npm - github-router - Versions diffs - 0.3.82 → 0.3.87 - Mend

github-router 0.3.82 → 0.3.87

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/README.md +1 -1
package/dist/browser-ext/manifest.json +1 -1
package/dist/{lifecycle-CQlm3YlF.js → lifecycle-C5fB3ODy.js} +2 -2
package/dist/{lifecycle-CMPthagV.js → lifecycle-CHjAPu8u.js} +2 -2
package/dist/{lifecycle-CMPthagV.js.map → lifecycle-CHjAPu8u.js.map} +1 -1
package/dist/{lifecycle-yaqqtsV1.js → lifecycle-CTLlFU45.js} +54 -10
package/dist/lifecycle-CTLlFU45.js.map +1 -0
package/dist/lifecycle-uNpNYzQ_.js +4 -0
package/dist/main.js +1132 -267
package/dist/main.js.map +1 -1
package/dist/{paths-BGx0RpNs.js → paths-Czi0-nEE.js} +1 -1
package/dist/{paths-yJ97KlKp.js → paths-DWVKYv16.js} +3 -3
package/dist/paths-DWVKYv16.js.map +1 -0
package/package.json +1 -1
package/dist/lifecycle-BL4rWSrT.js +0 -4
package/dist/lifecycle-yaqqtsV1.js.map +0 -1
package/dist/paths-yJ97KlKp.js.map +0 -1

package/dist/main.js CHANGED Viewed

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
-import { a as removeOwnClaudeConfigMirror, i as isUnderClaudeConfigMirror, l as writeRuntimeFileSecure, n as ensureClaudeConfigMirror, r as ensurePaths, t as PATHS } from "./paths-yJ97KlKp.js";
-import { a as trackChild, c as runCommandCapture, l as runCommandVoid, n as registerColbertExitHandlers, o as parseBoolEnv, s as resolveExecutable, t as getColbertInstanceUuid, u as runManagedExeCapture } from "./lifecycle-yaqqtsV1.js";
-import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-CMPthagV.js";
+import { a as removeOwnClaudeConfigMirror, i as isUnderClaudeConfigMirror, l as writeRuntimeFileSecure, n as ensureClaudeConfigMirror, r as ensurePaths, t as PATHS } from "./paths-DWVKYv16.js";
+import { c as resolveExecutable, d as runManagedExeCapture, l as runCommandCapture, n as isPidAlive, o as trackChild, r as registerColbertExitHandlers, s as parseBoolEnv, t as getColbertInstanceUuid, u as runCommandVoid } from "./lifecycle-CTLlFU45.js";
+import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-CHjAPu8u.js";
 import { createRequire } from "node:module";
 import { defineCommand, runMain } from "citty";
 import consola from "consola";
@@ -4432,6 +4432,10 @@ const MODEL_ID = "LateOn-Code-edge";
 //#endregion
 //#region src/lib/colbert/index-store.ts
 const GIT_TIMEOUT_MS = 4e3;
+/** Grace window after a `building` write before a workspace with no live
+* build PID is declared `crashed` — covers the cross-process window where
+* one proxy wrote `building` but hasn't yet recorded the colgrep child PID. */
+const BUILD_SPAWN_GRACE_MS = 3e4;
 /**
 * Hash a workspace path the same way the metadata sidecar is keyed.
 * NOTE: this is the ROUTER-OWNED meta key, independent of colgrep's
@@ -4529,6 +4533,74 @@ async function completedIndexOnDisk(workspace) {
 function canonicalForCompare(p) {
 	return process$1.platform === "win32" ? path.resolve(p).toLowerCase().replace(/\\/g, "/") : path.resolve(p);
 }
+/** Sync realpath-aware canonicalization (sibling of `realpathForCompare`,
+* for the on-a-timer inactivity probe which must be synchronous). */
+function canonicalRealpathSync(p) {
+	try {
+		return canonicalForCompare(realpathSync(p));
+	} catch {
+		return canonicalForCompare(p);
+	}
+}
+/** Recursive (bytes, fileCount) of a directory; sync + best-effort. A
+* colgrep index is a bounded set of shards so the walk stays small. */
+function dirSizeSync(dir) {
+	let bytes = 0;
+	let count = 0;
+	let entries;
+	try {
+		entries = readdirSync(dir, { withFileTypes: true });
+	} catch {
+		return [0, 0];
+	}
+	for (const e of entries) {
+		const p = path.join(dir, e.name);
+		if (e.isDirectory()) {
+			const [b, c] = dirSizeSync(p);
+			bytes += b;
+			count += c;
+		} else try {
+			bytes += statSync(p).size;
+			count += 1;
+		} catch {}
+	}
+	return [bytes, count];
+}
+/**
+* (sync) Progress signature of a workspace's colgrep index dir for the init
+* inactivity watchdog: `${totalBytes}:${fileCount}` of the project dir, or
+* `null` if it isn't on disk yet. colgrep is SILENT on a non-TTY pipe
+* during the (potentially multi-hour) encode phase, so output is useless as
+* a progress signal — but it writes index shards incrementally, so a
+* changing signature means "still progressing" and a frozen one means
+* "hung". Successive signatures drive the watchdog: change ⇒ re-arm, frozen
+* ⇒ kill. Sync because it's called from a `setTimeout` (not awaited).
+*/
+function indexDirSignature(workspace) {
+	const indicesDir = PATHS.COLBERT_INDICES_DIR;
+	let names;
+	try {
+		names = readdirSync(indicesDir);
+	} catch {
+		return null;
+	}
+	const want = canonicalRealpathSync(workspace);
+	for (const name$1 of names) {
+		if (name$1 === ".gh-router-meta") continue;
+		const dir = path.join(indicesDir, name$1);
+		let proj;
+		try {
+			proj = JSON.parse(readFileSync(path.join(dir, "project.json"), "utf8"));
+		} catch {
+			continue;
+		}
+		const projPath = proj.path ?? proj.project_path;
+		if (!projPath || canonicalRealpathSync(projPath) !== want) continue;
+		const [bytes, count] = dirSizeSync(dir);
+		return `${bytes}:${count}`;
+	}
+	return null;
+}
 /**
 * Realpath-aware canonicalization for matching a workspace against
 * colgrep's stored `project_path`. colgrep stores the OS realpath (e.g.
@@ -4567,10 +4639,22 @@ async function freshnessVerdict(workspace) {
 		verdict: "failed",
 		meta
 	};
-	if (meta.status === "building") return {
-		verdict: "building",
-		meta
-	};
+	if (meta.status === "building") {
+		const pid = typeof meta.buildPid === "number" ? meta.buildPid : 0;
+		if (isInitInFlight(workspace) || pid > 0 && isPidAlive(pid)) return {
+			verdict: "building",
+			meta
+		};
+		const startedMs = meta.lastIndexedAt ? Date.parse(meta.lastIndexedAt) : NaN;
+		if (Number.isFinite(startedMs) && Date.now() - startedMs < BUILD_SPAWN_GRACE_MS) return {
+			verdict: "building",
+			meta
+		};
+		if (!await completedIndexOnDisk(workspace)) return {
+			verdict: "crashed",
+			meta
+		};
+	}
 	if (!await completedIndexOnDisk(workspace)) return {
 		verdict: "building",
 		meta
@@ -5181,14 +5265,73 @@ async function runSmokeTest(binaryPath, ortDylibPath, modelDir) {
 //#endregion
 //#region src/lib/colbert/runner.ts
-/** Hard per-search timeout. The encode + incremental delta is sub-second
-* to seconds; 30s catches a pathological re-index on a huge diff. */
-const SEARCH_TIMEOUT_MS = 3e4;
-/** Generous cap on the background init build (matches the worker-agent). */
-const INIT_TIMEOUT_MS = 1800 * 1e3;
+/** Caller responsiveness budget for a search. A warm search is sub-second;
+* if colgrep instead starts a foreground auto-index / reconcile (its index is
+* behind) and hasn't returned results by this point, the search DETACHES —
+* the caller gets a `building` fallback now and the colgrep child finishes
+* the index in the background (never killed mid-write — that would orphan
+* docs and desync the index). The next query is then fast. */
+const SEARCH_RESPOND_MS = envIntMs("GH_ROUTER_COLBERT_SEARCH_RESPOND_MS", 2e4);
+/** Inactivity (stall) watchdog for the background init: if the colgrep
+* index dir stops growing for this long, the build is hung → kill it. This
+* is the PRIMARY "stuck vs slow" signal — a build that keeps writing shards
+* runs as long as it needs (a 50GB repo can take hours), only a genuinely
+* hung build is killed. colgrep is silent on a non-TTY pipe during the
+* encode, so disk growth (not output) is the progress signal. */
+const INIT_STALL_MS = envIntMs("GH_ROUTER_COLBERT_INIT_STALL_MS", 300 * 1e3);
+/** Absolute backstop on the background init — a generous ceiling so a truly
+* runaway process can't live forever, NOT the primary mechanism (the stall
+* watchdog is). Raised well above the old 30-min cap so a legitimately huge
+* repo isn't cut off mid-progress. */
+const INIT_TIMEOUT_MS = envIntMs("GH_ROUTER_COLBERT_INIT_TIMEOUT_MS", 360 * 60 * 1e3);
+/** After a failed build, don't re-kick a fresh one until this long has
+* elapsed (throttles a fast-failing init; the per-workspace debounce +
+* attempt cap are the other two guards). */
+const FAILED_RETRY_BACKOFF_MS = 300 * 1e3;
+/** Consecutive failed-build attempts before the self-heal gives up and the
+* notice goes operator-actionable. Reset to 0 on a successful build. */
+const MAX_FAILED_ATTEMPTS = 3;
 /** Reuse code-search's stdout cap (10 MiB) for the full-CodeUnit payload. */
 const MAX_STDOUT_BYTES = 10 * 1024 * 1024;
 const DEFAULT_LIMIT = 15;
+/** Parse a positive-integer-milliseconds env override, else the default. */
+function envIntMs(name$1, fallback) {
+	const raw = process$1.env[name$1];
+	if (raw === void 0) return fallback;
+	const n = Number(raw);
+	return Number.isFinite(n) && n > 0 ? Math.floor(n) : fallback;
+}
+/**
+* A progress probe for the inactivity watchdog: returns `false` (→ kill)
+* only when colgrep's index dir for `workspace` has stopped growing. colgrep
+* is SILENT on a non-TTY pipe during the encode, so disk growth — not output
+* — is the progress signal. `null` (dir not found yet) gets one window of
+* grace, then counts as no-progress (a build/search hung before it ever
+* wrote anything). Shared by BOTH the background init and the foreground
+* search so neither colgrep child is killed mid-write (which orphans docs).
+*/
+function makeIndexProgressProbe(workspace) {
+	let lastSig;
+	let nullStreak = 0;
+	return () => {
+		const sig = indexDirSignature(workspace);
+		if (sig === null) {
+			nullStreak += 1;
+			return nullStreak <= 1;
+		}
+		nullStreak = 0;
+		const prev = lastSig;
+		lastSig = sig;
+		if (prev === void 0) return true;
+		return sig !== prev;
+	};
+}
+/** Workspaces with a DETACHED indexing search in flight. A new search for
+* such a workspace returns `building` instead of spawning a concurrent
+* colgrep that could collide on the index write — serving the same "one
+* colgrep writer per workspace" goal as the init debounce. Cleared when the
+* detached search completes. */
+const _searchIndexInFlight = /* @__PURE__ */ new Set();
 /** Build the isolating env for any colgrep child (search or init). */
 function colgrepEnv() {
 	const ortDir = path.dirname(colbertOrtDylibPath());
@@ -5215,7 +5358,8 @@ function colgrepEnv() {
 async function runSemanticSearch(opts) {
 	const { query, workspace } = opts;
 	const limit = clampLimit(opts.limit);
-	switch ((await freshnessVerdict(workspace)).verdict) {
+	const fresh = await freshnessVerdict(workspace);
+	switch (fresh.verdict) {
 		case "absent":
 			kickBackgroundInit(workspace);
 			return {
@@ -5223,11 +5367,8 @@ async function runSemanticSearch(opts) {
 				isError: true,
 				notice: "no semantic index for this workspace yet — a background index was started; retry shortly or use code_search"
 			};
-		case "failed": return {
-			status: "failed",
-			isError: true,
-			notice: "semantic index build failed for this workspace; use code_search"
-		};
+		case "failed": return handleFailure(workspace, fresh.meta, false);
+		case "crashed": return handleFailure(workspace, fresh.meta, true);
 		case "building": return {
 			status: "building",
 			notice: "semantic index is being built for this workspace; retry shortly (or use code_search now)"
@@ -5247,6 +5388,59 @@ async function runSemanticSearch(opts) {
 		pattern: opts.pattern
 	});
 }
+/**
+* Decide how to respond to a failed/crashed index and SELF-HEAL when the
+* failure looks transient: re-kick a debounced background re-index when the
+* attempt count is under the per-class cap AND the backoff has elapsed,
+* else return an actionable notice (transient-throttled vs operator-action).
+*
+* A `crashed` verdict is a per-query detection of a build whose PID died
+* without recording a result (proxy kill / OOM); persist it as
+* `failed`+`crashed` (incrementing the attempt counter) before deciding so a
+* later query sees a consistent `failed` state. `stuck` (hung build killed
+* by the inactivity watchdog) retries at most once — re-running a hung build
+* usually hangs again; transient classes retry up to `MAX_FAILED_ATTEMPTS`.
+*/
+async function handleFailure(workspace, meta, crashedVerdict) {
+	const cls = crashedVerdict ? "crashed" : meta?.failureClass ?? "error";
+	const attempts = crashedVerdict ? (meta?.failedAttempts ?? 0) + 1 : meta?.failedAttempts ?? 1;
+	const lastAt = meta?.lastIndexedAt;
+	if (crashedVerdict) await writeColbertMeta({
+		workspace,
+		model: meta?.model ?? MODEL_ID,
+		modelRev: meta?.modelRev ?? MODEL_REVISION,
+		status: "failed",
+		failureClass: "crashed",
+		failedAttempts: attempts,
+		lastIndexedAt: lastAt ?? (/* @__PURE__ */ new Date()).toISOString(),
+		lastIndexedHead: meta?.lastIndexedHead,
+		lastIndexedDirty: meta?.lastIndexedDirty,
+		ownerInstanceId: getColbertInstanceUuid()
+	}).catch(() => {});
+	const cap = cls === "stuck" ? 2 : MAX_FAILED_ATTEMPTS;
+	const lastMs = lastAt ? Date.parse(lastAt) : NaN;
+	const backoffElapsed = !Number.isFinite(lastMs) || Date.now() - lastMs >= FAILED_RETRY_BACKOFF_MS;
+	if (attempts < cap && backoffElapsed) {
+		kickBackgroundInit(workspace);
+		consola.debug(`colbert: re-kicking index (class=${cls}, attempt=${attempts}/${cap})`);
+		return {
+			status: "failed",
+			isError: true,
+			notice: "semantic index unavailable; a background re-index was started — retry mode:\"semantic\" shortly, or use code_search with specific symbol/keyword terms now"
+		};
+	}
+	if (attempts < cap) return {
+		status: "failed",
+		isError: true,
+		notice: "semantic index unavailable (recent build failure); retry mode:\"semantic\" shortly, or use code_search with specific symbol/keyword terms now"
+	};
+	consola.debug(`colbert: index ${cls}, giving up (attempts=${attempts})`);
+	return {
+		status: "failed",
+		isError: true,
+		notice: `semantic index keeps failing (${cls}); use code_search. See logs; for a very large repo raise GH_ROUTER_COLBERT_INIT_STALL_MS / GH_ROUTER_COLBERT_INIT_TIMEOUT_MS`
+	};
+}
 async function spawnSearch(opts) {
 	const binary = colgrepBinaryPath();
 	if (!existsSync(binary)) return {
@@ -5273,36 +5467,83 @@ async function spawnSearch(opts) {
 	];
 	if (opts.pattern) args.push("-e", opts.pattern);
 	args.push(opts.query, opts.workspace);
-	let res;
+	const wsKey = path.resolve(opts.workspace);
+	if (_searchIndexInFlight.has(wsKey)) return {
+		status: "building",
+		notice: "semantic index is busy (another search is running); retry shortly"
+	};
+	_searchIndexInFlight.add(wsKey);
+	let searchPromise;
 	try {
-		res = await runManagedExeCapture(binary, args, {
+		searchPromise = runManagedExeCapture(binary, args, {
 			env: colgrepEnv(),
-			timeoutMs: SEARCH_TIMEOUT_MS,
+			inactivityTimeoutMs: INIT_STALL_MS,
+			onInactivityCheck: makeIndexProgressProbe(opts.workspace),
+			timeoutMs: INIT_TIMEOUT_MS,
 			maxStdoutBytes: MAX_STDOUT_BYTES,
+			truncateInsteadOfKill: true,
 			onSpawn: trackChild
 		});
 	} catch {
+		_searchIndexInFlight.delete(wsKey);
+		consola.debug("colbert: search failed to launch");
 		return {
 			status: "failed",
 			isError: true,
 			notice: "semantic search failed to launch; use code_search"
 		};
 	}
-	if (res.timedOut) return {
-		status: "failed",
-		isError: true,
-		notice: "semantic search timed out; use code_search"
-	};
+	searchPromise.catch(() => void 0).finally(() => _searchIndexInFlight.delete(wsKey));
+	let respondTimer;
+	const slow = new Promise((resolve) => {
+		respondTimer = setTimeout(() => resolve({ kind: "slow" }), SEARCH_RESPOND_MS);
+		respondTimer.unref?.();
+	});
+	const raced = await Promise.race([searchPromise.then((res$1) => ({
+		kind: "done",
+		res: res$1
+	}), (err) => ({
+		kind: "error",
+		err
+	})), slow]);
+	if (respondTimer) clearTimeout(respondTimer);
+	if (raced.kind === "slow") {
+		consola.debug(`colbert: search detached (indexing) for ${opts.workspace}`);
+		return {
+			status: "building",
+			notice: "semantic index is updating in the background; retry mode:\"semantic\" shortly"
+		};
+	}
+	if (raced.kind === "error") {
+		consola.debug("colbert: search failed to launch");
+		return {
+			status: "failed",
+			isError: true,
+			notice: "semantic search failed to launch; use code_search"
+		};
+	}
+	const res = raced.res;
+	if (res.timedOut || res.stalled) {
+		consola.debug(`colbert: search ${res.stalled ? "stalled (hung, no progress)" : "hit the runaway backstop"}`);
+		return {
+			status: "failed",
+			isError: true,
+			notice: "semantic search timed out; use code_search"
+		};
+	}
 	if (res.stdoutTruncated) return {
 		status: "failed",
 		isError: true,
 		notice: "semantic search produced an oversized result; narrow the query or use code_search"
 	};
-	if (res.code !== 0) return {
-		status: "failed",
-		isError: true,
-		notice: "semantic search returned an error; use code_search"
-	};
+	if (res.code !== 0) {
+		consola.debug(`colbert: search exited ${res.code}`);
+		return {
+			status: "failed",
+			isError: true,
+			notice: "semantic search returned an error; use code_search"
+		};
+	}
 	const rows = parseAndTrim(res.stdout, opts.workspace);
 	if (rows === null) return {
 		status: "failed",
@@ -5388,6 +5629,21 @@ function kickBackgroundInit(workspace) {
 		consola.debug("colbert: background init failed:", err);
 	});
 }
+/**
+* Whether the STARTUP auto-kick should fire for a workspace. Skips a build
+* that's already in a capped/persistent failure state (`failedAttempts >=
+* MAX`) or was killed as `stuck` (hung) — so a restart loop doesn't re-burn
+* a known-bad build on every launch. The per-query self-heal still gives a
+* `stuck` build its one retry and a capped one its post-backoff probe;
+* absent/stale/under-cap/ready all kick normally.
+*/
+async function startupKickAllowed(workspace) {
+	const meta = await readColbertMeta(workspace);
+	if (!meta || meta.status !== "failed") return true;
+	if ((meta.failedAttempts ?? 0) >= MAX_FAILED_ATTEMPTS) return false;
+	if (meta.failureClass === "stuck") return false;
+	return true;
+}
 async function runInit(workspace) {
 	const binary = colgrepBinaryPath();
 	if (!existsSync(binary)) {
@@ -5398,6 +5654,7 @@ async function runInit(workspace) {
 		releaseInit(workspace);
 		return;
 	}
+	const prior = await readColbertMeta(workspace);
 	const baseMeta = {
 		workspace,
 		model: MODEL_ID,
@@ -5405,7 +5662,8 @@ async function runInit(workspace) {
 		status: "building",
 		buildPid: void 0,
 		ownerInstanceId: getColbertInstanceUuid(),
-		lastIndexedAt: (/* @__PURE__ */ new Date()).toISOString()
+		lastIndexedAt: (/* @__PURE__ */ new Date()).toISOString(),
+		failedAttempts: prior?.failedAttempts ?? 0
 	};
 	try {
 		const g = await gitState(workspace);
@@ -5425,11 +5683,16 @@ async function runInit(workspace) {
 		colbertModelDir(),
 		workspace
 	];
+	const onInactivityCheck = makeIndexProgressProbe(workspace);
+	const startMs = Date.now();
 	let ok = false;
+	let failureClass;
 	try {
 		const res = await runManagedExeCapture(binary, args, {
 			env: colgrepEnv(),
 			timeoutMs: INIT_TIMEOUT_MS,
+			inactivityTimeoutMs: INIT_STALL_MS,
+			onInactivityCheck,
 			maxStdoutBytes: MAX_STDOUT_BYTES,
 			onSpawn: (child) => {
 				trackChild(child);
@@ -5439,12 +5702,15 @@ async function runInit(workspace) {
 				}).catch(() => {});
 			}
 		});
-		ok = !res.timedOut && res.code === 0;
+		ok = !res.stalled && !res.timedOut && res.code === 0;
+		if (!ok) failureClass = res.stalled || res.timedOut ? "stuck" : "error";
 	} catch {
 		ok = false;
+		failureClass = "launch";
 	} finally {
 		releaseInit(workspace);
 	}
+	const elapsedMs = Date.now() - startMs;
 	const finalMeta = {
 		...baseMeta,
 		buildPid: void 0
@@ -5458,9 +5724,190 @@ async function runInit(workspace) {
 	} catch {}
 	finalMeta.status = ok ? "ready" : "failed";
 	finalMeta.lastIndexedAt = (/* @__PURE__ */ new Date()).toISOString();
+	if (ok) {
+		finalMeta.failedAttempts = 0;
+		finalMeta.failureClass = void 0;
+	} else {
+		finalMeta.failureClass = failureClass;
+		finalMeta.failedAttempts = (prior?.failedAttempts ?? 0) + 1;
+		consola.debug(`colbert: init ${failureClass} after ${Math.round(elapsedMs / 1e3)}s (attempt ${finalMeta.failedAttempts}) for ${workspace}`);
+	}
 	await writeColbertMeta(finalMeta).catch(() => {});
 }
+//#endregion
+//#region src/lib/colbert/index.ts
+/**
+* True unless the operator opted out via
+* `GH_ROUTER_DISABLE_SEMANTIC_SEARCH=1`. Semantic search is ON BY
+* DEFAULT (the proxy auto-provisions + background-indexes); the
+* capability gate additionally requires the artifacts to be present on
+* disk + smoke-passed, so in any environment where provisioning hasn't
+* completed the tool simply doesn't appear (no regression).
+*/
+function semanticSearchOptedIn() {
+	return parseBoolEnv(process$1.env.GH_ROUTER_DISABLE_SEMANTIC_SEARCH) !== true;
+}
+/**
+* Availability predicate for ColBERT semantic search — the single
+* source of truth, living in this leaf module so callers that must not
+* import `mcp-capabilities` (notably the unified code-search helper)
+* can read it without closing an import cycle through `worker-agent`.
+*
+* True iff the operator hasn't opted out AND the colgrep binary + model
+* + ORT are provisioned on disk AND the post-provision smoke test
+* passed. `mcp-capabilities.semanticSearchEnabled()` delegates here.
+*/
+function colbertSearchEnabled() {
+	return semanticSearchOptedIn() && colbertArtifactsPresent() && colbertSmokeOk();
+}
+let _started = false;
+/**
+* Fire-and-forget provision + background-index. Never throws; safe to
+* `void`-call from a launcher right after the server is listening.
+* Idempotent within a proxy run (subsequent calls no-op).
+*/
+async function provisionAndIndexColbert(opts = {}) {
+	if (!semanticSearchOptedIn()) return;
+	if (_started) return;
+	_started = true;
+	registerColbertExitHandlers();
+	let provisioned = false;
+	try {
+		const result = await provisionColbert();
+		provisioned = result.status === "ready";
+		if (result.status === "unsupported") consola.debug("colbert: semantic search unsupported on this platform");
+		else if (result.status !== "ready") consola.debug(`colbert: provision not ready (${result.status}: ${result.reason ?? ""})`);
+	} catch (err) {
+		consola.debug("colbert: provision threw (swallowed):", err);
+		return;
+	}
+	if (!provisioned) return;
+	const cwd = opts.cwd ?? process$1.cwd();
+	try {
+		if ((await gitState(cwd)).isRepo && await startupKickAllowed(cwd)) kickBackgroundInit(cwd);
+	} catch (err) {
+		consola.debug("colbert: cwd git-detect skipped:", err);
+	}
+}
+//#endregion
+//#region src/lib/unified-code-search.ts
+/** Map the unified mode onto `searchCode`'s internal `mode` enum. */
+function lexicalSearchCodeMode(mode) {
+	switch (mode) {
+		case "exact": return "literal";
+		case "regex": return "regex";
+		default: return "ranked";
+	}
+}
+/**
+* Status-specific, actionable fallback hint. The semantic index isn't ready,
+* so the model got LEXICAL results (great for exact symbols, sparse for a
+* natural-language phrase since the lexical backend matches literally). Tell
+* it both levers: retry `mode:"semantic"` shortly (the index is self-healing
+* in the background) OR re-query now with specific symbol/keyword terms.
+*/
+function fallbackNoticeFor(status) {
+	const tail = "retry mode:\"semantic\" shortly, or re-query now with specific symbol/keyword terms";
+	switch (status) {
+		case "building": return `semantic index is building; returned lexical keyword matches — ${tail}`;
+		case "stale": return `semantic index predates the current HEAD/tree (a background re-index was started); returned lexical keyword matches — ${tail}`;
+		case "unavailable": return `no semantic index for this workspace yet (a background build was started); returned lexical keyword matches — ${tail}`;
+		case "failed": return `semantic index unavailable (build failing — see proxy logs); returned lexical keyword matches — ${tail}`;
+		default: return "returned lexical results";
+	}
+}
+/**
+* Combine the lexical backend's own notice (size-cap / structural, the
+* urgent "you're missing results" signal) with a fallback hint, keeping a
+* single string. The lexical notice stays primary; the hint is appended so
+* neither is lost.
+*/
+function joinNotice(primary, secondary) {
+	if (primary && secondary) return `${primary} (${secondary})`;
+	return primary || secondary || void 0;
+}
+async function runLexical(input, mode, source, signal) {
+	const isAst = mode === "ast";
+	const resp = await searchCode({
+		query: input.query,
+		workspace: input.workspace,
+		mode: lexicalSearchCodeMode(mode),
+		file_glob: input.file_glob,
+		limit: input.limit,
+		context_lines: input.context_lines,
+		structural: input.structural,
+		summary: input.summary,
+		complete: input.complete,
+		multiline: input.multiline,
+		scan: input.scan,
+		ast_pattern: isAst ? input.ast_pattern : void 0,
+		ast_lang: isAst ? input.ast_lang : void 0
+	}, signal);
+	return {
+		source,
+		results: resp.results.map((h) => ({
+			file: h.file,
+			line: h.line,
+			snippet: h.snippet,
+			...h.role ? { role: h.role } : {}
+		})),
+		notice: resp.notice ?? void 0,
+		outlines: resp.outlines,
+		truncated: resp.truncated
+	};
+}
+/**
+* Route a unified code-search request. Throws only on input/workspace
+* validation failure (propagated from `searchCode`); callers wrap in
+* try/catch exactly as they do today for `searchCode`.
+*/
+async function runUnifiedCodeSearch(input, signal) {
+	const mode = input.mode ?? "semantic";
+	if (mode !== "semantic") return runLexical(input, mode, "lexical", signal);
+	if (!colbertSearchEnabled()) {
+		const r$1 = await runLexical(input, "lexical", "lexical-fallback", signal);
+		return {
+			...r$1,
+			notice: joinNotice(r$1.notice, "semantic search unavailable on this host; returned lexical results")
+		};
+	}
+	let sem;
+	try {
+		sem = await runSemanticSearch({
+			query: input.query,
+			workspace: input.workspace,
+			limit: input.limit,
+			pattern: input.pattern,
+			signal
+		});
+	} catch {
+		const r$1 = await runLexical(input, "lexical", "lexical-fallback", signal);
+		return {
+			...r$1,
+			notice: joinNotice(r$1.notice, "semantic search errored; returned lexical results")
+		};
+	}
+	if (sem.status === "ready") return {
+		source: "semantic",
+		results: (sem.results ?? []).map((r$1) => ({
+			file: r$1.file,
+			line: r$1.line,
+			snippet: r$1.snippet,
+			...r$1.endLine !== void 0 ? { endLine: r$1.endLine } : {},
+			...r$1.name !== void 0 ? { name: r$1.name } : {},
+			...r$1.score !== void 0 ? { score: r$1.score } : {}
+		})),
+		...sem.notice ? { notice: sem.notice } : {}
+	};
+	const r = await runLexical(input, "lexical", "lexical-fallback", signal);
+	return {
+		...r,
+		notice: joinNotice(r.notice, fallbackNoticeFor(sem.status))
+	};
+}
 //#endregion
 //#region src/lib/browser-mcp/browser-detect.ts
 let cached;
@@ -6655,7 +7102,7 @@ function logAudit$1(record) {
 		try {
 			const fs$2 = await import("node:fs/promises");
 			const path$2 = await import("node:path");
-			const { PATHS: PATHS$1 } = await import("./paths-BGx0RpNs.js");
+			const { PATHS: PATHS$1 } = await import("./paths-Czi0-nEE.js");
 			const dir = path$2.join(PATHS$1.APP_DIR, "browser-mcp");
 			await fs$2.mkdir(dir, { recursive: true });
 			const line = JSON.stringify({
@@ -10895,7 +11342,7 @@ function resolveModelAndThinking(opts) {
 *      doesn't redirect Pi.
 *   3. State what each tool does in one short sentence — Pi runs on
 *      `gemini-3.1-pro-preview` and has no built-in knowledge of the
-*      proxy-specific tools (`code_search`, `peer_review`, `advisor`,
+*      proxy-specific tools (`code_search`, `advisor`, `update_plan`,
 *      `fetch_url`). Listing names alone wastes the first turn on
 *      discovery probing.
 *
@@ -10912,9 +11359,12 @@ const READ_TOOL_NOTES = [
 	"`read` — return a file's content.",
 	"`glob` — list files matching a glob pattern.",
 	"`grep` — regex search across files.",
-	"`code_search` — ranked code-discovery hits (BM25F + tree-sitter, no additional model call). Multiple independent queries can run in a single turn. The index covers code-shaped files; for unstructured files (logs, `.csv`, `.env*`, config-only wiring) and when `code_search` returns no hits, `grep`/`glob` apply.",
+	"`code_search` — semantic-first code search: the default `semantic` mode ranks by MEANING (ColBERT), falling back to lexical BM25F-ranked hits when the index isn't ready (the `source` field says which ran); use `lexical`/`exact`/`regex`/`ast` for exact symbols. Multiple independent queries can run in a single turn. The index covers code-shaped files; for unstructured files (logs, `.csv`, `.env*`, config-only wiring) and when a search returns no hits, `grep`/`glob` apply.",
 	"`web_search` — Copilot-backed web search; returns titles, URLs, and snippets.",
-	"`fetch_url` — fetch a single URL and return body text."
+	"`fetch_url` — fetch a single URL and return body text.",
+	"`toolbelt` — run a read-only analysis CLI (no shell): rg, fd, sg, jq, yq, gron, scc, tokei, difft, git (read-only subcommands).",
+	"`advisor` — consult a stronger cross-lab reviewer model on a focused concern (your approach, a blocker, a decision); it sees the recent transcript automatically.",
+	"`update_plan` — maintain a short ordered checklist of your steps (send the full list each call); it's re-surfaced to you each turn so it survives context compaction."
 ];
 const WRITE_TOOL_NOTES = [
 	"`edit` — exact-string replacement in a file.",
@@ -13056,15 +13506,18 @@ function standInToolEnabled() {
 	return hasGpt55 && hasOpus && hasGeminiPro;
 }
 /**
-* Gate for the worker tools (`worker_explore`, `worker_implement`).
+* Gate for the worker tools (`explore`, `review`, `implement`).
 *
 * Returns true iff BOTH:
 *   1. Copilot's live catalog (`state.models?.data`) contains the
-*      worker's default model (`gemini-3.1-pro-preview`) AND that entry
-*      advertises `capabilities.supports.tool_calls === true`. The
-*      worker loop is function-calling; a model that can't emit
-*      tool_calls is unusable, so dormant-register (omit from
-*      `tools/list`) keeps the surface honest.
+*      worker default model (`gemini-3.5-flash`, used by explore/review)
+*      AND that entry advertises `capabilities.supports.tool_calls ===
+*      true`. The worker loop is function-calling; a model that can't
+*      emit tool_calls is unusable, so dormant-register (omit from
+*      `tools/list`) keeps the surface honest. (The implement default
+*      `gpt-5.5` is NOT gated here — if it's absent, implement calls
+*      surface a clean resolve error rather than disabling all worker
+*      tools, since explore/review still work.)
 *   2. The operator hasn't set `GH_ROUTER_DISABLE_WORKER_TOOLS=1`
 *      (opt-out — workers ship enabled by default per plan).
 *
@@ -13182,37 +13635,6 @@ function browseAgentEnabled() {
 	if (!found) return false;
 	return pickEndpoint(found) !== void 0;
 }
-/**
-* Gate for the `semantic_search` tool (the ColBERT sidecar).
-*
-* Semantic search is ON BY DEFAULT (the proxy auto-provisions the
-* colgrep binary + ONNX Runtime + ColBERT model and background-indexes
-* the cwd at launch), so unlike `--browse` there is no opt-IN flag —
-* only an opt-OUT env var, mirroring the toolbelt convention.
-*
-* Returns true iff BOTH:
-*   1. **Not opted out:** `GH_ROUTER_DISABLE_SEMANTIC_SEARCH` is unset /
-*      falsy.
-*   2. **Actually available on disk:** the colgrep binary + model + ORT
-*      are provisioned AND the post-provision smoke test passed
-*      (`colbertArtifactsPresent()` && `colbertSmokeOk()`).
-*
-* This is **availability-based**, exactly like `browserToolsEnabled()`'s
-* `hasSupportedBrowserInstalled()` check — and it's the load-bearing
-* regression guard: in any environment where provisioning hasn't
-* completed or can't run (CI, sandboxes, no network), the artifacts are
-* absent ⇒ the gate is false ⇒ `semantic_search` is NOT listed and NOT
-* callable ⇒ the existing `{code, web}` `tools/list` surface is
-* unchanged. The tool appears only on a machine where provisioning
-* succeeded.
-*
-* Gate fires symmetrically at `tools/list` and `tools/call` (drop +
-* -32601), exactly like the other capability tags.
-*/
-function semanticSearchEnabled() {
-	if (parseBoolEnv(process.env.GH_ROUTER_DISABLE_SEMANTIC_SEARCH) === true) return false;
-	return colbertArtifactsPresent() && colbertSmokeOk();
-}
 //#endregion
 //#region src/routes/mcp/handler.ts
@@ -13373,7 +13795,6 @@ function toolEntries(scope) {
 		if (t.capability === "browse_agent") return browseAgentEnabled();
 		if (t.capability === "stand_in") return standInToolEnabled();
 		if (t.capability === "browser") return browserToolsEnabled();
-		if (t.capability === "semantic_search") return semanticSearchEnabled();
 		if (t.capability === "browser_compound") return browserToolsEnabled() && browserCompoundToolsEnabled();
 		if (t.capability === "browser_power") return browserToolsEnabled() && browserPowerToolsEnabled();
 		return true;
@@ -13699,7 +14120,6 @@ async function handleToolsCall(body, scope) {
 	if (nonPersonaTool && nonPersonaTool.capability === "worker" && !workerToolsEnabled()) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
 	if (nonPersonaTool && nonPersonaTool.capability === "browse_agent" && !browseAgentEnabled()) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
 	if (nonPersonaTool && nonPersonaTool.capability === "stand_in" && !standInToolEnabled()) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
-	if (nonPersonaTool && nonPersonaTool.capability === "semantic_search" && !semanticSearchEnabled()) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
 	if (nonPersonaTool && nonPersonaTool.capability === "browser" && !browserToolsEnabled()) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
 	if (nonPersonaTool && nonPersonaTool.capability === "browser_compound" && !(browserToolsEnabled() && browserCompoundToolsEnabled())) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
 	if (nonPersonaTool && nonPersonaTool.capability === "browser_power" && !(browserToolsEnabled() && browserPowerToolsEnabled())) return rpcError(body.id, RPC_METHOD_NOT_FOUND, `tools/call: unknown tool "${name$1}"`);
@@ -15250,6 +15670,114 @@ const TOOLBELT_TOOLS = [
 				archive: "zip"
 			}
 		}
+	},
+	{
+		command: "scc",
+		binBasename: "scc",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/boyter/scc/releases/download/v3.7.0/scc_Windows_x86_64.zip",
+				sha256: "97abf9d55d4b79d3310536d576ccbdf5017aeb425780e850336120b6e67622e1",
+				archive: "zip"
+			},
+			"win32-arm64": {
+				url: "https://github.com/boyter/scc/releases/download/v3.7.0/scc_Windows_arm64.zip",
+				sha256: "fd114614c10382c9ed2e32d5455cc4b51960a9f71691c5c1ca42b31adea5b84d",
+				archive: "zip"
+			},
+			"darwin-x64": {
+				url: "https://github.com/boyter/scc/releases/download/v3.7.0/scc_Darwin_x86_64.tar.gz",
+				sha256: "c3f7457856b9169ccb3c1dd14198e67f730bee065f24d9051bf52cdc2a719ecc",
+				archive: "tar.gz"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/boyter/scc/releases/download/v3.7.0/scc_Darwin_arm64.tar.gz",
+				sha256: "376cbae670be59ee64f398de20e0694ec434bf8a9b842642952b0ab0be5f3961",
+				archive: "tar.gz"
+			},
+			"linux-x64": {
+				url: "https://github.com/boyter/scc/releases/download/v3.7.0/scc_Linux_x86_64.tar.gz",
+				sha256: "3d9d65b00ca874c2b29151abe7e1480736f5229edc3ce8e4b2791460cdfabf5a",
+				archive: "tar.gz"
+			},
+			"linux-arm64": {
+				url: "https://github.com/boyter/scc/releases/download/v3.7.0/scc_Linux_arm64.tar.gz",
+				sha256: "dcb05c6e993bb2d8d2da4765ff018f2e752325dd205a41698929c55e4123575d",
+				archive: "tar.gz"
+			}
+		}
+	},
+	{
+		command: "difftastic",
+		binBasename: "difft",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/Wilfred/difftastic/releases/download/0.69.0/difft-x86_64-pc-windows-msvc.zip",
+				sha256: "a5adbf57eb1b923b62d1c3596c4f827df143f5b52cfba48bb9e83f41dea90c02",
+				archive: "zip"
+			},
+			"win32-arm64": {
+				url: "https://github.com/Wilfred/difftastic/releases/download/0.69.0/difft-aarch64-pc-windows-msvc.zip",
+				sha256: "fa709e803088b54774adf0111409483ee5edfbbc1f9dcc5610e81e4ed3841e53",
+				archive: "zip"
+			},
+			"darwin-x64": {
+				url: "https://github.com/Wilfred/difftastic/releases/download/0.69.0/difft-x86_64-apple-darwin.tar.gz",
+				sha256: "5f5487e7a6e817194a1cef297d2ffb300454371635a4cde865087dbc064730a2",
+				archive: "tar.gz"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/Wilfred/difftastic/releases/download/0.69.0/difft-aarch64-apple-darwin.tar.gz",
+				sha256: "c958b87885a5825a356c5899ac7ecdd752a7942084199f2be4bc0bf8c9de8e33",
+				archive: "tar.gz"
+			},
+			"linux-x64": {
+				url: "https://github.com/Wilfred/difftastic/releases/download/0.69.0/difft-x86_64-unknown-linux-gnu.tar.gz",
+				sha256: "038db96a0e8fce69f2554e33e04ff75fbf6f96ea45cb4edb9ed6203a2c4750ff",
+				archive: "tar.gz"
+			},
+			"linux-arm64": {
+				url: "https://github.com/Wilfred/difftastic/releases/download/0.69.0/difft-aarch64-unknown-linux-gnu.tar.gz",
+				sha256: "abd2f42d2afd424312b4862aa7c7bb0320447670ae22fabcc5159db03e2dccbd",
+				archive: "tar.gz"
+			}
+		}
+	},
+	{
+		command: "gron",
+		binBasename: "gron",
+		assets: {
+			"win32-x64": {
+				url: "https://github.com/tomnomnom/gron/releases/download/v0.7.1/gron-windows-amd64-0.7.1.zip",
+				sha256: "5ed427a4a504d8e03a1770b71d4ad16a3764179e085b5ae84e51a57b299f300d",
+				archive: "zip"
+			},
+			"win32-arm64": {
+				url: "https://github.com/tomnomnom/gron/releases/download/v0.7.1/gron-windows-arm64-0.7.1.zip",
+				sha256: "9bd38a241f1afdbd3c8f952b92b7090e7a446cac5251bfed3fdf28f219c9dda8",
+				archive: "zip"
+			},
+			"darwin-x64": {
+				url: "https://github.com/tomnomnom/gron/releases/download/v0.7.1/gron-darwin-amd64-0.7.1.tgz",
+				sha256: "59034d4aa883c5815784b290567d104669a51f20eaf97f1d8baa4f74e22047d6",
+				archive: "tar.gz"
+			},
+			"darwin-arm64": {
+				url: "https://github.com/tomnomnom/gron/releases/download/v0.7.1/gron-darwin-arm64-0.7.1.tgz",
+				sha256: "1b9b987c6ead684a992db91b7a32fd15ef946013dfabfe84d00b2fa6f55d7182",
+				archive: "tar.gz"
+			},
+			"linux-x64": {
+				url: "https://github.com/tomnomnom/gron/releases/download/v0.7.1/gron-linux-amd64-0.7.1.tgz",
+				sha256: "ca0335826b02b044fa05d7e951521e45c6ced1c381a73ed5803450088e18bf22",
+				archive: "tar.gz"
+			},
+			"linux-arm64": {
+				url: "https://github.com/tomnomnom/gron/releases/download/v0.7.1/gron-linux-arm64-0.7.1.tgz",
+				sha256: "5d1d4764723a0f768d9ddef0685a052f564c8bbf5e475382342faf4224a07d80",
+				archive: "tar.gz"
+			}
+		}
 	}
 ];
@@ -16023,34 +16551,38 @@ function fetchUrlTool() {
 	};
 }
 const CODE_SEARCH_PARAMS = Type.Object({
-	query: Type.String({ description: "Search text (literal by default)." }),
+	query: Type.String({ description: "Search text. Natural-language intent in the default `semantic` mode; a literal string in `lexical`/`exact`; a PCRE2 regex in `regex`." }),
 	mode: Type.Optional(Type.Union([
-		Type.Literal("ranked"),
-		Type.Literal("literal"),
-		Type.Literal("regex")
-	], { description: "Ranking mode (default `ranked`)." })),
+		Type.Literal("semantic"),
+		Type.Literal("lexical"),
+		Type.Literal("exact"),
+		Type.Literal("regex"),
+		Type.Literal("ast")
+	], { description: "Search mode. `semantic` (DEFAULT): ColBERT meaning-based ranking, falls back to lexical when the index isn't ready (response `source` says which engine ran). `lexical`: BM25F + tree-sitter (best for exact symbols). `exact`: fixed-string. `regex`: PCRE2. `ast`: ast-grep structural (needs `ast_pattern` + `ast_lang`)." })),
+	pattern: Type.Optional(Type.String({ description: "Semantic mode only: regex pre-filter (colgrep -e) — grep first, then rank semantically. Ignored in lexical modes." })),
 	file_glob: Type.Optional(Type.String({ description: "ripgrep glob filter." })),
 	limit: Type.Optional(Type.Integer({
 		minimum: 1,
 		description: "Max hits to return."
 	})),
-	structural: Type.Optional(Type.Union([Type.Literal("full"), Type.Literal("topN")], { description: "Structural-ranking depth (ranked mode only)." })),
-	complete: Type.Optional(Type.Boolean({ description: "When true, return the COMPLETE ranked match set (every line ripgrep would find, capped only by `limit`) — disables the default precision shoulder cut + per-file cap. Use it when you must not miss any occurrence (every caller of X, a rename, an audit). The default response `notice` says when matches were hidden." })),
-	multiline: Type.Optional(Type.Boolean({ description: "Set true with mode:'regex' to let a pattern span newlines (ripgrep -U), e.g. 'foo[\\s\\S]*?bar' across lines. (literal/ranked queries can't contain a newline.)" })),
-	ast_pattern: Type.Optional(Type.String({ description: "ast-grep structural pattern (e.g. 'function $F($$$) { $$$ }'). When set, matches come from ast-grep instead of ripgrep — for multi-line AST shapes the regex modes can't express. Takes precedence over `query`. REQUIRES `ast_lang`. If ast-grep isn't installed you get a `notice`; it never falls back to regex." })),
+	structural: Type.Optional(Type.Union([Type.Literal("full"), Type.Literal("topN")], { description: "Structural-ranking depth (lexical mode only)." })),
+	complete: Type.Optional(Type.Boolean({ description: "Lexical mode: when true, return the COMPLETE match set (every line ripgrep would find, capped only by `limit`) — disables the default precision shoulder cut + per-file cap. Use it when you must not miss any occurrence (every caller of X, a rename, an audit). The default response `notice` says when matches were hidden." })),
+	multiline: Type.Optional(Type.Boolean({ description: "Set true with mode:'regex' to let a pattern span newlines (ripgrep -U), e.g. 'foo[\\s\\S]*?bar' across lines. (literal/lexical queries can't contain a newline.)" })),
+	ast_pattern: Type.Optional(Type.String({ description: "mode:'ast' structural pattern (e.g. 'function $F($$$) { $$$ }'). Matches come from ast-grep instead of ripgrep — for multi-line AST shapes the regex modes can't express. Takes precedence over `query`. REQUIRES `ast_lang`. If ast-grep isn't installed you get a `notice`; it never falls back to regex." })),
 	ast_lang: Type.Optional(Type.String({ description: "Language grammar for `ast_pattern` (REQUIRED with it): 'ts' | 'tsx' | 'js' | 'py' | 'rust' | 'go' | … Without it ast-grep cross-matches every language and returns garbage." }))
 });
 function codeSearchTool(workspace) {
 	return {
 		name: "code_search",
-		label: "Ranked code search",
-		description: "BM25F + tree-sitter ranked code search over the worker's workspace. Prefer over `grep` for \"where is X defined / which files reference Y\" discovery. Returns `file:line:snippet` per hit in JSON.",
+		label: "Code search (semantic-first)",
+		description: "Semantic-first code search over the worker's workspace. Default (`mode:\"semantic\"`) ranks by MEANING via ColBERT and transparently falls back to lexical BM25F when the index isn't ready (the response `source` is \"semantic\" | \"lexical\" | \"lexical-fallback\"). Force lexical with mode `lexical` (exact symbols) / `exact` / `regex` / `ast`. Prefer over `grep` for \"where is X / which files reference Y\" discovery. Returns `{source, results:[{file,line,snippet}], ...}` in JSON.",
 		parameters: CODE_SEARCH_PARAMS,
 		async execute(_toolCallId, params, signal) {
-			const r = await searchCode({
+			const r = await runUnifiedCodeSearch({
 				query: params.query,
 				workspace,
 				mode: params.mode,
+				pattern: params.pattern,
 				file_glob: params.file_glob,
 				limit: params.limit,
 				structural: params.structural,
@@ -16061,18 +16593,251 @@ function codeSearchTool(workspace) {
 				summary: false
 			}, signal);
 			const minimal = {
+				source: r.source,
 				results: r.results.map((h) => ({
 					file: h.file,
 					line: h.line,
 					snippet: h.snippet
 				})),
-				truncated: r.truncated,
+				truncated: r.truncated ?? false,
 				notice: r.notice ?? void 0
 			};
 			return textResult(JSON.stringify(minimal));
 		}
 	};
 }
+/**
+* Allowlisted read-only analysis CLIs the worker may invoke through the
+* `toolbelt` tool. Each runs via `runManagedExeCapture` with `shell:false`,
+* so args are passed LITERALLY — no pipes / redirects / chaining / glob
+* expansion / `rm`. `sd` is deliberately ABSENT (it rewrites files in
+* place); it stays available to `implement` via `bash`.
+*/
+const TOOLBELT_TOOLS$1 = [
+	"rg",
+	"fd",
+	"sg",
+	"jq",
+	"yq",
+	"gron",
+	"scc",
+	"tokei",
+	"difft",
+	"git"
+];
+/**
+* Per-tool denied flags, split into `short` (single chars, matched
+* per-character across a cluster so attached / combined forms like
+* `fd -Hx`, `fd -xCMD`, `sg -iU` can't slip past an exact-token check) and
+* `long` (`--flag`, matched on the name even with an `=value` suffix). The
+* no-shell spawn already blocks the big vectors (redirects, chaining,
+* arbitrary programs); these block the specific exec / file-write flags the
+* individual CLIs expose. PER-TOOL, not global, because the same flag means
+* different things across tools (`rg -i` = ignore-case [read]; `yq -i` =
+* in-place [write]).
+*/
+const TOOLBELT_DENIED_FLAGS = {
+	fd: {
+		short: ["x", "X"],
+		long: ["--exec", "--exec-batch"]
+	},
+	rg: {
+		short: [],
+		long: ["--pre", "--hostname-bin"]
+	},
+	sg: {
+		short: ["U", "i"],
+		long: [
+			"--rewrite",
+			"--update-all",
+			"--update",
+			"--interactive"
+		]
+	},
+	yq: {
+		short: ["i", "s"],
+		long: [
+			"--inplace",
+			"--in-place",
+			"--split-exp"
+		]
+	},
+	scc: {
+		short: ["o"],
+		long: ["--output", "--format-multi"]
+	}
+};
+/**
+* ast-grep (`sg`) subcommands that write files (`new` scaffolds a project /
+* rules / tests) or start a long-running server (`lsp`). The default
+* subcommand is `run` (search), and `scan`/`test` are read-only unless a
+* denied write flag (`-U`/`-i`/`--rewrite`) is also passed — so only these
+* two need an explicit positional block.
+*/
+const SG_DENIED_SUBCOMMANDS = new Set(["new", "lsp"]);
+/** Runtime allowlist guard (defense-in-depth on top of the schema enum). */
+const TOOLBELT_TOOL_SET = new Set(TOOLBELT_TOOLS$1);
+/**
+* Read-only git subcommands. The worker must pass the subcommand as
+* `args[0]` (no leading global flags like `-C`/`-c`, which can redirect
+* git or inject config); everything not in this set — every mutating
+* subcommand (commit/checkout/reset/rebase/push/clean/rm/…) — is rejected.
+* `cwd` is already the workspace, so `-C` is unnecessary.
+*/
+const GIT_READONLY_SUBCOMMANDS = new Set([
+	"log",
+	"show",
+	"diff",
+	"blame",
+	"status",
+	"ls-files",
+	"ls-tree",
+	"rev-parse",
+	"shortlog",
+	"describe",
+	"cat-file",
+	"for-each-ref",
+	"name-rev",
+	"rev-list"
+]);
+/**
+* git flags that write files or execute helper programs, rejected in ANY
+* position (args[0] is the validated subcommand; these can follow it).
+* Matched on the `--flag` name, tolerating an `=value` suffix. Short
+* aliases (`-o`, `-O`) are intentionally NOT denied — they are overloaded
+* with read-only meanings across the allowed subcommands (`ls-files -o`
+* = --others; `diff -O<orderfile>` reads an order file).
+*/
+const GIT_DENIED_FLAGS = new Set([
+	"--output",
+	"--open-files-in-pager",
+	"--ext-diff",
+	"--textconv",
+	"--filters"
+]);
+/**
+* Diff-producing subcommands where git would otherwise honor a configured
+* external-diff / textconv helper (exec) on matching files. We force
+* `--no-ext-diff --no-textconv` after the subcommand so a repo with a
+* malicious local config can't turn a plain `git log -p` / `git show` into
+* code execution. (User-supplied `--ext-diff`/`--textconv` are separately
+* denied, so they can't re-enable it after our defaults.)
+*/
+const GIT_DIFF_PRODUCING = new Set([
+	"log",
+	"show",
+	"diff"
+]);
+const TOOLBELT_PARAMS = Type.Object({
+	tool: Type.Union(TOOLBELT_TOOLS$1.map((t) => Type.Literal(t)), { description: "Which read-only analysis CLI to run: rg (ripgrep search), fd (file find), sg (ast-grep structural search), jq (JSON), yq (YAML/TOML/XML), gron (flatten JSON to greppable lines), scc (code stats: LOC + complexity), tokei (code stats), difft (difftastic structural diff), git (read-only subcommands only)." }),
+	args: Type.Optional(Type.Array(Type.String(), { description: "Arguments passed LITERALLY to the tool (no shell: no pipes, redirects, chaining, or glob expansion). For git, args[0] must be a read-only subcommand (log/show/diff/blame/ls-files/…)." }))
+});
+/**
+* True iff `arg` triggers a denied flag. Long flags (`--foo`) match on the
+* name, tolerating a `=value` suffix. Short flags are matched per-character
+* across a cluster (`-Hx`, `-xVALUE`) so attached / combined forms can't
+* bypass an exact-token check. Conservative: a denied short char appearing
+* as the value of a preceding value-taking short flag is also rejected (the
+* worker can re-issue with a space-separated form).
+*/
+function argViolatesDenylist(denied, arg) {
+	if (arg.startsWith("--")) {
+		const eq = arg.indexOf("=");
+		const name$1 = eq === -1 ? arg : arg.slice(0, eq);
+		return denied.long.includes(name$1);
+	}
+	if (arg.length >= 2 && arg[0] === "-" && arg[1] !== "-") {
+		for (const ch of arg.slice(1)) if (denied.short.includes(ch)) return true;
+	}
+	return false;
+}
+/** True iff `arg` is a git denied flag (`--name`, `--name=value`, or a git
+* long-option abbreviation of one — git's parseopt accepts unambiguous
+* prefixes, so `--ext-d` resolves to `--ext-diff`). */
+function gitArgDenied(arg) {
+	if (!arg.startsWith("--")) return false;
+	const eq = arg.indexOf("=");
+	const name$1 = eq === -1 ? arg : arg.slice(0, eq);
+	if (GIT_DENIED_FLAGS.has(name$1)) return true;
+	if (name$1.length >= 3) {
+		for (const flag of GIT_DENIED_FLAGS) if (flag.startsWith(name$1)) return true;
+	}
+	return false;
+}
+/**
+* Build the actual git argv: prepend safe global options + force read-only
+* diff defaults so a repo with a malicious local config can't turn a git
+* call into code execution or a file write. `--no-pager` (also
+* GIT_PAGER=cat) kills the pager; `--no-optional-locks` (also
+* GIT_OPTIONAL_LOCKS=0) stops `status` from refreshing/writing `.git/index`;
+* `--no-ext-diff`/`--no-textconv` on diff-producing subcommands disable
+* configured external-diff / textconv helpers. `args[0]` is the validated
+* subcommand.
+*/
+function buildGitExecArgs(args) {
+	const sub = args[0] ?? "";
+	const out = [
+		"--no-pager",
+		"--no-optional-locks",
+		sub
+	];
+	if (GIT_DIFF_PRODUCING.has(sub)) out.push("--no-ext-diff", "--no-textconv");
+	out.push(...args.slice(1));
+	return out;
+}
+function toolbeltTool(workspace) {
+	return {
+		name: "toolbelt",
+		label: "Toolbelt CLI (read-only)",
+		description: "Run a read-only code-analysis CLI in the workspace with NO shell (args are literal — no pipes / redirects / chaining / globbing). Tools: rg, fd, sg (ast-grep), jq, yq, gron, scc, tokei, difft (difftastic), and git (read-only subcommands). Write/exec flags (fd -x, rg --pre, ast-grep --rewrite, yq -i) and mutating git subcommands are rejected. Returns combined stdout (stderr appended on non-zero exit).",
+		parameters: TOOLBELT_PARAMS,
+		async execute(_toolCallId, params, signal) {
+			const tool = params.tool;
+			const args = Array.isArray(params.args) ? params.args.map(String) : [];
+			if (!TOOLBELT_TOOL_SET.has(tool)) throw new Error(`toolbelt: unknown tool '${tool}'`);
+			if (tool === "git") {
+				const sub = args[0];
+				if (!sub || !GIT_READONLY_SUBCOMMANDS.has(sub)) throw new Error(`git: only read-only subcommands are allowed and the subcommand must be args[0] (no leading -C/-c). Allowed: ${[...GIT_READONLY_SUBCOMMANDS].join(", ")}. Got: ${sub ? `'${sub}'` : "<none>"}`);
+				for (const arg of args) if (gitArgDenied(arg)) throw new Error(`git: flag '${arg}' is not allowed (toolbelt is read-only)`);
+			} else {
+				if (tool === "sg" && args[0] && SG_DENIED_SUBCOMMANDS.has(args[0])) throw new Error(`sg: subcommand '${args[0]}' is not allowed (toolbelt is read-only)`);
+				const denied = TOOLBELT_DENIED_FLAGS[tool];
+				if (denied) {
+					for (const arg of args) if (argViolatesDenylist(denied, arg)) throw new Error(`${tool}: arg '${arg}' carries a write/exec flag (toolbelt is read-only)`);
+				}
+			}
+			const env = buildEnv();
+			if (tool === "git") {
+				env.GIT_PAGER = "cat";
+				env.PAGER = "cat";
+				env.GIT_TERMINAL_PROMPT = "0";
+				env.GIT_OPTIONAL_LOCKS = "0";
+			}
+			const binPath = resolveExecutable(tool, { env });
+			if (!binPath) return textResult(`${tool}: not available on this host (not on PATH / toolbelt). rg/fd/jq/yq/sg/gron/scc/difft ship with the toolbelt; git and tokei may require a system install.`);
+			const TOOLBELT_TIMEOUT_MS = 6e4;
+			const TOOLBELT_STDOUT_CAP = 1024 * 1024;
+			const res = await runManagedExeCapture(binPath, tool === "git" ? buildGitExecArgs(args) : args, {
+				cwd: workspace,
+				env,
+				timeoutMs: TOOLBELT_TIMEOUT_MS,
+				maxStdoutBytes: TOOLBELT_STDOUT_CAP,
+				onSpawn: (child) => {
+					if (signal?.aborted) killChildTree(child);
+					else signal?.addEventListener("abort", () => killChildTree(child), { once: true });
+				}
+			});
+			if (signal?.aborted) throw new Error(`${tool} aborted`);
+			if (res.timedOut) throw new Error(`${tool} timed out after ${TOOLBELT_TIMEOUT_MS}ms`);
+			const parts = [];
+			if (res.stdout) parts.push(res.stdout);
+			if ((res.code !== 0 || !res.stdout) && res.stderr.trim()) parts.push(`[stderr] ${res.stderr.trim()}`);
+			if (res.stdoutTruncated) parts.push(`[truncated at ${TOOLBELT_STDOUT_CAP} bytes — narrow the query]`);
+			if (parts.length === 0) parts.push(`(${tool} exited ${res.code} with no output)`);
+			return textResult(parts.join("\n"));
+		}
+	};
+}
 const PEER_CRITIC_TUPLE = [
 	Type.Literal("codex_critic"),
 	Type.Literal("gemini_critic"),
@@ -16127,6 +16892,7 @@ function codexReviewTool() {
 		label: "Codex code review",
 		description: "Code review by `codex-reviewer` (gpt-5.3-codex, code-specialist critic). Returns line-level findings on a diff or single file. Use to overcome blind spots on a coding change before committing.",
 		parameters: CODEX_REVIEW_PARAMS,
+		executionMode: "sequential",
 		async execute(_toolCallId, params, signal) {
 			if (networkDisabled()) throw new Error("rejected: network disabled");
 			const persona = lookupPersona("codex-reviewer");
@@ -16165,30 +16931,192 @@ const ADVISOR_PARAMS = Type.Object({ concern: Type.String({
 *  cases consistent. Override via env if needed. */
 const ADVISOR_TRANSCRIPT_MAX_CHARS = Number(process$1.env.GH_ROUTER_WORKER_ADVISOR_MAX_CHARS ?? 72e4);
 /**
+* Render Pi's `Agent.state.messages` as a flat text transcript for
+* the advisor's user prompt. Mirrors the intent of advisor.ts's
+* `renderConversationAsText` but consumes Pi's shape directly
+* (`UserMessage | AssistantMessage | ToolResultMessage` plus harness-
+* custom messages — we walk only the LLM-meaningful three and skip
+* custom variants since the advisor never needs UI status events).
+*
+* Truncation policy: keep the TAIL. If the joined transcript exceeds
+* `maxChars`, drop entries from the front until it fits and prepend a
+* `[…earlier turns omitted…]` marker. This matches advisor.ts's
+* front-truncate strategy — the freshest turn is where the worker is
+* stuck.
+*/
+function renderPiMessagesAsText(messages, maxChars) {
+	const lines = [];
+	for (const msg of messages) {
+		if (typeof msg !== "object" || msg === null) continue;
+		const role = msg.role;
+		if (role === "user") {
+			const content = msg.content;
+			lines.push(`USER: ${stringifyMessageContent(content)}`);
+		} else if (role === "assistant") {
+			const content = msg.content;
+			lines.push(`ASSISTANT: ${stringifyMessageContent(content)}`);
+		} else if (role === "toolResult") {
+			const m = msg;
+			const flag = m.isError ? " [error]" : "";
+			lines.push(`TOOL_RESULT ${m.toolName ?? "?"}${flag}: ${stringifyMessageContent(m.content)}`);
+		}
+	}
+	let joined = lines.join("\n\n");
+	if (joined.length <= maxChars) return joined;
+	const marker = "[…earlier turns omitted…]\n\n";
+	const budget = maxChars - 27;
+	while (joined.length > budget && lines.length > 0) {
+		lines.shift();
+		joined = lines.join("\n\n");
+	}
+	return marker + joined;
+}
+/**
+* Flatten a message's content (union of string / TextContent[] /
+* ToolCall[] / ImageContent[]) to a single text line. Images become
+* `[image]` placeholders — the advisor only needs to know they
+* existed, not see their bytes. ToolCalls render as
+* `→ <toolName>(<args-as-json>)` so the advisor can reason about
+* what the worker tried.
+*/
+function stringifyMessageContent(content) {
+	if (typeof content === "string") return content;
+	if (!Array.isArray(content)) return "";
+	const parts = [];
+	for (const part of content) {
+		if (typeof part !== "object" || part === null) continue;
+		const p = part;
+		if (p.type === "text" && typeof p.text === "string") parts.push(p.text);
+		else if (p.type === "image") parts.push("[image]");
+		else if (p.type === "thinking") continue;
+		else if (p.type === "toolCall") {
+			const name$1 = typeof p.toolName === "string" ? p.toolName : "?";
+			const args = typeof p.input === "object" && p.input !== null ? JSON.stringify(p.input) : "";
+			parts.push(`→ ${name$1}(${args.slice(0, 200)})`);
+		}
+	}
+	return parts.join(" ");
+}
+function advisorTool(getMessages) {
+	return {
+		name: "advisor",
+		label: "Advisor",
+		description: "Consult a stronger reviewer model (cross-lab: gpt-5.5 xhigh by default) on a specific concern. Use BEFORE substantive work, WHEN stuck, or WHEN considering a change of approach. The advisor automatically receives the recent conversation transcript as context — give it a focused `concern`, not background.",
+		parameters: ADVISOR_PARAMS,
+		async execute(_toolCallId, params, signal) {
+			if (networkDisabled()) throw new Error("rejected: network disabled");
+			const advisorSystem = "You are an expert advisor reviewing an in-progress coding worker's concern. The worker shares its recent conversation transcript (USER / ASSISTANT / TOOL_RESULT lines) followed by the specific concern under `### Concern`. Provide concrete, actionable advice grounded in the transcript — name the specific assumption or step to revisit. If the worker is on the right track, say so. Aim for 2–5 paragraphs of substantive guidance.";
+			const transcript = getMessages ? renderPiMessagesAsText(getMessages(), ADVISOR_TRANSCRIPT_MAX_CHARS) : "";
+			const userText = transcript.length > 0 ? `### Recent transcript\n${transcript}\n\n### Concern\n${params.concern}` : `### Concern\n${params.concern}`;
+			const resolvedModel = resolveModel(ADVISOR_DEFAULT_MODEL);
+			const release = acquireInFlightSlot();
+			if (!release) throw new Error(`advisor: MCP in-flight cap (${MAX_INFLIGHT_TOOLS_CALL}) saturated; retry shortly`);
+			try {
+				const text = extractResponsesText(await createResponses({
+					model: resolvedModel,
+					instructions: advisorSystem,
+					input: [{
+						role: "user",
+						content: [{
+							type: "input_text",
+							text: userText
+						}]
+					}],
+					stream: false,
+					reasoning: { effort: ADVISOR_DEFAULT_EFFORT }
+				}, void 0, signal));
+				if (!text) throw new Error("advisor returned empty output");
+				return textResult(text);
+			} finally {
+				release();
+			}
+		}
+	};
+}
+const UPDATE_PLAN_PARAMS = Type.Object({
+	steps: Type.Array(Type.Object({
+		title: Type.String({
+			minLength: 1,
+			description: "Short imperative description of the step."
+		}),
+		status: Type.Union([
+			Type.Literal("pending"),
+			Type.Literal("in_progress"),
+			Type.Literal("completed")
+		], { description: "Current status of this step." })
+	}), {
+		minItems: 1,
+		description: "The FULL ordered plan. Each call replaces the previous plan, so always send every step (not just the changed one)."
+	}),
+	explanation: Type.Optional(Type.String({ description: "Optional one-line note on what changed this update." }))
+});
+function createPlanState() {
+	return { current: [] };
+}
+/** Deterministic checklist render: `N. [ |~|x] title`, optional leading
+*  explanation line. Used both as the tool's return value and as the
+*  per-turn reminder injected at the request boundary. */
+function renderPlan(state$1) {
+	if (state$1.current.length === 0) return "(no plan yet)";
+	const mark = (s) => s === "completed" ? "x" : s === "in_progress" ? "~" : " ";
+	const lines = state$1.current.map((step, i) => `${i + 1}. [${mark(step.status)}] ${step.title}`);
+	return `${state$1.explanation ? `${state$1.explanation}\n` : ""}${lines.join("\n")}`;
+}
+function updatePlanTool(planState) {
+	return {
+		name: "update_plan",
+		label: "Update plan",
+		description: "Maintain a short, ordered checklist for the delegated task. Call it at the start (lay out the steps) and again whenever a step's status changes (mark one in_progress / completed). Each call REPLACES the whole plan — always send the full ordered list. The current plan is re-surfaced to you every turn so it survives context compaction; use it to stay oriented on long, multi-step work.",
+		parameters: UPDATE_PLAN_PARAMS,
+		executionMode: "sequential",
+		async execute(_toolCallId, params) {
+			const steps = params.steps.map((s) => ({
+				title: s.title,
+				status: s.status
+			}));
+			if (planState) {
+				planState.current = steps;
+				planState.explanation = params.explanation;
+			}
+			return textResult(renderPlan(planState ?? {
+				current: steps,
+				explanation: params.explanation
+			}));
+		}
+	};
+}
+/**
 * Build the AgentTool array for the requested mode.
 *
-*   - explore  → 6 read-only tools
-*   - review   → same 6 read-only tools as explore (reviewer framing lives
+*   - explore  → 9 read-only tools (read, glob, grep, code_search,
+*                web_search, fetch_url, toolbelt, advisor, update_plan)
+*   - review   → same 9 read-only tools as explore (reviewer framing lives
 *                in the system prompt, not the toolset)
-*   - implement → explore + edit/write/bash/codex_review
+*   - implement → explore + edit/write/bash/codex_review (13 total)
+*
+* `peer_review` is intentionally NOT wired in (peer critics aren't part of
+* the worker surface); `advisor` is the worker's consultation path.
 *
-* Order matches the brief and the prompt-mode-note for stability —
-* Pi's tool-injection shape includes the list verbatim, so a stable
-* order keeps the model's tool-name prediction cache warm.
+* Order matches the prompt-mode-note for stability — Pi's tool-injection
+* shape includes the list verbatim, so a stable order keeps the model's
+* tool-name prediction cache warm.
 *
 * Each call returns FRESH tool objects (workspace is closure-captured
 * per call), so two concurrent worker runs against different
 * workspaces don't share state.
 */
 function buildWorkerTools(opts) {
-	const { mode, workspace } = opts;
+	const { mode, workspace, getMessages, planState } = opts;
 	const explore = [
 		readTool(workspace),
 		globTool(workspace),
 		grepTool(workspace),
 		codeSearchTool(workspace),
 		webSearchTool(),
-		fetchUrlTool()
+		fetchUrlTool(),
+		toolbeltTool(workspace),
+		advisorTool(getMessages),
+		updatePlanTool(planState)
 	];
 	if (mode === "explore" || mode === "review") return explore;
 	return [
@@ -16499,19 +17427,29 @@ async function createWorktree(workspaceAbs, opts) {
 */
 const WORKTREE_REGISTRY = new WorktreeRegistry();
 registerExitHandlers(WORKTREE_REGISTRY);
-/** Default model + thinking. `gemini-3.1-pro-preview` + "high" — the worker
-*  loop is function-calling, and the pro model is materially less prone to
-*  early-stopping with an empty turn than `gemini-3.5-flash` was (the
-*  reliability win is worth the higher per-call cost for autonomous workers).
-*  It advertises `tool_calls` and reasoning low/medium/high. Caller can
-*  override per call via the `model` arg.
-*
-*  Exported so the MCP handler (which renders the worker tool's
-*  description to the LLM and pins a probe row against the model)
-*  reads the same constant — drift between the two would silently
-*  ship a tool whose docs disagree with its runtime default. */
-const DEFAULT_MODEL = "gemini-3.1-pro-preview";
+/** Default model + thinking for the READ-ONLY worker modes (`explore`,
+*  `review`). `gemini-3.5-flash` at `high` (its top reasoning tier) — fast,
+*  1M-context, tool-call-capable.
+*
+*  HISTORY / CAVEAT: an earlier iteration moved OFF flash to
+*  `gemini-3.1-pro-preview` because *that* flash early-stopped with empty
+*  turns on the function-calling loop. `gemini-3.5-flash` is a NEWER model
+*  and is being re-evaluated for the read-only workload, where parallel
+*  read/search batches and sound stop/continue decisions matter. If it
+*  regresses to early-stopping, revert this to `gemini-3.1-pro-preview`.
+*
+*  Exported so the MCP handler + the gate (`workerToolsEnabled`) read the
+*  same constant — drift would ship a tool whose docs/gate disagree with
+*  its runtime default. Caller can override per call via the `model` arg. */
+const DEFAULT_MODEL = "gemini-3.5-flash";
 const DEFAULT_THINKING = "high";
+/** Default model + thinking for the READ+WRITE `implement` mode. `gpt-5.5`
+*  at `xhigh` — the strongest reasoning tier in the catalog, 1M+ context,
+*  routed through `/responses` by the stream-fn endpoint split. Coding edits
+*  benefit from maximum reasoning; the higher per-call cost is justified for
+*  autonomous implementation. An explicit `opts.model` still wins. */
+const IMPLEMENT_DEFAULT_MODEL = "gpt-5.5";
+const IMPLEMENT_DEFAULT_THINKING = "xhigh";
 /** Default model for `browse` mode. `gpt-5.4-mini` — the Gate-B-winning
 *  browse model (small + fast enough to drive a tab at human pace, with
 *  enough tool-calling discipline to terminate). This is DISTINCT from the
@@ -16619,9 +17557,12 @@ async function runWorkerAgent(opts) {
 	};
 	try {
 		const isBrowse = opts.mode === "browse";
+		const isImplement = opts.mode === "implement";
+		const defaultModel = isBrowse ? BROWSE_DEFAULT_MODEL : isImplement ? IMPLEMENT_DEFAULT_MODEL : DEFAULT_MODEL;
+		const defaultThinking = isBrowse ? BROWSE_DEFAULT_THINKING : isImplement ? IMPLEMENT_DEFAULT_THINKING : DEFAULT_THINKING;
 		const resolved = resolveModelAndThinking({
-			model: opts.model ?? (isBrowse ? BROWSE_DEFAULT_MODEL : DEFAULT_MODEL),
-			thinking: opts.thinking ?? (isBrowse ? BROWSE_DEFAULT_THINKING : DEFAULT_THINKING)
+			model: opts.model ?? defaultModel,
+			thinking: opts.thinking ?? defaultThinking
 		});
 		if (!resolved.ok) return {
 			text: resolved.error,
@@ -16657,9 +17598,14 @@ async function runWorkerAgent(opts) {
 		}
 		else ws = makeNoWorktreeHandle(workspaceAbs);
 		const budget = new Budget();
+		const agentHolder = {};
+		const planState = createPlanState();
+		const getMessages = () => agentHolder.agent?.state.messages ?? [];
 		const tools = opts.mode === "browse" ? buildBrowseTools({ sessionId: opts.sessionId }) : buildWorkerTools({
 			mode: opts.mode,
-			workspace: ws.dir
+			workspace: ws.dir,
+			getMessages,
+			planState
 		});
 		const agent = new Agent$1({
 			initialState: {
@@ -16672,14 +17618,20 @@ async function runWorkerAgent(opts) {
 				resolved,
 				contextBudget: ctxBudget
 			}),
-			toolExecution: opts.mode === "implement" ? "sequential" : "parallel",
-			transformContext: ctxBudget ? async (messages) => {
+			toolExecution: "parallel",
+			transformContext: async (messages) => {
+				let compacted = messages;
+				if (ctxBudget) try {
+					compacted = compactWorkerContext(messages, ctxBudget);
+				} catch {
+					compacted = messages;
+				}
 				try {
-					return compactWorkerContext(messages, ctxBudget);
+					return appendPlanReminder(compacted, planState);
 				} catch {
-					return messages;
+					return compacted;
 				}
-			} : void 0,
+			},
 			beforeToolCall: async (ctx) => {
 				logAudit({
 					mode: opts.mode,
@@ -16708,6 +17660,7 @@ async function runWorkerAgent(opts) {
 				budget.addTurn();
 			}
 		});
+		agentHolder.agent = agent;
 		const abortHandler = () => agent?.abort();
 		if (opts.signal) if (opts.signal.aborted) agent.abort();
 		else opts.signal.addEventListener("abort", abortHandler, { once: true });
@@ -16777,6 +17730,35 @@ async function runWorkerAgent(opts) {
 		release();
 	}
 }
+/**
+* Test-only exports. The public surface of the engine is
+* `runWorkerAgent` alone; everything else is internal. Tests use
+* the helpers below for direct extract-assistant-text assertions
+* without spinning up the full agent.
+*/
+/**
+* Append a single synthetic `user`-role plan reminder to a send-time
+* message view, so the current `update_plan` checklist survives context
+* compaction. Pure: returns the SAME array reference when there's nothing
+* to add, and a NEW array otherwise (never mutates the input). Appends
+* ONLY after a tool-result turn — that's the multi-step boundary where the
+* reminder is useful, and it can never double a `user` turn or split an
+* assistant→toolResult pair. Called inside the engine's `transformContext`,
+* whose output is a send-time view never persisted to the canonical
+* transcript.
+*/
+function appendPlanReminder(messages, planState) {
+	if (planState.current.length === 0) return messages;
+	const last = messages[messages.length - 1];
+	const lastRole = last ? last.role : void 0;
+	if (lastRole === "user" || lastRole === "assistant") return messages;
+	const reminder = {
+		role: "user",
+		content: `Current plan (update via update_plan if it changed):\n${renderPlan(planState)}`,
+		timestamp: Date.now()
+	};
+	return [...messages, reminder];
+}
 //#endregion
 //#region src/lib/stand-in.ts
@@ -17521,10 +18503,9 @@ function buildPeerAwarenessSnippet(opts) {
 	}
 	criticList.push("`opus_critic` (Opus 4.7)");
 	const codexCliClause = opts.codexCli ? " `mcp__codex-cli__codex` dispatches to `codex-implementer` (gpt-5.3-codex with workspace-write) for end-to-end coding tasks." : "";
-	const para2Parts = [`\`mcp__${searchKey}__code\` returns ranked code-discovery hits (BM25F + tree-sitter ranking, no additional model call) and is the one-stop code search: \`complete\` for the exhaustive match set, \`ast_pattern\`+\`ast_lang\` for multi-line AST structures (via ast-grep), \`scan\` for a whole-workspace symbol outline, \`multiline\` for cross-line regex. Multiple independent queries can run in a single turn. The index covers code-shaped files; for unstructured files (logs, \`.csv\`, \`.env*\`, config-only wiring), \`grep\`/\`glob\` still apply.`];
+	const para2Parts = [`\`mcp__${searchKey}__code\` is the one-stop code search (no extra model call). Its DEFAULT mode (or \`mode:"semantic"\`) ranks by MEANING via ColBERT over a per-workspace index, the first thing to reach for on intent/concept questions ("where is retry/backoff handled", "how does auth work"); when that index isn't ready it transparently falls back to lexical (the response \`source\` says which engine ran). Forced modes cover the rest: \`lexical\` (BM25F-ranked + tree-sitter, best for exact symbols), \`exact\`, \`regex\`, \`complete\` for the exhaustive match set, \`ast_pattern\`+\`ast_lang\` for multi-line AST structures (via ast-grep), \`scan\` for a whole-workspace symbol outline, \`multiline\` for cross-line regex. Multiple independent queries can run in a single turn. The index covers code-shaped files; for unstructured files (logs, \`.csv\`, \`.env*\`, config-only wiring), \`grep\`/\`glob\` still apply.`];
 	if (opts.workerToolsAvailable) para2Parts.push(`\`mcp__${workersKey}__explore\` runs a Gemini-backed read-only worker that returns a summary, using its own context rather than yours; concurrent launches share the \`MAX_INFLIGHT_TOOLS_CALL=32\` cap with operator traffic.`, `\`mcp__${workersKey}__review\` is the same read-only worker framed as a code reviewer that reads the relevant code itself to verify a change or claim and reports findings with severity, so it checks surrounding context the \`peers\` critics (single stateless calls on the pasted artifact) cannot.`, `\`mcp__${workersKey}__implement\` is the same worker with edit/write/bash; \`worktree: true\` runs it in an isolated git worktree and returns the diff.`, "Workers themselves have `code_search` in their toolset.");
 	para2Parts.push(`\`mcp__${searchKey}__web\` surfaces citable sources for docs, errors, and upstream issues.`);
-	if (opts.semanticSearchAvailable) para2Parts.push(`\`mcp__${searchKey}__semantic_search\` is ColBERT semantic code search over a per-workspace index and is the first search to try for intent/concept questions ("where is retry/backoff handled", "how does auth work") that a lexical \`code\`/grep search would miss; reserve lexical \`code\`/grep for exact symbols/strings. It returns honest \`building\`/\`stale\`/\`unavailable\` notices and never silently falls back to lexical.`);
 	if (opts.standInAvailable) para2Parts.push(`\`mcp__${decideKey}__stand_in\` provides three-lab consensus for decision tiebreak when the user is unavailable.`);
 	if (opts.browseAvailable) {
 		const powerNote = opts.powerBrowseAvailable ? ` Power mode is on: the L0/L1 primitives (\`mcp__${browserKey}__mouse\`, \`__drag\`, \`__type\`, \`__keyboard\`, \`__scroll\`, \`__eval_js\`, \`__read_page\`, \`__diagnostics\`, \`__find\`) are also available for direct DOM / coordinate control.` : "";
@@ -17606,7 +18587,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 	{
 		toolNameHttp: "code",
 		group: "search",
-		description: "Fast structured code search over a local workspace. Returns ranked, deduplicated hits with snippets. Ranks with BM25F across matched-line / file-path / surrounding-context / symbol-context fields, then refines `symbol-context` with tree-sitter AST analysis on the top hits so identifier definitions outrank incidental string matches. Launch multiple code searches in parallel to triangulate — e.g. definition + callers + tests in one round-trip. Prefer this over Grep/Bash+grep for ranked discovery (\"where is X defined\", \"which files reference Y\", \"find code that does Z\") — ranked mode surfaces the few right answers instead of every match. Use Grep for exact-pattern enumeration when you need every hit unranked, and Glob for file-name patterns (no content match). `workspace` is any absolute path the proxy process can read — typically the project root or a sub-tree you're working in. Each response also carries a tree-sitter structural outline of the matched files (`summary` on by default; set it false to omit).",
+		description: "Fast structured code search over a local workspace. Default (`mode:\"semantic\"`, or omit `mode`) ranks by MEANING via ColBERT over a per-workspace index — best for intent/concept queries where the literal keywords may not appear (\"where do we rate-limit\", \"auth token refresh\"). When that index is building/stale/absent it TRANSPARENTLY returns lexical (BM25F) results and labels the response `source` (\"lexical-fallback\") so a degrade is never silent. On a `lexical-fallback` the `notice` says how to proceed: retry `mode:\"semantic\"` shortly (the index self-heals in the background) or re-query with specific symbols — the lexical engine matches keywords/symbols, not natural-language phrases. Other modes force the lexical engine: `lexical` (BM25F ranked, best for exact symbols), `exact` (fixed-string), `regex` (PCRE2), `ast` (ast-grep structural via `ast_pattern`+`ast_lang`). Lexical ranking refines a `symbol-context` field with tree-sitter AST analysis so definitions outrank incidental matches. Launch multiple code searches in parallel to triangulate — e.g. definition + callers + tests in one round-trip. Prefer this over Grep/Bash+grep for ranked discovery (\"where is X defined\", \"which files reference Y\", \"find code that does Z\"). Use Grep for exact-pattern enumeration when you need every hit unranked, and Glob for file-name patterns (no content match). `workspace` is any absolute path the proxy process can read — typically the project root or a sub-tree you're working in. Each response also carries a tree-sitter structural outline of the matched files (`summary` on by default; set it false to omit).",
 		inputSchema: {
 			type: "object",
 			required: ["query", "workspace"],
@@ -17614,7 +18595,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 			properties: {
 				query: {
 					type: "string",
-					description: "Search text. In 'ranked' (default) and 'literal' modes, interpreted as a literal string. In 'regex' mode, interpreted as a PCRE2 regex. In 'ranked' and 'literal' modes, single-identifier queries are auto-expanded across camelCase / snake_case / kebab-case / SCREAMING_SNAKE skeletons so `getUserName` also matches `get_user_name`."
+					description: "Search text. In the default 'semantic' mode it's natural-language intent (finds code by meaning even when the words don't appear literally). In 'lexical'/'exact' modes it's a literal string (single-identifier queries auto-expand across camelCase / snake_case / kebab-case / SCREAMING_SNAKE so `getUserName` also matches `get_user_name`). In 'regex' mode it's a PCRE2 regex."
 				},
 				workspace: {
 					type: "string",
@@ -17623,11 +18604,17 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 				mode: {
 					type: "string",
 					enum: [
-						"ranked",
-						"literal",
-						"regex"
+						"semantic",
+						"lexical",
+						"exact",
+						"regex",
+						"ast"
 					],
-					description: "Ranking mode. 'ranked' (default): BM25F + tree-sitter structural boost; results ordered by score with shoulder pruning (drops results below 50% of the top score). 'literal': fixed-string search, ripgrep document order. 'regex': PCRE2 search, ripgrep document order."
+					description: "Search mode. 'semantic' (DEFAULT): ColBERT meaning-based ranking over a per-workspace index; transparently falls back to lexical when the index is building/stale/absent (the response `source` says which engine ran). 'lexical': BM25F + tree-sitter structural boost, ordered by score with shoulder pruning — best for exact symbols. 'exact': fixed-string, ripgrep document order. 'regex': PCRE2, ripgrep document order. 'ast': ast-grep structural match (requires `ast_pattern` + `ast_lang`)."
+				},
+				pattern: {
+					type: "string",
+					description: "Semantic mode only: regex pre-filter (colgrep -e) — grep first, then rank the matches semantically. Use to scope a semantic ranking to e.g. async fns. Ignored in lexical modes."
 				},
 				file_glob: {
 					type: "string",
@@ -17640,7 +18627,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 				structural: {
 					type: "string",
 					enum: ["full", "topN"],
-					description: "Structural-ranking depth (ranked mode only). 'full' (default) runs tree-sitter on the top 50 BM25F hits — best signal, fine for typical repos. 'topN' restricts to the top 10 for tighter latency on very large workspaces. Both modes share a 200ms wall-clock budget; on budget exhaustion the response includes `notice` and remaining hits fall back to the regex symbol heuristic."
+					description: "Structural-ranking depth (lexical mode only). 'full' (default) runs tree-sitter on the top 50 BM25F hits — best signal, fine for typical repos. 'topN' restricts to the top 10 for tighter latency on very large workspaces. Both modes share a 200ms wall-clock budget; on budget exhaustion the response includes `notice` and remaining hits fall back to the regex symbol heuristic."
 				},
 				summary: {
 					type: "boolean",
@@ -17648,7 +18635,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 				},
 				complete: {
 					type: "boolean",
-					description: "Exhaustiveness. Default false — ranked mode applies a precision shoulder cut + a per-file cap so you aren't overwhelmed, and the response `notice` tells you when matches were hidden. Set true to disable both and return the COMPLETE match set (every line `grep` would find, reordered by relevance), capped only by `limit` — use it when you must not miss any occurrence (e.g. \"every caller of X\", a rename, an audit)."
+					description: "Exhaustiveness (lexical mode). Default false — lexical mode applies a precision shoulder cut + a per-file cap so you aren't overwhelmed, and the response `notice` tells you when matches were hidden. Set true to disable both and return the COMPLETE match set (every line `grep` would find, reordered by relevance), capped only by `limit` — use it when you must not miss any occurrence (e.g. \"every caller of X\", a rename, an audit)."
 				},
 				multiline: {
 					type: "boolean",
@@ -17670,10 +18657,10 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 		},
 		async handler(args, signal) {
 			try {
-				const result = await searchCode({
+				const result = await runUnifiedCodeSearch({
 					query: typeof args.query === "string" ? args.query : "",
 					workspace: typeof args.workspace === "string" ? args.workspace : "",
-					mode: args.mode === "literal" || args.mode === "regex" || args.mode === "ranked" ? args.mode : void 0,
+					mode: args.mode === "semantic" || args.mode === "lexical" || args.mode === "exact" || args.mode === "regex" || args.mode === "ast" ? args.mode : void 0,
 					file_glob: typeof args.file_glob === "string" ? args.file_glob : void 0,
 					limit: typeof args.limit === "number" ? args.limit : void 0,
 					structural: args.structural === "full" || args.structural === "topN" ? args.structural : void 0,
@@ -17682,7 +18669,8 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 					multiline: typeof args.multiline === "boolean" ? args.multiline : void 0,
 					scan: typeof args.scan === "boolean" ? args.scan : void 0,
 					ast_pattern: typeof args.ast_pattern === "string" ? args.ast_pattern : void 0,
-					ast_lang: typeof args.ast_lang === "string" ? args.ast_lang : void 0
+					ast_lang: typeof args.ast_lang === "string" ? args.ast_lang : void 0,
+					pattern: typeof args.pattern === "string" ? args.pattern : void 0
 				}, signal);
 				const SIZE_CAP_BYTES = 256 * 1024;
 				const trimmedHits = [];
@@ -17695,6 +18683,9 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 						snippet: hit.snippet
 					};
 					if (hit.role) next.role = hit.role;
+					if (hit.endLine !== void 0) next.endLine = hit.endLine;
+					if (hit.name !== void 0) next.name = hit.name;
+					if (hit.score !== void 0) next.score = hit.score;
 					const nextBytes = Buffer.byteLength(JSON.stringify(next), "utf8");
 					if (trimmedHits.length > 0 && totalBytes + nextBytes > SIZE_CAP_BYTES) {
 						sizeCapped = true;
@@ -17704,8 +18695,9 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 					totalBytes += nextBytes;
 				}
 				const minimal = {
+					source: result.source,
 					results: trimmedHits,
-					truncated: result.truncated || sizeCapped
+					truncated: (result.truncated ?? false) || sizeCapped
 				};
 				let outlinesDropped = false;
 				if (result.outlines && result.outlines.length > 0) {
@@ -17733,90 +18725,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 				return {
 					content: [{
 						type: "text",
-						text: `code_search failed: ${err instanceof Error ? err.message : String(err)}`
-					}],
-					isError: true
-				};
-			}
-		}
-	},
-	{
-		toolNameHttp: "semantic_search",
-		group: "search",
-		capability: "semantic_search",
-		description: "Semantic code search by MEANING, not text (ColBERT late-interaction over a per-workspace index). Best for natural-language intent queries where the literal keywords may not appear ('where do we rate-limit', 'auth token refresh', 'retry/backoff around the upstream fetch'). For exact symbol lookup ('where is X defined', 'callers of Y') prefer `code` (lexical) — it's faster and exact. Returns a `status` field (ready / building / stale / unavailable / failed); while the index is building or stale it returns a status + notice and NO results (it does NOT fall back to another search) — run `code` yourself if you need results immediately. `workspace` is any absolute path; the index is built and cached by the proxy on first use.",
-		inputSchema: {
-			type: "object",
-			required: ["query"],
-			additionalProperties: false,
-			properties: {
-				query: {
-					type: "string",
-					description: "Natural-language intent, e.g. 'where do we validate JWT expiry' or 'retry/backoff around the upstream fetch'. Semantic — finds code by meaning even when the words don't appear literally."
-				},
-				workspace: {
-					type: "string",
-					description: "Absolute path to the repo/subtree to search. Defaults to the proxy launch cwd. Must be absolute."
-				},
-				limit: {
-					type: "integer",
-					description: "Max results (default 15)."
-				},
-				pattern: {
-					type: "string",
-					description: "Optional regex pre-filter (colgrep -e): grep first, then rank the matches semantically. Use to scope a semantic ranking to e.g. async fns."
-				}
-			}
-		},
-		async handler(args, signal) {
-			const query = typeof args.query === "string" ? args.query.trim() : "";
-			if (!query) return {
-				content: [{
-					type: "text",
-					text: "semantic_search: arguments.query is required (must be a non-empty string)"
-				}],
-				isError: true
-			};
-			let workspace;
-			if (args.workspace === void 0) workspace = process.cwd();
-			else if (typeof args.workspace === "string" && path.isAbsolute(args.workspace)) workspace = args.workspace;
-			else return {
-				content: [{
-					type: "text",
-					text: "semantic_search: arguments.workspace must be an ABSOLUTE path (or omitted to use the proxy launch cwd)"
-				}],
-				isError: true
-			};
-			const limit = typeof args.limit === "number" && Number.isFinite(args.limit) ? args.limit : void 0;
-			const pattern = typeof args.pattern === "string" && args.pattern.length > 0 ? args.pattern : void 0;
-			try {
-				const result = await runSemanticSearch({
-					query,
-					workspace,
-					limit,
-					pattern,
-					signal
-				});
-				const envelope = { status: result.status };
-				if (result.results) envelope.results = result.results;
-				if (result.source) envelope.source = result.source;
-				if (result.notice) envelope.notice = result.notice;
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify(envelope, null, 2)
-					}],
-					isError: result.isError === true
-				};
-			} catch (err) {
-				const msg = err instanceof Error ? err.message : String(err);
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify({
-							status: "failed",
-							notice: `semantic_search failed: ${msg}; use code (lexical) instead`
-						}, null, 2)
+						text: `code search failed: ${err instanceof Error ? err.message : String(err)}`
 					}],
 					isError: true
 				};
@@ -17827,7 +18736,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 		toolNameHttp: "explore",
 		group: "workers",
 		capability: "worker",
-		description: "Read-only investigation by an autonomous worker (Pi runtime; default model `gemini-3.1-pro-preview`, override via the `model` arg with any Copilot-catalog model that advertises `tool_calls`). Tools: read, glob, grep, code_search, web_search, fetch_url. The worker's system prompt sandboxes it and gives one-line descriptions of each tool, so brief it on the investigation, not on tool semantics. Offloads bounded research that would otherwise eat your context window — the worker plans its own tool calls and returns a single text answer. Examples: \"find files matching X then summarize\", \"how does library Y handle Z\", \"survey this codebase for usages of deprecated API\".",
+		description: "Read-only investigation by an autonomous worker (Pi runtime; default model `gemini-3.5-flash` at high reasoning, override via the `model` arg with any Copilot-catalog model that advertises `tool_calls`). Tools: read, glob, grep, code_search (semantic-first), web_search, fetch_url, advisor (consult a stronger cross-lab model), update_plan (planning checklist), and toolbelt (run a read-only analysis CLI: rg/fd/jq/yq/sg/gron/tokei/difft/git). The worker's system prompt sandboxes it and gives one-line descriptions of each tool, so brief it on the investigation, not on tool semantics. Offloads bounded research that would otherwise eat your context window — the worker plans its own tool calls and returns a single text answer. Examples: \"find files matching X then summarize\", \"how does library Y handle Z\", \"survey this codebase for usages of deprecated API\".",
 		inputSchema: {
 			type: "object",
 			required: ["prompt"],
@@ -17839,7 +18748,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 				},
 				model: {
 					type: "string",
-					description: "Optional Copilot catalog model id (defaults to gemini-3.1-pro-preview). Must advertise tool_calls support; the engine emits an isError envelope listing the eligible catalog models on mismatch."
+					description: "Optional Copilot catalog model id (defaults to gemini-3.5-flash). Must advertise tool_calls support; the engine emits an isError envelope listing the eligible catalog models on mismatch."
 				},
 				thinking: {
 					type: "string",
@@ -17871,7 +18780,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 		toolNameHttp: "implement",
 		group: "workers",
 		capability: "worker",
-		description: "Delegates a scoped coding task to an autonomous worker (Pi runtime; default model `gemini-3.1-pro-preview`, override via the `model` arg with any Copilot-catalog model that advertises `tool_calls`). Tools: the worker_explore read-only set plus edit, write, bash, and codex_review (code review by codex-reviewer / gpt-5.3-codex). The worker's system prompt sandboxes it and gives one-line descriptions of each tool, so brief it on the task, not on tool semantics. With `worktree: false` (default) edits in place — concurrent worker_implement calls and Claude's own edits to the same files will race. With `worktree: true` runs in an isolated git worktree and returns the diff for review. HARD ERROR if true and the workspace is not a git repository.",
+		description: "Delegates a scoped coding task to an autonomous worker (Pi runtime; default model `gpt-5.5` at xhigh reasoning, override via the `model` arg with any Copilot-catalog model that advertises `tool_calls`). Tools: the explore read-only set (read, glob, grep, code_search, web_search, fetch_url, advisor, update_plan, toolbelt) plus edit, write, bash, and codex_review (code review by codex-reviewer / gpt-5.3-codex). The worker's system prompt sandboxes it and gives one-line descriptions of each tool, so brief it on the task, not on tool semantics. With `worktree: false` (default) edits in place — concurrent worker_implement calls and Claude's own edits to the same files will race. With `worktree: true` runs in an isolated git worktree and returns the diff for review. HARD ERROR if true and the workspace is not a git repository.",
 		inputSchema: {
 			type: "object",
 			required: ["prompt"],
@@ -17887,7 +18796,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 				},
 				model: {
 					type: "string",
-					description: "Optional Copilot catalog model id (defaults to gemini-3.1-pro-preview). Must advertise tool_calls support; the engine emits an isError envelope listing the eligible catalog models on mismatch."
+					description: "Optional Copilot catalog model id (defaults to gpt-5.5). Must advertise tool_calls support; the engine emits an isError envelope listing the eligible catalog models on mismatch."
 				},
 				thinking: {
 					type: "string",
@@ -17899,7 +18808,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 						"high",
 						"xhigh"
 					],
-					description: "Optional reasoning depth (default high). Silently clamped to the model's allowed range; \"off\" drops the parameter entirely."
+					description: "Optional reasoning depth (default xhigh). Silently clamped to the model's allowed range; \"off\" drops the parameter entirely."
 				},
 				workspace: {
 					type: "string",
@@ -17919,7 +18828,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 		toolNameHttp: "review",
 		group: "workers",
 		capability: "worker",
-		description: "Read-only code review by an autonomous worker (Pi runtime; default model `gemini-3.1-pro-preview`, override via `model` with any Copilot-catalog model that advertises `tool_calls`). Same read-only toolset as `explore` (read, glob, grep, code_search, web_search, fetch_url) — it CANNOT edit — but the worker is framed as a reviewer: it verifies correctness against the actual code itself rather than trusting a claim, and reports findings (bugs, edge cases, security / concurrency / resource risks, missing handling) with a severity and `file:line`. Brief it with the change / diff / claim to verify (paste it, or name the files) — it reads the code to confirm, so you get a self-verifying second opinion that doesn't depend on you having pre-extracted the relevant code. Unlike the `peers` critics (single stateless model calls on the artifact you paste), this worker can navigate the repo to check surrounding context for itself.",
+		description: "Read-only code review by an autonomous worker (Pi runtime; default model `gemini-3.5-flash`, override via `model` with any Copilot-catalog model that advertises `tool_calls`). Same read-only toolset as `explore` (read, glob, grep, code_search, web_search, fetch_url, advisor, update_plan, toolbelt) — it CANNOT edit — but the worker is framed as a reviewer: it verifies correctness against the actual code itself rather than trusting a claim, and reports findings (bugs, edge cases, security / concurrency / resource risks, missing handling) with a severity and `file:line`. Brief it with the change / diff / claim to verify (paste it, or name the files) — it reads the code to confirm, so you get a self-verifying second opinion that doesn't depend on you having pre-extracted the relevant code. Unlike the `peers` critics (single stateless model calls on the artifact you paste), this worker can navigate the repo to check surrounding context for itself.",
 		inputSchema: {
 			type: "object",
 			required: ["prompt"],
@@ -17931,7 +18840,7 @@ const NON_PERSONA_MCP_TOOLS = Object.freeze([
 				},
 				model: {
 					type: "string",
-					description: "Optional Copilot catalog model id (defaults to gemini-3.1-pro-preview). Must advertise tool_calls support; the engine emits an isError envelope listing the eligible catalog models on mismatch."
+					description: "Optional Copilot catalog model id (defaults to gemini-3.5-flash). Must advertise tool_calls support; the engine emits an isError envelope listing the eligible catalog models on mismatch."
 				},
 				thinking: {
 					type: "string",
@@ -19606,49 +20515,6 @@ async function exposedCommands(binDir) {
 	return out;
 }
-//#endregion
-//#region src/lib/colbert/index.ts
-/**
-* True unless the operator opted out via
-* `GH_ROUTER_DISABLE_SEMANTIC_SEARCH=1`. Semantic search is ON BY
-* DEFAULT (the proxy auto-provisions + background-indexes); the
-* capability gate additionally requires the artifacts to be present on
-* disk + smoke-passed, so in any environment where provisioning hasn't
-* completed the tool simply doesn't appear (no regression).
-*/
-function semanticSearchOptedIn() {
-	return parseBoolEnv(process$1.env.GH_ROUTER_DISABLE_SEMANTIC_SEARCH) !== true;
-}
-let _started = false;
-/**
-* Fire-and-forget provision + background-index. Never throws; safe to
-* `void`-call from a launcher right after the server is listening.
-* Idempotent within a proxy run (subsequent calls no-op).
-*/
-async function provisionAndIndexColbert(opts = {}) {
-	if (!semanticSearchOptedIn()) return;
-	if (_started) return;
-	_started = true;
-	registerColbertExitHandlers();
-	let provisioned = false;
-	try {
-		const result = await provisionColbert();
-		provisioned = result.status === "ready";
-		if (result.status === "unsupported") consola.debug("colbert: semantic search unsupported on this platform");
-		else if (result.status !== "ready") consola.debug(`colbert: provision not ready (${result.status}: ${result.reason ?? ""})`);
-	} catch (err) {
-		consola.debug("colbert: provision threw (swallowed):", err);
-		return;
-	}
-	if (!provisioned) return;
-	const cwd = opts.cwd ?? process$1.cwd();
-	try {
-		if ((await gitState(cwd)).isRepo) kickBackgroundInit(cwd);
-	} catch (err) {
-		consola.debug("colbert: cwd git-detect skipped:", err);
-	}
-}
 //#endregion
 //#region src/lib/proxy.ts
 function initProxyFromEnv() {
@@ -19698,7 +20564,7 @@ function initProxyFromEnv() {
 //#endregion
 //#region package.json
 var name = "github-router";
-var version$1 = "0.3.82";
+var version$1 = "0.3.87";
 //#endregion
 //#region src/lib/approval.ts
@@ -21864,7 +22730,6 @@ const claude = defineCommand({
 				geminiAvailable: geminiAvailable$1,
 				workerToolsAvailable: workerToolsEnabled(),
 				standInAvailable: standInToolEnabled(),
-				semanticSearchAvailable: semanticSearchEnabled(),
 				browseAvailable: state.browseEnabled,
 				powerBrowseAvailable: state.powerBrowseEnabled,
 				groupKeys