🤖 feat: show other agent-browser sessions

[ThomasK33]

Summary

Show agent-browser sessions from other working directories in the Browser tab session picker without auto-attaching to them. Current-workspace sessions remain the only auto-selected sessions; selecting an other session explicitly carries an allow flag through bootstrap, bridge validation, and browser controls.

Background

The Browser tab previously hid live agent-browser sessions whose process CWD was outside the current workspace, making it hard to discover and intentionally attach to a known session started elsewhere.

Implementation

Discovery now returns current-workspace sessions and other live sessions as separate groups. The renderer keeps other sessions in the existing picker with their CWD as secondary text, while backend attach/control paths remain workspace-scoped unless the explicit allowOtherWorkspaceSession flag is present.

Validation

• bun test src/node/services/browser/AgentBrowserSessionDiscoveryService.test.ts src/node/services/browser/BrowserBridgeTokenManager.test.ts src/node/services/browser/BrowserBridgeServer.test.ts src/node/services/browser/BrowserControlService.test.ts src/browser/features/RightSidebar/BrowserTab/BrowserTab.test.tsx src/browser/features/RightSidebar/BrowserTab/useBrowserBridgeConnection.test.tsx src/browser/features/RightSidebar/BrowserTab/BrowserToolbar.test.tsx
• make typecheck
• make static-check
• Dogfooded with isolated current/other agent-browser sessions in an Electron sandbox; verified the compact picker and explicit other-session attach flow with screenshots.

Risks

Moderate Browser-tab risk: the renderer selection state, bridge token scope, and control APIs changed together. The default backend paths remain strict and targeted tests cover strict-vs-explicit behavior.

---

📋 Implementation Plan

Plan: Show other agent-browser sessions in the Browser tab

Goal

Make the Browser tab less confusing when agent-browser sessions are running outside the current workspace by showing them in a clearly separated secondary area, while preserving the existing safe default: current-workspace sessions remain primary, auto-selected, and the only sessions used unless the user explicitly chooses otherwise.

Evidence from repo investigation

• src/node/services/browser/AgentBrowserSessionDiscoveryService.ts currently discovers global agent-browser sessions, reads each session PID/CWD, and skips sessions whose process CWD is not inside the current workspace candidate paths in discoverSessions().
• Workspace candidate paths are wired in src/node/services/serviceContainer.ts as workspaceMetadata.projectPath plus resolveWorkspaceExecutionPath(...).
• src/node/orpc/router.ts exposes browser.listSessions, but currently maps each discovered session down to only { sessionName, status }, dropping backend cwd metadata.
• src/browser/features/RightSidebar/BrowserTab/BrowserTab.tsx polls api.browser.listSessions({ workspaceId }), stores one discoveredSessions array, and auto-selects from that list.
• Explicit attach cannot be implemented only in getBootstrap: BrowserBridgeServer revalidates the minted token by calling getSessionConnection(...), so cross-workspace attach would bootstrap and then fail unless the allow/scope flag reaches the bridge validation path.
• Browser control/get-url paths also call getSessionConnection(...); if we want an explicitly attached other session to remain usable, those calls need the same explicit scope flag.

Recommended approach

Hybrid grouped discovery: keep the existing sessions contract as “current workspace sessions only”, add otherSessions to the same browser.listSessions response, and require an explicit allowOtherWorkspaceSession flag for attach/control paths.

Net product LoC estimate: +180 to +260 LoC, excluding tests.

Why this approach:

• One polling API call and one backend discovery pass, so no duplicate PID/CWD work.
• Existing sessions semantics remain safe and easy to reason about.
• The frontend gets enough metadata to explain why sessions were hidden before.
• Attach to other sessions is explicit and auditable instead of silently weakening workspace scoping.

Rejected alternatives

• Flat list with source on every session (+140 to +210 product LoC): simpler schema, but easier to accidentally auto-select/control the wrong session and weakens the existing sessions meaning.
• Separate listOtherSessions endpoint (+190 to +280 product LoC): clear API separation, but creates duplicate polling and repeated PID/CWD resolution with little benefit for this local UI.
• Show but do not allow attach (+90 to +140 product LoC): safer, but likely frustrating because users can see a recoverable session and still cannot use it.

Implementation phases

Phase 1 — Backend discovery groups

Files:

• src/node/services/browser/AgentBrowserSessionDiscoveryService.ts
• src/node/services/browser/AgentBrowserSessionDiscoveryService.test.ts

Plan:

1. Introduce an internal grouped result, e.g.

   interface AgentBrowserSessionGroups {
     sessions: AgentBrowserDiscoveredSession[];
     otherSessions: AgentBrowserDiscoveredSession[];
   }

2. Refactor the current discoverSessions(workspaceId) loop so the CWD mismatch branch pushes to otherSessions instead of immediately continue-ing.

3. Keep listSessions(workspaceId) returning only current-workspace sessions so existing internal callers/tests retain strict behavior.

4. Add a new public method such as listSessionGroups(workspaceId) for the router/UI discovery response.

5. Add lookup options to strict attach paths:

   interface AgentBrowserSessionLookupOptions {
     allowOtherWorkspaceSession?: boolean;
   }

   Then update getSessionConnection(...) and ensureSessionAttachable(...) so they search otherSessions only when that option is true.

6. Preserve existing defensive behavior:

   • invalid PID files are skipped;
   • dead/unresolvable CWD sessions are skipped because they cannot be safely classified;
   • malformed/missing stream files still produce missing_stream when the session is otherwise live;
   • path matching continues using realpath-normalized comparisons.

Quality gate after Phase 1:

• Add/update service tests for:

  • listSessions() still excludes unmatched sessions by default;
  • listSessionGroups() returns current and other sessions in deterministic order;
  • unmatched missing_stream sessions are included in otherSessions;
  • ensureSessionAttachable(..., { allowOtherWorkspaceSession: true }) can enable streaming for an other session;
  • the same attach without the allow flag still fails.

• Run:

  make test -- src/node/services/browser/AgentBrowserSessionDiscoveryService.test.ts

Phase 2 — ORPC schema, router, bridge token, and control scope

Files:

• src/common/orpc/schemas/api.ts
• src/node/orpc/router.ts
• src/node/services/browser/BrowserBridgeTokenManager.ts
• src/node/services/browser/BrowserBridgeServer.ts
• src/node/services/browser/BrowserControlService.ts
• Relevant tests for router/bridge/control services

Plan:

1. Extend browser.listSessions.output to preserve the existing current-workspace field and add secondary sessions:

   {
     sessions: BrowserDiscoveredSession[];
     otherSessions: BrowserDiscoveredOtherSession[];
   }

   where BrowserDiscoveredOtherSession includes at least:

   {
     sessionName: string;
     status: "attachable" | "missing_stream";
     cwd: string;
   }

   Do not expose pid or streamPort.

2. Update the router’s browser.listSessions handler to call listSessionGroups(workspaceId) and map:

   • current sessions to sessions without CWD;
   • unmatched sessions to otherSessions with CWD.

3. Add allowOtherWorkspaceSession: z.boolean().nullish() to browser input schemas that can act on the selected session, at minimum:

   • browser.getBootstrap.input;
   • browser.control.input if BrowserTab controls use it after attach;
   • browser.getUrl.input if BrowserTab reads URL for the attached session.

4. Pass allowOtherWorkspaceSession === true into ensureSessionAttachable(...) from getBootstrap.

5. Store the allow flag in BrowserBridgeTokenManager token records when minting bridge tokens, and return it from validation.

6. In BrowserBridgeServer, pass the token’s allow flag into getSessionConnection(...) during WebSocket upgrade revalidation.

7. In BrowserControlService, thread the allow flag through getSessionConnection(...) for explicit other-session control/get-url calls. Default remains strict when the flag is absent.

Quality gate after Phase 2:

• Add/update tests for:

  • browser.listSessions response includes both sessions and otherSessions;
  • getBootstrap passes the allow flag into ensureSessionAttachable;
  • bridge token validation preserves the allow flag;
  • BrowserBridgeServer succeeds for an other-session token only when the token allows it;
  • control/get-url remain strict by default and work when called with the explicit allow flag.

• Run targeted backend tests, for example:

  make test -- src/node/services/browser/BrowserBridgeServer.test.ts
  make test -- src/node/services/browser/BrowserControlService.test.ts
  make typecheck

Phase 3 — BrowserTab state and UI

Files:

• src/browser/features/RightSidebar/BrowserTab/BrowserTab.tsx
• src/browser/features/RightSidebar/BrowserTab/useBrowserBridgeConnection.ts
• src/browser/features/RightSidebar/BrowserTab/browserBridgeTypes.ts
• src/browser/features/RightSidebar/BrowserTab/BrowserTab.test.tsx
• Any existing hook tests for useBrowserBridgeConnection

Plan:

1. Extend frontend types to represent:

   • current sessions from sessions;
   • other sessions from otherSessions, including cwd.

2. Replace plain selectedSessionName where necessary with a small selection object so the UI knows whether the selected session requires the explicit allow flag:

   type BrowserSessionSelection =
     | { sessionName: string; allowOtherWorkspaceSession: false }
     | { sessionName: string; allowOtherWorkspaceSession: true };

3. Update selection logic:

   • preserve a currently selected current-workspace session when it still exists;
   • preserve an explicitly selected other session while it still exists;
   • auto-select only from current-workspace sessions;
   • if only otherSessions exist, leave the Browser preview unselected and show the secondary section.

4. Update useBrowserBridgeConnection.connect(...) to accept/pass allowOtherWorkspaceSession to api.browser.getBootstrap(...).

5. Pass the same allow flag into browser control/get-url API calls for the selected other session.

6. Render the UI as two visually distinct areas:

   • Current workspace: existing picker/list behavior, eligible for auto-select.
   • Other running sessions: secondary section with a warning/subtitle like “Not started from this workspace. Attach only if you recognize it.”

7. For each other session, show:

   • session name;
   • status badge using existing status vocabulary;
   • CWD path in subdued/truncated text;
   • an explicit action label such as Attach anyway.

8. Keep the UI minimal: no modal confirmation initially; the secondary section plus “Attach anyway” button is the explicit confirmation.

Quality gate after Phase 3:

• Add/update UI tests for:

  • current sessions still auto-select and connect as before;
  • other sessions render in the secondary area with CWD;
  • other sessions are not auto-selected when no current session exists;
  • clicking Attach anyway selects the other session and calls bootstrap/control APIs with allowOtherWorkspaceSession: true;
  • current-session actions do not send the allow flag.

• Run:

  make test -- src/browser/features/RightSidebar/BrowserTab/BrowserTab.test.tsx
  make typecheck

Phase 4 — Full validation and cleanup

Plan:

1. Run targeted tests from Phases 1–3 again after integration.

2. Run broader repo validation:

   make static-check

3. Review the diff for minimality:

   • no unrelated refactors;
   • no speculative persistence/localStorage;
   • no as any;
   • optional input schema fields use .nullish();
   • assertions document impossible internal states rather than user errors.

Acceptance criteria

• Browser discovery still shows current-workspace agent-browser sessions exactly as before in the primary area.
• Current-workspace sessions are the only sessions auto-selected.
• Sessions whose CWD is outside the current workspace are shown in a separate Other running sessions area with their CWD or an equivalent explanatory path hint.
• Other sessions are never attached automatically; the user must click an explicit Attach anyway-style action.
• Explicit attach works for both attachable and missing_stream other sessions, including stream enablement, bridge token validation, preview streaming, and Browser tab controls.
• Without the explicit allow flag, backend attach/control paths remain workspace-scoped and reject other sessions.
• Dead sessions or sessions with unresolvable CWD remain hidden rather than presented as attachable.
• No PID or stream port is exposed to the renderer API.
• New tests cover backend grouping, strict-vs-explicit attach, token scope propagation, and BrowserTab selection behavior.

Dogfooding plan

Setup

1. Start the isolated development server sandbox:

   make dev-server-sandbox

2. Load the current agent-browser/electron automation guidance before driving the UI:

   agent-browser skills get core
   agent-browser skills get electron
   agent-browser skills get dogfood

3. Open two Mux workspaces for different project/worktree paths.

4. Start at least two named agent-browser sessions from different CWDs:

   • one from the current workspace path;
   • one from a sibling/other project path.

Manual scenarios to verify

1. Current + other sessions visible

   • In workspace A, open the Browser tab.
   • Verify the workspace-A session appears in the primary/current area.
   • Verify the workspace-B session appears only under Other running sessions with its CWD.
   • Capture a screenshot of this state.

2. No accidental attach

   • Switch to a workspace with no matching sessions but at least one other session.
   • Verify no other session is auto-selected and no bridge connection starts automatically.
   • Capture a screenshot showing the empty primary state plus secondary list.

3. Explicit attach succeeds

   • Click Attach anyway on an other session.
   • Verify the Browser preview connects and renders frames.
   • Use Browser tab controls such as reload/back/forward or URL refresh if present.
   • Capture a screenshot after attach and a short video recording of the attach flow.

4. Strict default remains safe

   • From devtools/logs/tests, verify current-session controls do not send allowOtherWorkspaceSession.
   • Verify other-session calls send it only after the explicit attach action.

Dogfooding artifacts

• Attach or save screenshots for:
  • current + other sessions separated;
  • only-other-session state with no auto-select;
  • successfully attached other session.
• Save a short video recording of the explicit attach flow so reviewers can verify the sequence without reproducing locally.

Rollout notes and risks

• Path disclosure: showing CWD exposes local paths in the renderer. This is already local app state, but keep it scoped to otherSessions and do not expose PID/port.
• Stale sessions: if an agent-browser process exits between discovery and attach, existing retry/error handling should surface the failure. Do not add timers beyond the existing polling/retry model.
• Duplicate names: agent-browser session names are treated as globally unique by the current CLI/session files. If duplicates become possible later, this feature should use a stable backend identifier instead of sessionName alone.
• Performance: discovery already resolves CWD for listed sessions. Grouping current/other sessions in one pass should avoid extra polling overhead.

---

Generated with mux • Model: openai:gpt-5.5 • Thinking: high • Cost: $61.43

[ThomasK33]

/coder-agents-review

[ThomasK33]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. 🚀

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coder-agents-review]

Well-designed feature. The allowOtherWorkspaceSession flag travels the full chain without dropping or coercing at any boundary: frontend click, ORPC input, ensureSessionAttachable, token mint, token validate, bridge revalidation, executeControl, getUrl. The negative default (=== true comparison at each boundary) means the strict path is the safe failure mode. The grouped-discovery approach keeps the contract change additive and the backend tests are thorough.

Severity count: 1 P2, 14 P3, 7 Nit.

Two findings converge across 5+ reviewers each: (1) chooseSelectedSession retains a stale persisted session name when sessions = [], and the new picker visibility condition now exposes that stale name as the button label while the viewport says "Choose a browser session"; (2) the hasOtherSessions branch in BrowserViewerState fires when the user has already selected an other session (the pre-first-frame window), showing "Choose a browser session" to someone who just chose one.

The test string mismatch in BrowserTab.test.tsx:148 ("Other running sessions" vs the actual label "Other sessions") means the assertion contributes zero behavioral constraint and passes whether the component is broken or working.

Process observations: the PR description claims dogfooding "with screenshots" but no screenshots are attached. The implementation plan explicitly required screenshot artifacts as deliverables. The setSystemTime-to-Date.now refactor in BrowserBridgeTokenManager.test.ts and the blank line deletion in BrowserBridgeTokenManager.ts are unrelated to the feature.

"The user sees 'alpha' in the picker button but 'Choose a browser session' in the preview area." (Pariston)

---

src/browser/features/RightSidebar/BrowserTab/BrowserTab.tsx:100

P3 [DEREM-4] chooseSelectedSession returns currentSessionName unchanged when sessions.length === 0. Pre-PR this was harmless because the picker was hidden when no current sessions existed. Post-PR the picker renders whenever discoveredSessions.length + otherDiscoveredSessions.length > 0 (line 279), so when a workspace has no current sessions but has other sessions, the picker button shows a stale persisted name while the viewport shows "Choose a browser session."

The plan states: "if only otherSessions exist, leave the Browser preview unselected." The stale name violates that intent. No unauthorized connection occurs (selectedDiscoveredSession is null), but the UI falsely implies a session is selected.

"The two signals contradict each other: the user may wait for their session to come back instead of explicitly attaching to the available other session." (Hisoka P3, Nami P3, Pariston P3, Razor P3, Kite Note)

Return null in this branch instead of currentSessionName. The "preserve during transient failures" goal is served by the catch path, which does not call setSelectedCurrentSessionName on error.

🤖

src/node/services/browser/AgentBrowserSessionDiscoveryService.ts:617

P3 [DEREM-9] "No sessions discovered" fires when getLookupSessions returns empty, but that happens whenever sessionGroups.sessions is empty regardless of whether sessionGroups.otherSessions is populated. The error message says "no sessions discovered for workspace X" when sessions were discovered but classified into otherSessions.

"A developer who receives this error while agent-browser is visibly running will check socket files, re-read discovery logic, and find no explanation in the message." (Chopper)

Check sessionGroups.sessions.length + sessionGroups.otherSessions.length === 0 before this message; fall through to the generic "not found" message when total discovery is non-zero.

🤖

src/node/orpc/router.ts:1238

P3 [DEREM-10] Post-control getUrl calls at lines 1240 and 1262 use skipSessionValidation: true but omit allowOtherWorkspaceSession without explaining why the omission is safe. Currently harmless because skipSessionValidation bypasses getSessionConnection entirely. If skipSessionValidation is ever removed, these calls silently start rejecting other-workspace session URL fetches: control commands succeed but page-state updates break.

"'Skip validation' and 'validation not needed' are different reasons." (Hisoka P2, Knov Nit)

Add a comment: // Session already validated by executeControl above; skip redundant lookup.

🤖

src/browser/features/RightSidebar/BrowserTab/BrowserTab.tsx:500-505

P3 [DEREM-12] Error description says "while a discovered browser session is available for this project." When the failing session is explicitly from a different project, the description is backwards.

"The session is not from this project. The user literally just picked it from under 'Other sessions.'" (Luffy)

Consider a scope-neutral message like "Mux will keep retrying while the selected browser session is reachable."

🤖

🤖 This review was automatically generated with Coder Agents.

[ThomasK33]

/coder-agents-review

[ThomasK33]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. 👍

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coder-agents-review]

17 of 22 findings from R1 addressed (nice work on the BrowserSelectedSession union, the extracted chooseExplicitOtherSession helper, and the bridge success-path test). 1 acknowledged. 4 findings are silent, no author response and no code change. These were posted in the R1 review body (folded from inline comments because their lines were outside the diff hunks), so they may have been missed.

Further panel review is blocked until the author responds to or pushes fixes for the following:

DEREM-4 (P3, 5 reviewers) BrowserTab.tsx:104: chooseSelectedSession still returns currentSessionName when sessions.length === 0. The picker now renders when only other sessions exist, so a stale persisted name appears in the picker button while the viewport says "Choose a browser session." Return null in this branch.

DEREM-9 (P3) AgentBrowserSessionDiscoveryService.ts:616: ensureSessionAttachable still checks sessions.length === 0 where sessions is the current-workspace-only slice. The error "no sessions discovered for workspace X" fires when otherSessions is non-empty. Check total discovery count before this message.

DEREM-10 (P3) router.ts:1243,1265: Post-control getUrl calls still use skipSessionValidation: true without allowOtherWorkspaceSession and no comment explaining why the omission is safe. Add the explanatory comment.

DEREM-12 (P3) BrowserTab.tsx:517: Error description still says "for this project" when the failing session may be an explicitly selected other-workspace session. Use a scope-neutral message.

🤖 This review was automatically generated with Coder Agents.

[ThomasK33]

/coder-agents-review

[ThomasK33]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. 🎉

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[ThomasK33]

Addressed the four remaining items from coder-agents-review review 4237216279:

• DEREM-4: stale persisted current-session names now clear when no current sessions are discovered.
• DEREM-9: ensureSessionAttachable now distinguishes zero total discovered sessions from current-scope misses when other sessions exist.
• DEREM-10: added comments explaining why post-control getUrl(..., { skipSessionValidation: true }) is safe without repeating the explicit scope flag.
• DEREM-12: made the browser-error retry copy scope-neutral for explicitly selected other sessions.

Validation passed locally and the integration CI rerun is now green. I also fetched review threads again; there are no unresolved review threads.

[ThomasK33]

/coder-agents-review

[coder-agents-review]

All 22 R1 findings resolved. The 4 previously-silent findings (DEREM-4, -9, -10, -12) are correctly fixed in 723a5c0. Panel verified each fix against the root cause.

The allowOtherWorkspaceSession flag was traced end-to-end through 10 layers with no breaks. The bridge server revalidates using the flag stored in the token record rather than a fresh client-supplied value, so the scope boundary is enforced server-side. Test coverage is thorough: both positive and negative paths are exercised at each layer, and the primary coexistence scenario (current + other sessions visible together) is now covered.

1 P3 (re-raised), 1 Nit.

"I tried to build a case against this and could not." (Pariston)

🤖 This review was automatically generated with Coder Agents.

[coder-agents-review]

2 findings from R3 remain unaddressed. No author response and no new commits since R3 (head SHA unchanged at 76cbefb). Further review is blocked until the author responds or pushes fixes.

DEREM-1 (P3, re-raised R3) BrowserTab.test.tsx:149: queryByText("Other sessions") runs before fireEvent.click opens the picker. The label is inside {isOpen && (, so the assertion returns null regardless. Move it after the click.

DEREM-23 (Nit, 3 reviewers) BrowserTab.tsx:526: "Select an other session" is ungrammatical. Use "another."

🤖 This review was automatically generated with Coder Agents.

[ThomasK33]

/coder-agents-review

[ThomasK33]

@codex review

[coder-agents-review]

All 23 prior findings resolved. R5 panel (Bisky, Mafuuu, Pariston, Meruem) verified every fix. Mafuuu traced the allowOtherWorkspaceSession flag end-to-end through 10 layers with no breaks. Pariston tried to build a case against this change and could not. 79 tests pass.

2 new P3 test gaps found by Bisky. No production code issues.

"The flag threads correctly through every layer I traced." (Pariston)

🤖 This review was automatically generated with Coder Agents.

[ThomasK33]

/coder-agents-review

[ThomasK33]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. What shall we delve into next?

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[ThomasK33]

/coder-agents-review

[ThomasK33]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. 🚀

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coder-agents-review]

All 25 findings resolved. R6 panel (Bisky, Mafuuu, Pariston, Chopper) found no new issues. Netero R6 clean across all 8 checks. Both R5 fixes verified.

This PR is ready for human review and merge. 25 findings raised across 6 rounds, all addressed. The allowOtherWorkspaceSession flag propagation, test coverage, error messaging, and UI state machine have been verified by multiple panel configurations.

🤖 This review was automatically generated with Coder Agents.

[coder-agents-review]

All 25 findings resolved. Second consecutive clean panel round (R6 and R7). Netero R7 clean across all 8 checks. CI green. 81 tests pass.

No open findings. This PR is ready for human review and merge.

🤖 This review was automatically generated with Coder Agents.