd (find & replace)",
+	"ast-grep": "ast-grep / sg (structural code search & rewrite)",
+	yq: "yq (YAML / TOML / XML processor)"
+};
+/**
+* The one-line CLAUDE.md / system-prompt note advertising the exposed
+* tools, or null when none are exposed.
+*/
+function buildToolbeltAwareness(commands) {
+	if (commands.length === 0) return null;
+	return "Fast CLI tools are available on your PATH; prefer them when applicable: " + commands.map((c) => TOOL_DESC[c] ?? c).join(", ") + ".";
+}
 //#endregion
 //#region src/lib/worker-agent/bash.ts
 /**
@@ -10240,6 +10951,7 @@ function buildEnv() {
 		const v = process$1.env[key];
 		if (v !== void 0) env[key] = v;
 	}
+	if (toolbeltEnabled()) Object.assign(env, toolbeltPathOverride(env, PATHS.TOOLBELT_BIN_DIR));
 	return env;
 }
 /**
@@ -12082,10 +12794,11 @@ function round2(n) {
 * **xhigh on long-running personas works via SSE-streamed /mcp responses**
 * (handler.ts:handleToolsCallSSE). Claude Code's MCP HTTP client honors
 * `text/event-stream` responses without applying the ~60s per-tool-call
-* timer that previously broke xhigh on gpt-5.5 (~56s wall) and
-* claude-opus-4-7 (high+ thinking budgets). All four personas now expose
-* all four effort tiers with `high` default; SSE handles the long tail
-* transparently to the user.
+* timer that previously broke xhigh on gpt-5.5 (~56s wall) and on
+* Anthropic Opus families (high+ thinking budgets). opus-critic itself
+* now runs on claude-opus-4-6 which doesn't advertise xhigh, so the
+* SSE long-tail concern there is moot; the SSE machinery still applies
+* to the other personas that do expose xhigh.
 */
 const EFFORT_LEVELS = [
 	"low",
@@ -12263,9 +12976,9 @@ const PERSONAS_READ = Object.freeze([
 	{
 		agentName: "opus-critic",
 		toolNameHttp: "opus_critic",
-		model: "claude-opus-4-7",
+		model: "claude-opus-4-6",
 		endpoint: "/v1/messages",
-		description: "Adversarial second opinion from a fresh-context Opus 4.7 — same lab as the lead, limited blind-spot diversity vs cross-lab critics. On enterprise catalogs that carry Opus-4.7-1M it runs with a ≈936K-token input window and handles large artifacts without decomposition; otherwise ≈168K. Fast (~22s), catches confabulation and motivated reasoning. Pass artifact verbatim.",
+		description: "Adversarial second opinion from a fresh-context Opus 4.6 — same lab as the lead, limited blind-spot diversity vs cross-lab critics. On enterprise catalogs that carry Opus-4.6-1M it runs with a ≈936K-token input window; otherwise ≈168K. Pinned one minor behind the default Opus so the panel spans more of the version curve. Catches confabulation. Pass artifact verbatim.",
 		baseInstructions: OPUS_CRITIC_BASE,
 		agentPrompt: "",
 		writeCapable: false,
@@ -12273,10 +12986,9 @@ const PERSONAS_READ = Object.freeze([
 		allowedEfforts: [
 			"low",
 			"medium",
-			"high",
-			"xhigh"
+			"high"
 		],
-		defaultEffort: "xhigh"
+		defaultEffort: "high"
 	}
 ]);
 const PERSONAS_WRITE = Object.freeze([{
@@ -13459,6 +14171,8 @@ const PEER_MARKER_OPEN = "<!-- gh-router peer-mcp awareness — auto-injected, r
 const PEER_MARKER_CLOSE = "<!-- /gh-router peer-mcp awareness -->";
 const STYLE_MARKER_OPEN = "<!-- gh-router style directive — auto-injected, regenerated per launch -->";
 const STYLE_MARKER_CLOSE = "<!-- /gh-router style directive -->";
+const TOOLBELT_MARKER_OPEN = "<!-- gh-router toolbelt awareness — auto-injected, regenerated per launch -->";
+const TOOLBELT_MARKER_CLOSE = "<!-- /gh-router toolbelt awareness -->";
 /**
 * Writing / communication style directive injected at the TOP of the
 * mirrored CLAUDE.md so every spawned agent (main, Agent-tool subagent,
@@ -13805,6 +14519,303 @@ async function prependStyleDirectiveToMirroredClaudeMd(directive = STYLE_DIRECTI
 		label: "style-directive"
 	});
 }
+/**
+* Append the toolbelt awareness one-liner (which CLI tools are on PATH)
+* to the bottom of the mirrored CLAUDE.md so descendant agents (Agent
+* subagents, agent-teams teammates) learn about the provisioned tools.
+* The main agent gets the same line via `--append-system-prompt`.
+* Separate marker fence from the peer-awareness / style blocks.
+*/
+async function appendToolbeltAwarenessToMirroredClaudeMd(snippet) {
+	await injectMarkerBlock({
+		snippet,
+		markerOpen: TOOLBELT_MARKER_OPEN,
+		markerClose: TOOLBELT_MARKER_CLOSE,
+		position: "bottom",
+		label: "toolbelt-awareness"
+	});
+}
+//#endregion
+//#region src/lib/toolbelt/extract.ts
+function baseName(p) {
+	const norm = p.replace(/\\/g, "/");
+	const idx = norm.lastIndexOf("/");
+	return idx === -1 ? norm : norm.slice(idx + 1);
+}
+/**
+* Extract the first REGULAR-FILE tar member whose basename equals
+* `wantBasename` (optionally with a `.exe` suffix). Returns its bytes,
+* or null if absent. `buf` is the gzip-compressed tarball.
+*/
+function extractTarGzMember(buf, wantBasename) {
+	let tar;
+	try {
+		tar = gunzipSync(buf);
+	} catch {
+		return null;
+	}
+	const wants = new Set([wantBasename, `${wantBasename}.exe`]);
+	let offset = 0;
+	while (offset + 512 <= tar.length) {
+		const header = tar.subarray(offset, offset + 512);
+		if (header.every((b) => b === 0)) break;
+		const name$1 = readTarString(header, 0, 100);
+		const prefix = readTarString(header, 345, 155);
+		const fullName = prefix ? `${prefix}/${name$1}` : name$1;
+		const sizeOctal = readTarString(header, 124, 12).trim();
+		const size = parseInt(sizeOctal || "0", 8);
+		const typeflag = String.fromCharCode(header[156]);
+		const dataStart = offset + 512;
+		if ((typeflag === "0" || typeflag === "\0") && wants.has(baseName(fullName))) {
+			if (dataStart + size > tar.length) return null;
+			return Buffer.from(tar.subarray(dataStart, dataStart + size));
+		}
+		offset = dataStart + Math.ceil(size / 512) * 512;
+	}
+	return null;
+}
+function readTarString(block, start$1, len) {
+	const slice = block.subarray(start$1, start$1 + len);
+	const nul = slice.indexOf(0);
+	return slice.subarray(0, nul === -1 ? len : nul).toString("utf8");
+}
+/**
+* Extract the first REGULAR-FILE zip member whose basename equals
+* `wantBasename` (optionally `.exe`). Supports stored (0) and deflate
+* (8) compression. Rejects directories and unix-symlink entries.
+*/
+function extractZipMember(buf, wantBasename) {
+	const wants = new Set([wantBasename, `${wantBasename}.exe`]);
+	const EOCD_SIG = 101010256;
+	let eocd = -1;
+	const minStart = Math.max(0, buf.length - 65557);
+	for (let i = buf.length - 22; i >= minStart; i--) if (buf.readUInt32LE(i) === EOCD_SIG) {
+		eocd = i;
+		break;
+	}
+	if (eocd === -1) return null;
+	const entryCount = buf.readUInt16LE(eocd + 10);
+	let cd = buf.readUInt32LE(eocd + 16);
+	const CEN_SIG = 33639248;
+	for (let i = 0; i < entryCount; i++) {
+		if (cd + 46 > buf.length || buf.readUInt32LE(cd) !== CEN_SIG) return null;
+		const method = buf.readUInt16LE(cd + 10);
+		const compSize = buf.readUInt32LE(cd + 20);
+		const nameLen = buf.readUInt16LE(cd + 28);
+		const extraLen = buf.readUInt16LE(cd + 30);
+		const commentLen = buf.readUInt16LE(cd + 32);
+		const externalAttrs = buf.readUInt32LE(cd + 38);
+		const localOffset = buf.readUInt32LE(cd + 42);
+		const name$1 = buf.subarray(cd + 46, cd + 46 + nameLen).toString("utf8");
+		const isSymlink = (externalAttrs >>> 16 & 61440) === 40960;
+		const isDir = name$1.endsWith("/");
+		if (!isSymlink && !isDir && wants.has(baseName(name$1))) return readZipLocalEntry(buf, localOffset, method, compSize);
+		cd += 46 + nameLen + extraLen + commentLen;
+	}
+	return null;
+}
+function readZipLocalEntry(buf, localOffset, method, compSize) {
+	if (localOffset + 30 > buf.length || buf.readUInt32LE(localOffset) !== 67324752) return null;
+	const nameLen = buf.readUInt16LE(localOffset + 26);
+	const extraLen = buf.readUInt16LE(localOffset + 28);
+	const dataStart = localOffset + 30 + nameLen + extraLen;
+	const comp = buf.subarray(dataStart, dataStart + compSize);
+	try {
+		if (method === 0) return Buffer.from(comp);
+		if (method === 8) return inflateRawSync(comp);
+	} catch {
+		return null;
+	}
+	return null;
+}
+//#endregion
+//#region src/lib/toolbelt/provision.ts
+/** Per-download cap (bytes) — these binaries are a few MB at most. */
+const MAX_DOWNLOAD_BYTES = 64 * 1024 * 1024;
+const DOWNLOAD_TIMEOUT_MS = 3e4;
+const EXE_EXT = process$1.platform === "win32" ? ".exe" : "";
+/**
+* Materialize the toolbelt. Returns the list of command names exposed
+* in `bin/` after provisioning. Best-effort; never throws.
+*/
+async function provisionToolbelt() {
+	if (!toolbeltEnabled()) return [];
+	const binDir = PATHS.TOOLBELT_BIN_DIR;
+	try {
+		await mkdir(binDir, { recursive: true });
+	} catch (err) {
+		consola.debug("toolbelt: could not create bin dir:", err);
+		return [];
+	}
+	const skip = toolbeltSkipSet();
+	await withInstallLock("toolbelt.lock", async () => {
+		await pruneUnexpected(binDir);
+		await provisionRg(binDir, skip).catch((err) => consola.debug("toolbelt: rg skipped:", err));
+		await Promise.all(TOOLBELT_TOOLS.map((spec) => provisionTool(spec, binDir, skip).catch((err) => consola.debug(`toolbelt: ${spec.command} skipped:`, err))));
+	});
+	return exposedCommands(binDir);
+}
+/** Names allowed to live in `bin/` (managed binaries + their sidecars). */
+function expectedFileNames() {
+	const names = /* @__PURE__ */ new Set();
+	const add = (base) => {
+		names.add(base + EXE_EXT);
+		names.add(`${base}${EXE_EXT}.sha256`);
+	};
+	add("rg");
+	for (const spec of TOOLBELT_TOOLS) {
+		add(spec.binBasename);
+		for (const a of spec.aliases ?? []) add(a);
+	}
+	return names;
+}
+/** Remove any file in `bin/` that isn't a managed binary or sidecar. */
+async function pruneUnexpected(binDir) {
+	const expected = expectedFileNames();
+	let entries;
+	try {
+		entries = await readdir(binDir);
+	} catch {
+		return;
+	}
+	for (const name$1 of entries) {
+		if (name$1.endsWith(".tmp")) continue;
+		if (!expected.has(name$1)) await rm(path.join(binDir, name$1), { force: true }).catch(() => {});
+	}
+}
+async function provisionRg(binDir, skip) {
+	const dest = path.join(binDir, "rg" + EXE_EXT);
+	if (skip.has("rg") || resolveExecutable("rg")) {
+		await removeBin(dest);
+		return;
+	}
+	if (existsSync(dest)) return;
+	const src = vscodeRipgrepPath();
+	if (!src) return;
+	const tmp = tempName(dest);
+	try {
+		await link(src, tmp);
+	} catch {
+		await copyFile(src, tmp);
+	}
+	if (process$1.platform !== "win32") await chmod(tmp, 493).catch(() => {});
+	await commit(tmp, dest);
+}
+async function provisionTool(spec, binDir, skip) {
+	const dest = path.join(binDir, spec.binBasename + EXE_EXT);
+	const sidecar = `${dest}.sha256`;
+	const asset = assetFor(spec);
+	if (skip.has(spec.command) || !asset) {
+		await removeTool(spec, binDir);
+		return;
+	}
+	if (resolveExecutable(spec.command)) {
+		await removeTool(spec, binDir);
+		return;
+	}
+	if (existsSync(dest) && await sidecarMatches(sidecar, asset.sha256)) {
+		await ensureAliases(spec, binDir, dest);
+		return;
+	}
+	await atomicInstall(dest, await downloadAndExtract(spec, asset));
+	await writeFile(sidecar, asset.sha256).catch(() => {});
+	await ensureAliases(spec, binDir, dest);
+}
+async function downloadAndExtract(spec, asset) {
+	const data = await download(asset.url);
+	const digest = createHash("sha256").update(data).digest("hex");
+	if (digest !== asset.sha256) throw new Error(`checksum mismatch for ${spec.command} (${asset.url}): expected ${asset.sha256}, got ${digest}`);
+	if (asset.archive === "raw") return data;
+	const member = asset.archive === "zip" ? extractZipMember(data, spec.binBasename) : extractTarGzMember(data, spec.binBasename);
+	if (!member) throw new Error(`binary "${spec.binBasename}" not found in ${asset.url}`);
+	return member;
+}
+async function download(url) {
+	const controller = new AbortController();
+	const timer = setTimeout(() => controller.abort(), DOWNLOAD_TIMEOUT_MS);
+	try {
+		const res = await fetch(url, {
+			signal: controller.signal,
+			redirect: "follow",
+			headers: { "User-Agent": "github-router-toolbelt" }
+		});
+		if (!res.ok) throw new Error(`download ${url}: HTTP ${res.status}`);
+		const buf = Buffer.from(await res.arrayBuffer());
+		if (buf.length > MAX_DOWNLOAD_BYTES) throw new Error(`download ${url}: exceeds ${MAX_DOWNLOAD_BYTES} bytes`);
+		return buf;
+	} finally {
+		clearTimeout(timer);
+	}
+}
+/** Write to a unique temp then atomically rename into place. */
+async function atomicInstall(dest, bytes) {
+	const tmp = tempName(dest);
+	await writeFile(tmp, bytes);
+	if (process$1.platform !== "win32") await chmod(tmp, 493).catch(() => {});
+	await commit(tmp, dest);
+}
+/** Rename tmp→dest, handling Windows replace-existing / in-use locks. */
+async function commit(tmp, dest) {
+	try {
+		await rename(tmp, dest);
+	} catch {
+		try {
+			await rm(dest, { force: true });
+			await rename(tmp, dest);
+		} catch (err) {
+			await rm(tmp, { force: true }).catch(() => {});
+			throw err;
+		}
+	}
+}
+async function ensureAliases(spec, binDir, dest) {
+	for (const alias of spec.aliases ?? []) {
+		const ap = path.join(binDir, alias + EXE_EXT);
+		if (existsSync(ap)) continue;
+		const tmp = tempName(ap);
+		try {
+			await copyFile(dest, tmp);
+			if (process$1.platform !== "win32") await chmod(tmp, 493).catch(() => {});
+			await commit(tmp, ap);
+		} catch (err) {
+			consola.debug(`toolbelt: alias ${alias} skipped:`, err);
+		}
+	}
+}
+async function removeTool(spec, binDir) {
+	await removeBin(path.join(binDir, spec.binBasename + EXE_EXT));
+	for (const alias of spec.aliases ?? []) await removeBin(path.join(binDir, alias + EXE_EXT));
+}
+async function removeBin(dest) {
+	await rm(dest, { force: true }).catch(() => {});
+	await rm(`${dest}.sha256`, { force: true }).catch(() => {});
+}
+async function sidecarMatches(sidecar, sha256) {
+	try {
+		return (await readFile(sidecar, "utf8")).trim() === sha256;
+	} catch {
+		return false;
+	}
+}
+function tempName(dest) {
+	return `${dest}.${process$1.pid}.${randomBytes(4).toString("hex")}.tmp`;
+}
+/** The command names currently exposed in `bin/`. */
+async function exposedCommands(binDir) {
+	let files;
+	try {
+		files = new Set(await readdir(binDir));
+	} catch {
+		return [];
+	}
+	const present = (base) => files.has(base + EXE_EXT);
+	const out = [];
+	if (present("rg")) out.push("rg");
+	for (const spec of TOOLBELT_TOOLS) if (present(spec.binBasename)) out.push(spec.command);
+	return out;
+}
 //#endregion
 //#region src/lib/proxy.ts
@@ -13855,7 +14866,7 @@ function initProxyFromEnv() {
 //#endregion
 //#region package.json
 var name = "github-router";
-var version$1 = "0.3.66";
+var version$1 = "0.3.71";
 //#endregion
 //#region src/lib/approval.ts
@@ -15699,6 +16710,11 @@ const sharedServerArgs = {
 		type: "boolean",
 		default: false,
 		description: "Force humanlike pacing on ALL browser tool dispatches: Beta-distributed inter-action delays (800-4600 ms), Bezier mouse trajectories with overshoot-and-correct, per-keystroke jitter with word-end pauses, scroll chunking. Use for known anti-bot sites (Cloudflare, Datadome). Off by default (auto mode); GH_ROUTER_HUMANLIKE=1 is the env equivalent. GH_ROUTER_BROWSER_NO_HUMANLIKE=1 hard-disables (wins over --humanlike, for tests)."
+	},
+	"self-update": {
+		type: "boolean",
+		default: true,
+		description: "Update github-router itself to the latest npm version on launch (throttled once/hour). Best-effort and non-blocking: the proxy serves immediately and a detached updater applies the new version after this process exits (it takes effect on the NEXT launch; the running process keeps its current build). Disable with --no-self-update or GH_ROUTER_NO_SELF_UPDATE=1. Skipped silently if npm/network unavailable."
 	}
 };
 const allowedAccountTypes = new Set([
@@ -15792,10 +16808,10 @@ function getClaudeCodeEnvVars(serverUrl, model) {
 		DISABLE_TELEMETRY: "1"
 	};
 	if (model) vars.ANTHROPIC_MODEL = model;
-	if (process.env.ANTHROPIC_SMALL_FAST_MODEL === void 0) vars.ANTHROPIC_SMALL_FAST_MODEL = "claude-haiku-4-5";
+	if (process.env.ANTHROPIC_SMALL_FAST_MODEL === void 0) vars.ANTHROPIC_SMALL_FAST_MODEL = "claude-sonnet-4-6";
 	if (process.env.ANTHROPIC_DEFAULT_SONNET_MODEL === void 0) vars.ANTHROPIC_DEFAULT_SONNET_MODEL = "claude-sonnet-4-6";
 	if (process.env.ANTHROPIC_DEFAULT_HAIKU_MODEL === void 0) vars.ANTHROPIC_DEFAULT_HAIKU_MODEL = "claude-haiku-4-5";
-	if (process.env.ANTHROPIC_DEFAULT_OPUS_MODEL === void 0) vars.ANTHROPIC_DEFAULT_OPUS_MODEL = "claude-opus-4-7";
+	if (process.env.ANTHROPIC_DEFAULT_OPUS_MODEL === void 0) vars.ANTHROPIC_DEFAULT_OPUS_MODEL = "claude-opus-4-8";
 	if (process.env.CLAUDE_CODE_PLAN_V2_AGENT_COUNT === void 0) vars.CLAUDE_CODE_PLAN_V2_AGENT_COUNT = "7";
 	for (const key of [
 		"CLAUDE_CODE_ENABLE_EXPERIMENTAL_ADVISOR_TOOL",
@@ -15804,6 +16820,7 @@ function getClaudeCodeEnvVars(serverUrl, model) {
 		"CLAUDE_CODE_ENABLE_FINE_GRAINED_TOOL_STREAMING",
 		"CLAUDE_CODE_ENABLE_TASKS"
 	]) if (process.env[key] === void 0) vars[key] = "1";
+	if (toolbeltEnabled()) Object.assign(vars, toolbeltPathOverride(process.env, PATHS.TOOLBELT_BIN_DIR));
 	return vars;
 }
 /**
@@ -15819,11 +16836,13 @@ function getClaudeCodeEnvVars(serverUrl, model) {
 * masks any cached login.
 */
 function getCodexEnvVars(serverUrl) {
-	return {
+	const vars = {
 		OPENAI_BASE_URL: `${serverUrl}/v1`,
 		OPENAI_API_KEY: "dummy",
 		CODEX_HOME: PATHS.CODEX_HOME
 	};
+	if (toolbeltEnabled()) Object.assign(vars, toolbeltPathOverride(process.env, PATHS.TOOLBELT_BIN_DIR));
+	return vars;
 }
 //#endregion
@@ -15863,7 +16882,7 @@ const claude = defineCommand({
 		"auto-update": {
 			type: "boolean",
 			default: true,
-			description: "Check for and install latest Claude Code on launch (throttled to once per hour via ~/.local/share/github-router/last-update-check). Set to false (--no-auto-update) to keep the current installed version. Falls back gracefully if npm/network unavailable."
+			description: "Check for and install the latest Claude Code on launch via `claude update` (throttled to once per hour via ~/.local/share/github-router/last-update-check). `claude update` respects the real install method (native installer or npm), so it never creates a conflicting second install; builds too old to support it fall back to `npm install -g @anthropic-ai/claude-code@latest`. Set to false (--no-auto-update) to check and warn only. Falls back gracefully if claude/npm/network unavailable."
 		},
 		"update-check": {
 			type: "boolean",
@@ -15886,12 +16905,12 @@ const claude = defineCommand({
 			if (versionCheck.skipped && versionCheck.skipReason === "no-claude") consola.debug("claude --version probe failed; skipping auto-update.");
 			else if (versionCheck.skipped && versionCheck.skipReason === "no-npm") consola.debug("npm view @anthropic-ai/claude-code failed; skipping auto-update check (likely offline).");
 			else if (versionCheck.needsUpdate && versionCheck.installedVersion && versionCheck.latestVersion) if (args["auto-update"] !== false) try {
-				await autoUpdateClaude(versionCheck.latestVersion);
+				await updateClaude(versionCheck.latestVersion);
 			} catch (err) {
 				const msg = err instanceof Error ? err.message : String(err);
-				consola.warn(`Auto-update of Claude Code from ${versionCheck.installedVersion} to ${versionCheck.latestVersion} failed (${msg}); continuing with installed version. Run \`npm install -g @anthropic-ai/claude-code@latest\` manually to retry.`);
+				consola.warn(`Auto-update of Claude Code from ${versionCheck.installedVersion} to ${versionCheck.latestVersion} failed (${msg}); continuing with installed version. Run \`claude update\` (or \`npm install -g @anthropic-ai/claude-code@latest\`) manually to retry.`);
 			}
-			else consola.warn(`Claude Code v${versionCheck.installedVersion} is installed; v${versionCheck.latestVersion} is available. Run with --auto-update (the default) to install on launch, or \`npm install -g @anthropic-ai/claude-code@latest\` manually.`);
+			else consola.warn(`Claude Code v${versionCheck.installedVersion} is installed; v${versionCheck.latestVersion} is available. Run with --auto-update (the default) to install on launch, or \`claude update\` manually.`);
 		} catch (err) {
 			consola.debug("Claude version check failed:", err);
 		}
@@ -15909,6 +16928,7 @@ const claude = defineCommand({
 			consola.error("Failed to start server:", error instanceof Error ? error.message : error);
 			process$1.exit(1);
 		}
+		runSelfUpdate({ selfUpdate: args["self-update"] !== false });
 		try {
 			await ensureClaudeConfigMirror();
 		} catch (err) {
@@ -15940,6 +16960,15 @@ const claude = defineCommand({
 		process$1.stderr.write(`Server ready on ${serverUrl}, launching Claude Code (${banner})...\n`);
 		const envVars = getClaudeCodeEnvVars(serverUrl, chosenSlug);
 		const extraArgs = args._ ?? [];
+		if (toolbeltEnabled()) {
+			provisionToolbelt().catch((err) => consola.debug("Toolbelt provisioning failed:", err));
+			const toolbeltLine = buildToolbeltAwareness(availableToolCommands());
+			if (toolbeltLine) try {
+				await appendToolbeltAwarenessToMirroredClaudeMd(toolbeltLine);
+			} catch (err) {
+				consola.warn(`Toolbelt CLAUDE.md append failed: ${err instanceof Error ? err.message : String(err)}`);
+			}
+		}
 		const baseShutdown = async () => {
 			await removeOwnClaudeConfigMirror();
 		};
@@ -16039,6 +17068,8 @@ const codex = defineCommand({
 			consola.error("Failed to start server:", error instanceof Error ? error.message : error);
 			process$1.exit(1);
 		}
+		runSelfUpdate({ selfUpdate: args["self-update"] !== false });
+		if (toolbeltEnabled()) provisionToolbelt().catch(() => {});
 		const usingDefault = !args.model;
 		const requestedModel = args.model ?? DEFAULT_CODEX_MODEL;
 		enableFileLogging();
@@ -16411,6 +17442,7 @@ const start = defineCommand({
 			port: parsed.port ?? DEFAULT_PORT,
 			silent: false
 		});
+		runSelfUpdate({ selfUpdate: args["self-update"] !== false });
 		if (args.cc) generateClaudeCodeCommand(serverUrl, args.model);
 		if (args.cx) generateCodexCommand(serverUrl, args.model);
 		consola.box(`🌐 Usage Viewer: https://animeshkundu.github.io/github-router/dashboard.html?endpoint=${serverUrl}/usage`);