github-router 0.3.68 → 0.3.71

package/dist/main.js

@@ -1,22 +1,21 @@
 #!/usr/bin/env node
-import { a as removeOwnClaudeConfigMirror, i as isUnderClaudeConfigMirror, l as writeRuntimeFileSecure, n as ensureClaudeConfigMirror, r as ensurePaths, t as PATHS } from "./paths-CZvFif-e.js";
-import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-hkBEjHb2.js";
+import { a as removeOwnClaudeConfigMirror, i as isUnderClaudeConfigMirror, l as writeRuntimeFileSecure, n as ensureClaudeConfigMirror, r as ensurePaths, t as PATHS } from "./paths-CoFnpNZl.js";
+import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-NQRdfY1u.js";
 import { createRequire } from "node:module";
 import { defineCommand, runMain } from "citty";
 import consola from "consola";
 import { createHash, randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
-import fs, { readFile, stat } from "node:fs/promises";
+import fs, { chmod, copyFile, link, mkdir, open, readFile, readdir, rename, rm, stat, writeFile } from "node:fs/promises";
 import os, { homedir, platform } from "node:os";
 import * as path$1 from "node:path";
 import path, { dirname, join } from "node:path";
 import process$1 from "node:process";
 import { execFile, execFileSync, spawn, spawnSync } from "node:child_process";
-import { promisify } from "node:util";
 import fs$1, { chmodSync, closeSync, existsSync, mkdirSync, openSync, readFileSync, realpathSync, renameSync, statSync, unlinkSync, writeFileSync, writeSync } from "node:fs";
+import { fileURLToPath } from "node:url";
 import { createInterface } from "node:readline";
 import Parser from "web-tree-sitter";
 import WebSocket from "ws";
-import { fileURLToPath } from "node:url";
 import { events } from "fetch-event-stream";
 import { Type } from "typebox";
 import "partial-json";
@@ -26,6 +25,7 @@ import "yaml";
 import "ignore";
 import { z } from "zod";
 import { Writable } from "node:stream";
+import { gunzipSync, inflateRawSync } from "node:zlib";
 import { serve } from "srvx";
 import { getProxyForUrl } from "proxy-from-env";
 import { Agent, ProxyAgent, setGlobalDispatcher } from "undici";
@@ -757,24 +757,262 @@ const checkUsage = defineCommand({
 	}
 });
 
+//#endregion
+//#region src/lib/exec.ts
+/**
+* Parse a boolean-ish env value. Returns `undefined` when unset or
+* unrecognized so callers can apply their own default. Accepts
+* `1|true|yes|on` (true) and `0|false|no|off|<empty>` (false),
+* case-insensitive. The single shared parser for all new `GH_ROUTER_*`
+* flags so on/off semantics don't drift per call site.
+*/
+function parseBoolEnv(value) {
+	if (value === void 0) return void 0;
+	const v = value.trim().toLowerCase();
+	if (v === "1" || v === "true" || v === "yes" || v === "on") return true;
+	if (v === "0" || v === "false" || v === "no" || v === "off" || v === "") return false;
+}
+/** Read the PATH value from an env object, case-insensitively. */
+function pathValueOf(env) {
+	for (const key of Object.keys(env)) if (key.toLowerCase() === "path") return env[key] ?? "";
+	return "";
+}
+/**
+* Resolve an executable name to an absolute path against PATH, honoring
+* `PATHEXT` on Windows and **excluding the current working directory**.
+*
+* Returns `null` when unresolved — callers treat that as "tool absent"
+* and skip (best-effort). Spawning the returned absolute path means
+* `cmd.exe`'s implicit cwd-first lookup never applies, closing the
+* planted-`npm.cmd` vector.
+*/
+function resolveExecutable(name$1, opts = {}) {
+	const platform$1 = opts.platform ?? process$1.platform;
+	const env = opts.env ?? process$1.env;
+	const cwdRaw = opts.cwd ?? (typeof process$1.cwd === "function" ? process$1.cwd() : void 0);
+	const resolvedCwd = cwdRaw ? path.resolve(cwdRaw) : null;
+	const dirs = pathValueOf(env).split(path.delimiter).filter((d) => d.length > 0 && d !== ".");
+	const isWin = platform$1 === "win32";
+	if (!isWin && name$1.includes("/")) return existsSync(name$1) ? path.resolve(name$1) : null;
+	if (isWin && (name$1.includes("\\") || name$1.includes("/"))) return existsSync(name$1) ? path.resolve(name$1) : null;
+	const exts = isWin && path.extname(name$1) === "" ? (env.PATHEXT ?? ".COM;.EXE;.BAT;.CMD").split(";").map((e) => e.trim()).filter(Boolean) : [""];
+	for (const dir of dirs) {
+		if (resolvedCwd && path.resolve(dir) === resolvedCwd) continue;
+		for (const ext of exts) {
+			const candidate = path.join(dir, name$1 + ext);
+			if (existsSync(candidate)) return candidate;
+		}
+	}
+	return null;
+}
+/**
+* Quote one argument for a `cmd.exe /c "<line>"` command line so the
+* target program receives it verbatim and no `cmd.exe` metacharacter
+* retains shell meaning.
+*
+* Two phases (the canonical Windows approach — Colascione / Rust std):
+*   1. **argv quoting** so `CommandLineToArgvW` in the target parses
+*      the token as one argument (double-quote, backslash-escape).
+*   2. **caret-escaping** every `cmd.exe` metacharacter — including the
+*      quotes from phase 1 — so `cmd.exe` is never in quote-mode, strips
+*      the carets, and hands the argv-quoted string to the program.
+*
+* `%` is special: it cannot be reliably escaped on the `cmd.exe`
+* *command line* (caret does not stop `%VAR%` expansion there). Rather
+* than mis-escape, we **throw** — our callers never pass `%`, so this
+* fails closed on the one unescapable injection vector.
+*/
+function quoteWinArg(arg) {
+	if (arg.includes("%")) throw new Error("buildExecInvocation: argument contains '%', which cannot be safely escaped on the Windows command line; refusing to build the command.");
+	let quoted;
+	if (arg.length > 0 && !/[ \t\n\v"&|<>()^!]/.test(arg)) quoted = arg;
+	else {
+		let s = "\"";
+		let backslashes = 0;
+		for (const ch of arg) if (ch === "\\") backslashes++;
+		else if (ch === "\"") {
+			s += "\\".repeat(backslashes * 2 + 1) + "\"";
+			backslashes = 0;
+		} else {
+			s += "\\".repeat(backslashes) + ch;
+			backslashes = 0;
+		}
+		s += "\\".repeat(backslashes * 2) + "\"";
+		quoted = s;
+	}
+	return quoted.replace(/[()!^"<>&|]/g, "^$&");
+}
+/**
+* Build the platform-correct `spawn` invocation for a command given as
+* an argv array. Pure / unit-testable (no spawn).
+*
+*   - win32 → a single caret/argv-quoted command string + `shell:true`
+*     + empty args array (the empty array avoids the DEP0190 warning
+*     that fires when args and `shell:true` are combined). `cmd[0]`
+*     should already be an absolute path from `resolveExecutable`.
+*   - posix → `(cmd[0], cmd.slice(1))` with `shell:false` — no shell,
+*     no injection surface.
+*/
+function buildExecInvocation(cmd, platform$1 = process$1.platform) {
+	if (cmd.length === 0) throw new Error("buildExecInvocation: empty command");
+	if (platform$1 === "win32") return {
+		command: cmd.map(quoteWinArg).join(" "),
+		args: [],
+		shell: true
+	};
+	return {
+		command: cmd[0],
+		args: cmd.slice(1),
+		shell: false
+	};
+}
+function runInternal(cmd, stdoutMode, opts) {
+	const { command, args, shell } = buildExecInvocation(cmd);
+	return new Promise((resolve, reject) => {
+		let child;
+		try {
+			child = spawn(command, args, {
+				cwd: opts.cwd,
+				env: opts.env ?? process$1.env,
+				shell,
+				windowsHide: true,
+				stdio: [
+					"ignore",
+					stdoutMode,
+					stdoutMode === "inherit" ? "inherit" : "pipe"
+				]
+			});
+		} catch (err) {
+			reject(err instanceof Error ? err : new Error(String(err)));
+			return;
+		}
+		let stdout = "";
+		let stderr = "";
+		let timedOut = false;
+		let settled = false;
+		const timer = opts.timeoutMs ? setTimeout(() => {
+			timedOut = true;
+			killTree(child.pid);
+		}, opts.timeoutMs) : void 0;
+		timer?.unref?.();
+		child.stdout?.on("data", (c) => {
+			stdout += c.toString("utf8");
+		});
+		child.stderr?.on("data", (c) => {
+			stderr += c.toString("utf8");
+		});
+		child.stdout?.on("error", () => {});
+		child.stderr?.on("error", () => {});
+		const finish = (code) => {
+			if (settled) return;
+			settled = true;
+			if (timer) clearTimeout(timer);
+			resolve({
+				stdout,
+				stderr,
+				code,
+				timedOut
+			});
+		};
+		child.on("error", (err) => {
+			if (settled) return;
+			settled = true;
+			if (timer) clearTimeout(timer);
+			reject(err);
+		});
+		child.on("close", (code) => finish(code));
+	});
+}
+/** Kill a process tree best-effort (taskkill /T on Windows). */
+function killTree(pid) {
+	if (!pid) return;
+	try {
+		if (process$1.platform === "win32") spawn("taskkill", [
+			"/T",
+			"/F",
+			"/PID",
+			String(pid)
+		], {
+			stdio: "ignore",
+			windowsHide: true
+		});
+		else process$1.kill(pid, "SIGTERM");
+	} catch {}
+}
+/** Run a command and capture stdout/stderr. Rejects on spawn error. */
+function runCommandCapture(cmd, opts = {}) {
+	return runInternal(cmd, "pipe", opts);
+}
+/** Run a command discarding output (still captures stderr for errors). */
+function runCommandVoid(cmd, opts = {}) {
+	return runInternal(cmd, "pipe", opts);
+}
+
+//#endregion
+//#region src/lib/update-lock.ts
+/** A lock older than this is treated as stale (crashed holder) and stolen. */
+const STALE_LOCK_MS = 600 * 1e3;
+function lockPath(name$1) {
+	return path.join(os.homedir(), ".local", "share", "github-router", name$1);
+}
+/**
+* Run `fn` while holding an exclusive lockfile named `name` under the
+* app dir. Returns `true` if the lock was acquired and `fn` ran,
+* `false` if another process already holds it (caller skips silently).
+*
+* A lock left by a crashed process older than `STALE_LOCK_MS` is
+* stolen so the updater can never be wedged permanently.
+*/
+async function withInstallLock(name$1, fn) {
+	const p = lockPath(name$1);
+	let handle = await tryCreateLock(p);
+	if (!handle) {
+		let stale = false;
+		try {
+			const s = await stat(p);
+			stale = Date.now() - s.mtimeMs > STALE_LOCK_MS;
+		} catch {
+			stale = true;
+		}
+		if (!stale) return false;
+		await rm(p, { force: true }).catch(() => {});
+		handle = await tryCreateLock(p);
+		if (!handle) return false;
+	}
+	try {
+		await handle.close();
+		await fn();
+		return true;
+	} finally {
+		await rm(p, { force: true }).catch(() => {});
+	}
+}
+async function tryCreateLock(p) {
+	try {
+		return await open(p, "wx");
+	} catch {
+		return null;
+	}
+}
+
 //#endregion
 //#region src/lib/claude-version-check.ts
-const execFileAsync = promisify(execFile);
-const NPM_PACKAGE = "@anthropic-ai/claude-code";
-const THROTTLE_HOURS = 1;
-const NPM_VIEW_TIMEOUT_MS = 5e3;
+const NPM_PACKAGE$1 = "@anthropic-ai/claude-code";
+const THROTTLE_HOURS$1 = 1;
+const NPM_VIEW_TIMEOUT_MS$1 = 5e3;
+const CLAUDE_VERSION_TIMEOUT_MS = 3e3;
 const NPM_INSTALL_TIMEOUT_MS = 12e4;
 /** Path to the throttle cache. Created on demand. */
-function cacheFilePath() {
+function cacheFilePath$1() {
 	return path.join(os.homedir(), ".local", "share", "github-router", "last-update-check");
 }
 /**
 * Read the throttle cache. Returns null on missing/corrupt file —
 * triggers a fresh check.
 */
-async function readCache() {
+async function readCache$1() {
 	try {
-		const raw = await fs.readFile(cacheFilePath(), "utf8");
+		const raw = await fs.readFile(cacheFilePath$1(), "utf8");
 		const parsed = JSON.parse(raw);
 		if (typeof parsed.checkedAt !== "string" || parsed.installedVersion !== null && typeof parsed.installedVersion !== "string" || parsed.latestVersion !== null && typeof parsed.latestVersion !== "string") return null;
 		return parsed;
@@ -782,37 +1020,38 @@ async function readCache() {
 		return null;
 	}
 }
-async function writeCache(cache) {
+async function writeCache$1(cache) {
 	try {
-		await fs.mkdir(path.dirname(cacheFilePath()), { recursive: true });
-		await fs.writeFile(cacheFilePath(), JSON.stringify(cache), { mode: 384 });
+		await fs.mkdir(path.dirname(cacheFilePath$1()), { recursive: true });
+		await fs.writeFile(cacheFilePath$1(), JSON.stringify(cache), { mode: 384 });
 	} catch (err) {
 		consola.debug("Failed to write claude version-check cache:", err);
 	}
 }
 /** Check if it's been more than THROTTLE_HOURS since the last check. */
-function shouldCheckNow(cache) {
+function shouldCheckNow$1(cache) {
 	if (!cache) return true;
 	const lastCheck = new Date(cache.checkedAt).getTime();
 	if (Number.isNaN(lastCheck)) return true;
-	return (Date.now() - lastCheck) / 1e3 / 3600 >= THROTTLE_HOURS;
+	return (Date.now() - lastCheck) / 1e3 / 3600 >= THROTTLE_HOURS$1;
 }
 /**
 * Read the installed `claude` version. Returns null if claude is not
 * on PATH or the version probe fails (e.g. older versions that don't
 * support `--version` cleanly).
-*/
-function getInstalledVersion() {
+*
+* Windows-safe: `claude` is a `.cmd` shim that `execFile` cannot launch
+* directly. We resolve it to an absolute path (excluding the cwd, so a
+* planted `claude.cmd` in an untrusted repo can't run) and invoke it
+* through the shared exec helper.
+*/
+async function getInstalledVersion() {
+	const claudePath = resolveExecutable("claude");
+	if (!claudePath) return null;
 	try {
-		const match = execFileSync("claude", ["--version"], {
-			stdio: [
-				"ignore",
-				"pipe",
-				"ignore"
-			],
-			timeout: 3e3,
-			encoding: "utf8"
-		}).match(/^(\d+\.\d+\.\d+)/);
+		const { stdout, code } = await runCommandCapture([claudePath, "--version"], { timeoutMs: CLAUDE_VERSION_TIMEOUT_MS });
+		if (code !== 0) return null;
+		const match = stdout.match(/(\d+\.\d+\.\d+)/);
 		return match ? match[1] : null;
 	} catch {
 		return null;
@@ -821,15 +1060,22 @@ function getInstalledVersion() {
 /**
 * Fetch the latest version of @anthropic-ai/claude-code from the npm
 * registry. Returns null on network failure / npm unavailable.
+*
+* Windows-safe: `npm` is `npm.cmd`; resolved to an absolute path
+* (excluding cwd) before invocation.
 */
-async function getLatestVersion() {
+async function getLatestVersion$1() {
+	const npmPath = resolveExecutable("npm");
+	if (!npmPath) return null;
 	try {
-		const { stdout } = await execFileAsync("npm", [
+		const { stdout, code } = await runCommandCapture([
+			npmPath,
 			"view",
-			NPM_PACKAGE,
+			NPM_PACKAGE$1,
 			"version",
 			"--silent"
-		], { timeout: NPM_VIEW_TIMEOUT_MS });
+		], { timeoutMs: NPM_VIEW_TIMEOUT_MS$1 });
+		if (code !== 0) return null;
 		const v = stdout.trim();
 		return /^\d+\.\d+\.\d+/.test(v) ? v : null;
 	} catch {
@@ -867,8 +1113,8 @@ async function checkClaudeVersion(opts = {}) {
 		skipped: true,
 		skipReason: "disabled"
 	};
-	const cache = await readCache();
-	if (!opts.force && !shouldCheckNow(cache)) return {
+	const cache = await readCache$1();
+	if (!opts.force && !shouldCheckNow$1(cache)) return {
 		installed: cache?.installedVersion !== null,
 		installedVersion: cache?.installedVersion ?? null,
 		latestVersion: cache?.latestVersion ?? null,
@@ -876,7 +1122,7 @@ async function checkClaudeVersion(opts = {}) {
 		skipped: true,
 		skipReason: "throttled"
 	};
-	const installedVersion = getInstalledVersion();
+	const installedVersion = await getInstalledVersion();
 	if (installedVersion === null) return {
 		installed: false,
 		installedVersion: null,
@@ -885,8 +1131,8 @@ async function checkClaudeVersion(opts = {}) {
 		skipped: true,
 		skipReason: "no-claude"
 	};
-	const latestVersion = await getLatestVersion();
-	await writeCache({
+	const latestVersion = await getLatestVersion$1();
+	await writeCache$1({
 		checkedAt: (/* @__PURE__ */ new Date()).toISOString(),
 		installedVersion,
 		latestVersion
@@ -908,23 +1154,190 @@ async function checkClaudeVersion(opts = {}) {
 	};
 }
 /**
-* Run `npm install -g @anthropic-ai/claude-code@latest` synchronously.
-* Throws on failure — the caller decides whether to abort the launch
-* or continue with the older version.
-*/
-async function autoUpdateClaude(latestVersion) {
-	consola.info(`Updating ${NPM_PACKAGE} to ${latestVersion} (this may take ~30s)...`);
-	try {
-		await execFileAsync("npm", [
+* Heuristic: did `claude update` fail because the subcommand does not
+* exist (a build predating `claude update`), as opposed to a transient
+* update error? We only npm-fall-back on this specific signal — falling
+* back on any failure would install a conflicting npm copy on
+* native-installer machines.
+*
+* Matches the usage/Commander-style "unknown command" messages CLIs emit
+* for an unrecognized subcommand. Deliberately narrow.
+*/
+function looksLikeUnknownUpdateCommand(output) {
+	return /unknown command|unknown subcommand|unrecognized (sub)?command|invalid command|command not found|is not a (known|valid) command/i.test(output);
+}
+async function updateClaude(latestVersion, deps = {}) {
+	const _resolve = deps.resolveExecutable ?? resolveExecutable;
+	const _capture = deps.runCommandCapture ?? runCommandCapture;
+	const _void = deps.runCommandVoid ?? runCommandVoid;
+	const _lock = deps.withInstallLock ?? withInstallLock;
+	const claudePath = _resolve("claude");
+	if (!claudePath) throw new Error("claude not found on PATH");
+	if (!await _lock("claude-update.lock", async () => {
+		consola.info(`Updating Claude Code to ${latestVersion} via \`claude update\`...`);
+		const { code, stdout, stderr } = await _capture([claudePath, "update"], { timeoutMs: NPM_INSTALL_TIMEOUT_MS });
+		const combined = `${stdout}${stderr}`;
+		const trimmed = combined.trim();
+		if (trimmed) process.stdout.write(trimmed.endsWith("\n") ? trimmed : `${trimmed}\n`);
+		if (code === 0) {
+			consola.success(`Claude Code updated to ${latestVersion}`);
+			return;
+		}
+		if (!looksLikeUnknownUpdateCommand(combined)) throw new Error(`\`claude update\` exited with code ${code}`);
+		const npmPath = _resolve("npm");
+		if (!npmPath) throw new Error(`this Claude Code build predates \`claude update\` and npm is not on PATH; update manually: npm install -g ${NPM_PACKAGE$1}@latest`);
+		consola.warn(`This Claude Code build predates \`claude update\`; falling back to \`npm install -g ${NPM_PACKAGE$1}@latest\`.`);
+		const { code: npmCode, stderr: npmStderr } = await _void([
+			npmPath,
 			"install",
 			"-g",
-			`${NPM_PACKAGE}@latest`,
+			`${NPM_PACKAGE$1}@latest`,
+			"--silent"
+		], { timeoutMs: NPM_INSTALL_TIMEOUT_MS });
+		if (npmCode !== 0) throw new Error(`npm install failed: ${npmStderr.trim() || `exit ${npmCode}`}`);
+		consola.success(`${NPM_PACKAGE$1} updated to ${latestVersion}`);
+	})) consola.debug("Claude Code update already in progress in another process; skipping.");
+}
+
+//#endregion
+//#region src/lib/version.ts
+/**
+* Read this binary's published version from package.json at runtime.
+*
+* Done at runtime (not baked at build time) because release.yml builds
+* BEFORE `npm version patch` bumps the version — a build-time inline
+* would always ship the pre-bump value. The npm tarball ships package.json
+* alongside `dist/`, so a sibling-up lookup from import.meta.url resolves
+* cleanly in both dev (`src/lib/`) and bundled (`dist/`) layouts.
+*
+* Returns `"unknown"` if package.json can't be located or parsed —
+* never throws, so the CLI never fails to start over version reporting.
+*/
+function getPackageVersion() {
+	try {
+		const here = dirname(fileURLToPath(import.meta.url));
+		const candidates = [join(here, "..", "..", "package.json"), join(here, "..", "package.json")];
+		for (const path$2 of candidates) try {
+			const raw = readFileSync(path$2, "utf8");
+			const parsed = JSON.parse(raw);
+			if (typeof parsed.version === "string" && (parsed.name === "github-router" || parsed.name === "@animeshkundu/github-router")) return parsed.version;
+		} catch {}
+	} catch {}
+	return "unknown";
+}
+
+//#endregion
+//#region src/lib/self-update.ts
+const NPM_PACKAGE = "github-router";
+const THROTTLE_HOURS = 1;
+const NPM_VIEW_TIMEOUT_MS = 5e3;
+function cacheFilePath() {
+	return path.join(os.homedir(), ".local", "share", "github-router", "last-self-update-check");
+}
+async function readCache() {
+	try {
+		const parsed = JSON.parse(await fs.readFile(cacheFilePath(), "utf8"));
+		if (typeof parsed.checkedAt !== "string") return null;
+		return parsed;
+	} catch {
+		return null;
+	}
+}
+async function writeCache(cache) {
+	try {
+		await fs.mkdir(path.dirname(cacheFilePath()), { recursive: true });
+		await fs.writeFile(cacheFilePath(), JSON.stringify(cache), { mode: 384 });
+	} catch (err) {
+		consola.debug("Failed to write self-update cache:", err);
+	}
+}
+function shouldCheckNow(cache) {
+	if (!cache) return true;
+	const last = new Date(cache.checkedAt).getTime();
+	if (Number.isNaN(last)) return true;
+	return (Date.now() - last) / 1e3 / 3600 >= THROTTLE_HOURS;
+}
+async function getLatestVersion(npmPath) {
+	try {
+		const { stdout, code } = await runCommandCapture([
+			npmPath,
+			"view",
+			NPM_PACKAGE,
+			"version",
 			"--silent"
-		], { timeout: NPM_INSTALL_TIMEOUT_MS });
-		consola.success(`${NPM_PACKAGE} updated to ${latestVersion}`);
+		], { timeoutMs: NPM_VIEW_TIMEOUT_MS });
+		if (code !== 0) return null;
+		const v = stdout.trim();
+		return /^\d+\.\d+\.\d+/.test(v) ? v : null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Spawn a detached process that waits for THIS proxy (pid) to exit,
+* then runs `npm install -g github-router@latest`. Fully detached and
+* unref'd so it outlives the proxy; output discarded.
+*
+* The waiter is a tiny inline Node script (Node is guaranteed present —
+* the proxy runs on it) that polls `process.kill(pid, 0)` until the
+* parent is gone, then execs npm. This avoids the Windows file-lock by
+* never touching the global install while the proxy holds it open.
+*/
+function spawnDetachedUpdater(npmPath) {
+	const waiter = `
+    const pid = ${process.pid};
+    const { spawn } = require("node:child_process");
+    function alive() { try { process.kill(pid, 0); return true } catch { return false } }
+    const timer = setInterval(() => {
+      if (alive()) return;
+      clearInterval(timer);
+      const args = ["install", "-g", ${JSON.stringify(`${NPM_PACKAGE}@latest`)}, "--silent"];
+      const isWin = process.platform === "win32";
+      const child = spawn(${JSON.stringify(npmPath)}, args, {
+        stdio: "ignore", windowsHide: true, shell: isWin, detached: !isWin,
+      });
+      child.on("error", () => process.exit(0));
+      child.on("exit", () => process.exit(0));
+      // Safety: never hang forever.
+      setTimeout(() => process.exit(0), 180000).unref();
+    }, 500);
+    // Safety cap on the wait itself (e.g. extremely long sessions still
+    // eventually give up rather than leak the waiter).
+    setTimeout(() => { clearInterval(timer); process.exit(0); }, 24 * 3600 * 1000).unref();
+  `.trim();
+	spawn(process.execPath, ["-e", waiter], {
+		detached: true,
+		stdio: "ignore",
+		windowsHide: true
+	}).unref();
+}
+/**
+* Probe npm for a newer `github-router` and, if found, queue a detached
+* post-exit update. Returns quickly; never throws. Call AFTER the
+* server is listening so the bounded probe can't delay binding.
+*/
+async function runSelfUpdate(opts) {
+	if (!opts.selfUpdate) return;
+	if (parseBoolEnv(process.env.GH_ROUTER_NO_SELF_UPDATE) === true) return;
+	try {
+		const cache = await readCache();
+		if (!opts.force && !shouldCheckNow(cache)) return;
+		const installed = getPackageVersion();
+		if (installed === "unknown") return;
+		const npmPath = resolveExecutable("npm");
+		if (!npmPath) return;
+		const latest = await getLatestVersion(npmPath);
+		await writeCache({
+			checkedAt: (/* @__PURE__ */ new Date()).toISOString(),
+			installedVersion: installed,
+			latestVersion: latest
+		});
+		if (!latest || !isNewer(installed, latest)) return;
+		if (await withInstallLock("self-update.lock", async () => {
+			spawnDetachedUpdater(npmPath);
+		})) consola.info(`github-router ${installed} → ${latest} update queued; it takes effect on the next launch.`);
 	} catch (err) {
-		const msg = err instanceof Error ? err.message : String(err);
-		throw new Error(`npm install failed: ${msg}`);
+		consola.debug("Self-update check failed:", err);
 	}
 }
 
@@ -1039,6 +1452,47 @@ function envInt$1(key, fallback) {
 const UPSTREAM_FETCH_TIMEOUT_MS = envInt$1("UPSTREAM_FETCH_TIMEOUT_MS", 0);
 const UPSTREAM_INACTIVITY_TIMEOUT_MS = envInt$1("UPSTREAM_INACTIVITY_TIMEOUT_MS", 3e5);
 
+//#endregion
+//#region src/lib/toolbelt/path-inject.ts
+/**
+* The key under which `env` stores PATH, matched case-insensitively.
+* Falls back to the platform-conventional spelling when absent.
+*/
+function pathEnvKey(env) {
+	for (const key of Object.keys(env)) if (key.toLowerCase() === "path") return key;
+	return process.platform === "win32" ? "Path" : "PATH";
+}
+/**
+* Compute the PATH override that prepends `binDir`, reusing the parent's
+* existing key casing so a subsequent merge can't introduce a duplicate
+* case-variant key. Returns a single-entry patch suitable for
+* `Object.assign(vars, ...)`.
+*/
+function toolbeltPathOverride(parentEnv, binDir) {
+	const key = pathEnvKey(parentEnv);
+	const current = parentEnv[key] ?? "";
+	return { [key]: current ? `${binDir}${path.delimiter}${current}` : binDir };
+}
+/**
+* Defense-in-depth: collapse all case-variant PATH keys in `env` into a
+* single canonical key. Mutates and returns `env`. If duplicates with
+* differing values exist (only possible via a mismatched-casing merge),
+* the longest value wins — the toolbelt-prepended PATH is strictly
+* longer than the original, so this preserves the injection.
+*/
+function collapsePathKeys(env) {
+	const keys = Object.keys(env).filter((k) => k.toLowerCase() === "path");
+	if (keys.length <= 1) return env;
+	let bestValue = "";
+	for (const k of keys) {
+		const v = env[k] ?? "";
+		if (v.length >= bestValue.length) bestValue = v;
+		delete env[k];
+	}
+	env[process.platform === "win32" ? "Path" : "PATH"] = bestValue;
+	return env;
+}
+
 //#endregion
 //#region src/lib/launch.ts
 /**
@@ -1103,6 +1557,22 @@ function commandExists(name$1) {
 	}
 }
 /**
+* Whether the launcher can execute `executable`.
+*
+* `buildLaunchCommand` resolves the CLI to an ABSOLUTE path (anti-shadow).
+* `where.exe` (and POSIX `which`) reject a full path argument — `where`
+* returns "Could not find files for the given pattern(s)" for an absolute
+* path even when the file exists — so the where/which probe is only valid
+* for bare command names. For an absolute path (already resolved against
+* PATH and existence-checked by `resolveExecutable`), check the
+* filesystem directly. Without this split, every launch where the CLI is
+* installed fails with a spurious "not found on PATH".
+*/
+function isExecutableAvailable(executable) {
+	if (path.isAbsolute(executable)) return existsSync(executable);
+	return commandExists(executable);
+}
+/**
 * Provider-config flags (`-c model_providers.github_router=...`) that
 * point Codex at our proxy. Extracted from `buildCodexCmd` so the new
 * `codex mcp-server` MCP-config builder can reuse the exact same
@@ -1170,22 +1640,25 @@ function buildCodexCmd(target) {
 	return cmd;
 }
 function buildLaunchCommand(target) {
+	const cmd = target.kind === "claude-code" ? [
+		"claude",
+		"--dangerously-skip-permissions",
+		...target.extraArgs
+	] : buildCodexCmd(target);
+	const resolved = resolveExecutable(cmd[0], { env: process$1.env });
+	if (resolved) cmd[0] = resolved;
 	return {
-		cmd: target.kind === "claude-code" ? [
-			"claude",
-			"--dangerously-skip-permissions",
-			...target.extraArgs
-		] : buildCodexCmd(target),
-		env: {
+		cmd,
+		env: collapsePathKeys({
 			...sanitizeParentEnv(process$1.env),
 			...target.envVars
-		}
+		})
 	};
 }
 function launchChild(target, server$1, options = {}) {
 	const { cmd, env } = buildLaunchCommand(target);
 	const executable = cmd[0];
-	if (!commandExists(executable)) {
+	if (!isExecutableAvailable(executable)) {
 		const msg = `"${executable}" not found on PATH. Install it first, then try again.`;
 		consola.error(msg);
 		process$1.stderr.write(msg + "\n");
@@ -2499,33 +2972,6 @@ function round4(x) {
 	return Math.round(x * 1e4) / 1e4;
 }
 
-//#endregion
-//#region src/lib/version.ts
-/**
-* Read this binary's published version from package.json at runtime.
-*
-* Done at runtime (not baked at build time) because release.yml builds
-* BEFORE `npm version patch` bumps the version — a build-time inline
-* would always ship the pre-bump value. The npm tarball ships package.json
-* alongside `dist/`, so a sibling-up lookup from import.meta.url resolves
-* cleanly in both dev (`src/lib/`) and bundled (`dist/`) layouts.
-*
-* Returns `"unknown"` if package.json can't be located or parsed —
-* never throws, so the CLI never fails to start over version reporting.
-*/
-function getPackageVersion() {
-	try {
-		const here = dirname(fileURLToPath(import.meta.url));
-		const candidates = [join(here, "..", "..", "package.json"), join(here, "..", "package.json")];
-		for (const path$2 of candidates) try {
-			const raw = readFileSync(path$2, "utf8");
-			const parsed = JSON.parse(raw);
-			if (typeof parsed.version === "string" && (parsed.name === "github-router" || parsed.name === "@animeshkundu/github-router")) return parsed.version;
-		} catch {}
-	} catch {}
-	return "unknown";
-}
-
 //#endregion
 //#region src/lib/browser-mcp/browser-detect.ts
 let cached;
@@ -3496,7 +3942,7 @@ function logAudit$1(record) {
 		try {
 			const fs$2 = await import("node:fs/promises");
 			const path$2 = await import("node:path");
-			const { PATHS: PATHS$1 } = await import("./paths-CW16Dz9_.js");
+			const { PATHS: PATHS$1 } = await import("./paths-DhM3Yi80.js");
 			const dir = path$2.join(PATHS$1.APP_DIR, "browser-mcp");
 			await fs$2.mkdir(dir, { recursive: true });
 			const line = JSON.stringify({
@@ -10226,6 +10672,239 @@ async function searchWeb(query, signal) {
 	}
 }
 
+//#endregion
+//#region src/lib/toolbelt/manifest.ts
+function platformArchKey(platform$1 = process.platform, arch = process.arch) {
+	return `${platform$1}-${arch}`;
+}
+function assetFor(spec, platform$1 = process.platform, arch = process.arch) {
+	return spec.assets[platformArchKey(platform$1, arch)];
+}
+const TOOLBELT_TOOLS = [
+	{
+		command: "fd",
+		binBasename: "fd",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/sharkdp/fd/releases/download/v10.4.2/fd-v10.4.2-x86_64-pc-windows-msvc.zip",
+				sha256: "b2816e506390a89941c63c9187d58a3cc10e9a55f2ef0685f9ea0eccaf7c98c8",
+				archive: "zip"
+			},
+			"win32-arm64": {
+				url: "https://github.com/sharkdp/fd/releases/download/v10.4.2/fd-v10.4.2-aarch64-pc-windows-msvc.zip",
+				sha256: "4f9110c2d5b33a7f760bfa5510f4c113d828109f7277d421b1053a9943c0fc92",
+				archive: "zip"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/sharkdp/fd/releases/download/v10.4.2/fd-v10.4.2-aarch64-apple-darwin.tar.gz",
+				sha256: "623dc0afc81b92e4d4606b380d7bc91916ba7b97814263e554d50923a39e480a",
+				archive: "tar.gz"
+			},
+			"linux-x64": {
+				url: "https://github.com/sharkdp/fd/releases/download/v10.4.2/fd-v10.4.2-x86_64-unknown-linux-musl.tar.gz",
+				sha256: "e3257d48e29a6be965187dbd24ce9af564e0fe67b3e73c9bdcd180f4ec11bdde",
+				archive: "tar.gz"
+			},
+			"linux-arm64": {
+				url: "https://github.com/sharkdp/fd/releases/download/v10.4.2/fd-v10.4.2-aarch64-unknown-linux-musl.tar.gz",
+				sha256: "f32d3657473fba74e2600babc8db0b93420d51169223b7e8143b2ed55d8fd9e8",
+				archive: "tar.gz"
+			}
+		}
+	},
+	{
+		command: "sd",
+		binBasename: "sd",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/chmln/sd/releases/download/v1.1.0/sd-v1.1.0-x86_64-pc-windows-msvc.zip",
+				sha256: "59837c2e7c911099aca1cc46b663bcdc5a949fd3e9fbbaf34fc73e5d5d71007c",
+				archive: "zip"
+			},
+			"darwin-x64": {
+				url: "https://github.com/chmln/sd/releases/download/v1.1.0/sd-v1.1.0-x86_64-apple-darwin.tar.gz",
+				sha256: "1fca1e9c91813a8aac6821063c923107ba0f66a83309e095edcd3b202f67f97e",
+				archive: "tar.gz"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/chmln/sd/releases/download/v1.1.0/sd-v1.1.0-aarch64-apple-darwin.tar.gz",
+				sha256: "4bd3c09226376ca0a1d69589c91e86276fae36c5fbaaee669afce583f6682030",
+				archive: "tar.gz"
+			},
+			"linux-x64": {
+				url: "https://github.com/chmln/sd/releases/download/v1.1.0/sd-v1.1.0-x86_64-unknown-linux-musl.tar.gz",
+				sha256: "02f00f4777d43e8e95b7b8d49e1a0d6e502fed4b8e79c1c8b8063857a30caa2e",
+				archive: "tar.gz"
+			},
+			"linux-arm64": {
+				url: "https://github.com/chmln/sd/releases/download/v1.1.0/sd-v1.1.0-aarch64-unknown-linux-musl.tar.gz",
+				sha256: "ec8c93c0533ff21f4851d11566808d4082544baf063d9b96ea77c27e98b7cd99",
+				archive: "tar.gz"
+			}
+		}
+	},
+	{
+		command: "jq",
+		binBasename: "jq",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-windows-amd64.exe",
+				sha256: "23cb60a1354eed6bcc8d9b9735e8c7b388cd1fdcb75726b93bc299ef22dd9334",
+				archive: "raw"
+			},
+			"darwin-x64": {
+				url: "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-macos-amd64",
+				sha256: "e80dbe0d2a2597e3c11c404f03337b981d74b4a8504b70586c354b7697a7c27f",
+				archive: "raw"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-macos-arm64",
+				sha256: "a9fe3ea2f86dfc72f6728417521ec9067b343277152b114f4e98d8cb0e263603",
+				archive: "raw"
+			},
+			"linux-x64": {
+				url: "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-linux-amd64",
+				sha256: "020468de7539ce70ef1bceaf7cde2e8c4f2ca6c3afb84642aabc5c97d9fc2a0d",
+				archive: "raw"
+			},
+			"linux-arm64": {
+				url: "https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-linux-arm64",
+				sha256: "6bc62f25981328edd3cfcfe6fe51b073f2d7e7710d7ef7fcdac28d4e384fc3d4",
+				archive: "raw"
+			}
+		}
+	},
+	{
+		command: "yq",
+		binBasename: "yq",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_windows_amd64.exe",
+				sha256: "2aee32f1de46a20672f48c25df3018839798bd509143f2ce05fdab1550ff5592",
+				archive: "raw"
+			},
+			"win32-arm64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_windows_arm64.exe",
+				sha256: "448208550332ca33ef816e4cee49fc1e79987b8a08a451c6ae529703c8cfc8a9",
+				archive: "raw"
+			},
+			"darwin-x64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_darwin_amd64",
+				sha256: "616b0a0f6a5b79d746f05a169c2b9bb40dee00c605ef165b9a1c1681bba738ac",
+				archive: "raw"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_darwin_arm64",
+				sha256: "541ba2287560df70f561955e2d7f7e1cd00cf2a15a884f6b5c87a4bfa887bc07",
+				archive: "raw"
+			},
+			"linux-x64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_linux_amd64",
+				sha256: "d56bf5c6819e8e696340c312bd70f849dc1678a7cda9c2ad63eebd906371d56b",
+				archive: "raw"
+			},
+			"linux-arm64": {
+				url: "https://github.com/mikefarah/yq/releases/download/v4.53.2/yq_linux_arm64",
+				sha256: "03061b2a50c7a498de2bbb92d7cb078ce433011f085a4994117c2726be4106ea",
+				archive: "raw"
+			}
+		}
+	},
+	{
+		command: "ast-grep",
+		binBasename: "ast-grep",
+		aliases: ["sg"],
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-x86_64-pc-windows-msvc.zip",
+				sha256: "a4febbc8c48671e5729d85e29e4ebe5a051b7250d19545bca18e725ccf40ef61",
+				archive: "zip"
+			},
+			"win32-arm64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-aarch64-pc-windows-msvc.zip",
+				sha256: "a519fdd90324bf6858fde2d3feb2b862d67b834dc11af8f5b6c2c8143ab6a6c5",
+				archive: "zip"
+			},
+			"darwin-x64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-x86_64-apple-darwin.zip",
+				sha256: "6d703090b106747b2f56086b6ccc7e798fe78bcae70257aa20519b220153555b",
+				archive: "zip"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-aarch64-apple-darwin.zip",
+				sha256: "8c847d0a29aa4b3101b3361e0b3ee7fb53c7e497adc9ed1afc9615538cd40782",
+				archive: "zip"
+			},
+			"linux-x64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-x86_64-unknown-linux-gnu.zip",
+				sha256: "a26253a9c821d935f7e383e40f0de7c2ca62a4121de1f73a6d81ec32eae631e0",
+				archive: "zip"
+			},
+			"linux-arm64": {
+				url: "https://github.com/ast-grep/ast-grep/releases/download/0.43.0/app-aarch64-unknown-linux-gnu.zip",
+				sha256: "e706846148493967f3ab8011334817edd86ce5acbec10718b2a7b40799c640ff",
+				archive: "zip"
+			}
+		}
+	}
+];
+
+//#endregion
+//#region src/lib/toolbelt/index.ts
+/** Default ON; disable with GH_ROUTER_DISABLE_TOOLBELT (truthy). */
+function toolbeltEnabled() {
+	return parseBoolEnv(process.env.GH_ROUTER_DISABLE_TOOLBELT) !== true;
+}
+/** Per-tool opt-out via GH_ROUTER_TOOLBELT_SKIP="jq,yq". */
+function toolbeltSkipSet() {
+	const raw = process.env.GH_ROUTER_TOOLBELT_SKIP;
+	if (!raw) return /* @__PURE__ */ new Set();
+	return new Set(raw.split(",").map((s) => s.trim().toLowerCase()).filter(Boolean));
+}
+/** Absolute path to the bundled `@vscode/ripgrep` binary, or null. */
+function vscodeRipgrepPath() {
+	try {
+		const mod = createRequire(import.meta.url)("@vscode/ripgrep");
+		if (mod.rgPath && existsSync(mod.rgPath)) return mod.rgPath;
+	} catch {}
+	return null;
+}
+/**
+* Every curated tool the spawned agent can actually invoke this launch
+* — whether it is already on the user's system PATH OR will be
+* materialized into the toolbelt bin (gap-fill). Used for the awareness
+* one-liner so the model is told about ALL available fast tools, not
+* just the ones we had to download. (Provisioning still only downloads
+* the gap-fill subset; this is purely the advertised set.)
+*/
+function availableToolCommands() {
+	if (!toolbeltEnabled()) return [];
+	const skip = toolbeltSkipSet();
+	const out = [];
+	if (!skip.has("rg") && (resolveExecutable("rg") || vscodeRipgrepPath())) out.push("rg");
+	for (const spec of TOOLBELT_TOOLS) {
+		if (skip.has(spec.command)) continue;
+		if (resolveExecutable(spec.command) || assetFor(spec)) out.push(spec.command);
+	}
+	return out;
+}
+const TOOL_DESC = {
+	rg: "rg (fast regex search)",
+	fd: "fd (fast file finder)",
+	jq: "jq (JSON processor)",
+	sd: "sd (find & replace)",
+	"ast-grep": "ast-grep / sg (structural code search & rewrite)",
+	yq: "yq (YAML / TOML / XML processor)"
+};
+/**
+* The one-line CLAUDE.md / system-prompt note advertising the exposed
+* tools, or null when none are exposed.
+*/
+function buildToolbeltAwareness(commands) {
+	if (commands.length === 0) return null;
+	return "Fast CLI tools are available on your PATH; prefer them when applicable: " + commands.map((c) => TOOL_DESC[c] ?? c).join(", ") + ".";
+}
+
 //#endregion
 //#region src/lib/worker-agent/bash.ts
 /**
@@ -10272,6 +10951,7 @@ function buildEnv() {
 		const v = process$1.env[key];
 		if (v !== void 0) env[key] = v;
 	}
+	if (toolbeltEnabled()) Object.assign(env, toolbeltPathOverride(env, PATHS.TOOLBELT_BIN_DIR));
 	return env;
 }
 /**
@@ -13491,6 +14171,8 @@ const PEER_MARKER_OPEN = "<!-- gh-router peer-mcp awareness — auto-injected, r
 const PEER_MARKER_CLOSE = "<!-- /gh-router peer-mcp awareness -->";
 const STYLE_MARKER_OPEN = "<!-- gh-router style directive — auto-injected, regenerated per launch -->";
 const STYLE_MARKER_CLOSE = "<!-- /gh-router style directive -->";
+const TOOLBELT_MARKER_OPEN = "<!-- gh-router toolbelt awareness — auto-injected, regenerated per launch -->";
+const TOOLBELT_MARKER_CLOSE = "<!-- /gh-router toolbelt awareness -->";
 /**
 * Writing / communication style directive injected at the TOP of the
 * mirrored CLAUDE.md so every spawned agent (main, Agent-tool subagent,
@@ -13837,6 +14519,303 @@ async function prependStyleDirectiveToMirroredClaudeMd(directive = STYLE_DIRECTI
 		label: "style-directive"
 	});
 }
+/**
+* Append the toolbelt awareness one-liner (which CLI tools are on PATH)
+* to the bottom of the mirrored CLAUDE.md so descendant agents (Agent
+* subagents, agent-teams teammates) learn about the provisioned tools.
+* The main agent gets the same line via `--append-system-prompt`.
+* Separate marker fence from the peer-awareness / style blocks.
+*/
+async function appendToolbeltAwarenessToMirroredClaudeMd(snippet) {
+	await injectMarkerBlock({
+		snippet,
+		markerOpen: TOOLBELT_MARKER_OPEN,
+		markerClose: TOOLBELT_MARKER_CLOSE,
+		position: "bottom",
+		label: "toolbelt-awareness"
+	});
+}
+
+//#endregion
+//#region src/lib/toolbelt/extract.ts
+function baseName(p) {
+	const norm = p.replace(/\\/g, "/");
+	const idx = norm.lastIndexOf("/");
+	return idx === -1 ? norm : norm.slice(idx + 1);
+}
+/**
+* Extract the first REGULAR-FILE tar member whose basename equals
+* `wantBasename` (optionally with a `.exe` suffix). Returns its bytes,
+* or null if absent. `buf` is the gzip-compressed tarball.
+*/
+function extractTarGzMember(buf, wantBasename) {
+	let tar;
+	try {
+		tar = gunzipSync(buf);
+	} catch {
+		return null;
+	}
+	const wants = new Set([wantBasename, `${wantBasename}.exe`]);
+	let offset = 0;
+	while (offset + 512 <= tar.length) {
+		const header = tar.subarray(offset, offset + 512);
+		if (header.every((b) => b === 0)) break;
+		const name$1 = readTarString(header, 0, 100);
+		const prefix = readTarString(header, 345, 155);
+		const fullName = prefix ? `${prefix}/${name$1}` : name$1;
+		const sizeOctal = readTarString(header, 124, 12).trim();
+		const size = parseInt(sizeOctal || "0", 8);
+		const typeflag = String.fromCharCode(header[156]);
+		const dataStart = offset + 512;
+		if ((typeflag === "0" || typeflag === "\0") && wants.has(baseName(fullName))) {
+			if (dataStart + size > tar.length) return null;
+			return Buffer.from(tar.subarray(dataStart, dataStart + size));
+		}
+		offset = dataStart + Math.ceil(size / 512) * 512;
+	}
+	return null;
+}
+function readTarString(block, start$1, len) {
+	const slice = block.subarray(start$1, start$1 + len);
+	const nul = slice.indexOf(0);
+	return slice.subarray(0, nul === -1 ? len : nul).toString("utf8");
+}
+/**
+* Extract the first REGULAR-FILE zip member whose basename equals
+* `wantBasename` (optionally `.exe`). Supports stored (0) and deflate
+* (8) compression. Rejects directories and unix-symlink entries.
+*/
+function extractZipMember(buf, wantBasename) {
+	const wants = new Set([wantBasename, `${wantBasename}.exe`]);
+	const EOCD_SIG = 101010256;
+	let eocd = -1;
+	const minStart = Math.max(0, buf.length - 65557);
+	for (let i = buf.length - 22; i >= minStart; i--) if (buf.readUInt32LE(i) === EOCD_SIG) {
+		eocd = i;
+		break;
+	}
+	if (eocd === -1) return null;
+	const entryCount = buf.readUInt16LE(eocd + 10);
+	let cd = buf.readUInt32LE(eocd + 16);
+	const CEN_SIG = 33639248;
+	for (let i = 0; i < entryCount; i++) {
+		if (cd + 46 > buf.length || buf.readUInt32LE(cd) !== CEN_SIG) return null;
+		const method = buf.readUInt16LE(cd + 10);
+		const compSize = buf.readUInt32LE(cd + 20);
+		const nameLen = buf.readUInt16LE(cd + 28);
+		const extraLen = buf.readUInt16LE(cd + 30);
+		const commentLen = buf.readUInt16LE(cd + 32);
+		const externalAttrs = buf.readUInt32LE(cd + 38);
+		const localOffset = buf.readUInt32LE(cd + 42);
+		const name$1 = buf.subarray(cd + 46, cd + 46 + nameLen).toString("utf8");
+		const isSymlink = (externalAttrs >>> 16 & 61440) === 40960;
+		const isDir = name$1.endsWith("/");
+		if (!isSymlink && !isDir && wants.has(baseName(name$1))) return readZipLocalEntry(buf, localOffset, method, compSize);
+		cd += 46 + nameLen + extraLen + commentLen;
+	}
+	return null;
+}
+function readZipLocalEntry(buf, localOffset, method, compSize) {
+	if (localOffset + 30 > buf.length || buf.readUInt32LE(localOffset) !== 67324752) return null;
+	const nameLen = buf.readUInt16LE(localOffset + 26);
+	const extraLen = buf.readUInt16LE(localOffset + 28);
+	const dataStart = localOffset + 30 + nameLen + extraLen;
+	const comp = buf.subarray(dataStart, dataStart + compSize);
+	try {
+		if (method === 0) return Buffer.from(comp);
+		if (method === 8) return inflateRawSync(comp);
+	} catch {
+		return null;
+	}
+	return null;
+}
+
+//#endregion
+//#region src/lib/toolbelt/provision.ts
+/** Per-download cap (bytes) — these binaries are a few MB at most. */
+const MAX_DOWNLOAD_BYTES = 64 * 1024 * 1024;
+const DOWNLOAD_TIMEOUT_MS = 3e4;
+const EXE_EXT = process$1.platform === "win32" ? ".exe" : "";
+/**
+* Materialize the toolbelt. Returns the list of command names exposed
+* in `bin/` after provisioning. Best-effort; never throws.
+*/
+async function provisionToolbelt() {
+	if (!toolbeltEnabled()) return [];
+	const binDir = PATHS.TOOLBELT_BIN_DIR;
+	try {
+		await mkdir(binDir, { recursive: true });
+	} catch (err) {
+		consola.debug("toolbelt: could not create bin dir:", err);
+		return [];
+	}
+	const skip = toolbeltSkipSet();
+	await withInstallLock("toolbelt.lock", async () => {
+		await pruneUnexpected(binDir);
+		await provisionRg(binDir, skip).catch((err) => consola.debug("toolbelt: rg skipped:", err));
+		await Promise.all(TOOLBELT_TOOLS.map((spec) => provisionTool(spec, binDir, skip).catch((err) => consola.debug(`toolbelt: ${spec.command} skipped:`, err))));
+	});
+	return exposedCommands(binDir);
+}
+/** Names allowed to live in `bin/` (managed binaries + their sidecars). */
+function expectedFileNames() {
+	const names = /* @__PURE__ */ new Set();
+	const add = (base) => {
+		names.add(base + EXE_EXT);
+		names.add(`${base}${EXE_EXT}.sha256`);
+	};
+	add("rg");
+	for (const spec of TOOLBELT_TOOLS) {
+		add(spec.binBasename);
+		for (const a of spec.aliases ?? []) add(a);
+	}
+	return names;
+}
+/** Remove any file in `bin/` that isn't a managed binary or sidecar. */
+async function pruneUnexpected(binDir) {
+	const expected = expectedFileNames();
+	let entries;
+	try {
+		entries = await readdir(binDir);
+	} catch {
+		return;
+	}
+	for (const name$1 of entries) {
+		if (name$1.endsWith(".tmp")) continue;
+		if (!expected.has(name$1)) await rm(path.join(binDir, name$1), { force: true }).catch(() => {});
+	}
+}
+async function provisionRg(binDir, skip) {
+	const dest = path.join(binDir, "rg" + EXE_EXT);
+	if (skip.has("rg") || resolveExecutable("rg")) {
+		await removeBin(dest);
+		return;
+	}
+	if (existsSync(dest)) return;
+	const src = vscodeRipgrepPath();
+	if (!src) return;
+	const tmp = tempName(dest);
+	try {
+		await link(src, tmp);
+	} catch {
+		await copyFile(src, tmp);
+	}
+	if (process$1.platform !== "win32") await chmod(tmp, 493).catch(() => {});
+	await commit(tmp, dest);
+}
+async function provisionTool(spec, binDir, skip) {
+	const dest = path.join(binDir, spec.binBasename + EXE_EXT);
+	const sidecar = `${dest}.sha256`;
+	const asset = assetFor(spec);
+	if (skip.has(spec.command) || !asset) {
+		await removeTool(spec, binDir);
+		return;
+	}
+	if (resolveExecutable(spec.command)) {
+		await removeTool(spec, binDir);
+		return;
+	}
+	if (existsSync(dest) && await sidecarMatches(sidecar, asset.sha256)) {
+		await ensureAliases(spec, binDir, dest);
+		return;
+	}
+	await atomicInstall(dest, await downloadAndExtract(spec, asset));
+	await writeFile(sidecar, asset.sha256).catch(() => {});
+	await ensureAliases(spec, binDir, dest);
+}
+async function downloadAndExtract(spec, asset) {
+	const data = await download(asset.url);
+	const digest = createHash("sha256").update(data).digest("hex");
+	if (digest !== asset.sha256) throw new Error(`checksum mismatch for ${spec.command} (${asset.url}): expected ${asset.sha256}, got ${digest}`);
+	if (asset.archive === "raw") return data;
+	const member = asset.archive === "zip" ? extractZipMember(data, spec.binBasename) : extractTarGzMember(data, spec.binBasename);
+	if (!member) throw new Error(`binary "${spec.binBasename}" not found in ${asset.url}`);
+	return member;
+}
+async function download(url) {
+	const controller = new AbortController();
+	const timer = setTimeout(() => controller.abort(), DOWNLOAD_TIMEOUT_MS);
+	try {
+		const res = await fetch(url, {
+			signal: controller.signal,
+			redirect: "follow",
+			headers: { "User-Agent": "github-router-toolbelt" }
+		});
+		if (!res.ok) throw new Error(`download ${url}: HTTP ${res.status}`);
+		const buf = Buffer.from(await res.arrayBuffer());
+		if (buf.length > MAX_DOWNLOAD_BYTES) throw new Error(`download ${url}: exceeds ${MAX_DOWNLOAD_BYTES} bytes`);
+		return buf;
+	} finally {
+		clearTimeout(timer);
+	}
+}
+/** Write to a unique temp then atomically rename into place. */
+async function atomicInstall(dest, bytes) {
+	const tmp = tempName(dest);
+	await writeFile(tmp, bytes);
+	if (process$1.platform !== "win32") await chmod(tmp, 493).catch(() => {});
+	await commit(tmp, dest);
+}
+/** Rename tmp→dest, handling Windows replace-existing / in-use locks. */
+async function commit(tmp, dest) {
+	try {
+		await rename(tmp, dest);
+	} catch {
+		try {
+			await rm(dest, { force: true });
+			await rename(tmp, dest);
+		} catch (err) {
+			await rm(tmp, { force: true }).catch(() => {});
+			throw err;
+		}
+	}
+}
+async function ensureAliases(spec, binDir, dest) {
+	for (const alias of spec.aliases ?? []) {
+		const ap = path.join(binDir, alias + EXE_EXT);
+		if (existsSync(ap)) continue;
+		const tmp = tempName(ap);
+		try {
+			await copyFile(dest, tmp);
+			if (process$1.platform !== "win32") await chmod(tmp, 493).catch(() => {});
+			await commit(tmp, ap);
+		} catch (err) {
+			consola.debug(`toolbelt: alias ${alias} skipped:`, err);
+		}
+	}
+}
+async function removeTool(spec, binDir) {
+	await removeBin(path.join(binDir, spec.binBasename + EXE_EXT));
+	for (const alias of spec.aliases ?? []) await removeBin(path.join(binDir, alias + EXE_EXT));
+}
+async function removeBin(dest) {
+	await rm(dest, { force: true }).catch(() => {});
+	await rm(`${dest}.sha256`, { force: true }).catch(() => {});
+}
+async function sidecarMatches(sidecar, sha256) {
+	try {
+		return (await readFile(sidecar, "utf8")).trim() === sha256;
+	} catch {
+		return false;
+	}
+}
+function tempName(dest) {
+	return `${dest}.${process$1.pid}.${randomBytes(4).toString("hex")}.tmp`;
+}
+/** The command names currently exposed in `bin/`. */
+async function exposedCommands(binDir) {
+	let files;
+	try {
+		files = new Set(await readdir(binDir));
+	} catch {
+		return [];
+	}
+	const present = (base) => files.has(base + EXE_EXT);
+	const out = [];
+	if (present("rg")) out.push("rg");
+	for (const spec of TOOLBELT_TOOLS) if (present(spec.binBasename)) out.push(spec.command);
+	return out;
+}
 
 //#endregion
 //#region src/lib/proxy.ts
@@ -13887,7 +14866,7 @@ function initProxyFromEnv() {
 //#endregion
 //#region package.json
 var name = "github-router";
-var version$1 = "0.3.68";
+var version$1 = "0.3.71";
 
 //#endregion
 //#region src/lib/approval.ts
@@ -15731,6 +16710,11 @@ const sharedServerArgs = {
 		type: "boolean",
 		default: false,
 		description: "Force humanlike pacing on ALL browser tool dispatches: Beta-distributed inter-action delays (800-4600 ms), Bezier mouse trajectories with overshoot-and-correct, per-keystroke jitter with word-end pauses, scroll chunking. Use for known anti-bot sites (Cloudflare, Datadome). Off by default (auto mode); GH_ROUTER_HUMANLIKE=1 is the env equivalent. GH_ROUTER_BROWSER_NO_HUMANLIKE=1 hard-disables (wins over --humanlike, for tests)."
+	},
+	"self-update": {
+		type: "boolean",
+		default: true,
+		description: "Update github-router itself to the latest npm version on launch (throttled once/hour). Best-effort and non-blocking: the proxy serves immediately and a detached updater applies the new version after this process exits (it takes effect on the NEXT launch; the running process keeps its current build). Disable with --no-self-update or GH_ROUTER_NO_SELF_UPDATE=1. Skipped silently if npm/network unavailable."
 	}
 };
 const allowedAccountTypes = new Set([
@@ -15836,6 +16820,7 @@ function getClaudeCodeEnvVars(serverUrl, model) {
 		"CLAUDE_CODE_ENABLE_FINE_GRAINED_TOOL_STREAMING",
 		"CLAUDE_CODE_ENABLE_TASKS"
 	]) if (process.env[key] === void 0) vars[key] = "1";
+	if (toolbeltEnabled()) Object.assign(vars, toolbeltPathOverride(process.env, PATHS.TOOLBELT_BIN_DIR));
 	return vars;
 }
 /**
@@ -15851,11 +16836,13 @@ function getClaudeCodeEnvVars(serverUrl, model) {
 * masks any cached login.
 */
 function getCodexEnvVars(serverUrl) {
-	return {
+	const vars = {
 		OPENAI_BASE_URL: `${serverUrl}/v1`,
 		OPENAI_API_KEY: "dummy",
 		CODEX_HOME: PATHS.CODEX_HOME
 	};
+	if (toolbeltEnabled()) Object.assign(vars, toolbeltPathOverride(process.env, PATHS.TOOLBELT_BIN_DIR));
+	return vars;
 }
 
 //#endregion
@@ -15895,7 +16882,7 @@ const claude = defineCommand({
 		"auto-update": {
 			type: "boolean",
 			default: true,
-			description: "Check for and install latest Claude Code on launch (throttled to once per hour via ~/.local/share/github-router/last-update-check). Set to false (--no-auto-update) to keep the current installed version. Falls back gracefully if npm/network unavailable."
+			description: "Check for and install the latest Claude Code on launch via `claude update` (throttled to once per hour via ~/.local/share/github-router/last-update-check). `claude update` respects the real install method (native installer or npm), so it never creates a conflicting second install; builds too old to support it fall back to `npm install -g @anthropic-ai/claude-code@latest`. Set to false (--no-auto-update) to check and warn only. Falls back gracefully if claude/npm/network unavailable."
 		},
 		"update-check": {
 			type: "boolean",
@@ -15918,12 +16905,12 @@ const claude = defineCommand({
 			if (versionCheck.skipped && versionCheck.skipReason === "no-claude") consola.debug("claude --version probe failed; skipping auto-update.");
 			else if (versionCheck.skipped && versionCheck.skipReason === "no-npm") consola.debug("npm view @anthropic-ai/claude-code failed; skipping auto-update check (likely offline).");
 			else if (versionCheck.needsUpdate && versionCheck.installedVersion && versionCheck.latestVersion) if (args["auto-update"] !== false) try {
-				await autoUpdateClaude(versionCheck.latestVersion);
+				await updateClaude(versionCheck.latestVersion);
 			} catch (err) {
 				const msg = err instanceof Error ? err.message : String(err);
-				consola.warn(`Auto-update of Claude Code from ${versionCheck.installedVersion} to ${versionCheck.latestVersion} failed (${msg}); continuing with installed version. Run \`npm install -g @anthropic-ai/claude-code@latest\` manually to retry.`);
+				consola.warn(`Auto-update of Claude Code from ${versionCheck.installedVersion} to ${versionCheck.latestVersion} failed (${msg}); continuing with installed version. Run \`claude update\` (or \`npm install -g @anthropic-ai/claude-code@latest\`) manually to retry.`);
 			}
-			else consola.warn(`Claude Code v${versionCheck.installedVersion} is installed; v${versionCheck.latestVersion} is available. Run with --auto-update (the default) to install on launch, or \`npm install -g @anthropic-ai/claude-code@latest\` manually.`);
+			else consola.warn(`Claude Code v${versionCheck.installedVersion} is installed; v${versionCheck.latestVersion} is available. Run with --auto-update (the default) to install on launch, or \`claude update\` manually.`);
 		} catch (err) {
 			consola.debug("Claude version check failed:", err);
 		}
@@ -15941,6 +16928,7 @@ const claude = defineCommand({
 			consola.error("Failed to start server:", error instanceof Error ? error.message : error);
 			process$1.exit(1);
 		}
+		runSelfUpdate({ selfUpdate: args["self-update"] !== false });
 		try {
 			await ensureClaudeConfigMirror();
 		} catch (err) {
@@ -15972,6 +16960,15 @@ const claude = defineCommand({
 		process$1.stderr.write(`Server ready on ${serverUrl}, launching Claude Code (${banner})...\n`);
 		const envVars = getClaudeCodeEnvVars(serverUrl, chosenSlug);
 		const extraArgs = args._ ?? [];
+		if (toolbeltEnabled()) {
+			provisionToolbelt().catch((err) => consola.debug("Toolbelt provisioning failed:", err));
+			const toolbeltLine = buildToolbeltAwareness(availableToolCommands());
+			if (toolbeltLine) try {
+				await appendToolbeltAwarenessToMirroredClaudeMd(toolbeltLine);
+			} catch (err) {
+				consola.warn(`Toolbelt CLAUDE.md append failed: ${err instanceof Error ? err.message : String(err)}`);
+			}
+		}
 		const baseShutdown = async () => {
 			await removeOwnClaudeConfigMirror();
 		};
@@ -16071,6 +17068,8 @@ const codex = defineCommand({
 			consola.error("Failed to start server:", error instanceof Error ? error.message : error);
 			process$1.exit(1);
 		}
+		runSelfUpdate({ selfUpdate: args["self-update"] !== false });
+		if (toolbeltEnabled()) provisionToolbelt().catch(() => {});
 		const usingDefault = !args.model;
 		const requestedModel = args.model ?? DEFAULT_CODEX_MODEL;
 		enableFileLogging();
@@ -16443,6 +17442,7 @@ const start = defineCommand({
 			port: parsed.port ?? DEFAULT_PORT,
 			silent: false
 		});
+		runSelfUpdate({ selfUpdate: args["self-update"] !== false });
 		if (args.cc) generateClaudeCodeCommand(serverUrl, args.model);
 		if (args.cx) generateCodexCommand(serverUrl, args.model);
 		consola.box(`🌐 Usage Viewer: https://animeshkundu.github.io/github-router/dashboard.html?endpoint=${serverUrl}/usage`);