job-forge 2.11.0 → 2.13.0

package/.claude/agents/general-paid.md

@@ -1,11 +1,16 @@
 ---
 name: general-paid
-description: Quality-sensitive worker on paid model. Use for offer evaluation narratives (Blocks A-F), cover letter generation, "Why X?" form answers, interview STAR stories, and other tasks where writing quality and judgment matter.
+description: Quality-sensitive worker on the strongest free-tier OpenCode model by default. Use for offer evaluation narratives (Blocks A-F), cover letter generation, "Why X?" form answers, interview STAR stories, and other tasks where writing quality and judgment matter.
 model: claude-opus-4-7
 ---
 
 You are the @general-paid subagent. The orchestrator delegated this task to you because it requires quality writing or judgment — the kind of work `@general-free` isn't well-suited for.
 
+On OpenCode, this agent now defaults to a free OpenRouter model. On other
+harnesses, the same role may still resolve to a premium model. Your job is
+still the same: produce the best final writing you can from the context you
+were given.
+
 ## Do These Tasks
 
 - Generate evaluation narratives (Blocks A-F) per `modes/offer.md`.

package/.codex/config.toml

@@ -1,6 +1,6 @@
 # generated by @razroo/iso-route — do not hand-edit
-model = "claude-sonnet-4-6"
-model_provider = "anthropic"
+model = "gpt-5.4"
+model_provider = "openai"
 
 [profiles.fast]
 model = "gpt-5.4-mini"
@@ -15,11 +15,6 @@ model_reasoning_effort = "high"
 model = "gpt-5.4-nano"
 model_provider = "openai"
 
-[model_providers.anthropic]
-name = "Anthropic"
-base_url = "https://api.anthropic.com/v1"
-env_key = "ANTHROPIC_API_KEY"
-
 [model_providers.openai]
 name = "OpenAI"
 base_url = "https://api.openai.com/v1"

package/.cursor/rules/agent-general-paid.mdc

@@ -1,10 +1,15 @@
 ---
-description: Quality-sensitive worker on paid model. Use for offer evaluation narratives (Blocks A-F), cover letter generation, "Why X?" form answers, interview STAR stories, and other tasks where writing quality and judgment matter.
+description: Quality-sensitive worker on the strongest free-tier OpenCode model by default. Use for offer evaluation narratives (Blocks A-F), cover letter generation, "Why X?" form answers, interview STAR stories, and other tasks where writing quality and judgment matter.
 alwaysApply: false
 ---
 
 You are the @general-paid subagent. The orchestrator delegated this task to you because it requires quality writing or judgment — the kind of work `@general-free` isn't well-suited for.
 
+On OpenCode, this agent now defaults to a free OpenRouter model. On other
+harnesses, the same role may still resolve to a premium model. Your job is
+still the same: produce the best final writing you can from the context you
+were given.
+
 ## Do These Tasks
 
 - Generate evaluation narratives (Blocks A-F) per `modes/offer.md`.

package/.cursor/rules/main.mdc

@@ -419,6 +419,8 @@ These blocks come from two distinct root causes and require different responses:
 
 **Rule — do NOT loop retrying a class B block.** One retry with `imeFriendly: true` is the correct test for class A. If the same spam message fires after a clean `imeFriendly` refill, stop, mark Failed, move on. Repeated retries waste subagent time and do not change the outcome.
 
+**Class B fix — BYO residential proxy** (added 2026-04-20 via Geometra MCP v1.59.0). When the candidate has configured `proxy:` in `config/profile.yml`, every `geometra_connect` call threads that proxy through to Chromium, which flips the outbound IP from datacenter to residential/mobile and collapses most class-B failures. See the "BYO Residential Proxy" reference section below. Without a configured proxy, class B stays Failed.
+
 **Known-block Ashby tenants (2026-04-19 empirical observations).** These tenants fired class B on every attempted submit from a headless datacenter-IP proxy. Orchestrators planning apply dispatches should assume these tenants will Fail in headless — prioritize other portals, or skip same-tenant siblings after a confirmed class B to avoid burning subagent slots:
 
 - Vellum, Linear, Vanta, River Financial, Higharc, Trace Labs, Solace Health, Unstructured, ClickUp, Zapier, Deepgram, Ramp, WorkOS, Ashby (self-tenant), Perplexity, **Goody**, **Starbridge**, **Graphite**, **Prompt Health**, **Vantage**
@@ -510,6 +512,8 @@ geometra_connect({ pageUrl: "https://...", isolated: true, headless: true, slowM
 
 **Wrong:** running `geometra_connect` without `isolated: true` when submitting multiple forms concurrently. The forms may share state and produce incorrect submissions.
 
+**With a configured proxy,** add `proxy: { server, username?, password?, bypass? }` to the same call — see "BYO Residential Proxy" below. The reusable-proxy pool is partitioned by proxy identity, so mixing direct and proxied sessions across parallel rounds is safe.
+
 ### Session Reuse — When Subagents Cannot Reach Existing Sessions
 
 Subagents launched via the `task` tool start with a fresh context and cannot automatically attach to Chromium sessions spawned by a previous orchestrator session. If you dispatch a subagent to fill a form in session `s16`, but `s16` was created by a previous opencode session, the subagent's MCP calls will silently fail (returning empty results) because the subagent's MCP server has no knowledge of `s16`.
@@ -553,6 +557,17 @@ Step 2:  geometra_disconnect({ closeBrowser: true })
 Step 3:  geometra_connect({ pageUrl: "<the URL the orchestrator gave you>", isolated: true, headless: true, slowMo: 350 })
 ```
 
+**If the orchestrator passed a `proxy` object in the task prompt** (sourced from `config/profile.yml`), add it to Step 3:
+
+```
+Step 3:  geometra_connect({
+           pageUrl: "<URL>", isolated: true, headless: true, slowMo: 350,
+           proxy: { server: "...", username: "...", password: "...", bypass: "..." }
+         })
+```
+
+Pass the proxy object through unchanged. Do NOT paraphrase or drop fields — `username`/`password`/`bypass` are optional, so only include what the orchestrator gave you. See the "BYO Residential Proxy" reference section for the why.
+
 **DO NOT** skip Step 1 or Step 2. **DO NOT** think about whether it's needed. **DO NOT** look at `geometra_list_sessions` output and reason about it — just always call `geometra_disconnect({ closeBrowser: true })` next. The disconnect is a no-op if the pool is empty, and a poison-cure if it isn't.
 
 **Single exception:** if the orchestrator's task prompt says literally "attach to sessionId X" or "use existing session X", skip Steps 1-3 and call `geometra_page_model({ sessionId: "X" })` directly.
@@ -574,7 +589,64 @@ When the orchestrator dispatches an `apply` (form-fill + submit), pick the subag
 
 ---
 
-## Stack and Conventions
+## BYO Residential Proxy — opt-in outbound-IP override
+
+**Problem:** on 2026-04-19 cycle 4, 5/5 untested Ashby tenants and 100% of Dropbox-class Cloudflare-fronted portals fingerprint-blocked headless Chromium from datacenter IPs. `imeFriendly: true` fixes class A (React validation lag) but has zero effect on class B (environment fingerprint). There is no in-session software-only fix for class B: the server decided the session is a bot before the form response was rendered.
+
+**Fix:** route the spawned Chromium through a residential or mobile proxy the candidate already pays for. Geometra MCP v1.59.0 added a `proxy: { server, username?, password?, bypass? }` parameter on `geometra_connect` and `geometra_prepare_browser` that forwards straight to Playwright's `chromium.launch({ proxy })`. The outbound IP becomes residential/mobile, and the fingerprint check that fired class B no longer trips.
+
+**Opt-in, BYO.** JobForge does NOT bundle or resell proxy bandwidth — the candidate brings their own provider (Bright Data, Oxylabs, SOAX, Smartproxy, mobile hotspot, self-hosted SOCKS). Without a configured proxy, JobForge behavior is unchanged from v2.11.0 and earlier.
+
+### Where the proxy config lives
+
+`config/profile.yml` → top-level `proxy:` block:
+
+```yaml
+proxy:
+  server: "http://residential.example.com:8080"   # http://, https://, or socks5://
+  username: "your-proxy-username"                  # optional
+  password: "your-proxy-password"                  # optional
+  bypass: "*.internal,localhost"                   # optional
+```
+
+See `config/profile.example.yml` for the commented-out template.
+
+### How the orchestrator threads it through
+
+**Orchestrator responsibilities:**
+
+1. On session start, read `config/profile.yml` once. If a `proxy:` block is present, capture it as the `PROXY_CONFIG` for the session.
+2. When dispatching any subagent whose work involves a `geometra_connect` call, include `PROXY_CONFIG` verbatim in the task prompt. Example dispatch prompt line: "Pass `proxy: { server: ..., username: ..., password: ..., bypass: ... }` to every `geometra_connect` call you make."
+3. When the orchestrator itself opens a Chromium session (single-application interactive flow), include the same `proxy` object in its own `geometra_connect` call.
+4. If `proxy:` is absent from `profile.yml`, skip the param entirely. Do NOT invent a proxy URL or leave a stale placeholder.
+
+**Subagent responsibilities:**
+
+1. If the task prompt includes a `proxy` object, pass it through to `geometra_connect` and any `geometra_prepare_browser` calls unchanged.
+2. If the task prompt does NOT include a proxy object, run without one.
+3. Never second-guess the proxy field — if the orchestrator sourced it from `profile.yml`, it's authoritative.
+
+### When proxy use is load-bearing
+
+Apply these rules when deciding whether the proxy is worth waiting for:
+
+- **Required** for known-block Ashby tenants (see the class-B list in the Ashby section above), for `happydance.website` / Cloudflare-fronted ATSes, and for any Lever tenant that previously failed in the class-B pattern.
+- **Recommended** for any Ashby tenant NOT on the class-A-compatible list (base rate prior: ~80-90% block headless).
+- **Optional** for Greenhouse, Workday, Lever-clean tenants — these accept datacenter IPs today; using the proxy adds ~100ms per frame but no material downside.
+- **Not useful** for Typeform (Geometra-unsupported), Avature native-select lag (not a fingerprint issue), JazzHR+reCAPTCHA (reCAPTCHA scores unrelated to IP), Breezy (tenant-configured per-IP throttle — proxy may help or may hit a fresh throttle).
+
+### Pool partitioning — why mixed runs are safe
+
+The Geometra MCP partitions its reusable-proxy pool by `(server, username, bypass)` — see `@geometra/mcp@1.59.0` release notes. A direct session and a proxied session NEVER share a Chromium instance, and two sessions with different proxy configs don't pool either. Practical consequence: flipping `proxy:` on or off in `profile.yml` mid-session is safe — the next `geometra_connect` just opens a fresh Chromium in its own pool partition.
+
+### Troubleshooting
+
+| Symptom | Diagnosis |
+|---|---|
+| `Error: Failed to connect to proxy` immediately after `geometra_connect` | Proxy URL is wrong / unreachable. Verify the `server:` field hits the right host:port. |
+| `407 Proxy Authentication Required` | `username` or `password` is wrong or missing. Many residential providers require both. |
+| Class-B submit failure persists even with proxy set | (a) proxy is a datacenter proxy, not residential; (b) same tenant IP-banned your specific proxy's IP pool; (c) tenant uses TLS fingerprint / canvas fingerprint, not IP — switch to a fresh Chromium (isolated: true) and retry once, else mark Failed. |
+| Every `geometra_connect` is 3-5s slower than before | Expected — residential proxies add latency. Trade-off for higher submit-success rate. Do NOT revert unless the acceptance-rate lift is < 5%. |
 
 - Node.js (mjs modules), Geometra MCP (PDF + scraping + form filling), Gmail MCP (email), YAML (config), HTML/CSS (template), Markdown (data)
 

package/.opencode/agents/general-free.md

@@ -1,7 +1,7 @@
 ---
 description: Procedural worker on free-tier model. Use for form filling via Geometra, tracker updates, TSV merges, scan dedup, OTP retrieval, and other mechanical/scripted tasks where quality-sensitive text generation is NOT required.
 mode: subagent
-model: opencode/big-pickle
+model: openrouter/minimax/minimax-m2.5:free
 tools:
   geometra_connect: true
   geometra_page_model: true
@@ -16,6 +16,10 @@ tools:
   gmail_get_message: true
 temperature: 0.1
 reasoningEffort: minimal
+fallback_models:
+  - openrouter/qwen/qwen3-coder:free
+  - openrouter/google/gemma-4-26b-a4b-it:free
+  - openrouter/openai/gpt-oss-20b:free
 ---
 
 You are the @general-free subagent. You run on a free-tier model, which means the orchestrator has delegated this task to you **specifically because the work is procedural**: deterministic steps, scripted outputs, no nuanced writing required.

package/.opencode/agents/general-paid.md

@@ -1,16 +1,25 @@
 ---
-description: Quality-sensitive worker on paid model. Use for offer evaluation narratives (Blocks A-F), cover letter generation, "Why X?" form answers, interview STAR stories, and other tasks where writing quality and judgment matter.
+description: Quality-sensitive worker on the strongest free-tier OpenCode model by default. Use for offer evaluation narratives (Blocks A-F), cover letter generation, "Why X?" form answers, interview STAR stories, and other tasks where writing quality and judgment matter.
 mode: subagent
-model: opencode-go/kimi-k2.5
+model: openrouter/qwen/qwen3-next-80b-a3b-instruct:free
 tools:
   geometra_*: false
   gmail_*: false
 temperature: 0.3
 reasoningEffort: medium
+fallback_models:
+  - openrouter/qwen/qwen3-coder:free
+  - openrouter/openai/gpt-oss-120b:free
+  - openrouter/z-ai/glm-4.5-air:free
 ---
 
 You are the @general-paid subagent. The orchestrator delegated this task to you because it requires quality writing or judgment — the kind of work `@general-free` isn't well-suited for.
 
+On OpenCode, this agent now defaults to a free OpenRouter model. On other
+harnesses, the same role may still resolve to a premium model. Your job is
+still the same: produce the best final writing you can from the context you
+were given.
+
 ## Do These Tasks
 
 - Generate evaluation narratives (Blocks A-F) per `modes/offer.md`.

package/.opencode/agents/glm-minimal.md

@@ -1,7 +1,7 @@
 ---
 description: Narrow-scope extractor on free-tier model. Use for single-purpose tasks where the orchestrator passes the exact input and expects a small, structured output — e.g., "extract these 8 fields from this JD text" or "parse this form schema into a label→type map". NOT for multi-step workflows.
 mode: subagent
-model: opencode/minimax-m2.5-free
+model: openrouter/google/gemma-4-26b-a4b-it:free
 tools:
   geometra_*: false
   gmail_*: false
@@ -13,6 +13,10 @@ tools:
   task: false
 temperature: 0
 reasoningEffort: none
+fallback_models:
+  - openrouter/minimax/minimax-m2.5:free
+  - openrouter/openai/gpt-oss-20b:free
+  - openrouter/google/gemma-4-31b-it:free
 ---
 
 You are the @glm-minimal subagent. You handle narrow, one-shot extractions where the orchestrator has pre-digested the context and just needs you to do a specific transform.

package/.opencode/opencode-model-fallback.json

@@ -0,0 +1,11 @@
+{
+  "cooldown_seconds": 60,
+  "timeout_seconds": 30,
+  "notify_on_fallback": true,
+  "fallback_models": [
+    "openrouter/qwen/qwen3-next-80b-a3b-instruct:free",
+    "openrouter/openai/gpt-oss-120b:free",
+    "openrouter/google/gemma-4-26b-a4b-it:free",
+    "openrouter/z-ai/glm-4.5-air:free"
+  ]
+}

package/AGENTS.md

@@ -414,6 +414,8 @@ These blocks come from two distinct root causes and require different responses:
 
 **Rule — do NOT loop retrying a class B block.** One retry with `imeFriendly: true` is the correct test for class A. If the same spam message fires after a clean `imeFriendly` refill, stop, mark Failed, move on. Repeated retries waste subagent time and do not change the outcome.
 
+**Class B fix — BYO residential proxy** (added 2026-04-20 via Geometra MCP v1.59.0). When the candidate has configured `proxy:` in `config/profile.yml`, every `geometra_connect` call threads that proxy through to Chromium, which flips the outbound IP from datacenter to residential/mobile and collapses most class-B failures. See the "BYO Residential Proxy" reference section below. Without a configured proxy, class B stays Failed.
+
 **Known-block Ashby tenants (2026-04-19 empirical observations).** These tenants fired class B on every attempted submit from a headless datacenter-IP proxy. Orchestrators planning apply dispatches should assume these tenants will Fail in headless — prioritize other portals, or skip same-tenant siblings after a confirmed class B to avoid burning subagent slots:
 
 - Vellum, Linear, Vanta, River Financial, Higharc, Trace Labs, Solace Health, Unstructured, ClickUp, Zapier, Deepgram, Ramp, WorkOS, Ashby (self-tenant), Perplexity, **Goody**, **Starbridge**, **Graphite**, **Prompt Health**, **Vantage**
@@ -505,6 +507,8 @@ geometra_connect({ pageUrl: "https://...", isolated: true, headless: true, slowM
 
 **Wrong:** running `geometra_connect` without `isolated: true` when submitting multiple forms concurrently. The forms may share state and produce incorrect submissions.
 
+**With a configured proxy,** add `proxy: { server, username?, password?, bypass? }` to the same call — see "BYO Residential Proxy" below. The reusable-proxy pool is partitioned by proxy identity, so mixing direct and proxied sessions across parallel rounds is safe.
+
 ### Session Reuse — When Subagents Cannot Reach Existing Sessions
 
 Subagents launched via the `task` tool start with a fresh context and cannot automatically attach to Chromium sessions spawned by a previous orchestrator session. If you dispatch a subagent to fill a form in session `s16`, but `s16` was created by a previous opencode session, the subagent's MCP calls will silently fail (returning empty results) because the subagent's MCP server has no knowledge of `s16`.
@@ -548,6 +552,17 @@ Step 2:  geometra_disconnect({ closeBrowser: true })
 Step 3:  geometra_connect({ pageUrl: "<the URL the orchestrator gave you>", isolated: true, headless: true, slowMo: 350 })
 ```
 
+**If the orchestrator passed a `proxy` object in the task prompt** (sourced from `config/profile.yml`), add it to Step 3:
+
+```
+Step 3:  geometra_connect({
+           pageUrl: "<URL>", isolated: true, headless: true, slowMo: 350,
+           proxy: { server: "...", username: "...", password: "...", bypass: "..." }
+         })
+```
+
+Pass the proxy object through unchanged. Do NOT paraphrase or drop fields — `username`/`password`/`bypass` are optional, so only include what the orchestrator gave you. See the "BYO Residential Proxy" reference section for the why.
+
 **DO NOT** skip Step 1 or Step 2. **DO NOT** think about whether it's needed. **DO NOT** look at `geometra_list_sessions` output and reason about it — just always call `geometra_disconnect({ closeBrowser: true })` next. The disconnect is a no-op if the pool is empty, and a poison-cure if it isn't.
 
 **Single exception:** if the orchestrator's task prompt says literally "attach to sessionId X" or "use existing session X", skip Steps 1-3 and call `geometra_page_model({ sessionId: "X" })` directly.
@@ -569,7 +584,64 @@ When the orchestrator dispatches an `apply` (form-fill + submit), pick the subag
 
 ---
 
-## Stack and Conventions
+## BYO Residential Proxy — opt-in outbound-IP override
+
+**Problem:** on 2026-04-19 cycle 4, 5/5 untested Ashby tenants and 100% of Dropbox-class Cloudflare-fronted portals fingerprint-blocked headless Chromium from datacenter IPs. `imeFriendly: true` fixes class A (React validation lag) but has zero effect on class B (environment fingerprint). There is no in-session software-only fix for class B: the server decided the session is a bot before the form response was rendered.
+
+**Fix:** route the spawned Chromium through a residential or mobile proxy the candidate already pays for. Geometra MCP v1.59.0 added a `proxy: { server, username?, password?, bypass? }` parameter on `geometra_connect` and `geometra_prepare_browser` that forwards straight to Playwright's `chromium.launch({ proxy })`. The outbound IP becomes residential/mobile, and the fingerprint check that fired class B no longer trips.
+
+**Opt-in, BYO.** JobForge does NOT bundle or resell proxy bandwidth — the candidate brings their own provider (Bright Data, Oxylabs, SOAX, Smartproxy, mobile hotspot, self-hosted SOCKS). Without a configured proxy, JobForge behavior is unchanged from v2.11.0 and earlier.
+
+### Where the proxy config lives
+
+`config/profile.yml` → top-level `proxy:` block:
+
+```yaml
+proxy:
+  server: "http://residential.example.com:8080"   # http://, https://, or socks5://
+  username: "your-proxy-username"                  # optional
+  password: "your-proxy-password"                  # optional
+  bypass: "*.internal,localhost"                   # optional
+```
+
+See `config/profile.example.yml` for the commented-out template.
+
+### How the orchestrator threads it through
+
+**Orchestrator responsibilities:**
+
+1. On session start, read `config/profile.yml` once. If a `proxy:` block is present, capture it as the `PROXY_CONFIG` for the session.
+2. When dispatching any subagent whose work involves a `geometra_connect` call, include `PROXY_CONFIG` verbatim in the task prompt. Example dispatch prompt line: "Pass `proxy: { server: ..., username: ..., password: ..., bypass: ... }` to every `geometra_connect` call you make."
+3. When the orchestrator itself opens a Chromium session (single-application interactive flow), include the same `proxy` object in its own `geometra_connect` call.
+4. If `proxy:` is absent from `profile.yml`, skip the param entirely. Do NOT invent a proxy URL or leave a stale placeholder.
+
+**Subagent responsibilities:**
+
+1. If the task prompt includes a `proxy` object, pass it through to `geometra_connect` and any `geometra_prepare_browser` calls unchanged.
+2. If the task prompt does NOT include a proxy object, run without one.
+3. Never second-guess the proxy field — if the orchestrator sourced it from `profile.yml`, it's authoritative.
+
+### When proxy use is load-bearing
+
+Apply these rules when deciding whether the proxy is worth waiting for:
+
+- **Required** for known-block Ashby tenants (see the class-B list in the Ashby section above), for `happydance.website` / Cloudflare-fronted ATSes, and for any Lever tenant that previously failed in the class-B pattern.
+- **Recommended** for any Ashby tenant NOT on the class-A-compatible list (base rate prior: ~80-90% block headless).
+- **Optional** for Greenhouse, Workday, Lever-clean tenants — these accept datacenter IPs today; using the proxy adds ~100ms per frame but no material downside.
+- **Not useful** for Typeform (Geometra-unsupported), Avature native-select lag (not a fingerprint issue), JazzHR+reCAPTCHA (reCAPTCHA scores unrelated to IP), Breezy (tenant-configured per-IP throttle — proxy may help or may hit a fresh throttle).
+
+### Pool partitioning — why mixed runs are safe
+
+The Geometra MCP partitions its reusable-proxy pool by `(server, username, bypass)` — see `@geometra/mcp@1.59.0` release notes. A direct session and a proxied session NEVER share a Chromium instance, and two sessions with different proxy configs don't pool either. Practical consequence: flipping `proxy:` on or off in `profile.yml` mid-session is safe — the next `geometra_connect` just opens a fresh Chromium in its own pool partition.
+
+### Troubleshooting
+
+| Symptom | Diagnosis |
+|---|---|
+| `Error: Failed to connect to proxy` immediately after `geometra_connect` | Proxy URL is wrong / unreachable. Verify the `server:` field hits the right host:port. |
+| `407 Proxy Authentication Required` | `username` or `password` is wrong or missing. Many residential providers require both. |
+| Class-B submit failure persists even with proxy set | (a) proxy is a datacenter proxy, not residential; (b) same tenant IP-banned your specific proxy's IP pool; (c) tenant uses TLS fingerprint / canvas fingerprint, not IP — switch to a fresh Chromium (isolated: true) and retry once, else mark Failed. |
+| Every `geometra_connect` is 3-5s slower than before | Expected — residential proxies add latency. Trade-off for higher submit-success rate. Do NOT revert unless the acceptance-rate lift is < 5%. |
 
 - Node.js (mjs modules), Geometra MCP (PDF + scraping + form filling), Gmail MCP (email), YAML (config), HTML/CSS (template), Markdown (data)
 

package/CLAUDE.md

@@ -414,6 +414,8 @@ These blocks come from two distinct root causes and require different responses:
 
 **Rule — do NOT loop retrying a class B block.** One retry with `imeFriendly: true` is the correct test for class A. If the same spam message fires after a clean `imeFriendly` refill, stop, mark Failed, move on. Repeated retries waste subagent time and do not change the outcome.
 
+**Class B fix — BYO residential proxy** (added 2026-04-20 via Geometra MCP v1.59.0). When the candidate has configured `proxy:` in `config/profile.yml`, every `geometra_connect` call threads that proxy through to Chromium, which flips the outbound IP from datacenter to residential/mobile and collapses most class-B failures. See the "BYO Residential Proxy" reference section below. Without a configured proxy, class B stays Failed.
+
 **Known-block Ashby tenants (2026-04-19 empirical observations).** These tenants fired class B on every attempted submit from a headless datacenter-IP proxy. Orchestrators planning apply dispatches should assume these tenants will Fail in headless — prioritize other portals, or skip same-tenant siblings after a confirmed class B to avoid burning subagent slots:
 
 - Vellum, Linear, Vanta, River Financial, Higharc, Trace Labs, Solace Health, Unstructured, ClickUp, Zapier, Deepgram, Ramp, WorkOS, Ashby (self-tenant), Perplexity, **Goody**, **Starbridge**, **Graphite**, **Prompt Health**, **Vantage**
@@ -505,6 +507,8 @@ geometra_connect({ pageUrl: "https://...", isolated: true, headless: true, slowM
 
 **Wrong:** running `geometra_connect` without `isolated: true` when submitting multiple forms concurrently. The forms may share state and produce incorrect submissions.
 
+**With a configured proxy,** add `proxy: { server, username?, password?, bypass? }` to the same call — see "BYO Residential Proxy" below. The reusable-proxy pool is partitioned by proxy identity, so mixing direct and proxied sessions across parallel rounds is safe.
+
 ### Session Reuse — When Subagents Cannot Reach Existing Sessions
 
 Subagents launched via the `task` tool start with a fresh context and cannot automatically attach to Chromium sessions spawned by a previous orchestrator session. If you dispatch a subagent to fill a form in session `s16`, but `s16` was created by a previous opencode session, the subagent's MCP calls will silently fail (returning empty results) because the subagent's MCP server has no knowledge of `s16`.
@@ -548,6 +552,17 @@ Step 2:  geometra_disconnect({ closeBrowser: true })
 Step 3:  geometra_connect({ pageUrl: "<the URL the orchestrator gave you>", isolated: true, headless: true, slowMo: 350 })
 ```
 
+**If the orchestrator passed a `proxy` object in the task prompt** (sourced from `config/profile.yml`), add it to Step 3:
+
+```
+Step 3:  geometra_connect({
+           pageUrl: "<URL>", isolated: true, headless: true, slowMo: 350,
+           proxy: { server: "...", username: "...", password: "...", bypass: "..." }
+         })
+```
+
+Pass the proxy object through unchanged. Do NOT paraphrase or drop fields — `username`/`password`/`bypass` are optional, so only include what the orchestrator gave you. See the "BYO Residential Proxy" reference section for the why.
+
 **DO NOT** skip Step 1 or Step 2. **DO NOT** think about whether it's needed. **DO NOT** look at `geometra_list_sessions` output and reason about it — just always call `geometra_disconnect({ closeBrowser: true })` next. The disconnect is a no-op if the pool is empty, and a poison-cure if it isn't.
 
 **Single exception:** if the orchestrator's task prompt says literally "attach to sessionId X" or "use existing session X", skip Steps 1-3 and call `geometra_page_model({ sessionId: "X" })` directly.
@@ -569,7 +584,64 @@ When the orchestrator dispatches an `apply` (form-fill + submit), pick the subag
 
 ---
 
-## Stack and Conventions
+## BYO Residential Proxy — opt-in outbound-IP override
+
+**Problem:** on 2026-04-19 cycle 4, 5/5 untested Ashby tenants and 100% of Dropbox-class Cloudflare-fronted portals fingerprint-blocked headless Chromium from datacenter IPs. `imeFriendly: true` fixes class A (React validation lag) but has zero effect on class B (environment fingerprint). There is no in-session software-only fix for class B: the server decided the session is a bot before the form response was rendered.
+
+**Fix:** route the spawned Chromium through a residential or mobile proxy the candidate already pays for. Geometra MCP v1.59.0 added a `proxy: { server, username?, password?, bypass? }` parameter on `geometra_connect` and `geometra_prepare_browser` that forwards straight to Playwright's `chromium.launch({ proxy })`. The outbound IP becomes residential/mobile, and the fingerprint check that fired class B no longer trips.
+
+**Opt-in, BYO.** JobForge does NOT bundle or resell proxy bandwidth — the candidate brings their own provider (Bright Data, Oxylabs, SOAX, Smartproxy, mobile hotspot, self-hosted SOCKS). Without a configured proxy, JobForge behavior is unchanged from v2.11.0 and earlier.
+
+### Where the proxy config lives
+
+`config/profile.yml` → top-level `proxy:` block:
+
+```yaml
+proxy:
+  server: "http://residential.example.com:8080"   # http://, https://, or socks5://
+  username: "your-proxy-username"                  # optional
+  password: "your-proxy-password"                  # optional
+  bypass: "*.internal,localhost"                   # optional
+```
+
+See `config/profile.example.yml` for the commented-out template.
+
+### How the orchestrator threads it through
+
+**Orchestrator responsibilities:**
+
+1. On session start, read `config/profile.yml` once. If a `proxy:` block is present, capture it as the `PROXY_CONFIG` for the session.
+2. When dispatching any subagent whose work involves a `geometra_connect` call, include `PROXY_CONFIG` verbatim in the task prompt. Example dispatch prompt line: "Pass `proxy: { server: ..., username: ..., password: ..., bypass: ... }` to every `geometra_connect` call you make."
+3. When the orchestrator itself opens a Chromium session (single-application interactive flow), include the same `proxy` object in its own `geometra_connect` call.
+4. If `proxy:` is absent from `profile.yml`, skip the param entirely. Do NOT invent a proxy URL or leave a stale placeholder.
+
+**Subagent responsibilities:**
+
+1. If the task prompt includes a `proxy` object, pass it through to `geometra_connect` and any `geometra_prepare_browser` calls unchanged.
+2. If the task prompt does NOT include a proxy object, run without one.
+3. Never second-guess the proxy field — if the orchestrator sourced it from `profile.yml`, it's authoritative.
+
+### When proxy use is load-bearing
+
+Apply these rules when deciding whether the proxy is worth waiting for:
+
+- **Required** for known-block Ashby tenants (see the class-B list in the Ashby section above), for `happydance.website` / Cloudflare-fronted ATSes, and for any Lever tenant that previously failed in the class-B pattern.
+- **Recommended** for any Ashby tenant NOT on the class-A-compatible list (base rate prior: ~80-90% block headless).
+- **Optional** for Greenhouse, Workday, Lever-clean tenants — these accept datacenter IPs today; using the proxy adds ~100ms per frame but no material downside.
+- **Not useful** for Typeform (Geometra-unsupported), Avature native-select lag (not a fingerprint issue), JazzHR+reCAPTCHA (reCAPTCHA scores unrelated to IP), Breezy (tenant-configured per-IP throttle — proxy may help or may hit a fresh throttle).
+
+### Pool partitioning — why mixed runs are safe
+
+The Geometra MCP partitions its reusable-proxy pool by `(server, username, bypass)` — see `@geometra/mcp@1.59.0` release notes. A direct session and a proxied session NEVER share a Chromium instance, and two sessions with different proxy configs don't pool either. Practical consequence: flipping `proxy:` on or off in `profile.yml` mid-session is safe — the next `geometra_connect` just opens a fresh Chromium in its own pool partition.
+
+### Troubleshooting
+
+| Symptom | Diagnosis |
+|---|---|
+| `Error: Failed to connect to proxy` immediately after `geometra_connect` | Proxy URL is wrong / unreachable. Verify the `server:` field hits the right host:port. |
+| `407 Proxy Authentication Required` | `username` or `password` is wrong or missing. Many residential providers require both. |
+| Class-B submit failure persists even with proxy set | (a) proxy is a datacenter proxy, not residential; (b) same tenant IP-banned your specific proxy's IP pool; (c) tenant uses TLS fingerprint / canvas fingerprint, not IP — switch to a fresh Chromium (isolated: true) and retry once, else mark Failed. |
+| Every `geometra_connect` is 3-5s slower than before | Expected — residential proxies add latency. Trade-off for higher submit-success rate. Do NOT revert unless the acceptance-rate lift is < 5%. |
 
 - Node.js (mjs modules), Geometra MCP (PDF + scraping + form filling), Gmail MCP (email), YAML (config), HTML/CSS (template), Markdown (data)
 

package/README.md

@@ -68,8 +68,8 @@ JobForge turns opencode into a full job search command center. Instead of manual
 | **Portal Scanner** | 45+ companies pre-configured with fuzzy dedup for reposts |
 | **Batch Processing** | Parallel evaluation with `opencode run` workers, with honest verification flagging |
 | **Pipeline Integrity** | Automated merge, dedup, status normalization, health checks |
-| **Cost-Aware Agent Routing** | Three subagents (`@general-free`, `@general-paid`, `@glm-minimal`) with per-task model tiers; procedural work runs on free-tier models, quality-sensitive work on paid. See [Subagent Routing in AGENTS.md](AGENTS.md) for the task-to-agent mapping. |
-| **Automatic Model Fallback** | When a model rate-limits or 5xx's, [`@razroo/opencode-model-fallback`](https://www.npmjs.com/package/@razroo/opencode-model-fallback) rotates the agent through a configured `fallback_models` chain and replays the request. Ships with sensible defaults: free-tier agents fall back to another free model then to paid as an escape hatch, paid agents fall back to a different paid provider. |
+| **Cost-Aware Agent Routing** | Three subagents (`@general-free`, `@general-paid`, `@glm-minimal`) with per-task model tiers. On OpenCode, all three default to free OpenRouter models so the harness can run there without paid model spend. See [Subagent Routing in AGENTS.md](AGENTS.md) for the task-to-agent mapping. |
+| **Automatic Model Fallback** | When a model rate-limits or 5xx's, [`@razroo/opencode-model-fallback`](https://www.npmjs.com/package/@razroo/opencode-model-fallback) rotates the agent through a configured `fallback_models` chain and replays the request. JobForge's OpenCode defaults stay on free models for both primaries and fallbacks. |
 | **Token Cost Visibility** | `job-forge tokens --days 1` for per-session breakdown; `job-forge session-report --since-minutes 60 --log` to flag sessions over budget and append history to `data/token-usage.tsv`. Auto-logged after every batch run. |
 
 ## Usage

package/bin/create-job-forge.mjs

@@ -135,6 +135,11 @@ write('package.json', JSON.stringify(consumerPkg, null, 2) + '\n');
 
 const opencodeCfg = {
   $schema: 'https://opencode.ai/config.json',
+  // Keep the top-level orchestrator on a free model too. Subagents pin
+  // their own models in .opencode/agents/*.md; this covers the main chat
+  // session and any commands that don't hop to a subagent immediately.
+  model: 'openrouter/qwen/qwen3-coder:free',
+  small_model: 'openrouter/google/gemma-4-26b-a4b-it:free',
   // Model-fallback plugin: on rate-limit / 5xx / known provider errors,
   // rotates the agent's model to the next entry in its fallback_models
   // chain (see `agent` below) and replays the request. Without this, a
@@ -170,6 +175,22 @@ const opencodeCfg = {
       environment: { DISABLE_HTTP: 'true' },
     },
   },
+  // Register the exact OpenRouter free models the harness uses so they're
+  // selectable even if they are not in OpenCode's built-in preloaded set.
+  provider: {
+    openrouter: {
+      models: {
+        'qwen/qwen3-coder:free': {},
+        'minimax/minimax-m2.5:free': {},
+        'qwen/qwen3-next-80b-a3b-instruct:free': {},
+        'google/gemma-4-26b-a4b-it:free': {},
+        'google/gemma-4-31b-it:free': {},
+        'openai/gpt-oss-120b:free': {},
+        'openai/gpt-oss-20b:free': {},
+        'z-ai/glm-4.5-air:free': {},
+      },
+    },
+  },
   // Restrict the primary orchestrator to dispatching only the three harness
   // subagents. Prevents accidental self-calls or unregistered agents.
   // Override locally in opencode.json if you add project-specific agents.

package/bin/sync.mjs

@@ -75,6 +75,7 @@ const links = [
 
   // OpenCode: skill router + subagent definitions. Users can override any
   // single subagent by replacing its symlink with a local file.
+  { src: '.opencode/opencode-model-fallback.json', dst: '.opencode/opencode-model-fallback.json' },
   { src: '.opencode/skills/job-forge.md',  dst: '.opencode/skills/job-forge.md' },
   { src: '.opencode/agents',               dst: '.opencode/agents' },
 

package/config/profile.example.yml

@@ -86,3 +86,23 @@ location_constraints:
     - US
   requires_visa_sponsorship: false     # true → roles in non-authorized countries are blocked unless
                                        # the JD explicitly mentions visa sponsorship
+
+# Optional outbound proxy for the Chromium that Geometra MCP spawns.
+# Uncomment and fill in to route ALL browser traffic through a residential /
+# mobile / SOCKS proxy you already pay for. Bypasses the datacenter-IP
+# fingerprinting that drives ~80-90% of Ashby / Lever / Cloudflare-fronted
+# "flagged as possible spam" submit failures in headless mode.
+#
+# BYO — JobForge does NOT bundle or resell proxy bandwidth. Pick a residential
+# or mobile provider (Bright Data, Oxylabs, SOAX, Smartproxy, etc.), or a
+# mobile hotspot, or your own SOCKS relay. Required: Geometra MCP >= 1.59.0.
+#
+# When present, the apply / scan / auto-pipeline modes thread this into every
+# `geometra_connect` call as `proxy: {...}`. Pool is partitioned by proxy
+# identity so direct and proxied sessions never share a Chromium.
+#
+# proxy:
+#   server: "http://residential.example.com:8080"   # http://, https://, or socks5://
+#   username: "your-proxy-username"                  # optional; omit if no auth
+#   password: "your-proxy-password"                  # optional; omit if no auth
+#   bypass: "*.internal,localhost"                   # optional comma-separated host patterns

package/docs/ARCHITECTURE.md

@@ -43,7 +43,7 @@ The consumer's `opencode.json` loads a small set of stable files as always-prese
 
 The skill router (`.opencode/skills/job-forge.md`) loads mode and data files on demand, keeping per-session input tokens low (~20-40K for most modes instead of ~130-170K when everything was force-loaded).
 
-**Cost-tiered subagents** live in `.opencode/agents/` (`general-free`, `general-paid`, `glm-minimal`) — the orchestrator delegates procedural work to free-tier models and reserves paid models for quality-sensitive writing. See [MODEL-ROUTING.md](MODEL-ROUTING.md) for the routing architecture, why it exists, and how to customize.
+**Cost-tiered subagents** live in `.opencode/agents/` (`general-free`, `general-paid`, `glm-minimal`). On OpenCode, all three now resolve to free OpenRouter models by default, with different quality/latency tiers per task shape. See [MODEL-ROUTING.md](MODEL-ROUTING.md) for the routing architecture, why it exists, and how to customize.
 
 **Multi-harness support.** Because `iso/` is the single source of truth, publishing ships config for OpenCode, Cursor, Claude Code, and Codex in one tarball. Consumers run any of `opencode`, `cursor`, `claude`, or `codex` in the project and each picks up the shared MCP config + instructions via the symlinks above.
 

package/docs/MODEL-ROUTING.md

@@ -7,8 +7,8 @@ JobForge routes each piece of work to the cheapest model that can do it well, in
 A two-day trace early in development showed `$48` in spend, with **84% coming from GLM 5.1** despite the majority of the work being procedural (form fills, tracker updates, OTP retrieval). The root cause:
 
 - **GLM 5.1's provider doesn't discount cache reads.** On Anthropic, a 10K-token cached prefix costs ~$0.03. On GLM 5.1 it bills near-full input rate (~$0.35). Every session that re-loads the prefix pays full price.
-- **Procedural work is the high-volume work.** 1000+ messages per day go to form filling, TSV merges, scan dedup. Running that on GLM 5.1 is ~10× more expensive than running it on a free-tier model that can handle the task just fine.
-- **Free-tier opencode models are genuinely free and genuinely capable.** `opencode/big-pickle` processed 1000+ messages at $0 over the same window with acceptable quality on procedural tasks.
+- **Procedural work is the high-volume work.** 1000+ messages per day go to form filling, TSV merges, scan dedup. Running that on a paid model is unnecessary when current free OpenRouter models can handle the task.
+- **Current OpenRouter free models are strong enough to cover the whole OpenCode path.** JobForge now defaults every OpenCode role to a free model, including the quality-sensitive writer tier.
 
 Conclusion: route procedural work to free tier, reserve paid models for tasks that actually need the quality.
 
@@ -18,9 +18,9 @@ Defined in `.opencode/agents/*.md` (shipped in the harness, symlinked into consu
 
 | Agent | Model | Reasoning | Use for |
 |-------|-------|-----------|---------|
-| `@general-free` | `opencode/big-pickle` (free) | `minimal` | Geometra form fills, tracker TSV merges, scan dedup, OTP retrieval via Gmail, scripted pipeline steps |
-| `@general-paid` | `opencode/glm-5.1` | `medium` | Offer evaluation narratives (Blocks A-F), cover letters, "Why X?" answers, STAR+R interview stories, LinkedIn outreach prose |
-| `@glm-minimal` | `opencode/minimax-m2.5-free` (free) | `none` | Narrow one-shot transforms: "extract these 8 fields from this JD text → JSON", "classify this archetype" |
+| `@general-free` | `openrouter/minimax/minimax-m2.5:free` | `minimal` | Geometra form fills, tracker TSV merges, scan dedup, OTP retrieval via Gmail, scripted pipeline steps |
+| `@general-paid` | `openrouter/qwen/qwen3-next-80b-a3b-instruct:free` | `medium` | Offer evaluation narratives (Blocks A-F), cover letters, "Why X?" answers, STAR+R interview stories, LinkedIn outreach prose |
+| `@glm-minimal` | `openrouter/google/gemma-4-26b-a4b-it:free` | `none` | Narrow one-shot transforms: "extract these 8 fields from this JD text → JSON", "classify this archetype" |
 
 The full task-to-agent mapping lives in [AGENTS.md → Subagent Routing](../AGENTS.md#subagent-routing--which-agent-for-which-task). The orchestrator (your primary session) is expected to delegate before taking any multi-step action — see the **Pre-flight delegation** rule in AGENTS.md.
 
@@ -66,7 +66,7 @@ All three layers are designed to be edited — this is your search, your cost bu
 
 ### Swap the paid model
 
-The default `@general-paid` is `opencode/glm-5.1`. To use Claude instead, edit `.opencode/agents/general-paid.md`:
+The default `@general-paid` is `openrouter/qwen/qwen3-next-80b-a3b-instruct:free`. To use Claude instead, edit `.opencode/agents/general-paid.md`:
 
 ```yaml
 ---
@@ -79,7 +79,7 @@ The `.opencode/agents/general-paid.md` file is a symlink into `node_modules/job-
 
 ### Swap the free tier
 
-Same idea — edit `.opencode/agents/general-free.md`'s `model:` field. `opencode/minimax-m2.5-free` is another zero-cost option the data shows handles ~900 messages per day cleanly. If you run into quality issues on forms, bump this agent's model to a small paid tier (e.g., Haiku) rather than routing everything through paid.
+Same idea — edit `.opencode/agents/general-free.md`'s `model:` field. If you run into quality issues on forms, swap to a different free OpenRouter model first before considering a paid tier.
 
 ### Add a custom agent
 
@@ -122,8 +122,8 @@ npx job-forge tokens --session <session-id>
 ```
 
 Healthy pattern after this architecture lands:
-- **`opencode/big-pickle`** (or your free-tier choice) handles the message majority at $0
-- **`opencode/glm-5.1`** (or your paid choice) costs per session stay under $1 for most evaluations
+- **Free OpenRouter defaults** now cover procedural, quality-sensitive, and extractor work on OpenCode
+- If you opt back into a paid model, do it deliberately and only for the role that needs it
 - Session titles prefixed `@general-free`, `@general-paid`, `@glm-minimal` appear in the list — confirms delegation actually happened
 - `cache_read` >> `cache_creation` on parallel subagent runs within a 5-min window
 
@@ -139,13 +139,13 @@ Default chains ship upstream in each agent's YAML frontmatter (`node_modules/job
 
 | Agent | Primary | Fallback chain (in order) |
 |-------|---------|---------------------------|
-| `@general-free` | `opencode/big-pickle` | `opencode/minimax-m2.5-free` → `opencode/nemotron-3-super-free` → `opencode-go/minimax-m2.7` → `opencode/glm-5.1` (paid escape hatch) |
-| `@general-paid` | `opencode/glm-5.1` | `opencode/claude-haiku-4-5` |
-| `@glm-minimal` | `opencode/minimax-m2.5-free` | `opencode/big-pickle` → `opencode/nemotron-3-super-free` |
+| `@general-free` | `openrouter/minimax/minimax-m2.5:free` | `openrouter/qwen/qwen3-coder:free` → `openrouter/google/gemma-4-26b-a4b-it:free` → `openrouter/openai/gpt-oss-20b:free` |
+| `@general-paid` | `openrouter/qwen/qwen3-next-80b-a3b-instruct:free` | `openrouter/qwen/qwen3-coder:free` → `openrouter/openai/gpt-oss-120b:free` → `openrouter/z-ai/glm-4.5-air:free` |
+| `@glm-minimal` | `openrouter/google/gemma-4-26b-a4b-it:free` | `openrouter/minimax/minimax-m2.5:free` → `openrouter/openai/gpt-oss-20b:free` → `openrouter/google/gemma-4-31b-it:free` |
 
-Free-tier agents exhaust free models first, then try minimax 2.7 as a cheap buffer before escalating to glm-5.1. Paid agents fall back to Haiku (cheaper unstick escape hatch). **Note:** all model IDs use the `opencode/` or `opencode-go/` prefix — the `anthropic/` prefix does not exist in opencode's model registry and will throw `ProviderModelNotFoundError`.
+These chains are deliberately free-only so the default OpenCode path never needs to pay. **Note:** OpenCode model IDs must use the provider prefix it expects (`openrouter/...`, `opencode/...`, etc.). The raw OpenRouter model slug by itself is not enough.
 
-Consumers **do not need to configure anything** to get these defaults: the chains arrive via the symlinked agent MD files, and `@razroo/opencode-model-fallback` (≥0.3.1) reads them from the `options.fallback_models` field that opencode relocates unknown frontmatter keys into. The consumer's `opencode.json` only needs `"plugin": ["@razroo/opencode-model-fallback"]` — which the scaffolder sets automatically.
+Consumers **do not need to configure anything** to get these defaults: the subagent chains arrive via the symlinked agent MD files, and the harness also ships `.opencode/opencode-model-fallback.json` for the main orchestrator / any agent without its own list. `@razroo/opencode-model-fallback` (≥0.3.1) reads per-agent chains from the frontmatter-derived `fallback_models` field and falls through to the global file when no per-agent list exists. The consumer's `opencode.json` only needs `"plugin": ["@razroo/opencode-model-fallback"]` — which the scaffolder sets automatically.
 
 **When fallback fires:** the plugin pattern-matches rate-limit / 5xx / quota / "overloaded" / "insufficient credits" errors. Failed models enter a 60-second cooldown before they're retried. Every rotation logs to `~/.config/opencode/opencode-model-fallback.log` with the trigger error, original model, and target model — grep for `"Auto-retrying with fallback model"` to confirm it fired.
 
@@ -172,7 +172,7 @@ Plugin-level config at `.opencode/opencode-model-fallback.json` — applies to a
   "cooldown_seconds": 60,
   "timeout_seconds": 30,
   "notify_on_fallback": true,
-  "fallback_models": ["opencode/minimax-m2.5-free", "opencode/glm-5.1"]
+  "fallback_models": ["openrouter/minimax/minimax-m2.5:free", "openrouter/qwen/qwen3-coder:free"]
 }
 ```
 

package/iso/agents/general-free.md

@@ -10,6 +10,10 @@ targets:
     mode: subagent
     temperature: 0.1
     reasoningEffort: minimal
+    fallback_models:
+      - openrouter/qwen/qwen3-coder:free
+      - openrouter/google/gemma-4-26b-a4b-it:free
+      - openrouter/openai/gpt-oss-20b:free
     tools:
       geometra_connect: true
       geometra_page_model: true

package/iso/agents/general-paid.md

@@ -1,15 +1,20 @@
 ---
-description: Quality-sensitive worker on paid model. Use for offer evaluation narratives (Blocks A-F), cover letter generation, "Why X?" form answers, interview STAR stories, and other tasks where writing quality and judgment matter.
+description: Quality-sensitive worker on the strongest free-tier OpenCode model by default. Use for offer evaluation narratives (Blocks A-F), cover letter generation, "Why X?" form answers, interview STAR stories, and other tasks where writing quality and judgment matter.
 role: quality
 targets:
-  # No inline model: iso-route's "standard" preset maps role "quality" to
-  # each harness's top-tier reasoning-capable model. Claude Code reads
+  # No inline model: JobForge's models.yaml maps role "quality" to a
+  # free OpenRouter model on OpenCode, while Claude/Codex keep their
+  # quality-tier defaults from the standard preset. Claude Code reads
   # .claude/iso-route.resolved.json; OpenCode reads opencode.json's
   # agent.quality.model (iso-harness 0.6.0+).
   opencode:
     mode: subagent
     temperature: 0.3
     reasoningEffort: medium
+    fallback_models:
+      - openrouter/qwen/qwen3-coder:free
+      - openrouter/openai/gpt-oss-120b:free
+      - openrouter/z-ai/glm-4.5-air:free
     tools:
       geometra_*: false
       gmail_*: false
@@ -17,6 +22,11 @@ targets:
 
 You are the @general-paid subagent. The orchestrator delegated this task to you because it requires quality writing or judgment — the kind of work `@general-free` isn't well-suited for.
 
+On OpenCode, this agent now defaults to a free OpenRouter model. On other
+harnesses, the same role may still resolve to a premium model. Your job is
+still the same: produce the best final writing you can from the context you
+were given.
+
 ## Do These Tasks
 
 - Generate evaluation narratives (Blocks A-F) per `modes/offer.md`.

package/iso/agents/glm-minimal.md

@@ -10,6 +10,10 @@ targets:
     mode: subagent
     temperature: 0
     reasoningEffort: none
+    fallback_models:
+      - openrouter/minimax/minimax-m2.5:free
+      - openrouter/openai/gpt-oss-20b:free
+      - openrouter/google/gemma-4-31b-it:free
     tools:
       geometra_*: false
       gmail_*: false

package/iso/config.json

@@ -1,7 +1,23 @@
 {
   "targets": {
     "opencode": {
-      "instructions": ["templates/states.yml"]
+      "plugin": ["@razroo/opencode-model-fallback"],
+      "instructions": ["templates/states.yml"],
+      "small_model": "openrouter/google/gemma-4-26b-a4b-it:free",
+      "provider": {
+        "openrouter": {
+          "models": {
+            "qwen/qwen3-coder:free": {},
+            "minimax/minimax-m2.5:free": {},
+            "qwen/qwen3-next-80b-a3b-instruct:free": {},
+            "google/gemma-4-26b-a4b-it:free": {},
+            "google/gemma-4-31b-it:free": {},
+            "openai/gpt-oss-120b:free": {},
+            "openai/gpt-oss-20b:free": {},
+            "z-ai/glm-4.5-air:free": {}
+          }
+        }
+      }
     }
   }
 }

package/iso/instructions.md

@@ -414,6 +414,8 @@ These blocks come from two distinct root causes and require different responses:
 
 **Rule — do NOT loop retrying a class B block.** One retry with `imeFriendly: true` is the correct test for class A. If the same spam message fires after a clean `imeFriendly` refill, stop, mark Failed, move on. Repeated retries waste subagent time and do not change the outcome.
 
+**Class B fix — BYO residential proxy** (added 2026-04-20 via Geometra MCP v1.59.0). When the candidate has configured `proxy:` in `config/profile.yml`, every `geometra_connect` call threads that proxy through to Chromium, which flips the outbound IP from datacenter to residential/mobile and collapses most class-B failures. See the "BYO Residential Proxy" reference section below. Without a configured proxy, class B stays Failed.
+
 **Known-block Ashby tenants (2026-04-19 empirical observations).** These tenants fired class B on every attempted submit from a headless datacenter-IP proxy. Orchestrators planning apply dispatches should assume these tenants will Fail in headless — prioritize other portals, or skip same-tenant siblings after a confirmed class B to avoid burning subagent slots:
 
 - Vellum, Linear, Vanta, River Financial, Higharc, Trace Labs, Solace Health, Unstructured, ClickUp, Zapier, Deepgram, Ramp, WorkOS, Ashby (self-tenant), Perplexity, **Goody**, **Starbridge**, **Graphite**, **Prompt Health**, **Vantage**
@@ -505,6 +507,8 @@ geometra_connect({ pageUrl: "https://...", isolated: true, headless: true, slowM
 
 **Wrong:** running `geometra_connect` without `isolated: true` when submitting multiple forms concurrently. The forms may share state and produce incorrect submissions.
 
+**With a configured proxy,** add `proxy: { server, username?, password?, bypass? }` to the same call — see "BYO Residential Proxy" below. The reusable-proxy pool is partitioned by proxy identity, so mixing direct and proxied sessions across parallel rounds is safe.
+
 ### Session Reuse — When Subagents Cannot Reach Existing Sessions
 
 Subagents launched via the `task` tool start with a fresh context and cannot automatically attach to Chromium sessions spawned by a previous orchestrator session. If you dispatch a subagent to fill a form in session `s16`, but `s16` was created by a previous opencode session, the subagent's MCP calls will silently fail (returning empty results) because the subagent's MCP server has no knowledge of `s16`.
@@ -548,6 +552,17 @@ Step 2:  geometra_disconnect({ closeBrowser: true })
 Step 3:  geometra_connect({ pageUrl: "<the URL the orchestrator gave you>", isolated: true, headless: true, slowMo: 350 })
 ```
 
+**If the orchestrator passed a `proxy` object in the task prompt** (sourced from `config/profile.yml`), add it to Step 3:
+
+```
+Step 3:  geometra_connect({
+           pageUrl: "<URL>", isolated: true, headless: true, slowMo: 350,
+           proxy: { server: "...", username: "...", password: "...", bypass: "..." }
+         })
+```
+
+Pass the proxy object through unchanged. Do NOT paraphrase or drop fields — `username`/`password`/`bypass` are optional, so only include what the orchestrator gave you. See the "BYO Residential Proxy" reference section for the why.
+
 **DO NOT** skip Step 1 or Step 2. **DO NOT** think about whether it's needed. **DO NOT** look at `geometra_list_sessions` output and reason about it — just always call `geometra_disconnect({ closeBrowser: true })` next. The disconnect is a no-op if the pool is empty, and a poison-cure if it isn't.
 
 **Single exception:** if the orchestrator's task prompt says literally "attach to sessionId X" or "use existing session X", skip Steps 1-3 and call `geometra_page_model({ sessionId: "X" })` directly.
@@ -569,7 +584,64 @@ When the orchestrator dispatches an `apply` (form-fill + submit), pick the subag
 
 ---
 
-## Stack and Conventions
+## BYO Residential Proxy — opt-in outbound-IP override
+
+**Problem:** on 2026-04-19 cycle 4, 5/5 untested Ashby tenants and 100% of Dropbox-class Cloudflare-fronted portals fingerprint-blocked headless Chromium from datacenter IPs. `imeFriendly: true` fixes class A (React validation lag) but has zero effect on class B (environment fingerprint). There is no in-session software-only fix for class B: the server decided the session is a bot before the form response was rendered.
+
+**Fix:** route the spawned Chromium through a residential or mobile proxy the candidate already pays for. Geometra MCP v1.59.0 added a `proxy: { server, username?, password?, bypass? }` parameter on `geometra_connect` and `geometra_prepare_browser` that forwards straight to Playwright's `chromium.launch({ proxy })`. The outbound IP becomes residential/mobile, and the fingerprint check that fired class B no longer trips.
+
+**Opt-in, BYO.** JobForge does NOT bundle or resell proxy bandwidth — the candidate brings their own provider (Bright Data, Oxylabs, SOAX, Smartproxy, mobile hotspot, self-hosted SOCKS). Without a configured proxy, JobForge behavior is unchanged from v2.11.0 and earlier.
+
+### Where the proxy config lives
+
+`config/profile.yml` → top-level `proxy:` block:
+
+```yaml
+proxy:
+  server: "http://residential.example.com:8080"   # http://, https://, or socks5://
+  username: "your-proxy-username"                  # optional
+  password: "your-proxy-password"                  # optional
+  bypass: "*.internal,localhost"                   # optional
+```
+
+See `config/profile.example.yml` for the commented-out template.
+
+### How the orchestrator threads it through
+
+**Orchestrator responsibilities:**
+
+1. On session start, read `config/profile.yml` once. If a `proxy:` block is present, capture it as the `PROXY_CONFIG` for the session.
+2. When dispatching any subagent whose work involves a `geometra_connect` call, include `PROXY_CONFIG` verbatim in the task prompt. Example dispatch prompt line: "Pass `proxy: { server: ..., username: ..., password: ..., bypass: ... }` to every `geometra_connect` call you make."
+3. When the orchestrator itself opens a Chromium session (single-application interactive flow), include the same `proxy` object in its own `geometra_connect` call.
+4. If `proxy:` is absent from `profile.yml`, skip the param entirely. Do NOT invent a proxy URL or leave a stale placeholder.
+
+**Subagent responsibilities:**
+
+1. If the task prompt includes a `proxy` object, pass it through to `geometra_connect` and any `geometra_prepare_browser` calls unchanged.
+2. If the task prompt does NOT include a proxy object, run without one.
+3. Never second-guess the proxy field — if the orchestrator sourced it from `profile.yml`, it's authoritative.
+
+### When proxy use is load-bearing
+
+Apply these rules when deciding whether the proxy is worth waiting for:
+
+- **Required** for known-block Ashby tenants (see the class-B list in the Ashby section above), for `happydance.website` / Cloudflare-fronted ATSes, and for any Lever tenant that previously failed in the class-B pattern.
+- **Recommended** for any Ashby tenant NOT on the class-A-compatible list (base rate prior: ~80-90% block headless).
+- **Optional** for Greenhouse, Workday, Lever-clean tenants — these accept datacenter IPs today; using the proxy adds ~100ms per frame but no material downside.
+- **Not useful** for Typeform (Geometra-unsupported), Avature native-select lag (not a fingerprint issue), JazzHR+reCAPTCHA (reCAPTCHA scores unrelated to IP), Breezy (tenant-configured per-IP throttle — proxy may help or may hit a fresh throttle).
+
+### Pool partitioning — why mixed runs are safe
+
+The Geometra MCP partitions its reusable-proxy pool by `(server, username, bypass)` — see `@geometra/mcp@1.59.0` release notes. A direct session and a proxied session NEVER share a Chromium instance, and two sessions with different proxy configs don't pool either. Practical consequence: flipping `proxy:` on or off in `profile.yml` mid-session is safe — the next `geometra_connect` just opens a fresh Chromium in its own pool partition.
+
+### Troubleshooting
+
+| Symptom | Diagnosis |
+|---|---|
+| `Error: Failed to connect to proxy` immediately after `geometra_connect` | Proxy URL is wrong / unreachable. Verify the `server:` field hits the right host:port. |
+| `407 Proxy Authentication Required` | `username` or `password` is wrong or missing. Many residential providers require both. |
+| Class-B submit failure persists even with proxy set | (a) proxy is a datacenter proxy, not residential; (b) same tenant IP-banned your specific proxy's IP pool; (c) tenant uses TLS fingerprint / canvas fingerprint, not IP — switch to a fresh Chromium (isolated: true) and retry once, else mark Failed. |
+| Every `geometra_connect` is 3-5s slower than before | Expected — residential proxies add latency. Trade-off for higher submit-success rate. Do NOT revert unless the acceptance-rate lift is < 5%. |
 
 - Node.js (mjs modules), Geometra MCP (PDF + scraping + form filling), Gmail MCP (email), YAML (config), HTML/CSS (template), Markdown (data)
 

package/models.yaml

@@ -1,15 +1,17 @@
 # JobForge model policy.
 #
-# Extends @razroo/iso-route's bundled "standard" preset — a curated
-# cost-tiered routing config verified against 2026-04 provider catalogs.
-# Preset content lives in node_modules/@razroo/iso-route/presets/standard.yaml;
-# run `npx iso-route plan models.yaml` to see the resolved policy.
+# Extends @razroo/iso-route's bundled "openrouter-free" preset — a
+# curated zero-cost routing config that keeps Claude Code / Codex on
+# their native providers but routes OpenCode through explicit free
+# OpenRouter model IDs. Preset content lives in
+# node_modules/@razroo/iso-route/presets/openrouter-free.yaml; run
+# `npx iso-route plan models.yaml` to see the resolved policy.
 #
 # JobForge's subagents bind to preset roles via the `role:` field in
 # iso/agents/<slug>.md:
-#   @general-free  → role: fast     (Haiku / opencode/big-pickle / gpt-5.4-mini)
-#   @general-paid  → role: quality  (Opus 4.7 / opencode-go/kimi-k2.5 / gpt-5.4)
-#   @glm-minimal   → role: minimal  (Haiku / opencode/minimax-m2.5-free / gpt-5.4-nano)
+#   @general-free  → role: fast     (Haiku / OpenRouter MiniMax M2.5 free / gpt-5.4-mini)
+#   @general-paid  → role: quality  (Opus 4.7 / OpenRouter Qwen3 Next 80B free / gpt-5.4)
+#   @glm-minimal   → role: minimal  (Haiku / OpenRouter Gemma 4 26B free / gpt-5.4-nano)
 #
 # Override anything by adding fields here. For example, to pin Opus on
 # Claude Code for the @general-paid (quality) role:
@@ -27,4 +29,14 @@
 #           provider: openai
 #           model: gpt-5.4
 
-extends: standard
+extends: openrouter-free
+
+# Only override the preset where we prefer a different OpenRouter pick.
+# The preset's quality-tier OpenCode pick is openai/gpt-oss-120b:free;
+# we prefer Qwen3 Next 80B for job-application writing quality.
+roles:
+  quality:
+    targets:
+      opencode:
+        provider: openrouter
+        model: qwen/qwen3-next-80b-a3b-instruct:free

package/modes/apply.md

@@ -39,9 +39,12 @@ Live application assistant. Reads the active application form in Chrome (via Geo
 - [D6] Use `fieldLabel` over `fieldId` everywhere it works.
   why: labels are stable across DOM refreshes; IDs are regenerated
 
+- [D7] If the orchestrator's task prompt includes a `proxy` object (sourced from `config/profile.yml`), pass it verbatim into every `geometra_connect` call — including Call 3 of the recovery sequence. If absent, run without one; never invent a proxy URL.
+  why: class-B Ashby / Cloudflare-fronted portals need a residential outbound IP; the fix is wired in Geometra MCP v1.59.0 but the orchestrator owns the config pipe. See "BYO Residential Proxy" in iso/instructions.md.
+
 ## Procedure
 
-1. `geometra_connect` + `geometra_page_model`; avoid re-fetching via WebFetch [D5].
+1. `geometra_connect` + `geometra_page_model`; thread `proxy` if present [D7]; no WebFetch [D5].
 2. If Geometra is unavailable, ask for screenshot or pasted text [D2].
 3. Extract company + role; Grep `reports/` for a matching evaluation.
 4. Load full report + Section G if present.
@@ -317,7 +320,8 @@ Call 3:  geometra_connect({
            pageUrl: "<the same URL as before>",
            isolated: true,
            headless: true,
-           slowMo: 350
+           slowMo: 350,
+           proxy: <pass through from task prompt if present; omit otherwise>
          })
 Call 4:  geometra_run_actions({
            sessionId: "<new sessionId from Call 3>",

package/opencode.json

@@ -1,15 +1,29 @@
 {
   "$schema": "https://opencode.ai/config.json",
-  "model": "opencode/glm-5.1",
+  "model": "openrouter/qwen/qwen3-coder:free",
   "agent": {
     "fast": {
-      "model": "opencode/big-pickle"
+      "model": "openrouter/minimax/minimax-m2.5:free"
     },
     "quality": {
-      "model": "opencode-go/kimi-k2.5"
+      "model": "openrouter/qwen/qwen3-next-80b-a3b-instruct:free"
     },
     "minimal": {
-      "model": "opencode/minimax-m2.5-free"
+      "model": "openrouter/google/gemma-4-26b-a4b-it:free"
+    }
+  },
+  "provider": {
+    "openrouter": {
+      "models": {
+        "qwen/qwen3-coder:free": {},
+        "minimax/minimax-m2.5:free": {},
+        "qwen/qwen3-next-80b-a3b-instruct:free": {},
+        "google/gemma-4-26b-a4b-it:free": {},
+        "google/gemma-4-31b-it:free": {},
+        "openai/gpt-oss-120b:free": {},
+        "openai/gpt-oss-20b:free": {},
+        "z-ai/glm-4.5-air:free": {}
+      }
     }
   },
   "mcp": {
@@ -34,7 +48,11 @@
       }
     }
   },
+  "plugin": [
+    "@razroo/opencode-model-fallback"
+  ],
   "instructions": [
     "templates/states.yml"
-  ]
+  ],
+  "small_model": "openrouter/google/gemma-4-26b-a4b-it:free"
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "job-forge",
-  "version": "2.11.0",
+  "version": "2.13.0",
   "description": "AI-powered job search pipeline built on opencode",
   "type": "module",
   "bin": {
@@ -87,9 +87,10 @@
     "playwright": "^1.58.1"
   },
   "devDependencies": {
-    "@razroo/iso": "^0.2.4",
+    "@razroo/iso": "^0.2.5",
     "@razroo/iso-harness": "^0.6.0",
-    "@razroo/iso-route": "^0.3.0",
-    "@razroo/iso-trace": "^0.1.0"
+    "@razroo/iso-route": "^0.5.0",
+    "@razroo/iso-trace": "^0.1.0",
+    "@razroo/opencode-model-fallback": "^0.3.1"
   }
 }